ISPConfig3 devel
parent: f339ebf3 | patch | commit | ignore whitespace
Dominik
2015-04-25 afe87b044dc20ceb104b31213543c14b562facd7 
Merge branch 'reject_sender_login_mismatch' into mdbox-format
31 files deleted
444 files modified
3 files added
13774 ■■■■■ changed files
helper_scripts/recreate_webalizer_stats.php 4 ●●●● patch | view | raw | blame | history
install/apps/metronome_libs/mod_auth_external/db_auth.php 2 ●●● patch | view | raw | blame | history
install/apps/metronome_libs/mod_auth_external/db_isuser.php 2 ●●● patch | view | raw | blame | history
install/dist/lib/debian60.lib.php 6 ●●●● patch | view | raw | blame | history
install/dist/lib/fedora.lib.php 20 ●●●●● patch | view | raw | blame | history
install/dist/lib/gentoo.lib.php 33 ●●●● patch | view | raw | blame | history
install/dist/lib/opensuse.lib.php 20 ●●●●● patch | view | raw | blame | history
install/install.php 36 ●●●●● patch | view | raw | blame | history
install/lib/installer_base.lib.php 193 ●●●● patch | view | raw | blame | history
install/lib/mysql.lib.php 1096 ●●●● patch | view | raw | blame | history
install/lib/update.lib.php 54 ●●●●● patch | view | raw | blame | history
install/sql/incremental/upd_dev_collection.sql 9 ●●●● patch | view | raw | blame | history
install/sql/ispconfig3.sql 15 ●●●●● patch | view | raw | blame | history
install/tpl/debian6_dovecot2.conf.master 4 ●●● patch | view | raw | blame | history
install/tpl/debian_dovecot2.conf.master 4 ●●● patch | view | raw | blame | history
install/tpl/mysql-virtual_outgoing_bcc.cf.master 8 ●●●●● patch | view | raw | blame | history
install/tpl/server.ini.master 3 ●●●● patch | view | raw | blame | history
install/tpl/system.ini.master 3 ●●●●● patch | view | raw | blame | history
install/uninstall.php 8 ●●●●● patch | view | raw | blame | history
install/update.php 11 ●●●●● patch | view | raw | blame | history
interface/lib/app.inc.php 10 ●●●● patch | view | raw | blame | history
interface/lib/classes/aps_crawler.inc.php 44 ●●●●● patch | view | raw | blame | history
interface/lib/classes/aps_guicontroller.inc.php 136 ●●●●● patch | view | raw | blame | history
interface/lib/classes/auth.inc.php 45 ●●●● patch | view | raw | blame | history
interface/lib/classes/client_templates.inc.php 38 ●●●●● patch | view | raw | blame | history
interface/lib/classes/custom_datasource.inc.php 29 ●●●●● patch | view | raw | blame | history
interface/lib/classes/db_mysql.inc.php 73 ●●●● patch | view | raw | blame | history
interface/lib/classes/functions.inc.php 44 ●●●● patch | view | raw | blame | history
interface/lib/classes/getconf.inc.php 2 ●●● patch | view | raw | blame | history
interface/lib/classes/listform.inc.php 6 ●●●●● patch | view | raw | blame | history
interface/lib/classes/listform_actions.inc.php 1 ●●●● patch | view | raw | blame | history
interface/lib/classes/plugin_backuplist.inc.php 46 ●●●●● patch | view | raw | blame | history
interface/lib/classes/plugin_backuplist_mail.inc.php 41 ●●●● patch | view | raw | blame | history
interface/lib/classes/plugin_dbhistory.inc.php 7 ●●●●● patch | view | raw | blame | history
interface/lib/classes/plugin_listview.inc.php 54 ●●●●● patch | view | raw | blame | history
interface/lib/classes/quota_lib.inc.php 14 ●●●● patch | view | raw | blame | history
interface/lib/classes/remote.d/admin.inc.php 4 ●●●● patch | view | raw | blame | history
interface/lib/classes/remote.d/aps.inc.php 16 ●●●● patch | view | raw | blame | history
interface/lib/classes/remote.d/client.inc.php 110 ●●●●● patch | view | raw | blame | history
interface/lib/classes/remote.d/dns.inc.php 92 ●●●●● patch | view | raw | blame | history
interface/lib/classes/remote.d/domains.inc.php 4 ●●●● patch | view | raw | blame | history
interface/lib/classes/remote.d/mail.inc.php 29 ●●●● patch | view | raw | blame | history
interface/lib/classes/remote.d/openvz.inc.php 73 ●●●●● patch | view | raw | blame | history
interface/lib/classes/remote.d/server.inc.php 12 ●●●● patch | view | raw | blame | history
interface/lib/classes/remote.d/sites.inc.php 43 ●●●● patch | view | raw | blame | history
interface/lib/classes/remoting.inc.php 51 ●●●●● patch | view | raw | blame | history
interface/lib/classes/remoting_lib.inc.php 76 ●●●● patch | view | raw | blame | history
interface/lib/classes/searchform.inc.php 10 ●●●● patch | view | raw | blame | history
interface/lib/classes/session.inc.php 38 ●●●●● patch | view | raw | blame | history
interface/lib/classes/sites_database_plugin.inc.php 8 ●●●● patch | view | raw | blame | history
interface/lib/classes/tform.inc.php 26 ●●●● patch | view | raw | blame | history
interface/lib/classes/tform_actions.inc.php 29 ●●●● patch | view | raw | blame | history
interface/lib/classes/tform_base.inc.php 24 ●●●●● patch | view | raw | blame | history
interface/lib/classes/tools_monitor.inc.php 41 ●●●● patch | view | raw | blame | history
interface/lib/classes/tools_sites.inc.php 13 ●●●●● patch | view | raw | blame | history
interface/lib/classes/validate_client.inc.php 18 ●●●●● patch | view | raw | blame | history
interface/lib/classes/validate_dkim.inc.php 6 ●●●●● patch | view | raw | blame | history
interface/lib/classes/validate_dns.inc.php 2 ●●● patch | view | raw | blame | history
interface/lib/classes/validate_domain.inc.php 26 ●●●●● patch | view | raw | blame | history
interface/lib/classes/validate_ftpuser.inc.php 4 ●●●● patch | view | raw | blame | history
interface/lib/classes/validate_systemuser.inc.php 4 ●●●● patch | view | raw | blame | history
interface/lib/plugins/dns_dns_slave_plugin.inc.php 8 ●●●● patch | view | raw | blame | history
interface/lib/plugins/dns_dns_soa_plugin.inc.php 18 ●●●● patch | view | raw | blame | history
interface/lib/plugins/mail_mail_domain_plugin.inc.php 51 ●●●● patch | view | raw | blame | history
interface/lib/plugins/mail_user_filter_plugin.inc.php 12 ●●●●● patch | view | raw | blame | history
interface/lib/plugins/sites_web_database_user_plugin.inc.php 5 ●●●●● patch | view | raw | blame | history
interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php 126 ●●●● patch | view | raw | blame | history
interface/lib/plugins/vm_openvz_plugin.inc.php 87 ●●●●● patch | view | raw | blame | history
interface/web/admin/firewall_edit.php 2 ●●● patch | view | raw | blame | history
interface/web/admin/form/directive_snippets.tform.php 11 ●●●●● patch | view | raw | blame | history
interface/web/admin/form/server_config.tform.php 6 ●●●● patch | view | raw | blame | history
interface/web/admin/lib/module.conf.php 1 ●●●● patch | view | raw | blame | history
interface/web/admin/list/directive_snippets.list.php 4 ●●●● patch | view | raw | blame | history
interface/web/admin/list/firewall.list.php 2 ●●● patch | view | raw | blame | history
interface/web/admin/list/iptables.list.php 10 ●●●● patch | view | raw | blame | history
interface/web/admin/list/server.list.php 14 ●●●● patch | view | raw | blame | history
interface/web/admin/list/server_ip.list.php 18 ●●●● patch | view | raw | blame | history
interface/web/admin/list/server_php.list.php 16 ●●●● patch | view | raw | blame | history
interface/web/admin/list/software_repo.list.php 2 ●●● patch | view | raw | blame | history
interface/web/admin/list/users.list.php 2 ●●● patch | view | raw | blame | history
interface/web/admin/remote_action_ispcupdate.php 11 ●●●● patch | view | raw | blame | history
interface/web/admin/remote_action_osupdate.php 11 ●●●● patch | view | raw | blame | history
interface/web/admin/server_config_edit.php 2 ●●● patch | view | raw | blame | history
interface/web/admin/server_edit.php 4 ●●●● patch | view | raw | blame | history
interface/web/admin/server_ip_edit.php 2 ●●● patch | view | raw | blame | history
interface/web/admin/server_php_edit.php 2 ●●● patch | view | raw | blame | history
interface/web/admin/software_package_install.php 32 ●●●●● patch | view | raw | blame | history
interface/web/admin/software_package_list.php 96 ●●●● patch | view | raw | blame | history
interface/web/admin/software_update_list.php 38 ●●●●● patch | view | raw | blame | history
interface/web/admin/system_config_edit.php 45 ●●●●● patch | view | raw | blame | history
interface/web/admin/templates/directive_snippets_edit.htm 12 ●●●●● patch | view | raw | blame | history
interface/web/admin/templates/directive_snippets_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/admin/templates/firewall_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/admin/templates/groups_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/admin/templates/iptables_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/admin/templates/language_import.htm 2 ●●● patch | view | raw | blame | history
interface/web/admin/templates/remote_user_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/admin/templates/server_config_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/admin/templates/server_ip_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/admin/templates/server_list.htm 6 ●●●● patch | view | raw | blame | history
interface/web/admin/templates/server_php_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/admin/templates/software_package_list.htm 4 ●●●● patch | view | raw | blame | history
interface/web/admin/templates/software_repo_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/admin/templates/system_config_domains_edit.htm 8 ●●●● patch | view | raw | blame | history
interface/web/admin/templates/system_config_misc_edit.htm 88 ●●●●● patch | view | raw | blame | history
interface/web/admin/templates/users_list.htm 4 ●●●● patch | view | raw | blame | history
interface/web/admin/tpl_default.php 15 ●●●●● patch | view | raw | blame | history
interface/web/admin/users_edit.php 37 ●●●●● patch | view | raw | blame | history
interface/web/capp.php 1 ●●●● patch | view | raw | blame | history
interface/web/client/client_del.php 22 ●●●●● patch | view | raw | blame | history
interface/web/client/client_edit.php 128 ●●●●● patch | view | raw | blame | history
interface/web/client/client_message.php 6 ●●●● patch | view | raw | blame | history
interface/web/client/client_template_del.php 4 ●●●● patch | view | raw | blame | history
interface/web/client/client_template_edit.php 9 ●●●●● patch | view | raw | blame | history
interface/web/client/domain_del.php 16 ●●●● patch | view | raw | blame | history
interface/web/client/domain_edit.php 26 ●●●● patch | view | raw | blame | history
interface/web/client/form/client.tform.php 10 ●●●● patch | view | raw | blame | history
interface/web/client/form/reseller.tform.php 10 ●●●● patch | view | raw | blame | history
interface/web/client/lib/module.conf.php 1 ●●●● patch | view | raw | blame | history
interface/web/client/lib/remote.conf.php 2 ●●● patch | view | raw | blame | history
interface/web/client/list/client_circle.list.php 2 ●●● patch | view | raw | blame | history
interface/web/client/message_template_edit.php 7 ●●●●● patch | view | raw | blame | history
interface/web/client/reseller_del.php 10 ●●●● patch | view | raw | blame | history
interface/web/client/reseller_edit.php 85 ●●●● patch | view | raw | blame | history
interface/web/client/templates/client_circle_edit.htm 5 ●●●●● patch | view | raw | blame | history
interface/web/client/templates/client_circle_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/client/templates/client_edit_limits.htm 23 ●●●●● patch | view | raw | blame | history
interface/web/client/templates/client_message.htm 2 ●●● patch | view | raw | blame | history
interface/web/client/templates/client_message_template_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/client/templates/client_template_edit_template.htm 4 ●●● patch | view | raw | blame | history
interface/web/client/templates/client_template_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/client/templates/clients_list.htm 6 ●●●● patch | view | raw | blame | history
interface/web/client/templates/domain_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/client/templates/message_template.htm 7 ●●●●● patch | view | raw | blame | history
interface/web/client/templates/message_template_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/client/templates/reseller_edit_limits.htm 21 ●●●●● patch | view | raw | blame | history
interface/web/client/templates/resellers_list.htm 4 ●●●● patch | view | raw | blame | history
interface/web/dashboard/ajax_get_json.php 48 ●●●●● patch | view | raw | blame | history
interface/web/dashboard/dashboard.php 4 ●●●● patch | view | raw | blame | history
interface/web/dashboard/dashlets/limits.php 6 ●●●● patch | view | raw | blame | history
interface/web/dashboard/dashlets/modules.php 17 ●●●● patch | view | raw | blame | history
interface/web/dashboard/lib/custom_menu.inc.php 2 ●●● patch | view | raw | blame | history
interface/web/dashboard/lib/module.conf.php 1 ●●●● patch | view | raw | blame | history
interface/web/dns/ajax_get_json.php 103 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_a_edit.php 97 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_aaaa_edit.php 90 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_alias_edit.php 90 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_cname_edit.php 96 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_dkim_edit.php 16 ●●●● patch | view | raw | blame | history
interface/web/dns/dns_dmarc_edit.php 20 ●●●● patch | view | raw | blame | history
interface/web/dns/dns_edit_base.php 131 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_hinfo_edit.php 90 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_import.php 76 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_mx_edit.php 95 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_ns_edit.php 90 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_ptr_edit.php 90 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_rp_edit.php 90 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_rr_del.php 4 ●●●● patch | view | raw | blame | history
interface/web/dns/dns_slave_del.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/dns_slave_edit.php 16 ●●●● patch | view | raw | blame | history
interface/web/dns/dns_soa_del.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/dns_soa_edit.php 31 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_spf_edit.php 18 ●●●● patch | view | raw | blame | history
interface/web/dns/dns_srv_edit.php 90 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_txt_edit.php 90 ●●●●● patch | view | raw | blame | history
interface/web/dns/dns_wizard.php 92 ●●●●● patch | view | raw | blame | history
interface/web/dns/form/dns_a.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/form/dns_aaaa.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/form/dns_alias.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/form/dns_cname.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/form/dns_dkim.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/form/dns_hinfo.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/form/dns_mx.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/form/dns_ns.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/form/dns_ptr.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/form/dns_rp.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/form/dns_soa.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/form/dns_spf.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/form/dns_srv.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/form/dns_txt.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/lib/module.conf.php 1 ●●●● patch | view | raw | blame | history
interface/web/dns/list/dns_a.list.php 4 ●●●● patch | view | raw | blame | history
interface/web/dns/list/dns_slave.list.php 5 ●●●●● patch | view | raw | blame | history
interface/web/dns/list/dns_soa.list.php 5 ●●●●● patch | view | raw | blame | history
interface/web/dns/list/dns_template.list.php 2 ●●● patch | view | raw | blame | history
interface/web/dns/templates/dns_a_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/dns/templates/dns_import.htm 6 ●●●● patch | view | raw | blame | history
interface/web/dns/templates/dns_slave_admin_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/dns/templates/dns_slave_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/dns/templates/dns_soa_admin_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/dns/templates/dns_soa_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/dns/templates/dns_template_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/dns/templates/dns_wizard.htm 2 ●●● patch | view | raw | blame | history
interface/web/help/faq_list.php 2 ●●● patch | view | raw | blame | history
interface/web/help/form/support_message.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/help/support_message_edit.php 12 ●●●● patch | view | raw | blame | history
interface/web/help/templates/faq_manage_questions_list.htm 4 ●●●● patch | view | raw | blame | history
interface/web/help/templates/help_faq_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/help/templates/help_faq_sections_list.htm 4 ●●●● patch | view | raw | blame | history
interface/web/help/templates/support_message_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/index.php 13 ●●●●● patch | view | raw | blame | history
interface/web/login/index.php 54 ●●●● patch | view | raw | blame | history
interface/web/login/login_as.php 8 ●●●● patch | view | raw | blame | history
interface/web/login/logout.php 4 ●●● patch | view | raw | blame | history
interface/web/login/password_reset.php 11 ●●●● patch | view | raw | blame | history
interface/web/login/templates/index.htm 4 ●●●● patch | view | raw | blame | history
interface/web/login/templates/password_reset.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/form/xmpp_domain.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/lib/module.conf.php 1 ●●●● patch | view | raw | blame | history
interface/web/mail/list/mail_alias.list.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/list/mail_aliasdomain.list.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/list/mail_blacklist.list.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/list/mail_content_filter.list.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/list/mail_domain.list.php 5 ●●●●● patch | view | raw | blame | history
interface/web/mail/list/mail_domain_catchall.list.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/list/mail_forward.list.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/list/mail_get.list.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/list/mail_relay_recipient.list.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/list/mail_spamfilter.list.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/list/mail_transport.list.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/list/mail_user.list.php 10 ●●●● patch | view | raw | blame | history
interface/web/mail/list/mail_whitelist.list.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/list/spamfilter_blacklist.list.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/list/spamfilter_policy.list.php 8 ●●●● patch | view | raw | blame | history
interface/web/mail/list/spamfilter_users.list.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/list/spamfilter_whitelist.list.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/mail_alias_edit.php 18 ●●●● patch | view | raw | blame | history
interface/web/mail/mail_aliasdomain_edit.php 15 ●●●● patch | view | raw | blame | history
interface/web/mail/mail_blacklist_edit.php 6 ●●●● patch | view | raw | blame | history
interface/web/mail/mail_content_filter_edit.php 2 ●●● patch | view | raw | blame | history
interface/web/mail/mail_domain_catchall_edit.php 10 ●●●● patch | view | raw | blame | history
interface/web/mail/mail_domain_del.php 10 ●●●● patch | view | raw | blame | history
interface/web/mail/mail_domain_edit.php 115 ●●●●● patch | view | raw | blame | history
interface/web/mail/mail_forward_edit.php 12 ●●●● patch | view | raw | blame | history
interface/web/mail/mail_get_edit.php 12 ●●●● patch | view | raw | blame | history
interface/web/mail/mail_mailinglist_edit.php 34 ●●●● patch | view | raw | blame | history
interface/web/mail/mail_spamfilter_edit.php 10 ●●●● patch | view | raw | blame | history
interface/web/mail/mail_transport_edit.php 4 ●●●● patch | view | raw | blame | history
interface/web/mail/mail_user_del.php 4 ●●●● patch | view | raw | blame | history
interface/web/mail/mail_user_edit.php 80 ●●●●● patch | view | raw | blame | history
interface/web/mail/mail_user_filter_del.php 27 ●●●●● patch | view | raw | blame | history
interface/web/mail/mail_user_filter_edit.php 6 ●●●● patch | view | raw | blame | history
interface/web/mail/mail_user_stats.php 8 ●●●● patch | view | raw | blame | history
interface/web/mail/mail_whitelist_edit.php 6 ●●●● patch | view | raw | blame | history
interface/web/mail/mailinglist.php 4 ●●●● patch | view | raw | blame | history
interface/web/mail/spamfilter_blacklist_edit.php 24 ●●●● patch | view | raw | blame | history
interface/web/mail/spamfilter_config_edit.php 4 ●●●● patch | view | raw | blame | history
interface/web/mail/spamfilter_policy_edit.php 4 ●●●● patch | view | raw | blame | history
interface/web/mail/spamfilter_users_edit.php 6 ●●●● patch | view | raw | blame | history
interface/web/mail/spamfilter_whitelist_edit.php 24 ●●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_alias_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_aliasdomain_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_blacklist_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_content_filter_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_domain_admin_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_domain_catchall_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_domain_edit.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_domain_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_forward_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_get_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_mailinglist_list.htm 4 ●●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_relay_recipient_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_transport_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_user_autoresponder_edit.htm 10 ●●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_user_backup_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_user_filter_edit.htm 15 ●●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_user_filter_list.htm 4 ●●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_user_list.htm 4 ●●●● patch | view | raw | blame | history
interface/web/mail/templates/mail_whitelist_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/spamfilter_blacklist_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/spamfilter_config_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/spamfilter_policy_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/templates/spamfilter_users_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/mail/user_quota_stats.php 2 ●●●●● patch | view | raw | blame | history
interface/web/mail/webmailer.php 4 ●●●● patch | view | raw | blame | history
interface/web/mail/xmpp_domain_del.php 8 ●●●● patch | view | raw | blame | history
interface/web/mail/xmpp_domain_edit.php 42 ●●●● patch | view | raw | blame | history
interface/web/mail/xmpp_user_edit.php 14 ●●●● patch | view | raw | blame | history
interface/web/mailuser/index.php 8 ●●●● patch | view | raw | blame | history
interface/web/mailuser/mail_user_filter_edit.php 6 ●●●● patch | view | raw | blame | history
interface/web/mailuser/mail_user_spamfilter_edit.php 23 ●●●● patch | view | raw | blame | history
interface/web/mailuser/templates/mail_user_filter_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/monitor/lib/module.conf.php 1 ●●●● patch | view | raw | blame | history
interface/web/monitor/log_del.php 2 ●●● patch | view | raw | blame | history
interface/web/monitor/show_log.php 2 ●●● patch | view | raw | blame | history
interface/web/monitor/show_sys_state.php 4 ●●●● patch | view | raw | blame | history
interface/web/monitor/templates/datalog_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/monitor/templates/syslog_list.htm 4 ●●●● patch | view | raw | blame | history
interface/web/nav.php 18 ●●●●● patch | view | raw | blame | history
interface/web/remote/monitor.php 4 ●●●● patch | view | raw | blame | history
interface/web/sites/ajax_get_ip.php 6 ●●●● patch | view | raw | blame | history
interface/web/sites/ajax_get_json.php 37 ●●●● patch | view | raw | blame | history
interface/web/sites/aps_do_operation.php 12 ●●●● patch | view | raw | blame | history
interface/web/sites/aps_install_package.php 7 ●●●●● patch | view | raw | blame | history
interface/web/sites/aps_installedpackages_list.php 2 ●●● patch | view | raw | blame | history
interface/web/sites/aps_packagedetails_show.php 2 ●●● patch | view | raw | blame | history
interface/web/sites/cron_edit.php 18 ●●●● patch | view | raw | blame | history
interface/web/sites/database_edit.php 36 ●●●● patch | view | raw | blame | history
interface/web/sites/database_phpmyadmin.php 6 ●●●●● patch | view | raw | blame | history
interface/web/sites/database_user_del.php 10 ●●●● patch | view | raw | blame | history
interface/web/sites/database_user_edit.php 30 ●●●●● patch | view | raw | blame | history
interface/web/sites/form/web_childdomain.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/sites/form/web_vhost_domain.tform.php 7 ●●●● patch | view | raw | blame | history
interface/web/sites/ftp_user_edit.php 38 ●●●● patch | view | raw | blame | history
interface/web/sites/lib/module.conf.php 23 ●●●● patch | view | raw | blame | history
interface/web/sites/list/cron.list.php 2 ●●● patch | view | raw | blame | history
interface/web/sites/list/database.list.php 7 ●●●●● patch | view | raw | blame | history
interface/web/sites/list/ftp_user.list.php 2 ●●● patch | view | raw | blame | history
interface/web/sites/list/shell_user.list.php 2 ●●● patch | view | raw | blame | history
interface/web/sites/list/web_childdomain.list.php 2 ●●● patch | view | raw | blame | history
interface/web/sites/list/web_folder.list.php 2 ●●● patch | view | raw | blame | history
interface/web/sites/list/web_folder_user.list.php 2 ●●● patch | view | raw | blame | history
interface/web/sites/list/web_vhost_domain.list.php 5 ●●●●● patch | view | raw | blame | history
interface/web/sites/list/webdav_user.list.php 2 ●●● patch | view | raw | blame | history
interface/web/sites/shell_user_edit.php 18 ●●●●● patch | view | raw | blame | history
interface/web/sites/templates/cron_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/sites/templates/database_admin_list.htm 10 ●●●● patch | view | raw | blame | history
interface/web/sites/templates/database_list.htm 10 ●●●● patch | view | raw | blame | history
interface/web/sites/templates/database_user_admin_list.htm 4 ●●●● patch | view | raw | blame | history
interface/web/sites/templates/database_user_list.htm 4 ●●●● patch | view | raw | blame | history
interface/web/sites/templates/shell_user_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/sites/templates/web_backup_list.htm 6 ●●●● patch | view | raw | blame | history
interface/web/sites/templates/web_childdomain_list.htm 8 ●●●● patch | view | raw | blame | history
interface/web/sites/templates/web_folder_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/sites/templates/web_folder_user_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/sites/templates/web_vhost_domain_admin_list.htm 10 ●●●● patch | view | raw | blame | history
interface/web/sites/templates/web_vhost_domain_edit.htm 30 ●●●●● patch | view | raw | blame | history
interface/web/sites/templates/web_vhost_domain_list.htm 6 ●●●● patch | view | raw | blame | history
interface/web/sites/templates/web_vhost_domain_ssl.htm 4 ●●●● patch | view | raw | blame | history
interface/web/sites/templates/webdav_user_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/sites/user_quota_stats.php 4 ●●● patch | view | raw | blame | history
interface/web/sites/web_childdomain_edit.php 8 ●●●● patch | view | raw | blame | history
interface/web/sites/web_folder_del.php 2 ●●● patch | view | raw | blame | history
interface/web/sites/web_folder_edit.php 18 ●●●● patch | view | raw | blame | history
interface/web/sites/web_folder_user_edit.php 18 ●●●● patch | view | raw | blame | history
interface/web/sites/web_sites_stats.php 32 ●●●●● patch | view | raw | blame | history
interface/web/sites/web_vhost_domain_del.php 20 ●●●● patch | view | raw | blame | history
interface/web/sites/web_vhost_domain_edit.php 201 ●●●● patch | view | raw | blame | history
interface/web/sites/webdav_user_edit.php 18 ●●●● patch | view | raw | blame | history
interface/web/themes/blue/css/styles.css 1876 ●●●●● patch | view | raw | blame | history
interface/web/themes/blue/icons/x32_sprite.png patch | view | raw | blame | history
interface/web/themes/blue/images/ajax-loader.gif patch | view | raw | blame | history
interface/web/themes/blue/images/header_bg.png patch | view | raw | blame | history
interface/web/themes/blue/images/lists_tfoot_bg.png patch | view | raw | blame | history
interface/web/themes/blue/images/lists_thead_bg.png patch | view | raw | blame | history
interface/web/themes/blue/ispconfig_version 1 ●●●● patch | view | raw | blame | history
interface/web/themes/blue/templates/main.tpl.htm 185 ●●●●● patch | view | raw | blame | history
interface/web/themes/default/assets/javascripts/ispconfig.js 11 ●●●● patch | view | raw | blame | history
interface/web/themes/default/assets/stylesheets/ispconfig.css 6 ●●●●● patch | view | raw | blame | history
interface/web/themes/default/assets/stylesheets/select2.css 2 ●●● patch | view | raw | blame | history
interface/web/themes/default/templates/error.tpl.htm 2 ●●● patch | view | raw | blame | history
interface/web/themes/default/templates/main.tpl.htm 2 ●●● patch | view | raw | blame | history
interface/web/themes/default/templates/sidenav.tpl.htm 4 ●●●● patch | view | raw | blame | history
interface/web/themes/default/templates/tabbed_form.tpl.htm 2 ●●● patch | view | raw | blame | history
interface/web/themes/default_64_navimg/css/additional.css 64 ●●●●● patch | view | raw | blame | history
interface/web/themes/default_64_navimg/icons/x16/arrow.png patch | view | raw | blame | history
interface/web/themes/default_64_navimg/icons/x16/arrow_180.png patch | view | raw | blame | history
interface/web/themes/default_64_navimg/icons/x16/arrow_stop.png patch | view | raw | blame | history
interface/web/themes/default_64_navimg/icons/x16/arrow_stop_180.png patch | view | raw | blame | history
interface/web/themes/default_64_navimg/ispconfig_version 1 ●●●● patch | view | raw | blame | history
interface/web/themes/default_64_navimg/templates/main.tpl.htm 187 ●●●●● patch | view | raw | blame | history
interface/web/themes/default_combobox/css/additional.css 153 ●●●●● patch | view | raw | blame | history
interface/web/themes/default_combobox/icons/x16/arrow.png patch | view | raw | blame | history
interface/web/themes/default_combobox/icons/x16/arrow_180.png patch | view | raw | blame | history
interface/web/themes/default_combobox/icons/x16/arrow_stop.png patch | view | raw | blame | history
interface/web/themes/default_combobox/icons/x16/arrow_stop_180.png patch | view | raw | blame | history
interface/web/themes/default_combobox/images/ui-image.png patch | view | raw | blame | history
interface/web/themes/default_combobox/ispconfig_version 1 ●●●● patch | view | raw | blame | history
interface/web/themes/default_combobox/templates/main.tpl.htm 342 ●●●●● patch | view | raw | blame | history
interface/web/themes/default_no_navimg/css/additional.css 68 ●●●●● patch | view | raw | blame | history
interface/web/themes/default_no_navimg/icons/x16/arrow.png patch | view | raw | blame | history
interface/web/themes/default_no_navimg/icons/x16/arrow_180.png patch | view | raw | blame | history
interface/web/themes/default_no_navimg/icons/x16/arrow_stop.png patch | view | raw | blame | history
interface/web/themes/default_no_navimg/icons/x16/arrow_stop_180.png patch | view | raw | blame | history
interface/web/themes/default_no_navimg/ispconfig_version 1 ●●●● patch | view | raw | blame | history
interface/web/themes/default_no_navimg/templates/main.tpl.htm 188 ●●●●● patch | view | raw | blame | history
interface/web/tools/dns_import_tupa.php 66 ●●●● patch | view | raw | blame | history
interface/web/tools/form/interface_settings.tform.php 2 ●●● patch | view | raw | blame | history
interface/web/tools/import_ispconfig.php 14 ●●●● patch | view | raw | blame | history
interface/web/tools/import_plesk.php 1430 ●●●●● patch | view | raw | blame | history
interface/web/tools/import_vpopmail.php 100 ●●●● patch | view | raw | blame | history
interface/web/tools/lib/module.conf.php 1 ●●●● patch | view | raw | blame | history
interface/web/tools/resync.php 16 ●●●● patch | view | raw | blame | history
interface/web/tools/templates/dns_import_tupa.htm 2 ●●● patch | view | raw | blame | history
interface/web/tools/templates/import_ispconfig.htm 2 ●●● patch | view | raw | blame | history
interface/web/tools/templates/import_plesk.htm 2 ●●● patch | view | raw | blame | history
interface/web/tools/templates/import_vpopmail.htm 2 ●●● patch | view | raw | blame | history
interface/web/tools/user_settings.php 2 ●●● patch | view | raw | blame | history
interface/web/vm/ajax_get_ip.php 4 ●●●● patch | view | raw | blame | history
interface/web/vm/lib/module.conf.php 1 ●●●● patch | view | raw | blame | history
interface/web/vm/openvz_action.php 53 ●●●● patch | view | raw | blame | history
interface/web/vm/openvz_template_edit.php 9 ●●●●● patch | view | raw | blame | history
interface/web/vm/openvz_vm_edit.php 22 ●●●● patch | view | raw | blame | history
interface/web/vm/templates/openvz_action.htm 2 ●●● patch | view | raw | blame | history
interface/web/vm/templates/openvz_ip_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/vm/templates/openvz_ostemplate_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/vm/templates/openvz_template_list.htm 2 ●●● patch | view | raw | blame | history
interface/web/vm/templates/openvz_vm_list.htm 4 ●●●● patch | view | raw | blame | history
remoting_client/examples/dns_a_add.php 2 ●●● patch | view | raw | blame | history
remoting_client/examples/dns_aaaa_add.php 2 ●●● patch | view | raw | blame | history
remoting_client/examples/dns_alias_add.php 2 ●●● patch | view | raw | blame | history
remoting_client/examples/dns_cname_add.php 2 ●●● patch | view | raw | blame | history
remoting_client/examples/dns_hinfo_add.php 2 ●●● patch | view | raw | blame | history
remoting_client/examples/dns_mx_add.php 2 ●●● patch | view | raw | blame | history
remoting_client/examples/dns_ns_add.php 2 ●●● patch | view | raw | blame | history
remoting_client/examples/dns_ptr_add.php 2 ●●● patch | view | raw | blame | history
remoting_client/examples/dns_rp_add.php 2 ●●● patch | view | raw | blame | history
remoting_client/examples/dns_srv_add.php 2 ●●● patch | view | raw | blame | history
remoting_client/examples/dns_txt_add.php 2 ●●● patch | view | raw | blame | history
remoting_client/examples/dns_zone_add.php 4 ●●●● patch | view | raw | blame | history
server/conf/hhvm_monit.master 3 ●●●●● patch | view | raw | blame | history
server/conf/hhvm_starter.master 22 ●●●● patch | view | raw | blame | history
server/cron.php 2 ●●● patch | view | raw | blame | history
server/lib/app.inc.php 13 ●●●● patch | view | raw | blame | history
server/lib/classes/aps_installer.inc.php 105 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-mailbox_stats.inc.php 91 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_clamav_log.inc.php 20 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_cpu.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_database_size.inc.php 12 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_disk_usage.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_email_quota.inc.php 12 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_fail2ban.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_hd_quota.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_iptables.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_ispconfig_log.inc.php 20 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_ispconfig_version.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_mail_log.inc.php 30 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_mail_queue.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_mem_usage.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_mongodb.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_openvz.inc.php 20 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_os_version.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_raid.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_rkhunter.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_server.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_services.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_syslog.inc.php 22 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/100-monitor_system_update.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/150-awstats.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/150-webalizer.inc.php 6 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/200-logfiles.inc.php 43 ●●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/300-quota_notify.inc.php 51 ●●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/400-openvz.inc.php 6 ●●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/500-backup.inc.php 90 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/500-backup_mail.inc.php 10 ●●●● patch | view | raw | blame | history
server/lib/classes/cron.d/600-cleanup.inc.php 4 ●●●● patch | view | raw | blame | history
server/lib/classes/cronjob.inc.php 8 ●●●● patch | view | raw | blame | history
server/lib/classes/db_mysql.inc.php 52 ●●●●● patch | view | raw | blame | history
server/lib/classes/functions.inc.php 2 ●●● patch | view | raw | blame | history
server/lib/classes/getconf.inc.php 2 ●●● patch | view | raw | blame | history
server/lib/classes/modules.inc.php 79 ●●●●● patch | view | raw | blame | history
server/lib/classes/monitor_tools.inc.php 10 ●●●● patch | view | raw | blame | history
server/mods-available/remoteaction_core_module.inc.php 14 ●●●● patch | view | raw | blame | history
server/plugins-available/apache2_plugin.inc.php 209 ●●●● patch | view | raw | blame | history
server/plugins-available/backup_plugin.inc.php 14 ●●●● patch | view | raw | blame | history
server/plugins-available/bind_dlz_plugin.inc.php 38 ●●●●● patch | view | raw | blame | history
server/plugins-available/bind_plugin.inc.php 20 ●●●●● patch | view | raw | blame | history
server/plugins-available/cron_jailkit_plugin.inc.php 6 ●●●● patch | view | raw | blame | history
server/plugins-available/cron_plugin.inc.php 12 ●●●● patch | view | raw | blame | history
server/plugins-available/ftpuser_base_plugin.inc.php 4 ●●●● patch | view | raw | blame | history
server/plugins-available/mail_plugin.inc.php 12 ●●●● patch | view | raw | blame | history
server/plugins-available/maildeliver_plugin.inc.php 8 ●●●● patch | view | raw | blame | history
server/plugins-available/mailman_plugin.inc.php 4 ●●●● patch | view | raw | blame | history
server/plugins-available/mongo_clientdb_plugin.inc.php 12 ●●●● patch | view | raw | blame | history
server/plugins-available/network_settings_plugin.inc.php 4 ●●●● patch | view | raw | blame | history
server/plugins-available/nginx_plugin.inc.php 151 ●●●●● patch | view | raw | blame | history
server/plugins-available/nginx_reverseproxy_plugin.inc.php 8 ●●●● patch | view | raw | blame | history
server/plugins-available/openvz_plugin.inc.php 2 ●●● patch | view | raw | blame | history
server/plugins-available/pma_symlink_plugin.inc.php 4 ●●●● patch | view | raw | blame | history
server/plugins-available/postfix_filter_plugin.inc.php 8 ●●●● patch | view | raw | blame | history
server/plugins-available/powerdns_plugin.inc.php 52 ●●●● patch | view | raw | blame | history
server/plugins-available/shelluser_base_plugin.inc.php 18 ●●●● patch | view | raw | blame | history
server/plugins-available/shelluser_jailkit_plugin.inc.php 22 ●●●● patch | view | raw | blame | history
server/plugins-available/software_update_plugin.inc.php 8 ●●●● patch | view | raw | blame | history
server/plugins-available/webmail_symlink_plugin.inc.php 4 ●●●● patch | view | raw | blame | history
server/plugins-available/webserver_plugin.inc.php 2 ●●● patch | view | raw | blame | history
server/plugins-available/xmpp_plugin.inc.php 32 ●●●● patch | view | raw | blame | history
server/server.php 9 ●●●●● patch | view | raw | blame | history 
 helper_scripts/recreate_webalizer_stats.php


@@ -5,8 +5,8 @@


//######################################################################################################






$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ".$conf["server_id"];


$records = $app->db->queryAllRecords($sql);


$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ?";


$records = $app->db->queryAllRecords($sql, $conf["server_id"]);


foreach($records as $rec) {


    $domain = escapeshellcmd($rec["domain"]);


    $logdir = escapeshellcmd($rec["document_root"].'/log');




 install/apps/metronome_libs/mod_auth_external/db_auth.php


@@ -17,7 +17,7 @@




    // check for existing user


    $dbmail = $db->real_escape_string($arg_email);


    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");


    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);


    result_false($result->num_rows != 1);




    $user = $result->fetch_object();




 install/apps/metronome_libs/mod_auth_external/db_isuser.php


@@ -15,7 +15,7 @@




    // check for existing user


    $dbmail = $db->real_escape_string($arg_email);


    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");


    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);


    result_false($result->num_rows != 1);


    result_true();






 install/dist/lib/debian60.lib.php


@@ -38,7 +38,7 @@


        


        // check if virtual_transport must be changed


        if ($this->is_update) {


            $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);


            $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);


            $ini_array = ini_to_array(stripslashes($tmp['config']));


            // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()


            


@@ -153,10 +153,6 @@


        copy('tpl/dovecot_fail2ban_jail.local.master','/etc/fail2ban/jail.local');


    */


    }




    public function configure_xmpp() {


        parent::configure_xmpp();


    }




}






 install/dist/lib/fedora.lib.php


@@ -185,7 +185,7 @@


        if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");




        //* These postconf commands will be executed on installation and update


        $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);


        $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);


        $server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));


        unset($server_ini_rec);




@@ -404,7 +404,7 @@


        


        // check if virtual_transport must be changed


        if ($this->is_update) {


            $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);


            $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);


            $ini_array = ini_to_array(stripslashes($tmp['config']));


            // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()


            


@@ -713,7 +713,7 @@


        $tpl = new tpl('apache_ispconfig.conf.master');


        $tpl->setVar('apache_version',getapacheversion());


        


        $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");


        $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);


        $ip_addresses = array();


        


        if(is_array($records) && count($records) > 0) {


@@ -799,7 +799,7 @@


        if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


    }




    public function configure_firewall()


    public function configure_bastille_firewall()


    {


        global $conf;




@@ -821,7 +821,7 @@


        $tcp_public_services = '';


        $udp_public_services = '';




        $row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));


        $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);




        if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){


            $tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));


@@ -832,7 +832,7 @@


        }


        if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {


            $tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);


            if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));


            if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);


        }




        $content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);


@@ -1032,13 +1032,11 @@


        $file_server_enabled = ($conf['services']['file'])?1:0;


        $db_server_enabled = ($conf['services']['db'])?1:0;


        $vserver_server_enabled = ($conf['services']['vserver'])?1:0;


        $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);


        $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";




        $this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);


        if($conf['mysql']['master_slave_setup'] == 'y') {


            $this->dbmaster->query($sql);


            $this->db->query($sql);


        } else {


            $this->db->query($sql);


            $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);


        }




        // chown install dir to root and chmod 755




 install/dist/lib/gentoo.lib.php


@@ -258,7 +258,7 @@


        


        // check if virtual_transport must be changed


        if ($this->is_update) {


            $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);


            $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"].".server", $conf['server_id']);


            $ini_array = ini_to_array(stripslashes($tmp['config']));


            // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()


            


@@ -450,13 +450,13 @@


        global $conf;




        //* Create the database


        if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['powerdns']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {


        if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {


            $this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');


        }




        //* Create the ISPConfig database user in the local database


        $query = 'GRANT ALL ON `'.$conf['powerdns']['database'].'` . * TO \''.$conf['mysql']['ispconfig_user'].'\'@\'localhost\';';


        if(!$this->db->query($query)) {


        $query = 'GRANT ALL ON ??.* TO ?@?';


        if(!$this->db->query($query, $conf['powerdns']['database'], $conf['mysql']['ispconfig_user'], 'localhost')) {


            $this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);


        }




@@ -566,25 +566,10 @@






        //* Copy the ISPConfig configuration include


        /*


        $content = $this->get_template_file('apache_ispconfig.conf', true);




        $records = $this->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ".$conf["server_id"]." AND virtualhost = 'y'");


        if(is_array($records) && count($records) > 0)


        {


            foreach($records as $rec) {


                $content .= "NameVirtualHost ".$rec["ip_address"].":80\n";


                $content .= "NameVirtualHost ".$rec["ip_address"].":443\n";


            }


        }




        $this->write_config_file($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $content);


        */


		


        $tpl = new tpl('apache_ispconfig.conf.master');


        $tpl->setVar('apache_version',getapacheversion());


        


        $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");


        $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);


        $ip_addresses = array();


        


        if(is_array($records) && count($records) > 0) {


@@ -933,13 +918,11 @@


        $db_server_enabled = ($conf['services']['db'])?1:0;


        $vserver_server_enabled = ($conf['services']['vserver'])?1:0;




        $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);


        $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";




        $this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);


        if($conf['mysql']['master_slave_setup'] == 'y') {


            $this->dbmaster->query($sql);


            $this->db->query($sql);


        } else {


            $this->db->query($sql);


            $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);


        }




        // chown install dir to root and chmod 755




 install/dist/lib/opensuse.lib.php


@@ -215,7 +215,7 @@


        if($cf['vmail_mailbox_base'] != '' && strlen($cf['vmail_mailbox_base']) >= 10 && $this->is_update === false) exec('chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base']);




        //* These postconf commands will be executed on installation and update


        $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ".$conf['server_id']);


        $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM server WHERE server_id = ?", $conf['server_id']);


        $server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));


        unset($server_ini_rec);




@@ -459,7 +459,7 @@


        


        // check if virtual_transport must be changed


        if ($this->is_update) {


            $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);


            $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);


            $ini_array = ini_to_array(stripslashes($tmp['config']));


            // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()


            


@@ -745,7 +745,7 @@


        $tpl = new tpl('apache_ispconfig.conf.master');


        $tpl->setVar('apache_version',getapacheversion());


        


        $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");


        $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);


        $ip_addresses = array();


        


        if(is_array($records) && count($records) > 0) {


@@ -873,7 +873,7 @@


        if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");


    }




    public function configure_firewall()


    public function configure_bastille_firewall()


    {


        global $conf;




@@ -895,7 +895,7 @@


        $tcp_public_services = '';


        $udp_public_services = '';




        $row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));


        $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);




        if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){


            $tcp_public_services = trim(str_replace(',', ' ', $row["tcp_port"]));


@@ -907,7 +907,7 @@




        if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {


            $tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);


            if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));


            if($row["tcp_port"] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);


        }




        $content = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $content);


@@ -1105,13 +1105,11 @@


        $file_server_enabled = ($conf['services']['file'])?1:0;


        $db_server_enabled = ($conf['services']['db'])?1:0;


        $vserver_server_enabled = ($conf['services']['vserver'])?1:0;


        $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled' WHERE server_id = ".intval($conf['server_id']);


        $sql = "UPDATE `server` SET mail_server = ?, web_server = ?, dns_server = ?, file_server = ?, db_server = ?, vserver_server = ? WHERE server_id = ?";




        $this->db->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);


        if($conf['mysql']['master_slave_setup'] == 'y') {


            $this->dbmaster->query($sql);


            $this->db->query($sql);


        } else {


            $this->db->query($sql);


            $this->dbmaster->query($sql, $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $conf['server_id']);


        }




        // chown install dir to root and chmod 755




 install/install.php


@@ -449,10 +449,8 @@


        // initialize the connection to the master database


        $inst->dbmaster = new db();


        if($inst->dbmaster->linkId) $inst->dbmaster->closeConn();


        $inst->dbmaster->dbHost = $conf['mysql']["master_host"];


        $inst->dbmaster->dbName = $conf['mysql']["master_database"];


        $inst->dbmaster->dbUser = $conf['mysql']["master_admin_user"];


        $inst->dbmaster->dbPass = $conf['mysql']["master_admin_password"];


        $inst->dbmaster->setDBData($conf['mysql']["master_host"], $conf['mysql']["master_admin_user"], $conf['mysql']["master_admin_password"]);


        $inst->dbmaster->setDBName($conf['mysql']["master_database"]);




    } else {


        // the master DB is the same then the slave DB


@@ -623,23 +621,17 @@




    //** Configure Firewall


    if(strtolower($inst->simple_query('Configure Firewall Server', array('y', 'n'), 'y','configure_firewall')) == 'y') {


        //if($conf['bastille']['installed'] == true) {


        //* Configure Bastille Firewall


        $conf['services']['firewall'] = true;


        swriteln('Configuring Bastille Firewall');


        $inst->configure_firewall();


        /*} elseif($conf['ufw']['installed'] == true) {


            //* Configure Ubuntu Firewall


            $conf['services']['firewall'] = true;


            swriteln('Configuring Ubuntu Firewall');


            $inst->configure_ufw_firewall();


        } else {


            //* Configure Bastille Firewall


            $conf['services']['firewall'] = true;


            swriteln('Configuring Bastille Firewall');


            $inst->configure_bastille_firewall();


        }


        */


       if($conf['ufw']['installed'] == true) {


           //* Configure Ubuntu Firewall


           $conf['services']['firewall'] = true;


           swriteln('Configuring Ubuntu Firewall');


           $inst->configure_ufw_firewall();


       } else {


           //* Configure Bastille Firewall


           $conf['services']['firewall'] = true;


           swriteln('Configuring Bastille Firewall');


           $inst->configure_bastille_firewall();


       }


    }




    //** Configure Firewall


@@ -713,6 +705,8 @@




} //* << $install_mode / 'Standard' or Genius




$inst->create_mount_script();




//* Create md5 filelist


$md5_filename = '/usr/local/ispconfig/security/data/file_checksums_'.date('Y-m-d_h-i').'.md5';


exec('find /usr/local/ispconfig -type f -print0 | xargs -0 md5sum > '.$md5_filename);




 install/lib/installer_base.lib.php


@@ -167,12 +167,12 @@


        global $conf;




        //** Create the database


        if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['mysql']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {


        if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['mysql']['database'], $conf['mysql']['charset'])) {


            $this->error('Unable to create MySQL database: '.$conf['mysql']['database'].'.');


        }




        //* Set the database name in the DB library


        $this->db->dbName = $conf['mysql']['database'];


        $this->db->setDBName($conf['mysql']['database']);




        //* Load the database dump into the database, if database contains no tables


        $db_tables = $this->db->getTables();


@@ -192,8 +192,8 @@


            }




            //* Load system.ini into the sys_ini table


            $system_ini = $this->db->quote(rf('tpl/system.ini.master'));


            $this->db->query("UPDATE sys_ini SET config = '$system_ini' WHERE sysini_id = 1");


            $system_ini = rf('tpl/system.ini.master');


            $this->db->query("UPDATE sys_ini SET config = ? WHERE sysini_id = 1", $system_ini);




        }


    }


@@ -210,15 +210,13 @@


        }




        // Delete ISPConfig user in the local database, in case that it exists


        $this->db->query("DELETE FROM mysql.user WHERE User = '".$conf['mysql']['ispconfig_user']."' AND Host = '".$from_host."';");


        $this->db->query("DELETE FROM mysql.db WHERE Db = '".$conf['mysql']['database']."' AND Host = '".$from_host."';");


        $this->db->query('FLUSH PRIVILEGES;');


        $this->db->query("DELETE FROM mysql.user WHERE User = ? AND Host = ?", $conf['mysql']['ispconfig_user'], $from_host);


        $this->db->query("DELETE FROM mysql.db WHERE Db = ? AND Host = ?", $conf['mysql']['database'], $from_host);


        $this->db->query('FLUSH PRIVILEGES');




        //* Create the ISPConfig database user in the local database


        $query = 'GRANT SELECT, INSERT, UPDATE, DELETE ON '.$conf['mysql']['database'].".* "


            ."TO '".$conf['mysql']['ispconfig_user']."'@'".$from_host."' "


            ."IDENTIFIED BY '".$conf['mysql']['ispconfig_password']."';";


        if(!$this->db->query($query)) {


        $query = 'GRANT SELECT, INSERT, UPDATE, DELETE ON ?? TO ?@? IDENTIFIED BY ?';


        if(!$this->db->query($query, $conf['mysql']['database'] . ".*", $conf['mysql']['ispconfig_user'], $from_host, $conf['mysql']['ispconfig_password'])) {


            $this->error('Unable to create database user: '.$conf['mysql']['ispconfig_user'].' Error: '.$this->db->errorMessage);


        }




@@ -226,7 +224,7 @@


        $this->db->query('FLUSH PRIVILEGES;');




        //* Set the database name in the DB library


        $this->db->dbName = $conf['mysql']['database'];


        $this->db->setDBName($conf['mysql']['database']);




        $tpl_ini_array = ini_to_array(rf('tpl/server.ini.master'));




@@ -280,8 +278,7 @@


        }




        $server_ini_content = array_to_ini($tpl_ini_array);


        $server_ini_content = mysql_real_escape_string($server_ini_content);




		


        $mail_server_enabled = ($conf['services']['mail'])?1:0;


        $web_server_enabled = ($conf['services']['web'])?1:0;


        $dns_server_enabled = ($conf['services']['dns'])?1:0;


@@ -309,14 +306,14 @@


        if($conf['mysql']['master_slave_setup'] == 'y') {




            //* Insert the server record in master DB


            $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);";


            $this->dbmaster->query($sql);


            $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";


            $this->dbmaster->query($sql, $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);


            $conf['server_id'] = $this->dbmaster->insertID();


            $conf['server_id'] = $conf['server_id'];




            //* Insert the same record in the local DB


            $sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES ('".$conf['server_id']."',1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);";


            $this->db->query($sql);


            $sql = "INSERT INTO `server` (`server_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (?,1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";


            $this->db->query($sql, $conf['server_id'], $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);




            //* username for the ispconfig user


            $conf['mysql']['master_ispconfig_user'] = 'ispcsrv'.$conf['server_id'];


@@ -325,8 +322,8 @@




        } else {


            //* Insert the server, if its not a mster / slave setup


            $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', '".$conf['hostname']."', '$mail_server_enabled', '$web_server_enabled', '$dns_server_enabled', '$file_server_enabled', '$db_server_enabled', '$vserver_server_enabled', '$server_ini_content', 0, 1, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);";


            $this->db->query($sql);


            $sql = "INSERT INTO `server` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_name`, `mail_server`, `web_server`, `dns_server`, `file_server`, `db_server`, `vserver_server`, `config`, `updated`, `active`, `dbversion`,`firewall_server`,`proxy_server`) VALUES (1, 1, 'riud', 'riud', 'r', ?, ?, ?, ?, ?, ?, ?, ?, 0, 1, ?, ?, ?);";


            $this->db->query($sql, $conf['hostname'], $mail_server_enabled, $web_server_enabled, $dns_server_enabled, $file_server_enabled, $db_server_enabled, $vserver_server_enabled, $server_ini_content, $current_db_version, $proxy_server_enabled, $firewall_server_enabled);


            $conf['server_id'] = $this->db->insertID();


            $conf['server_id'] = $conf['server_id'];


        }


@@ -388,141 +385,141 @@


             * if not, the user already exists and we do not need the pwd


             */


                if ($value['pwd'] != ''){


                    $query = "CREATE USER '".$value['user']."'@'".$host."' IDENTIFIED BY '" . $value['pwd'] . "'";


                    $query = "CREATE USER ?@? IDENTIFIED BY ?";


                    if ($verbose){


                        echo "\n\n" . $query ."\n";


                    }


                    $this->dbmaster->query($query); // ignore the error


                    $this->dbmaster->query($query, $value['user'], $host, $value['pwd']); // ignore the error


                }




                /*


             *  Try to delete all rights of the user in case that it exists.


             *  In Case that it will not exist, do nothing (ignore the error!)


             */


                $query = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM '".$value['user']."'@'".$host."' ";


                $query = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM ?@?";


                if ($verbose){


                    echo "\n\n" . $query ."\n";


                }


                $this->dbmaster->query($query); // ignore the error


                $this->dbmaster->query($query, $value['user'], $host); // ignore the error




                //* Create the ISPConfig database user in the remote database


                $query = "GRANT SELECT ON ".$value['db'].".`server` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.server', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }




                $query = "GRANT SELECT, INSERT ON ".$value['db'].".`sys_log` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT, INSERT ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.sys_log', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }




                $query = "GRANT SELECT, UPDATE(`status`, `error`) ON ".$value['db'].".`sys_datalog` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT, UPDATE(`status`, `error`) ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.sys_datalog', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }




                $query = "GRANT SELECT, UPDATE(`status`) ON ".$value['db'].".`software_update_inst` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT, UPDATE(`status`) ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.software_update_inst', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }




                $query = "GRANT SELECT, UPDATE(`updated`) ON ".$value['db'].".`server` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT, UPDATE(`updated`) ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.server', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }




                $query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`, `ssl_key`) ON ".$value['db'].".`web_domain` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT, UPDATE (`ssl_request`, `ssl_cert`, `ssl_action`, `ssl_key`) ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.web_domain', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }




                $query = "GRANT SELECT ON ".$value['db'].".`sys_group` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.sys_group', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }




                $query = "GRANT SELECT, UPDATE (`action_state`, `response`) ON ".$value['db'].".`sys_remoteaction` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT, UPDATE (`action_state`, `response`) ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.sys_remoteaction', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }




                $query = "GRANT SELECT, INSERT , DELETE ON ".$value['db'].".`monitor_data` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT, INSERT , DELETE ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.monitor_data', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }




                $query = "GRANT SELECT, INSERT, UPDATE ON ".$value['db'].".`mail_traffic` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT, INSERT, UPDATE ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.mail_traffic', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }




                $query = "GRANT SELECT, INSERT, UPDATE ON ".$value['db'].".`web_traffic` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT, INSERT, UPDATE ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.web_traffic', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }




                $query = "GRANT SELECT, UPDATE, DELETE ON ".$value['db'].".`aps_instances` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT, UPDATE, DELETE ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.aps_instances', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }


                


                $query = "GRANT SELECT, DELETE ON ".$value['db'].".`aps_instances_settings` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT, DELETE ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.aps_instances_settings', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }




                $query = "GRANT SELECT, INSERT, DELETE ON ".$value['db'].".`web_backup` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT, INSERT, DELETE ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.web_backup', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }




                $query = "GRANT SELECT, INSERT, DELETE ON ".$value['db'].".`mail_backup` TO '".$value['user']."'@'".$host."' ";


                $query = "GRANT SELECT, INSERT, DELETE ON ?? TO ?@?";


                if ($verbose){


                    echo $query ."\n";


                }


                if(!$this->dbmaster->query($query)) {


                if(!$this->dbmaster->query($query, $value['db'] . '.mail_backup', $value['user'], $host)) {


                    $this->warning('Unable to set rights of user in master database: '.$value['db']."\n Query: ".$query."\n Error: ".$this->dbmaster->errorMessage);


                }


            }


@@ -530,7 +527,7 @@


            /*


         * It is all done. Relod the rights...


         */


            $this->dbmaster->query('FLUSH PRIVILEGES;');


            $this->dbmaster->query('FLUSH PRIVILEGES');


        }




    }


@@ -735,7 +732,7 @@


        if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");




        //* These postconf commands will be executed on installation and update


        $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM `" . $this->db->quote($conf["mysql"]["database"]) . "`.`server` WHERE server_id = ".$conf['server_id']);


        $server_ini_rec = $this->db->queryOneRecord("SELECT config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);


        $server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));


        unset($server_ini_rec);




@@ -983,7 +980,7 @@


        


        // check if virtual_transport must be changed


        if ($this->is_update) {


            $tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);


            $tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);


            $ini_array = ini_to_array(stripslashes($tmp['config']));


            // ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()


            


@@ -1259,18 +1256,18 @@


        global $conf;




        //* Create the database


        if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['powerdns']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {


        if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {


            $this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');


        }




        //* Create the ISPConfig database user in the local database


        $query = "GRANT ALL ON `".$conf['powerdns']['database']."` . * TO '".$conf['mysql']['ispconfig_user']."'@'localhost';";


        if(!$this->db->query($query)) {


        $query = "GRANT ALL ON ?? TO ?@'localhost'";


        if(!$this->db->query($query, $conf['powerdns']['database'] . '.*', $conf['mysql']['ispconfig_user'])) {


            $this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);


        }




        //* Reload database privelages


        $this->db->query('FLUSH PRIVILEGES;');


        $this->db->query('FLUSH PRIVILEGES');




        //* load the powerdns databse dump


        if($conf['mysql']['admin_password'] == '') {


@@ -1333,7 +1330,7 @@


        if(!@is_dir('/etc/metronome/status')) mkdir('/etc/metronome/status', 0755, true);


        unlink('/etc/metronome/metronome.cfg.lua');




        $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"]."");


        $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $conf["server_id"]);


        $server_name = $row["server_name"];




        $tpl = new tpl('metronome_conf_main.master');


@@ -1492,7 +1489,7 @@


        $tpl = new tpl('apache_ispconfig.conf.master');


        $tpl->setVar('apache_version',getapacheversion());


        


        $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");


        $records = $this->db->queryAllRecords("SELECT * FROM ?? WHERE server_id = ? AND virtualhost = 'y'", $conf['mysql']['master_database'] . '.server_ip', $conf['server_id']);


        $ip_addresses = array();


        


        if(is_array($records) && count($records) > 0) {


@@ -1575,36 +1572,6 @@


        //* add a sshusers group


        $command = 'groupadd sshusers';


        if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");




        /*


        $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"]."");


        $ip_address = gethostbyname($row["server_name"]);


        $server_name = $row["server_name"];




        //setup proxy.conf


        $configfile = 'proxy.conf';


        if(is_file($conf["nginx"]["config_dir"].'/'.$configfile)) copy($conf["nginx"]["config_dir"].'/'.$configfile,$conf["nginx"]["config_dir"].'/'.$configfile.'~');


        if(is_file($conf["nginx"]["config_dir"].'/'.$configfile.'~')) exec('chmod 400 '.$conf["nginx"]["config_dir"].'/'.$configfile.'~');


        $content = rf("tpl/nginx_".$configfile.".master");


        wf($conf["nginx"]["config_dir"].'/'.$configfile,$content);


        exec('chmod 600 '.$conf["nginx"]["config_dir"].'/'.$configfile);


        exec('chown root:root '.$conf["nginx"]["config_dir"].'/'.$configfile);




        //setup conf.d/cache.conf


        $configfile = 'cache.conf';


        if(is_file($conf["nginx"]["config_dir"].'/conf.d/'.$configfile)) copy($conf["nginx"]["config_dir"].'/conf.d/'.$configfile,$conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~');


        if(is_file($conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~')) exec('chmod 400 '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile.'~');


        $content = rf("tpl/nginx_".$configfile.".master");


        wf($conf["nginx"]["config_dir"].'/conf.d/'.$configfile,$content);


        exec('chmod 600 '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile);


        exec('chown root:root '.$conf["nginx"]["config_dir"].'/conf.d/'.$configfile);




        //setup cache directories


        mkdir('/var/cache/nginx/cache');


        exec('chown www-data:www-data /var/cache/nginx/cache');


        mkdir('/var/cache/nginx/temp');


        exec('chown www-data:www-data /var/cache/nginx/temp');


        */


    }




    public function configure_fail2ban() {


@@ -1614,7 +1581,7 @@


    public function configure_squid()


    {


        global $conf;


        $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$conf["server_id"]."");


        $row = $this->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $conf["server_id"]);


        $ip_address = gethostbyname($row["server_name"]);


        $server_name = $row["server_name"];




@@ -1661,7 +1628,7 @@


        $tcp_public_services = '';


        $udp_public_services = '';




        $row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));


        $row = $this->db->queryOneRecord('SELECT * FROM ?? WHERE server_id = ?', $conf["mysql"]["database"] . '.firewall', $conf['server_id']);




        if(trim($row['tcp_port']) != '' || trim($row['udp_port']) != '') {


            $tcp_public_services = trim(str_replace(',', ' ', $row['tcp_port']));


@@ -1673,7 +1640,7 @@




        if(!stristr($tcp_public_services, $conf['apache']['vhost_port'])) {


            $tcp_public_services .= ' '.intval($conf['apache']['vhost_port']);


            if($row['tcp_port'] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ',".intval($conf['apache']['vhost_port'])."' WHERE server_id = ".intval($conf['server_id']));


            if($row['tcp_port'] != '') $this->db->query("UPDATE firewall SET tcp_port = tcp_port + ? WHERE server_id = ?", ',' . intval($conf['apache']['vhost_port']), $conf['server_id']);


        }




        $content = str_replace('{TCP_PUBLIC_SERVICES}', $tcp_public_services, $content);


@@ -2100,13 +2067,11 @@


        $firewall_server_enabled = ($conf['services']['firewall'])?1:0;


        $xmpp_server_enabled = ($conf['services']['xmpp'])?1:0;




        $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled', xmpp_server = '.$xmpp_server_enabled.' WHERE server_id = ".intval($conf['server_id']);


        $sql = "UPDATE `server` SET mail_server = '$mail_server_enabled', web_server = '$web_server_enabled', dns_server = '$dns_server_enabled', file_server = '$file_server_enabled', db_server = '$db_server_enabled', vserver_server = '$vserver_server_enabled', proxy_server = '$proxy_server_enabled', firewall_server = '$firewall_server_enabled', xmpp_server = '.$xmpp_server_enabled.' WHERE server_id = ?";




        $this->db->query($sql, $conf['server_id']);


        if($conf['mysql']['master_slave_setup'] == 'y') {


            $this->dbmaster->query($sql);


            $this->db->query($sql);


        } else {


            $this->db->query($sql);


            $this->dbmaster->query($sql, $conf['server_id']);


        }






@@ -2485,6 +2450,32 @@




    }


    


    public function create_mount_script(){


        global $app, $conf;


        $mount_script = '/usr/local/ispconfig/server/scripts/backup_dir_mount.sh';


        $mount_command = '';


		


        if(is_file($mount_script)) return;


        if(is_file('/etc/rc.local')){


            $rc_local = file('/etc/rc.local');


            if(is_array($rc_local) && !empty($rc_local)){


                foreach($rc_local as $line){


                    $line = trim($line);


                    if(substr($line, 0, 1) == '#') continue;


                    if(strpos($line, 'sshfs') !== false && strpos($line, '/var/backup') !== false){


                        $mount_command = "#!/bin/sh\n\n";


                        $mount_command .= $line."\n\n";


                        file_put_contents($mount_script, $mount_command);


                        chmod($mount_script, 0755);


                        chown($mount_script, 'root');


                        chgrp($mount_script, 'root');


                        break;


                    }


                }


            }


        }


    }


	


    // This function is called at the end of the update process and contains code to clean up parts of old ISPCONfig releases


    public function cleanup_ispconfig() {


        global $app,$conf;




 install/lib/mysql.lib.php


@@ -1,190 +1,499 @@


<?php




/*


Copyright (c) 2007, Till Brehm, projektfarm Gmbh


All rights reserved.


   Copyright (c) 2005, Till Brehm, projektfarm Gmbh


   All rights reserved.




Redistribution and use in source and binary forms, with or without modification,


are permitted provided that the following conditions are met:


   Redistribution and use in source and binary forms, with or without modification,


   are permitted provided that the following conditions are met:




    * Redistributions of source code must retain the above copyright notice,


      this list of conditions and the following disclaimer.


    * Redistributions in binary form must reproduce the above copyright notice,


      this list of conditions and the following disclaimer in the documentation


      and/or other materials provided with the distribution.


    * Neither the name of ISPConfig nor the names of its contributors


      may be used to endorse or promote products derived from this software without


      specific prior written permission.


 * Redistributions of source code must retain the above copyright notice,


 this list of conditions and the following disclaimer.


 * Redistributions in binary form must reproduce the above copyright notice,


 this list of conditions and the following disclaimer in the documentation


 and/or other materials provided with the distribution.


 * Neither the name of ISPConfig nor the names of its contributors


 may be used to endorse or promote products derived from this software without


 specific prior written permission.




THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND


ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED


WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.


IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,


INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,


BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,


DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY


OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING


NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,


EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


*/


 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND


 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED


 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.


 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,


 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,


 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,


 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY


 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING


 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,


 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


 */




class db


class db extends mysqli


{


    var $dbHost = "";    // hostname of the MySQL server


    var $dbName = "";    // logical database name on that server


    var $dbUser = "";    // database authorized user


    var $dbPass = "";    // user's password


    var $dbCharset = "";      // what charset comes and goes to mysql: utf8 / latin1


    var $linkId = false;    // last result of mysql_connect()


    var $queryId = 0;    // last result of mysql_query()


    var $record = array();   // last record fetched


    var $autoCommit = 1;      // Autocommit Transactions


    var $currentRow;    // current row number


    var $errorNumber = 0;   // last error number


    var $errorMessage = "";   // last error message


    var $errorLocation = "";  // last error location


    var $show_error_messages = false;


    /**#@+


     * @access private


     */


    private $_iQueryId;


    private $_iConnId;




    // constructor


    function db()


    {


    private $dbHost = '';  // hostname of the MySQL server


    private $dbName = '';  // logical database name on that server


    private $dbUser = '';  // database authorized user


    private $dbPass = '';  // user's password


    private $dbCharset = 'utf8';// Database charset


    private $dbNewLink = false; // Return a new linkID when connect is called again


    private $dbClientFlags = 0; // MySQL Client falgs


    /**#@-*/




    public $show_error_messages = false; // false in server, true in interface






    /* old things - unused now ////


    private $linkId = 0;  // last result of mysqli_connect()


    private $queryId = 0;  // last result of mysqli_query()


    private $record = array(); // last record fetched


    private $autoCommit = 1;    // Autocommit Transactions


    private $currentRow;  // current row number


    public $errorNumber = 0; // last error number


    public $errorMessage = ''; // last error message


    private $errorLocation = '';// last error location


    private $isConnected = false; // needed to know if we have a valid mysqli object from the constructor


    ////


    */




    public function __destruct() {


        if($this->_iConnId) mysqli_close($this->_iConnId);


    }


	


    private function do_connect() {


        global $conf;


		


        if($this->_iConnId) return true;


        $this->dbHost = $conf["mysql"]["host"];


        //$this->dbName = $conf["mysql"]["database"];


        $this->dbName = false;//$conf["mysql"]["database"];


        $this->dbUser = $conf["mysql"]["admin_user"];


        $this->dbPass = $conf["mysql"]["admin_password"];


        $this->dbCharset = $conf["mysql"]["charset"];


        //$this->connect();


    }


        $this->dbNewLink = false;


        $this->dbClientFlags = null;


		


        $this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);


        $try = 0;


        while((!is_object($this->_iConnId) || mysqli_connect_error()) && $try < 5) {


            if($try > 0) sleep(1);




    // error handler


    function updateError($location)


    {


        $this->errorNumber = mysqli_errno($this->linkId);


        $this->errorMessage = mysqli_error($this->linkId);


        $this->errorLocation = $location;


        if($this->errorNumber && $this->show_error_messages)


        {


            echo '<br /><b>'.$this->errorLocation.'</b><br />'.$this->errorMessage;


            flush();


            $try++;


            $this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);


        }




        if(!is_object($this->_iConnId) || mysqli_connect_error()) {


            $this->_iConnId = null;


            $this->_sqlerror('Zugriff auf Datenbankserver fehlgeschlagen! / Database server not accessible!');


            return false;


        }


		


        if($this->dbName) $this->setDBName($this->dbName);




        $this->_setCharset();


    }


	


    public function setDBData($host, $user, $password) {


        $this->dbHost = $host;


        $this->dbUser = $user;


        $this->dbPass = $password;


    }


	


    public function setDBName($name) {


        $this->dbName = $name;


        if(!((bool)mysqli_query( $this->_iConnId, 'USE `' . $this->dbName . '`'))) {


            $this->close();


            $this->_sqlerror('Datenbank nicht gefunden / Database not found');


            return false;


        }


    }


	


    public function close() {


        if($this->_iConnId) mysqli_close($this->_iConnId);


        $this->_iConnId = null;


    }




    function connect()


    {


        if(!$this->linkId)


        {


            $this->linkId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);


    /* This allows our private variables to be "read" out side of the class */


    public function __get($var) {


        return isset($this->$var) ? $this->$var : NULL;


    }




            if(!$this->linkId)


            {


                $this->updateError('DB::connect()<br />mysqli_connect');


                return false;


    public function _build_query_string($sQuery = '') {


        $iArgs = func_num_args();


        if($iArgs > 1) {


            $aArgs = func_get_args();




            if($iArgs == 3 && $aArgs[1] === true && is_array($aArgs[2])) {


                $aArgs = $aArgs[2];


                $iArgs = count($aArgs);


            } else {


                array_shift($aArgs); // delete the query string that is the first arg!


            }


            $this->queryId = @mysqli_query($this->linkId, 'SET NAMES '.$this->dbCharset);




            $iPos = 0;


            $iPos2 = 0;


            foreach($aArgs as $sKey => $sValue) {


                $iPos2 = strpos($sQuery, '??', $iPos2);


                $iPos = strpos($sQuery, '?', $iPos);




                if($iPos === false && $iPos2 === false) break;




                if($iPos2 !== false && ($iPos === false || $iPos2 <= $iPos)) {


                    $sTxt = $this->escape($sValue);




                    if(strpos($sTxt, '.') !== false) {


                        $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);


                        $sTxt = str_replace('.`*`', '.*', $sTxt);


                    } else $sTxt = '`' . $sTxt . '`';




                    $sQuery = substr_replace($sQuery, $sTxt, $iPos2, 2);


                    $iPos2 += strlen($sTxt);


                    $iPos = $iPos2;


                } else {


                    if(is_int($sValue) || is_float($sValue)) {


                        $sTxt = $sValue;


                    } elseif(is_string($sValue) && (strcmp($sValue, '#NULL#') == 0)) {


                        $sTxt = 'NULL';


                    } elseif(is_array($sValue)) {


                        $sTxt = '';


                        foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';


                        $sTxt = '(' . substr($sTxt, 1) . ')';


                        if($sTxt == '()') $sTxt = '(0)';


                    } else {


                        $sTxt = '\'' . $this->escape($sValue) . '\'';


                    }




                    $sQuery = substr_replace($sQuery, $sTxt, $iPos, 1);


                    $iPos += strlen($sTxt);


                    $iPos2 = $iPos;


                }


            }


        }




        return $sQuery;


    }




    /**#@-*/






    /**#@+


     * @access private


     */


    private function _setCharset() {


        mysqli_query($this->_iConnId, 'SET NAMES '.$this->dbCharset);


        mysqli_query($this->_iConnId, "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");


    }




    private function _query($sQuery = '') {


        $this->do_connect();




        if ($sQuery == '') {


            $this->_sqlerror('Keine Anfrage angegeben / No query given');


            return false;


        }




        $try = 0;


        do {


            $try++;


            $ok = mysqli_ping($this->_iConnId);


            if(!$ok) {


                if(!mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, $this->dbName)) {


                    if($this->errorNumber == '111') {


                        // server is not available


                        if($try > 9) {


                            $this->_sqlerror('DB::query -> error connecting');


                            exit;


                        }


                        sleep(30); // additional seconds, please!


                    }




                    if($try > 9) {


                        $this->_sqlerror('DB::query -> reconnect');


                        return false;


                    } else {


                        sleep(($try > 7 ? 5 : 1));


                    }


                } else {


                    $this->_setCharset();


                    $ok = true;


                }


            }


        } while($ok == false);




        $aArgs = func_get_args();


        $sQuery = call_user_func_array(array(&$this, '_build_query_string'), $aArgs);




        $this->_iQueryId = mysqli_query($this->_iConnId, $sQuery);


        if (!$this->_iQueryId) {


            $this->_sqlerror('Falsche Anfrage / Wrong Query', false, 'SQL-Query = ' . $sQuery);


            return false;


        }




        return is_bool($this->_iQueryId) ? $this->_iQueryId : new db_result($this->_iQueryId, $this->_iConnId);


    }




    /**#@-*/












    /**


     * Executes a query


     *


     * Executes a given query string, has a variable amount of parameters:


     * - 1 parameter


     *   executes the given query


     * - 2 parameters


     *   executes the given query, replaces the first ? in the query with the second parameter


     * - 3 parameters


     *   if the 2nd parameter is a boolean true, the 3rd parameter has to be an array containing all the replacements for every occuring ? in the query, otherwise the second parameter replaces the first ?, the third parameter replaces the second ? in the query


     * - 4 or more parameters


     *   all ? in the query are replaced from left to right by the parameters 2 to x


     *


     * @access public


     * @param string  $sQuery query string


     * @param mixed   ... one or more parameters


     * @return db_result the result object of the query


     */






    public function query($sQuery = '') {


        $aArgs = func_get_args();


        return call_user_func_array(array(&$this, '_query'), $aArgs);


    }




    /**


     * Execute a query and get first result array


     *


     * Executes a query and returns the first result row as an array


     * This is like calling $result = $db->query(),  $result->get(), $result->free()


     * Use of this function @see query


     *


     * @access public


     * @param string  $sQuery query to execute


     * @param ...     further params (see query())


     * @return array result row or NULL if none found


     */


    public function queryOneRecord($sQuery = '') {


        if(!preg_match('/limit \d+\s*,\s*\d+$/i', $sQuery)) $sQuery .= ' LIMIT 0,1';




        $aArgs = func_get_args();


        $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);


        if(!$oResult) return null;




        $aReturn = $oResult->get();


        $oResult->free();




        return $aReturn;


    }




    public function queryOne($sQuery = '') {


        return call_user_func_array(array(&$this, 'queryOneRecord'), func_get_args());


    }




    public function query_one($sQuery = '') {


        return call_user_func_array(array(&$this, 'queryOneRecord'), func_get_args());


    }




    /**


     * Execute a query and return all rows


     *


     * Executes a query and returns all result rows in an array


     * <strong>Use this with extreme care!!!</strong> Uses lots of memory on big result sets.


     *


     * @access public


     * @param string  $sQuery query to execute


     * @param ...     further params (see query())


     * @return array all the rows in the result set


     */


    public function queryAllRecords($sQuery = '') {


        $aArgs = func_get_args();


        $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);


        if(!$oResult) return array();




        $aResults = array();


        while($aRow = $oResult->get()) {


            $aResults[] = $aRow;


        }


        $oResult->free();




        return $aResults;


    }




    public function queryAll($sQuery = '') {


        return call_user_func_array(array(&$this, 'queryAllRecords'), func_get_args());


    }




    public function query_all($sQuery = '') {


        return call_user_func_array(array(&$this, 'queryAllRecords'), func_get_args());


    }




    /**


     * Execute a query and return all rows as simple array


     *


     * Executes a query and returns all result rows in an array with elements


     * <strong>Only first column is returned</strong> Uses lots of memory on big result sets.


     *


     * @access public


     * @param string  $sQuery query to execute


     * @param ...     further params (see query())


     * @return array all the rows in the result set


     */


    public function queryAllArray($sQuery = '') {


        $aArgs = func_get_args();


        $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);


        if(!$oResult) return array();




        $aResults = array();


        while($aRow = $oResult->get()) {


            $aResults[] = reset($aRow);


        }


        $oResult->free();




        return $aResults;


    }




    public function query_all_array($sQuery = '') {


        return call_user_func_array(array(&$this, 'queryAllArray'), func_get_args());


    }








    /**


     * Get id of last inserted row


     *


     * Gives you the id of the last inserted row in a table with an auto-increment primary key


     *


     * @access public


     * @return int id of last inserted row or 0 if none


     */


    public function insert_id() {


        $iRes = mysqli_query($this->_iConnId, 'SELECT LAST_INSERT_ID() as `newid`');


        if(!is_object($iRes)) return false;




        $aReturn = mysqli_fetch_assoc($iRes);


        mysqli_free_result($iRes);




        return $aReturn['newid'];


    }








    /**


     * get affected row count


     *


     * Gets the amount of rows affected by the previous query


     *


     * @access public


     * @return int affected rows


     */


    public function affected() {


        if(!is_object($this->_iConnId)) return 0;


        $iRows = mysqli_affected_rows($this->_iConnId);


        if(!$iRows) $iRows = 0;


        return $iRows;


    }








    /**


     * check if a utf8 string is valid


     *


     * @access public


     * @param string  $string the string to check


     * @return bool true if it is valid utf8, false otherwise


     */


    private function check_utf8($str) {


        $len = strlen($str);


        for($i = 0; $i < $len; $i++){


            $c = ord($str[$i]);


            if ($c > 128) {


                if (($c > 247)) return false;


                elseif ($c > 239) $bytes = 4;


                elseif ($c > 223) $bytes = 3;


                elseif ($c > 191) $bytes = 2;


                else return false;


                if (($i + $bytes) > $len) return false;


                while ($bytes > 1) {


                    $i++;


                    $b = ord($str[$i]);


                    if ($b < 128 || $b > 191) return false;


                    $bytes--;


                }


            }


        }


        return true;


    }


    } // end of check_utf8




    function query($queryString)


    {


        if(!$this->connect())


        {


            return false;


    /**


     * Escape a string for usage in a query


     *


     * @access public


     * @param string  $sString query string to escape


     * @return string escaped string


     */


    public function escape($sString) {


        if(!is_string($sString) && !is_numeric($sString)) {


            $sString = '';


        }


        if($this->dbName != '') {


            if(!mysqli_select_db($this->linkId, $this->dbName))


            {


                $this->updateError('DB::connect()<br />mysqli_select_db');


                return false;




        $cur_encoding = mb_detect_encoding($sString);


        if($cur_encoding != "UTF-8") {


            if($cur_encoding != 'ASCII') {


                if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding);


                else $sString = mb_convert_encoding($sString, 'UTF-8');


            }


        } elseif(!$this->check_utf8($sString)) {


            $sString = utf8_encode($sString);


        }


        $this->queryId = @mysqli_query($this->linkId, $queryString);


        $this->updateError('DB::query('.$queryString.')<br />mysqli_query');


        if(!$this->queryId)


        {


            return false;


        }


        $this->currentRow = 0;


        return $this->queryId;




        if($this->_iConnId) return mysqli_real_escape_string($this->_iConnId, $sString);


        else return addslashes($sString);


    }




    // returns all records in an array


    function queryAllRecords($queryString)


    {


        if(!$this->query($queryString))


        {


            return false;


    /**


     *


     *


     * @access private


     */


    private function _sqlerror($sErrormsg = 'Unbekannter Fehler', $sAddMsg = '') {


        global $conf;




        $mysql_error = (is_object($this->_iConnId) ? mysqli_error($this->_iConnId) : mysqli_connect_error());


        $mysql_errno = (is_object($this->_iConnId) ? mysqli_errno($this->_iConnId) : mysqli_connect_errno());




        //$sAddMsg .= getDebugBacktrace();




        if($this->show_error_messages && $conf['demo_mode'] === false) {


            echo $sErrormsg . $sAddMsg;


        }


        $ret = array();


        while($line = $this->nextRecord())


        {


            $ret[] = $line;


        }


        return $ret;


    }




    // returns one record in an array


    function queryOneRecord($queryString)


    {


        if(!$this->query($queryString) || $this->numRows() == 0)


        {


            return false;


        }


        return $this->nextRecord();


    }




    // returns the next record in an array


    function nextRecord()


    {


        $this->record = mysqli_fetch_assoc($this->queryId);


        $this->updateError('DB::nextRecord()<br />mysqli_fetch_array');


        if(!$this->record || !is_array($this->record))


        {


            return false;


        }


        $this->currentRow++;


        return $this->record;


    }




    // returns number of rows returned by the last select query


    function numRows()


    {


        return mysqli_num_rows($this->queryId);


    }




    function affectedRows()


    {


        return mysqli_affected_rows($this->linkId);


    public function affectedRows() {


        return $this->affected();


    }




    // returns mySQL insert id


    function insertID()


    {


        return mysqli_insert_id($this->linkId);


    public function insertID() {


        return $this->insert_id();


    }




    // Check der variablen


    // deprecated, now use quote


    function check($formfield)


    {


        return $this->quote($formfield);




    //* Function to quote strings


    public function quote($formfield) {


        return $this->escape($formfield);


    }




    // Check der variablen


    function quote($formfield)


    {


        return mysqli_real_escape_string($this->linkId, $formfield);


    }




    // Check der variablen


    function unquote($formfield)


    {


    //* Function to unquotae strings


    public function unquote($formfield) {


        return stripslashes($formfield);


    }




    function toLower($record) {


    public function toLower($record) {


        if(is_array($record)) {


            foreach($record as $key => $val) {


                $key = strtolower($key);


@@ -194,7 +503,7 @@


        return $out;


    }






    /* TODO: rewrite SQL */


    function insert($tablename, $form, $debug = 0)


    {


        if(is_array($form)){


@@ -213,7 +522,8 @@


            if($debug == 1) echo "mySQL Error Message: ".$this->errorMessage;


        }


    }




	


    /* TODO: rewrite SQL */


    function update($tablename, $form, $bedingung, $debug = 0)


    {




@@ -230,218 +540,174 @@


        }


    }




    function closeConn() {




    }




    function freeResult() {






    }




    function delete() {




    }




    function Transaction($action) {


        //action = begin, commit oder rollback




    }




    /*


   $columns = array(action =>   add | alter | drop


                    name =>     Spaltenname


                    name_new => neuer Spaltenname, nur bei 'alter' belegt


                    type =>     42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob


                    typeValue => Wert z.B. bei Varchar


                    defaultValue =>  Default Wert


                    notNull =>   true | false


                    autoInc =>   true | false


                    option =>   unique | primary | index)


       $columns = array(action =>   add | alter | drop


       name =>     Spaltenname


       name_new => neuer Spaltenname, nur bei 'alter' belegt


       type =>     42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob


       typeValue => Wert z.B. bei Varchar


       defaultValue =>  Default Wert


       notNull =>   true | false


       autoInc =>   true | false


       option =>   unique | primary | index)






   */




    function createTable($table_name, $columns) {


        $index = "";


        $sql = "CREATE TABLE $table_name (";


     */


    /* TODO: rewrite SQL */


    public function createTable($table_name, $columns) {


        $index = '';


        $sql = "CREATE TABLE ?? (";


        foreach($columns as $col){


            $sql .= $col["name"]." ".$this->mapType($col["type"], $col["typeValue"])." ";


            $sql .= $col['name'].' '.$this->mapType($col['type'], $col['typeValue']).' ';




            if($col["defaultValue"] != "") {


                if($col["defaultValue"] == "NULL" or $col["defaultValue"] == "NOT NULL") {


                    $sql .= "DEFAULT ".$col["defaultValue"]." ";


                } else {


                    $sql .= "DEFAULT '".$col["defaultValue"]."' ";


                }




            } elseif($col["defaultValue"] != false) {


                $sql .= "DEFAULT '' ";


            if($col['defaultValue'] != '') $sql .= "DEFAULT '".$col['defaultValue']."' ";


            if($col['notNull'] == true) {


                $sql .= 'NOT NULL ';


            } else {


                $sql .= 'NULL ';


            }


            if($col["defaultValue"] != "NULL" && $col["defaultValue"] != "NOT NULL") {


                if($col["notNull"] == true) {


                    $sql .= "NOT NULL ";


                } else {


                    $sql .= "NULL ";


                }


            }


            if($col["autoInc"] == true) $sql .= "auto_increment ";


            $sql.= ",";


            if($col['autoInc'] == true) $sql .= 'auto_increment ';


            $sql.= ',';


            // key Definitionen


            if($col["option"] == "primary") $index .= "PRIMARY KEY (".$col["name"]."),";


            if($col["option"] == "index") $index .= "INDEX (".$col["name"]."),";


            if($col["option"] == "unique") $index .= "UNIQUE (".$col["name"]."),";


            if($col['option'] == 'primary') $index .= 'PRIMARY KEY ('.$col['name'].'),';


            if($col['option'] == 'index') $index .= 'INDEX ('.$col['name'].'),';


            if($col['option'] == 'unique') $index .= 'UNIQUE ('.$col['name'].'),';


        }


        $sql .= $index;


        $sql = substr($sql, 0, -1);


        $sql .= ")";




        $this->query($sql);


        $sql .= ')';


        /* TODO: secure parameters */


        $this->query($sql, $table_name);


        return true;


    }




    /*


   $columns = array(action =>   add | alter | drop


                    name =>     Spaltenname


                    name_new => neuer Spaltenname, nur bei 'alter' belegt


                    type =>     42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob


                    typeValue => Wert z.B. bei Varchar


                    defaultValue =>  Default Wert


                    notNull =>   true | false


                    autoInc =>   true | false


                    option =>   unique | primary | index)


       $columns = array(action =>   add | alter | drop


       name =>     Spaltenname


       name_new => neuer Spaltenname, nur bei 'alter' belegt


       type =>     42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob


       typeValue => Wert z.B. bei Varchar


       defaultValue =>  Default Wert


       notNull =>   true | false


       autoInc =>   true | false


       option =>   unique | primary | index)






   */


    function alterTable($table_name, $columns) {


        $index = "";


        $sql = "ALTER TABLE $table_name ";


     */


    /* TODO: rewrite SQL */


    public function alterTable($table_name, $columns) {


        $index = '';


        $sql = "ALTER TABLE ?? ";


        foreach($columns as $col){


            if($col["action"] == 'add') {


                $sql .= "ADD ".$col["name"]." ".$this->mapType($col["type"], $col["typeValue"])." ";


            } elseif ($col["action"] == 'alter') {


                $sql .= "CHANGE ".$col["name"]." ".$col["name_new"]." ".$this->mapType($col["type"], $col["typeValue"])." ";


            } elseif ($col["action"] == 'drop') {


                $sql .= "DROP ".$col["name"]." ";


            if($col['action'] == 'add') {


                $sql .= 'ADD '.$col['name'].' '.$this->mapType($col['type'], $col['typeValue']).' ';


            } elseif ($col['action'] == 'alter') {


                $sql .= 'CHANGE '.$col['name'].' '.$col['name_new'].' '.$this->mapType($col['type'], $col['typeValue']).' ';


            } elseif ($col['action'] == 'drop') {


                $sql .= 'DROP '.$col['name'].' ';


            }


            if($col["action"] != 'drop') {


                if($col["defaultValue"] != "") $sql .= "DEFAULT '".$col["defaultValue"]."' ";


                if($col["notNull"] == true) {


                    $sql .= "NOT NULL ";


            if($col['action'] != 'drop') {


                if($col['defaultValue'] != '') $sql .= "DEFAULT '".$col['defaultValue']."' ";


                if($col['notNull'] == true) {


                    $sql .= 'NOT NULL ';


                } else {


                    $sql .= "NULL ";


                    $sql .= 'NULL ';


                }


                if($col["autoInc"] == true) $sql .= "auto_increment ";


                $sql.= ",";


                // key Definitionen


                if($col["option"] == "primary") $index .= "PRIMARY KEY (".$col["name"]."),";


                if($col["option"] == "index") $index .= "INDEX (".$col["name"]."),";


                if($col["option"] == "unique") $index .= "UNIQUE (".$col["name"]."),";


                if($col['autoInc'] == true) $sql .= 'auto_increment ';


                $sql.= ',';


                // Index definitions


                if($col['option'] == 'primary') $index .= 'PRIMARY KEY ('.$col['name'].'),';


                if($col['option'] == 'index') $index .= 'INDEX ('.$col['name'].'),';


                if($col['option'] == 'unique') $index .= 'UNIQUE ('.$col['name'].'),';


            }


        }


        $sql .= $index;


        $sql = substr($sql, 0, -1);




        /* TODO: secure parameters */


        //die($sql);


        $this->query($sql);


        $this->query($sql, $table_name);


        return true;


    }




    function dropTable($table_name) {


    public function dropTable($table_name) {


        $this->check($table_name);


        $sql = "DROP TABLE '". $table_name."'";


        return $this->query($sql);


        $sql = "DROP TABLE ??";


        return $this->query($sql, $table_name);


    }




    // gibt Array mit Tabellennamen zur�ck


    function getTables($database_name = '') {




        if($database_name == ''){


            $database_name = $this->dbName;


        }




        $tables = $this->queryAllRecords("SHOW TABLES FROM `$database_name`");


        $tb_names = array();


        if(is_array($tables) && !empty($tables)){


            for($i = 0; $i < sizeof($tables); $i++){


                $tb_names[$i] = $tables[$i]['Tables_in_'.$database_name];


            }


        }




        /*


        $result = mysqli_query("SHOW TABLES FROM `$database_name`");


        $tb_names = array();


        for ($i = 0; $i < mysqli_num_rows($result); $i++) {


            $tb_names[$i] = mysql_tablename($result, $i);


        }


        */


    public function getTables($database_name = '') {


        if(!is_object($this->_iConnId)) return false;


        if($database_name == '') $database_name = $this->dbName;


        $tb_names = $this->queryAllArray("SHOW TABLES FROM ??", $database_name);


        return $tb_names;


    }




    // gibt Feldinformationen zur Tabelle zur�ck


    /*


   $columns = array(action =>   add | alter | drop


                    name =>     Spaltenname


                    name_new => neuer Spaltenname, nur bei 'alter' belegt


                    type =>     42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob


                    typeValue => Wert z.B. bei Varchar


                    defaultValue =>  Default Wert


                    notNull =>   true | false


                    autoInc =>   true | false


                    option =>   unique | primary | index)


       $columns = array(action =>   add | alter | drop


       name =>     Spaltenname


       name_new => neuer Spaltenname, nur bei 'alter' belegt


       type =>     42go-Meta-Type: int16, int32, int64, double, char, varchar, text, blob


       typeValue => Wert z.B. bei Varchar


       defaultValue =>  Default Wert


       notNull =>   true | false


       autoInc =>   true | false


       option =>   unique | primary | index)






   */




     */


    /* TODO: rewrite SQL */


    function tableInfo($table_name) {




        global $go_api, $go_info;


        // Tabellenfelder einlesen




        if($rows = $go_api->db->queryAllRecords("SHOW FIELDS FROM ".$table_name)){


        if($rows = $go_api->db->queryAllRecords('SHOW FIELDS FROM ??', $table_name)){


            foreach($rows as $row) {


                $name = $row[0];


                $default = $row[4];


                $key = $row[3];


                $extra = $row[5];


                $isnull = $row[2];


                $type = $row[1];


                $name = $row['Field'];


                $default = $row['Default'];


                $key = $row['Key'];


                $extra = $row['Extra'];


                $isnull = $row['Null'];


                $type = $row['Type'];






                $column = array();




                $column["name"] = $name;


                //$column["type"] = $type;


                $column["defaultValue"] = $default;


                if(stristr($key, "PRI")) $column["option"] = "primary";


                if(stristr($isnull, "YES")) {


                    $column["notNull"] = false;


                $column['name'] = $name;


                //$column['type'] = $type;


                $column['defaultValue'] = $default;


                if(stristr($key, 'PRI')) $column['option'] = 'primary';


                if(stristr($isnull, 'YES')) {


                    $column['notNull'] = false;


                } else {


                    $column["notNull"] = true;


                    $column['notNull'] = true;


                }


                if($extra == 'auto_increment') $column["autoInc"] = true;


                if($extra == 'auto_increment') $column['autoInc'] = true;






                // Type in Metatype umsetzen




                if(stristr($type, "int(")) $metaType = 'int32';


                if(stristr($type, "bigint")) $metaType = 'int64';


                if(stristr($type, "char")) {


                if(stristr($type, 'int(')) $metaType = 'int32';


                if(stristr($type, 'bigint')) $metaType = 'int64';


                if(stristr($type, 'char')) {


                    $metaType = 'char';


                    $tmp_typeValue = explode('(', $type);


                    $column["typeValue"] = substr($tmp_typeValue[1], 0, -1);


                    $column['typeValue'] = substr($tmp_typeValue[1], 0, -1);


                }


                if(stristr($type, "varchar")) {


                if(stristr($type, 'varchar')) {


                    $metaType = 'varchar';


                    $tmp_typeValue = explode('(', $type);


                    $column["typeValue"] = substr($tmp_typeValue[1], 0, -1);


                    $column['typeValue'] = substr($tmp_typeValue[1], 0, -1);


                }


                if(stristr($type, "text")) $metaType = 'text';


                if(stristr($type, "double")) $metaType = 'double';


                if(stristr($type, "blob")) $metaType = 'blob';


                if(stristr($type, 'text')) $metaType = 'text';


                if(stristr($type, 'double')) $metaType = 'double';


                if(stristr($type, 'blob')) $metaType = 'blob';






                $column["type"] = $metaType;


                $column['type'] = $metaType;




                $columns[] = $column;


            }


@@ -452,7 +718,7 @@




    }




    function mapType($metaType, $typeValue) {


    public function mapType($metaType, $typeValue) {


        global $go_api;


        $metaType = strtolower($metaType);


        switch ($metaType) {


@@ -472,7 +738,7 @@


            return 'char';


            break;


        case 'varchar':


            if($typeValue < 1) die("Datenbank Fehler: F�r diesen Datentyp ist eine L�ngenangabe notwendig.");


            if($typeValue < 1) die('Database failure: Lenght required for these data types.');


            return 'varchar('.$typeValue.')';


            break;


        case 'text':


@@ -486,4 +752,238 @@




}




/**


 * database query result class


 *


 * @package pxFramework


 *


 */


class db_result {




    /**


     *


     *


     * @access private


     */


    private $_iResId = null;


    private $_iConnection = null;








    /**


     *


     *


     * @access private


     */


    public function db_result($iResId, $iConnection) {


        $this->_iResId = $iResId;


        $this->_iConnection = $iConnection;


    }








    /**


     * get count of result rows


     *


     * Returns the amount of rows in the result set


     *


     * @access public


     * @return int amount of rows


     */


    public function rows() {


        if(!is_object($this->_iResId)) return 0;


        $iRows = mysqli_num_rows($this->_iResId);


        if(!$iRows) $iRows = 0;


        return $iRows;


    }








    /**


     * Get number of affected rows


     *


     * Returns the amount of rows affected by the previous query


     *


     * @access public


     * @return int amount of affected rows


     */


    public function affected() {


        if(!is_object($this->_iConnection)) return 0;


        $iRows = mysqli_affected_rows($this->_iConnection);


        if(!$iRows) $iRows = 0;


        return $iRows;


    }








    /**


     * Frees the result set


     *


     * @access public


     */


    public function free() {


        if(!is_object($this->_iResId)) return;




        mysqli_free_result($this->_iResId);


        return;


    }








    /**


     * Get a result row (associative)


     *


     * Returns the next row in the result set. To be used in a while loop like while($currow = $result->get()) { do something ... }


     *


     * @access public


     * @return array result row


     */


    public function get() {


        $aItem = null;




        if(is_object($this->_iResId)) {


            $aItem = mysqli_fetch_assoc($this->_iResId);


            if(!$aItem) $aItem = null;


        }


        return $aItem;


    }








    /**


     * Get a result row (array with numeric index)


     *


     * @access public


     * @return array result row


     */


    public function getAsRow() {


        $aItem = null;




        if(is_object($this->_iResId)) {


            $aItem = mysqli_fetch_row($this->_iResId);


            if(!$aItem) $aItem = null;


        }


        return $aItem;


    }




}




/**


 * database query result class


 *


 * emulates a db result set out of an array so you can use array results and db results the same way


 *


 * @package pxFramework


 * @see db_result


 *


 *


 */


class fakedb_result {




    /**


     *


     *


     * @access private


     */


    private $aResultData = array();




    /**


     *


     *


     * @access private


     */


    private $aLimitedData = array();








    /**


     *


     *


     * @access private


     */


    public function fakedb_result($aData) {


        $this->aResultData = $aData;


        $this->aLimitedData = $aData;


        reset($this->aLimitedData);


    }








    /**


     * get count of result rows


     *


     * Returns the amount of rows in the result set


     *


     * @access public


     * @return int amount of rows


     */


    // Gibt die Anzahl Zeilen zurück


    public function rows() {


        return count($this->aLimitedData);


    }








    /**


     * Frees the result set


     *


     * @access public


     */


    // Gibt ein Ergebnisset frei


    public function free() {


        $this->aResultData = array();


        $this->aLimitedData = array();


        return;


    }








    /**


     * Get a result row (associative)


     *


     * Returns the next row in the result set. To be used in a while loop like while($currow = $result->get()) { do something ... }


     *


     * @access public


     * @return array result row


     */


    // Gibt eine Ergebniszeile zurück


    public function get() {


        $aItem = null;




        if(!is_array($this->aLimitedData)) return $aItem;




        if(list($vKey, $aItem) = each($this->aLimitedData)) {


            if(!$aItem) $aItem = null;


        }


        return $aItem;


    }








    /**


     * Get a result row (array with numeric index)


     *


     * @access public


     * @return array result row


     */


    public function getAsRow() {


        return $this->get();


    }








    /**


     * Limit the result (like a LIMIT x,y in a SQL query)


     *


     * @access public


     * @param int     $iStart offset to start read


     * @param int     iLength amount of datasets to read


     */


    public function limit_result($iStart, $iLength) {


        $this->aLimitedData = array_slice($this->aResultData, $iStart, $iLength, true);


    }




}






?>




 install/lib/update.lib.php


@@ -124,7 +124,7 @@


    global $inst, $conf;




    //* Update $conf array with values from the server.ini that shall be preserved


    $tmp = $inst->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);


    $tmp = $inst->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);


    $ini_array = ini_to_array(stripslashes($tmp['config']));


    $current_db_version = (isset($tmp['dbversion']))?intval($tmp['dbversion']):0;




@@ -218,8 +218,8 @@


        }




        //* update the database version in server table


        $inst->db->query("UPDATE ".$conf["mysql"]["database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);


        if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ".$conf["mysql"]["master_database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);


        $inst->db->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $current_db_version, $conf['server_id']);


        if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["master_database"] . ".server", $current_db_version, $conf['server_id']);






        //* If ISPConfig Version < 3.0.3, we will do a full db update


@@ -228,7 +228,7 @@


        swriteln($inst->lng('Starting full database update.'));




        //** Delete the old database


        if( !$inst->db->query('DROP DATABASE IF EXISTS '.$conf['mysql']['database']) ) {


        if( !$inst->db->query('DROP DATABASE IF EXISTS ??', $conf['mysql']['database']) ) {


            $inst->error('Unable to drop MySQL database: '.$conf['mysql']['database'].'.');


        }




@@ -239,7 +239,7 @@


        $db_tables = $inst->db->getTables();




        foreach($db_tables as $table) {


            $inst->db->query("TRUNCATE $table");


            $inst->db->query("TRUNCATE ??", $table);


        }




        //** load old data back into database


@@ -262,15 +262,15 @@


        }




        //* update the database version in server table


        $inst->db->query("UPDATE ".$conf["mysql"]["database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);


        if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ".$conf["mysql"]["master_database"].".server SET dbversion = '".$current_db_version."' WHERE server_id = ".$conf['server_id']);


        $inst->db->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $current_db_version, $conf['server_id']);


        if($inst->db->dbHost != $inst->dbmaster->dbHost) $inst->dbmaster->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["master_database"] . ".server", $current_db_version, $conf['server_id']);




        if ($conf['powerdns']['installed']) {




            swriteln($inst->lng('Starting full PowerDNS database update.'));




            //** Delete the old PowerDNS database


            if( !$inst->db->query('DROP DATABASE IF EXISTS '.$conf['powerdns']['database']) ) {


            if( !$inst->db->query('DROP DATABASE IF EXISTS ??', $conf['powerdns']['database']) ) {


                $inst->error('Unable to drop MySQL database: '.$conf['powerdns']['database'].'.');


            }




@@ -288,7 +288,7 @@






    //** Update server ini


    $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);


    $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $conf['server_id']);


    $old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config']));


    unset($tmp_server_rec);


    $tpl_ini_array = ini_to_array(rf('tpl/server.ini.master'));


@@ -344,12 +344,12 @@


    }




    $new_ini = array_to_ini($tpl_ini_array);


    $sql = "UPDATE ".$conf["mysql"]["database"].".server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id'];


    $inst->db->query($sql);


    $sql = "UPDATE ?? SET config = ? WHERE server_id = ?";


    $inst->db->query($sql, $conf["mysql"]["database"] . ".server", $new_ini, $conf['server_id']);




    if($inst->db->dbHost != $inst->dbmaster->dbHost) {


        $sql = "UPDATE ".$conf["mysql"]["master_database"].".server SET config = '".mysql_real_escape_string($new_ini)."' WHERE server_id = ".$conf['server_id'];


        $inst->dbmaster->query($sql);


        $sql = "UPDATE ?? SET config = ? WHERE server_id = ?";


        $inst->dbmaster->query($sql, $conf["mysql"]["master_database"].".server", $new_ini, $conf['server_id']);


    }


    unset($old_ini_array);


    unset($tpl_ini_array);


@@ -357,7 +357,7 @@






    //** Update system ini


    $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ".$conf["mysql"]["database"].".sys_ini WHERE sysini_id = 1");


    $tmp_server_rec = $inst->db->queryOneRecord("SELECT config FROM ?? WHERE sysini_id = 1", $conf["mysql"]["database"] . ".sys_ini");


    $old_ini_array = ini_to_array(stripslashes($tmp_server_rec['config']));


    unset($tmp_server_rec);


    $tpl_ini_array = ini_to_array(rf('tpl/system.ini.master'));


@@ -372,11 +372,11 @@


    }




    $new_ini = array_to_ini($tpl_ini_array);


    $tmp = $inst->db->queryOneRecord('SELECT count(sysini_id) as number FROM '.$conf["mysql"]["database"].'.sys_ini WHERE 1');


    $tmp = $inst->db->queryOneRecord('SELECT count(sysini_id) as number FROM ?? WHERE 1', $conf["mysql"]["database"] . '.sys_ini');


    if($tmp['number'] == 0) {


        $inst->db->query("INSERT INTO ".$conf["mysql"]["database"].".sys_ini (sysini_id, config) VALUES (1,'".mysql_real_escape_string($new_ini)."')");


        $inst->db->query("INSERT INTO ?? (sysini_id, config) VALUES (1,?)", $conf["mysql"]["database"] . ".sys_ini", $new_ini);


    } else {


        $inst->db->query("UPDATE ".$conf["mysql"]["database"].".sys_ini SET config = '".mysql_real_escape_string($new_ini)."' WHERE sysini_id = 1");


        $inst->db->query("UPDATE ?? SET config = ? WHERE sysini_id = 1", $conf["mysql"]["database"] . ".sys_ini", $new_ini);


    }


    unset($old_ini_array);


    unset($tpl_ini_array);


@@ -385,4 +385,24 @@








function setDefaultServers(){


    global $inst, $conf;


	


    // clients


    $clients = $inst->db->queryAllRecords("SELECT * FROM ".$conf["mysql"]["database"].".client");


    if(is_array($clients) && !empty($clients)){


        foreach($clients as $client){


            // mailserver


            if(trim($client['mail_servers']) == '') $inst->db->query("UPDATE ?? SET mail_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_mailserver']), $client['client_id']);


            // webserver


            if(trim($client['web_servers']) == '') $inst->db->query("UPDATE ?? SET web_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_webserver']), $client['client_id']);


            // dns server


            if(trim($client['dns_servers']) == '') $inst->db->query("UPDATE ?? SET dns_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_dnsserver']), $client['client_id']);


            // db server


            if(trim($client['db_servers']) == '') $inst->db->query("UPDATE ?? SET db_servers = ? WHERE client_id = ?", $conf["mysql"]["database"].".client", trim($client['default_dbserver']), $client['client_id']);


        }


    }


	


}




?>




 install/sql/incremental/upd_dev_collection.sql


@@ -20,7 +20,7 @@


refresh=7200


retry=540


expire=604800


minimum=86400


minimum=3600


ttl=3600




[DNS_RECORDS]


@@ -135,3 +135,10 @@


) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;




-- --------------------------------------------------------




UPDATE `dbispconfig`.`sys_ini` SET `default_logo` = 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAABBCAYAAACU5+uOAAAItUlEQVR42u1dCWwVVRStUJZCK6HsFNAgWpaCJkKICZKApKUFhURQpEnZF4EEUJZYEEpBIamgkQpUQBZRW7YCBqQsggsQEAgKLbIGCYsSCNqyQ8D76h18Hd/MvJk/n/bXc5KT+TNz79vPzNv+/2FhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAe++s0akTsRZxMnE6cGkKcxkwhPofaBPwWRzxxB/EO8UGI8xhxEGoV8EscY8qBKFRcgdoFAhXHC+VUHAbHo5aBQASyrZwL5DoxEjUNeBXI9XIuEMEE1DTgVSA3FA3qIDEtBLnTQiBDUNOAV4EUKhpURojmZQQEAjwKgSwK0bykWQgEU74ABAKBABAIBOIJffoNrkRsS0whDiMO5uNw4gBiSxvfGOJrbDtMOgr2JNa18HmZmETsopnGp4h9xdF0TcQRb8NEPkawTzv2qaWIoybnZYRUBoJD+difGAuBlCy0qsRM4mfERcTFfGygsBUF/xFxE/EQ8RixwIbi/j7il8R3iE8qwuxAXMJxuuFiTvNMYleb/E0gXiI+cOBaISTJrzLxcw2/+8Q5pjjfNNkM0RDILLadpbimw+bsc4DPkxRpuqkZ1orisoBAiguuhkUhPSvZRBA3u6gsK94g9jDFP9aHcAV3EKNNYX8i3RcNJ4M4nTiROJCYykIzbGZKvouk68vYbyS/cUbz+RrJZpzkO5Sv3eajaJhRDvUwg21nKK4VcF5WKPgFH6PZZw/7dJXC6S6lczunfbIQLpeDkZ+lJcoCAikuvChioaLBtfD4JHPiXSFKKexBPoa9Wwr3ael6skMZDGO7K3z+uOSb5OA7mu2KiOGmPH3ADVh8/sohnDS2S1NcG+uiO/kd+8RL146YRWzj359tb0Eg+gIpsHkjFNrQqiF3DZJABDtyuCP5/FuNRlHN8Ofz9nx+XLNR3jR1c4w8TSFGSmnr4FEgU7wKhI51jAeTpv+/ZQGBOAuEu1d/Ku6LV35t9rdigkUjHuMgkHPEecQsxdjjUx4zHbMI+10OdzqfZ2o0iiqSfzgPfMXnzZqN6iTbJ5jytMTU0E97FEhaAAJ5kc/PuJjQOCoIgegJpKbUl5b5vGaBT+A+vOgn5/JYIdFBIOs1wo1kIZl93+P70/h8oUZYFXkmKInPU9h3m2YeT8lvRilPyyWbi3xt4iMWSDc+P4lp3uAIRDxdryjui6dmuujXcr91IDcMmaJv31WISfTrLeJXCUT3yb1a4Ztmalyu61MaZG/XtD9tapRGnpZKNp2lNNZ3KZARAQgk3untBYEEPgbJ92FsIAax34v1AQ2B5Go2BlW60n0QyCC/BWISdJ5LgewWU8k86DdTzMyNh0BKVyAzfB5I93YQyBGeTlW9lQbwIle2Rdgzy7BAxJT6Hb6X6EIgTrznRSCiHli02cwcPor1pbkQiL5AKvOA+ZZPAtkfxFms3j4IZHAwBGJaRPxdjH00BSImJRqKOlEwjtjUo0Dm2pWla4HMzsyqQIxSMKI8C8RkL9YXuhDf5gqcw4NweaZJiGkh8UeLwi+Utkb4KZCrYszkVSDiQRDMN4hkf5DvZ2gKZJyLPJgFkmAjEDEF3EYSWzPeklO8Q8CLQGKJhQquK+eDdLFNZBJxFLEf8XUXFTbcYv2kRhAEIq+vGNO88zTTKVaRzxPrSSvPW11O8yZqCiROSnMsX0sP0ixWops1Hfbx/AaJIz5QcFc5n+ZVNcbxmoWtEsBNB4EU8Tgk32Gv1wneEybeWG1N8RoNbplmOo2neiyxE3/eoun7G9t31hGIqXuzl8/HB0kgxhvhD03/KoEIpIWFQPLK+UJhkWpgKLZP8IKhajNhJg8A7yt8/5K6QoFM8z5mc68Ph3VWM6wTbN+a+AR/vqThV13KYyMXAgmXps9FnK8GSSA17KaXFf7R3gUyd8H/TiBss9fngfQehzfMpkDLgxcS73J4k1y85WrxtTtOjZPuVZA2O55RhLfUId5XpI2UHwZDIHxtp7HtRrVL25SfhWy7z7VAMuYvipszd0FJcfxzHspdrMctGnGcZNPTZ4F0VszqyPSlPHm8JG9f2SDtgF3Nq/rnJZssyXeUdP0CN64c9l/FDfGyZNNNkaeVGmnMM+Vdtd19los8/2e7Ow/E70lxiG7pRmkn8AaeULlcoo4sBDLfKvL0nLUxablfX0hfmfuQ01avI65fUQYEkupRIJHcAMwbDWNNdmLgupV4zeMO3stcIZ1M4aYo4vZt0oO7Locd0ndGTEQofN+QxiZ22+y7W+RpgUb66vOU7232SZXupZqvaYT3Dfu8ZLrejtc47mvkJ9FoVEWKBmW7dyc7ZXD1Nb2TH3JVn5Tqa3r1repzY6/gwWeqhUCGO/XjWSTmjYYVLOzFoP0Z/qJTks033brxrtjmxCbGtK4ivEqKuH2fNuc0tDatIYgna4yGbz2eeTL8WhJbic2aDnmqqpm2KlLeK5vWn0pc0wirGvtUtBkzNdPKDzWe24oGdZX4CzGfWCD4U93GBQdqNSw4Uiny8K9h4buOhlU2scq+Q1G1i233k63hFwBPEfcS04l1FGJoynbH+fgz8ZKFQJLDAMDjk/psCPzw20XxE6mmdLd24d8KNQ14FciUEPl1xHvEhlK6W2j65aOWgUAEUpV4NEREstyDQNqjloFARVKL/xukrAvkGjGC09zGwfYKsQdqF/BTKMnEJcTtxC3EPAU3iic5cRkfjc/ZFvZuuZm4gXjOouG35LQ2Yfutkq/4pfpN/E9TDVCjQGkJqQExho+CjYlRPseRiQE3EIriaMZTw4K3mOJv23J8jme23RsEAMqqQJrb9PnnEbPEVpUAuJD4Mf/PoCqeONQCUJYFElGKf7ojpnqjUQtAWRdJaf1t2w8ofSAUBNKulATSEaUPhIpIRj9icbyFUgdCTSRTeR0i2HwfpQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBnG392D9QU+JXhxAAAAAElFTkSuQmCC' WHERE `sys_ini`.`sysini_id` = 1;




ALTER TABLE `directive_snippets` ADD `required_php_snippets` VARCHAR(255) NOT NULL DEFAULT '' AFTER `customer_viewable`;


ALTER TABLE `dns_rr` CHANGE `ttl` `ttl` INT(11) UNSIGNED NOT NULL DEFAULT '3600';


ALTER TABLE `dns_soa` CHANGE `minimum` `minimum` INT(11) UNSIGNED NOT NULL DEFAULT '3600', CHANGE `ttl` `ttl` INT(11) UNSIGNED NOT NULL DEFAULT '3600';


ALTER TABLE `client` CHANGE `web_php_options` `web_php_options` VARCHAR(255) NOT NULL DEFAULT 'no,fast-cgi,cgi,mod,suphp,php-fpm,hhvm';




 install/sql/ispconfig3.sql


@@ -201,7 +201,7 @@


  `limit_web_ip` text,


  `limit_web_domain` int(11) NOT NULL DEFAULT '-1',


  `limit_web_quota` int(11) NOT NULL DEFAULT '-1',


  `web_php_options` varchar(255) NOT NULL DEFAULT 'no,fast-cgi,cgi,mod,suphp,php-fpm',


  `web_php_options` varchar(255) NOT NULL DEFAULT 'no,fast-cgi,cgi,mod,suphp,php-fpm,hhvm',


  `limit_cgi` enum('n','y') NOT NULL DEFAULT 'n',


  `limit_ssi` enum('n','y') NOT NULL DEFAULT 'n',


  `limit_perl` enum('n','y') NOT NULL DEFAULT 'n',


@@ -442,6 +442,7 @@


  `type` varchar(255) DEFAULT NULL,


  `snippet` mediumtext,


  `customer_viewable` ENUM('n','y') NOT NULL DEFAULT 'n',


  `required_php_snippets` varchar(255) NOT NULL DEFAULT '',


  `active` enum('n','y') NOT NULL DEFAULT 'y',


  PRIMARY KEY (`directive_snippets_id`)


) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;


@@ -465,7 +466,7 @@


  `type` enum('A','AAAA','ALIAS','CNAME','HINFO','MX','NAPTR','NS','PTR','RP','SRV','TXT') default NULL,


  `data` TEXT NOT NULL DEFAULT '',


  `aux` int(11) unsigned NOT NULL default '0',


  `ttl` int(11) unsigned NOT NULL default '86400',


  `ttl` int(11) unsigned NOT NULL default '3600',


  `active` enum('N','Y') NOT NULL default 'Y',


  `stamp` timestamp NOT NULL default CURRENT_TIMESTAMP,


  `serial` int(10) unsigned default NULL,


@@ -517,8 +518,8 @@


  `refresh` int(11) unsigned NOT NULL default '28800',


  `retry` int(11) unsigned NOT NULL default '7200',


  `expire` int(11) unsigned NOT NULL default '604800',


  `minimum` int(11) unsigned NOT NULL default '86400',


  `ttl` int(11) unsigned NOT NULL default '86400',


  `minimum` int(11) unsigned NOT NULL default '3600',


  `ttl` int(11) unsigned NOT NULL default '3600',


  `active` enum('N','Y') NOT NULL DEFAULT 'N',


  `xfer` varchar(255) NOT NULL DEFAULT '',


  `also_notify` varchar(255) default NULL,


@@ -1622,6 +1623,8 @@


CREATE TABLE `sys_ini` (


  `sysini_id` int(11) unsigned NOT NULL auto_increment,


  `config` longtext,


  `default_logo` text NOT NULL,


  `custom_logo` text NOT NULL,


  PRIMARY KEY  (`sysini_id`)


) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;




@@ -2315,7 +2318,7 @@


-- Dumping data for table `dns_template`


-- 




INSERT INTO `dns_template` (`template_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `name`, `fields`, `template`, `visible`) VALUES (1, 1, 1, 'riud', 'riud', '', 'Default', 'DOMAIN,IP,NS1,NS2,EMAIL,DKIM', '[ZONE]\norigin={DOMAIN}.\nns={NS1}.\nmbox={EMAIL}.\nrefresh=7200\nretry=540\nexpire=604800\nminimum=86400\nttl=3600\n\n[DNS_RECORDS]\nA|{DOMAIN}.|{IP}|0|3600\nA|www|{IP}|0|3600\nA|mail|{IP}|0|3600\nNS|{DOMAIN}.|{NS1}.|0|3600\nNS|{DOMAIN}.|{NS2}.|0|3600\nMX|{DOMAIN}.|mail.{DOMAIN}.|10|3600\nTXT|{DOMAIN}.|v=spf1 mx a ~all|0|3600', 'y');


INSERT INTO `dns_template` (`template_id`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `name`, `fields`, `template`, `visible`) VALUES (1, 1, 1, 'riud', 'riud', '', 'Default', 'DOMAIN,IP,NS1,NS2,EMAIL,DKIM', '[ZONE]\norigin={DOMAIN}.\nns={NS1}.\nmbox={EMAIL}.\nrefresh=7200\nretry=540\nexpire=604800\nminimum=3600\nttl=3600\n\n[DNS_RECORDS]\nA|{DOMAIN}.|{IP}|0|3600\nA|www|{IP}|0|3600\nA|mail|{IP}|0|3600\nNS|{DOMAIN}.|{NS1}.|0|3600\nNS|{DOMAIN}.|{NS2}.|0|3600\nMX|{DOMAIN}.|mail.{DOMAIN}.|10|3600\nTXT|{DOMAIN}.|v=spf1 mx a ~all|0|3600', 'y');






-- --------------------------------------------------------


@@ -2370,7 +2373,7 @@


-- Dumping data for table `sys_ini`


-- 




INSERT INTO `sys_ini` (`sysini_id`, `config`) VALUES (1, '');


INSERT INTO `sys_ini` (`sysini_id`, `config`, `default_logo`, `custom_logo`) VALUES (1, '', 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAABBCAYAAACU5+uOAAAItUlEQVR42u1dCWwVVRStUJZCK6HsFNAgWpaCJkKICZKApKUFhURQpEnZF4EEUJZYEEpBIamgkQpUQBZRW7YCBqQsggsQEAgKLbIGCYsSCNqyQ8D76h18Hd/MvJk/n/bXc5KT+TNz79vPzNv+/2FhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAe++s0akTsRZxMnE6cGkKcxkwhPofaBPwWRzxxB/EO8UGI8xhxEGoV8EscY8qBKFRcgdoFAhXHC+VUHAbHo5aBQASyrZwL5DoxEjUNeBXI9XIuEMEE1DTgVSA3FA3qIDEtBLnTQiBDUNOAV4EUKhpURojmZQQEAjwKgSwK0bykWQgEU74ABAKBABAIBOIJffoNrkRsS0whDiMO5uNw4gBiSxvfGOJrbDtMOgr2JNa18HmZmETsopnGp4h9xdF0TcQRb8NEPkawTzv2qaWIoybnZYRUBoJD+difGAuBlCy0qsRM4mfERcTFfGygsBUF/xFxE/EQ8RixwIbi/j7il8R3iE8qwuxAXMJxuuFiTvNMYleb/E0gXiI+cOBaISTJrzLxcw2/+8Q5pjjfNNkM0RDILLadpbimw+bsc4DPkxRpuqkZ1orisoBAiguuhkUhPSvZRBA3u6gsK94g9jDFP9aHcAV3EKNNYX8i3RcNJ4M4nTiROJCYykIzbGZKvouk68vYbyS/cUbz+RrJZpzkO5Sv3eajaJhRDvUwg21nKK4VcF5WKPgFH6PZZw/7dJXC6S6lczunfbIQLpeDkZ+lJcoCAikuvChioaLBtfD4JHPiXSFKKexBPoa9Wwr3ael6skMZDGO7K3z+uOSb5OA7mu2KiOGmPH3ADVh8/sohnDS2S1NcG+uiO/kd+8RL146YRWzj359tb0Eg+gIpsHkjFNrQqiF3DZJABDtyuCP5/FuNRlHN8Ofz9nx+XLNR3jR1c4w8TSFGSmnr4FEgU7wKhI51jAeTpv+/ZQGBOAuEu1d/Ku6LV35t9rdigkUjHuMgkHPEecQsxdjjUx4zHbMI+10OdzqfZ2o0iiqSfzgPfMXnzZqN6iTbJ5jytMTU0E97FEhaAAJ5kc/PuJjQOCoIgegJpKbUl5b5vGaBT+A+vOgn5/JYIdFBIOs1wo1kIZl93+P70/h8oUZYFXkmKInPU9h3m2YeT8lvRilPyyWbi3xt4iMWSDc+P4lp3uAIRDxdryjui6dmuujXcr91IDcMmaJv31WISfTrLeJXCUT3yb1a4Ztmalyu61MaZG/XtD9tapRGnpZKNp2lNNZ3KZARAQgk3untBYEEPgbJ92FsIAax34v1AQ2B5Go2BlW60n0QyCC/BWISdJ5LgewWU8k86DdTzMyNh0BKVyAzfB5I93YQyBGeTlW9lQbwIle2Rdgzy7BAxJT6Hb6X6EIgTrznRSCiHli02cwcPor1pbkQiL5AKvOA+ZZPAtkfxFms3j4IZHAwBGJaRPxdjH00BSImJRqKOlEwjtjUo0Dm2pWla4HMzsyqQIxSMKI8C8RkL9YXuhDf5gqcw4NweaZJiGkh8UeLwi+Utkb4KZCrYszkVSDiQRDMN4hkf5DvZ2gKZJyLPJgFkmAjEDEF3EYSWzPeklO8Q8CLQGKJhQquK+eDdLFNZBJxFLEf8XUXFTbcYv2kRhAEIq+vGNO88zTTKVaRzxPrSSvPW11O8yZqCiROSnMsX0sP0ixWops1Hfbx/AaJIz5QcFc5n+ZVNcbxmoWtEsBNB4EU8Tgk32Gv1wneEybeWG1N8RoNbplmOo2neiyxE3/eoun7G9t31hGIqXuzl8/HB0kgxhvhD03/KoEIpIWFQPLK+UJhkWpgKLZP8IKhajNhJg8A7yt8/5K6QoFM8z5mc68Ph3VWM6wTbN+a+AR/vqThV13KYyMXAgmXps9FnK8GSSA17KaXFf7R3gUyd8H/TiBss9fngfQehzfMpkDLgxcS73J4k1y85WrxtTtOjZPuVZA2O55RhLfUId5XpI2UHwZDIHxtp7HtRrVL25SfhWy7z7VAMuYvipszd0FJcfxzHspdrMctGnGcZNPTZ4F0VszqyPSlPHm8JG9f2SDtgF3Nq/rnJZssyXeUdP0CN64c9l/FDfGyZNNNkaeVGmnMM+Vdtd19los8/2e7Ow/E70lxiG7pRmkn8AaeULlcoo4sBDLfKvL0nLUxablfX0hfmfuQ01avI65fUQYEkupRIJHcAMwbDWNNdmLgupV4zeMO3stcIZ1M4aYo4vZt0oO7Locd0ndGTEQofN+QxiZ22+y7W+RpgUb66vOU7232SZXupZqvaYT3Dfu8ZLrejtc47mvkJ9FoVEWKBmW7dyc7ZXD1Nb2TH3JVn5Tqa3r1repzY6/gwWeqhUCGO/XjWSTmjYYVLOzFoP0Z/qJTks033brxrtjmxCbGtK4ivEqKuH2fNuc0tDatIYgna4yGbz2eeTL8WhJbic2aDnmqqpm2KlLeK5vWn0pc0wirGvtUtBkzNdPKDzWe24oGdZX4CzGfWCD4U93GBQdqNSw4Uiny8K9h4buOhlU2scq+Q1G1i233k63hFwBPEfcS04l1FGJoynbH+fgz8ZKFQJLDAMDjk/psCPzw20XxE6mmdLd24d8KNQ14FciUEPl1xHvEhlK6W2j65aOWgUAEUpV4NEREstyDQNqjloFARVKL/xukrAvkGjGC09zGwfYKsQdqF/BTKMnEJcTtxC3EPAU3iic5cRkfjc/ZFvZuuZm4gXjOouG35LQ2Yfutkq/4pfpN/E9TDVCjQGkJqQExho+CjYlRPseRiQE3EIriaMZTw4K3mOJv23J8jme23RsEAMqqQJrb9PnnEbPEVpUAuJD4Mf/PoCqeONQCUJYFElGKf7ojpnqjUQtAWRdJaf1t2w8ofSAUBNKulATSEaUPhIpIRj9icbyFUgdCTSRTeR0i2HwfpQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBnG392D9QU+JXhxAAAAAElFTkSuQmCC', '');




-- --------------------------------------------------------






 install/tpl/debian6_dovecot2.conf.master


@@ -7,6 +7,7 @@


ssl_cert = </etc/postfix/smtpd.cert


ssl_key = </etc/postfix/smtpd.key


ssl_protocols = !SSLv2 !SSLv3


mail_max_userip_connections = 100


passdb {


  args = /etc/dovecot/dovecot-sql.conf


  driver = sql


@@ -21,6 +22,7 @@


plugin {


  quota = dict:user::file:/var/vmail/%d/%n/.quotausage


  sieve=/var/vmail/%d/%n/.sieve


  sieve_max_redirects = 25


}


service auth {


  unix_listener /var/spool/postfix/private/auth {


@@ -44,7 +46,7 @@


}


service imap-login {


  client_limit = 1000


  process_limit = 500


  process_limit = 512


}


protocol imap {


  mail_plugins = quota imap_quota




 install/tpl/debian_dovecot2.conf.master


@@ -8,6 +8,7 @@


ssl_cert = </etc/postfix/smtpd.cert


ssl_key = </etc/postfix/smtpd.key


ssl_protocols = !SSLv2 !SSLv3


mail_max_userip_connections = 100


passdb {


  args = /etc/dovecot/dovecot-sql.conf


  driver = sql


@@ -22,6 +23,7 @@


plugin {


  quota = dict:user::file:/var/vmail/%d/%n/.quotausage


  sieve=/var/vmail/%d/%n/.sieve


  sieve_max_redirects = 25


}


service auth {


  unix_listener /var/spool/postfix/private/auth {


@@ -45,7 +47,7 @@


}


service imap-login {


  client_limit = 1000


  process_limit = 500


  process_limit = 512


}


protocol imap {


  mail_plugins = quota imap_quota




 install/tpl/mysql-virtual_outgoing_bcc.cf.master


New file


@@ -0,0 +1,8 @@


user = {mysql_server_ispconfig_user}



password = {mysql_server_ispconfig_password}



dbname = {mysql_server_database}



table = mail_user



select_field = sender_cc



where_field = email



additional_conditions = and postfix = 'y' and disabledeliver = 'n' and disablesmtp = 'n'



hosts = 127.0.0.1




 install/tpl/server.ini.master


@@ -16,7 +16,7 @@


loglevel=2


admin_notify_events=1


backup_dir=/var/backup


backup_dir_is_mount=n


backup_dir_is_mount=y


backup_mode=rootgz


backup_delete=y


monit_url=


@@ -77,6 +77,7 @@


apps_vhost_servername=


php_open_basedir=[website_path]/web:[website_path]/private:[website_path]/tmp:/var/www/[website_domain]/web:/srv/www/[website_domain]/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin


htaccess_allow_override=All


enable_spdy=y


awstats_conf_dir=/etc/awstats


awstats_data_dir=/var/lib/awstats


awstats_pl=/usr/lib/cgi-bin/awstats.pl




 install/tpl/system.ini.master


@@ -8,6 +8,9 @@




[mail]


enable_custom_login=n


mailbox_show_autoresponder_tab=y


mailbox_show_mail_filter_tab=y


mailbox_show_custom_rules_tab=y


mailboxlist_webmail_link=y


webmail_url=/webmail


dkim_path=/var/lib/amavis/dkim




 install/uninstall.php


@@ -60,14 +60,6 @@




    echo "\n\n>> Uninstalling ISPConfig 3... \n\n";




    // Delete the ISPConfig database


    // $app->db->query("DROP DATABASE '".$conf["db_database"]."'");


    // $app->db->query("DELETE FROM mysql.user WHERE User = 'ispconfig'");


	


//    exec("/etc/init.d/mysql stop");


//    exec("rm -rf /var/lib/mysql/".$conf["db_database"]);


//    exec("/etc/init.d/mysql start");




    $link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);


    if (!$link) {


        echo "Unable to connect to the database'.mysql_error($link)";




 install/update.php


@@ -267,10 +267,8 @@


    // initialize the connection to the master database


    $inst->dbmaster = new db();


    if($inst->dbmaster->linkId) $inst->dbmaster->closeConn();


    $inst->dbmaster->dbHost = $conf['mysql']["master_host"];


    $inst->dbmaster->dbName = $conf['mysql']["master_database"];


    $inst->dbmaster->dbUser = $conf['mysql']["master_admin_user"];


    $inst->dbmaster->dbPass = $conf['mysql']["master_admin_password"];


    $inst->dbmaster->setDBData($conf['mysql']["master_host"], $conf['mysql']["master_admin_user"], $conf['mysql']["master_admin_password"]);


    $inst->dbmaster->setDBName($conf['mysql']["master_database"]);


} else {


    $inst->dbmaster = $inst->db;


}


@@ -513,6 +511,11 @@


    }


}




//* Set default servers


setDefaultServers();




$inst->create_mount_script();




//* Create md5 filelist


$md5_filename = '/usr/local/ispconfig/security/data/file_checksums_'.date('Y-m-d_h-i').'.md5';


exec('find /usr/local/ispconfig -type f -print0 | xargs -0 md5sum > '.$md5_filename);




 interface/lib/app.inc.php


@@ -155,15 +155,15 @@


    


    public function conf($plugin, $key, $value = null) {


        if(is_null($value)) {


            $tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");


            $tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);


            if($tmpconf) return $tmpconf['value'];


            else return null;


        } else {


            if($value === false) {


                $this->db->query("DELETE FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");


                $this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);


                return null;


            } else {


                $this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES ('" . $this->db->quote($plugin) . "', '" . $this->db->quote($key) . "', '" . $this->db->quote($value) . "')");


                $this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value);


                return $value;


            }


        }


@@ -179,8 +179,8 @@


            $server_id = 0;


            $priority = $this->functions->intval($priority);


            $tstamp = time();


            $msg = $this->db->quote('[INTERFACE]: '.$msg);


            $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ($server_id,0,$priority,$tstamp,'$msg')");


            $msg = '[INTERFACE]: '.$msg;


            $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);


            /*


            if (is_writable($this->_conf['log_file'])) {


                if (!$fp = fopen ($this->_conf['log_file'], 'a')) {




 interface/lib/classes/aps_crawler.inc.php


@@ -356,15 +356,8 @@


                                        $old_folder = $this->interface_pkg_dir.'/'.$app_name.'-'.$ex_ver.'.app.zip';


                                        if(file_exists($old_folder)) $this->removeDirectory($old_folder);




                                        /*


                                        $app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_OUTDATED."' WHERE name = '".


                                            $app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".


                                            $app->db->quote($ex_ver)."';");


                                        */


                                        $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = '".


                                            $app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".


                                            $app->db->quote($ex_ver)."';");


                                        $app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_OUTDATED, 'id', $tmp['id']);


                                        $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = ? AND CONCAT(version, '-', CAST(`release` AS CHAR)) = ?", $app_name, $ex_ver);


                                        $app->db->datalogUpdate('aps_packages', array("package_status" => PACKAGE_OUTDATED), 'id', $tmp['id']);


                                        unset($tmp);


                                    }




@@ -539,14 +532,12 @@




            // Get registered packages and mark non-existant packages with an error code to omit the install


            $existing_packages = array();


            $path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages;');


            $path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages');


            foreach($path_query as $path) $existing_packages[] = $path['Path'];


            $diff = array_diff($existing_packages, $pkg_list);


            foreach($diff as $todelete) {


                /*$app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_ERROR_NOMETA."'


                    WHERE path = '".$app->db->quote($todelete)."';");*/


                $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = '".$app->db->quote($todelete)."';");


                $app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_ERROR_NOMETA, 'id', $tmp['id']);


                $tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = ?", $todelete);


                $app->db->datalogUpdate('aps_packages', array("package_status" => PACKAGE_ERROR_NOMETA), 'id', $tmp['id']);


                unset($tmp);


            }




@@ -576,20 +567,17 @@


                //$pkg_url = $this->app_download_url_list[$pkg];


                $pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$pkg.'/PKG_URL');




                /*


                $app->db->query("INSERT INTO `aps_packages`


                    (`path`, `name`, `category`, `version`, `release`, `package_status`) VALUES


                    ('".$app->db->quote($pkg)."', '".$app->db->quote($pkg_name)."',


                    '".$app->db->quote($pkg_category)."', '".$app->db->quote($pkg_version)."',


                    ".$app->db->quote($pkg_release).", ".PACKAGE_ENABLED.");");


                */


                // Insert only if data is complete


                if($pkg != '' && $pkg_name != '' && $pkg_category != '' && $pkg_version != '' && $pkg_release != '' && $pkg_url){


                    $insert_data = "(`path`, `name`, `category`, `version`, `release`, `package_url`, `package_status`) VALUES


                    ('".$app->db->quote($pkg)."', '".$app->db->quote($pkg_name)."',


                    '".$app->db->quote($pkg_category)."', '".$app->db->quote($pkg_version)."',


                    ".$app->db->quote($pkg_release).", '".$app->db->quote($pkg_url)."', ".PACKAGE_ENABLED.");";




                    $insert_data = array(


                        "path" => $pkg,


                        "name" => $pkg_name,


                        "category" => $pkg_category,


                        "version" => $pkg_version,


                        "release" => $pkg_release,


                        "package_url" => $pkg_url,


                        "package_status" => PACKAGE_ENABLED


                    );


                    $app->db->datalogInsert('aps_packages', $insert_data, 'id');


                } else {


                    if(file_exists($this->interface_pkg_dir.'/'.$pkg)) $this->removeDirectory($this->interface_pkg_dir.'/'.$pkg);


@@ -619,12 +607,12 @@


            // This method must be used in interface mode


            if(!$this->interface_mode) return false;




            $incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ''");


            $incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ?", '');


            if(is_array($incomplete_pkgs) && !empty($incomplete_pkgs)){


                foreach($incomplete_pkgs as $incomplete_pkg){


                    $pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');


                    if($pkg_url != ''){


                        $app->db->datalogUpdate('aps_packages', "package_url = '".$app->db->quote($pkg_url)."'", 'id', $incomplete_pkg['id']);


                        $app->db->datalogUpdate('aps_packages', array("package_url" => $pkg_url), 'id', $incomplete_pkg['id']);


                    }


                }


            }




 interface/lib/classes/aps_guicontroller.inc.php


@@ -100,7 +100,7 @@




        $customerdata = $app->db->queryOneRecord("SELECT client_id FROM sys_group, web_domain


            WHERE web_domain.sys_groupid = sys_group.groupid


            AND web_domain.domain = '".$app->db->quote($domain)."';");


            AND web_domain.domain = ?", $domain);


        if(!empty($customerdata)) $customerid = $customerdata['client_id'];




        return $customerid;


@@ -122,14 +122,14 @@




        $websrv = $app->db->queryOneRecord("SELECT server_id FROM web_domain


            WHERE domain = (SELECT value FROM aps_instances_settings


                WHERE name = 'main_domain' AND instance_id = ".$app->db->quote($instanceid).");");


                WHERE name = 'main_domain' AND instance_id = ?)", $instanceid);




        // If $websrv is empty, an error has occured. Domain no longer existing? Settings table damaged?


        // Anyhow, remove this instance record because it's not useful at all


        if(empty($websrv))


        {


            $app->db->query("DELETE FROM aps_instances WHERE id = ".$app->db->quote($instanceid).";");


            $app->db->query("DELETE FROM aps_instances_settings WHERE instance_id = ".$app->db->quote($instanceid).";");


            $app->db->query("DELETE FROM aps_instances WHERE id = ?", $instanceid);


            $app->db->query("DELETE FROM aps_instances_settings WHERE instance_id = ?", $instanceid);


        }


        else $webserver_id = $websrv['server_id'];




@@ -154,9 +154,9 @@


        $result = $app->db->queryOneRecord("SELECT id, name,


            CONCAT(version, '-', CAST(`release` AS CHAR)) AS current_version


            FROM aps_packages


            WHERE name = (SELECT name FROM aps_packages WHERE id = ".$app->db->quote($id).")


            WHERE name = (SELECT name FROM aps_packages WHERE id = ?)


            AND package_status = 2


            ORDER BY REPLACE(version, '.', '')+0 DESC, `release` DESC");


            ORDER BY REPLACE(version, '.', '')+0 DESC, `release` DESC", $id);




        if(!empty($result) && ($id != $result['id'])) return $result['id'];




@@ -180,7 +180,7 @@


            'package_status = '.PACKAGE_ENABLED.' AND' :


            '(package_status = '.PACKAGE_ENABLED.' OR package_status = '.PACKAGE_LOCKED.') AND';




        $result = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE ".$sql_ext." id = ".$app->db->quote($id).";");


        $result = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE ".$sql_ext." id = ?", $id);


        if(!$result) return false;




        return true;


@@ -203,9 +203,15 @@


        if(preg_match('/^[0-9]+$/', $id) != 1) return false;




        // Only filter if not admin


        $sql_ext = (!$is_admin) ? 'customer_id = '.$app->db->quote($client_id).' AND' : '';




        $result = $app->db->queryOneRecord('SELECT id FROM aps_instances WHERE '.$sql_ext.' id = '.$app->db->quote($id).';');


        $params = array();


        $sql_ext = '';


        if(!$is_admin) {


            $sql_ext = 'customer_id = ? AND ';


            $params[] = $client_id;


        }


        $params[] = $id;


		


        $result = $app->db->queryOneRecord('SELECT id FROM aps_instances WHERE '.$sql_ext.' id = ?', true, $params);


        if(!$result) return false;




        return true;


@@ -226,7 +232,7 @@


        unset($tmp);


    


        // get information if the webserver is a db server, too


        $web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id  = ".$app->functions->intval($websrv['server_id']));


        $web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id  = ?", $websrv['server_id']);


        if($web_server['db_server'] == 1) {


            // create database on "localhost" (webserver)


            $mysql_db_server_id = $app->functions->intval($websrv['server_id']);


@@ -235,7 +241,7 @@


            $mysql_db_remote_ips = '';


        } else {


            //* get the default database server of the client


            $client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($websrv['sys_groupid']));


            $client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $websrv['sys_groupid']);


            if(is_array($client) && $client['default_dbserver'] > 0 && $client['default_dbserver'] != $websrv['server_id']) {


                $mysql_db_server_id =  $app->functions->intval($client['default_dbserver']);


                $dbserver_config = $web_config = $app->getconf->get_server_config($app->functions->intval($mysql_db_server_id), 'server');


@@ -262,8 +268,8 @@


        if (empty($settings['main_database_name'])) {


            //* Find a free db name for the app


            for($n = 1; $n <= 1000; $n++) {


                $mysql_db_name = $app->db->quote(($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps')));


                $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($mysql_db_name)."'");


                $mysql_db_name = ($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps'));


                $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = ?", $mysql_db_name);


                if($tmp['number'] == 0) break;


            }


            $settings['main_database_name'] = $mysql_db_name;


@@ -271,27 +277,52 @@


        if (empty($settings['main_database_login'])) {


            //* Find a free db username for the app


            for($n = 1; $n <= 1000; $n++) {


                $mysql_db_user = $app->db->quote(($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps')));


                $tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = '".$app->db->quote($mysql_db_user)."'");


                $mysql_db_user = ($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps'));


                $tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = ?", $mysql_db_user);


                if($tmp['number'] == 0) break;


            }


            $settings['main_database_login'] = $mysql_db_user;


        }


        


        //* Create the mysql database user if not existing


        $tmp = $app->db->queryOneRecord("SELECT database_user_id FROM web_database_user WHERE database_user = '".$app->db->quote($settings['main_database_login'])."'");


        $tmp = $app->db->queryOneRecord("SELECT database_user_id FROM web_database_user WHERE database_user = ?", $settings['main_database_login']);


        if(!$tmp) {


            $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `database_user`, `database_user_prefix`, `database_password`)


                                          VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', 0, '".$settings['main_database_login']."', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('".$settings['main_database_password']."'))";


            $insert_data = array("sys_userid" => $websrv['sys_userid'],


                                 "sys_groupid" => $websrv['sys_groupid'],


                                 "sys_perm_user" => 'riud',


                                 "sys_perm_group" => $websrv['sys_perm_group'],


                                 "sys_perm_other" => '',


                                 "server_id" => 0,


                                 "database_user" => $settings['main_database_login'],


                                 "database_user_prefix" => $dbuser_prefix,


                                 "database_password" => "PASSWORD('" . $settings['main_database_password'] . "')"


                                 );


            $mysql_db_user_id = $app->db->datalogInsert('web_database_user', $insert_data, 'database_user_id');


        }


        else $mysql_db_user_id = $tmp['database_user_id'];


        


        //* Create the mysql database if not existing


        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($settings['main_database_name'])."'");


        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = ?", $settings['main_database_name']);


        if($tmp['number'] == 0) {


            $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_name_prefix`, `database_user_id`, `database_ro_user_id`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`)


                                          VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', $mysql_db_server_id, ".$app->functions->intval($websrv['domain_id']).", 'mysql', '".$settings['main_database_name']."', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$app->functions->intval($websrv['backup_copies']).", 'y', '".$app->functions->intval($websrv['backup_interval'])."')";


            $insert_data = array("sys_userid" => $websrv['sys_userid'],


                                 "sys_groupid" => $websrv['sys_groupid'],


                                 "sys_perm_user" => 'riud',


                                 "sys_perm_group" => $websrv['sys_perm_group'],


                                 "sys_perm_other" => '',


                                 "server_id" => $mysql_db_server_id,


                                 "parent_domain_id" => $websrv['domain_id'],


                                 "type" => 'mysql',


                                 "database_name" => $settings['main_database_name'],


                                 "database_name_prefix" => $dbname_prefix,


                                 "database_user_id" => $mysql_db_user_id,


                                 "database_ro_user_id" => 0,


                                 "database_charset" => '',


                                 "remote_access" => $mysql_db_remote_access,


                                 "remote_ips" => $mysql_db_remote_ips,


                                 "backup_copies" => $websrv['backup_copies'],


                                 "active" => 'y', 


                                 "backup_interval" => $websrv['backup_interval']


                                 );


            $app->db->datalogInsert('web_database', $insert_data, 'database_id');


        }


        


@@ -312,7 +343,7 @@


        $app->uses('tools_sites');




        $webserver_id = 0;


        $websrv = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '".$app->db->quote($settings['main_domain'])."';");


        $websrv = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = ?", $settings['main_domain']);


        if(!empty($websrv)) $webserver_id = $websrv['server_id'];


        $customerid = $this->getCustomerIDFromDomain($settings['main_domain']);




@@ -325,18 +356,18 @@


        //* Set PHP mode to php-fcgi and enable suexec in website on apache servers / set PHP mode to PHP-FPM on nginx servers


        if($web_config['server_type'] == 'apache') {


            if(($websrv['php'] != 'fast-cgi' || $websrv['suexec'] != 'y') && $websrv['php'] != 'php-fpm') {


                $app->db->datalogUpdate('web_domain', "php = 'fast-cgi', suexec = 'y'", 'domain_id', $websrv['domain_id']);


                $app->db->datalogUpdate('web_domain', array("php" => 'fast-cgi', "suexec" => 'y'), 'domain_id', $websrv['domain_id']);


            }


        } else {


            // nginx


            if($websrv['php'] != 'php-fpm' && $websrv['php'] != 'fast-cgi') {


                $app->db->datalogUpdate('web_domain', "php = 'php-fpm'", 'domain_id', $websrv['domain_id']);


                $app->db->datalogUpdate('web_domain', array("php" => 'php-fpm'), 'domain_id', $websrv['domain_id']);


            }


        }






        //* Create the MySQL database for the application if necessary


        $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($packageid).';');


        $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $packageid);


        $metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';


        $sxe = $this->readInMetaFile($metafile);




@@ -345,21 +376,36 @@


            // mysql-database-name is updated inside if not set already


            if (!$this->createDatabaseForPackageInstance($settings, $websrv)) return false;


        }




		


        //* Insert new package instance


        $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->db->quote($websrv['sys_perm_group'])."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";


        $insert_data = array(


            "sys_userid" => $websrv['sys_userid'],


            "sys_groupid" => $websrv['sys_groupid'],


            "sys_perm_user" => 'riud',


            "sys_perm_group" => $websrv['sys_perm_group'],


            "sys_perm_other" => '',


            "server_id" => $webserver_id,


            "customer_id" => $customerid,


            "package_id" => $packageid,


            "instance_status" => INSTANCE_PENDING


        );


        $InstanceID = $app->db->datalogInsert('aps_instances', $insert_data, 'id');




        //* Insert all package settings


        if(is_array($settings)) {


            foreach($settings as $key => $value) {


                $insert_data = "(server_id, instance_id, name, value) VALUES (".$app->db->quote($webserver_id).",".$app->db->quote($InstanceID).", '".$app->db->quote($key)."', '".$app->db->quote($value)."')";


                $insert_data = array(


                    "server_id" => $webserver_id,


                    "instance_id" => $InstanceID,


                    "name" => $key,


                    "value" => $value


                );


                $app->db->datalogInsert('aps_instances_settings', $insert_data, 'id');


            }


        }




        //* Set package status to install afetr we inserted the settings


        $app->db->datalogUpdate('aps_instances', "instance_status = ".INSTANCE_INSTALL, 'id', $InstanceID);


        $app->db->datalogUpdate('aps_instances', array("instance_status" => INSTANCE_INSTALL), 'id', $InstanceID);


    }




    /**


@@ -371,28 +417,18 @@


    public function deleteInstance($instanceid, $keepdatabase = false)


    {


        global $app;


        /*


        $app->db->query("UPDATE aps_instances SET instance_status = ".INSTANCE_REMOVE." WHERE id = ".$instanceid.";");




        $webserver_id = $this->getInstanceDataForDatalog($instanceid);


        if($webserver_id == '') return;




        // Create a sys_datalog entry for deletion


        $datalog = array('Instance_id' => $instanceid, 'server_id' => $webserver_id);


        $app->db->datalogSave('aps', 'DELETE', 'id', $instanceid, array(), $datalog);


        */




        if (!$keepdatabase) {


            $sql = "SELECT web_database.database_id as database_id, web_database.database_user_id as `database_user_id` FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";


            $tmp = $app->db->queryOneRecord($sql);


            $sql = "SELECT web_database.database_id as database_id, web_database.database_user_id as `database_user_id` FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ? LIMIT 0,1";


            $tmp = $app->db->queryOneRecord($sql, $instanceid);


            if($tmp['database_id'] > 0) $app->db->datalogDelete('web_database', 'database_id', $tmp['database_id']);


    


            $database_user = $tmp['database_user_id'];


            $tmp = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_database` WHERE `database_user_id` = '" . $app->functions->intval($database_user) . "' OR `database_ro_user_id` = '" . $app->functions->intval($database_user) . "'");


            $tmp = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_database` WHERE `database_user_id` = ? OR `database_ro_user_id` = ?", $database_user, $database_user);


            if($tmp['cnt'] < 1) $app->db->datalogDelete('web_database_user', 'database_user_id', $database_user);


        }




        $app->db->datalogUpdate('aps_instances', "instance_status = ".INSTANCE_REMOVE, 'id', $instanceid);


        $app->db->datalogUpdate('aps_instances', array("instance_status" => INSTANCE_REMOVE), 'id', $instanceid);




    }




@@ -406,7 +442,7 @@


    {


        global $app;




        $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($id).';');


        $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $id);




        // Load in meta file if existing and register its namespaces


        $metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';


@@ -528,7 +564,7 @@


            if(in_array($postinput['main_domain'], $domains))


            {


                $docroot = $app->db->queryOneRecord("SELECT document_root FROM web_domain


                    WHERE domain = '".$app->db->quote($postinput['main_domain'])."';");


                    WHERE domain = ?", $postinput['main_domain']);


                $new_path = $docroot['document_root'];


                if(substr($new_path, -1) != '/') $new_path .= '/';


                $new_path .= $main_location;


@@ -543,13 +579,13 @@


                $instance_domains = $app->db->queryAllRecords("SELECT instance_id, s.value AS domain


                    FROM aps_instances AS i, aps_instances_settings AS s


                    WHERE i.id = s.instance_id AND s.name = 'main_domain'


                        AND i.customer_id = '".$app->db->quote($customerid)."';");


                        AND i.customer_id = ?", $customerid);


                for($i = 0; $i < count($instance_domains); $i++)


                {


                    $used_path = '';




                    $doc_root = $app->db->queryOneRecord("SELECT document_root FROM web_domain


                        WHERE domain = '".$app->db->quote($instance_domains[$i]['domain'])."';");


                        WHERE domain = ?", $instance_domains[$i]['domain']);




                    // Probably the domain settings were changed later, so make sure the doc_root


                    // is not empty for further validation


@@ -560,7 +596,7 @@




                        $location_for_domain = $app->db->queryOneRecord("SELECT value


                            FROM aps_instances_settings WHERE name = 'main_location'


                            AND instance_id = '".$app->db->quote($instance_domains[$i]['instance_id'])."';");


                            AND instance_id = ?", $instance_domains[$i]['instance_id']);




                        // The location might be empty but the DB return must not be false!


                        if($location_for_domain) $used_path .= $location_for_domain['value'];


@@ -693,7 +729,7 @@


    {


        global $app;




        $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($id).';');


        $pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $id);




        // Load in meta file if existing and register its namespaces


        $metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';




 interface/lib/classes/auth.inc.php


@@ -57,7 +57,7 @@


        global $app, $conf;




        $userid = $app->functions->intval($userid);


        $client = $app->db->queryOneRecord("SELECT client.limit_client FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");


        $client = $app->db->queryOneRecord("SELECT client.limit_client FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id", $userid);


        if($client['limit_client'] != 0) {


            return true;


        } else {


@@ -73,12 +73,12 @@


        $groupid = $app->functions->intval($groupid);




        if($userid > 0 && $groupid > 0) {


            $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $userid");


            $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $userid);


            $groups = explode(',', $user['groups']);


            if(!in_array($groupid, $groups)) $groups[] = $groupid;


            $groups_string = implode(',', $groups);


            $sql = "UPDATE sys_user SET groups = '$groups_string' WHERE userid = $userid";


            $app->db->query($sql);


            $sql = "UPDATE sys_user SET groups = ? WHERE userid = ?";


            $app->db->query($sql, $groups_string, $userid);


            return true;


        } else {


            return false;


@@ -95,7 +95,7 @@


        


        // simple query cache


        if($this->client_limits===null)


            $this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");


            $this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id", $userid);




        // isn't client -> no limit


        if(!$this->client_limits)


@@ -114,13 +114,13 @@


        $groupid = $app->functions->intval($groupid);




        if($userid > 0 && $groupid > 0) {


            $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $userid");


            $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $userid);


            $groups = explode(',', $user['groups']);


            $key = array_search($groupid, $groups);


            unset($groups[$key]);


            $groups_string = implode(',', $groups);


            $sql = "UPDATE sys_user SET groups = '$groups_string' WHERE userid = $userid";


            $app->db->query($sql);


            $sql = "UPDATE sys_user SET groups = ? WHERE userid = ?";


            $app->db->query($sql, $groups_string, $userid);


            return true;


        } else {


            return false;


@@ -129,11 +129,32 @@




    public function check_module_permissions($module) {


        // Check if the current user has the permissions to access this module


        $module = trim(preg_replace('@\s+@', '', $module));


        $user_modules = explode(',',$_SESSION["s"]["user"]["modules"]);


        if(!in_array($module,$user_modules)) {


            // echo "LOGIN_REDIRECT:/index.php";


            header("Location: /index.php");


            exit;


        if(strpos($module, ',') !== false){


            $can_use_module = false;


            $tmp_modules = explode(',', $module);


            if(is_array($tmp_modules) && !empty($tmp_modules)){


                foreach($tmp_modules as $tmp_module){


                    if($tmp_module != ''){


                        if(in_array($tmp_module,$user_modules)) {


                            $can_use_module = true;


                            break;


                        }


                    }


                }


            }


            if(!$can_use_module){


                // echo "LOGIN_REDIRECT:/index.php";


                header("Location: /index.php");


                exit;


            }


        } else {


            if(!in_array($module,$user_modules)) {


                // echo "LOGIN_REDIRECT:/index.php";


                header("Location: /index.php");


                exit;


            }


        }


    }


    




 interface/lib/classes/client_templates.inc.php


@@ -49,7 +49,7 @@




        if($old_style == true) {


            // we have to take care of this in an other way


            $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));


            $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);


            if(is_array($in_db) && count($in_db) > 0) {


                foreach($in_db as $item) {


                    if(array_key_exists($item['client_template_id'], $needed_types) == false) $needed_types[$item['client_template_id']] = 0;


@@ -61,24 +61,24 @@


                if($count > 0) {


                    // add new template to client (includes those from old-style without assigned_template_id)


                    for($i = $count; $i > 0; $i--) {


                        $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($tpl_id) . ')');


                        $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)', $clientId, $tpl_id);


                    }


                } elseif($count < 0) {


                    // remove old ones


                    for($i = $count; $i < 0; $i++) {


                        $app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $app->functions->intval($clientId) . ' AND client_template_id = ' . $app->functions->intval($tpl_id) . ' LIMIT 1');


                        $app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ? AND client_template_id = ? LIMIT 1', $clientId, $tpl_id);


                    }


                }


            }


        } else {


            // we have to take care of this in an other way


            $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));


            $in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);


            if(is_array($in_db) && count($in_db) > 0) {


                // check which templates were removed from this client


                foreach($in_db as $item) {


                    if(in_array($item['assigned_template_id'], $used_assigned) == false) {


                        // delete this one


                        $app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $app->functions->intval($item['assigned_template_id']));


                        $app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $item['assigned_template_id']);


                    }


                }


            }


@@ -86,7 +86,7 @@


            if(count($new_tpl) > 0) {


                foreach($new_tpl as $item) {


                    // add new template to client (includes those from old-style without assigned_template_id)


                    $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($item) . ')');


                    $app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)', $clientId, $item);


                }


            }


        }


@@ -106,8 +106,8 @@


        /*


         * Get the master-template for the client


         */


        $sql = "SELECT template_master, template_additional,limit_client FROM client WHERE client_id = " . $app->functions->intval($clientId);


        $record = $app->db->queryOneRecord($sql);


        $sql = "SELECT template_master, template_additional,limit_client FROM client WHERE client_id = ?";


        $record = $app->db->queryOneRecord($sql, $clientId);


        $masterTemplateId = $record['template_master'];


        $is_reseller = ($record['limit_client'] != 0)?true:false;




@@ -115,15 +115,15 @@


            // we have to call the update_client_templates function


            $templates = explode('/', $record['template_additional']);


            $this->update_client_templates($clientId, $templates);


            $app->db->query('UPDATE `client` SET `template_additional` = \'\' WHERE `client_id` = ' . $app->functions->intval($clientId));


            $app->db->query('UPDATE `client` SET `template_additional` = \'\' WHERE `client_id` = ?', $clientId);


        }




        /*


         * if the master-Template is custom there is NO changing


         */


        if ($masterTemplateId > 0){


            $sql = "SELECT * FROM client_template WHERE template_id = " . $app->functions->intval($masterTemplateId);


            $limits = $app->db->queryOneRecord($sql);


            $sql = "SELECT * FROM client_template WHERE template_id = ?";


            $limits = $app->db->queryOneRecord($sql, $masterTemplateId);


        } else {


            // if there is no master template it makes NO SENSE adding sub templates.


            // adding subtemplates are stored in client limits, so they would add up


@@ -136,11 +136,11 @@


         * if != -1)


         */


        $addTpl = explode('/', $additionalTemplateStr);


        $addTpls = $app->db->queryAllRecords('SELECT `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));


        $addTpls = $app->db->queryAllRecords('SELECT `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);


        foreach ($addTpls as $addTpl){


            $item = $addTpl['client_template_id'];


            $sql = "SELECT * FROM client_template WHERE template_id = " . $app->functions->intval($item);


            $addLimits = $app->db->queryOneRecord($sql);


            $sql = "SELECT * FROM client_template WHERE template_id = ?";


            $addLimits = $app->db->queryOneRecord($sql, $item);


            $app->log('Template processing subtemplate ' . $item . ' for client ' . $clientId, LOGLEVEL_DEBUG);


            /* maybe the template is deleted in the meantime */


            if (is_array($addLimits)){


@@ -232,6 +232,7 @@


         * Write all back to the database


         */


        $update = '';


        $update_values = array();


        if(!$is_reseller) unset($limits['limit_client']); // Only Resellers may have limit_client set in template to ensure that we do not convert a client to reseller accidently.


        foreach($limits as $k => $v){


            if (strpos($k, 'default') !== false and $v == 0) {


@@ -239,13 +240,16 @@


            }


            if ((strpos($k, 'limit') !== false or strpos($k, 'default') !== false or $k == 'ssh_chroot' or $k == 'web_php_options' or $k == 'force_suexec') && !is_array($v)){


                if ($update != '') $update .= ', ';


                $update .= '`' . $k . "`='" . $v . "'";


                $update .= '?? = ?';


                $update_values[] = $k;


                $update_values[] = $v;


            }


        }


        $update_values[] = $clientId;


        $app->log('Template processed for client ' . $clientId . ', update string: ' . $update, LOGLEVEL_DEBUG);


        if($update != '') {


            $sql = 'UPDATE client SET ' . $update . " WHERE client_id = " . $app->functions->intval($clientId);


            $app->db->query($sql);


            $sql = 'UPDATE client SET ' . $update . " WHERE client_id = ?";


            $app->db->query($sql, true, $update_values);


        }


        unset($form);


    }




 interface/lib/classes/custom_datasource.inc.php


@@ -47,12 +47,12 @@


        if($_SESSION["s"]["user"]["typ"] == 'user') {


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_dnsserver']);


            $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


            $sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";


        } else {


            $sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";


        }


        $records = $app->db->queryAllRecords($sql);


        $records = $app->db->queryAllRecords($sql, $client['default_dnsserver']);


        $records_new = array();


        if(is_array($records)) {


            foreach($records as $rec) {


@@ -69,12 +69,12 @@


        if($_SESSION["s"]["user"]["typ"] == 'user') {


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_slave_dnsserver']);


            $client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


            $sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";


        } else {


            $sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";


        }


        $records = $app->db->queryAllRecords($sql);


        $records = $app->db->queryAllRecords($sql, $client['default_slave_dnsserver']);


        $records_new = array();


        if(is_array($records)) {


            foreach($records as $rec) {


@@ -99,7 +99,7 @@


        }


        if(count($server_ids) == 0) return array();


        $server_ids = implode(',', $server_ids);


        $records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$app->db->quote($server_ids).") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");


        $records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN ? AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain", $server_ids);




        $records_new = array();


        if(is_array($records)) {


@@ -159,22 +159,25 @@


        if($_SESSION["s"]["user"]["typ"] == 'user') {


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";


            $client = $app->db->queryOneRecord($sql);


            $sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?";


            $client = $app->db->queryOneRecord($sql, $client_group_id);


            if($client['server_id'] > 0) {


                //* Select the default server for the client


                $sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['server_id']);


                $sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";


                $records = $app->db->queryAllRecords($sql, $client['server_id']);


            } else {


                //* Not able to find the clients defaults, use this as fallback and add a warning message to the log


                $app->log('Unable to find default server for client in custom_datasource.inc.php', 1);


                $sql = "SELECT server_id,server_name FROM server WHERE $field = 1 ORDER BY server_name";


                $sql = "SELECT server_id,server_name FROM server WHERE ?? = 1 ORDER BY server_name";


                $records = $app->db->queryAllRecords($sql, $field);


            }


        } else {


            //* The logged in user is admin, so we show him all available servers of a specific type.


            $sql = "SELECT server_id,server_name FROM server WHERE $field = 1 ORDER BY server_name";


            $sql = "SELECT server_id,server_name FROM server WHERE ?? = 1 ORDER BY server_name";


            $records = $app->db->queryAllRecords($sql, $field);


        }




        $records = $app->db->queryAllRecords($sql);


		


        $records_new = array();


        if(is_array($records)) {


            foreach($records as $rec) {




 interface/lib/classes/db_mysql.inc.php


@@ -128,8 +128,10 @@


                    $sTxt = $this->escape($sValue);


                    


                    $sTxt = str_replace('`', '', $sTxt);


                    if(strpos($sTxt, '.') !== false) $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);


                    else $sTxt = '`' . $sTxt . '`';


                    if(strpos($sTxt, '.') !== false) {


                        $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);


                        $sTxt = str_replace('.`*`', '.*', $sTxt);


                    } else $sTxt = '`' . $sTxt . '`';




                    $sQuery = substr_replace($sQuery, $sTxt, $iPos2, 2);


                    $iPos2 += strlen($sTxt);


@@ -137,13 +139,17 @@


                } else {


                    if(is_int($sValue) || is_float($sValue)) {


                        $sTxt = $sValue;


                    } elseif(is_string($sValue) && (strcmp($sValue, '#NULL#') == 0)) {


                    } elseif(is_null($sValue) || (is_string($sValue) && (strcmp($sValue, '#NULL#') == 0))) {


                        $sTxt = 'NULL';


                    } elseif(is_array($sValue)) {


                        $sTxt = '';


                        foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';


                        $sTxt = '(' . substr($sTxt, 1) . ')';


                        if($sTxt == '()') $sTxt = '(0)';


                        if(isset($sValue['SQL'])) {


                            $sTxt = $sValue['SQL'];


                        } else {


                            $sTxt = '';


                            foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';


                            $sTxt = '(' . substr($sTxt, 1) . ')';


                            if($sTxt == '()') $sTxt = '(0)';


                        }


                    } else {


                        $sTxt = '\'' . $this->escape($sValue) . '\'';


                    }


@@ -534,7 +540,27 @@


        }


        return $out;


    }




	


    public function insertFromArray($tablename, $data) {


        if(!is_array($data)) return false;


		


        $k_query = '';


        $v_query = '';


		


        $params = array($tablename);


        $v_params = array();


		


        foreach($data as $key => $value) {


            $k_query .= ($k_query != '' ? ', ' : '') . '??';


            $v_query .= ($v_query != '' ? ', ' : '') . '?';


            $params[] = $key;


            $v_params[] = $value;


        }


		


        $query = 'INSERT INTO ?? (' . $k_query . ') VALUES (' . $v_query . ')';


        return $this->query($query, true, $params + $v_params);


    }


	


    public function diffrec($record_old, $record_new) {


        $diffrec_full = array();


        $diff_num = 0;


@@ -578,7 +604,6 @@


        if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$db_table)) $app->error('Invalid table name '.$db_table);


        if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$primary_field)) $app->error('Invalid primary field '.$primary_field.' in table '.$db_table);


        


        $primary_field = $this->quote($primary_field);


        $primary_id = intval($primary_id);




        if($force_update == true) {


@@ -626,20 +651,27 @@


        if(is_array($insert_data)) {


            $key_str = '';


            $val_str = '';


            $params = array($tablename);


            $v_params = array();


            foreach($insert_data as $key => $val) {


                $key_str .= "`".$key ."`,";


                $val_str .= "'".$this->escape($val)."',";


                $key_str .= '??,';


                $params[] = $key;


				


                $val_str .= '?,';


                $v_params[] = $val;


            }


            $key_str = substr($key_str, 0, -1);


            $val_str = substr($val_str, 0, -1);


            $insert_data_str = '('.$key_str.') VALUES ('.$val_str.')';


            $this->query("INSERT INTO ?? $insert_data_str", true, $params + $v_params);


        } else {


            /* TODO: deprecate this method! */


            $insert_data_str = $insert_data;


            $this->query("INSERT INTO ?? $insert_data_str", $tablename);


            $app->log("deprecated use of passing values to datalogInsert() - table " . $tablename, 1);


        }


        /* TODO: reduce risk of insert_data_str! */




		


        $old_rec = array();


        $this->query("INSERT INTO ?? $insert_data_str", $tablename);


        $index_value = $this->insertID();


        $new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ? = ?", $tablename, $index_field, $index_value);


        $this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);


@@ -658,17 +690,24 @@


        $old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);




        if(is_array($update_data)) {


            $params = array($tablename);


            $update_data_str = '';


            foreach($update_data as $key => $val) {


                $update_data_str .= "`".$key ."` = '".$this->escape($val)."',";


                $update_data_str .= '?? = ?,';


                $params[] = $key;


                $params[] = $val;


            }


            $params[] = $index_field;


            $params[] = $index_value;


            $update_data_str = substr($update_data_str, 0, -1);


            $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", true, $params);


        } else {


            /* TODO: deprecate this method! */


            $update_data_str = $update_data;


            $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);


            $app->log("deprecated use of passing values to datalogUpdate() - table " . $tablename, 1);


        }


        /* TODO: reduce risk of update_data_str */




        $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);


        $new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);


        $this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec, $force_update);






 interface/lib/classes/functions.inc.php


@@ -202,7 +202,7 @@


        }




        $ips = array();


        $results = $app->db->queryAllRecords("SELECT ip_address AS ip, server_id FROM server_ip WHERE ip_type = '".$app->db->quote($type)."'");


        $results = $app->db->queryAllRecords("SELECT ip_address AS ip, server_id FROM server_ip WHERE ip_type = ?", $type);


        if(!empty($results) && is_array($results)){


            foreach($results as $result){


                if(preg_match($regex, $result['ip'])){


@@ -229,39 +229,6 @@


                if(preg_match($regex, $result['ip'])) $ips[] = $result['ip'];


            }


        }


		


        /*


        $results = $app->db->queryAllRecords("SELECT xfer FROM dns_slave WHERE xfer != ''");


        if(!empty($results) && is_array($results)){


            foreach($results as $result){


                $tmp_ips = explode(',', $result['xfer']);


                foreach($tmp_ips as $tmp_ip){


                    $tmp_ip = trim($tmp_ip);


                    if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;


                }


            }


        }


        $results = $app->db->queryAllRecords("SELECT xfer FROM dns_soa WHERE xfer != ''");


        if(!empty($results) && is_array($results)){


            foreach($results as $result){


                $tmp_ips = explode(',', $result['xfer']);


                foreach($tmp_ips as $tmp_ip){


                    $tmp_ip = trim($tmp_ip);


                    if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;


                }


            }


        }


        $results = $app->db->queryAllRecords("SELECT also_notify FROM dns_soa WHERE also_notify != ''");


        if(!empty($results) && is_array($results)){


            foreach($results as $result){


                $tmp_ips = explode(',', $result['also_notify']);


                foreach($tmp_ips as $tmp_ip){


                    $tmp_ip = trim($tmp_ip);


                    if(preg_match($regex, $tmp_ip)) $ips[] = $tmp_ip;


                }


            }


        }


        */


        


        $results = $app->db->queryAllRecords("SELECT remote_ips FROM web_database WHERE remote_ips != ''");


        if(!empty($results) && is_array($results)){


@@ -413,6 +380,15 @@


        


        return true;


    }


	


    public function getimagesizefromstring($string){


        if (!function_exists('getimagesizefromstring')) {


            $uri = 'data://application/octet-stream;base64,' . base64_encode($string);


            return getimagesize($uri);


        } else {


            return getimagesizefromstring($string);


        }		


    }




}






 interface/lib/classes/getconf.inc.php


@@ -39,7 +39,7 @@


        if(!isset($this->config[$server_id])) {


            $app->uses('ini_parser');


            $server_id = $app->functions->intval($server_id);


            $server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = '.$server_id);


            $server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = ?', $server_id);


            $this->config[$server_id] = $app->ini_parser->parse_ini_string(stripslashes($server['config']));


        }


        return ($section == '') ? $this->config[$server_id] : $this->config[$server_id][$section];




 interface/lib/classes/listform.inc.php


@@ -246,6 +246,7 @@


        return $this->pagingValues[$key];


    }




    /* TODO: maybe rewrite sql */


    public function getPagingSQL($sql_where = '1')


    {


        global $app, $conf;


@@ -283,7 +284,7 @@


        if($this->searchChanged == 1) $_SESSION['search'][$list_name]['page'] = 0;




        $sql_von = $app->functions->intval($_SESSION['search'][$list_name]['page'] * $records_per_page);


        $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table".($app->listform->listDef['additional_tables'] != ''? ','.$app->listform->listDef['additional_tables'] : '')." WHERE $sql_where");


        $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM ??".($app->listform->listDef['additional_tables'] != ''? ','.$app->listform->listDef['additional_tables'] : '')." WHERE $sql_where", $table);


        $pages = $app->functions->intval(($record_count['anzahl'] - 1) / $records_per_page);






@@ -482,7 +483,8 @@


        }


        return $record;


    }




	


    /* TODO: check double quoting of SQL */


    public function encode($record)


    {


        global $app;




 interface/lib/classes/listform_actions.inc.php


@@ -190,6 +190,7 @@


        return $rec;


    }




    /* TODO: maybe rewrite SQL */


    public function getQueryString($no_limit = false) {


        global $app;


        $sql_where = '';




 interface/lib/classes/plugin_backuplist.inc.php


@@ -56,56 +56,42 @@


            $backup_id = $app->functions->intval($_GET['backup_id']);




            //* check if the user is  owner of the parent domain


            $domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ".$backup_id);


            $domain_backup = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_backup WHERE backup_id = ?", $backup_id);




            $check_perm = 'u';


            if($_GET['backup_action'] == 'download') $check_perm = 'r'; // only check read permissions on download, not update permissions




            $get_domain = $app->db->queryOneRecord("SELECT domain_id FROM web_domain WHERE domain_id = ".$app->functions->intval($domain_backup["parent_domain_id"])." AND ".$app->tform->getAuthSQL($check_perm));


            $get_domain = $app->db->queryOneRecord("SELECT domain_id FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL($check_perm), $domain_backup["parent_domain_id"]);


            if(empty($get_domain) || !$get_domain) {


                $app->error($app->tform->lng('no_domain_perm'));


            }




            if($_GET['backup_action'] == 'download' && $backup_id > 0) {


                $server_id = $this->form->dataRecord['server_id'];


                $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ".$backup_id);


                $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);


                if($backup['server_id'] > 0) $server_id = $backup['server_id'];


                $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = '$backup_id'";


                $tmp = $app->db->queryOneRecord($sql);


                $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = ?";


                $tmp = $app->db->queryOneRecord($sql, $backup_id);


                if($tmp['number'] == 0) {


                    $message .= $wb['download_info_txt'];


                    $sql =  "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .


                        "VALUES (".


                        (int)$server_id . ", " .


                        time() . ", " .


                        "'backup_download', " .


                        "'".$backup_id."', " .


                        "'pending', " .


                        "''" .


                        ")";


                    $app->db->query($sql);


                        "VALUES (?, UNIX_TIMESTAMP(), 'backup_download', ?, 'pending', '')";


                    $app->db->query($sql, $server_id, $backup_id);


                } else {


                    $error .= $wb['download_pending_txt'];


                }


            }


            if($_GET['backup_action'] == 'restore' && $backup_id > 0) {


                $server_id = $this->form->dataRecord['server_id'];


                $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ".$backup_id);


                $backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);


                if($backup['server_id'] > 0) $server_id = $backup['server_id'];


                $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore' AND action_param = '$backup_id'";


                $tmp = $app->db->queryOneRecord($sql);


                if($tmp['number'] == 0) {


                    $message .= $wb['restore_info_txt'];


                    $sql =  "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .


                        "VALUES (".


                        (int)$server_id . ", " .


                        time() . ", " .


                        "'backup_restore', " .


                        "'".$backup_id."', " .


                        "'pending', " .


                        "''" .


                        ")";


                    $app->db->query($sql);


                        "VALUES (?, UNIX_TIMESTAMP(), 'backup_restore', ?, 'pending', '')";


                    $app->db->query($sql, $server_id, $backup_id);


                } else {


                    $error .= $wb['restore_pending_txt'];


                }


@@ -115,8 +101,8 @@




        //* Get the data


        $server_ids = array_unique($server_ids);


        $web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->form->id));


        $databases = $app->db->queryAllRecords("SELECT server_id FROM web_database WHERE parent_domain_id = ".$app->functions->intval($this->form->id));


        $web = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->form->id);


        $databases = $app->db->queryAllRecords("SELECT server_id FROM web_database WHERE parent_domain_id = ?", $this->form->id);


        if($app->functions->intval($web['server_id']) > 0) $server_ids[] = $app->functions->intval($web['server_id']);


        if(is_array($databases) && !empty($databases)){


            foreach($databases as $database){


@@ -124,8 +110,8 @@


            }


        }


        $server_ids = array_unique($server_ids);


        $sql = "SELECT * FROM web_backup WHERE parent_domain_id = ".$app->functions->intval($this->form->id)." AND server_id IN (".implode(',', $server_ids).") ORDER BY tstamp DESC, backup_type ASC";


        $records = $app->db->queryAllRecords($sql);


        $sql = "SELECT * FROM web_backup WHERE parent_domain_id = ? AND server_id IN ? ORDER BY tstamp DESC, backup_type ASC";


        $records = $app->db->queryAllRecords($sql, $this->form->id, $server_ids);




        $bgcolor = "#FFFFFF";


        if(is_array($records)) {


@@ -140,6 +126,10 @@


                


                $rec['download_available'] = true;


                if($rec['server_id'] != $web['server_id']) $rec['download_available'] = false;


				


                if($rec['filesize'] > 0){


                    $rec['filesize'] = $app->functions->currency_format($rec['filesize']/(1024*1024), 'client').' MB';


                }




                $records_new[] = $rec;


            }




 interface/lib/classes/plugin_backuplist_mail.inc.php


@@ -55,42 +55,15 @@




        if(isset($_GET['backup_action'])) {


            $backup_id = $app->functions->intval($_GET['backup_id']);


/*


            if($_GET['backup_action'] == 'download_mail' && $backup_id > 0) {


                $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = '$backup_id'";


                $tmp = $app->db->queryOneRecord($sql);


                if($tmp['number'] == 0) {


                    $message .= $wb['download_info_txt'];


                    $sql =     "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .


                    "VALUES (".


                        (int)$this->form->dataRecord['server_id'] . ", " .


                        time() . ", " .


                        "'backup_download', " .


                        "'".$backup_id."', " .


                        "'pending', " .


                        "''" .


                    ")";


                    $app->db->query($sql);


                } else {


                    $error .= $wb['download_pending_txt'];


                }


            }


*/




            if($_GET['backup_action'] == 'restore_mail' && $backup_id > 0) {


                $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore_mail' AND action_param = '$backup_id'";


                $tmp = $app->db->queryOneRecord($sql);


                $sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore_mail' AND action_param = ?";


                $tmp = $app->db->queryOneRecord($sql, $backup_id);


                if($tmp['number'] == 0) {


                    $message .= $wb['restore_info_txt'];


                    $sql =     "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .


                    "VALUES (".


                        (int)$this->form->dataRecord['server_id'] . ", " .


                        time() . ", " .


                        "'backup_restore_mail', " .


                        "'".$backup_id."', " .


                        "'pending', " .


                        "''" .


                    ")";


                    $app->db->query($sql);


                    "VALUES (?, ? 'backup_restore_mail', ?, 'pending','')";


                    $app->db->query($sql, $this->form->dataRecord['server_id'], time(), $backup_id);


                } else {


                    $error .= $wb['restore_pending_txt'];


                }


@@ -98,8 +71,8 @@


        }


                


        //* Get the data


        $sql = "SELECT * FROM mail_backup WHERE mailuser_id = ".$this->form->id." ORDER BY tstamp DESC";


        $records = $app->db->queryAllRecords($sql);


        $sql = "SELECT * FROM mail_backup WHERE mailuser_id = ? ORDER BY tstamp DESC";


        $records = $app->db->queryAllRecords($sql, $this->form->id);


        $bgcolor = "#FFFFFF";


        if(is_array($records)) {


            foreach($records as $rec) {




 interface/lib/classes/plugin_dbhistory.inc.php


@@ -47,12 +47,13 @@


        $db_table_idx = $app->tform->formDef["db_table_idx"];


        $primary_id = $this->form->id;


        if($_SESSION["s"]["user"]["typ"] == 'admin') {


            $sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE dbtable = '".$db_table."' AND dbidx = '".$db_table_idx.":".$primary_id."'";


            $sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE dbtable = ? AND dbidx = ?";


            $records = $app->db->queryAllRecords($sql, $db_table, $db_table_idx.":".$primary_id);


        } else {


            $sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE user = '".$_SESSION["s"]["user"]["username"]."' dbtable = '".$db_table."' AND dbidx = '".$db_table_idx.":".$primary_id."'";


            $sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE user = ? AND dbtable = ? AND dbidx = ?";


            $records = $app->db->queryAllRecords($sql, $_SESSION["s"]["user"]["username"], $db_table, $db_table_idx.":".$primary_id);


        }




        $records = $app->db->queryAllRecords($sql);


        if(is_array($records)) {


            $content .= '<table>';


            foreach($records as $rec) {




 interface/lib/classes/plugin_listview.inc.php


@@ -126,7 +126,7 @@






        // Get the data


        $records = $app->db->queryAllRecords("SELECT * FROM ".$app->listform->listDef["table"]." WHERE $sql_where $sql_order_by $limit_sql");


        $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE $sql_where $sql_order_by $limit_sql", $app->listform->listDef["table"]);




        $bgcolor = "#FFFFFF";


        if(is_array($records)) {


@@ -174,6 +174,58 @@


        $_SESSION["s"]["form"]["return_to"] = $list_name;


        //die(print_r($_SESSION["s"]["list"][$list_name]));




        // defaults


        $listTpl->setVar('app_title', $app->_conf['app_title']);


        if(isset($_SESSION['s']['user'])) {


            $listTpl->setVar('app_version', $app->_conf['app_version']);


            // get pending datalog changes


            $datalog = $app->db->datalogStatus();


            $listTpl->setVar('datalog_changes_txt', $app->lng('datalog_changes_txt'));


            $listTpl->setVar('datalog_changes_end_txt', $app->lng('datalog_changes_end_txt'));


            $listTpl->setVar('datalog_changes_count', $datalog['count']);


            $listTpl->setLoop('datalog_changes', $datalog['entries']);


        } else {


            $listTpl->setVar('app_version', '');


        }


        $listTpl->setVar('app_link', $app->_conf['app_link']);




        $listTpl->setVar('app_logo', $app->_conf['logo']);




        $listTpl->setVar('phpsessid', session_id());




        $listTpl->setVar('theme', $_SESSION['s']['theme']);


        $listTpl->setVar('html_content_encoding', $app->_conf['html_content_encoding']);




        $listTpl->setVar('delete_confirmation', $app->lng('delete_confirmation'));


        //print_r($_SESSION);


        if(isset($_SESSION['s']['module']['name'])) {


            $listTpl->setVar('app_module', $_SESSION['s']['module']['name']);


        }


        if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') {


            $listTpl->setVar('is_admin', 1);


        }


        if(isset($_SESSION['s']['user']) && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


            $listTpl->setVar('is_reseller', 1);


        }


        /* Show username */


        if(isset($_SESSION['s']['user'])) {


            $listTpl->setVar('cpuser', $_SESSION['s']['user']['username']);


            $listTpl->setVar('logout_txt', $app->lng('logout_txt'));


            /* Show search field only for normal users, not mail users */


            if(stristr($_SESSION['s']['user']['username'], '@')){


                $listTpl->setVar('usertype', 'mailuser');


            } else {


                $listTpl->setVar('usertype', 'normaluser');


            }


        }




        /* Global Search */


        $listTpl->setVar('globalsearch_resultslimit_of_txt', $app->lng('globalsearch_resultslimit_of_txt'));


        $listTpl->setVar('globalsearch_resultslimit_results_txt', $app->lng('globalsearch_resultslimit_results_txt'));


        $listTpl->setVar('globalsearch_noresults_text_txt', $app->lng('globalsearch_noresults_text_txt'));


        $listTpl->setVar('globalsearch_noresults_limit_txt', $app->lng('globalsearch_noresults_limit_txt'));


        $listTpl->setVar('globalsearch_searchfield_watermark_txt', $app->lng('globalsearch_searchfield_watermark_txt'));


		


        return $listTpl->grab();




    }




 interface/lib/classes/quota_lib.inc.php


@@ -103,9 +103,9 @@


    


        // select vhosts (belonging to client)


        if($clientid != null){


            $sql_where = " AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=".$clientid.")";


            $sql_where = " AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=?)";


        }


        $sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias')".$sql_where);


        $sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias')".$sql_where, $clientid);


    


        $hostnames = array();


        $traffic_data = array();


@@ -120,12 +120,12 @@


            $tmp_year = date('Y');


            $tmp_month = date('m');


            // This Month


            $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year, $tmp_month);


            $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $tmp_month, $hostnames);


            foreach ($tmp_recs as $tmp_rec) {


                $traffic_data[$tmp_rec['hostname']]['this_month'] = $tmp_rec['t'];


            }


            // This Year


            $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year);


            $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $hostnames);


            foreach ($tmp_recs as $tmp_rec) {


                $traffic_data[$tmp_rec['hostname']]['this_year'] = $tmp_rec['t'];


            }


@@ -133,21 +133,21 @@


            $tmp_year = date('Y', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));


            $tmp_month = date('m', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));


            // Last Month


            $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year, $tmp_month);


            $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND MONTH(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $tmp_month, $hostnames);


            foreach ($tmp_recs as $tmp_rec) {


                $traffic_data[$tmp_rec['hostname']]['last_month'] = $tmp_rec['t'];


            }


                


            $tmp_year = date('Y', mktime(0, 0, 0, date("m"), date("d"), date("Y")-1));


            // Last Year


            $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname", $tmp_year);


            $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE YEAR(traffic_date) = ? AND hostname IN ? GROUP BY hostname", $tmp_year, $hostnames);


            foreach ($tmp_recs as $tmp_rec) {


                $traffic_data[$tmp_rec['hostname']]['last_year'] = $tmp_rec['t'];


            }


                


            if (is_int($lastdays)  && ($lastdays > 0)) {


                // Last xx Days


                $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE (traffic_date >= DATE_SUB(NOW(), INTERVAL ".$app->db->quote($lastdays)." DAY)) AND hostname IN ('".join("','",$hostnames)."') GROUP BY hostname");


                $tmp_recs = $app->db->queryAllRecords("SELECT hostname, SUM(traffic_bytes) as t FROM web_traffic WHERE (traffic_date >= DATE_SUB(NOW(), INTERVAL ? DAY)) AND hostname IN ? GROUP BY hostname", $lastdays, $hostnames);


                foreach ($tmp_recs as $tmp_rec) {


                    $traffic_data[$tmp_rec['hostname']]['lastdays'] = $tmp_rec['t'];


                }




 interface/lib/classes/remote.d/admin.inc.php


@@ -60,7 +60,7 @@


            switch($key) {


                case 'sys_userid':


                    // check if userid is valid


                    $check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ' . $app->functions->intval($value));


                    $check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ?', $app->functions->intval($value));


                    if(!$check || !$check['userid']) {


                        $this->server->fault('invalid parameters', $value . ' is no valid sys_userid.');


                        return false;


@@ -69,7 +69,7 @@


                    break;


                case 'sys_groupid':


                    // check if groupid is valid


                    $check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ' . $app->functions->intval($value));


                    $check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ?', $app->functions->intval($value));


                    if(!$check || !$check['groupid']) {


                        $this->server->fault('invalid parameters', $value . ' is no valid sys_groupid.');


                        return false;




 interface/lib/classes/remote.d/aps.inc.php


@@ -241,8 +241,8 @@


            return false;


        }


    


        $sql = "SELECT * FROM web_domain WHERE domain = '".$app->db->quote($params['main_domain'])."'";


        $domain = $app->db->queryOneRecord($sql);


        $sql = "SELECT * FROM web_domain WHERE domain = ?";


        $domain = $app->db->queryOneRecord($sql, $params['main_domain']);


    


        if (!$domain) {


            $this->server->fault('invalid parameters', 'No valid domain given.');


@@ -269,8 +269,8 @@


            return false;


        }


    


        $sql  = "SELECT * FROM aps_instances WHERE id = ".$app->functions->intval($primary_id);


        $result = $app->db->queryOneRecord($sql);


        $sql  = "SELECT * FROM aps_instances WHERE id = ?";


        $result = $app->db->queryOneRecord($sql, $app->functions->intval($primary_id));


        return $result;


    }


    


@@ -283,8 +283,8 @@


            return false;


        }


    


        $sql  = "SELECT * FROM aps_instances_settings WHERE instance_id = ".$app->functions->intval($primary_id);


        $result = $app->db->queryAllRecords($sql);


        $sql  = "SELECT * FROM aps_instances_settings WHERE instance_id = ?";


        $result = $app->db->queryAllRecords($sql, $app->functions->intval($primary_id));


        return $result;


    }


    


@@ -301,8 +301,8 @@


        $gui = new ApsGUIController($app);


    


        // Check if Instance exists


        $sql  = "SELECT * FROM aps_instances WHERE id = ".$app->functions->intval($primary_id);


        $result = $app->db->queryOneRecord($sql);


        $sql  = "SELECT * FROM aps_instances WHERE id = ?";


        $result = $app->db->queryOneRecord($sql, $primary_id);


    


        if (!$result) {


            $this->server->fault('instance_error', 'No valid instance id given.');




 interface/lib/classes/remote.d/client.inc.php


@@ -65,7 +65,7 @@


            if(isset($data['client_id'])) {


                // this is a single record


                if($data['template_additional'] == '') {


                    $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ' . $data['client_id']);


                    $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $data['client_id']);


                    $tpl_arr = array();


                    if($tpls) {


                        foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];


@@ -78,7 +78,7 @@


                // multiple client records


                foreach($data as $index => $client) {


                    if($client['template_additional'] == '') {


                        $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ' . $client['client_id']);


                        $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $client['client_id']);


                        $tpl_arr = array();


                        if($tpls) {


                            foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];


@@ -104,7 +104,7 @@




        $sys_userid = $app->functions->intval($sys_userid);




        $rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ".$sys_userid);


        $rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ?", $sys_userid);


        if(isset($rec['client_id'])) {


            return $app->functions->intval($rec['client_id']);


        } else {


@@ -125,7 +125,7 @@


        


        $client_id = $app->functions->intval($client_id);




        $rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ".$client_id);


        $rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ?", $client_id);


        


        if(is_array($rec)) {


            return $rec;


@@ -145,7 +145,7 @@




        $client_id = $app->functions->intval($client_id);




        $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client_id);


        $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);


        if(isset($rec['groupid'])) {


            return $app->functions->intval($rec['groupid']);


        } else {


@@ -169,7 +169,7 @@




        if($params['parent_client_id']) {


            // check if this one is reseller


            $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));


            $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));


            if($check['limit_client'] == 0) {


                $this->server->fault('Invalid reseller', 'Selected client is not a reseller.');


                return false;


@@ -208,7 +208,7 @@




        if($params['parent_client_id']) {


            // check if this one is reseller


            $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));


            $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));


            if($check['limit_client'] == 0) {


                $this->server->fault('Invalid reseller', 'Selected client is not a reseller.');


                return false;


@@ -221,7 +221,7 @@


        }




        // we need the previuos templates assigned here


        $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $client_id);


        $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);


        if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {


            // check previous type of storing templates


            $tpls = explode('/', $old_rec['template_additional']);


@@ -258,8 +258,8 @@


        }




        if(@is_numeric($client_id)) {


            $sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ".$client_id;


            return $app->db->queryOneRecord($sql);


            $sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ?";


            return $app->db->queryOneRecord($sql, $client_id);


        } else {


            $this->server->fault('The ID must be an integer.');


            return array();


@@ -270,10 +270,10 @@


        global $app;




        $this->id = $client_id;


        $this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ' . $client_id);


        $this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ?', $client_id);


        $this->oldDataRecord = $this->dataRecord;




        $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $client_id);


        $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);


        if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {


            // check previous type of storing templates


            $tpls = explode('/', $this->oldDataRecord['template_additional']);


@@ -297,13 +297,13 @@




        if(@is_numeric($client_id) && @is_numeric($template_id)) {


            // check if client exists


            $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ' . $client_id);


            $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);


            if(!$check) {


                $this->server->fault('Invalid client');


                return false;


            }


            // check if template exists


            $check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ' . $template_id);


            $check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ?', $template_id);


            if(!$check) {


                $this->server->fault('Invalid template');


                return false;


@@ -312,8 +312,8 @@


            // for the update event we have to cheat a bit


            $this->_set_client_formdata($client_id);




            $sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (" . $client_id . ", " . $template_id . ")";


            $app->db->query($sql);


            $sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)";


            $app->db->query($sql, $client_id, $template_id);


            $insert_id = $app->db->insertID();




            $app->plugin->raiseEvent('client:client:on_after_update', $this);


@@ -335,13 +335,13 @@




        if(@is_numeric($client_id) && @is_numeric($template_id)) {


            // check if client exists


            $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ' . $client_id);


            $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);


            if(!$check) {


                $this->server->fault('Invalid client');


                return false;


            }


            // check if template exists


            $check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $assigned_template_id);


            $check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $assigned_template_id);


            if(!$check) {


                $this->server->fault('Invalid template');


                return false;


@@ -350,8 +350,8 @@


            // for the update event we have to cheat a bit


            $this->_set_client_formdata($client_id);




            $sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = " . $template_id . " AND `client_id` = " . $client_id;


            $app->db->query($sql);


            $sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ? AND `client_id` = ?";


            $app->db->query($sql, $template_id, $client_id);


            $affected_rows = $app->db->affectedRows();




            $app->plugin->raiseEvent('client:client:on_after_update', $this);


@@ -395,15 +395,15 @@


        if($client_id > 0) {


            //* remove the group of the client from the resellers group


            $parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);


            $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");


            $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");


            $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);


            $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);


            $app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);




            //* delete the group of the client


            $app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");


            $app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);




            //* delete the sys user(s) of the client


            $app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");


            $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);




            //* Delete all records (sub-clients, mail, web, etc....)  of this client.


            $tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic';


@@ -413,7 +413,7 @@


            if($client_group_id > 1) {


                foreach($tables_array as $table) {


                    if($table != '') {


                        $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);


                        $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ?", $client_group_id);


                        //* find the primary ID of the table


                        $table_info = $app->db->tableInfo($table);


                        $index_field = '';


@@ -428,11 +428,11 @@


                                    $app->db->datalogDelete($table, $index_field, $rec[$index_field]);


                                    //* Delete traffic records that dont have a sys_groupid column


                                    if($table == 'web_domain') {


                                        $app->db->query("DELETE FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."'");


                                        $app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']);


                                    }


                                    //* Delete mail_traffic records that dont have a sys_groupid


                                    if($table == 'mail_user') {


                                        $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = '".$app->db->quote($rec['mailuser_id'])."'");


                                        $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']);


                                    }


                                }


                            }


@@ -468,12 +468,32 @@


            throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');


            return false;


        }


        $username = $app->db->quote($username);


        $rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = '".$username."'");


        $rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $username);


        if (isset($rec)) {


            return $rec;


        } else {


            throw new SoapFault('no_client_found', 'There is no user account for this user name.');


            return false;


        }


    }


	


    public function client_get_by_customer_no($session_id, $customer_no) {


        global $app;


        if(!$this->checkPerm($session_id, 'client_get_by_customer_no')) {


            throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');


            return false;


        }


        $customer_no = trim($customer_no);


        if($customer_no == '') {


            throw new SoapFault('permission_denied', 'There was no customer number specified.');


            return false;


        }


        $customer_no = $app->db->quote($customer_no);


        $rec = $app->db->queryOneRecord("SELECT * FROM client WHERE customer_no = '".$customer_no."'");


        if (isset($rec)) {


            return $rec;


        } else {


            throw new SoapFault('no_client_found', 'There is no user account for this customer number.');


            return false;


        }


    }


@@ -517,13 +537,12 @@


            return false;


        }


        $client_id = $app->functions->intval($client_id);


        $client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ".$client_id);


        $client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id);


        if($client['client_id'] > 0) {


            $new_password = $app->db->quote($new_password);


            $sql = "UPDATE client SET password = md5('".($new_password)."')     WHERE client_id = ".$client_id;


            $app->db->query($sql);


            $sql = "UPDATE sys_user SET passwort = md5('".($new_password)."')     WHERE client_id = ".$client_id;


            $app->db->query($sql);


            $sql = "UPDATE client SET password = md5(?)     WHERE client_id = ?";


            $app->db->query($sql, $new_password, $client_id);


            $sql = "UPDATE sys_user SET passwort = md5(?)     WHERE client_id = ?";


            $app->db->query($sql, $new_password, $client_id);


            return true;


        } else {


            throw new SoapFault('no_client_found', 'There is no user account for this client_id');


@@ -567,8 +586,8 @@


        }


        


        //* Check failed logins


        $sql = "SELECT * FROM `attempts_login` WHERE `ip`= '".$app->db->quote($remote_ip)."' AND  `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";


        $alreadyfailed = $app->db->queryOneRecord($sql);


        $sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND  `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";


        $alreadyfailed = $app->db->queryOneRecord($sql, $remote_ip);


        


        //* too many failedlogins


        if($alreadyfailed['times'] > 5) {


@@ -582,8 +601,8 @@


        


        if(strstr($username,'@')) {


            // Check against client table


            $sql = "SELECT * FROM client WHERE email = '".$app->db->quote($username)."'";


            $user = $app->db->queryOneRecord($sql);


            $sql = "SELECT * FROM client WHERE email = ?";


            $user = $app->db->queryOneRecord($sql, $username);




            if($user) {


                $saved_password = stripslashes($user['password']);


@@ -614,8 +633,8 @@


            


        } else {


            // Check against sys_user table


            $sql = "SELECT * FROM sys_user WHERE username = '".$app->db->quote($username)."'";


            $user = $app->db->queryOneRecord($sql);


            $sql = "SELECT * FROM sys_user WHERE username = ?";


            $user = $app->db->queryOneRecord($sql, $username);




            if($user) {


                $saved_password = stripslashes($user['passwort']);


@@ -649,15 +668,14 @@


        


        //* Log failed login attempts


        if($user === false) {


            $time = time();


            if(!$alreadyfailed['times'] ) {


                //* user login the first time wrong


                $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES ('".$app->db->quote($remote_ip)."', 1, NOW())";


                $app->db->query($sql);


                $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";


                $app->db->query($sql, $remote_ip);


            } elseif($alreadyfailed['times'] >= 1) {


                //* update times wrong


                $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `login_time` >= '".$time."' LIMIT 1";


                $app->db->query($sql);


                $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) ORDER BY `login_time` DESC LIMIT 1";


                $app->db->query($sql, $remote_ip);


            }


        }


        




 interface/lib/classes/remote.d/dns.inc.php


@@ -50,9 +50,9 @@


            return false;


        }




        $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM client WHERE client_id = ".$app->functions->intval($client_id));


        $client = $app->db->queryOneRecord("SELECT default_dnsserver FROM client WHERE client_id = ?", $client_id);


        $server_id = $client["default_dnsserver"];


        $template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '$template_id'");


        $template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = ?", $template_id);


        $fields = explode(',', $template_record['fields']);


        $tform_def_file = "../../web/dns/form/dns_soa.tform.php";


        $app->uses('tform');


@@ -95,11 +95,11 @@


                    if($section == 'dns_records') {


                        $parts = explode('|', $row);


                        $dns_rr[] = array(


                            'name' => $app->db->quote($parts[1]),


                            'type' => $app->db->quote($parts[0]),


                            'data' => $app->db->quote($parts[2]),


                            'aux'  => $app->db->quote($parts[3]),


                            'ttl'  => $app->db->quote($parts[4])


                            'name' => $parts[1],


                            'type' => $parts[0],


                            'data' => $parts[2],


                            'aux'  => $parts[3],


                            'ttl'  => $parts[4]


                        );


                    }


                }


@@ -117,30 +117,62 @@




        if($error == '') {


            // Insert the soa record


            $tmp = $app->db->queryOneRecord("SELECT userid,default_group FROM sys_user WHERE client_id = ".$app->functions->intval($client_id));


            $tmp = $app->db->queryOneRecord("SELECT userid,default_group FROM sys_user WHERE client_id = ?", $client_id);


            $sys_userid = $tmp['userid'];


            $sys_groupid = $tmp['default_group'];


            unset($tmp);


            $origin = $app->db->quote($vars['origin']);


            $ns = $app->db->quote($vars['ns']);


            $mbox = $app->db->quote(str_replace('@', '.', $vars['mbox']));


            $refresh = $app->db->quote($vars['refresh']);


            $retry = $app->db->quote($vars['retry']);


            $expire = $app->db->quote($vars['expire']);


            $minimum = $app->db->quote($vars['minimum']);


            $ttl = $app->db->quote($vars['ttl']);


            $xfer = $app->db->quote($vars['xfer']);


            $also_notify = $app->db->quote($vars['also_notify']);


            $update_acl = $app->db->quote($vars['update_acl']);


            $origin = $vars['origin'];


            $ns = $vars['ns'];


            $mbox = str_replace('@', '.', $vars['mbox']);


            $refresh = $vars['refresh'];


            $retry = $vars['retry'];


            $expire = $vars['expire'];


            $minimum = $vars['minimum'];


            $ttl = $vars['ttl'];


            $xfer = $vars['xfer'];


            $also_notify = $vars['also_notify'];


            $update_acl = $vars['update_acl'];


            $serial = $app->validate_dns->increase_serial(0);


            $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`, `also_notify`, `update_acl`) VALUES


            ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '$xfer', '$also_notify', '$update_acl')";


            $insert_data = array(


                "sys_userid" => $sys_userid,


                "sys_groupid" => $sys_groupid,


                "sys_perm_user" => 'riud',


                "sys_perm_group" => 'riud',


                "sys_perm_other" => '',


                "server_id" => $server_id,


                "origin" => $origin,


                "ns" => $ns,


                "mbox" => $mbox,


                "serial" => $serial,


                "refresh" => $refresh,


                "retry" => $retry,


                "expire" => $expire,


                "minimum" => $minimum,


                "ttl" => $ttl,


                "active" => 'Y',


                "xfer" => $xfer,


                "also_notify" => $also_notify,


                "update_acl" => $update_acl


            );


            $dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');


            // Insert the dns_rr records


            if(is_array($dns_rr) && $dns_soa_id > 0) {


                foreach($dns_rr as $rr) {


                    $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES


                    ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')";


                    $insert_data = array(


                        "sys_userid" => $sys_userid,


                        "sys_groupid" => $sys_groupid,


                        "sys_perm_user" => 'riud',


                        "sys_perm_group" => 'riud',


                        "sys_perm_other" => '',


                        "server_id" => $server_id,


                        "zone" => $dns_soa_id,


                        "name" => $rr['name'],


                        "type" => $rr['type'],


                        "data" => $rr['data'],


                        "aux" => $rr['aux'],


                        "ttl" => $rr['ttl'],


                        "active" => 'Y'


                    );


                    $dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');


                }


            }


@@ -180,7 +212,7 @@


            return false;


        }




        $rec = $app->db->queryOneRecord("SELECT id FROM dns_soa WHERE origin like '".$origin."%'");


        $rec = $app->db->queryOneRecord("SELECT id FROM dns_soa WHERE origin like ?", $origin."%");


        if(isset($rec['id'])) {


            return $app->functions->intval($rec['id']);


        } else {


@@ -764,8 +796,8 @@


        if (!empty($client_id) && !empty($server_id)) {


            $server_id      = $app->functions->intval($server_id);


            $client_id      = $app->functions->intval($client_id);


            $sql            = "SELECT id, origin FROM dns_soa d INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = $client_id AND server_id = $server_id";


            $result         = $app->db->queryAllRecords($sql);


            $sql            = "SELECT id, origin FROM dns_soa d INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = ? AND server_id = ?";


            $result         = $app->db->queryAllRecords($sql, $client_id, $server_id);


            return          $result;


        }


        return false;


@@ -785,8 +817,8 @@


            throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');


            return false;


        }


        $sql    = "SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($zone_id);;


        $result = $app->db->queryAllRecords($sql);


        $sql    = "SELECT * FROM dns_rr WHERE zone = ?";


        $result = $app->db->queryAllRecords($sql, $zone_id);


        return $result;


    }




@@ -809,8 +841,8 @@


            } else {


                $status = 'N';


            }


            $sql = "UPDATE dns_soa SET active = '$status' WHERE id = ".$app->functions->intval($primary_id);


            $app->db->query($sql);


            $sql = "UPDATE dns_soa SET active = ? WHERE id = ?";


            $app->db->query($sql, $status, $primary_id);


            $result = $app->db->affectedRows();


            return $result;


        } else {




 interface/lib/classes/remote.d/domains.inc.php


@@ -86,8 +86,8 @@


            return false;


        }


        $group_id = $app->functions->intval($group_id);


        $sql = "SELECT domain_id, domain FROM domain WHERE sys_groupid  = $group_id ";


        $all = $app->db->queryAllRecords($sql);


        $sql = "SELECT domain_id, domain FROM domain WHERE sys_groupid  = ?";


        $all = $app->db->queryAllRecords($sql, $group_id);


        return $all;


    }






 interface/lib/classes/remote.d/mail.inc.php


@@ -208,7 +208,7 @@




        //* Check if mail domain exists


        $email_parts = explode('@', $params['email']);


        $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");


        $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = ?", $email_parts[1]);


        if($tmp['domain'] != $email_parts[1]) {


            throw new SoapFault('mail_domain_does_not_exist', 'Mail domain - '.$email_parts[1].' - does not exist.');


            return false;


@@ -235,7 +235,7 @@




        //* Check if mail domain exists


        $email_parts = explode('@', $params['email']);


        $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");


        $tmp = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = ?", $email_parts[1]);


        if($tmp['domain'] != $email_parts[1]) {


            throw new SoapFault('mail_domain_does_not_exist', 'Mail domain - '.$email_parts[1].' - does not exist.');


            return false;


@@ -320,14 +320,16 @@


            return false;


        }


    


        $params = array();


        if ($site_id != null) {


            $sql  = "SELECT * FROM mail_backup WHERE parent_domain_id = ".$app->functions->intval($site_id);


            $params[] = $site_id;


            $sql  = "SELECT * FROM mail_backup WHERE parent_domain_id = ?";


        }


        else {


            $sql  = "SELECT * FROM mail_backup";


        }


    


        $result = $app->db->queryAllRecords($sql);


        $result = $app->db->queryAllRecords($sql, true, $params);


        return $result;


    }


    


@@ -342,7 +344,7 @@


        }


    


        //*Set variables


        $backup_record  =       $app->db->queryOneRecord("SELECT * FROM `mail_backup` WHERE `backup_id`='$primary_id'");


        $backup_record  =       $app->db->queryOneRecord("SELECT * FROM `mail_backup` WHERE `backup_id`=?", $primary_id);


        $server_id      =       $backup_record['server_id'];


    


        //*Set default action state


@@ -361,14 +363,14 @@


        }


    


        //* Validate instance


        $instance_record        =       $app->db->queryOneRecord("SELECT * FROM `sys_remoteaction` WHERE `action_param`='$primary_id' and `action_type`='$action_type' and `action_state`='pending'");


        $instance_record        =       $app->db->queryOneRecord("SELECT * FROM `sys_remoteaction` WHERE `action_param`=? and `action_type`=? and `action_state`='pending'", $primary_id, $action_type);


        if ($instance_record['action_id'] >= 1) {


            $this->server->fault('duplicate_action', "There is already a pending $action_type action");


            return false;


        }


    


        //* Save the record


        if ($app->db->query("INSERT INTO `sys_remoteaction` SET `server_id` = '$server_id', `tstamp` = '$tstamp', `action_type` = '$action_type', `action_param` = '$primary_id', `action_state` = '$action_state'")) {


        if ($app->db->query("INSERT INTO `sys_remoteaction` SET `server_id` = ?, `tstamp` = ?, `action_type` = ?, `action_param` = ?, `action_state` = ?", $server_id, $tstamp, $action_type, $primary_id, $action_state)) {


            return true;


        } else {


            return false;


@@ -401,7 +403,7 @@


        }




        //* Check if there is no active mailbox with this address


        $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = '".$app->db->quote($params["source"])."'");


        $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = ?", $params["source"]);


        if($tmp['number'] > 0) {


            throw new SoapFault('duplicate', 'There is already a mailbox with this email address.');


        }


@@ -423,7 +425,7 @@


        }




        //* Check if there is no active mailbox with this address


        $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = '".$app->db->quote($params["source"])."'");


        $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = ?", $params["source"]);


        if($tmp['number'] > 0) {


            throw new SoapFault('duplicate', 'There is already a mailbox with this email address.');


        }


@@ -1059,9 +1061,8 @@


            return false;


        }


        if (!empty($domain)) {


            $domain       = $app->db->quote($domain);


            $sql            = "SELECT * FROM mail_domain WHERE domain = '$domain'";


            $result         = $app->db->queryAllRecords($sql);


            $sql            = "SELECT * FROM mail_domain WHERE domain = ?";


            $result         = $app->db->queryAllRecords($sql, $domain);


            return          $result;


        }


        return false;


@@ -1079,8 +1080,8 @@


            } else {


                $status = 'n';


            }


            $sql = "UPDATE mail_domain SET active = '$status' WHERE domain_id = ".$app->functions->intval($primary_id);


            $app->db->query($sql);


            $sql = "UPDATE mail_domain SET active = ? WHERE domain_id = ?";


            $app->db->query($sql, $status, $primary_id);


            $result = $app->db->affectedRows();


            return $result;


        } else {




 interface/lib/classes/remote.d/openvz.inc.php


@@ -159,7 +159,7 @@


        $server_id = $app->functions->intval($server_id);




        if($server_id > 0) {


            $tmp = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = $server_id LIMIT 0,1");


            $tmp = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = ? LIMIT 0,1", $server_id);


        } else {


            $tmp = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 LIMIT 0,1");


        }


@@ -229,9 +229,9 @@




        if (!empty($client_id)) {


            $client_id      = $app->functions->intval($client_id);


            $tmp    = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");


            $sql            = "SELECT * FROM openvz_vm WHERE sys_groupid = ".$app->functions->intval($tmp['groupid']);


            $result         = $app->db->queryAllRecords($sql);


            $tmp    = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);


            $sql            = "SELECT * FROM openvz_vm WHERE sys_groupid = ?";


            $result         = $app->db->queryAllRecords($sql, $tmp['groupid']);


            return          $result;


        }


        return false;


@@ -272,23 +272,23 @@


        }




        // Verify if template and ostemplate exist


        $tmp = $app->db->queryOneRecord("SELECT template_id FROM openvz_template WHERE template_id = $template_id");


        $tmp = $app->db->queryOneRecord("SELECT template_id FROM openvz_template WHERE template_id = ?", $template_id);


        if(!is_array($tmp)) {


            throw new SoapFault('template_id_error', 'Template does not exist.');


            return false;


        }


        $tmp = $app->db->queryOneRecord("SELECT ostemplate_id FROM openvz_ostemplate WHERE ostemplate_id = $ostemplate_id");


        $tmp = $app->db->queryOneRecord("SELECT ostemplate_id FROM openvz_ostemplate WHERE ostemplate_id = ?", $ostemplate_id);


        if(!is_array($tmp)) {


            throw new SoapFault('ostemplate_id_error', 'OSTemplate does not exist.');


            return false;


        }




        //* Get the template


        $vtpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = $template_id");


        $vtpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?", $template_id);




        //* Get the IP address and server_id


        if($override_params['server_id'] > 0) {


            $vmip = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = ".$override_params['server_id']." LIMIT 0,1");


            $vmip = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 AND server_id = ? LIMIT 0,1", $override_params['server_id']);


        } else {


            $vmip = $app->db->queryOneRecord("SELECT ip_address_id, server_id, ip_address FROM openvz_ip WHERE reserved = 'n' AND vm_id = 0 LIMIT 0,1");


        }


@@ -376,25 +376,18 @@


        $action = 'openvz_start_vm';




        $tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction


                WHERE server_id = '".$vm['server_id']."'


                AND action_type = '$action'


                AND action_param = '".$vm['veid']."'


                AND action_state = 'pending'");


                WHERE server_id = ?


                AND action_type = ?


                AND action_param = ?


                AND action_state = 'pending'", $vm['server_id'], $action, $vm['veid']);




        if($tmp['actions'] > 0) {


            throw new SoapFault('action_pending', 'There is already a action pending for this VM.');


            return false;


        } else {


            $sql =  "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .


                "VALUES (".


                (int)$vm['server_id'] . ", ".


                time() . ", ".


                "'".$action."', ".


                $vm['veid'].", ".


                "'pending', ".


                "''".


                ")";


            $app->db->query($sql);


                "VALUES (?, ?, ?, ?, 'pending', '')";


            $app->db->query($sql, (int)$vm['server_id'], time(), $action, $vm['veid']);


        }


    }




@@ -425,25 +418,18 @@


        $action = 'openvz_stop_vm';




        $tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction


                WHERE server_id = '".$vm['server_id']."'


                AND action_type = '$action'


                AND action_param = '".$vm['veid']."'


                AND action_state = 'pending'");


                WHERE server_id = ?


                AND action_type = ?


                AND action_param = ?


                AND action_state = 'pending'", $vm['server_id'], $action, $vm['veid']);




        if($tmp['actions'] > 0) {


            throw new SoapFault('action_pending', 'There is already a action pending for this VM.');


            return false;


        } else {


            $sql =  "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .


                "VALUES (".


                (int)$vm['server_id'] . ", ".


                time() . ", ".


                "'".$action."', ".


                $vm['veid'].", ".


                "'pending', ".


                "''".


                ")";


            $app->db->query($sql);


                "VALUES (?, ?, ?, ?, 'pending', '')";


            $app->db->query($sql, (int)$vm['server_id'], time(), $action, $vm['veid']);


        }


    }




@@ -474,25 +460,18 @@


        $action = 'openvz_restart_vm';




        $tmp = $app->db->queryOneRecord("SELECT count(action_id) as actions FROM sys_remoteaction


                WHERE server_id = '".$vm['server_id']."'


                AND action_type = '$action'


                AND action_param = '".$vm['veid']."'


                AND action_state = 'pending'");


                WHERE server_id = ?


                AND action_type = ?


                AND action_param = ?


                AND action_state = 'pending'", $vm['server_id'], $action, $vm['veid']);




        if($tmp['actions'] > 0) {


            throw new SoapFault('action_pending', 'There is already a action pending for this VM.');


            return false;


        } else {


            $sql =  "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .


                "VALUES (".


                (int)$vm['server_id'] . ", ".


                time() . ", ".


                "'".$action."', ".


                $vm['veid'].", ".


                "'pending', ".


                "''".


                ")";


            $app->db->query($sql);


                "VALUES (?, ?, ?, ?, 'pending', '')";


            $app->db->query($sql, (int)$vm['server_id'], time(), $action, $vm['veid']);


        }


    }






 interface/lib/classes/remote.d/server.inc.php


@@ -55,8 +55,8 @@


            throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');


            return false;


        }


        $sql = "SELECT server_id FROM server_ip WHERE ip_address  = '$ipaddress' LIMIT 1 ";


        $all = $app->db->queryAllRecords($sql);


        $sql = "SELECT server_id FROM server_ip WHERE ip_address  = ? LIMIT 1";


        $all = $app->db->queryAllRecords($sql, $ipaddress);


        return $all;


    }




@@ -178,8 +178,8 @@


            return false;


        }


        if (!empty($session_id) && !empty($server_name)) {


            $sql = "SELECT server_id FROM server WHERE server_name  = '$server_name' LIMIT 1 ";


            $all = $app->db->queryAllRecords($sql);


            $sql = "SELECT server_id FROM server WHERE server_name  = ? LIMIT 1";


            $all = $app->db->queryAllRecords($sql, $server_name);


            return $all;


        } else {


            return false;


@@ -200,8 +200,8 @@


            return false;


        }


        if (!empty($session_id) && !empty($server_id)) { 


            $sql = "SELECT mail_server, web_server, dns_server, file_server, db_server, vserver_server, proxy_server, firewall_server FROM server WHERE server_id  = '$server_id' LIMIT 1 ";


            $all = $app->db->queryAllRecords($sql);


            $sql = "SELECT mail_server, web_server, dns_server, file_server, db_server, vserver_server, proxy_server, firewall_server FROM server WHERE server_id  = ? LIMIT 1 ";


            $all = $app->db->queryAllRecords($sql, $server_id);


            return $all;


        } else {


            return false;




 interface/lib/classes/remote.d/sites.inc.php


@@ -102,7 +102,8 @@


        $app->remoting_lib->loadFormDef('../sites/form/database.tform.php');


        return $app->remoting_lib->getDataRecord($primary_id);


    }




	


    /* TODO: secure queries! */


    //* Add a record


    public function sites_database_add($session_id, $client_id, $params)


    {


@@ -114,7 +115,7 @@


        }




        //* Check for duplicates


        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($params['database_name'])."' AND server_id = '".intval($params["server_id"])."'");


        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = ? AND server_id = ?", $params['database_name'], $params["server_id"]);


        if($tmp['dbnum'] > 0) {


            throw new SoapFault('database_name_error_unique', 'There is already a database with that name on the same server.');


            return false;


@@ -135,7 +136,6 @@


                $sql_set = array();


                if(isset($params['backup_interval'])) $sql_set[] = "backup_interval = '".$app->db->quote($params['backup_interval'])."'";


                if(isset($params['backup_copies'])) $sql_set[] = "backup_copies = ".$app->functions->intval($params['backup_copies']);


                //$app->db->query("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$retval);


                $this->updateQueryExecute("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$retval, $retval, $params);


            }


            


@@ -169,7 +169,6 @@


                $sql_set = array();


                if(isset($params['backup_interval'])) $sql_set[] = "backup_interval = '".$app->db->quote($params['backup_interval'])."'";


                if(isset($params['backup_copies'])) $sql_set[] = "backup_copies = ".$app->functions->intval($params['backup_copies']);


                //$app->db->query("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$primary_id);


                $this->updateQueryExecute("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$primary_id, $primary_id, $params);


            }


            


@@ -239,7 +238,7 @@




        $new_rec = $app->remoting_lib->getDataRecord($primary_id);




        $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".$app->functions->intval($primary_id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($primary_id)."'");


        $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = ? UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = ?", $primary_id, $primary_id);


        foreach($records as $rec) {


            $tmp_rec = $new_rec;


            $tmp_rec['server_id'] = $rec['server_id'];


@@ -265,14 +264,14 @@


        $app->db->datalogDelete('web_database_user', 'database_user_id', $primary_id);


        $affected_rows = $this->deleteQuery('../sites/form/database_user.tform.php', $primary_id);




        $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = '".$app->functions->intval($primary_id)."'");


        $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = ?", $primary_id);


        foreach($records as $rec) {


            $app->db->datalogUpdate('web_database', 'database_user_id=NULL', 'database_id', $rec['database_id']);


            $app->db->datalogUpdate('web_database', array('database_user_id' => null), 'database_id', $rec['database_id']);




        }


        $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($primary_id)."'");


        $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = ?", $primary_id);


        foreach($records as $rec) {


            $app->db->datalogUpdate('web_database', 'database_ro_user_id=NULL', 'database_id', $rec['database_id']);


            $app->db->datalogUpdate('web_database', array('database_ro_user_id' => null), 'database_id', $rec['database_id']);


        }




        return $affected_rows;


@@ -336,7 +335,7 @@


            return false;


        }




        $data = $app->db->queryOneRecord("SELECT server_id FROM ftp_user WHERE username = '".$app->db->quote($ftp_user)."'");


        $data = $app->db->queryOneRecord("SELECT server_id FROM ftp_user WHERE username = ?", $ftp_user);


        //file_put_contents('/tmp/test.txt', serialize($data));


        if(!isset($data['server_id'])) return false;




@@ -406,7 +405,7 @@


            return false;


        }


        $app->uses('remoting_lib');


        $app->remoting_lib->loadFormDef('../sites/form/web_domain.tform.php');


        $app->remoting_lib->loadFormDef('../sites/form/web_vhost_domain.tform.php');


        return $app->remoting_lib->getDataRecord($primary_id);


    }




@@ -420,7 +419,7 @@


        }




        if(!isset($params['client_group_id']) or (isset($params['client_group_id']) && empty($params['client_group_id']))) {


            $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client_id));


            $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);


            $params['client_group_id'] = $rec['groupid'];


        }




@@ -435,9 +434,9 @@


        if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;


        if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;




        $domain_id = $this->insertQuery('../sites/form/web_domain.tform.php', $client_id, $params, 'sites:web_domain:on_after_insert');


        $domain_id = $this->insertQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $params, 'sites:web_domain:on_after_insert');


        if ($readonly === true)


            $app->db->query("UPDATE web_domain SET `sys_userid` = '1' WHERE domain_id = ".$domain_id);


            $app->db->query("UPDATE web_domain SET `sys_userid` = '1' WHERE domain_id = ?", $domain_id);


        return $domain_id;


    }




@@ -455,7 +454,7 @@


        if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;


        if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;




        $affected_rows = $this->updateQuery('../sites/form/web_domain.tform.php', $client_id, $primary_id, $params);


        $affected_rows = $this->updateQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $primary_id, $params);


        return $affected_rows;


    }




@@ -466,7 +465,7 @@


            throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');


            return false;


        }


        $affected_rows = $this->deleteQuery('../sites/form/web_domain.tform.php', $primary_id);


        $affected_rows = $this->deleteQuery('../sites/form/web_vhost_domain.tform.php', $primary_id);


        return $affected_rows;


    }




@@ -751,7 +750,7 @@


        }




        // Delete all users that belong to this folder. - taken from web_folder_delete.php


        $records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$app->functions->intval($primary_id)."'");


        $records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = ?", $primary_id);


        foreach($records as $rec) {


            $this->deleteQuery('../sites/form/web_folder_user.tform.php', $rec['web_folder_user_id']);


            //$app->db->datalogDelete('web_folder_user','web_folder_user_id',$rec['web_folder_user_id']);


@@ -865,11 +864,11 @@


            } else {


                $status = 'n';


            }


            $app->remoting_lib->loadFormDef('../sites/form/web_domain.tform.php');


            $app->remoting_lib->loadFormDef('../sites/form/web_vhost_domain.tform.php');


            $params = $app->remoting_lib->getDataRecord($primary_id);


            $params['active'] = $status;


            


            $affected_rows = $this->updateQuery('../sites/form/web_domain.tform.php', 0, $primary_id, $params);


            $affected_rows = $this->updateQuery('../sites/form/web_vhost_domain.tform.php', 0, $primary_id, $params);


            return $affected_rows;


        } else {


            throw new SoapFault('status_undefined', 'The status is not available');


@@ -889,8 +888,8 @@


            return false;


        }


        $client_id = $app->functions->intval($client_id);


        $sql = "SELECT d.database_id, d.database_name, d.database_user_id, d.database_ro_user_id, du.database_user, du.database_password FROM web_database d LEFT JOIN web_database_user du ON (du.database_user_id = d.database_user_id) INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = $client_id";


        $all = $app->db->queryAllRecords($sql);


        $sql = "SELECT d.database_id, d.database_name, d.database_user_id, d.database_ro_user_id, du.database_user, du.database_password FROM web_database d LEFT JOIN web_database_user du ON (du.database_user_id = d.database_user_id) INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = ?";


        $all = $app->db->queryAllRecords($sql, $client_id);


        return $all;


    }


    


@@ -904,7 +903,7 @@


            return false;


        }


        


        $result = $app->db->queryAllRecords("SELECT * FROM web_backup".(($site_id != null)?' WHERE parent_domain_id = ?':''), $app->functions->intval($site_id));


        $result = $app->db->queryAllRecords("SELECT * FROM web_backup".(($site_id != null)?' WHERE parent_domain_id = ?':''), $site_id);


        return $result;


    }


    




 interface/lib/classes/remoting.inc.php


@@ -90,15 +90,12 @@


        }




        //* Delete old remoting sessions


        $sql = "DELETE FROM remote_session WHERE tstamp < ".time();


        $sql = "DELETE FROM remote_session WHERE tstamp < UNIX_TIMSTAMP()";


        $app->db->query($sql);




        $username = $app->db->quote($username);


        $password = $app->db->quote($password);




        if($client_login == true) {


            $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username'";


            $user = $app->db->queryOneRecord($sql);


            $sql = "SELECT * FROM sys_user WHERE USERNAME = ?";


            $user = $app->db->queryOneRecord($sql, $username);


            if($user) {


                $saved_password = stripslashes($user['passwort']);




@@ -127,7 +124,7 @@


            }




            // now we need the client data


            $client = $app->db->queryOneRecord("SELECT client.can_use_api FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = " . $app->functions->intval($user['default_group']));


            $client = $app->db->queryOneRecord("SELECT client.can_use_api FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $user['default_group']);


            if(!$client || $client['can_use_api'] != 'y') {


                throw new SoapFault('client_login_failed', 'The login failed. Client may not use api.');


                return false;


@@ -140,13 +137,12 @@


            $remote_functions = '';


            $tstamp = time() + $this->session_timeout;


            $sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,client_login,tstamp'


                .') VALUES ('


                ." '$remote_session',$remote_userid,'$remote_functions',1,$tstamp)";


            $app->db->query($sql);


                .') VALUES (?, ?, ?, 1, $tstamp)';


            $app->db->query($sql, $remote_session,$remote_userid,$remote_functions,$tstamp);


            return $remote_session;


        } else {


            $sql = "SELECT * FROM remote_user WHERE remote_username = '$username' and remote_password = md5('$password')";


            $remote_user = $app->db->queryOneRecord($sql);


            $sql = "SELECT * FROM remote_user WHERE remote_username = ? and remote_password = md5(?)";


            $remote_user = $app->db->queryOneRecord($sql, $username, $password);


            if($remote_user['remote_userid'] > 0) {


                //* Create a remote user session


                //srand ((double)microtime()*1000000);


@@ -155,9 +151,8 @@


                $remote_functions = $remote_user['remote_functions'];


                $tstamp = time() + $this->session_timeout;


                $sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,tstamp'


                    .') VALUES ('


                    ." '$remote_session',$remote_userid,'$remote_functions',$tstamp)";


                $app->db->query($sql);


                    .') VALUES (?, ?, ?, ?)';


                $app->db->query($sql, $remote_session,$remote_userid,$remote_functions,$tstamp);


                return $remote_session;


            } else {


                throw new SoapFault('login_failed', 'The login failed. Username or password wrong.');


@@ -177,10 +172,8 @@


            return false;


        }




        $session_id = $app->db->quote($session_id);




        $sql = "DELETE FROM remote_session WHERE remote_session = '$session_id'";


        if($app->db->query($sql) != false) {


        $sql = "DELETE FROM remote_session WHERE remote_session = ?";


        if($app->db->query($sql, $session_id) != false) {


            return true;


        } else {


            return false;


@@ -203,8 +196,8 @@


        $sql = $app->remoting_lib->getSQL($params, 'INSERT', 0);




        //* Check if no system user with that username exists


        $username = $app->db->quote($params["username"]);


        $tmp = $app->db->queryOneRecord("SELECT count(userid) as number FROM sys_user WHERE username = '$username'");


        $username = $params["username"];


        $tmp = $app->db->queryOneRecord("SELECT count(userid) as number FROM sys_user WHERE username = ?", $username);


        if($tmp['number'] > 0) $app->remoting_lib->errorMessage .= "Duplicate username<br />";




        //* Stop on error while preparing the sql query


@@ -238,7 +231,7 @@




        /* copied from the client_edit php */


        exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');


        $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa.pub'))."' WHERE client_id = ".$this->id);


        $app->db->query("UPDATE client SET created_at = UNIX_TIMSTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id);


        exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');






@@ -251,10 +244,10 @@


            $app->remoting_lib->ispconfig_sysuser_add($params, $insert_id);




            if($reseller_id) {


                $client_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ".$insert_id);


                $reseller_user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ".$reseller_id);


                $client_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $insert_id);


                $reseller_user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $reseller_id);


                $app->auth->add_group_to_user($reseller_user['userid'], $client_group['groupid']);


                $app->db->query("UPDATE client SET parent_client_id = ".$reseller_id." WHERE client_id = ".$insert_id);


                $app->db->query("UPDATE client SET parent_client_id = ? WHERE client_id = ?", $reseller_id, $insert_id);


            }




        }


@@ -347,6 +340,7 @@




        //* Get the SQL query


        $sql = $app->remoting_lib->getSQL($params, 'UPDATE', $primary_id);


		


        // throw new SoapFault('debug', $sql);


        if($app->remoting_lib->errorMessage != '') {


            throw new SoapFault('data_processing_error', $app->remoting_lib->errorMessage);


@@ -473,11 +467,8 @@


            return false;


        }




        $session_id = $app->db->quote($session_id);




        $now = time();


        $sql = "SELECT * FROM remote_session WHERE remote_session = '$session_id' AND tstamp >= $now";


        $session = $app->db->queryOneRecord($sql);


        $sql = "SELECT * FROM remote_session WHERE remote_session = ? AND tstamp >= UNIX_TIMSTAMP()";


        $session = $app->db->queryOneRecord($sql, $session_id);


        if($session['remote_userid'] > 0) {


            return $session;


        } else {




 interface/lib/classes/remoting_lib.inc.php


@@ -110,7 +110,7 @@


        if(isset($_SESSION['client_login']) && isset($_SESSION['client_sys_userid']) && $_SESSION['client_login'] == 1) {


            $client_sys_userid = $app->functions->intval($_SESSION['client_sys_userid']);




            $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_user, client WHERE sys_user.client_id = client.client_id and sys_user.userid = " . $client_sys_userid);


            $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_user, client WHERE sys_user.client_id = client.client_id and sys_user.userid = ?", $client_sys_userid);




            $this->client_id = $client['client_id'];


            $client_login = true;


@@ -125,23 +125,11 @@


            $this->sys_groups            = 1;


            $_SESSION["s"]["user"]["typ"] = 'admin';


        } else {


            //* load system user - try with sysuser and before with userid (workarrond)


            /*


                $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE sysuser_id = $client_id");


                if(empty($user["userid"])) {


                        $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $client_id");


                        if(empty($user["userid"])) {


                                $this->errorMessage .= "No sysuser with the ID $client_id found.";


                                return false;


                        }


                }*/




            $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $this->client_id");


            $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $this->client_id);


            $this->sys_username         = $user['username'];


            $this->sys_userid            = $user['userid'];


            $this->sys_default_group     = $user['default_group'];


            $this->sys_groups             = $user['groups'];


            // $_SESSION["s"]["user"]["typ"] = $user['typ'];


            // we have to force admin priveliges for the remoting API as some function calls might fail otherwise.


            if($client_login == false) $_SESSION["s"]["user"]["typ"] = 'admin';


        }


@@ -239,8 +227,8 @@


                return parent::getDataRecord($primary_id);


            } elseif($primary_id == -1) {


                // Return a array with all records


                $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape;


                return $app->db->queryAllRecords($sql);


                $sql = "SELECT * FROM ??";


                return $app->db->queryAllRecords($sql, $this->formDef['db_table']);


            } else {


                throw new SoapFault('invalid_id', 'The ID has to be > 0 or -1.');


                return array();


@@ -250,22 +238,23 @@


            $sql_offset = 0;


            $sql_limit = 0;


            $sql_where = '';


            $params = array($this->formDef['db_table']);


            foreach($primary_id as $key => $val) {


                $key = $app->db->quote($key);


                $val = $app->db->quote($val);


                if($key == '#OFFSET#') $sql_offset = $app->functions->intval($val);


                elseif($key == '#LIMIT#') $sql_limit = $app->functions->intval($val);


                elseif(stristr($val, '%')) {


                    $sql_where .= "$key like '$val' AND ";


                    $sql_where .= "? like ? AND ";


                } else {


                    $sql_where .= "$key = '$val' AND ";


                    $sql_where .= "? = ? AND ";


                }


                $params[] = $key;


                $params[] = $val;


            }


            $sql_where = substr($sql_where, 0, -5);


            if($sql_where == '') $sql_where = '1';


            $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']);


            $sql = "SELECT * FROM ?? WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']);


            if($sql_offset >= 0 && $sql_limit > 0) $sql .= ' LIMIT ' . $sql_offset . ',' . $sql_limit;


            return $app->db->queryAllRecords($sql);


            return $app->db->queryAllRecords($sql, true, $params);


        } else {


            $this->errorMessage = 'The ID must be either an integer or an array.';


            return array();


@@ -274,12 +263,12 @@




    function ispconfig_sysuser_add($params, $insert_id){


        global $conf, $app, $sql1;


        $username = $app->db->quote($params["username"]);


        $password = $app->db->quote($params["password"]);


        $username = $params["username"];


        $password = $params["password"];


        if(!isset($params['modules'])) {


            $modules = $conf['interface_modules_enabled'];


        } else {


            $modules = $app->db->quote($params['modules']);


            $modules = $params['modules'];


        }


        if(isset($params['limit_client']) && $params['limit_client'] > 0) {


            $modules .= ',client';


@@ -288,44 +277,51 @@


        if(!isset($params['startmodule'])) {


            $startmodule = 'dashboard';


        } else {


            $startmodule = $app->db->quote($params["startmodule"]);


            $startmodule = $params["startmodule"];


            if(!preg_match('/'.$startmodule.'/', $modules)) {


                $_modules = explode(',', $modules);


                $startmodule=$_modules[0];


            }


        }


        $usertheme = $app->db->quote($params["usertheme"]);


        $usertheme = $params["usertheme"];


        $type = 'user';


        $active = 1;


        $insert_id = $app->functions->intval($insert_id);


        $language = $app->db->quote($params["language"]);


        $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');


        $language = $params["language"];


        $groupid = $app->db->datalogInsert('sys_group', array("name" => $username, "description" => "", "client_id" => $insert_id), 'groupid');


        $groups = $groupid;


        if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($password));


        $sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)


            VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";


        $app->db->query($sql1);


            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";


        $app->db->query($sql1, $username,$password,$modules,$startmodule,$usertheme,$type,$active,$language,$groups,$groupid,$insert_id);


    }




    function ispconfig_sysuser_update($params, $client_id){


        global $app;


        $username = $app->db->quote($params["username"]);


        $clear_password = $app->db->quote($params["password"]);


        $username = $params["username"];


        $clear_password = $params["password"];


        $client_id = $app->functions->intval($client_id);


        if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($clear_password));


        else $password = $clear_password;


        if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ;


        $sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id";


        $app->db->query($sql);


        $params = array($username);


        if ($clear_password) {


            $pwstring = ", passwort = ?";


            $params[] = $password;


        } else {


            $pwstring ="" ;


        }


        $params[] = $client_id;


        $sql = "UPDATE sys_user set username = ? $pwstring WHERE client_id = ?";


        $app->db->query($sql, true, $params);


    }




    function ispconfig_sysuser_delete($client_id){


        global $app;


        $client_id = $app->functions->intval($client_id);


        $sql = "DELETE FROM sys_user WHERE client_id = $client_id";


        $app->db->query($sql);


        $sql = "DELETE FROM sys_group WHERE client_id = $client_id";


        $app->db->query($sql);


        $sql = "DELETE FROM sys_user WHERE client_id = ?";


        $app->db->query($sql, $client_id);


        $sql = "DELETE FROM sys_group WHERE client_id = ?";


        $app->db->query($sql, $client_id);


    }




}




 interface/lib/classes/searchform.inc.php


@@ -177,7 +177,7 @@


        if($this->searchChanged == 1)   $_SESSION['search'][$list_name]['page'] = 0;




        $sql_von = $_SESSION['search'][$list_name]['page'] * $records_per_page;


        $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM $table WHERE $sql_where");


        $record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM ?? WHERE $sql_where", $table);


        $pages = $app->functions->intval(($record_count['anzahl'] - 1) / $records_per_page);




        $vars['list_file']      = $this->listDef['file'];


@@ -247,7 +247,7 @@


        $list_name = $this->listDef['name'];


        $settings = $_SESSION['search'][$list_name];


        unset($settings['page']);


        $data = $app->db->quote(serialize($settings));


        $data = serialize($settings);




        $userid = $_SESSION['s']['user']['userid'];


        $groupid = $_SESSION['s']['user']['default_group'];


@@ -260,9 +260,8 @@




        $sql = 'INSERT INTO `searchform` ( '


            .'`sys_userid` , `sys_groupid` , `sys_perm_user` , `sys_perm_group` , `sys_perm_other` , `module` , `searchform` , `title` , `data` '


            .')VALUES ('


            ."'$userid', '$groupid', '$sys_perm_user', '$sys_perm_group', '$sys_perm_other', '$module', '$searchform', '$title', '$data')";


        $app->db->query($sql);


            .')VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)';


        $app->db->query($sql, $userid, $groupid, $sys_perm_user, $sys_perm_group, $sys_perm_other, $module, $searchform, $title, $data);


    }




    public function decode($record)


@@ -303,6 +302,7 @@


        return $record;


    }




    /* TODO: check for double quoting mysql value */


    public function encode($record)


    {


        global $app;




 interface/lib/classes/session.inc.php


@@ -66,9 +66,9 @@


    function read ($session_id) {


        


        if($this->timeout > 0) {


            $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE))");


            $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = ? AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL ? MINUTE))", $session_id, $this->timeout);


        } else {


            $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'");


            $rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = ?", $session_id);


        }




        if (is_array($rec)) {


@@ -87,23 +87,18 @@




        // Dont write session_data to DB if session data has not been changed after reading it.


        if(isset($this->session_array['session_data']) && $this->session_array['session_data'] != '' && $this->session_array['session_data'] == $session_data) {


            $session_id   = $this->db->quote($session_id);


            $this->db->query("UPDATE sys_session SET last_updated = NOW() WHERE session_id = '$session_id'");


            $this->db->query("UPDATE sys_session SET last_updated = NOW() WHERE session_id = ?", $session_id);


            return true;


        }






        if (@$this->session_array['session_id'] == '') {


            $session_id   = $this->db->quote($session_id);


            $session_data = $this->db->quote($session_data);


            $sql = "REPLACE INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES ('$session_id',NOW(),NOW(),'$session_data','" . ($this->permanent ? 'y' : 'n') . "')";


            $this->db->query($sql);


            $sql = "REPLACE INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES (?,NOW(),NOW(),'$session_data',?)";


            $this->db->query($sql, $session_id, ($this->permanent ? 'y' : 'n'));




        } else {


            $session_id   = $this->db->quote($session_id);


            $session_data = $this->db->quote($session_data);


            $sql = "UPDATE sys_session SET last_updated = NOW(), session_data = '$session_data'" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = '$session_id'";


            $this->db->query($sql);


            $sql = "UPDATE sys_session SET last_updated = NOW(), session_data = ?" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = ?";


            $this->db->query($sql, $session_data, $session_id);




        }




@@ -112,25 +107,20 @@




    function destroy ($session_id) {




        $session_id   = $this->db->quote($session_id);


        $sql = "DELETE FROM sys_session WHERE session_id = '$session_id'";


        $this->db->query($sql);


        $sql = "DELETE FROM sys_session WHERE session_id = ?";


        $this->db->query($sql, $session_id);




        return true;


    }




    function gc ($max_lifetime) {




        /*if($this->timeout > 0) {


            $this->db->query("DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE)");


        } else {*/


            $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL " . intval($max_lifetime) . " SECOND) AND `permanent` != 'y'";


            $this->db->query($sql);


        $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL ? SECOND) AND `permanent` != 'y'";


        $this->db->query($sql, intval($max_lifetime));


            


            /* delete very old even if they are permanent */


            $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL 1 YEAR)";


            $this->db->query($sql);


        //}


        /* delete very old even if they are permanent */


        $sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL 1 YEAR)";


        $this->db->query($sql);




        return true;






 interface/lib/classes/sites_database_plugin.inc.php


@@ -40,15 +40,15 @@


        global $app;




        if($form_page->dataRecord["parent_domain_id"] > 0) {


            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($form_page->dataRecord["parent_domain_id"]));


            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $form_page->dataRecord["parent_domain_id"]);




            //* The Database user shall be owned by the same group then the website


            $sys_groupid = $app->functions->intval($web['sys_groupid']);


            $backup_interval = $app->db->quote($web['backup_interval']);


            $backup_interval = $web['backup_interval'];


            $backup_copies = $app->functions->intval($web['backup_copies']);




            $sql = "UPDATE web_database SET sys_groupid = '$sys_groupid', backup_interval = '$backup_interval', backup_copies = '$backup_copies' WHERE database_id = ".$form_page->id;


            $app->db->query($sql);


            $sql = "UPDATE web_database SET sys_groupid = ?, backup_interval = ?, backup_copies = ? WHERE database_id = ?";


            $app->db->query($sql, $sys_groupid, $backup_interval, $backup_copies, $form_page->id);


        }


    }






 interface/lib/classes/tform.inc.php


@@ -79,8 +79,8 @@


                $escape = '`';


            }




            $sql = "SELECT ".$this->formDef['db_table_idx']." FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$record_id." AND ".$this->getAuthSQL($perm);


            if($record = $app->db->queryOneRecord($sql)) {


            $sql = "SELECT ?? FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL($perm);


            if($record = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table'], $this->formDef['db_table_idx'], $record_id)) {


                return true;


            } else {


                return false;


@@ -133,8 +133,8 @@


            $escape = '`';


        }




        $sql = "SELECT sys_userid FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;


        $record = $app->db->queryOneRecord($sql);


        $sql = "SELECT sys_userid FROM ?? WHERE ?? = ?";


        $record = $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id);




        // return true if the readonly flag of the form is set and the current loggedin user is not the owner of the record.


        if(isset($this->formDef['tabs'][$tab]['readonly']) && $this->formDef['tabs'][$tab]['readonly'] == true && $record['sys_userid'] != $_SESSION["s"]["user"]["userid"]) {


@@ -161,18 +161,17 @@


        global $app;




        $check_passed = true;


        $limit_name = $app->db->quote($limit_name);


        if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');




        // Get the limits of the client that is currently logged in


        $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


        $client = $app->db->queryOneRecord("SELECT $limit_name as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


        $client = $app->db->queryOneRecord("SELECT ?? as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $limit_name, $client_group_id);




        // Check if the user may add another item


        if($client["number"] >= 0) {


            $sql = "SELECT count(".$this->formDef['db_table_idx'].") as number FROM ".$this->formDef['db_table']." WHERE ".$this->getAuthSQL('u');


            $sql = "SELECT count(??) as number FROM ?? WHERE ".$this->getAuthSQL('u');


            if($sql_where != '') $sql .= ' and '.$sql_where;


            $tmp = $app->db->queryOneRecord($sql);


            $tmp = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table']);


            if($tmp["number"] >= $client["number"]) $check_passed = false;


        }




@@ -183,30 +182,29 @@


        global $app;




        $check_passed = true;


        $limit_name = $app->db->quote($limit_name);


        if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.');




        // Get the limits of the client that is currently logged in


        $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


        $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


        $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




        //* If the client belongs to a reseller, we will check against the reseller Limit too


        if($client['parent_client_id'] != 0) {




            //* first we need to know the groups of this reseller


            $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ".$client['parent_client_id']);


            $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ?", $client['parent_client_id']);


            $reseller_groups = $tmp["groups"];


            $reseller_userid = $tmp["userid"];




            // Get the limits of the reseller of the logged in client


            $client_group_id = $_SESSION["s"]["user"]["default_group"];


            $reseller = $app->db->queryOneRecord("SELECT $limit_name as number FROM client WHERE client_id = ".$client['parent_client_id']);


            $reseller = $app->db->queryOneRecord("SELECT $limit_name as number FROM client WHERE client_id = ?", $client['parent_client_id']);




            // Check if the user may add another item


            if($reseller["number"] >= 0) {


                $sql = "SELECT count(".$this->formDef['db_table_idx'].") as number FROM ".$this->formDef['db_table']." WHERE (sys_groupid IN (".$reseller_groups.") or sys_userid = ".$reseller_userid.")";


                $sql = "SELECT count(??) as number FROM ?? WHERE (sys_groupid IN ? or sys_userid = ?)";


                if($sql_where != '') $sql .= ' and '.$sql_where;


                $tmp = $app->db->queryOneRecord($sql);


                $tmp = $app->db->queryOneRecord($sql, $this->formDef['db_table_idx'], $this->formDef['db_table'], explode(',', $reseller_groups), $reseller_userid);


                if($tmp["number"] >= $reseller["number"]) $check_passed = false;


            }


        }




 interface/lib/classes/tform_actions.inc.php


@@ -82,7 +82,7 @@


        // check if the client is locked - he may not change anything, then.


        if(!$app->auth->is_admin()) {


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($client_group_id));


            $client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


            if(is_array($client) && $client['locked'] == 'y') {


                $app->tform->errorMessage .= $app->lng("client_you_are_locked")."<br />";


            }


@@ -311,7 +311,6 @@


                if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));


            }




            //$this->dataRecord = $app->db->queryOneRecord("SELECT * FROM ".$liste["table"]." WHERE ".$liste["table_idx"]." = ".$this->id);


            $this->dataRecord = $app->tform->getDataRecord($this->id);




            $app->plugin->raiseEvent($_SESSION['s']['module']['name'].':'.$app->tform->formDef['name'].':'.'on_check_delete', $this);


@@ -324,7 +323,7 @@


                $app->tform->datalogSave('DELETE', $this->id, $this->dataRecord, array());


            }




            $app->db->query("DELETE FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." LIMIT 1");


            $app->db->query("DELETE FROM ?? WHERE ?? = ? LIMIT 1", $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id);






            // loading plugins


@@ -379,11 +378,11 @@


        $app->tpl->setInclude("content_tpl", $app->tform->formDef['template_print']);




        if($app->tform->formDef['auth'] == 'no') {


            $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;


            $sql = "SELECT * FROM ?? WHERE ?? = ?";


        } else {


            $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');


            $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');


        }


        if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));


        if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));




        $record["datum"] = date("d.m.Y");




@@ -423,11 +422,11 @@


            $app->tpl->setInclude("content_tpl", $app->tform->formDef['template_mailsend']);


            $app->tpl->setVar('show_mail', 1);


            if($app->tform->formDef['auth'] == 'no') {


                $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;


                $sql = "SELECT * FROM ?? WHERE ?? = ?";


            } else {


                $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');


                $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');


            }


            if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));


            if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));




            $record["datum"] = date("d.m.Y");


            $record["mailmessage"] = $_POST["message"];


@@ -459,11 +458,11 @@






        if($app->tform->formDef['auth'] == 'no') {


            $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;


            $sql = "SELECT * FROM ?? WHERE ?? = ?";


        } else {


            $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');


            $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');


        }


        if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));


        if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));




        $record["datum"] = date("d.m.Y");




@@ -560,11 +559,11 @@


        // bestehenden Datensatz anzeigen


        if($app->tform->errorMessage == '') {


            if($app->tform->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') {


                $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('r');


                $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$app->tform->getAuthSQL('r');


            } else {


                $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;


                $sql = "SELECT * FROM ?? WHERE ?? = ?";


            }


            if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));


            if(!$record = $app->db->queryOneRecord($sql, $app->tform->formDef['db_table'], $app->tform->formDef['db_table_idx'], $this->id)) $app->error($app->lng('error_no_view_permission'));


        } else {


            // $record = $app->tform->encode($_POST,$this->active_tab);


            $record = $app->tform->encode($this->dataRecord, $this->active_tab, false);




 interface/lib/classes/tform_base.inc.php


@@ -347,7 +347,7 @@


                return $values;


            } else {


                $client_group_id = $_SESSION["s"]["user"]["default_group"];


                $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


                $allowed = explode(',', $client['lm']);


            }


        }


@@ -359,19 +359,19 @@


            } else {


                //* Get the limits of the client that is currently logged in


                $client_group_id = $_SESSION["s"]["user"]["default_group"];


                $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


                //echo "SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";


                //* If the client belongs to a reseller, we will check against the reseller Limit too


                if($client['parent_client_id'] != 0) {




                    //* first we need to know the groups of this reseller


                    $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ".$client['parent_client_id']);


                    $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ?", $client['parent_client_id']);


                    $reseller_groups = $tmp["groups"];


                    $reseller_userid = $tmp["userid"];




                    // Get the limits of the reseller of the logged in client


                    $client_group_id = $_SESSION["s"]["user"]["default_group"];


                    $reseller = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM client WHERE client_id = ".$client['parent_client_id']);


                    $reseller = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM client WHERE client_id = ?", $client['parent_client_id']);


                    $allowed = explode(',', $reseller['lm']);


                } else {


                    return $values;


@@ -810,6 +810,9 @@


                case 'IDNTOUTF8':


                    $returnval = $app->functions->idn_decode($returnval);


                    break;


                case 'TRIM':


                    $returnval = trim($returnval);


                    break;


                default:


                    $this->errorMessage .= "Unknown Filter: ".$filter['type'];


                    break;


@@ -853,7 +856,7 @@


                if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';


                if($validator['allowempty'] == 'n' || ($validator['allowempty'] == 'y' && $field_value != '')){


                    if($this->action == 'NEW') {


                        $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");


                        $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ?? WHERE ?? = ?", $this->formDef['db_table'], $field_name, $field_value);


                        if($num_rec["number"] > 0) {


                            $errmsg = $validator['errmsg'];


                            if(isset($this->wordbook[$errmsg])) {


@@ -863,7 +866,7 @@


                            }


                        }


                    } else {


                        $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id);


                        $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ?? WHERE ?? = ? AND ?? != ?", $this->formDef['db_table'], $field_name, $field_value, $this->formDef['db_table_idx'], $this->primary_id);


                        if($num_rec["number"] > 0) {


                            $errmsg = $validator['errmsg'];


                            if(isset($this->wordbook[$errmsg])) {


@@ -1108,6 +1111,7 @@


     * @param primary_id


     * @return record


     */


     /* TODO: check for double quoting */


    protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '', $api = false) {




        global $app;


@@ -1139,7 +1143,7 @@


                                $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));


                                $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";


                            } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {


                                $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");


                                $tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));


                                $record[$key] = $tmp['crypted'];


                                $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";


                            } else {


@@ -1167,7 +1171,7 @@


                                $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));


                                $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";


                            } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {


                                $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");


                                $tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));


                                $record[$key] = $tmp['crypted'];


                                $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";


                            } else {


@@ -1359,8 +1363,8 @@


    function getDataRecord($primary_id) {


        global $app;


        $escape = '`';


        $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id." AND ".$this->getAuthSQL('r', $this->formDef['db_table']);


        return $app->db->queryOneRecord($sql);


        $sql = "SELECT * FROM ?? WHERE ?? = ? AND ".$this->getAuthSQL('r', $this->formDef['db_table']);


        return $app->db->queryOneRecord($sql, $this->formDef['db_table'], $this->formDef['db_table_idx'], $primary_id);


    }








 interface/lib/classes/tools_monitor.inc.php


@@ -33,7 +33,7 @@


        global $app;




        /* fetch the Data from the DB */


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'server_load' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'server_load' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);




        if(isset($record['data'])) {


            $data = unserialize($record['data']);


@@ -80,7 +80,7 @@


        global $app;




        /* fetch the Data from the DB */


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'disk_usage' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'disk_usage' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);




        if(isset($record['data'])) {


            $data = unserialize($record['data']);


@@ -123,7 +123,7 @@


    function showDatabaseSize () {


        global $app;


        /* fetch the Data from the DB */


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'database_size' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'database_size' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);


        if(isset($record['data'])) {


            $data = unserialize($record['data']);


            //* format the data


@@ -142,10 +142,12 @@


                if ($line['size'] > 0) $line['size'] = $app->functions->formatBytes($line['size']);




                //* get the client


                $line['client']=$app->db->queryOneRecord("SELECT client.username FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name='".$line['database_name']."'")['username'];


                $tmp = $app->db->queryOneRecord("SELECT client.username FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name=?", $line['database_name']);


                $line['client'] = $tmp['username'];




                //* get the domain


                $line['domain']=$app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id=(SELECT parent_domain_id FROM web_database WHERE database_name='".$line['database_name']."')")['domain'];


                $tmp = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id=(SELECT parent_domain_id FROM web_database WHERE database_name=?", $line['database_name']);


                $line['domain'] = $tmp['domain'];




                //* remove the sys_groupid from output


                unset($line['sys_groupid']);


@@ -166,7 +168,7 @@


        global $app;




        /* fetch the Data from the DB */


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mem_usage' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mem_usage' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);




        if(isset($record['data'])) {


            $data = unserialize($record['data']);


@@ -202,7 +204,7 @@


        global $app;




        /* fetch the Data from the DB */


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'cpu_info' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'cpu_info' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);




        if(isset($record['data'])) {


            $data = unserialize($record['data']);


@@ -236,7 +238,7 @@


        global $app;




        /* fetch the Data from the DB */


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'services' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'services' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);




        if(isset($record['data'])) {


            $data = unserialize($record['data']);


@@ -349,7 +351,7 @@


        global $app;




        /* fetch the Data from the DB */


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'system_update' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'system_update' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);




        if(isset($record['data'])) {


            $html =


@@ -379,7 +381,7 @@


        global $app;




        /* fetch the Data from the DB */


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'openvz_beancounter' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'openvz_beancounter' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);




        if(isset($record['data'])) {


            $html =


@@ -408,7 +410,7 @@


        global $app;




        /* fetch the Data from the DB */


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'raid_state' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'raid_state' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);




        if(isset($record['data'])) {


            $html =


@@ -441,7 +443,7 @@


        global $app;




        /* fetch the Data from the DB */


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'rkhunter' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'rkhunter' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);




        if(isset($record['data'])) {


            $html =


@@ -472,7 +474,7 @@


        global $app;




        /* fetch the Data from the DB */


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);




        if(isset($record['data'])) {


            $html =


@@ -486,7 +488,7 @@


            $data = unserialize($record['data']);


            if ($data == '') {


                $html .= '<p>'.


                    'fail2ban is not installed at this server.<br />' .


                    'fail2ban is not installed on this server.<br />' .


                    'See more (for debian) <a href="http://www.howtoforge.com/fail2ban_debian_etch" target="htf">here...</a>'.


                    '</p>';


            }


@@ -506,7 +508,7 @@


        global $app;




        /* fetch the Data from the DB */


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_mongodb' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_mongodb' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);




        if(isset($record['data'])) {


            $html =


@@ -520,8 +522,7 @@


            $data = unserialize($record['data']);


            if ($data == '') {


                $html .= '<p>'.


                    'MongoDB is not installed at this server.<br />' .


                    'See more (for debian) <a href="http://www.howtoforge.com/fail2ban_debian_etch" target="htf">here...</a>'.


                    'MongoDB is not installed on this server.<br />' .


                    '</p>';


            }


            else {


@@ -538,7 +539,7 @@




    function showIPTables() {


        global $app;


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'iptables_rules' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'iptables_rules' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);


        if(isset($record['data'])) {


            $html =


                '<div class="systemmonitor-state state-'.$record['state'].'">


@@ -562,7 +563,7 @@


        global $app;




        /* fetch the Data from the DB */


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mailq' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mailq' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);




        if(isset($record['data'])) {


            $data = unserialize($record['data']);


@@ -578,7 +579,7 @@


        global $app;




        /* fetch the Data from the DB */


        $record = $app->db->queryOneRecord("SELECT created FROM monitor_data WHERE type = '" . $type . "' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


        $record = $app->db->queryOneRecord("SELECT created FROM monitor_data WHERE type = ? and server_id = ? ORDER BY created DESC", $type, $_SESSION['monitor']['server_id']);




        /* TODO: datetimeformat should be set somewhat other way */


        $dateTimeFormat = $app->lng("monitor_settings_datetimeformat_txt");




 interface/lib/classes/tools_sites.inc.php


@@ -87,7 +87,7 @@


            if(isset($dataRecord['client_group_id'])) {


                $client_group_id = $dataRecord['client_group_id'];


            } elseif (isset($dataRecord['parent_domain_id'])) {


                $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);


                $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $dataRecord['parent_domain_id']);


                $client_group_id = $tmp['sys_groupid'];


            } elseif(isset($dataRecord['sys_groupid'])) {


                $client_group_id = $dataRecord['sys_groupid'];


@@ -96,7 +96,7 @@


            }


        }




        $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $app->functions->intval($client_group_id));


        $tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = ?", $client_group_id);


        $clientName = $tmp['name'];


        if ($clientName == "") $clientName = 'default';


        $clientName = $this->convertClientName($clientName);


@@ -114,7 +114,7 @@


            if(isset($dataRecord['client_group_id'])) {


                $client_group_id = $dataRecord['client_group_id'];


            } elseif (isset($dataRecord['parent_domain_id']) && $dataRecord['parent_domain_id'] != 0) {


                $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);


                $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $dataRecord['parent_domain_id']);


                $client_group_id = $tmp['sys_groupid'];


            } elseif(isset($dataRecord['sys_groupid'])) {


                $client_group_id = $dataRecord['sys_groupid'];


@@ -122,7 +122,7 @@


                return '[CLIENTID]';


            }


        }


        $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = " . $app->functions->intval($client_group_id));


        $tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $client_group_id);


        $clientID = $tmp['client_id'];


        if ($clientID == '') $clientID = '0';


        return $clientID;


@@ -144,6 +144,7 @@


        return $res;


    }




    /* TODO: rewrite SQL */


    function getDomainModuleDomains($not_used_in_table = null, $selected_domain = null) {


        global $app;




@@ -168,6 +169,7 @@


        return $app->db->queryAllRecords($sql, $not_used_in_table, $selected_domain);


    }




    /* TODO: rewrite SQL */


    function checkDomainModuleDomain($domain_id) {


        global $app;




@@ -180,7 +182,8 @@


        if(!$domain || !$domain['domain_id']) return false;


        return $domain['domain'];


    }




	


    /* TODO: rewrite SQL */


    function getClientIdForDomain($domain_id) {


        global $app;






 interface/lib/classes/validate_client.inc.php


@@ -43,7 +43,7 @@


        }




        if($client_id == 0) {


            $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."'");


            $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = ?", $field_value);


            if($num_rec["number"] > 0) {


                $errmsg = $validator['errmsg'];


                if(isset($app->tform->wordbook[$errmsg])) {


@@ -53,7 +53,7 @@


                }


            }


        } else {


            $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$app->functions->intval($client_id));


            $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = ? AND client_id != ?", $field_value, $client_id);


            if($num_rec["number"] > 0) {


                $errmsg = $validator['errmsg'];


                if(isset($app->tform->wordbook[$errmsg])) {


@@ -108,23 +108,23 @@


            switch ($field_name)


            {


            case 'web_servers':


                $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM web_domain INNER JOIN sys_user ON web_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');


                $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM web_domain INNER JOIN sys_user ON web_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);


                break;




            case 'dns_servers':


                $used_servers = $app->db->queryAllRecords('SELECT id FROM dns_rr INNER JOIN sys_user ON dns_rr.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');


                $used_servers = $app->db->queryAllRecords('SELECT id FROM dns_rr INNER JOIN sys_user ON dns_rr.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);


                break;




            case 'db_servers':


                $used_servers = $app->db->queryAllRecords('SELECT database_id FROM web_database INNER JOIN sys_user ON web_database.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');


                $used_servers = $app->db->queryAllRecords('SELECT database_id FROM web_database INNER JOIN sys_user ON web_database.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);


                break;




            case 'mail_servers':


                $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM mail_domain INNER JOIN sys_user ON mail_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');


                $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM mail_domain INNER JOIN sys_user ON mail_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);


                break;




            case 'xmpp_servers':


                $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM xmpp_domain INNER JOIN sys_user ON xmpp_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');


                $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM xmpp_domain INNER JOIN sys_user ON xmpp_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);


                break;


            }




@@ -151,7 +151,7 @@


        }


        


        // check if country is member of EU


        $country_details = $app->db->queryOneRecord("SELECT * FROM country WHERE iso = '".$country."'");


        $country_details = $app->db->queryOneRecord("SELECT * FROM country WHERE iso = ?", $country);


        if($country_details['eu'] == 'y' && $vatid != ''){


        


            $vatid = preg_replace('/\s+/', '', $vatid);


@@ -161,6 +161,8 @@




            // Test if the country of the VAT-ID matches the country of the customer


            if($country != ''){


                // Greece


                if($country == 'GR') $country = 'EL';


                if(strtoupper($cc) != $country){


                    $errmsg = $validator['errmsg'];


                    if(isset($app->tform->wordbook[$errmsg])) {




 interface/lib/classes/validate_dkim.inc.php


@@ -62,8 +62,10 @@


     */


    function check_template($field_name, $field_value, $validator) {


        $dkim=false;


        foreach($field_value as $field ) { if($field == 'DKIM') $dkim=true; }


        if ($dkim && $field_value[0]!='DOMAIN') return $this->get_error($validator['errmsg']);


        if(is_array($field_value) && !empty($field_value)){


            foreach($field_value as $field ) { if($field == 'DKIM') $dkim=true; }


            if ($dkim && $field_value[0]!='DOMAIN') return $this->get_error($validator['errmsg']);


        }


    }








 interface/lib/classes/validate_dns.inc.php


@@ -104,7 +104,7 @@


        }




        if(substr($field, -1) == '.' && $area == 'Name'){


            $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ".intval($zoneid));


            $soa = $app->db->queryOneRecord("SELECT * FROM soa WHERE id = ?", $zoneid);


            if(substr($field, (strlen($field) - strlen($soa['origin']))) != $soa['origin']) $error .= $desc." ".$app->tform->wordbook['error_out_of_zone']."<br>\r\n";


        }






 interface/lib/classes/validate_domain.inc.php


@@ -88,8 +88,8 @@


        $app->uses('ini_parser,getconf');


        $settings = $app->getconf->get_global_config('domains');


        if ($settings['use_domain_module'] == 'y') {


            $sql = "SELECT domain_id, domain FROM domain WHERE domain_id = " . $app->functions->intval($check_domain);


            $domain_check = $app->db->queryOneRecord($sql);


            $sql = "SELECT domain_id, domain FROM domain WHERE domain_id = ?";


            $domain_check = $app->db->queryOneRecord($sql, $check_domain);


            if(!$domain_check) return;


            $check_domain = $domain_check['domain'];


        }


@@ -157,24 +157,27 @@




        if($domain['ip_address'] == '' || $domain['ipv6_address'] == ''){


            if($domain['parent_domain_id'] > 0){


                $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($domain['parent_domain_id']));


                $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $domain['parent_domain_id']);


            }


        }




        // check if domain has alias/subdomains - if we move a web to another IP, make sure alias/subdomains are checked as well


        $aliassubdomains = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ".$app->functions->intval($primary_id)." AND (type = 'alias' OR type = 'subdomain' OR type = 'vhostsubdomain')");


        $aliassubdomains = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type = 'alias' OR type = 'subdomain' OR type = 'vhostsubdomain')", $primary_id);


        $additional_sql1 = '';


        $additional_sql2 = '';


        $domain_params = array();


        if(is_array($aliassubdomains) && !empty($aliassubdomains)){


            foreach($aliassubdomains as $aliassubdomain){


                $additional_sql1 .= " OR d.domain = '".$app->db->quote($aliassubdomain['domain'])."'";


                $additional_sql2 .= " OR CONCAT(d.subdomain, '.', d.domain) = '".$app->db->quote($aliassubdomain['domain'])."'";


                $additional_sql1 .= " OR d.domain = ?";


                $additional_sql2 .= " OR CONCAT(d.subdomain, '.', d.domain) = ?";


                $domain_params[] = $aliassubdomain['domain'];


            }


        }


        


        


        $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (d.domain = '" . $app->db->quote($domain_name) . "'" . $additional_sql1 . ") AND d.server_id = " . $app->functions->intval($domain['server_id']) . " AND d.domain_id != " . $app->functions->intval($primary_id) . ($primary_id ? " AND d.parent_domain_id != " . $app->functions->intval($primary_id) : "");


        $checks = $app->db->queryAllRecords($qrystr);


        $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (d.domain = ?" . $additional_sql1 . ") AND d.server_id = ? AND d.domain_id != ?" . ($primary_id ? " AND d.parent_domain_id != ?" : "");


        $params = array($domain_name) + $domain_params + array($domain['server_id'], $primary_id, $primary_id);


        $checks = $app->db->queryAllRecords($qrystr, true, $params);


        if(is_array($checks) && !empty($checks)){


            foreach($checks as $check){


                if($domain['ip_address'] == '*') return false;


@@ -185,8 +188,9 @@


        }


        


        if($only_domain == false) {


            $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (CONCAT(d.subdomain, '.', d.domain)= '" . $app->db->quote($domain_name) . "'" . $additional_sql2 . ") AND d.server_id = " . $app->functions->intval($domain['server_id']) . " AND d.domain_id != " . $app->functions->intval($primary_id) . ($primary_id ? " AND d.parent_domain_id != " . $app->functions->intval($primary_id) : "");


            $checks = $app->db->queryAllRecords($qrystr);


            $qrystr = "SELECT d.domain_id, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ip_address, d.ip_address) as `ip_address`, IF(d.parent_domain_id != 0 AND p.domain_id IS NOT NULL, p.ipv6_address, d.ipv6_address) as `ipv6_address` FROM `web_domain` as d LEFT JOIN `web_domain` as p ON (p.domain_id = d.parent_domain_id) WHERE (CONCAT(d.subdomain, '.', d.domain)= ?" . $additional_sql2 . ") AND d.server_id = ? AND d.domain_id != ?" . ($primary_id ? " AND d.parent_domain_id != ?" : "");


            $params = array($domain_name) + $domain_params + array($domain['server_id'], $primary_id, $primary_id);


            $checks = $app->db->queryAllRecords($qrystr, true, $params);


            if(is_array($checks) && !empty($checks)){


                foreach($checks as $check){


                    if($domain['ip_address'] == '*') return false;


@@ -207,7 +211,7 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') {


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_wildcard FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            if($client["limit_wildcard"] == 'y') return true;


            else return false;




 interface/lib/classes/validate_ftpuser.inc.php


@@ -50,7 +50,7 @@




        if($primary_id > 0) {


            //* get parent_domain_id from website


            $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($primary_id)."'");


            $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = ?", $primary_id);


            if(!is_array($ftp_data) || $ftp_data["parent_domain_id"] < 1) {


                $errmsg = $validator['errmsg'];


                if(isset($app->tform->wordbook[$errmsg])) {


@@ -66,7 +66,7 @@


            $parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']);


        }




        $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'");


        $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id);


        if(!is_array($domain_data) || $domain_data["domain_id"] < 1) {


            $errmsg = $validator['errmsg'];


            if(isset($app->tform->wordbook[$errmsg])) {




 interface/lib/classes/validate_systemuser.inc.php


@@ -95,7 +95,7 @@




        if($primary_id > 0) {


            //* get parent_domain_id from website


            $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = '".$app->db->quote($primary_id)."'");


            $shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = ?", $primary_id);


            if(!is_array($shell_data) || $shell_data["parent_domain_id"] < 1) {


                $errmsg = $validator['errmsg'];


                if(isset($app->tform->wordbook[$errmsg])) {


@@ -111,7 +111,7 @@


            $parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']);


        }




        $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'");


        $domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id);


        if(!is_array($domain_data) || $domain_data["domain_id"] < 1) {


            $errmsg = $validator['errmsg'];


            if(isset($app->tform->wordbook[$errmsg])) {




 interface/lib/plugins/dns_dns_slave_plugin.inc.php


@@ -30,19 +30,19 @@


        // make sure that the record belongs to the client group and not the admin group when a dmin inserts it


        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);


            $app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$page_form->id);


            $app->db->query("UPDATE dns_slave SET sys_groupid = ? WHERE id = ?", $client_group_id, $page_form->id);


        }


        if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE dns_slave SET sys_groupid = $client_group_id WHERE id = ".$page_form->id);


            $app->db->query("UPDATE dns_slave SET sys_groupid = ? WHERE id = ?", $client_group_id, $page_form->id);


        }




        //** When the client group has changed, change also the owner of the record if the owner is not the admin user


        if($page_form->oldDataRecord && $page_form->oldDataRecord["client_group_id"] != $page_form->dataRecord["client_group_id"] && $page_form->dataRecord["sys_userid"] != 1) {


            $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);


            $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ".$client_group_id);


            $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);


            if($tmp["userid"] > 0) {


                $app->db->query("UPDATE dns_slave SET sys_userid = ".$tmp["userid"]." WHERE id = ".$page_form->id);


                $app->db->query("UPDATE dns_slave SET sys_userid = ? WHERE id = ?", $tmp["userid"], $page_form->id);


            }


        }


    }




 interface/lib/plugins/dns_dns_soa_plugin.inc.php


@@ -31,17 +31,17 @@


            $tmp = $app->db->diffrec($page_form->oldDataRecord, $app->tform->getDataRecord($page_form->id));


            if($tmp['diff_num'] > 0) {


                // Update the serial number of the SOA record


                $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ".$page_form->id);


                $app->db->query("UPDATE dns_soa SET serial = '".$app->validate_dns->increase_serial($soa["serial"])."' WHERE id = ".$page_form->id);


                $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ?", $page_form->id);


                $app->db->query("UPDATE dns_soa SET serial = ? WHERE id = ?", $app->validate_dns->increase_serial($soa["serial"]), $page_form->id);


            }




            //** When the client group has changed, change also the owner of the record if the owner is not the admin user


            if($page_form->oldDataRecord["client_group_id"] != $page_form->dataRecord["client_group_id"] && $page_form->dataRecord["sys_userid"] != 1) {


                $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);


                $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ".$client_group_id);


                $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);


                if($tmp["userid"] > 0) {


                    $app->db->query("UPDATE dns_soa SET sys_userid = ".$tmp["userid"]." WHERE id = ".$page_form->id);


                    $app->db->query("UPDATE dns_rr SET sys_userid = ".$tmp["userid"]." WHERE zone = ".$page_form->id);


                    $app->db->query("UPDATE dns_soa SET sys_userid = ? WHERE id = ?", $tmp["userid"], $page_form->id);


                    $app->db->query("UPDATE dns_rr SET sys_userid = ? WHERE zone = ?", $tmp["userid"], $page_form->id);


                }


            }


        }


@@ -49,15 +49,15 @@


        // make sure that the record belongs to the client group and not the admin group when a dmin inserts it


        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);


            $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE id = ".$page_form->id);


            $app->db->query("UPDATE dns_soa SET sys_groupid = ?, sys_perm_group = 'ru' WHERE id = ?", $client_group_id, $page_form->id);


            // And we want to update all rr records too, that belong to this record


            $app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$page_form->id);


            $app->db->query("UPDATE dns_rr SET sys_groupid = ? WHERE zone = ?", $client_group_id, $page_form->id);


        }


        if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);


            $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE id = ".$page_form->id);


            $app->db->query("UPDATE dns_soa SET sys_groupid = ?, sys_perm_group = 'riud' WHERE id = ?", $client_group_id, $page_form->id);


            // And we want to update all rr records too, that belong to this record


            $app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$page_form->id);


            $app->db->query("UPDATE dns_rr SET sys_groupid = ? WHERE zone = ?", $client_group_id, $page_form->id);


        }


    }






 interface/lib/plugins/mail_mail_domain_plugin.inc.php


@@ -31,23 +31,29 @@


        // also make sure that the user can not delete entry created by an admin


        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);


            $updates = "sys_groupid = $client_group_id, sys_perm_group = 'ru'";


            $updates = "sys_groupid = ?, sys_perm_group = 'ru'";


            $update_params = array($client_group_id);


            if ($event_name == 'mail:mail_domain:on_after_update') {


                $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);


                $client_user_id = ($tmp['userid'] > 0)?$tmp['userid']:1;


                $updates = "sys_userid = $client_user_id, $updates";


                $updates .= ", sys_userid = ?";


                $update_params[] = $client_user_id;


            }


            $app->db->query("UPDATE mail_domain SET $updates WHERE domain_id = ".$page_form->id);


            $update_params[] = $page_form->id;


            $app->db->query("UPDATE mail_domain SET " . $updates . " WHERE domain_id = ?", true, $update_params);


        }


        if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);


            $updates = "sys_groupid = $client_group_id, sys_perm_group = 'riud'";


            $update_params = array($client_group_id);


            if ($event_name == 'mail:mail_domain:on_after_update') {


                $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);


                $client_user_id = ($tmp['userid'] > 0)?$tmp['userid']:1;


                $updates = "sys_userid = $client_user_id, $updates";


                $updates .= ", sys_userid = ?";


                $update_params[] = $client_user_id;


            }


            $app->db->query("UPDATE mail_domain SET $updates WHERE domain_id = ".$page_form->id);


            $update_params[] = $page_form->id;


            $app->db->query("UPDATE mail_domain SET " . $updates . " WHERE domain_id = ?", true, $update_params);


        }




        //** If the domain name or owner has been changed, change the domain and owner in all mailbox records


@@ -57,9 +63,9 @@


            $mail_config = $app->getconf->get_server_config($page_form->dataRecord["server_id"], 'mail');




            //* Update the mailboxes


            $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");


            $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like ?", "%@" . $page_form->oldDataRecord['domain']);


            $sys_groupid = $app->functions->intval((isset($page_form->dataRecord['client_group_id']))?$page_form->dataRecord['client_group_id']:$page_form->oldDataRecord['sys_groupid']);


            $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $sys_groupid");


            $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $sys_groupid);


            $client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1);


            if(is_array($mailusers)) {


                foreach($mailusers as $rec) {


@@ -67,46 +73,45 @@


                    $mail_parts = explode("@", $rec['email']);


                    $maildir = str_replace("[domain]", $page_form->dataRecord['domain'], $mail_config["maildir_path"]);


                    $maildir = str_replace("[localpart]", $mail_parts[0], $maildir);


                    $maildir = $app->db->quote($maildir);


                    $email = $app->db->quote($mail_parts[0].'@'.$page_form->dataRecord['domain']);


                    $app->db->datalogUpdate('mail_user', "maildir = '$maildir', email = '$email', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailuser_id', $rec['mailuser_id']);


                    $email = $mail_parts[0].'@'.$page_form->dataRecord['domain'];


                    $app->db->datalogUpdate('mail_user', array("maildir" => $maildir, "email" => $email, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailuser_id', $rec['mailuser_id']);


                }


            }




            //* Update the aliases


            $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."' OR destination like '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");


            $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source LIKE ? OR destination LIKE ?", "%@" . $page_form->oldDataRecord['domain'], "%@" . $page_form->oldDataRecord['domain']);


            if(is_array($forwardings)) {


                foreach($forwardings as $rec) {


                    $destination = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']));


                    $source = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['source']));


                    $app->db->datalogUpdate('mail_forwarding', "source = '$source', destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'forwarding_id', $rec['forwarding_id']);


                    $destination = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']);


                    $source = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['source']);


                    $app->db->datalogUpdate('mail_forwarding', array("source" => $source, "destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'forwarding_id', $rec['forwarding_id']);


                }


            }




            //* Update the mailinglist


            $mailing_lists = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = '".$app->db->quote($page_form->oldDataRecord['domain'])."'");


            $mailing_lists = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = ?", $page_form->oldDataRecord['domain']);


            if(is_array($mailing_lists)) {


                foreach($mailing_lists as $rec) {


                    $app->db->datalogUpdate('mail_mailinglist', "sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailinglist_id', $rec['mailinglist_id']);


                    $app->db->datalogUpdate('mail_mailinglist', array("sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailinglist_id', $rec['mailinglist_id']);


                }


            }




            //* Update the mailget records


            $mail_gets = $app->db->queryAllRecords("SELECT mailget_id, destination FROM mail_get WHERE destination LIKE '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");


            $mail_gets = $app->db->queryAllRecords("SELECT mailget_id, destination FROM mail_get WHERE destination LIKE ?", "%@" . $page_form->oldDataRecord['domain']);


            if(is_array($mail_gets)) {


                foreach($mail_gets as $rec) {


                    $destination = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']));


                    $app->db->datalogUpdate('mail_get', "destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailget_id', $rec['mailget_id']);


                    $destination = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']);


                    $app->db->datalogUpdate('mail_get', array("destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailget_id', $rec['mailget_id']);


                }


            }




            if ($page_form->oldDataRecord["domain"] != $page_form->dataRecord['domain']) {


                //* Delete the old spamfilter record


                $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".$app->db->quote($page_form->oldDataRecord["domain"])."'");


                $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", "@" . $page_form->oldDataRecord["domain"]);


                $app->db->datalogDelete('spamfilter_users', 'id', $tmp["id"]);


                unset($tmp);


            }


            $app->db->query("UPDATE spamfilter_users SET email=REPLACE(email, '".$app->db->quote($page_form->oldDataRecord['domain'])."', '".$app->db->quote($page_form->dataRecord['domain'])."'), sys_userid = $client_user_id, sys_groupid = $sys_groupid WHERE email LIKE '%@".$app->db->quote($page_form->oldDataRecord['domain'])."'");


            $app->db->query("UPDATE spamfilter_users SET email=REPLACE(email, ?, ?), sys_userid = ?, sys_groupid = ? WHERE email LIKE ?", $page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $client_user_id, $sys_groupid, "%@" . $page_form->oldDataRecord['domain']);




        } // end if domain name changed


    }




 interface/lib/plugins/mail_user_filter_plugin.inc.php


@@ -61,7 +61,7 @@


    function mail_user_filter_edit($event_name, $page_form) {


        global $app, $conf;




        $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$page_form->dataRecord["mailuser_id"]);


        $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]);


        $skip = false;


        $lines = explode("\n", $mailuser['custom_mailfilter']);


        $out = '';


@@ -86,8 +86,7 @@


            $out = $new_rule . $out;


        }




        $out = $app->db->quote($out);


        $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $page_form->dataRecord["mailuser_id"]);


        $app->db->datalogUpdate('mail_user', array("custom_mailfilter" => $out), 'mailuser_id', $page_form->dataRecord["mailuser_id"]);






    }


@@ -95,7 +94,7 @@


    function mail_user_filter_del($event_name, $page_form) {


        global $app, $conf;




        $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$page_form->dataRecord["mailuser_id"]);


        $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]);


        $skip = false;


        $lines = explode("\n", $mailuser['custom_mailfilter']);


        $out = '';


@@ -111,8 +110,7 @@


            }


        }




        $out = $app->db->quote($out);


        $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $page_form->dataRecord["mailuser_id"]);


        $app->db->datalogUpdate('mail_user', array("custom_mailfilter" => $out), 'mailuser_id', $page_form->dataRecord["mailuser_id"]);


    }






@@ -124,7 +122,7 @@


        global $app, $conf;




        $app->uses("getconf");


        $mailuser_rec = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ".$app->functions->intval($page_form->dataRecord["mailuser_id"]));


        $mailuser_rec = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ?", $page_form->dataRecord["mailuser_id"]);


        $mail_config = $app->getconf->get_server_config($app->functions->intval($mailuser_rec["server_id"]), 'mail');




        if($mail_config['mail_filter_syntax'] == 'sieve') {




 interface/lib/plugins/sites_web_database_user_plugin.inc.php


@@ -31,13 +31,12 @@


        // also make sure that the user can not delete entry created by an admin


        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);


            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE database_user_id = ".$page_form->id);


            $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'ru' WHERE database_user_id = ?", $client_group_id, $page_form->id);


        }


        if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);


            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$page_form->id);


            $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $page_form->id);


        }


        //$app->db->query("UPDATE web_database_user SET server_id = '" . $app->functions->intval($conf['server_id']) . "' WHERE database_user_id = ".$page_form->id);


    }




}




 interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php


@@ -51,11 +51,11 @@


        // also make sure that the user can not delete domain created by a admin


        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);


            $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$page_form->id);


            $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $page_form->id);


        }


        if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);


            $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$page_form->id);


            $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $client_group_id, $page_form->id);


        }


        // Get configuration for the web system


        $app->uses("getconf");


@@ -73,15 +73,15 @@


            // get the ID of the client


            if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {


                $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


                $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = $client_group_id");


                $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $client_group_id);


                $client_id = $app->functions->intval($client["client_id"]);


            } elseif (isset($page_form->dataRecord["client_group_id"])) {


                $client_group_id = $page_form->dataRecord["client_group_id"];


                $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval(@$page_form->dataRecord["client_group_id"]));


                $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $app->functions->intval(@$page_form->dataRecord["client_group_id"]));


                $client_id = $app->functions->intval($client["client_id"]);


            } else {


                $client_group_id = $page_form->dataRecord["client_group_id"];


                $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval($page_form->dataRecord["client_group_id"]));


                $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $app->functions->intval($page_form->dataRecord["client_group_id"]));


                $client_id = $app->functions->intval($client["client_id"]);


            }




@@ -89,81 +89,81 @@


            $client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1);




            // Set the values for document_root, system_user and system_group


            $system_user     = $app->db->quote('web'.$page_form->id);


            $system_group     = $app->db->quote('client'.$client_id);


            $system_user     = 'web'.$page_form->id;


            $system_group     = 'client'.$client_id;




            $document_root     = str_replace("[client_id]", $client_id, $document_root);


            $document_root    = str_replace("[client_idhash_1]", $this->id_hash($client_id, 1), $document_root);


            $document_root    = str_replace("[client_idhash_2]", $this->id_hash($client_id, 2), $document_root);


            $document_root    = str_replace("[client_idhash_3]", $this->id_hash($client_id, 3), $document_root);


            $document_root    = str_replace("[client_idhash_4]", $this->id_hash($client_id, 4), $document_root);


            $document_root     = $app->db->quote($document_root);


            


            if($event_name == 'sites:web_vhost_domain:on_after_update') {


                if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) &&  isset($page_form->dataRecord["client_group_id"]) && $page_form->dataRecord["client_group_id"] != $page_form->oldDataRecord["sys_groupid"]) {




                    $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root' WHERE domain_id = ".$page_form->id;


                    $app->db->query($sql);


                    $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ? WHERE domain_id = ?";


                    $app->db->query($sql, $system_user, $system_group, $document_root, $page_form->id);




                    // Update the FTP user(s) too


                    $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ".$page_form->id);


                    $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ?", $page_form->id);


                    foreach($records as $rec) {


                        $app->db->datalogUpdate('ftp_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', uid = '$system_user', gid = '$system_group', dir = '$document_root'", 'ftp_user_id', $app->functions->intval($rec['ftp_user_id']));


                        $app->db->datalogUpdate('ftp_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "uid" => $system_user, "gid" => $system_group, "dir" => $document_root), 'ftp_user_id', $app->functions->intval($rec['ftp_user_id']));


                    }


                    unset($records);


                    unset($rec);




                    // Update the webdav user(s) too


                    $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = ".$page_form->id);


                    $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = ?", $page_form->id);


                    foreach($records as $rec) {


                        $app->db->datalogUpdate('webdav_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'webdav_user_id', $app->functions->intval($rec['webdav_user_id']));


                        $app->db->datalogUpdate('webdav_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'webdav_user_id', $app->functions->intval($rec['webdav_user_id']));


                    }


                    unset($records);


                    unset($rec);




                    // Update the web folder(s) too


                    $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = ".$page_form->id);


                    $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = ?", $page_form->id);


                    foreach($records as $rec) {


                        $app->db->datalogUpdate('web_folder', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'web_folder_id', $app->functions->intval($rec['web_folder_id']));


                        $app->db->datalogUpdate('web_folder', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'web_folder_id', $app->functions->intval($rec['web_folder_id']));


                    }


                    unset($records);


                    unset($rec);




                    //* Update all web folder users


                    $records = $app->db->queryAllRecords("SELECT web_folder_user.web_folder_user_id FROM web_folder_user, web_folder WHERE web_folder_user.web_folder_id = web_folder.web_folder_id AND web_folder.parent_domain_id = ".$page_form->id);


                    $records = $app->db->queryAllRecords("SELECT web_folder_user.web_folder_user_id FROM web_folder_user, web_folder WHERE web_folder_user.web_folder_id = web_folder.web_folder_id AND web_folder.parent_domain_id = ?", $page_form->id);


                    foreach($records as $rec) {


                        $app->db->datalogUpdate('web_folder_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'web_folder_user_id', $app->functions->intval($rec['web_folder_user_id']));


                        $app->db->datalogUpdate('web_folder_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'web_folder_user_id', $app->functions->intval($rec['web_folder_user_id']));


                    }


                    unset($records);


                    unset($rec);




                    // Update the Shell user(s) too


                    $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ".$page_form->id);


                    $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ?", $page_form->id);


                    foreach($records as $rec) {


                        $app->db->datalogUpdate('shell_user', "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."', puser = '$system_user', pgroup = '$system_group', dir = '$document_root'", 'shell_user_id', $app->functions->intval($rec['shell_user_id']));


                        $app->db->datalogUpdate('shell_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "puser" => $system_user, "pgroup" => $system_group, "dir" => $document_root), 'shell_user_id', $app->functions->intval($rec['shell_user_id']));


                    }


                    unset($records);


                    unset($rec);




                    // Update the cron(s) too


                    $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = ".$page_form->id);


                    $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = ?", $page_form->id);


                    foreach($records as $rec) {


                        $app->db->datalogUpdate('cron', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'id', $app->functions->intval($rec['id']));


                        $app->db->datalogUpdate('cron', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'id', $app->functions->intval($rec['id']));


                    }


                    unset($records);


                    unset($rec);




                    //* Update all subdomains and alias domains


                    $records = $app->db->queryAllRecords("SELECT domain_id, `domain`, `type`, `web_folder` FROM web_domain WHERE parent_domain_id = ".$page_form->id);


                    $records = $app->db->queryAllRecords("SELECT domain_id, `domain`, `type`, `web_folder` FROM web_domain WHERE parent_domain_id = ?", $page_form->id);


                    foreach($records as $rec) {


                        $update_columns = "sys_userid = '".$web_rec['sys_userid']."', sys_groupid = '".$web_rec['sys_groupid']."'";


                        $update_columns = array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']);


                        if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') {


                            $php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$rec['web_folder'], $web_config["php_open_basedir"]);


                            $php_open_basedir = str_replace("[website_domain]/web", $rec['domain'].'/'.$rec['web_folder'], $php_open_basedir);


                            $php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir);


                            $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $rec['domain'], $php_open_basedir));


                            $php_open_basedir = str_replace("[website_domain]", $rec['domain'], $php_open_basedir);




                            $update_columns .= ", document_root = '".$document_root."', `php_open_basedir` = '".$php_open_basedir."'";


                            $update_columns["document_root"] = $document_root;


                            $update_columns["php_open_basedir"] = $php_open_basedir;


                        }


                        $app->db->datalogUpdate('web_domain', $update_columns, 'domain_id', $rec['domain_id']);


                    }


@@ -171,24 +171,24 @@


                    unset($rec);




                    //* Update all databases


                    $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$page_form->id);


                    $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ?", $page_form->id);


                    foreach($records as $rec) {


                        $app->db->datalogUpdate('web_database', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_id', $app->functions->intval($rec['database_id']));


                        $app->db->datalogUpdate('web_database', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'database_id', $app->functions->intval($rec['database_id']));


                    }




                    //* Update all database users


                    $records = $app->db->queryAllRecords("SELECT web_database_user.database_user_id FROM web_database_user, web_database WHERE web_database_user.database_user_id IN (web_database.database_user_id, web_database.database_ro_user_id) AND web_database.parent_domain_id = ".$page_form->id);


                    $records = $app->db->queryAllRecords("SELECT web_database_user.database_user_id FROM web_database_user, web_database WHERE web_database_user.database_user_id IN (web_database.database_user_id, web_database.database_ro_user_id) AND web_database.parent_domain_id = ?", $page_form->id);


                    foreach($records as $rec) {


                        $app->db->datalogUpdate('web_database_user', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."'", 'database_user_id', $app->functions->intval($rec['database_user_id']));


                        $app->db->datalogUpdate('web_database_user', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid']), 'database_user_id', $app->functions->intval($rec['database_user_id']));


                    }


                    unset($records);


                    unset($rec);




                    // Update APS instances


                    $records = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($page_form->oldDataRecord["domain"])."'");


                    $records = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = ?", $page_form->oldDataRecord["domain"]);


                    if(is_array($records) && !empty($records)){


                        foreach($records as $rec){


                            $app->db->datalogUpdate('aps_instances', "sys_userid = '".$app->functions->intval($web_rec['sys_userid'])."', sys_groupid = '".$app->functions->intval($web_rec['sys_groupid'])."', customer_id = '".$app->functions->intval($client_id)."'", 'id', $rec['instance_id']);


                            $app->db->datalogUpdate('aps_instances', array("sys_userid" => $web_rec['sys_userid'], "sys_groupid" => $web_rec['sys_groupid'], "customer_id" => $client_id), 'id', $rec['instance_id']);


                        }


                    }


                    unset($records);


@@ -198,20 +198,20 @@




                //* If the domain name has been changed, we will have to change all subdomains + APS instances


                if(!empty($page_form->dataRecord["domain"]) && !empty($page_form->oldDataRecord["domain"]) && $page_form->dataRecord["domain"] != $page_form->oldDataRecord["domain"]) {


                    $records = $app->db->queryAllRecords("SELECT domain_id,domain FROM web_domain WHERE (type = 'subdomain' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND domain LIKE '%.".$app->db->quote($page_form->oldDataRecord["domain"])."'");


                    $records = $app->db->queryAllRecords("SELECT domain_id,domain FROM web_domain WHERE (type = 'subdomain' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND domain LIKE ?", "%." . $page_form->oldDataRecord["domain"]);


                    foreach($records as $rec) {


                        $subdomain = $app->db->quote(str_replace($page_form->oldDataRecord["domain"], $page_form->dataRecord["domain"], $rec['domain']));


                        $app->db->datalogUpdate('web_domain', "domain = '".$subdomain."'", 'domain_id', $rec['domain_id']);


                        $subdomain = str_replace($page_form->oldDataRecord["domain"], $page_form->dataRecord["domain"], $rec['domain']);


                        $app->db->datalogUpdate('web_domain', array("domain" => $subdomain), 'domain_id', $rec['domain_id']);


                    }


                    unset($records);


                    unset($rec);


                    unset($subdomain);




                    // Update APS instances


                    $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($page_form->oldDataRecord["domain"])."'");


                    $records = $app->db->queryAllRecords("SELECT id, instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = ?", $page_form->oldDataRecord["domain"]);


                    if(is_array($records) && !empty($records)){


                        foreach($records as $rec){


                            $app->db->datalogUpdate('aps_instances_settings', "value = '".$app->db->quote($page_form->dataRecord["domain"])."'", 'id', $rec['id']);


                            $app->db->datalogUpdate('aps_instances_settings', array("value" => $page_form->dataRecord["domain"]), 'id', $rec['id']);


                        }


                    }


                    unset($records);


@@ -220,35 +220,35 @@




                //* Set allow_override if empty


                if($web_rec['allow_override'] == '') {


                    $sql = "UPDATE web_domain SET allow_override = '".$app->db->quote($web_config["htaccess_allow_override"])."' WHERE domain_id = ".$page_form->id;


                    $app->db->query($sql);


                    $sql = "UPDATE web_domain SET allow_override = ? WHERE domain_id = ?";


                    $app->db->query($sql, $web_config["htaccess_allow_override"], $page_form->id);


                }




                //* Set php_open_basedir if empty or domain or client has been changed


                if(empty($web_rec['php_open_basedir']) ||


                    (!empty($page_form->dataRecord["domain"]) && !empty($page_form->oldDataRecord["domain"]) && $page_form->dataRecord["domain"] != $page_form->oldDataRecord["domain"])) {


                    $php_open_basedir = $web_rec['php_open_basedir'];


                    $php_open_basedir = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir));


                    $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id;


                    $app->db->query($sql);


                    $php_open_basedir = str_replace($page_form->oldDataRecord['domain'], $web_rec['domain'], $php_open_basedir);


                    $sql = "UPDATE web_domain SET php_open_basedir = ? WHERE domain_id = ?";


                    $app->db->query($sql, $php_open_basedir, $page_form->id);


                }


                if(empty($web_rec['php_open_basedir']) ||


                    (isset($page_form->dataRecord["client_group_id"]) && $page_form->dataRecord["client_group_id"] != $page_form->oldDataRecord["sys_groupid"])) {


                    $document_root = $app->db->quote(str_replace("[client_id]", $client_id, $document_root));


                    $document_root = str_replace("[client_id]", $client_id, $document_root);


                    $php_open_basedir = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]);


                    $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir));


                    $sql = "UPDATE web_domain SET php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$page_form->id;


                    $app->db->query($sql);


                    $php_open_basedir = str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir);


                    $sql = "UPDATE web_domain SET php_open_basedir = ? WHERE domain_id = ?";


                    $app->db->query($sql, $php_open_basedir, $page_form->id);


                }




                //* Change database backup options when web backup options have been changed


                if(isset($page_form->dataRecord['backup_interval']) && ($page_form->dataRecord['backup_interval'] != $page_form->oldDataRecord['backup_interval'] || $page_form->dataRecord['backup_copies'] != $page_form->oldDataRecord['backup_copies'])) {


                    //* Update all databases


                    $backup_interval = $app->db->quote($page_form->dataRecord['backup_interval']);


                    $backup_interval = $page_form->dataRecord['backup_interval'];


                    $backup_copies = $app->functions->intval($page_form->dataRecord['backup_copies']);


                    $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE parent_domain_id = ".$page_form->id);


                    foreach($records as $rec) {


                        $app->db->datalogUpdate('web_database', "backup_interval = '$backup_interval', backup_copies = '$backup_copies'", 'database_id', $rec['database_id']);


                        $app->db->datalogUpdate('web_database', array("backup_interval" => $backup_interval, "backup_copies" => $backup_copies), 'database_id', $rec['database_id']);


                    }


                    unset($records);


                    unset($rec);


@@ -258,36 +258,36 @@




                //* Change vhost subdomain and alias ip/ipv6 if domain ip/ipv6 has changed


                if(isset($page_form->dataRecord['ip_address']) && ($page_form->dataRecord['ip_address'] != $page_form->oldDataRecord['ip_address'] || $page_form->dataRecord['ipv6_address'] != $page_form->oldDataRecord['ipv6_address'])) {


                    $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ".$page_form->id);


                    $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ?", $page_form->id);


                    foreach($records as $rec) {


                        $app->db->datalogUpdate('web_domain', "ip_address = '".$app->db->quote($web_rec['ip_address'])."', ipv6_address = '".$app->db->quote($web_rec['ipv6_address'])."'", 'domain_id', $rec['domain_id']);


                        $app->db->datalogUpdate('web_domain', array("ip_address" => $web_rec['ip_address'], "ipv6_address" => $web_rec['ipv6_address']), 'domain_id', $rec['domain_id']);


                    }


                    unset($records);


                    unset($rec);


                }


            } else {


                $php_open_basedir    = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]);


                $php_open_basedir    = $app->db->quote(str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir));




                $htaccess_allow_override  = $app->db->quote($web_config["htaccess_allow_override"]);


                $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir'  WHERE domain_id = ".$page_form->id;


                $app->db->query($sql);


                $php_open_basedir    = str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir);


                $htaccess_allow_override  = $web_config["htaccess_allow_override"];


				


                $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ?  WHERE domain_id = ?";


                $app->db->query($sql, $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $page_form->id);


            }


        } else {


            if(isset($page_form->dataRecord["parent_domain_id"]) && $page_form->dataRecord["parent_domain_id"] != $page_form->oldDataRecord["parent_domain_id"]) {


                $parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = '" . $app->functions->intval($page_form->dataRecord['parent_domain_id']) . "'");


                $parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ?", $page_form->dataRecord['parent_domain_id']);




                // Set the values for document_root, system_user and system_group


                $system_user = $app->db->quote($parent_domain['system_user']);


                $system_group = $app->db->quote($parent_domain['system_group']);


                $document_root = $app->db->quote($parent_domain['document_root']);


                $system_user = $parent_domain['system_user'];


                $system_group = $parent_domain['system_group'];


                $document_root = $parent_domain['document_root'];


                $php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$page_form->dataRecord['web_folder'], $web_config["php_open_basedir"]);


                $php_open_basedir = str_replace("[website_domain]/web", $page_form->dataRecord['domain'].'/'.$page_form->dataRecord['web_folder'], $php_open_basedir);


                $php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir);


                $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir));


                $htaccess_allow_override = $app->db->quote($parent_domain['allow_override']);


                $sql = "UPDATE web_domain SET sys_groupid = ".$app->functions->intval($parent_domain['sys_groupid']).",system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir'  WHERE domain_id = ".$page_form->id;


                $app->db->query($sql);


                $php_open_basedir = str_replace("[website_domain]", $page_form->dataRecord['domain'], $php_open_basedir);


                $htaccess_allow_override = $parent_domain['allow_override'];


                $sql = "UPDATE web_domain SET sys_groupid = ?,system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ? WHERE domain_id = ?";


                $app->db->query($sql, $parent_domain['sys_groupid'], $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $page_form->id);


            }


        }


    }




 interface/lib/plugins/vm_openvz_plugin.inc.php


@@ -41,24 +41,24 @@


        // also make sure that the user can not delete domain created by a admin


        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);


            $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);


        }


        if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);


            $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);


        }




        // Set the VEID


        $tmp = $app->db->queryOneRecord('SELECT MAX(veid) + 1 as newveid FROM openvz_vm');


        $veid = ($tmp['newveid'] > 100)?$tmp['newveid']:101;


        $app->db->query("UPDATE openvz_vm SET veid = ".$veid." WHERE vm_id = ".$this->id);


        $app->db->query("UPDATE openvz_vm SET veid = ? WHERE vm_id = ?", $veid, $this->id);


        unset($tmp);




        // Apply template values to the advanced tab settings


        $this->applyTemplate();




        // Set the IP address


        $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'");


        $app->db->query("UPDATE openvz_ip SET vm_id = ? WHERE ip_address = ?", $this->id, $this->dataRecord['ip_address']);




        // Create the OpenVZ config file and store it in config field


        $this->makeOpenVZConfig();


@@ -82,11 +82,11 @@


        // also make sure that the user can not delete domain created by a admin


        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);


            $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);


        }


        if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE openvz_vm SET sys_groupid = $client_group_id WHERE vm_id = ".$this->id);


            $app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);


        }




        if(isset($this->dataRecord["ostemplate_id"]) && $this->oldDataRecord["ostemplate_id"] != $this->dataRecord["ostemplate_id"]) {


@@ -94,7 +94,7 @@


        }




        // Set the IP address


        if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ".$this->id." WHERE ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."'");


        if(isset($this->dataRecord['ip_address'])) $app->db->query("UPDATE openvz_ip SET vm_id = ? WHERE ip_address = ?", $this->id, $this->dataRecord['ip_address']);




        // Create the OpenVZ config file and store it in config field


        $this->makeOpenVZConfig();


@@ -111,8 +111,8 @@


        global $app, $conf;




        //* Free the IP address


        $tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ".$app->functions->intval($page_form->id));


        $app->db->datalogUpdate('openvz_ip', 'vm_id = 0', 'ip_address_id', $tmp['ip_address_id']);


        $tmp = $app->db->queryOneRecord("SELECT ip_address_id FROM openvz_ip WHERE vm_id = ?", $page_form->id);


        $app->db->datalogUpdate('openvz_ip', array('vm_id' => 0), 'ip_address_id', $tmp['ip_address_id']);


        unset($tmp);




    }


@@ -120,29 +120,29 @@


    private function applyTemplate() {


        global $app, $conf;




        $tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($this->dataRecord["template_id"]));


        $tpl = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?", $this->dataRecord["template_id"]);




        $sql = "UPDATE openvz_vm SET ";


        $sql .= "diskspace = '".$app->db->quote($tpl['diskspace'])."', ";


        $sql .= "ram = '".$app->db->quote($tpl['ram'])."', ";


        $sql .= "ram_burst = '".$app->db->quote($tpl['ram_burst'])."', ";


        $sql .= "cpu_units = '".$app->db->quote($tpl['cpu_units'])."', ";


        $sql .= "cpu_num = '".$app->db->quote($tpl['cpu_num'])."', ";


        $sql .= "cpu_limit = '".$app->db->quote($tpl['cpu_limit'])."', ";


        $sql .= "io_priority = '".$app->db->quote($tpl['io_priority'])."', ";


        $sql .= "nameserver = '".$app->db->quote($tpl['nameserver'])."', ";


        $sql .= "create_dns = '".$app->db->quote($tpl['create_dns'])."', ";


        $sql .= "capability = '".$app->db->quote($tpl['capability'])."' ";


        $sql .= "WHERE vm_id = ".$app->functions->intval($this->id);


        $app->db->query($sql);


        $sql .= "diskspace = ?, ";


        $sql .= "ram = ?, ";


        $sql .= "ram_burst = ?, ";


        $sql .= "cpu_units = ?, ";


        $sql .= "cpu_num = ?, ";


        $sql .= "cpu_limit = ?, ";


        $sql .= "io_priority = ?, ";


        $sql .= "nameserver = ?, ";


        $sql .= "create_dns = ?, ";


        $sql .= "capability = ? ";


        $sql .= "WHERE vm_id = ?";


        $app->db->query($sql, $tpl['diskspace'], $tpl['ram'], $tpl['ram_burst'], $tpl['cpu_units'], $tpl['cpu_num'], $tpl['cpu_limit'], $tpl['io_priority'], $tpl['nameserver'], $tpl['create_dns'], $tpl['capability'], $this->id);




    }




    private function makeOpenVZConfig() {


        global $app, $conf;




        $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id));


        $vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ".$app->functions->intval($vm['template_id']));


        $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ?",$app->functions->intval($this->id));


        $vm_template = $app->db->queryOneRecord("SELECT * FROM openvz_template WHERE template_id = ?",$app->functions->intval($vm['template_id']));


        $burst_ram = $vm['ram_burst']*256;


        $guar_ram = $vm['ram']*256;




@@ -194,12 +194,12 @@


        $tpl->setVar('nameserver', $vm['nameserver']);


        $tpl->setVar('capability', $vm['capability']);




        $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ".$app->functions->intval($vm['ostemplate_id']));


        $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ?", $app->functions->intval($vm['ostemplate_id']));


        $tpl->setVar('ostemplate', $tmp['template_file']);


        unset($tmp);




        $openvz_config = $app->db->quote($tpl->grab());


        $app->db->query("UPDATE openvz_vm SET config = '".$openvz_config."' WHERE vm_id = ".$app->functions->intval($this->id));


        $openvz_config = $tpl->grab();


        $app->db->query("UPDATE openvz_vm SET config = ? WHERE vm_id = ?", $openvz_config, $app->functions->intval($this->id));




        unset($tpl);




@@ -208,23 +208,23 @@


    private function createDNS() {


        global $app, $conf;




        $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ".$app->functions->intval($this->id));


        $vm = $app->db->queryOneRecord("SELECT * FROM openvz_vm WHERE vm_id = ?", $app->functions->intval($this->id));




        if($vm['create_dns'] != 'y') return;




        $full_hostname = str_replace('{VEID}', $vm['veid'], $vm['hostname']);


        $hostname_parts = explode('.', $full_hostname);


        $hostname = $app->db->quote($hostname_parts[0]);


        $hostname = $hostname_parts[0];


        unset($hostname_parts[0]);


        $zone = $app->db->quote((implode('.', $hostname_parts)));


        $zone = implode('.', $hostname_parts);


        unset($hostname_parts);




        // Find the dns zone


        $zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = '".$app->db->quote($zone).".'");


        $rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = '".$app->functions->intval($zone_rec['id'])."' AND name = '".$app->db->quote($hostname)."'");


        $zone_rec = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $zone);


        $rr_rec = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND name = ?", $zone_rec['id'], $hostname);




        if($zone_rec['id'] > 0) {


            $ip_address = $app->db->quote($vm['ip_address']);


            $ip_address = $vm['ip_address'];


            $sys_userid = $app->functions->intval($zone_rec['sys_userid']);


            $sys_groupid = $app->functions->intval($zone_rec['sys_groupid']);


            $server_id = $app->functions->intval($zone_rec['server_id']);


@@ -232,12 +232,25 @@




            if($rr_rec['id'] > 0) {


                $app->uses('validate_dns');


                $app->db->datalogUpdate('dns_rr', "data = '$ip_address'", 'id', $app->functions->intval($rr_rec['id']));


                $app->db->datalogUpdate('dns_rr', array("data" => $ip_address), 'id', $app->functions->intval($rr_rec['id']));


                $serial = $app->validate_dns->increase_serial($zone_rec['serial']);


                $app->db->datalogUpdate('dns_soa', "serial = '$serial'", 'id', $app->functions->intval($zone_rec['id']));


                $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $app->functions->intval($zone_rec['id']));


            } else {


                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES


                ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$hostname', 'A', '$ip_address', '0', '3600', 'Y')";


                $insert_data = array(


                    "sys_userid" => $sys_userid,


                    "sys_groupid" => $sys_groupid,


                    "sys_perm_user" => 'riud',


                    "sys_perm_group" => 'riud',


                    "sys_perm_other" => '',


                    "server_id" => $server_id,


                    "zone" => $dns_soa_id,


                    "name" => $hostname,


                    "type" => 'A',


                    "data" => $ip_address,


                    "aux" => '0',


                    "ttl" => '3600',


                    "active" => 'Y'


                );


                $dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');


            }






 interface/web/admin/firewall_edit.php


@@ -56,7 +56,7 @@


        //* Check if the server has been changed


        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


        if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


            $rec = $app->db->queryOneRecord("SELECT server_id from firewall WHERE firewall_id = ".$this->id);


            $rec = $app->db->queryOneRecord("SELECT server_id from firewall WHERE firewall_id = ?", $this->id);


            if($rec['server_id'] != $this->dataRecord["server_id"]) {


                //* Add a error message and switch back to old server


                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');




 interface/web/admin/form/directive_snippets.tform.php


@@ -105,6 +105,17 @@


            'default' => 'y',


            'value'  => array(0 => 'n', 1 => 'y')


        ),


        'required_php_snippets' => array (


            'datatype' => 'VARCHAR',


            'formtype' => 'CHECKBOXARRAY',


            'default' => '',


            'datasource' => array (  'type' => 'SQL',


                'querystring' => "SELECT directive_snippets_id,name FROM directive_snippets WHERE type = 'php' AND active = 'y'ORDER BY name",


                'keyfield' => 'directive_snippets_id',


                'valuefield' => 'name'


            ),


            'separator' => ',',


        ),


        //#################################


        // ENDE Datatable fields


        //#################################




 interface/web/admin/form/server_config.tform.php


@@ -182,7 +182,7 @@


        'backup_dir_is_mount' => array(


            'datatype' => 'VARCHAR',


            'formtype' => 'CHECKBOX',


            'default' => 'n',


            'default' => 'y',


            'value' => array(0 => 'n', 1 => 'y')


        ),


        'backup_mode' => array(


@@ -327,7 +327,7 @@


            'datatype' => 'INTEGER',


            'formtype' => 'SELECT',


            'default' => '2048',


            'value' => array('1024' => 'week (1024)', '2048' => 'normal (2048)', '4096' => 'strong (4096)')


            'value' => array('1024' => 'weak (1024)', '2048' => 'normal (2048)', '4096' => 'strong (4096)')


        ),


        'relayhost_password' => array(


            'datatype' => 'VARCHAR',


@@ -1036,7 +1036,7 @@


        'enable_spdy' => array (


            'datatype' => 'VARCHAR',


            'formtype' => 'CHECKBOX',


            'default'  => 'n',


            'default'  => 'y',


            'value' => array (


                0 => 'n',


                1 => 'y'




 interface/web/admin/lib/module.conf.php


@@ -7,6 +7,7 @@


$module['template']  = 'module.tpl.htm';


$module['startpage']  = 'admin/server_list.php';


$module['tab_width']    = '60';


$module['order']    = '90';






$items[] = array(   'title'     => 'CP Users',




 interface/web/admin/list/directive_snippets.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));






$liste["item"][] = array( 'field'  => "name",


@@ -82,6 +82,6 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));




?>




 interface/web/admin/list/firewall.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));




$liste["item"][] = array( 'field'  => "server_id",


    'datatype' => "VARCHAR",




 interface/web/admin/list/iptables.list.php


@@ -18,14 +18,14 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array("y" => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", "n" => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array("y" => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", "n" => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));




$liste["item"][] = array( 'field'  => "server_id",


    'datatype' => "VARCHAR",


    'datatype' => "INTEGER",


    'formtype' => "SELECT",


    'op'  => "like",


    'prefix' => "%",


    'suffix' => "%",


    'op'  => "=",


    'prefix' => "",


    'suffix' => "",


    'datasource' => array (  'type' => "SQL",


        'querystring' => "SELECT server_id,server_name FROM server WHERE {AUTHSQL} AND db_server = 1 ORDER BY server_name",


        'keyfield'=> "server_id",




 interface/web/admin/list/server.list.php


@@ -63,7 +63,7 @@


    'prefix' => '%',


    'suffix' => '%',


    'width'  => '',


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));




$liste['item'][] = array( 'field'  => 'web_server',


    'datatype' => 'VARCHAR',


@@ -72,7 +72,7 @@


    'prefix' => '%',


    'suffix' => '%',


    'width'  => '',


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));




$liste['item'][] = array( 'field'  => 'dns_server',


    'datatype' => 'VARCHAR',


@@ -81,7 +81,7 @@


    'prefix' => '%',


    'suffix' => '%',


    'width'  => '',


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));




$liste['item'][] = array( 'field'  => 'file_server',


    'datatype' => 'VARCHAR',


@@ -90,7 +90,7 @@


    'prefix' => '%',


    'suffix' => '%',


    'width'  => '',


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));




$liste['item'][] = array( 'field'  => 'db_server',


    'datatype' => 'VARCHAR',


@@ -99,7 +99,7 @@


    'prefix' => '%',


    'suffix' => '%',


    'width'  => '',


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));




$liste['item'][] = array( 'field'  => 'vserver_server',


    'datatype' => 'VARCHAR',


@@ -108,7 +108,7 @@


    'prefix' => '%',


    'suffix' => '%',


    'width'  => '',


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));




$liste['item'][] = array( 'field'  => 'xmpp_server',


    'datatype' => 'VARCHAR',


@@ -117,6 +117,6 @@


    'prefix' => '%',


    'suffix' => '%',


    'width'  => '',


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));




?>




 interface/web/admin/list/server_ip.list.php


@@ -45,11 +45,11 @@


*****************************************************/




$liste['item'][] = array( 'field'  => 'server_id',


    'datatype' => 'VARCHAR',


    'datatype' => 'INTEGER',


    'formtype' => 'SELECT',


    'op'  => 'like',


    'prefix' => '%',


    'suffix' => '%',


    'op'  => '=',


    'prefix' => '',


    'suffix' => '',


    'datasource' => array (  'type' => 'SQL',


        'querystring' => 'SELECT server_id,server_name FROM server WHERE {AUTHSQL} ORDER BY server_name',


        'keyfield'=> 'server_id',


@@ -59,11 +59,11 @@


    'value'  => '');




$liste['item'][] = array( 'field'  => 'client_id',


    'datatype' => 'VARCHAR',


    'datatype' => 'INTEGER',


    'formtype' => 'SELECT',


    'op'  => 'like',


    'prefix' => '%',


    'suffix' => '%',


    'op'  => '=',


    'prefix' => '',


    'suffix' => '',


    'datasource' => array (  'type' => 'SQL',


        'querystring' => 'SELECT client_id,contact_name FROM client WHERE {AUTHSQL} ORDER BY contact_name',


        'keyfield'=> 'client_id',


@@ -95,7 +95,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));






$liste['item'][] = array( 'field'  => 'virtualhost_port',




 interface/web/admin/list/server_php.list.php


@@ -45,11 +45,11 @@


*****************************************************/




$liste['item'][] = array( 'field'  => 'server_id',


    'datatype' => 'VARCHAR',


    'datatype' => 'INTEGER',


    'formtype' => 'SELECT',


    'op'  => 'like',


    'prefix' => '%',


    'suffix' => '%',


    'op'  => '=',


    'prefix' => '',


    'suffix' => '',


    'datasource' => array (  'type' => 'SQL',


        'querystring' => 'SELECT server_id,server_name FROM server WHERE {AUTHSQL} ORDER BY server_name',


        'keyfield'=> 'server_id',


@@ -59,11 +59,11 @@


    'value'  => '');




$liste['item'][] = array( 'field'  => 'client_id',


    'datatype' => 'VARCHAR',


    'datatype' => 'INTEGER',


    'formtype' => 'SELECT',


    'op'  => 'like',


    'prefix' => '%',


    'suffix' => '%',


    'op'  => '=',


    'prefix' => '',


    'suffix' => '',


    'datasource' => array (  'type' => 'SQL',


        'querystring' => 'SELECT client_id,contact_name FROM client WHERE {AUTHSQL} ORDER BY contact_name',


        'keyfield'=> 'client_id',




 interface/web/admin/list/software_repo.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));




$liste["item"][] = array( 'field'  => "repo_name",


    'datatype' => "VARCHAR",




 interface/web/admin/list/users.list.php


@@ -60,7 +60,7 @@


    'prefix' => "",


    'suffix' => "",


    'width' => "",


    'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value' => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));




$liste['item'][] = array(   'field' => 'username',


    'datatype' => 'VARCHAR',




 interface/web/admin/remote_action_ispcupdate.php


@@ -80,15 +80,8 @@


    }


    foreach ($servers as $serverId) {


        $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .


            "VALUES (".


            $app->functions->intval($serverId) . ", " .


            time() . ", " .


            "'ispc_update', " .


            "'', " .


            "'pending', " .


            "''" .


            ")";


        $app->db->query($sql);


            "VALUES (?, UNIX_TIMESTAMP(), 'ispc_update', '', 'pending', '')";


        $app->db->query($sql, $serverId);


    }


    $msg = $wb['action_scheduled'];


}




 interface/web/admin/remote_action_osupdate.php


@@ -76,15 +76,8 @@


    }


    foreach ($servers as $serverId) {


        $sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .


            "VALUES (".


            $app->functions->intval($serverId) . ", " .


            time() . ", " .


            "'os_update', " .


            "'', " .


            "'pending', " .


            "''" .


            ")";


        $app->db->query($sql);


            "VALUES (?, UNIX_TIMESTAMP(), 'os_update', '', 'pending', '')";


        $app->db->query($sql, $serverId);


    }


    $msg = $wb['action_scheduled'];


}




 interface/web/admin/server_config_edit.php


@@ -96,7 +96,7 @@


            $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);


            $server_config_str = $app->ini_parser->get_ini_string($server_config_array);




            $app->db->datalogUpdate('server', "config = '".$app->db->quote($server_config_str)."'", 'server_id', $server_id);


            $app->db->datalogUpdate('server', array("config" => $server_config_str), 'server_id', $server_id);


        }


    }






 interface/web/admin/server_edit.php


@@ -55,8 +55,8 @@


        global $app, $conf;




        // Getting Servers


        $sql = "SELECT server_id,server_name FROM server WHERE server_id != ".$app->functions->intval($this->id)." ORDER BY server_name";


        $mirror_servers = $app->db->queryAllRecords($sql);


        $sql = "SELECT server_id,server_name FROM server WHERE server_id != ? ORDER BY server_name";


        $mirror_servers = $app->db->queryAllRecords($sql, $this->id);


        $mirror_server_select = '<option value="0">'.$app->tform->lng('- None -').'</option>';


        if(is_array($mirror_servers)) {


            foreach( $mirror_servers as $mirror_server) {




 interface/web/admin/server_ip_edit.php


@@ -57,7 +57,7 @@


        //* Check if the server has been changed


        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


        if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


            $rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$app->functions->intval($this->id));


            $rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ?", $this->id);


            if($rec['server_id'] != $this->dataRecord["server_id"]) {


                //* Add a error message and switch back to old server


                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');




 interface/web/admin/server_php_edit.php


@@ -57,7 +57,7 @@


        //* Check if the server has been changed


        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


        if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["server_id"])) {


            $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$app->functions->intval($this->id));


            $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ?", $this->id);


            if($rec['server_id'] != $this->dataRecord["server_id"]) {


                //* Add a error message and switch back to old server


                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');




 interface/web/admin/software_package_install.php


@@ -38,11 +38,11 @@


//* This is only allowed for administrators


if(!$app->auth->is_admin()) die('only allowed for administrators.');




$package_name = $app->db->quote($_REQUEST['package']);


$package_name = $_REQUEST['package'];


$install_server_id = $app->functions->intval($_REQUEST['server_id']);


$install_key = $app->db->quote(trim($_REQUEST['install_key']));


$install_key = trim($_REQUEST['install_key']);




$package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = '$package_name'");


$package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = ?", $package_name);




$install_key_verified = false;


$message_err = '';


@@ -51,7 +51,7 @@


//* verify the key


if($package['package_installable'] == 'key' && $install_key != '') {




    $repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$app->db->quote($package['software_repo_id']));


    $repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ?", $package['software_repo_id']);




    $client = new SoapClient(null, array('location' => $repo['repo_url'],


            'uri'      => $repo['repo_url']));


@@ -63,7 +63,7 @@


        $message_err = 'Verification of the key failed.';


    } else {


        // Store the verified key into the database


        $app->db->datalogUpdate('software_package', "package_key = '".$app->db->quote($install_key)."'", 'package_id', $package['package_id']);


        $app->db->datalogUpdate('software_package', array("package_key" => $install_key), 'package_id', $package['package_id']);


    }


} else {


    $message_ok = 'Please enter the software key for the package.';


@@ -71,8 +71,8 @@




//* Install packages, if all requirements are fullfilled.


if($install_server_id > 0 && $package_name != '' && ($package['package_installable'] == 'yes' || $install_key_verified == true)) {


    $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '".$app->db->quote($package_name)."' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";


    $tmp = $app->db->queryOneRecord($sql);


    $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = ? ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";


    $tmp = $app->db->queryOneRecord($sql, $package_name);


    $software_update_id = $tmp['software_update_id'];




    //* if package requires a DB and there is no data for a db in config, then we create this data now


@@ -91,7 +91,7 @@


                'database_host' => 'localhost');


            $package_config_str = $app->ini_parser->get_ini_string($package_config_array);


            $package['package_config'] = $package_config_str;


            $app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);


            $app->db->datalogUpdate('software_package', array("package_config" => $package_config_str), 'package_id', $package['package_id']);


        }


    }




@@ -105,7 +105,7 @@


        if(!isset($package_config_array['remote_api'])) {


            $remote_user = 'ispapp'.$package['package_id'];


            $remote_password = md5(mt_rand());


            $remote_functions = $app->db->quote($package['package_remote_functions']);


            $remote_functions = $package['package_remote_functions'];




            $package_config_array['remote_api'] = array(


                'remote_hostname' => $_SERVER['HTTP_HOST'],


@@ -116,19 +116,23 @@


            $package_config_str = $app->ini_parser->get_ini_string($package_config_array);


            $package['package_config'] = $package_config_str;


            $remote_password_md5 = md5($remote_password);


            $app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);


            $app->db->datalogUpdate('software_package', array("package_config" => $package_config_str), 'package_id', $package['package_id']);




            $sql = "INSERT INTO `remote_user` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `remote_username`, `remote_password`, `remote_functions`) VALUES


                    (1, 1, 'riud', 'riud', '', '".$app->db->quote($remote_user)."', '".$app->db->quote($remote_password_md5)."', '".$app->db->quote($remote_functions)."');";




            $app->db->query($sql);


                    (1, 1, 'riud', 'riud', '', ?, ?, ?)";


            $app->db->query($sql, $remote_user, $remote_password_md5, $remote_functions);




        }




    }




    //* Add the record to start the install process


    $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('".$app->db->quote($package_name)."', '".$app->db->quote($install_server_id)."', '".$app->db->quote($software_update_id)."','installing')";


    $insert_data = array(


        "package_name" => $package_name,


        "server_id" => $install_server_id,


        "software_update_id" => $software_update_id,


        "status" => 'installing'


    );


    $app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');


    $message_ok = 'Starting package installation '."<a href=\"#\" onclick=\"ISPConfig.submitForm('pageForm','admin/software_package_list.php');\">".$app->lng('next')."</a>";






 interface/web/admin/software_package_list.php


@@ -48,27 +48,40 @@


        $packages = $client->get_packages($repo['repo_username'], $repo['repo_password']);


        if(is_array($packages)) {


            foreach($packages as $p) {


                $package_name = $app->db->quote($p['name']);


                $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '".$app->db->quote($package_name)."'");


                $package_name = $p['name'];


                $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = ?", $package_name);




                $package_title = $app->db->quote($p['title']);


                $package_description = $app->db->quote($p['description']);


                $package_title = $p['title'];


                $package_description = $p['description'];


                $software_repo_id = $app->functions->intval($repo['software_repo_id']);


                $package_type = $app->db->quote($p['type']);


                $package_installable = $app->db->quote($p['installable']);


                $package_requires_db = $app->db->quote($p['requires_db']);


                $package_remote_functions = $app->db->quote($p['remote_functions']);


                $package_type = $p['type'];


                $package_installable = $p['installable'];


                $package_requires_db = $p['requires_db'];


                $package_remote_functions = $p['remote_functions'];




                if(empty($tmp['package_id'])) {


                    //$sql = "INSERT INTO software_package (software_repo_id, package_name, package_title, package_description,package_type,package_installable,package_requires_db) VALUES ($software_repo_id, '$package_name', '$package_title', '$package_description','$package_type','$package_installable','$package_requires_db')";


                    //$app->db->query($sql);


                    $insert_data = "(software_repo_id, package_name, package_title, package_description,package_type,package_installable,package_requires_db,package_remote_functions) VALUES ($software_repo_id, '$package_name', '$package_title', '$package_description','$package_type','$package_installable','$package_requires_db','$package_remote_functions')";


                    $insert_data = array(


                        "software_repo_id" => $software_repo_id,


                        "package_name" => $package_name, 


                        "package_title" => $package_title, 


                        "package_description" => $package_description,


                        "package_type" => $package_type,


                        "package_installable" => $package_installable,


                        "package_requires_db" => $package_requires_db,


                        "package_remote_functions" => $package_remote_functions


                        );


                    $app->db->datalogInsert('software_package', $insert_data, 'package_id');


                    $packages_added++;


                } else {


                    //$sql = "UPDATE software_package SET software_repo_id = $software_repo_id, package_title = '$package_title', package_description = '$package_description', package_type = '$package_type', package_installable = '$package_installable', package_requires_db = '$package_requires_db' WHERE package_name = '$package_name'";


                    //$app->db->query($sql);


                    $update_data = "software_repo_id = $software_repo_id, package_title = '$package_title', package_description = '$package_description', package_type = '$package_type', package_installable = '$package_installable', package_requires_db = '$package_requires_db', package_remote_functions = '$package_remote_functions'";


                    $update_data = array(


                        "software_repo_id" => $software_repo_id,


                        "package_title" => $package_title, 


                        "package_description" => $package_description,


                        "package_type" => $package_type,


                        "package_installable" => $package_installable,


                        "package_requires_db" => $package_requires_db,


                        "package_remote_functions" => $package_remote_functions


                        );


                    //echo $update_data;


                    $app->db->datalogUpdate('software_package', $update_data, 'package_id', $tmp['package_id']);


                }


@@ -91,25 +104,31 @@


                        $v3 = $app->functions->intval($version_array[2]);


                        $v4 = $app->functions->intval($version_array[3]);




                        $package_name = $app->db->quote($u['package_name']);


                        $package_name = $u['package_name'];


                        $software_repo_id = $app->functions->intval($repo['software_repo_id']);


                        $update_url = $app->db->quote($u['url']);


                        $update_md5 = $app->db->quote($u['md5']);


                        $update_dependencies = (isset($u['dependencies']))?$app->db->quote($u['dependencies']):'';


                        $update_title = $app->db->quote($u['title']);


                        $type = $app->db->quote($u['type']);


                        $update_url = $u['url'];


                        $update_md5 = $u['md5'];


                        $update_dependencies = (isset($u['dependencies']))?$u['dependencies']:'';


                        $update_title = $u['title'];


                        $type = $u['type'];




                        // Check that we do not have this update in the database yet


                        $sql = "SELECT * FROM software_update WHERE package_name = '$package_name' and v1 = '$v1' and v2 = '$v2' and v3 = '$v3' and v4 = '$v4'";


                        $tmp = $app->db->queryOneRecord($sql);


                        $sql = "SELECT * FROM software_update WHERE package_name = ? and v1 = ? and v2 = ? and v3 = ? and v4 = ?";


                        $tmp = $app->db->queryOneRecord($sql, $package_name, $v1, $v2, $v3, $v4);


                        if(!isset($tmp['software_update_id'])) {


                            // Insert the update in the datbase


                            //$sql = "INSERT INTO software_update (software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)


                            //VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";


                            //die($sql);


                            //$app->db->query($sql);


                            $insert_data = "(software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)


                            VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";


                            $insert_data = array(


                                "software_repo_id" => $software_repo_id,


                                "package_name" => $package_name,


                                "update_url" => $update_url,


                                "update_md5" => $update_md5,


                                "update_dependencies" => $update_dependencies,


                                "update_title" => $update_title,


                                "v1" => $v1,


                                "v2" => $v2,


                                "v3" => $v3,


                                "v4" => $v4,


                                "type" => $type


                            );


                            $app->db->datalogInsert('software_update', $insert_data, 'software_update_id');


                        }




@@ -119,23 +138,6 @@


        }


    }


}




//* Install packages, if GET Request


/*


if(isset($_GET['action']) && $_GET['action'] == 'install' && $_GET['package'] != '' && $_GET['server_id'] > 0) {


    $package_name = $app->db->quote($_GET['package']);


    $server_id = $app->functions->intval($_GET['server_id']);


    $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '$package_name' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";


    $tmp = $app->db->queryOneRecord($sql);


    $software_update_id = $tmp['software_update_id'];




    $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";


    // $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";


    $app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');


}


*/








// Show the list in the interface


// Loading the template


@@ -150,7 +152,7 @@


    foreach($packages as $key => $p) {


        $installed_txt = '';


        foreach($servers as $s) {


            $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".$app->db->quote($p["package_name"])."' AND server_id = '".$app->functions->intval($s["server_id"])."'");


            $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = ? AND server_id = ?", $p["package_name"], $s["server_id"]);


            $version = $inst['v1'].'.'.$inst['v2'].'.'.$inst['v3'].'.'.$inst['v4'];




            if($inst['status'] == 'installed') {




 interface/web/admin/software_update_list.php


@@ -72,23 +72,23 @@


                        $v3 = $app->functions->intval($version_array[2]);


                        $v4 = $app->functions->intval($version_array[3]);




                        $package_name = $app->db->quote($u['package_name']);


                        $package_name = $u['package_name'];


                        $software_repo_id = $app->functions->intval($repo['software_repo_id']);


                        $update_url = $app->db->quote($u['url']);


                        $update_md5 = $app->db->quote($u['md5']);


                        $update_dependencies = (isset($u['dependencies']))?$app->db->quote($u['dependencies']):'';


                        $update_title = $app->db->quote($u['title']);


                        $type = $app->db->quote($u['type']);


                        $update_url = $u['url'];


                        $update_md5 = $u['md5'];


                        $update_dependencies = (isset($u['dependencies']))?$u['dependencies']:'';


                        $update_title = $u['title'];


                        $type = $u['type'];




                        // Check that we do not have this update in the database yet


                        $sql = "SELECT * FROM software_update WHERE package_name = '$package_name' and v1 = '$v1' and v2 = '$v2' and v3 = '$v3' and v4 = '$v4'";


                        $tmp = $app->db->queryOneRecord($sql);


                        $sql = "SELECT * FROM software_update WHERE package_name = ? and v1 = ? and v2 = ? and v3 = ? and v4 = ?";


                        $tmp = $app->db->queryOneRecord($sql, $package_name, $v1, $v2, $v3, $v4);


                        if(!isset($tmp['software_update_id'])) {


                            // Insert the update in the datbase


                            $sql = "INSERT INTO software_update (software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)


                            VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";


                            VALUES ($software_repo_id, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";


                            //die($sql);


                            $app->db->query($sql);


                            $app->db->query($sql, $package_name, $update_url, $update_md5, $update_dependencies, $update_title, $v1, $v2, $v3, $v4, $type);


                        }




                    }


@@ -101,12 +101,16 @@




//* Install packages, if GET Request


if(isset($_GET['action']) && $_GET['action'] == 'install' && $_GET['package'] != '' && $_GET['server_id'] > 0) {


    $package_name = $app->db->quote($_GET['package']);


    $package_name = $_GET['package'];


    $server_id = $app->functions->intval($_GET['server_id']);


    $software_update_id = $app->functions->intval($_GET['id']);




    $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";


    // $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";


    $insert_data = array(


        "package_name" => $package_name,


        "server_id" => $server_id,


        "software_update_id" => $software_update_id,


        "status" => 'installing'


    );


    $app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');




}


@@ -162,12 +166,12 @@


    foreach($installed_packages as $ip) {




        // Get version number of the latest installed version


        $sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ".$app->functions->intval($server_id)." ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";


        $lu = $app->db->queryOneRecord($sql);


        $sql = "SELECT v1, v2, v3, v4 FROM software_update, software_update_inst WHERE software_update.software_update_id = software_update_inst.software_update_id AND server_id = ? ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC LIMIT 0,1";


        $lu = $app->db->queryOneRecord($sql, $server_id);




        // Get all installable updates


        $sql = "SELECT * FROM software_update WHERE v1 >= ".$app->functions->intval($lu['v1'])." AND v2 >= ".$app->functions->intval($lu['v2'])." AND v3 >= ".$app->functions->intval($lu['v3'])." AND v4 >= ".$app->functions->intval($lu['v4'])." AND package_name = '".$app->db->quote($ip['package_name'])."' ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";


        $updates = $app->db->queryAllRecords($sql);


        $sql = "SELECT * FROM software_update WHERE v1 >= ? AND v2 >= ? AND v3 >= ? AND v4 >= ? AND package_name = ? ORDER BY v1 DESC , v2 DESC , v3 DESC , v4 DESC";


        $updates = $app->db->queryAllRecords($sql, $lu['v1'], $lu['v2'], $lu['v3'], $lu['v4'], $ip['package_name']);


        //die($sql);




        if(is_array($updates)) {




 interface/web/admin/system_config_edit.php


@@ -89,13 +89,24 @@


        $available_dashlets_txt = '';


        $handle = @opendir(ISPC_WEB_PATH.'/dashboard/dashlets');


        while ($file = @readdir($handle)) {


            if ($file != '.' && $file != '..' && !is_dir($file)) {


            if ($file != '.' && $file != '..' && !is_dir(ISPC_WEB_PATH.'/dashboard/dashlets/'.$file)) {


                $available_dashlets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.substr($file, 0, -4).']<pre class="addPlaceholderContent" style="display:none;">['.substr($file, 0, -4).'],</pre></a> ';


            }


        }




        if($available_dashlets_txt == '') $available_dashlets_txt = '------';


        $app->tpl->setVar("available_dashlets_txt", $available_dashlets_txt);


		


        // Logo


        $sys_ini = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = ?", $this->id);


        if($sys_ini['custom_logo'] != ''){


            $logo = '<img src="'.$sys_ini['custom_logo'].'" />&nbsp;&nbsp;<a href="#" class="btn btn-default formbutton-danger formbutton-narrow" style="margin:5px" id="del_custom_logo"><span class="icon icon-delete"></span></a>';


        } else {


            $logo = '<img src="'.$sys_ini['default_logo'].'" />';


        }


        $default_logo = '<img src="'.$sys_ini['default_logo'].'" />';


        $app->tpl->setVar("used_logo", $logo);


        $app->tpl->setVar("default_logo", $default_logo);




        parent::onShowEnd();


    }


@@ -165,9 +176,7 @@


        $server_config_array[$section] = $new_config;


        $server_config_str = $app->ini_parser->get_ini_string($server_config_array);




        //$sql = "UPDATE sys_ini SET config = '".$app->db->quote($server_config_str)."' WHERE sysini_id = 1";


        //if($conf['demo_mode'] != true) $app->db->query($sql);


        if($conf['demo_mode'] != true) $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($server_config_str)."'", 'sysini_id', 1);


        if($conf['demo_mode'] != true) $app->db->datalogUpdate('sys_ini', array("config" => $server_config_str), 'sysini_id', 1);




        /*


         * If we should use the domain-module, we have to insert all existing domains into the table


@@ -185,26 +194,28 @@


                "FROM web_domain WHERE type NOT IN ('subdomain','vhostsubdomain')";


            $app->db->query($sql);


        }


		


        //die(print_r($_FILES));


        // Logo


        /*


        if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])){


            //print_r($_FILES);


			


            $path= $_FILES['file']['tmp_name'];


            $type = pathinfo($path, PATHINFO_EXTENSION);


            $data = file_get_contents($path);


            $base64 = 'data:image/' . $type . ';base64,' . base64_encode($data);


            $app->db->query("UPDATE sys_ini SET custom_logo = ? WHERE sysini_id = ?", $base64, $this->id);


        }


        */




        // Maintenance mode


        if($server_config_array['misc']['maintenance_mode'] == 'y'){


            //print_r($_SESSION);


            //echo $_SESSION['s']['id'];


            $app->db->query("DELETE FROM sys_session WHERE session_id != '".$app->db->quote($_SESSION['s']['id'])."'");


            $app->db->query("DELETE FROM sys_session WHERE session_id != ?", $_SESSION['s']['id']);


        }


    }




    /*


    function onAfterUpdate() {


        if($this->_js_changed == true) {


            // not the best way, but it works


            header('Content-Type: text/html');


            print '<script type="text/javascript">document.location.reload(true);</script>';


            exit;


        }


    }


    */




}




$app->tform_actions = new page_action;




 interface/web/admin/templates/directive_snippets_edit.htm


@@ -18,6 +18,12 @@


                <label for="snippet" class="col-sm-3 control-label">{tmpl_var name='snippet_txt'}</label>


                <div class="col-sm-9"><textarea class="form-control" name="snippet" id="snippet" rows='10' cols='50'>{tmpl_var name='snippet'}</textarea></div><span class="nginx"> &nbsp; {tmpl_var name='variables_txt'}: </span><a href="javascript:void(0);" class="addPlaceholder nginx">{DOCROOT}</a><span class="nginx">, </span><a href="javascript:void(0);" class="addPlaceholder nginx">{FASTCGIPASS}</a>


            </div>


            <div class="form-group php">


                <label class="col-sm-3 control-label">{tmpl_var name='required_php_snippets_txt'}</label>


                <div class="col-sm-9">


                    {tmpl_var name='required_php_snippets'}


                </div>


            </div>


            <div class="form-group">


                <label class="col-sm-3 control-label">{tmpl_var name='customer_viewable_txt'}</label>


                <div class="col-sm-9">


@@ -48,15 +54,19 @@


    


    if (jQuery('#type').val() != 'nginx' && jQuery('#type').val() != 'apache') {


        jQuery('#customer_viewable').closest('div.ctrlHolder:visible').hide();


    }else {


        jQuery('.php:visible').hide();


    } else {


        jQuery('#customer_viewable').closest('div.ctrlHolder:hidden').show();


        jQuery('.php:hidden').show();


    }


    


    jQuery('#type').change(function(){


        if (jQuery(this).val() != 'nginx' && jQuery(this).val() != 'apache') {


            jQuery('#customer_viewable').closest('div.ctrlHolder:visible').hide();


            jQuery('.php:visible').hide();


        } else {


            jQuery('#customer_viewable').closest('div.ctrlHolder:hidden').show();


            jQuery('.php:hidden').show();


        }


        if(jQuery(this).val() == 'nginx'){


            jQuery('.nginx:hidden').show();




 interface/web/admin/templates/directive_snippets_list.htm


@@ -37,7 +37,7 @@


                            <td><a href="#" data-load-content="admin/directive_snippets_edit.php?id={tmpl_var name='id'}">{tmpl_var name="type"}</a></td>


                            <td><a href="#" data-load-content="admin/directive_snippets_edit.php?id={tmpl_var name='id'}">{tmpl_var name="customer_viewable"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/directive_snippets_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/directive_snippets_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/admin/templates/firewall_list.htm


@@ -40,7 +40,7 @@


                            <td><a href="#" data-load-content="admin/firewall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="tcp_port"}</a></td>


                            <td><a href="#" data-load-content="admin/firewall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="udp_port"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/firewall_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/firewall_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/admin/templates/groups_list.htm


@@ -35,7 +35,7 @@


                            <td><a href="#" data-load-content="admin/groups_edit.php?id={tmpl_var name='id'}">{tmpl_var name="name"}</a></td>


                            <td><a href="#" data-load-content="admin/groups_edit.php?id={tmpl_var name='id'}">{tmpl_var name="description"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/groups_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/groups_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/admin/templates/iptables_list.htm


@@ -51,7 +51,7 @@


                            <td><a href="#" data-load-content="admin/iptables_edit.php?id={tmpl_var name='id'}">{tmpl_var name="state"}</a></td>


                            <td><a href="#" data-load-content="admin/iptables_edit.php?id={tmpl_var name='id'}">{tmpl_var name="target"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/iptables_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/iptables_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/admin/templates/language_import.htm


@@ -23,7 +23,7 @@


                <div id="OKMsg"><p><tmpl_var name="msg"></p></div>


            </tmpl_if>


            <tmpl_if name="error">


                <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>


                <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>


            </tmpl_if>


                


            <input type="hidden" name="id" value="{tmpl_var name='id'}">




 interface/web/admin/templates/remote_user_list.htm


@@ -33,7 +33,7 @@


                            <td><a href="#" data-load-content="admin/remote_user_edit.php?id={tmpl_var name='remote_userid'}">{tmpl_var name="remote_userid"}</a></td>


                            <td><a href="#" data-load-content="admin/remote_user_edit.php?id={tmpl_var name='remote_userid'}">{tmpl_var name="remote_username"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/remote_user_del.php?id={tmpl_var name='remote_userid'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/remote_user_del.php?id={tmpl_var name='remote_userid'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/admin/templates/server_config_list.htm


@@ -24,7 +24,7 @@


                        <tr>


                            <td><a href="#" data-load-content="admin/server_config_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_name"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_config_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_config_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/admin/templates/server_ip_list.htm


@@ -45,7 +45,7 @@


                            <td><a href="#" data-load-content="admin/server_ip_edit.php?id={tmpl_var name='id'}">{tmpl_var name="virtualhost"}</a></td>


                            <td><a href="#" data-load-content="admin/server_ip_edit.php?id={tmpl_var name='id'}">{tmpl_var name="virtualhost_port"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_ip_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_ip_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/admin/templates/server_list.htm


@@ -45,19 +45,19 @@


                            <td>{tmpl_var name="vserver_server"}</td>


                            <td>{tmpl_var name="xmpp_server"}</td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>


                    <tmpl_unless name="records">


                        <tr class="tbl_row_noresults tbl_row_<tmpl_if name='__EVEN__'}even<tmpl_else>uneven</tmpl_if>">


                            <td colspan="8">{tmpl_var name='globalsearch_noresults_text_txt'}</td>


                            <td colspan="7">{tmpl_var name='globalsearch_noresults_text_txt'}</td>


                        </tr>


                    </tmpl_unless>


                </tbody>


                <tfoot>


                    <tr>


                        <td colspan="8"><tmpl_var name="paging"></td>


                        <td colspan="7"><tmpl_var name="paging"></td>


                    </tr>


                </tfoot>


            </table>




 interface/web/admin/templates/server_php_list.htm


@@ -36,7 +36,7 @@


                            <td><a href="#" data-load-content="admin/server_php_edit.php?id={tmpl_var name='id'}">{tmpl_var name="client_id"}</a></td>


                            <td><a href="#" data-load-content="admin/server_php_edit.php?id={tmpl_var name='id'}">{tmpl_var name="name"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_php_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/server_php_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/admin/templates/software_package_list.htm


@@ -32,8 +32,8 @@


                            <td>{tmpl_var name="package_description"}</td>


                            <td>ispapp{tmpl_var name="package_id"}</td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="admin/software_package_edit.php?id={tmpl_var name='package_id'}"><span class="icon icon-edit"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/software_package_del.php?software_update_inst_id={tmpl_var name='software_update_inst_id'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="admin/software_package_edit.php?id={tmpl_var name='package_id'}"><span class="icon icon-edit"></span></a>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/software_package_del.php?software_update_inst_id={tmpl_var name='software_update_inst_id'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                        </tmpl_if>




 interface/web/admin/templates/software_repo_list.htm


@@ -37,7 +37,7 @@


                            <td><a href="#" data-load-content="admin/software_repo_edit.php?id={tmpl_var name='id'}">{tmpl_var name="repo_name"}</a></td>


                            <td><a href="#" data-load-content="admin/software_repo_edit.php?id={tmpl_var name='id'}">{tmpl_var name="repo_url"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/software_repo_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/software_repo_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/admin/templates/system_config_domains_edit.htm


@@ -1,10 +1,10 @@


<tmpl_if name="list_head_txt">


<div class='page-header'>


    <h1><tmpl_var name="list_head_txt"></h1>


        <h1><tmpl_var name="list_head_txt"></h1>


</div>


<p><tmpl_var name="list_desc_txt"></p>


</tmpl_if>


<tmpl_if name="list_desc_txt"><p><tmpl_var name="list_desc_txt"></p></tmpl_if>






        


            <div class="form-group">


                <div style="float:left;width:100%">


                    <p class="label" style="width:270px">{tmpl_var name='use_domain_module_txt'}</p>




 interface/web/admin/templates/system_config_misc_edit.htm


@@ -3,8 +3,14 @@


</div>


<p><tmpl_var name="list_desc_txt"></p>






        <legend>Misc</legend>


            <div class="form-group">


                <label for="file" class="col-sm-3 control-label">{tmpl_var name='logo_txt'}</label>


                <div class="col-sm-3 col-text"><input name="file" id="file" size="30" type="file" class="fileUpload" /></div><div class="col-sm-6"><button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" id="start_upload">{tmpl_var name='upload_txt'}</button></div>


            </div>


            <div class="form-group">


                <label for="dashboard_atom_url_admin" class="col-sm-3 control-label">{tmpl_var name='used_logo_txt'}</label>


                <div class="col-sm-9" id="used_logo">{tmpl_var name='used_logo'}</div>


            </div>


            <div class="form-group">


                <label for="dashboard_atom_url_admin" class="col-sm-3 control-label">{tmpl_var name='dashboard_atom_url_admin_txt'}</label>


                <div class="col-sm-9"><input type="text" name="dashboard_atom_url_admin" id="dashboard_atom_url_admin" value="{tmpl_var name='dashboard_atom_url_admin'}" size="" maxlength="" class="form-control" /></div></div>


@@ -98,9 +104,83 @@


                    {tmpl_var name='maintenance_mode'}


                </div>


            </div>


			


            <tmpl_if name="msg">


                <div id="OKMsg"><p><tmpl_var name="msg"></p></div>


            </tmpl_if>


            <tmpl_if name="error">


                <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>


            </tmpl_if>


        


        <input type="hidden" name="id" value="{tmpl_var name='id'}">


        <input type="hidden" name="id" id="id" value="{tmpl_var name='id'}">


        <div class="clear"><div class="right">


            <button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="admin/system_config_edit.php">{tmpl_var name='btn_save_txt'}</button>


            <button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="admin/server_list.php">{tmpl_var name='btn_cancel_txt'}</button>


        </div></div>


        </div></div>


<script language="JavaScript" type="text/javascript">


    var defaultLogo = '{tmpl_var name='default_logo'}';


    $(document).on('click', '#del_custom_logo', function(){


        delCustomLogo();


    });


	


    function delCustomLogo() {


        var id = jQuery('input[name="id"]').val();


        


        jQuery.getJSON('admin/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), {'id': id, 'type': "delcustomlogo"}, function(data) {


            //console.log(data);


            $('#used_logo').html(defaultLogo);


            $('#logo').css({ "background": "url("+data.data+") no-repeat", "width": data.width, "height": data.height });


        });


    }


	


    // Variable to store your files


    var files;


    // Add events


    $('input[type="file"]').on('change', prepareUpload);


    $('#start_upload').on('click', uploadFiles);


	


    // Grab the files and set them to our variable


    function prepareUpload(event){


        files = event.target.files;


    }


	


    // Catch the form submit and upload the files


    function uploadFiles(event){


        event.stopPropagation(); // Stop stuff happening


        event.preventDefault(); // Totally stop stuff happening


		


        var id = jQuery('input[name="id"]').val();


		


        // Create a formdata object and add the files


        var data = new FormData();


        $.each(files, function(key, value){


            data.append(key, value);


        });


		


        $.ajax({


            url: 'admin/ajax_get_json.php?id='+id+'&type=uploadfile',


            type: 'POST',


            data: data,


            cache: false,


            dataType: 'json',


            processData: false, // Don't process the files


            contentType: false, // Set content type to false as jQuery will tell the server its a query string request


            success: function(data, textStatus, jqXHR){


                if(typeof data.error === 'undefined'){


                    // Success so call function to process the form


                    //console.log(data);


                    $('#used_logo').html('<img src="'+data.data+'" />&nbsp;&nbsp;<a href="#" class="btn btn-default formbutton-danger formbutton-narrow" style="margin:5px" id="del_custom_logo"><span class="icon icon-delete"></span></a>');


                    $('#logo').css({ "background": "url("+data.data+") no-repeat", "width": data.width, "height": data.height });


                } else {


                    // Handle errors here


                    //console.log(data);


                }


            },


            error: function(jqXHR, textStatus, errorThrown){


                // Handle errors here


                //console.log(data);


            }


        });


    }


	


</script>




 interface/web/admin/templates/users_list.htm


@@ -42,8 +42,8 @@


                            <td>{tmpl_var name="groups"}</td>


                            <td class="text-right">


                                <tmpl_if name="username" op="!=" value="admin">


                                    <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='client_id'}"><span class="icon icon-loginas"></span></button>


                                    <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/users_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                    <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='client_id'}"><span class="icon icon-loginas"></span></a>


                                    <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('admin/users_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                                </tmpl_if>


                            </td>


                        </tr>




 interface/web/admin/tpl_default.php


@@ -51,21 +51,6 @@




class page_action extends tform_actions {




    // function onBeforeUpdate() {


    //  global $app, $conf;


    //


    //  //* Check if the server has been changed


    //  // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


    //  if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) && isset($this->dataRecord["server_id"])) {


    //   $rec = $app->db->queryOneRecord("SELECT server_id from server_php WHERE server_php_id = ".$this->id);


    //   if($rec['server_id'] != $this->dataRecord["server_id"]) {


    //    //* Add a error message and switch back to old server


    //    $app->tform->errorMessage .= $app->lng('The Server can not be changed.');


    //    $this->dataRecord["server_id"] = $rec['server_id'];


    //   }


    //   unset($rec);


    //  }


    // }


}




$page = new page_action;




 interface/web/admin/users_edit.php


@@ -96,23 +96,23 @@


    function onAfterUpdate() {


        global $app, $conf;




        $client = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ".$this->id);


        $client = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $this->id);


        $client_id = $app->functions->intval($client['client_id']);


        $username = $app->db->quote($this->dataRecord["username"]);


        $old_username = $app->db->quote($this->oldDataRecord['username']);


        $username = $this->dataRecord["username"];


        $old_username = $this->oldDataRecord['username'];




        // username changed


        if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {


            $sql = "UPDATE client SET username = '$username' WHERE client_id = $client_id AND username = '$old_username'";


            $app->db->query($sql);


            $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = $client_id");


            $app->db->datalogUpdate("sys_group", "name = '$username'", 'groupid', $tmp['groupid']);


            $sql = "UPDATE client SET username = ? WHERE client_id = ? AND username = ?";


            $app->db->query($sql, $username, $client_id, $old_username);


            $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $client_id);


            $app->db->datalogUpdate("sys_group", array("name" => $username), 'groupid', $tmp['groupid']);


            unset($tmp);


        }




        // password changed


        if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["passwort"]) && $this->dataRecord["passwort"] != '') {


            $password = $app->db->quote($this->dataRecord["passwort"]);


            $password = $this->dataRecord["passwort"];


            $salt="$1$";


            $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';


            for ($n=0;$n<8;$n++) {


@@ -120,28 +120,17 @@


            }


            $salt.="$";


            $password = crypt(stripslashes($password), $salt);


            $sql = "UPDATE client SET password = '$password' WHERE client_id = $client_id AND username = '$username'";


            $app->db->query($sql);


            $sql = "UPDATE client SET password = ? WHERE client_id = ? AND username = ?";


            $app->db->query($sql, $password, $client_id, $username);


        }




        // language changed


        if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {


            $language = $app->db->quote($this->dataRecord["language"]);


            $sql = "UPDATE client SET language = '$language' WHERE client_id = $client_id AND username = '$username'";


            $app->db->query($sql);


            $language = $this->dataRecord["language"];


            $sql = "UPDATE client SET language = ? WHERE client_id = ? AND username = ?";


            $app->db->query($sql, $language, $client_id, $username);


        }




        // reseller status changed


        /*


        if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {


            $modules = $conf['interface_modules_enabled'];


            if($this->dataRecord["limit_client"] > 0) $modules .= ',client';


            $modules = $app->db->quote($modules);


            $client_id = $this->id;


            $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";


            $app->db->query($sql);


        }


        */


        parent::onAfterUpdate();


    }






 interface/web/capp.php


@@ -43,6 +43,7 @@


}




if(!preg_match("/^[a-z]{2,20}$/i", $mod)) die('module name contains unallowed chars.');


if($redirect != '' && !preg_match("/^[a-z0-9]+\/[a-z0-9_\.\-]+\?id=[0-9]{1,7}$/i", $redirect)) die('redirect contains unallowed chars.');




//* Check if user may use the module.


$user_modules = explode(",", $_SESSION["s"]["user"]["modules"]);




 interface/web/client/client_del.php


@@ -74,11 +74,7 @@




            $this->dataRecord = $app->tform->getDataRecord($this->id);


            $client_id = $app->functions->intval($this->dataRecord['client_id']);






            //$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);


            //$parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");


            $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");


            $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);




            // Get all records (sub-clients, mail, web, etc....)  of this client.


            $tables = 'cron,client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain';


@@ -89,7 +85,7 @@


            if($client_group_id > 1) {


                foreach($tables_array as $table) {


                    if($table != '') {


                        $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);


                        $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ?", $table, $client_group_id);


                        $number = count($records);


                        if($number > 0) $table_list[] = array('table' => $table."(".$number.")");


                    }


@@ -121,15 +117,15 @@


        if($client_id > 0) {


            // remove the group of the client from the resellers group


            $parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);


            $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");


            $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");


            $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);


            $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);


            $app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);




            // delete the group of the client


            $app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");


            $app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);




            // delete the sys user(s) of the client


            $app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");


            $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);




            // Delete all records (sub-clients, mail, web, etc....)  of this client.


            $tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_folder,web_folder_user,domain';


@@ -138,7 +134,7 @@


            if($client_group_id > 1) {


                foreach($tables_array as $table) {


                    if($table != '') {


                        $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);


                        $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ?", $table, $client_group_id);


                        //* find the primary ID of the table


                        $table_info = $app->db->tableInfo($table);


                        $index_field = '';


@@ -152,11 +148,11 @@


                                    $app->db->datalogDelete($table, $index_field, $rec[$index_field]);


                                    //* Delete traffic records that dont have a sys_groupid column


                                    if($table == 'web_domain') {


                                        $app->db->query("DELETE FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."'");


                                        $app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']);


                                    }


                                    //* Delete mail_traffic records that dont have a sys_groupid


                                    if($table == 'mail_user') {


                                        $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = '".$app->db->quote($rec['mailuser_id'])."'");


                                        $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']);


                                    }


                                }


                            }




 interface/web/client/client_edit.php


@@ -59,11 +59,11 @@




            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another website.


            if($client["limit_client"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_client"]) {


                    $app->error($app->tform->wordbook["limit_client_txt"]);


                }


@@ -82,11 +82,11 @@




            // Get the limits of the client


            $client_group_id = $_SESSION["s"]["user"]["default_group"];


            $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another website.


            if($client["limit_client"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_client"]) {


                    $app->error($app->tform->wordbook["limit_client_txt"]);


                }


@@ -103,7 +103,7 @@


        }




        if($this->id != 0) {


            $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $this->id);


            $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $this->id);


            if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {


                // check previous type of storing templates


                $tpls = explode('/', $this->oldDataRecord['template_additional']);


@@ -140,7 +140,7 @@


        $app->tpl->setVar('tpl_add_select', $option);




        // check for new-style records


        $result = $app->db->queryAllRecords('SELECT assigned_template_id, client_template_id FROM client_template_assigned WHERE client_id = ' . $this->id);


        $result = $app->db->queryAllRecords('SELECT assigned_template_id, client_template_id FROM client_template_assigned WHERE client_id = ?', $this->id);


        if($result && count($result) > 0) {


            // new style


            $items = array();


@@ -166,8 +166,8 @@


            unset($tmprec);


        } else {


            // old style


            $sql = "SELECT template_additional FROM client WHERE client_id = " . $this->id;


            $result = $app->db->queryOneRecord($sql);


            $sql = "SELECT template_additional FROM client WHERE client_id = ?";


            $result = $app->db->queryOneRecord($sql, $this->id);


            $tplAdd = explode("/", $result['template_additional']);


            $text = '';


            foreach($tplAdd as $item){


@@ -196,31 +196,18 @@


                    $customer_no = $app->functions->intval($system_config['misc']['customer_no_start']+$system_config['misc']['customer_no_counter']);


                    $customer_no_string = str_replace('[CUSTOMER_NO]',$customer_no,$system_config['misc']['customer_no_template']);


                    $app->tpl->setVar('customer_no',$customer_no_string);


				


                    //* save new counter value


                    /*


                    $system_config['misc']['customer_no_counter']++;


                    $system_config_str = $app->ini_parser->get_ini_string($system_config);


                    $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($system_config_str)."'", 'sysini_id', 1);


                    */


                }


            } else {


                //* Logged in user must be a reseller


                //* get the record of the reseller


                $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


                $reseller = $app->db->queryOneRecord("SELECT client.client_id, client.customer_no_template, client.customer_no_counter, client.customer_no_start FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ".$client_group_id);


                $reseller = $app->db->queryOneRecord("SELECT client.client_id, client.customer_no_template, client.customer_no_counter, client.customer_no_start FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ?", $client_group_id);


                


                if($reseller['customer_no_template'] != '') {


                    //* Set customer no default


                    $customer_no = $app->functions->intval($reseller['customer_no_start']+$reseller['customer_no_counter']);


                    $customer_no_string = str_replace('[CUSTOMER_NO]',$customer_no,$reseller['customer_no_template']);


                    $app->tpl->setVar('customer_no',$customer_no_string);


					


                    //* save new counter value


                    /*


                    $customer_no_counter = $app->functions->intval($reseller['customer_no_counter']+1);


                    $app->db->query("UPDATE client SET customer_no_counter = $customer_no_counter WHERE client_id = ".$app->functions->intval($reseller['client_id']));


                    */


                }


            }


        }


@@ -254,42 +241,42 @@


    function onAfterInsert() {


        global $app, $conf;


        // Create the group for the client


        $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".$app->db->quote($this->dataRecord["username"])."','',".$this->id.")", 'groupid');


        $groupid = $app->db->datalogInsert('sys_group', array("name" => $this->dataRecord["username"], "description" => '', "client_id" => $this->id), 'groupid');


        $groups = $groupid;




        $username = $app->db->quote($this->dataRecord["username"]);


        $password = $app->db->quote($this->dataRecord["password"]);


        $username = $this->dataRecord["username"];


        $password = $this->dataRecord["password"];


        $modules = $conf['interface_modules_enabled'];


        if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] > 0) $modules .= ',client';


        $startmodule = (stristr($modules, 'dashboard'))?'dashboard':'client';


        $usertheme = $app->db->quote($this->dataRecord["usertheme"]);


        $usertheme = $this->dataRecord["usertheme"];


        $type = 'user';


        $active = 1;


        $language = $app->db->quote($this->dataRecord["language"]);


        $language = $this->dataRecord["language"];


        $password = $app->auth->crypt_password($password);




        // Create the controlpaneluser for the client


        //Generate ssh-rsa-keys


        exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');


        $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa.pub'))."' WHERE client_id = ".$this->id);


        $app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id);


        exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');




        // Create the controlpaneluser for the client


        $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)


        VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";


        $app->db->query($sql);


        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";


        $app->db->query($sql, $username, $password, $modules, $startmodule, $usertheme, $type, $active, $language, $groups, $groupid, $this->id);




        //* If the user who inserted the client is a reseller (not admin), we will have to add this new client group


        //* to his groups, so he can administrate the records of this client.


        if($_SESSION['s']['user']['typ'] == 'user') {


            $app->auth->add_group_to_user($_SESSION['s']['user']['userid'], $groupid);


            $app->db->query("UPDATE client SET parent_client_id = ".$app->functions->intval($_SESSION['s']['user']['client_id'])." WHERE client_id = ".$this->id);


            $app->db->query("UPDATE client SET parent_client_id = ? WHERE client_id = ?", $_SESSION['s']['user']['client_id'], $this->id);


        } else {


            if($this->dataRecord['parent_client_id'] > 0) {


                //* get userid of the reseller and add it to the group of the client


                $tmp = $app->db->queryOneRecord("SELECT sys_user.userid FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ".$app->functions->intval($this->dataRecord['parent_client_id']));


                $tmp = $app->db->queryOneRecord("SELECT sys_user.userid FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ?", $this->dataRecord['parent_client_id']);


                $app->auth->add_group_to_user($tmp['userid'], $groupid);


                $app->db->query("UPDATE client SET parent_client_id = ".$app->functions->intval($this->dataRecord['parent_client_id'])." WHERE client_id = ".$this->id);


                $app->db->query("UPDATE client SET parent_client_id = ? WHERE client_id = ?", $this->dataRecord['parent_client_id'], $this->id);


                unset($tmp);


            }


        }


@@ -319,8 +306,8 @@


            $default_dnsserver = $app->functions->intval($tmp['server_id']);


        }




        $sql = "UPDATE client SET mail_servers = $default_mailserver, web_servers = $default_webserver, dns_servers = $default_dnsserver, default_slave_dnsserver = $default_dnsserver, db_servers = $default_dbserver WHERE client_id = ".$this->id;


        $app->db->query($sql);


        $sql = "UPDATE client SET mail_servers = ?, web_servers = ?, dns_servers = ?, default_slave_dnsserver = ?, db_servers = ? WHERE client_id = ?";


        $app->db->query($sql, $default_mailserver, $default_webserver, $default_dnsserver, $default_dnsserver, $default_dbserver, $this->id);




        if(isset($this->dataRecord['template_master'])) {


            $app->uses('client_templates');


@@ -338,26 +325,26 @@


                    //* save new counter value


                    $system_config['misc']['customer_no_counter']++;


                    $system_config_str = $app->ini_parser->get_ini_string($system_config);


                    $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($system_config_str)."'", 'sysini_id', 1);


                    $app->db->datalogUpdate('sys_ini', array("config" => $system_config_str), 'sysini_id', 1);


                }


            } else {


                //* Logged in user must be a reseller


                //* get the record of the reseller


                $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


                $reseller = $app->db->queryOneRecord("SELECT client.client_id, client.customer_no_template, client.customer_no_counter, client.customer_no_start FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ".$client_group_id);


                $reseller = $app->db->queryOneRecord("SELECT client.client_id, client.customer_no_template, client.customer_no_counter, client.customer_no_start FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ?", $client_group_id);


                


                if($reseller['customer_no_template'] != '') {


                    //* save new counter value


                    $customer_no_counter = $app->functions->intval($reseller['customer_no_counter']+1);


                    $app->db->query("UPDATE client SET customer_no_counter = $customer_no_counter WHERE client_id = ".$app->functions->intval($reseller['client_id']));


                    $app->db->query("UPDATE client SET customer_no_counter = ? WHERE client_id = ?", $customer_no_counter, $reseller['client_id']);


                }


            }


        }


        


        //* Send welcome email


        $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


        $sql = "SELECT * FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ".$client_group_id;


        $email_template = $app->db->queryOneRecord($sql);


        $sql = "SELECT * FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ?";


        $email_template = $app->db->queryOneRecord($sql, $client_group_id);


        $client = $app->tform->getDataRecord($this->id);




        if(is_array($email_template) && $client['email'] != '') {


@@ -387,7 +374,7 @@


                $from = $system_config['admin_mail'];


            } else {


                $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


                $reseller = $app->db->queryOneRecord("SELECT client.email FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ".$client_group_id);


                $reseller = $app->db->queryOneRecord("SELECT client.email FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ?", $client_group_id);


                $from = $reseller["email"];


            }




@@ -408,19 +395,19 @@


        global $app, $conf;


        // username changed


        if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {


            $username = $app->db->quote($this->dataRecord["username"]);


            $username = $this->dataRecord["username"];


            $client_id = $this->id;


            $sql = "UPDATE sys_user SET username = '$username' WHERE client_id = $client_id";


            $app->db->query($sql);


            $sql = "UPDATE sys_user SET username = ? WHERE client_id = ?";


            $app->db->query($sql, $username, $client_id);




            $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = $client_id");


            $app->db->datalogUpdate("sys_group", "name = '$username'", 'groupid', $tmp['groupid']);


            $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $client_id);


            $app->db->datalogUpdate("sys_group", array("name" => $username), 'groupid', $tmp['groupid']);


            unset($tmp);


        }




        // password changed


        if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {


            $password = $app->db->quote($this->dataRecord["password"]);


            $password = $this->dataRecord["password"];


            $salt="$1$";


            $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';


            for ($n=0;$n<8;$n++) {


@@ -429,8 +416,8 @@


            $salt.="$";


            $password = crypt(stripslashes($password), $salt);


            $client_id = $this->id;


            $sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id";


            $app->db->query($sql);


            $sql = "UPDATE sys_user SET passwort = ? WHERE client_id = ?";


            $app->db->query($sql, $password, $client_id);


        }




        if(!isset($this->dataRecord['locked'])) $this->dataRecord['locked'] = 'n';


@@ -439,7 +426,7 @@






            // get tmp_data of client


            $client_data = $app->db->queryOneRecord('SELECT `tmp_data` FROM `client` WHERE `client_id` = ' . $this->id);


            $client_data = $app->db->queryOneRecord('SELECT `tmp_data` FROM `client` WHERE `client_id` = ?', $this->id);




            if($client_data['tmp_data'] == '') $tmp_data = array();


            else $tmp_data = unserialize($client_data['tmp_data']);


@@ -463,8 +450,8 @@


                'web_folder_user' => 'web_folder_user_id'


            );




            $udata = $app->db->queryOneRecord('SELECT `userid` FROM `sys_user` WHERE `client_id` = ' . $this->id);


            $gdata = $app->db->queryOneRecord('SELECT `groupid` FROM `sys_group` WHERE `client_id` = ' . $this->id);


            $udata = $app->db->queryOneRecord('SELECT `userid` FROM `sys_user` WHERE `client_id` = ?', $this->id);


            $gdata = $app->db->queryOneRecord('SELECT `groupid` FROM `sys_group` WHERE `client_id` = ?', $this->id);


            $sys_groupid = $gdata['groupid'];


            $sys_userid = $udata['userid'];




@@ -486,7 +473,7 @@


                    if(!isset($prev_active[$current])) $prev_active[$current] = array();


                    if(!isset($prev_sysuser[$current])) $prev_sysuser[$current] = array();




                    $entries = $app->db->queryAllRecords('SELECT `' . $keycolumn . '` as `id`, `sys_userid`, `' . $active_col . '` FROM `' . $current . '` WHERE `sys_groupid` = ' . $sys_groupid);


                    $entries = $app->db->queryAllRecords('SELECT ?? as `id`, `sys_userid`, ?? FROM ?? WHERE `sys_groupid` = ?', $keycolumn, $active_col, $current, $sys_groupid);


                    foreach($entries as $item) {




                        if($item[$active_col] != 'y' && $reverse == false) $prev_active[$current][$item['id']][$active_col] = 'n';


@@ -500,7 +487,7 @@




                $tmp_data['prev_active'] = $prev_active;


                $tmp_data['prev_sys_userid'] = $prev_sysuser;


                $app->db->query("UPDATE `client` SET `tmp_data` = '" . $app->db->quote(serialize($tmp_data)) . "' WHERE `client_id` = " . $this->id);


                $app->db->query("UPDATE `client` SET `tmp_data` = ? WHERE `client_id` = ?", serialize($tmp_data), $this->id);


                unset($prev_active);


                unset($prev_sysuser);


            } elseif($this->dataRecord['locked'] == 'n') {


@@ -515,7 +502,7 @@


                        $reverse = true;


                    }


                    


                    $entries = $app->db->queryAllRecords('SELECT `' . $keycolumn . '` as `id` FROM `' . $current . '` WHERE `sys_groupid` = ' . $sys_groupid);


                    $entries = $app->db->queryAllRecords('SELECT ?? as `id` FROM ?? WHERE `sys_groupid` = ?', $keycolumn, $current, $sys_groupid);


                    foreach($entries as $item) {


                        $set_active = ($reverse == true ? 'n' : 'y');


                        $set_inactive = ($reverse == true ? 'y' : 'n');


@@ -533,7 +520,7 @@


                    }


                }


                if(array_key_exists('prev_active', $tmp_data)) unset($tmp_data['prev_active']);


                $app->db->query("UPDATE `client` SET `tmp_data` = '" . $app->db->quote(serialize($tmp_data)) . "' WHERE `client_id` = " . $this->id);


                $app->db->query("UPDATE `client` SET `tmp_data` = ? WHERE `client_id` = ?", serialize($tmp_data), $this->id);


            }


            unset($tmp_data);


            unset($entries);


@@ -543,43 +530,42 @@


        if(!isset($this->dataRecord['canceled'])) $this->dataRecord['canceled'] = 'n';


        if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && $this->dataRecord["canceled"] != $this->oldDataRecord['canceled']) {


            if($this->dataRecord['canceled'] == 'y') {


                $sql = "UPDATE sys_user SET active = '0' WHERE client_id = " . $this->id;


                $app->db->query($sql);


                $sql = "UPDATE sys_user SET active = '0' WHERE client_id = ?";


                $app->db->query($sql, $this->id);


            } elseif($this->dataRecord['canceled'] == 'n') {


                $sql = "UPDATE sys_user SET active = '1' WHERE client_id = " . $this->id;


                $app->db->query($sql);


                $sql = "UPDATE sys_user SET active = '1' WHERE client_id = ?";


                $app->db->query($sql, $this->id);


            }


        }




        // language changed


        if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {


            $language = $app->db->quote($this->dataRecord["language"]);


            $language = $this->dataRecord["language"];


            $client_id = $this->id;


            $sql = "UPDATE sys_user SET language = '$language' WHERE client_id = $client_id";


            $app->db->query($sql);


            $sql = "UPDATE sys_user SET language = ? WHERE client_id = ?";


            $app->db->query($sql, $language, $client_id);


        }




        //* reseller status changed


        if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {


            $modules = $conf['interface_modules_enabled'];


            if($this->dataRecord["limit_client"] > 0) $modules .= ',client';


            $modules = $app->db->quote($modules);


            $client_id = $this->id;


            $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";


            $app->db->query($sql);


            $sql = "UPDATE sys_user SET modules = ? WHERE client_id = ?";


            $app->db->query($sql, $modules, $client_id);


        }


        


        //* Client has been moved to another reseller


        if($_SESSION['s']['user']['typ'] == 'admin' && isset($this->dataRecord['parent_client_id']) && $this->dataRecord['parent_client_id'] != $this->oldDataRecord['parent_client_id']) {


            //* Get groupid of the client


            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($this->id));


            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $this->id);


            $groupid = $tmp['groupid'];


            unset($tmp);


            


            //* Remove sys_user of old reseller from client group


            if($this->oldDataRecord['parent_client_id'] > 0) {


                //* get userid of the old reseller remove it from the group of the client


                $tmp = $app->db->queryOneRecord("SELECT sys_user.userid FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ".$app->functions->intval($this->oldDataRecord['parent_client_id']));


                $tmp = $app->db->queryOneRecord("SELECT sys_user.userid FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ?", $this->oldDataRecord['parent_client_id']);


                $app->auth->remove_group_from_user($tmp['userid'], $groupid);


                unset($tmp);


            }


@@ -587,13 +573,13 @@


            //* Add sys_user of new reseller to client group


            if($this->dataRecord['parent_client_id'] > 0) {


                //* get userid of the reseller and add it to the group of the client


                $tmp = $app->db->queryOneRecord("SELECT sys_user.userid, sys_user.default_group FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ".$app->functions->intval($this->dataRecord['parent_client_id']));


                $tmp = $app->db->queryOneRecord("SELECT sys_user.userid, sys_user.default_group FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ?", $this->dataRecord['parent_client_id']);


                $app->auth->add_group_to_user($tmp['userid'], $groupid);


                $app->db->query("UPDATE client SET sys_userid = ".$app->functions->intval($tmp['userid']).", sys_groupid = ".$app->functions->intval($tmp['default_group']).", parent_client_id = ".$app->functions->intval($this->dataRecord['parent_client_id'])." WHERE client_id = ".$this->id);


                $app->db->query("UPDATE client SET sys_userid = ?, sys_groupid = ?, parent_client_id = ? WHERE client_id = ?", $tmp['userid'], $tmp['default_group'], $this->dataRecord['parent_client_id'], $this->id);


                unset($tmp);


            } else {


                //* Client is not assigned to a reseller anymore, so we assign it to the admin


                $app->db->query("UPDATE client SET sys_userid = 1, sys_groupid = 1, parent_client_id = 0 WHERE client_id = ".$this->id);


                $app->db->query("UPDATE client SET sys_userid = 1, sys_groupid = 1, parent_client_id = 0 WHERE client_id = ?", $this->id);


            }


        }






 interface/web/client/client_message.php


@@ -60,7 +60,7 @@


    //* Send message


    if($error == '') {


        if($app->functions->intval($_POST['recipient']) > 0){


            $circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ".$app->functions->intval($_POST['recipient'])." AND ".$app->tform->getAuthSQL('r'));


            $circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ? AND ".$app->tform->getAuthSQL('r'), $_POST['recipient']);


            if(isset($circle['client_ids']) && $circle['client_ids'] != ''){


                $tmp_client_ids = explode(',', $circle['client_ids']);


                $where = array();


@@ -120,8 +120,8 @@


    if($_SESSION["s"]["user"]["typ"] != 'admin'){


        $client_id = $app->functions->intval($_SESSION['s']['user']['client_id']);


        if($client_id > 0){


            $sql = "SELECT email FROM client WHERE client_id = ".$client_id;


            $client = $app->db->queryOneRecord($sql);


            $sql = "SELECT email FROM client WHERE client_id = ?";


            $client = $app->db->queryOneRecord($sql, $client_id);


            if($client['email'] != '') $app->tpl->setVar('sender', $client['email']);


        }


    }




 interface/web/client/client_template_del.php


@@ -54,13 +54,13 @@


        global $app;




        // check new style


        $rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client_template_assigned WHERE client_template_id = ".$this->id);


        $rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client_template_assigned WHERE client_template_id = ?", $this->id);


        if($rec['number'] > 0) {


            $app->error($app->tform->lng('template_del_aborted_txt'));


        }




        // check old style


        $rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE template_master = ".$this->id." OR template_additional like '%/".$this->id."/%'");


        $rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE template_master = ? OR template_additional like ?", $this->id, '%/".$this->id."/%');


        if($rec['number'] > 0) {


            $app->error($app->tform->lng('template_del_aborted_txt'));


        }




 interface/web/client/client_template_edit.php


@@ -69,7 +69,7 @@




        if(isset($this->dataRecord['template_type'])) {


            //* Check if the template_type has been changed


            $rec = $app->db->queryOneRecord("SELECT template_type from client_template WHERE template_id = ".$this->id);


            $rec = $app->db->queryOneRecord("SELECT template_type from client_template WHERE template_id = ?", $this->id);


            if($rec['template_type'] != $this->dataRecord['template_type']) {


                //* Add a error message and switch back to old server


                $app->tform->errorMessage .= $app->lng('The template type can not be changed.');


@@ -99,11 +99,12 @@


         * the template has changed. apply the new data to all clients


         */


        if ($template_type == 'm'){


            $sql = "SELECT client_id FROM client WHERE template_master = " . $this->id;


            $sql = "SELECT client_id FROM client WHERE template_master = ?";


            $clients = $app->db->queryAllRecords($sql, $this->id);


        } else {


            $sql = "SELECT client_id FROM client WHERE template_additional LIKE '%/" . $this->id . "/%' OR template_additional LIKE '" . $this->id . "/%' OR template_additional LIKE '%/" . $this->id . "' UNION SELECT client_id FROM client_template_assigned WHERE client_template_id = " . $this->id;


            $sql = "SELECT client_id FROM client WHERE template_additional LIKE ? OR template_additional LIKE ? OR template_additional LIKE ? UNION SELECT client_id FROM client_template_assigned WHERE client_template_id = ?";


            $clients = $app->db->queryAllRecords($sql, '%/' . $this->id . '/%', $this->id . '/%', '%/' . $this->id, $this->id);


        }


        $clients = $app->db->queryAllRecords($sql);


        if (is_array($clients)){


            foreach ($clients as $client){


                $app->client_templates->apply_client_templates($client['client_id']);




 interface/web/client/domain_del.php


@@ -62,26 +62,26 @@


         */


        $domain = $this->dataRecord['domain'];




        $sql = "SELECT id FROM dns_soa WHERE origin = '" . $app->db->quote($domain.".") . "'";


        $res = $app->db->queryOneRecord($sql);


        $sql = "SELECT id FROM dns_soa WHERE origin = ?";


        $res = $app->db->queryOneRecord($sql, $domain.".");


        if (is_array($res)){


            $app->error($wb['error_domain_in dnsuse']);


        }




        $sql = "SELECT id FROM dns_slave WHERE origin = '" . $app->db->quote($domain.".") . "'";


        $res = $app->db->queryOneRecord($sql);


        $sql = "SELECT id FROM dns_slave WHERE origin = ?";


        $res = $app->db->queryOneRecord($sql, $domain.".");


        if (is_array($res)){


            $app->error($wb['error_domain_in dnsslaveuse']);


        }




        $sql = "SELECT domain_id FROM mail_domain WHERE domain = '" . $app->db->quote($domain) . "'";


        $res = $app->db->queryOneRecord($sql);


        $sql = "SELECT domain_id FROM mail_domain WHERE domain = ?";


        $res = $app->db->queryOneRecord($sql, $domain);


        if (is_array($res)){


            $app->error($wb['error_domain_in mailuse']);


        }




        $sql = "SELECT domain_id FROM web_domain WHERE (domain = '" . $app->db->quote($domain) . "' AND type IN ('alias', 'vhost', 'vhostalias')) OR (domain LIKE '%." . $app->db->quote($domain) . "' AND type IN ('subdomain', 'vhostsubdomain'))";


        $res = $app->db->queryOneRecord($sql);


        $sql = "SELECT domain_id FROM web_domain WHERE (domain = ? AND type IN ('alias', 'vhost', 'vhostalias')) OR (domain LIKE ? AND type IN ('subdomain', 'vhostsubdomain'))";


        $res = $app->db->queryOneRecord($sql, $domain, '%.' . $domain);


        if (is_array($res)){


            $app->error($wb['error_domain_in webuse']);


        }




 interface/web/client/domain_edit.php


@@ -97,13 +97,13 @@


        } else {


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


    


            // Fill the client select field


            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY client.company_name, client.contact_name, sys_group.name";


            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";


            //die($sql);


            $records = $app->db->queryAllRecords($sql);


            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));


            $records = $app->db->queryAllRecords($sql, $client['client_id']);


            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);


            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';


            //$tmp_data_record = $app->tform->getDataRecord($this->id);


            if(is_array($records)) {


@@ -197,7 +197,7 @@


        // also make sure that the user can not delete domain created by a admin


        if(($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) || ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid']))) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id);


            $app->db->query("UPDATE domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);


        }


    }




@@ -206,23 +206,23 @@




        if($_SESSION["s"]["user"]["typ"] != 'admin' && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $group = $app->db->queryOneRecord("SELECT sys_group.groupid FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." AND sys_group.groupid = ".$this->dataRecord["client_group_id"]." ORDER BY client.company_name, client.contact_name, sys_group.name");


            $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


            $group = $app->db->queryOneRecord("SELECT sys_group.groupid FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? AND sys_group.groupid = ? ORDER BY client.company_name, client.contact_name, sys_group.name", $client['client_id'], $this->dataRecord["client_group_id"]);


            $this->dataRecord["client_group_id"] = $group["groupid"];


                }


        }




        // make sure that the record belongs to the client group and not the admin group when admin inserts it


        // also make sure that the user can not delete domain created by a admin


        if(isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id);


            $app->db->query("UPDATE domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);




            $data = new tform_actions();


            $tform = $app->tform;


            $app->tform = new tform();




            $app->tform->loadFormDef("../dns/form/dns_soa.tform.php");


            $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin LIKE '".$this->dataRecord['domain'].".'");


            $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $this->dataRecord['domain'].".");


            if ($data->oldDataRecord) {


                $data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"]));


                $data->id = $data->dataRecord['id'];


@@ -230,7 +230,7 @@


            }




            $app->tform->loadFormDef("../dns/form/dns_slave.tform.php");


            $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin LIKE '".$this->dataRecord['domain'].".'");


            $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = ?", $this->dataRecord['domain'].".");


            if ($data->oldDataRecord) {


                $data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"]));


                $data->id = $data->dataRecord['id'];


@@ -238,7 +238,7 @@


            }




            $app->tform->loadFormDef("../mail/form/mail_domain.tform.php");


            $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = '".$this->dataRecord['domain']."'");


            $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = ?", $this->dataRecord['domain']);


            if ($data->oldDataRecord) {


                $data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"]));


                $data->id = $data->dataRecord['domain_id'];


@@ -246,7 +246,7 @@


            }




            $app->tform->loadFormDef("../sites/form/web_vhost_domain.tform.php");


            $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '".$this->dataRecord['domain']."'");


            $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = ?", $this->dataRecord['domain']);


            if ($data->oldDataRecord) {


                $data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"]));


                $data->id = $data->dataRecord['domain_id'];




 interface/web/client/form/client.tform.php


@@ -116,7 +116,10 @@


            'maxlength' => '255',


            'rows'  => '',


            'cols'  => '',


            'searchable' => 1


            'searchable' => 1,


            'filters'   => array( 0 => array( 'event' => 'SAVE',


                                                'type' => 'TRIM'),


            ),


        ),


        'contact_name' => array (


            'datatype' => 'VARCHAR',


@@ -131,7 +134,10 @@


            'maxlength' => '255',


            'rows'  => '',


            'cols'  => '',


            'searchable' => 1


            'searchable' => 1,


            'filters'   => array( 0 => array( 'event' => 'SAVE',


                                                'type' => 'TRIM'),


            ),


        ),


        'customer_no' => array (


            'datatype' => 'VARCHAR',




 interface/web/client/form/reseller.tform.php


@@ -116,7 +116,10 @@


            'maxlength' => '255',


            'rows'  => '',


            'cols'  => '',


            'searchable' => 1


            'searchable' => 1,


            'filters'   => array( 0 => array( 'event' => 'SAVE',


                                                'type' => 'TRIM'),


            ),


        ),


        'contact_name' => array (


            'datatype' => 'VARCHAR',


@@ -131,7 +134,10 @@


            'maxlength' => '255',


            'rows'  => '',


            'cols'  => '',


            'searchable' => 1


            'searchable' => 1,


            'filters'   => array( 0 => array( 'event' => 'SAVE',


                                                'type' => 'TRIM'),


            ),


        ),


        'customer_no' => array (


            'datatype' => 'VARCHAR',




 interface/web/client/lib/module.conf.php


@@ -5,6 +5,7 @@


$module["template"]  = "module.tpl.htm";


$module["startpage"]  = "client/client_list.php";


$module["tab_width"]    = '';


$module['order']    = '20';






$items[] = array(   'title'  => "Edit Client",




 interface/web/client/lib/remote.conf.php


@@ -1,6 +1,6 @@


<?php




$function_list['client_get_all,client_get,client_add,client_update,client_delete,client_get_sites_by_user,client_get_by_username,client_change_password,client_get_id,client_delete_everything,client_get_emailcontact'] = 'Client functions';


$function_list['client_get_all,client_get,client_add,client_update,client_delete,client_get_sites_by_user,client_get_by_username,client_get_by_customer_no,client_change_password,client_get_id,client_delete_everything,client_get_emailcontact'] = 'Client functions';


$function_list['domains_domain_get,domains_domain_add,domains_domain_delete,domains_get_all_by_user'] = 'Domaintool functions';


$function_list['quota_get_by_user,trafficquota_get_by_user,mailquota_get_by_user,databasequota_get_by_user'] = 'Quota functions';






 interface/web/client/list/client_circle.list.php


@@ -63,7 +63,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));




$liste["item"][] = array( 'field'  => "circle_name",


    'datatype' => "VARCHAR",




 interface/web/client/message_template_edit.php


@@ -56,12 +56,11 @@


        // Check for duplicates


        if($this->dataRecord['template_type'] == 'welcome') {


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $sql = "SELECT count(client_message_template_id) as number FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ".$client_group_id;


            $sql = "SELECT count(client_message_template_id) as number FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ?";


            if($this->id > 0) {


                $sql .= " AND client_message_template_id != ".$this->id;


                $sql .= " AND client_message_template_id != ?";


            }


			


            $tmp = $app->db->queryOneRecord($sql);


            $tmp = $app->db->queryOneRecord($sql, $client_group_id, $this->id);


            if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng('duplicate_welcome_error');


        }


        




 interface/web/client/reseller_del.php


@@ -59,7 +59,7 @@




        $client_id = $app->functions->intval($this->dataRecord['client_id']);




        $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE parent_client_id = ".$client_id);


        $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE parent_client_id = ?", $client_id);


        if($tmp["number"] > 0) $app->error($app->lng('error_has_clients'));




    }


@@ -74,15 +74,15 @@




            // remove the group of the client from the resellers group


            $parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);


            $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");


            $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");


            $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);


            $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);


            $app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);




            // delete the group of the client


            $app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");


            $app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);




            // delete the sys user(s) of the client


            $app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");


            $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);


        }




    }




 interface/web/client/reseller_edit.php


@@ -61,11 +61,11 @@




            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another website.


            if($client["limit_client"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_client"]) {


                    $app->error($app->tform->wordbook["limit_client_txt"]);


                }


@@ -84,11 +84,11 @@




            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another website.


            if($client["limit_client"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_client"]) {


                    $app->error($app->tform->wordbook["limit_client_txt"]);


                }


@@ -96,7 +96,7 @@


        }


        


        if($this->id != 0) {


            $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $this->id);


            $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $this->id);


            if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {


                // check previous type of storing templates


                $tpls = explode('/', $this->oldDataRecord['template_additional']);


@@ -134,7 +134,7 @@


        $app->tpl->setVar('tpl_add_select', $option);




        // check for new-style records


        $result = $app->db->queryAllRecords('SELECT assigned_template_id, client_template_id FROM client_template_assigned WHERE client_id = ' . $this->id);


        $result = $app->db->queryAllRecords('SELECT assigned_template_id, client_template_id FROM client_template_assigned WHERE client_id = ?', $this->id);


        if($result && count($result) > 0) {


            // new style


            $items = array();


@@ -160,8 +160,8 @@


            unset($tmprec);


        } else {


            // old style


            $sql = "SELECT template_additional FROM client WHERE client_id = " . $this->id;


            $result = $app->db->queryOneRecord($sql);


            $sql = "SELECT template_additional FROM client WHERE client_id = ?";


            $result = $app->db->queryOneRecord($sql, $this->id);


            $tplAdd = explode("/", $result['template_additional']);


            $text = '';


            foreach($tplAdd as $item){


@@ -186,13 +186,6 @@


                $customer_no = $app->functions->intval($system_config['misc']['customer_no_start']+$system_config['misc']['customer_no_counter']);


                $customer_no_string = str_replace('[CUSTOMER_NO]',$customer_no,$system_config['misc']['customer_no_template']);


                $app->tpl->setVar('customer_no',$customer_no_string);


				


                //* save new counter value


                /*


                $system_config['misc']['customer_no_counter']++;


                $system_config_str = $app->ini_parser->get_ini_string($system_config);


                $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($system_config_str)."'", 'sysini_id', 1);


                */


            }


        }


        


@@ -207,17 +200,17 @@


    function onAfterInsert() {


        global $app, $conf;


        // Create the group for the reseller


        $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".$app->db->quote($this->dataRecord["username"])."','',".$this->id.")", 'groupid');


        $groupid = $app->db->datalogInsert('sys_group', array("name" => $this->dataRecord["username"], "description" => '', "client_id" => $this->id), 'groupid');


        $groups = $groupid;




        $username = $app->db->quote($this->dataRecord["username"]);


        $password = $app->db->quote($this->dataRecord["password"]);


        $modules = $app->db->quote($conf['interface_modules_enabled'] . ',client');


        $username = $this->dataRecord["username"];


        $password = $this->dataRecord["password"];


        $modules = $conf['interface_modules_enabled'] . ',client';


        $startmodule = (stristr($modules, 'dashboard'))?'dashboard':'client';


        $usertheme = $app->db->quote($this->dataRecord["usertheme"]);


        $usertheme = $this->dataRecord["usertheme"];


        $type = 'user';


        $active = 1;


        $language = $app->db->quote($this->dataRecord["language"]);


        $language = $this->dataRecord["language"];




        $salt="$1$";


        $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';


@@ -229,11 +222,11 @@




        // Create the controlpaneluser for the reseller


        $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)


        VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";


        $app->db->query($sql);


        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";


        $app->db->query($sql, $username, $password, $modules, $startmodule, $usertheme, $type, $active, $language, $groups, $groupid, $this->id);




        //* set the number of clients to 1


        $app->db->query("UPDATE client SET limit_client = 1 WHERE client_id = ".$this->id);


        $app->db->query("UPDATE client SET limit_client = 1 WHERE client_id = ?", $this->id);




        //* Set the default servers


        $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE mail_server = 1 LIMIT 0,1');


@@ -245,8 +238,8 @@


        $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE db_server = 1 LIMIT 0,1');


        $default_dbserver = $app->functions->intval($tmp['server_id']);




        $sql = "UPDATE client SET default_mailserver = $default_mailserver, default_webserver = $default_webserver, default_dnsserver = $default_dnsserver, default_slave_dnsserver = $default_dnsserver, default_dbserver = $default_dbserver WHERE client_id = ".$this->id;


        $app->db->query($sql);


        $sql = "UPDATE client SET default_mailserver = ?, default_webserver = ?, default_dnsserver = ?, default_slave_dnsserver = ?, default_dbserver = ? WHERE client_id = ?";


        $app->db->query($sql, $default_mailserver, $default_webserver, $default_dnsserver, $default_dnsserver, $default_dbserver, $this->id);


        


        if(isset($this->dataRecord['template_master'])) {


            $app->uses('client_templates');


@@ -262,15 +255,15 @@


                //* save new counter value


                $system_config['misc']['customer_no_counter']++;


                $system_config_str = $app->ini_parser->get_ini_string($system_config);


                $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($system_config_str)."'", 'sysini_id', 1);


                $app->db->datalogUpdate('sys_ini', array("config" => $system_config_str), 'sysini_id', 1);


                


            }


        }


        


        //* Send welcome email


        $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


        $sql = "SELECT * FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ".$client_group_id;


        $email_template = $app->db->queryOneRecord($sql);


        $sql = "SELECT * FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ?";


        $email_template = $app->db->queryOneRecord($sql, $client_group_id);


        $client = $app->tform->getDataRecord($this->id);




        if(is_array($email_template) && $client['email'] != '') {


@@ -300,7 +293,7 @@


                $from = $system_config['admin_mail'];


            } else {


                $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


                $reseller = $app->db->queryOneRecord("SELECT client.email FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ".$client_group_id);


                $reseller = $app->db->queryOneRecord("SELECT client.email FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ?", $client_group_id);


                $from = $reseller["email"];


            }




@@ -321,19 +314,19 @@




        // username changed


        if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {


            $username = $app->db->quote($this->dataRecord["username"]);


            $username = $this->dataRecord["username"];


            $client_id = $this->id;


            $sql = "UPDATE sys_user SET username = '$username' WHERE client_id = $client_id";


            $app->db->query($sql);


            $sql = "UPDATE sys_user SET username = ? WHERE client_id = ?";


            $app->db->query($sql, $username, $client_id);




            $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = $client_id");


            $app->db->datalogUpdate("sys_group", "name = '$username'", 'groupid', $tmp['groupid']);


            $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $client_id);


            $app->db->datalogUpdate("sys_group", array("name" => $username), 'groupid', $tmp['groupid']);


            unset($tmp);


        }




        // password changed


        if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {


            $password = $app->db->quote($this->dataRecord["password"]);


            $password = $this->dataRecord["password"];


            $client_id = $this->id;


            $salt="$1$";


            $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';


@@ -342,32 +335,32 @@


            }


            $salt.="$";


            $password = crypt(stripslashes($password), $salt);


            $sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id";


            $app->db->query($sql);


            $sql = "UPDATE sys_user SET passwort = ? WHERE client_id = ?";


            $app->db->query($sql, $password, $client_id);


        }




        // language changed


        if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {


            $language = $app->db->quote($this->dataRecord["language"]);


            $language = $this->dataRecord["language"];


            $client_id = $this->id;


            $sql = "UPDATE sys_user SET language = '$language' WHERE client_id = $client_id";


            $app->db->query($sql);


            $sql = "UPDATE sys_user SET language = ? WHERE client_id = ?";


            $app->db->query($sql, $language, $client_id);


        }




        // ensure that a reseller is not converted to a client in demo mode when client_id <= 2


        if(isset($conf['demo_mode']) && $conf['demo_mode'] == true && $this->id <= 2) {


            if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != -1) {


                $app->db->query('UPDATE client set limit_client = -1 WHERE client_id = '.$this->id);


                $app->db->query('UPDATE client set limit_client = -1 WHERE client_id = ?', $this->id);


            }


        }




        // reseller status changed


        if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {


            $modules = $app->db->quote($conf['interface_modules_enabled'] . ',client');


            $modules = $app->db->quote($modules);


            $modules = $conf['interface_modules_enabled'] . ',client';


            $modules = $modules;


            $client_id = $this->id;


            $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";


            $app->db->query($sql);


            $sql = "UPDATE sys_user SET modules = ? WHERE client_id = ?";


            $app->db->query($sql, $modules, $client_id);


        }


        


        if(isset($this->dataRecord['template_master'])) {




 interface/web/client/templates/client_circle_edit.htm


@@ -1,10 +1,11 @@


<tmpl_if name="list_head_txt">


<div class='page-header'>


    <h1><tmpl_var name="list_head_txt"></h1>


</div>


<p><tmpl_var name="list_desc_txt"></p>


</tmpl_if>


<tmpl_if name="list_desc_txt"><p><tmpl_var name="list_desc_txt"></p></tmpl_if>






        <legend>{tmpl_var name='circle_txt'}</legend>


            <div class="form-group">


                <label for="circle_name" class="col-sm-3 control-label">{tmpl_var name='circle_name_txt'}*</label>


                <div class="col-sm-9"><input type="text" name="circle_name" id="circle_name" value="{tmpl_var name='circle_name'}" class="form-control" /></div></div>




 interface/web/client/templates/client_circle_list.htm


@@ -40,7 +40,7 @@


                            <td><a href="#" data-load-content="client/client_circle_edit.php?id={tmpl_var name='id'}">{tmpl_var name="circle_name"}</a></td>


                            <td><a href="#" data-load-content="client/client_circle_edit.php?id={tmpl_var name='id'}">{tmpl_var name="description"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/client_circle_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/client_circle_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/client/templates/client_edit_limits.htm


@@ -1,20 +1,14 @@


<tmpl_if name="list_head_txt">


<div class='page-header'>


    <h1><tmpl_var name="list_head_txt"></h1>


</div>


<p><tmpl_var name="list_desc_txt"></p>


</tmpl_if>


<tmpl_if name="list_desc_txt"><p><tmpl_var name="list_desc_txt"></p></tmpl_if>




<div class="panel panel_client">




        <div class="pnl_toolsarea">


            <p class="fieldset-legend">{tmpl_var name="toolsarea_head_txt"}</p>


                <div class="buttons topbuttons">


                    <button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='add_additional_template_txt'}" onclick="ISPConfig.addAdditionalTemplate();">{tmpl_var name='add_additional_template_txt'}</button>


                </div>


            


        </div>




    <div class="pnl_formsarea">


        <legend>Limits</legend>


    


    <div class="pnl_formsarea">


        <fieldset class="inlineLabels"><legend>Limits</legend>


                <div class="form-group">


                    <label for="template_master" class="col-sm-3 control-label">{tmpl_var name='template_master_txt'}</label>


                    <div class="col-sm-9"><select name="template_master" id="template_master" class="form-control">


@@ -27,9 +21,12 @@


                        {tmpl_var name='tpl_add_select'}


                    </select></div>


                </div>


                <div class="clear"><div class="right">


                    <button class="btn btn-default formbutton-success" type="button" onclick="ISPConfig.addAdditionalTemplate();">{tmpl_var name="add_additional_template_txt"}</button>


                </div></div>


                <div class="form-group">


                    <label class="col-sm-3 control-label">{tmpl_var name='active_template_additional_txt'}</label>


                    <div id="template_additional_list" class="multiField">


                    <div id="template_additional_list" class="col-sm-9 col-text">


                        <ul>


                        {tmpl_var name='template_additional_list'}


                        </ul>




 interface/web/client/templates/client_message.htm


@@ -9,7 +9,7 @@


                <div id="OKMsg"><p><tmpl_var name="okmsg"></p></div>


            </tmpl_if>


            <tmpl_if name="error">


                <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>


                <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>


            </tmpl_if>


            <div class="form-group">


                <label for="sender" class="col-sm-3 control-label">{tmpl_var name='sender_txt'}</label>




 interface/web/client/templates/client_message_template_list.htm


@@ -32,7 +32,7 @@


            <td><a href="#" data-load-content="client/message_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="template_name"}</a></td>


            <td class="text-right">


              <div class="buttons icons16">


                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/message_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/message_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


              </div>


            </td>


          </tr>




 interface/web/client/templates/client_template_edit_template.htm


@@ -1,7 +1,9 @@


<tmpl_if name="list_head_txt">


<div class='page-header'>


    <h1><tmpl_var name="list_head_txt"></h1>


</div>


<p><tmpl_var name="list_desc_txt"></p>


</tmpl_if>


<tmpl_if name="list_desc_txt"><p><tmpl_var name="list_desc_txt"></p></tmpl_if>






        <legend>Template</legend>




 interface/web/client/templates/client_template_list.htm


@@ -37,7 +37,7 @@


                            <td><a href="#" data-load-content="client/client_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="template_type"}</a></td>


                            <td><a href="#" data-load-content="client/client_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="template_name"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/client_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/client_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/client/templates/clients_list.htm


@@ -50,11 +50,11 @@


                            <td><a href="#" data-load-content="client/client_edit.php?id={tmpl_var name='id'}"><span class="flags flag-{tmpl_var name="countryiso"}">{tmpl_var name="country"}</span></a></td>


                            <td class="text-right">


                                <tmpl_if name="is_admin">


                                    <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='id'}"><span class="icon icon-loginas"></span></button>


                                    <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='id'}"><span class="icon icon-loginas"></span></a>


                                <tmpl_elseif name="is_reseller">


                                    <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='id'}"><span class="icon icon-loginas"></span></button>


                                    <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='id'}"><span class="icon icon-loginas"></span></a>


                                </tmpl_if>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/client_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/client_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/client/templates/domain_list.htm


@@ -32,7 +32,7 @@


                    <td><a href="#" data-load-content="client/domain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="domain"}</a></td>


                    <td><a href="#" data-load-content="client/domain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="sys_groupid"}</a></td>


                    <td class="text-right">


                        <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                        <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                    </td>


                </tr>


                </tmpl_loop>




 interface/web/client/templates/message_template.htm


@@ -18,12 +18,13 @@


        <div class="col-sm-9"><input type="text" name="template_name" id="template_name" value="{tmpl_var name='template_name'}" class="form-control" /></div></div>


      <div class="form-group">


          <label for="subject" class="col-sm-3 control-label">{tmpl_var name='subject_txt'}</label>


        <div class="col-sm-9"><input type="text" name="subject" id="subject" value="{tmpl_var name='subject'}" class="form-control" /></div><br clear="all">{tmpl_var name='variables_txt'}: {tmpl_var name="message_variables"} <br />{tmpl_var name='variables_description_txt'}


        <div class="col-sm-9"><input type="text" name="subject" id="subject" value="{tmpl_var name='subject'}" class="form-control" /></div>


        <div class="col-sm-3 col-text"></div><div class="col-sm-9 col-text">{tmpl_var name='variables_txt'}: {tmpl_var name="message_variables"} <br />{tmpl_var name='variables_description_txt'}</div>


            </div>


      <div class="form-group">


          <label for="message" class="col-sm-3 control-label">{tmpl_var name='message_txt'}</label>


        <div class="col-sm-9"><textarea class="form-control" name="message" id="message" rows='' cols=''>{tmpl_var name='message'}</textarea></div>


        <br clear="all">{tmpl_var name='variables_txt'}: {tmpl_var name="message_variables"} <br />{tmpl_var name='variables_description_txt'}


        <div class="col-sm-9"><textarea class="form-control" name="message" id="message" style="height:300px">{tmpl_var name='message'}</textarea></div>


        <div class="col-sm-3 col-text"></div><div class="col-sm-9 col-text">{tmpl_var name='variables_txt'}: {tmpl_var name="message_variables"} <br />{tmpl_var name='variables_description_txt'}</div>


      </div>


      <div class="clear"><div class="right">


      <button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="client/message_template_edit.php">{tmpl_var name='btn_save_txt'}</button>




 interface/web/client/templates/message_template_list.htm


@@ -32,7 +32,7 @@


            <td><a href="#" data-load-content="billing/invoice_message_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="template_name"}</a></td>



            <td class="text-right">


              <div class="buttons icons16">    


                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('billing/invoice_message_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('billing/invoice_message_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


              </div>


            </td>


          </tr>




 interface/web/client/templates/reseller_edit_limits.htm


@@ -1,19 +1,11 @@


<tmpl_if name="list_head_txt">


<div class='page-header'>


    <h1><tmpl_var name="list_head_txt"></h1>


</div>


<p><tmpl_var name="list_desc_txt"></p>


</tmpl_if>


<tmpl_if name="list_desc_txt"><p><tmpl_var name="list_desc_txt"></p></tmpl_if>




<div class="panel panel_client">




    <tmpl_if name="is_admin">


        <div class="pnl_toolsarea">


            <p class="fieldset-legend">{tmpl_var name="toolsarea_head_txt"}</p>


            <div class="buttons topbuttons">


                <button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='add_additional_template_txt'}" onclick="ISPConfig.addAdditionalTemplate();">{tmpl_var name='add_additional_template_txt'}</button>


            </div>


			


        </div>


    </tmpl_if>




    <div class="pnl_formsarea">


        <legend>Limits</legend>


@@ -30,9 +22,14 @@


                        {tmpl_var name='tpl_add_select'}


                    </select></div>


                </div>


                <tmpl_if name="is_admin">


                <div class="clear"><div class="right">


                    <button class="btn btn-default formbutton-success" type="button" onclick="ISPConfig.addAdditionalTemplate();">{tmpl_var name="add_additional_template_txt"}</button>


                </div></div>


                </tmpl_if>


                <div class="form-group">


                    <label class="col-sm-3 control-label">{tmpl_var name='active_template_additional_txt'}</label>


                    <div id="template_additional_list" class="multiField">


                    <div id="template_additional_list" class="col-sm-9 col-text">


                        <ul>


                        {tmpl_var name='template_additional_list'}


                        </ul>




 interface/web/client/templates/resellers_list.htm


@@ -49,8 +49,8 @@


                            <td><a href="#" data-load-content="client/reseller_edit.php?id={tmpl_var name='id'}">{tmpl_var name="city"}</a></td>


                            <td><a href="#" data-load-content="client/reseller_edit.php?id={tmpl_var name='id'}"><span class="flags flag-{tmpl_var name="countryiso"}">{tmpl_var name="country"}</span></a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='id'}"><span class="icon icon-loginas"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/reseller_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-success formbutton-narrow" data-load-content="login/login_as.php?cid={tmpl_var name='id'}"><span class="icon icon-loginas"></span></a>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('client/reseller_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/dashboard/ajax_get_json.php


@@ -40,7 +40,7 @@




//if($_SESSION["s"]["user"]["typ"] == 'admin') {






/* TODO: change sql queries */


if($type == 'globalsearch'){


    $q = $app->db->quote(trim($_GET["q"]));


    $authsql = " AND ".$app->tform->getAuthSQL('r');


@@ -55,19 +55,19 @@


    $result[] = _search('client', 'reseller', "AND limit_client != 0");




    // web sites


    $result[] = _search('sites', 'web_domain', "AND type = 'vhost'");


    $result[] = _search('sites', 'web_vhost_domain', "AND type = 'vhost'");




    // subdomains


    $result[] = _search('sites', 'web_subdomain', "AND type = 'subdomain'");


    $result[] = _search('sites', 'web_childdomain', "AND type = 'subdomain'", 'type=subdomain');




    // web site aliases


    $result[] = _search('sites', 'web_aliasdomain', "AND type = 'alias'");


    $result[] = _search('sites', 'web_childdomain', "AND type = 'alias'", 'type=aliasdomain');




    // vhostsubdomains


    $result[] = _search('sites', 'web_vhost_subdomain', "AND type = 'vhostsubdomain'");


    $result[] = _search('sites', 'web_vhost_domain', "AND type = 'vhostsubdomain'", 'type=subdomain');




    // vhostaliasdomains


    $result[] = _search('sites', 'web_vhost_aliasdomain', "AND type = 'vhostalias'");


    $result[] = _search('sites', 'web_vhost_domain', "AND type = 'vhostalias'", 'type=aliasdomain');




    // FTP users


    $result[] = _search('sites', 'ftp_user');


@@ -76,28 +76,6 @@


    $result[] = _search('sites', 'shell_user');




    // databases


    /*


        $result_databases = array('cheader' => array(), 'cdata' => array());


        if(in_array('sites', $modules)){


            $sql = "SELECT * FROM web_database WHERE database_name LIKE '%".$q."%' OR database_user LIKE '%".$q."%' OR remote_ips LIKE '%".$q."%'".$authsql." ORDER BY database_name";


            $results = $app->db->queryAllRecords($sql);




            if(is_array($results) && !empty($results)){


                $result_databases['cheader'] = array('title' => 'Databases',


                                                        'total' => count($results),


                                                        'limit' => count($results)


                                                    );


                foreach($results as $result){


                    $description = 'Database User: '.$result['database_user'].' - Remote IPs: '.$result['remote_ips'];


                    $result_databases['cdata'][] = array('title' => $result['database_name'],


                                                'description' => $description,


                                                'onclick' => 'ISPConfig.capp(\'sites\',\'sites/database_edit.php?id='.$result['database_id'].'\');',


                                                'fill_text' => strtolower($result['database_name'])


                                                );


                }


            }


        }


        */


    $result[] = _search('sites', 'database');




    // database users


@@ -156,7 +134,7 @@




//}




function _search($module, $section, $additional_sql = ''){


function _search($module, $section, $additional_sql = '', $params = ''){


    global $app, $q, $authsql, $modules;




    $result_array = array('cheader' => array(), 'cdata' => array());


@@ -164,9 +142,13 @@


        $search_fields = array();


        $desc_fields = array();


        if(is_file('../'.$module.'/form/'.$section.'.tform.php')){


            include_once '../'.$module.'/form/'.$section.'.tform.php';


            include '../'.$module.'/form/'.$section.'.tform.php';




            $category_title = $form["title"];


            if($params == 'type=subdomain' && $section == 'web_childdomain') $category_title = 'Subdomain';


            if($params == 'type=aliasdomain' && $section == 'web_childdomain') $category_title = 'Aliasdomain';


            if($params == 'type=subdomain' && $section == 'web_vhost_domain') $category_title = 'Subdomain (Vhost)';


            if($params == 'type=aliasdomain' && $section == 'web_vhost_domain') $category_title = 'Aliasdomain (Vhost)';


            $form_file = $form["action"];


            $db_table = $form["db_table"];


            $db_table_idx = $form["db_table_idx"];


@@ -205,8 +187,8 @@


        $order_clause = '';


        if($order_by != '') $order_clause = ' ORDER BY '.$order_by;




        $sql = "SELECT * FROM ".$db_table." WHERE ".$where_clause.$authsql.$order_clause." LIMIT 0,10";


        $results = $app->db->queryAllRecords($sql);


        $sql = "SELECT * FROM ?? WHERE ".$where_clause.$authsql.$order_clause." LIMIT 0,10";


        $results = $app->db->queryAllRecords($sql, $db_table);




        if(is_array($results) && !empty($results)){


            $lng_file = '../'.$module.'/lib/lang/'.$_SESSION['s']['language'].'_'.$section.'.lng';


@@ -227,7 +209,7 @@




                $result_array['cdata'][] = array('title' => $wb[$title_key.'_txt'].': '.$result[$title_key],


                    'description' => $description,


                    'onclick' => "ISPConfig.capp('".$module."','".$module."/".$form_file."?id=".$result[$db_table_idx]."');",


                    'onclick' => "ISPConfig.capp('".$module."','".$module."/".$form_file.urlencode("?id=".$result[$db_table_idx]).($params != ''? urlencode('&'.$params) : '')."');",


                    'fill_text' => strtolower($result[$title_key])


                );


            }




 interface/web/dashboard/dashboard.php


@@ -51,7 +51,7 @@


if($_SESSION['s']['user']['typ'] == 'admin') {


    $name = $_SESSION['s']['user']['username'];


} else {


    $tmp = $app->db->queryOneRecord("SELECT contact_name FROM client WHERE username = '".$app->db->quote($_SESSION['s']['user']['username'])."'");


    $tmp = $app->db->queryOneRecord("SELECT contact_name FROM client WHERE username = ?", $_SESSION['s']['user']['username']);


    $name = $tmp['contact_name'];


}




@@ -146,7 +146,7 @@


$dashlet_list = array();


$handle = @opendir(ISPC_WEB_PATH.'/dashboard/dashlets');


while ($file = @readdir($handle)) {


    if ($file != '.' && $file != '..' && !is_dir($file)) {


    if ($file != '.' && $file != '..' && !is_dir(ISPC_WEB_PATH.'/dashboard/dashlets/'.$file)) {


        $dashlet_name = substr($file, 0, -4);


        $dashlet_class = 'dashlet_'.$dashlet_name;


        include_once ISPC_WEB_PATH.'/dashboard/dashlets/'.$file;




 interface/web/dashboard/dashlets/limits.php


@@ -130,7 +130,7 @@




        if($user_is_admin == false) {


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT * FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT * FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


        }




        $rows = array();


@@ -164,10 +164,10 @@


    function _get_limit_usage($limit) {


        global $app;




        $sql = "SELECT count(sys_userid) as number FROM ".$app->db->quote($limit['db_table'])." WHERE ";


        $sql = "SELECT count(sys_userid) as number FROM ?? WHERE ";


        if($limit['db_where'] != '') $sql .= $limit['db_where']." AND ";


        $sql .= $app->tform->getAuthSQL('r');


        $rec = $app->db->queryOneRecord($sql);


        $rec = $app->db->queryOneRecord($sql, $limit['db_table']);


        return $rec['number'];




    }




 interface/web/dashboard/dashlets/modules.php


@@ -28,19 +28,32 @@


                    include_once '../' . $mt.'/lib/module.conf.php';


                    /* We don't want to show the dashboard */


                    if ($mt != 'dashboard') {


                        if($mt == 'dns'){


                            $dns_servers = $app->db->queryOneRecord("SELECT COUNT(*) as cnt FROM server WHERE dns_server = 1 AND active = 1");


                            if($dns_servers['cnt'] == 0) continue;


                        }


                        if($mt == 'mail'){


                            $mail_servers = $app->db->queryOneRecord("SELECT COUNT(*) as cnt FROM server WHERE mail_server = 1 AND active = 1");


                            if($mail_servers['cnt'] == 0) continue;


                        }


                        if($mt == 'sites'){


                            $web_servers = $app->db->queryOneRecord("SELECT COUNT(*) as cnt FROM server WHERE web_server = 1 AND active = 1");


                            if($web_servers['cnt'] == 0) continue;


                        }


					


                        $module_title = $app->lng($module['title']);


                        if(function_exists('mb_strlen')) {


                            if(mb_strlen($module_title, "UTF-8") > 8) $module_title = mb_substr($module_title, 0, 7, "UTF-8").'..';


                        } else {


                            if(strlen($module_title) > 8) $module_title = substr($module_title, 0, 7).'..';


                        }


                        $mod[] = array( 'modules_title'  => $module_title,


                        $mod[$module['order']] = array( 'modules_title'  => $module_title,


                            'modules_startpage' => $module['startpage'],


                            'modules_name'   => $module['name']);


                    }


                }


            }




            ksort($mod);


            $tpl->setloop('modules', $mod);


        }






 interface/web/dashboard/lib/custom_menu.inc.php


@@ -71,7 +71,7 @@


                $rows[] = array('title' => $item->get_title(),


                    'link' => $item->get_link(),


                    'content' => $item->get_content(),


                    'date' => $item->get_date('Y-m-d')


                    'date' => $item->get_date($app->lng('conf_format_dateshort'))


                );


            }


            $n++;




 interface/web/dashboard/lib/module.conf.php


@@ -32,6 +32,7 @@


$module['template']  = 'dashboard.tpl.htm';


$module['startpage']  = 'dashboard/dashboard.php';


$module['tab_width']    = '';


$module['order']    = '1';




//$items = array();


//




 interface/web/dns/ajax_get_json.php


@@ -34,128 +34,25 @@


//* Check permissions for module


$app->auth->check_module_permissions('dns');




//$app->uses('tform');




$type = $_GET["type"];




//if($_SESSION["s"]["user"]["typ"] == 'admin') {






if($type == 'get_ipv4'){


    //$q = $app->db->quote(trim($_GET["q"]));


    //$authsql = " AND ".$app->tform->getAuthSQL('r');


    //$modules = explode(',', $_SESSION['s']['user']['modules']);




    $result = array();




    // ipv4


    //$result[] = _search('admin', 'server_ip', "AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");


    $result[] = $app->functions->suggest_ips('IPv4');




    $json = $app->functions->json_encode($result);


}




if($type == 'get_ipv6'){


    //$q = $app->db->quote(trim($_GET["q"]));


    //$authsql = " AND ".$app->tform->getAuthSQL('r');


    //$modules = explode(',', $_SESSION['s']['user']['modules']);




    $result = array();




    // ipv6


    //$result[] = _search('admin', 'server_ip', "AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");


    $result[] = $app->functions->suggest_ips('IPv6');




    $json = $app->functions->json_encode($result);


}




//}




/*


function _search($module, $section, $additional_sql = '', $unique = false){


    global $app, $q, $authsql, $modules;




    $result_array = array('cheader' => array(), 'cdata' => array());


    if(in_array($module, $modules) || ($module == 'admin' && $section == 'server_ip')){


        $search_fields = array();


        $desc_fields = array();


        if(is_file('../'.$module.'/form/'.$section.'.tform.php')){


            include_once('../'.$module.'/form/'.$section.'.tform.php');




            $category_title = $form["title"];


            $form_file = $form["action"];


            $db_table = $form["db_table"];


            $db_table_idx = $form["db_table_idx"];


            $order_by = $db_table_idx;




            if(is_array($form["tabs"]) && !empty($form["tabs"])){


                foreach($form["tabs"] as $tab){


                    if(is_array($tab['fields']) && !empty($tab['fields'])){


                        foreach($tab['fields'] as $key => $val){


                            if(isset($val['searchable']) && $val['searchable'] > 0){


                                $search_fields[] = $key." LIKE '%".$q."%'";


                                if($val['searchable'] == 1){


                                    $order_by = $key;


                                    $title_key = $key;


                                }


                                if($val['searchable'] == 2){


                                    $desc_fields[] = $key;


                                }


                            }


                        }


                    }


                }


            }


        }


        unset($form);




        $where_clause = '';


        if(!empty($search_fields)){


            $where_clause = implode(' OR ', $search_fields);


        } else {


            // valid SQL query which returns an empty result set


            $where_clause = '1 = 0';


        }


        if($where_clause != '') $where_clause = '('.$where_clause.')';


        if($additional_sql != '') $where_clause .= ' '.$additional_sql.' ';


        $order_clause = '';


        if($order_by != '') $order_clause = ' ORDER BY '.$order_by;




        $sql = "SELECT * FROM ".$db_table." WHERE ".$where_clause.$authsql.$order_clause." LIMIT 0,10";


        $results = $app->db->queryAllRecords($sql);




        if(is_array($results) && !empty($results)){


            $lng_file = '../'.$module.'/lib/lang/'.$_SESSION['s']['language'].'_'.$section.'.lng';


            if(is_file($lng_file)) include($lng_file);


            $result_array['cheader'] = array('title' => $category_title,


                                            'total' => count($results),


                                            'limit' => count($results)


                                            );


            foreach($results as $result){


                $description = '';


                if(!empty($desc_fields)){


                    $desc_items = array();


                    foreach($desc_fields as $desc_field){


                        if($result[$desc_field] != '') $desc_items[] = $wb[$desc_field.'_txt'].': '.$result[$desc_field];


                    }


                    if(!empty($desc_items)) $description = implode(' - ', $desc_items);


                }




                $result_array['cdata'][] = array(    'title' => $wb[$title_key.'_txt'].': '.$result[$title_key],


                                                    'description' => $description,


                                                    'onclick' => '',


                                                    'fill_text' => $result[$title_key]


                                                );


            }


            if($unique === true){


                $result_array['cdata'] = array_unique($result_array['cdata']);


                $result_array['cheader']['total'] = $result_array['cheader']['limit'] = count($result_array['cdata']);


            }


        }


    }


    return $result_array;


}


*/




header('Content-type: application/json');


echo $json;




 interface/web/dns/dns_a_edit.php


@@ -40,102 +40,17 @@




require_once '../../lib/config.inc.php';


require_once '../../lib/app.inc.php';




//* Check permissions for module


$app->auth->check_module_permissions('dns');


require_once './dns_edit_base.php';




// Loading classes


$app->uses('tpl,tform,tform_actions,validate_dns');


$app->load('tform_actions');


class page_action extends dns_page_action {




class page_action extends tform_actions {




    function onShowNew() {


        global $app, $conf;




        // we will check only users, not admins


        if($_SESSION["s"]["user"]["typ"] == 'user') {




            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        }




        parent::onShowNew();


    }




    function onSubmit() {


        global $app, $conf;




        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));




        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];




        // Check the client limits, if user is not the admin


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        } // end if user is not admin




    protected function checkDuplicate() {


        //* Check for duplicates where IP and hostname are the same


        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and data = '".$app->db->quote($this->dataRecord["data"])."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.")");


        if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")."<br>";


        unset($tmp);






        // Set the server ID of the rr record to the same server ID as the parent record.


        $this->dataRecord["server_id"] = $soa["server_id"];




        // Update the serial number  and timestamp of the RR record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);


        $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);


        $this->dataRecord["stamp"] = date('Y-m-d H:i:s');




        parent::onSubmit();


        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = ? AND zone = ? and data = ? and id != ?) OR (type = 'CNAME' AND name = ? AND zone = ? and id != ?)", $this->dataRecord["name"], $this->dataRecord["zone"], $this->dataRecord["data"], $this->id, $this->dataRecord["name"], $this->dataRecord["zone"], $this->id);


        if($tmp['number'] > 0) return true;


        return false;


    }




    function onAfterInsert() {


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }




    function onAfterUpdate() {


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }




}




$page = new page_action;




 interface/web/dns/dns_aaaa_edit.php


@@ -40,96 +40,10 @@




require_once '../../lib/config.inc.php';


require_once '../../lib/app.inc.php';




//* Check permissions for module


$app->auth->check_module_permissions('dns');


require_once './dns_edit_base.php';




// Loading classes


$app->uses('tpl,tform,tform_actions,validate_dns');


$app->load('tform_actions');




class page_action extends tform_actions {




    function onShowNew() {


        global $app, $conf;




        // we will check only users, not admins


        if($_SESSION["s"]["user"]["typ"] == 'user') {




            // Get the limits of the client


            $client_group_id = $_SESSION["s"]["user"]["default_group"];


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        }




        parent::onShowNew();


    }




    function onSubmit() {


        global $app, $conf;




        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));




        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];




        // Check the client limits, if user is not the admin


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        } // end if user is not admin






        // Set the server ID of the rr record to the same server ID as the parent record.


        $this->dataRecord["server_id"] = $soa["server_id"];




        // Update the serial number  and timestamp of the RR record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);


        $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);


        $this->dataRecord["stamp"] = date('Y-m-d H:i:s');




        parent::onSubmit();


    }




    function onAfterInsert() {


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".intval($soa['sys_groupid']), 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }




    function onAfterUpdate() {


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }


class page_action extends dns_page_action {




}






 interface/web/dns/dns_alias_edit.php


@@ -40,96 +40,10 @@




require_once '../../lib/config.inc.php';


require_once '../../lib/app.inc.php';




//* Check permissions for module


$app->auth->check_module_permissions('dns');


require_once './dns_edit_base.php';




// Loading classes


$app->uses('tpl,tform,tform_actions,validate_dns');


$app->load('tform_actions');




class page_action extends tform_actions {




    function onShowNew() {


        global $app, $conf;




        // we will check only users, not admins


        if($_SESSION["s"]["user"]["typ"] == 'user') {




            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        }




        parent::onShowNew();


    }




    function onSubmit() {


        global $app, $conf;




        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));




        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];




        // Check the client limits, if user is not the admin


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        } // end if user is not admin






        // Set the server ID of the rr record to the same server ID as the parent record.


        $this->dataRecord["server_id"] = $soa["server_id"];




        // Update the serial number  and timestamp of the RR record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);


        $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);


        $this->dataRecord["stamp"] = date('Y-m-d H:i:s');




        parent::onSubmit();


    }




    function onAfterInsert() {


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }




    function onAfterUpdate() {


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }


class page_action extends dns_page_action {




}






 interface/web/dns/dns_cname_edit.php


@@ -40,100 +40,16 @@




require_once '../../lib/config.inc.php';


require_once '../../lib/app.inc.php';




//* Check permissions for module


$app->auth->check_module_permissions('dns');


require_once './dns_edit_base.php';




// Loading classes


$app->uses('tpl,tform,tform_actions,validate_dns');


$app->load('tform_actions');


class page_action extends dns_page_action {




class page_action extends tform_actions {




    function onShowNew() {


        global $app, $conf;




        // we will check only users, not admins


        if($_SESSION["s"]["user"]["typ"] == 'user') {




            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        }




        parent::onShowNew();


    }




    function onSubmit() {


        global $app, $conf;




        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));




        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];




        // Check the client limits, if user is not the admin


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        } // end if user is not admin




    protected function checkDuplicate() {


        //* Check for duplicates where IP and hostname are the same


        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.") OR (type = 'CNAME' AND name = '".$app->db->quote($this->dataRecord["name"])."' AND zone = '".$app->db->quote($this->dataRecord["zone"])."' and id != ".$this->id.")");


        if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")."<br>";


        unset($tmp);






        // Set the server ID of the rr record to the same server ID as the parent record.


        $this->dataRecord["server_id"] = $soa["server_id"];




        // Update the serial number  and timestamp of the RR record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);


        $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);


        $this->dataRecord["stamp"] = date('Y-m-d H:i:s');




        parent::onSubmit();


    }




    function onAfterInsert() {


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }




    function onAfterUpdate() {


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = ? AND zone = ? and id != ?) OR (type = 'CNAME' AND name = ? AND zone = ? and id != ?)", $this->dataRecord["name"], $this->dataRecord["zone"], $this->id, $this->dataRecord["name"], $this->dataRecord["zone"], $this->id);


        if($tmp['number'] > 0) return true;


        return false;


    }




}




 interface/web/dns/dns_dkim_edit.php


@@ -71,8 +71,8 @@




        parent::onShowNew();




        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $_GET['zone'], $app->tform->getAuthSQL('r'));


        $sql=$app->db->queryOneRecord("SELECT dkim_public, dkim_selector FROM mail_domain WHERE domain = ? AND dkim = 'y' AND ?", substr_replace($soa['origin'],'',-1), $app->tform->getAuthSQL('r'));


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_GET['zone']);


        $sql=$app->db->queryOneRecord("SELECT dkim_public, dkim_selector FROM mail_domain WHERE domain = ? AND dkim = 'y' AND " . $app->tform->getAuthSQL('r'), substr_replace($soa['origin'],'',-1));


        $public_key=str_replace(array('-----BEGIN PUBLIC KEY-----','-----END PUBLIC KEY-----',"\r","\n"),'',$sql['dkim_public']);


        $app->tpl->setVar('public_key', $public_key);


        $app->tpl->setVar('selector', $sql['dkim_selector']);


@@ -83,7 +83,7 @@


    function onSubmit() {


        global $app, $conf;


        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $_POST["zone"], $app->tform->getAuthSQL('r'));


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);


        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];




@@ -126,23 +126,23 @@


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND ?", $this->dataRecord["zone"], $app->tform->getAuthSQL('r'));


        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);


        $app->db->datalogUpdate('dns_rr', array("sys_groupid" => $soa['sys_groupid']), 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


        $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);


    }




    function onAfterUpdate() {


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND ?", $this->dataRecord["zone"], $app->tform->getAuthSQL('r'));


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


        $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);


    }




}




 interface/web/dns/dns_dmarc_edit.php


@@ -74,8 +74,8 @@




        $zone = $app->functions->intval($_GET['zone']);


        // get domain-name


        $sql = "SELECT * FROM dns_soa WHERE id = ? AND ?";


        $rec = $app->db->queryOneRecord($sql, $zone, $app->tform->getAuthSQL('r'));


        $sql = "SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r');


        $rec = $app->db->queryOneRecord($sql, $zone);


        $domain_name = rtrim($rec['origin'], '.');




        // set defaults


@@ -88,8 +88,8 @@


        $dmarc_sp = 'same';




        //* check for an existing dmarc-record


        $sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=DMARC1%' AND zone = ? AND name = ? AND ?";


        $rec = $app->db->queryOneRecord($sql, $zone, '_dmarc.'.$domain_name.'.', $app->tform->getAuthSQL('r'));


        $sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=DMARC1%' AND zone = ? AND name = ? AND " . $app->tform->getAuthSQL('r');


        $rec = $app->db->queryOneRecord($sql, $zone, '_dmarc.'.$domain_name.'.');


        if ( isset($rec) && !empty($rec) ) {


            $this->id = 1;


            $old_data = strtolower($rec['data']);


@@ -204,7 +204,7 @@


        global $app, $conf;




        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $_POST['zone'], $app->tform->getAuthSQL('r'));


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST['zone']);




        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];


@@ -349,13 +349,13 @@


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));


        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));


        $app->db->datalogUpdate('dns_rr', array("sys_groupid" => $soa['sys_groupid']), 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


        $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);




    }




@@ -363,10 +363,10 @@


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


        $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);


    }




}




 interface/web/dns/dns_edit_base.php


New file


@@ -0,0 +1,131 @@


<?php




/*


Copyright (c) 2007, Till Brehm, projektfarm Gmbh


All rights reserved.




Redistribution and use in source and binary forms, with or without modification,


are permitted provided that the following conditions are met:




    * Redistributions of source code must retain the above copyright notice,


      this list of conditions and the following disclaimer.


    * Redistributions in binary form must reproduce the above copyright notice,


      this list of conditions and the following disclaimer in the documentation


      and/or other materials provided with the distribution.


    * Neither the name of ISPConfig nor the names of its contributors


      may be used to endorse or promote products derived from this software without


      specific prior written permission.




THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND


ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED


WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.


IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,


INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,


BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,


DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY


OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING


NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,


EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


*/




require_once '../../lib/config.inc.php';


require_once '../../lib/app.inc.php';




//* Check permissions for module


$app->auth->check_module_permissions('dns');




// Loading classes


$app->uses('tpl,tform,tform_actions,validate_dns');


$app->load('tform_actions');




class dns_page_action extends tform_actions {




    protected function checkDuplicate() {


        return false;


    }




    function onShowNew() {


        global $app, $conf;




        // we will check only users, not admins


        if($_SESSION["s"]["user"]["typ"] == 'user') {




            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another mailbox.


            if($client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        }




        parent::onShowNew();


    }




    function onSubmit() {


        global $app, $conf;




        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $_POST["zone"]);




        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];




        // Check the client limits, if user is not the admin


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        } // end if user is not admin


		


        if($this->checkDuplicate()) $app->tform->errorMessage .= $app->tform->lng("data_error_duplicate")."<br>";




        // Set the server ID of the rr record to the same server ID as the parent record.


        $this->dataRecord["server_id"] = $soa["server_id"];




        // Update the serial number  and timestamp of the RR record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ?", $this->id);


        $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);


        $this->dataRecord["stamp"] = date('Y-m-d H:i:s');




        parent::onSubmit();


    }




    function onAfterInsert() {


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);


        $app->db->datalogUpdate('dns_rr', array("sys_groupid" => $soa['sys_groupid']), 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);


    }




    function onAfterUpdate() {


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);


    }




}




?>




 interface/web/dns/dns_hinfo_edit.php


@@ -40,96 +40,10 @@




require_once '../../lib/config.inc.php';


require_once '../../lib/app.inc.php';




//* Check permissions for module


$app->auth->check_module_permissions('dns');


require_once './dns_edit_base.php';




// Loading classes


$app->uses('tpl,tform,tform_actions,validate_dns');


$app->load('tform_actions');




class page_action extends tform_actions {




    function onShowNew() {


        global $app, $conf;




        // we will check only users, not admins


        if($_SESSION["s"]["user"]["typ"] == 'user') {




            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        }




        parent::onShowNew();


    }




    function onSubmit() {


        global $app, $conf;




        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));




        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];




        // Check the client limits, if user is not the admin


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        } // end if user is not admin






        // Set the server ID of the rr record to the same server ID as the parent record.


        $this->dataRecord["server_id"] = $soa["server_id"];




        // Update the serial number  and timestamp of the RR record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);


        $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);


        $this->dataRecord["stamp"] = date('Y-m-d H:i:s');




        parent::onSubmit();


    }




    function onAfterInsert() {


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }




    function onAfterUpdate() {


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }


class page_action extends dns_page_action {




}






 interface/web/dns/dns_import.php


@@ -106,13 +106,13 @@




    // Get the limits of the client


    $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


    $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


    $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);






    // load the list of clients


    $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";


    $clients = $app->db->queryAllRecords($sql);


    $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id']));


    $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";


    $clients = $app->db->queryAllRecords($sql, $client['client_id']);


    $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);


    $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';


    if(is_array($clients)) {


        foreach( $clients as $client) {


@@ -127,7 +127,7 @@


if($_SESSION["s"]["user"]["typ"] != 'admin')


{


    $client_group_id = $_SESSION["s"]["user"]["default_group"];


    $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


    $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




    $client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);




@@ -138,8 +138,8 @@


        $app->tpl->setVar('server_id_value', $client_dns['dns_servers_ids'][0]);


    }




    $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_dns['dns_servers'] . ");";


    $dns_servers = $app->db->queryAllRecords($sql);


    $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";


    $dns_servers = $app->db->queryAllRecords($sql, $client_dns['dns_servers_ids']);




    $options_dns_servers = "";




@@ -199,8 +199,8 @@


if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])){


    $valid_zone_file = FALSE;




    $sql = "SELECT server_name FROM `server` WHERE server_id=".$app->functions->intval($server_id)." OR mirror_server_id=".$app->functions->intval($server_id)." ORDER BY server_name ASC";


    $servers = $app->db->queryAllRecords($sql);


    $sql = "SELECT server_name FROM `server` WHERE server_id=? OR mirror_server_id=? ORDER BY server_name ASC";


    $servers = $app->db->queryAllRecords($sql, $server_id, $server_id);


    for ($i=0;$i<count($servers);$i++)


    {


        if (substr($servers[$i]['server_name'], strlen($servers[$i]['server_name'])-1) != ".")


@@ -695,21 +695,38 @@




    // Insert the soa record


    $sys_userid = $_SESSION['s']['user']['userid'];


    $origin = $app->db->quote($soa['name']);


    $ns = $app->db->quote($soa['ns']);


    $mbox = $app->db->quote($soa['mbox']);


    $refresh = $app->db->quote($soa['refresh']);


    $retry = $app->db->quote($soa['retry']);


    $expire = $app->db->quote($soa['expire']);


    $minimum = $app->db->quote($soa['minimum']);


    $ttl = $app->db->quote($soa['ttl']);


    $xfer = $app->db->quote('');


    $serial = $app->db->quote($app->functions->intval($soa['serial'])+1);


    $origin = $soa['name'];


    $ns = $soa['ns'];


    $mbox = $soa['mbox'];


    $refresh = $soa['refresh'];


    $retry = $soa['retry'];


    $expire = $soa['expire'];


    $minimum = $soa['minimum'];


    $ttl = $soa['ttl'];


    $xfer = '';


    $serial = $app->functions->intval($soa['serial']+1);


    //print_r($soa);


    //die();


    if($valid_zone_file){


        $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`) VALUES


        ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '$xfer')";


        $insert_data = array(


            "sys_userid" => $sys_userid,


            "sys_groupid" => $sys_groupid,


            "sys_perm_user" => 'riud',


            "sys_perm_group" => 'riud',


            "sys_perm_other" => '',


            "server_id" => $server_id,


            "origin" => $origin,


            "ns" => $ns,


            "mbox" => $mbox,


            "serial" => $serial,


            "refresh" => $refresh,


            "retry" => $retry,


            "expire" => $expire,


            "minimum" => $minimum,


            "ttl" => $ttl,


            "active" => 'Y',


            "xfer" => $xfer


        );


        $dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');




        // Insert the dns_rr records


@@ -717,8 +734,21 @@


        {


            foreach($dns_rr as $rr)


            {


                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES


                ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '".$app->db->quote($rr['name'])."', '".$app->db->quote($rr['type'])."', '".$app->db->quote($rr['data'])."', '".$app->db->quote($rr['aux'])."', '".$app->db->quote($rr['ttl'])."', 'Y')";


                $insert_data = array(


                    "sys_userid" => $sys_userid,


                    "sys_groupid" => $sys_groupid,


                    "sys_perm_user" => 'riud',


                    "sys_perm_group" => 'riud',


                    "sys_perm_other" => '',


                    "server_id" => $server_id,


                    "zone" => $dns_soa_id,


                    "name" => $rr['name'],


                    "type" => $rr['type'],


                    "data" => $rr['data'],


                    "aux" => $rr['aux'],


                    "ttl" => $rr['ttl'],


                    "active" => 'Y'


                );


                $dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');


            }


        }




 interface/web/dns/dns_mx_edit.php


@@ -40,79 +40,17 @@




require_once '../../lib/config.inc.php';


require_once '../../lib/app.inc.php';




//* Check permissions for module


$app->auth->check_module_permissions('dns');


require_once './dns_edit_base.php';




// Loading classes


$app->uses('tpl,tform,tform_actions,validate_dns');


$app->load('tform_actions');




class page_action extends tform_actions {




    function onShowNew() {


        global $app, $conf;




        // we will check only users, not admins


        if($_SESSION["s"]["user"]["typ"] == 'user') {




            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        }




        parent::onShowNew();


    }




    function onSubmit() {


        global $app, $conf;




        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));




        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];




        // Check the client limits, if user is not the admin


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        } // end if user is not admin






        // Set the server ID of the rr record to the same server ID as the parent record.


        $this->dataRecord["server_id"] = $soa["server_id"];




        // Update the serial number  and timestamp of the RR record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);


        $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);


        $this->dataRecord["stamp"] = date('Y-m-d H:i:s');




        parent::onSubmit();


    }


class page_action extends dns_page_action {




    function onInsert() {


        global $app, $conf;




        // Check if record is existing already


        $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$app->db->quote($this->dataRecord["name"])."' AND type = '".$app->db->quote($this->dataRecord["type"])."' AND data = '".$app->db->quote($this->dataRecord["data"])."' AND ".$app->tform->getAuthSQL('r'));


        $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND name = ? AND type = ? AND data = ? AND ".$app->tform->getAuthSQL('r'), $this->dataRecord["zone"], $this->dataRecord["name"], $this->dataRecord["type"], $this->dataRecord["data"]);


		




        if(is_array($duplicate_mx) && !empty($duplicate_mx)) $app->error($app->tform->wordbook["duplicate_mx_record_txt"]);




@@ -123,34 +61,11 @@


        global $app, $conf;




        // Check if record is existing already


        $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ".$app->functions->intval($this->dataRecord["zone"])." AND name = '".$app->db->quote($this->dataRecord["name"])."' AND type = '".$app->db->quote($this->dataRecord["type"])."' AND data = '".$app->db->quote($this->dataRecord["data"])."' AND id != ".$app->functions->intval($this->dataRecord["id"])." AND ".$app->tform->getAuthSQL('r'));


        $duplicate_mx = $app->db->queryOneRecord("SELECT * FROM dns_rr WHERE zone = ? AND name = ? AND type = ? AND data = ? AND id != ? AND ".$app->tform->getAuthSQL('r'), $this->dataRecord["zone"], $this->dataRecord["name"], $this->dataRecord["type"], $this->dataRecord["data"], $this->dataRecord["id"]);




        if(is_array($duplicate_mx) && !empty($duplicate_mx)) $app->error($app->tform->wordbook["duplicate_mx_record_txt"]);




        parent::onUpdate();


    }




    function onAfterInsert() {


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }




    function onAfterUpdate() {


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }




}




 interface/web/dns/dns_ns_edit.php


@@ -40,96 +40,10 @@




require_once '../../lib/config.inc.php';


require_once '../../lib/app.inc.php';




//* Check permissions for module


$app->auth->check_module_permissions('dns');


require_once './dns_edit_base.php';




// Loading classes


$app->uses('tpl,tform,tform_actions,validate_dns');


$app->load('tform_actions');




class page_action extends tform_actions {




    function onShowNew() {


        global $app, $conf;




        // we will check only users, not admins


        if($_SESSION["s"]["user"]["typ"] == 'user') {




            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        }




        parent::onShowNew();


    }




    function onSubmit() {


        global $app, $conf;




        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));




        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];




        // Check the client limits, if user is not the admin


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        } // end if user is not admin






        // Set the server ID of the rr record to the same server ID as the parent record.


        $this->dataRecord["server_id"] = $soa["server_id"];




        // Update the serial number  and timestamp of the RR record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);


        $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);


        $this->dataRecord["stamp"] = date('Y-m-d H:i:s');




        parent::onSubmit();


    }




    function onAfterInsert() {


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }




    function onAfterUpdate() {


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }


class page_action extends dns_page_action {




}






 interface/web/dns/dns_ptr_edit.php


@@ -40,96 +40,10 @@




require_once '../../lib/config.inc.php';


require_once '../../lib/app.inc.php';




//* Check permissions for module


$app->auth->check_module_permissions('dns');


require_once './dns_edit_base.php';




// Loading classes


$app->uses('tpl,tform,tform_actions,validate_dns');


$app->load('tform_actions');




class page_action extends tform_actions {




    function onShowNew() {


        global $app, $conf;




        // we will check only users, not admins


        if($_SESSION["s"]["user"]["typ"] == 'user') {




            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        }




        parent::onShowNew();


    }




    function onSubmit() {


        global $app, $conf;




        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));




        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];




        // Check the client limits, if user is not the admin


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        } // end if user is not admin






        // Set the server ID of the rr record to the same server ID as the parent record.


        $this->dataRecord["server_id"] = $soa["server_id"];




        // Update the serial number  and timestamp of the RR record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);


        $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);


        $this->dataRecord["stamp"] = date('Y-m-d H:i:s');




        parent::onSubmit();


    }




    function onAfterInsert() {


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }




    function onAfterUpdate() {


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }


class page_action extends dns_page_action {




}






 interface/web/dns/dns_rp_edit.php


@@ -40,96 +40,10 @@




require_once '../../lib/config.inc.php';


require_once '../../lib/app.inc.php';




//* Check permissions for module


$app->auth->check_module_permissions('dns');


require_once './dns_edit_base.php';




// Loading classes


$app->uses('tpl,tform,tform_actions,validate_dns');


$app->load('tform_actions');




class page_action extends tform_actions {




    function onShowNew() {


        global $app, $conf;




        // we will check only users, not admins


        if($_SESSION["s"]["user"]["typ"] == 'user') {




            // Get the limits of the client


            $client_group_id = $_SESSION["s"]["user"]["default_group"];


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        }




        parent::onShowNew();


    }




    function onSubmit() {


        global $app, $conf;




        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));




        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];




        // Check the client limits, if user is not the admin


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        } // end if user is not admin






        // Set the server ID of the rr record to the same server ID as the parent record.


        $this->dataRecord["server_id"] = $soa["server_id"];




        // Update the serial number  and timestamp of the RR record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);


        $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);


        $this->dataRecord["stamp"] = date('Y-m-d H:i:s');




        parent::onSubmit();


    }




    function onAfterInsert() {


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }




    function onAfterUpdate() {


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }


class page_action extends dns_page_action {




}






 interface/web/dns/dns_rr_del.php


@@ -54,10 +54,10 @@


        global $app; $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $this->dataRecord["zone"]);


        $soa_id = $app->functions->intval($this->dataRecord["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


        $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);


    }




}




 interface/web/dns/dns_slave_del.php


@@ -56,7 +56,7 @@


        if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));




        // Delete all records that belog to this zone.


        $records = $app->db->queryAllRecords("SELECT id FROM dns_slave WHERE zone = '".$app->functions->intval($this->id)."'");


        $records = $app->db->queryAllRecords("SELECT id FROM dns_slave WHERE zone = ?", $this->id);


        foreach($records as $rec) {


            $app->db->datalogDelete('dns_slave', 'id', $rec['id']);


        }




 interface/web/dns/dns_slave_edit.php


@@ -99,12 +99,12 @@




                // Get the limits of the client


                $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


                $client = $app->db->queryOneRecord("SELECT client.client_id, sys_group.name, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                $client = $app->db->queryOneRecord("SELECT client.client_id, sys_group.name, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




                // Fill the client select field


                $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY client.company_name, client.contact_name, sys_group.name";


                $clients = $app->db->queryAllRecords($sql);


                $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);


                $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";


                $clients = $app->db->queryAllRecords($sql, $client['client_id']);


                $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);


                $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';


                //$tmp_data_record = $app->tform->getDataRecord($this->id);


                if(is_array($clients)) {


@@ -176,12 +176,12 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') {


            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_slave_zone, default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_dns_slave_zone, default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // When the record is updated


            if($this->id > 0) {


                // restore the server ID if the user is not admin and record is edited


                $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_slave WHERE id = ".$app->functions->intval($this->id));


                $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_slave WHERE id = ?", $this->id);


                $this->dataRecord["server_id"] = $tmp["server_id"];


                unset($tmp);


                // When the record is inserted


@@ -203,7 +203,7 @@


        if(strlen($this->dataRecord["origin"]) > 0 && substr($this->dataRecord["origin"], -1, 1) != '.') $this->dataRecord["origin"] .= '.';




        //* Check if a primary zone with the same name already exists


        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE origin = \"".$app->db->quote($this->dataRecord["origin"])."\" AND server_id= \"".$app->db->quote($this->dataRecord["server_id"])."\"");


        $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE origin = ? AND server_id = ?", $this->dataRecord["origin"], $this->dataRecord["server_id"]);


        if($tmp["number"] > 0) {


            $app->error($app->tform->wordbook["origin_error_unique"]);


        }


@@ -215,7 +215,7 @@


        global $app, $conf;




        // Check if record is existing already


        $duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = '".$app->db->quote($this->dataRecord["origin"])."' AND server_id = ".$app->functions->intval($this->dataRecord["server_id"])." AND ".$app->tform->getAuthSQL('r'));


        $duplicate_slave = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = ? AND server_id = ? AND ".$app->tform->getAuthSQL('r'), $this->dataRecord["origin"], $this->dataRecord["server_id"]);




        if(is_array($duplicate_slave) && !empty($duplicate_slave)) $app->error($app->tform->wordbook["origin_error_unique"]);






 interface/web/dns/dns_soa_del.php


@@ -56,7 +56,7 @@


        if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));




        // Delete all records that belog to this zone.


        $records = $app->db->queryAllRecords("SELECT id FROM dns_rr WHERE zone = '".$app->functions->intval($this->id)."'");


        $records = $app->db->queryAllRecords("SELECT id FROM dns_rr WHERE zone = ?", $this->id);


        foreach($records as $rec) {


            $app->db->datalogDelete('dns_rr', 'id', $rec['id']);


        }




 interface/web/dns/dns_soa_edit.php


@@ -109,12 +109,12 @@




                // Get the limits of the client


                $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


                $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




                // Fill the client select field


                $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY client.company_name, client.contact_name, sys_group.name";


                $clients = $app->db->queryAllRecords($sql);


                $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);


                $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";


                $clients = $app->db->queryAllRecords($sql, $client['client_id']);


                $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);


                $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';


                //$tmp_data_record = $app->tform->getDataRecord($this->id);


                if(is_array($clients)) {


@@ -133,7 +133,7 @@


    if($_SESSION["s"]["user"]["typ"] != 'admin')


    {


        $client_group_id = $_SESSION["s"]["user"]["default_group"];


        $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


        $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




        $client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);




@@ -144,13 +144,13 @@


            $app->tpl->setVar('server_id_value', $client_dns['dns_servers_ids'][0]);


        }




        $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_dns['dns_servers'] . ");";


        $dns_servers = $app->db->queryAllRecords($sql);


        $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";


        $dns_servers = $app->db->queryAllRecords($sql, $client_dns['dns_servers_ids']);




        $options_dns_servers = "";




        foreach ($dns_servers as $dns_server) {


            $options_dns_servers .= "<option value='$dns_server[server_id]'>$dns_server[server_name]</option>";


            $options_dns_servers .= '<option value="'.$dns_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $dns_server['server_id'] ? ' selected="selected"' : '').'>'.$dns_server['server_name'].'</option>';


        }




        $app->tpl->setVar("client_server_id", $options_dns_servers);


@@ -219,7 +219,7 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') {


            // Get the limits of the client


            $client_group_id = $_SESSION["s"]["user"]["default_group"];


            $client = $app->db->queryOneRecord("SELECT limit_dns_zone, dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_dns_zone, dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            $client['dns_servers_ids'] = explode(',', $client['dns_servers']);




@@ -231,27 +231,20 @@


            // When the record is updated


            if($this->id > 0) {


                // restore the server ID if the user is not admin and record is edited


                $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_soa WHERE id = ".$app->functions->intval($this->id));


                $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_soa WHERE id = ?", $this->id);


                $this->dataRecord["server_id"] = $tmp["server_id"];


                unset($tmp);


                // When the record is inserted


            } else {


                // Check if the user may add another maildomain.


                if($client["limit_dns_zone"] >= 0) {


                    $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE sys_groupid = $client_group_id");


                    $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE sys_groupid = ?", $client_group_id);


                    if($tmp["number"] >= $client["limit_dns_zone"]) {


                        $app->error($app->tform->wordbook["limit_dns_zone_txt"]);


                    }


                }


            }


        }




        /*


            // Update the serial number of the SOA record


            $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ".$this->id);


            $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);


            */






        //* Check if soa, ns and mbox have a dot at the end


        if(strlen($this->dataRecord["origin"]) > 0 && substr($this->dataRecord["origin"], -1, 1) != '.') $this->dataRecord["origin"] .= '.';


@@ -282,7 +275,7 @@


    // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


    if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {


        //* We do not allow users to change a domain which has been created by the admin


        $rec = $app->db->queryOneRecord("SELECT origin from dns_soa WHERE id = ".$this->id);


        $rec = $app->db->queryOneRecord("SELECT origin from dns_soa WHERE id = ?", $this->id);


        $drOrigin = (isset($this->dataRecord['origin']))


            ? $app->functions->idn_encode($this->dataRecord['origin'])


            : false;




 interface/web/dns/dns_spf_edit.php


@@ -57,7 +57,7 @@




            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = =", $client_group_id);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another mailbox.


            if($client["limit_dns_record"] >= 0) {


@@ -77,8 +77,8 @@


        $zone = $app->functions->intval($_GET['zone']);




        //* check for an existing spf-record


        $sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=spf1%' AND zone = ? AND ?";


        $rec = $app->db->queryOneRecord($sql, $zone, $app->tform->getAuthSQL('r'));


        $sql = "SELECT data, active FROM dns_rr WHERE data LIKE 'v=spf1%' AND zone = ? AND " . $app->tform->getAuthSQL('r');


        $rec = $app->db->queryOneRecord($sql, $zone);


        if ( isset($rec) && !empty($rec) ) {


            $this->id = 1;


            $old_data = strtolower($rec['data']);


@@ -134,7 +134,7 @@






        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($_POST["zone"]), $app->tform->getAuthSQL('r'));


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($_POST["zone"]));




        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];


@@ -241,13 +241,13 @@


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));


        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));


        $app->db->datalogUpdate('dns_rr', array("sys_groupid" => $soa['sys_groupid']), 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


        $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);




    }




@@ -255,10 +255,10 @@


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND ?", $app->functions->intval($this->dataRecord["zone"]), $app->tform->getAuthSQL('r'));


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r'), $app->functions->intval($this->dataRecord["zone"]));


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


        $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);


    }




}




 interface/web/dns/dns_srv_edit.php


@@ -40,37 +40,10 @@




require_once '../../lib/config.inc.php';


require_once '../../lib/app.inc.php';




//* Check permissions for module


$app->auth->check_module_permissions('dns');


require_once './dns_edit_base.php';




// Loading classes


$app->uses('tpl,tform,tform_actions,validate_dns');


$app->load('tform_actions');




class page_action extends tform_actions {




    function onShowNew() {


        global $app, $conf;




        // we will check only users, not admins


        if($_SESSION["s"]["user"]["typ"] == 'user') {




            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        }




        parent::onShowNew();


    }


class page_action extends dns_page_action {




    function onShowEnd() {


        global $app, $conf;


@@ -91,65 +64,6 @@




    function onBeforeUpdate() {


        $this->dataRecord['data'] = $this->dataRecord['weight'] .' '. $this->dataRecord['port'] .' '. $this->dataRecord['target'];


    }




    function onSubmit() {


        global $app, $conf;




        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));




        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];




        // Check the client limits, if user is not the admin


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $_SESSION["s"]["user"]["default_group"];


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        } // end if user is not admin






        // Set the server ID of the rr record to the same server ID as the parent record.


        $this->dataRecord["server_id"] = $soa["server_id"];




        // Update the serial number  and timestamp of the RR record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);


        $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);


        $this->dataRecord["stamp"] = date('Y-m-d H:i:s');




        parent::onSubmit();


    }




    function onAfterInsert() {


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }




    function onAfterUpdate() {


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }




}




 interface/web/dns/dns_txt_edit.php


@@ -40,96 +40,10 @@




require_once '../../lib/config.inc.php';


require_once '../../lib/app.inc.php';




//* Check permissions for module


$app->auth->check_module_permissions('dns');


require_once './dns_edit_base.php';




// Loading classes


$app->uses('tpl,tform,tform_actions,validate_dns');


$app->load('tform_actions');




class page_action extends tform_actions {




    function onShowNew() {


        global $app, $conf;




        // we will check only users, not admins


        if($_SESSION["s"]["user"]["typ"] == 'user') {




            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        }




        parent::onShowNew();


    }




    function onSubmit() {


        global $app, $conf;




        // Get the parent soa record of the domain


        $soa = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = '".$app->functions->intval($_POST["zone"])."' AND ".$app->tform->getAuthSQL('r'));




        // Check if Domain belongs to user


        if($soa["id"] != $_POST["zone"]) $app->tform->errorMessage .= $app->tform->wordbook["no_zone_perm"];




        // Check the client limits, if user is not the admin


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_dns_record FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_dns_record"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE sys_groupid = $client_group_id");


                if($tmp["number"] >= $client["limit_dns_record"]) {


                    $app->error($app->tform->wordbook["limit_dns_record_txt"]);


                }


            }


        } // end if user is not admin






        // Set the server ID of the rr record to the same server ID as the parent record.


        $this->dataRecord["server_id"] = $soa["server_id"];




        // Update the serial number  and timestamp of the RR record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_rr WHERE id = ".$this->id);


        $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);


        $this->dataRecord["stamp"] = date('Y-m-d H:i:s');




        parent::onSubmit();


    }




    function onAfterInsert() {


        global $app, $conf;




        //* Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record


        $soa = $app->db->queryOneRecord("SELECT sys_groupid,serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->datalogUpdate('dns_rr', "sys_groupid = ".$soa['sys_groupid'], 'id', $this->id);




        //* Update the serial number of the SOA record


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }




    function onAfterUpdate() {


        global $app, $conf;




        //* Update the serial number of the SOA record


        $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = '".$app->functions->intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r'));


        $soa_id = $app->functions->intval($_POST["zone"]);


        $serial = $app->validate_dns->increase_serial($soa["serial"]);


        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


    }


class page_action extends dns_page_action {




}






 interface/web/dns/dns_wizard.php


@@ -107,14 +107,14 @@




    // Get the limits of the client


    $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


    $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


    $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);






    if ($domains_settings['use_domain_module'] != 'y') {


        // load the list of clients


        $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";


        $clients = $app->db->queryAllRecords($sql);


        $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));


        $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";


        $clients = $app->db->queryAllRecords($sql, $client['client_id']);


        $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);


        $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';


        if(is_array($clients)) {


            foreach( $clients as $client) {


@@ -130,7 +130,7 @@


if($_SESSION["s"]["user"]["typ"] != 'admin')


{


    $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


    $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


    $client_dns = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




    $client_dns['dns_servers_ids'] = explode(',', $client_dns['dns_servers']);




@@ -141,13 +141,13 @@


        $app->tpl->setVar('server_id_value', $client_dns['dns_servers_ids'][0]);


    }




    $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_dns['dns_servers'] . ");";


    $dns_servers = $app->db->queryAllRecords($sql);


    $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";


    $dns_servers = $app->db->queryAllRecords($sql, $client_dns['dns_servers_ids']);




    $options_dns_servers = "";




    foreach ($dns_servers as $dns_server) {


        $options_dns_servers .= "<option value='$dns_server[server_id]'>$dns_server[server_name]</option>";


        $options_dns_servers .= '<option value="'.$dns_server['server_id'].'"'.($_POST['server_id'] == $dns_server['server_id'] ? ' selected="selected"' : '').'>'.$dns_server['server_name'].'</option>';


    }




    $app->tpl->setVar("server_id", $options_dns_servers);


@@ -155,7 +155,7 @@




}




$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = '".$app->functions->intval($template_id)."'");


$template_record = $app->db->queryOneRecord("SELECT * FROM dns_template WHERE template_id = ?", $template_id);


$fields = explode(',', $template_record['fields']);


if(is_array($fields)) {


    foreach($fields as $field) {


@@ -203,7 +203,7 @@


    if ($post_server_id)


    {


        $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


        $client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


        $client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




        $client['dns_servers_ids'] = explode(',', $client['dns_servers']);




@@ -335,11 +335,11 @@


                if($section == 'dns_records') {


                    $parts = explode('|', $row);


                    $dns_rr[] = array(


                        'name' => $app->db->quote($parts[1]),


                        'type' => $app->db->quote($parts[0]),


                        'data' => $app->db->quote($parts[2]),


                        'aux'  => $app->db->quote($parts[3]),


                        'ttl'  => $app->db->quote($parts[4])


                        'name' => $parts[1],


                        'type' => $parts[0],


                        'data' => $parts[2],


                        'aux'  => $parts[3],


                        'ttl'  => $parts[4]


                    );


                }


            }


@@ -359,28 +359,60 @@


    if($error == '') {


        // Insert the soa record


        $sys_userid = $_SESSION['s']['user']['userid'];


        $origin = $app->db->quote($vars['origin']);


        $ns = $app->db->quote($vars['ns']);


        $mbox = $app->db->quote(str_replace('@', '.', $vars['mbox']));


        $refresh = $app->db->quote($vars['refresh']);


        $retry = $app->db->quote($vars['retry']);


        $expire = $app->db->quote($vars['expire']);


        $minimum = $app->db->quote($vars['minimum']);


        $ttl = $app->db->quote($vars['ttl']);


        $xfer = $app->db->quote($vars['xfer']);


        $also_notify = $app->db->quote($vars['also_notify']);


        $update_acl = $app->db->quote($vars['update_acl']);


        $origin = $vars['origin'];


        $ns = $vars['ns'];


        $mbox = str_replace('@', '.', $vars['mbox']);


        $refresh = $vars['refresh'];


        $retry = $vars['retry'];


        $expire = $vars['expire'];


        $minimum = $vars['minimum'];


        $ttl = $vars['ttl'];


        $xfer = $vars['xfer'];


        $also_notify = $vars['also_notify'];


        $update_acl = $vars['update_acl'];


        $serial = $app->validate_dns->increase_serial(0);




        $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`, `also_notify`, `update_acl`) VALUES


        ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '$xfer', '$also_notify', '$update_acl')";


        $insert_data = array(


            "sys_userid" => $sys_userid,


            "sys_groupid" => $sys_groupid,


            "sys_perm_user" => 'riud',


            "sys_perm_group" => 'riud',


            "sys_perm_other" => '',


            "server_id" => $server_id,


            "origin" => $origin,


            "ns" => $ns,


            "mbox" => $mbox,


            "serial" => $serial,


            "refresh" => $refresh,


            "retry" => $retry,


            "expire" => $expire,


            "minimum" => $minimum,


            "ttl" => $ttl,


            "active" => 'Y',


            "xfer" => $xfer,


            "also_notify" => $also_notify,


            "update_acl" => $update_acl


        );


        $dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');




        // Insert the dns_rr records


        if(is_array($dns_rr) && $dns_soa_id > 0) {


            foreach($dns_rr as $rr) {


                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES


                ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')";


                $insert_data = array(


                    "sys_userid" => $sys_userid,


                    "sys_groupid" => $sys_groupid,


                    "sys_perm_user" => 'riud',


                    "sys_perm_group" => 'riud',


                    "sys_perm_other" => '',


                    "server_id" => $server_id,


                    "zone" => $dns_soa_id,


                    "name" => $rr['name'],


                    "type" => $rr['type'],


                    "data" => $rr['data'],


                    "aux" => $rr['aux'],


                    "ttl" => $rr['ttl'],


                    "active" => 'Y'


                );


                $dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');


            }


        }




 interface/web/dns/form/dns_a.tform.php


@@ -133,7 +133,7 @@


                    'range' => '60:',


                    'errmsg'=> 'ttl_range_error'),


            ),


            'default' => '86400',


            'default' => '3600',


            'value'  => '',


            'width'  => '10',


            'maxlength' => '10'




 interface/web/dns/form/dns_aaaa.tform.php


@@ -126,7 +126,7 @@


                    'range' => '60:',


                    'errmsg'=> 'ttl_range_error'),


            ),


            'default' => '86400',


            'default' => '3600',


            'value'  => '',


            'width'  => '10',


            'maxlength' => '10'




 interface/web/dns/form/dns_alias.tform.php


@@ -142,7 +142,7 @@


                    'range' => '60:',


                    'errmsg'=> 'ttl_range_error'),


            ),


            'default' => '86400',


            'default' => '3600',


            'value'  => '',


            'width'  => '10',


            'maxlength' => '10'




 interface/web/dns/form/dns_cname.tform.php


@@ -140,7 +140,7 @@


                    'range' => '60:',


                    'errmsg'=> 'ttl_range_error'),


            ),


            'default' => '86400',


            'default' => '3600',


            'value'  => '',


            'width'  => '10',


            'maxlength' => '10'




 interface/web/dns/form/dns_dkim.tform.php


@@ -120,7 +120,7 @@


                            'range' => '60:',


                            'errmsg'=> 'ttl_range_error'),


            ),


            'default' => '86400',


            'default' => '3600',


            'value'  => '',


            'width'  => '10',


            'maxlength' => '10'




 interface/web/dns/form/dns_hinfo.tform.php


@@ -132,7 +132,7 @@


                    'range' => '60:',


                    'errmsg'=> 'ttl_range_error'),


            ),


            'default' => '86400',


            'default' => '3600',


            'value'  => '',


            'width'  => '10',


            'maxlength' => '10'




 interface/web/dns/form/dns_mx.tform.php


@@ -141,7 +141,7 @@


                    'range' => '60:',


                    'errmsg'=> 'ttl_range_error'),


            ),


            'default' => '86400',


            'default' => '3600',


            'value'  => '',


            'width'  => '10',


            'maxlength' => '10'




 interface/web/dns/form/dns_ns.tform.php


@@ -140,7 +140,7 @@


                    'range' => '60:',


                    'errmsg'=> 'ttl_range_error'),


            ),


            'default' => '86400',


            'default' => '3600',


            'value'  => '',


            'width'  => '10',


            'maxlength' => '10'




 interface/web/dns/form/dns_ptr.tform.php


@@ -140,7 +140,7 @@


                    'range' => '60:',


                    'errmsg'=> 'ttl_range_error'),


            ),


            'default' => '86400',


            'default' => '3600',


            'value'  => '',


            'width'  => '10',


            'maxlength' => '10'




 interface/web/dns/form/dns_rp.tform.php


@@ -133,7 +133,7 @@


                    'range' => '60:',


                    'errmsg'=> 'ttl_range_error'),


            ),


            'default' => '86400',


            'default' => '3600',


            'value'  => '',


            'width'  => '10',


            'maxlength' => '10'




 interface/web/dns/form/dns_soa.tform.php


@@ -197,7 +197,7 @@


                    'range' => '60:',


                    'errmsg'=> 'minimum_range_error'),


            ),


            'default' => '86400',


            'default' => '3600',


            'value'  => '',


            'width'  => '10',


            'maxlength' => '10'




 interface/web/dns/form/dns_spf.tform.php


@@ -127,7 +127,7 @@


                    'range' => '60:',


                    'errmsg'=> 'ttl_range_error'),


            ),


            'default' => '86400',


            'default' => '3600',


            'value'  => '',


            'width'  => '10',


            'maxlength' => '10'




 interface/web/dns/form/dns_srv.tform.php


@@ -131,7 +131,7 @@


                    'range' => '60:',


                    'errmsg'=> 'ttl_range_error'),


            ),


            'default' => '86400',


            'default' => '3600',


            'value'  => '',


            'width'  => '10',


            'maxlength' => '10'




 interface/web/dns/form/dns_txt.tform.php


@@ -137,7 +137,7 @@


                    'range' => '60:',


                    'errmsg'=> 'ttl_range_error'),


            ),


            'default' => '86400',


            'default' => '3600',


            'value'  => '',


            'width'  => '10',


            'maxlength' => '10'




 interface/web/dns/lib/module.conf.php


@@ -5,6 +5,7 @@


$module["template"]  = "module.tpl.htm";


$module["startpage"]  = "dns/dns_soa_list.php";


$module["tab_width"]    = '';


$module['order']    = '50';






$items[] = array( 'title'  => "Add DNS Zone",




 interface/web/dns/list/dns_a.list.php


@@ -55,7 +55,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",


@@ -132,7 +132,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SRV'=>'SRV', 'TXT'=>'TXT'));


    'value'  => array('A'=>'A', 'AAAA' => 'AAAA', 'ALIAS'=>'ALIAS', 'CNAME'=>'CNAME', 'HINFO'=>'HINFO', 'MX'=>'MX', 'NS'=>'NS', 'PTR'=>'PTR', 'RP'=>'RP', 'SPF'=>'SPF', 'SRV'=>'SRV', 'TXT'=>'TXT'));






?>




 interface/web/dns/list/dns_slave.list.php


@@ -59,7 +59,7 @@


    'prefix' => "",


    'suffix' => "",


    'width' => "",


    'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));






$liste["item"][] = array(   'field' => "server_id",


@@ -83,7 +83,8 @@


        'prefix' => "",


        'suffix' => "",


        'datasource' => array (  'type' => 'SQL',


            'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',


            //'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',


            'querystring' => "SELECT sys_group.groupid,CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), IF(client.contact_firstname != '', CONCAT(client.contact_firstname, ' '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as name FROM sys_group, client WHERE sys_group.groupid != 1 AND sys_group.client_id = client.client_id ORDER BY client.company_name, client.contact_name",


            'keyfield'=> 'groupid',


            'valuefield'=> 'name'


        ),




 interface/web/dns/list/dns_soa.list.php


@@ -59,7 +59,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",


@@ -83,7 +83,8 @@


        'prefix' => "",


        'suffix' => "",


        'datasource' => array (  'type' => 'SQL',


            'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',


            //'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',


            'querystring' => "SELECT sys_group.groupid,CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), IF(client.contact_firstname != '', CONCAT(client.contact_firstname, ' '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as name FROM sys_group, client WHERE sys_group.groupid != 1 AND sys_group.client_id = client.client_id ORDER BY client.company_name, client.contact_name",


            'keyfield'=> 'groupid',


            'valuefield'=> 'name'


        ),




 interface/web/dns/list/dns_template.list.php


@@ -55,7 +55,7 @@


    'prefix' => "",


    'suffix' => "",


    'width' => "",


    'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value' => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('yes_txt')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('no_txt')."</span></div>"));






$liste["item"][] = array(   'field' => "name",




 interface/web/dns/templates/dns_a_list.htm


@@ -71,7 +71,7 @@


                        <td><a href="#" data-load-content="dns/dns_{tmpl_var name='type_lowercase'}_edit.php?id={tmpl_var name='id'}">{tmpl_var name="aux"}</a></td>


                        <td><a href="#" data-load-content="dns/dns_{tmpl_var name='type_lowercase'}_edit.php?id={tmpl_var name='id'}">{tmpl_var name="ttl"}</a></td>


                        <td class="text-right">


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_rr_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_rr_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                    </tr>


                </tmpl_loop>




 interface/web/dns/templates/dns_import.htm


@@ -38,18 +38,18 @@


                    </select></div>


                    <tmpl_else>


                        <div class="col-sm-9"><input type="text" name="domain" id="domain" value="{tmpl_var name='domain'}" class="form-control" onkeydown="keydown(event.which);" /></div></tmpl_if>


                <p class="value"><tmpl_var name='domain_field_desc_txt'}</p>


                    <div class="col-sm-3 col-text"></div><div class="col-sm-9 col-text"><tmpl_var name='domain_field_desc_txt'}</div>


            </div>    


            <div class="form-group">


                <label for="file" class="col-sm-3 control-label">{tmpl_var name='zonefile_to_import_txt'}</label>


                <input name="file" id="file" size="30" type="file" class="fileUpload" />


                <div class="col-sm-9 col-text"><input name="file" id="file" size="30" type="file" class="fileUpload" /></div>


            </div>


                


            <tmpl_if name="msg">


                <div id="OKMsg"><p><tmpl_var name="msg"></p></div>


            </tmpl_if>


            <tmpl_if name="error">


                <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>


                <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>


            </tmpl_if>


                


            <input type="hidden" name="id" value="{tmpl_var name='id'}">




 interface/web/dns/templates/dns_slave_admin_list.htm


@@ -59,7 +59,7 @@


                        <td><a href="#" data-load-content="dns/dns_slave_edit.php?id={tmpl_var name='id'}">{tmpl_var name="origin"}</a></td>


                        <td><a href="#" data-load-content="dns/dns_slave_edit.php?id={tmpl_var name='id'}">{tmpl_var name="ns"}</a></td>


                        <td class="text-right">


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_slave_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_slave_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                    </tr>


                </tmpl_loop>




 interface/web/dns/templates/dns_slave_list.htm


@@ -56,7 +56,7 @@


                        <td><a href="#" data-load-content="dns/dns_slave_edit.php?id={tmpl_var name='id'}">{tmpl_var name="origin"}</a></td>


                        <td><a href="#" data-load-content="dns/dns_slave_edit.php?id={tmpl_var name='id'}">{tmpl_var name="ns"}</a></td>


                        <td class="text-right">


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_slave_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_slave_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                    </tr>


                </tmpl_loop>




 interface/web/dns/templates/dns_soa_admin_list.htm


@@ -64,7 +64,7 @@


                        <td><a href="#" data-load-content="dns/dns_soa_edit.php?id={tmpl_var name='id'}">{tmpl_var name="ns"}</a></td>


                        <td><a href="#" data-load-content="dns/dns_soa_edit.php?id={tmpl_var name='id'}">{tmpl_var name="mbox"}</a></td>


                        <td class="text-right">   


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_soa_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_soa_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                    </tr>


                </tmpl_loop>




 interface/web/dns/templates/dns_soa_list.htm


@@ -61,7 +61,7 @@


                        <td><a href="#" data-load-content="dns/dns_soa_edit.php?id={tmpl_var name='id'}">{tmpl_var name="ns"}</a></td>


                        <td><a href="#" data-load-content="dns/dns_soa_edit.php?id={tmpl_var name='id'}">{tmpl_var name="mbox"}</a></td>


                        <td class="text-right">   


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_soa_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_soa_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                    </tr>


                </tmpl_loop>




 interface/web/dns/templates/dns_template_list.htm


@@ -34,7 +34,7 @@


                        <td><a href="#" data-load-content="dns/dns_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="visible"}</a></td>


                        <td><a href="#" data-load-content="dns/dns_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="name"}</a></td>


                        <td class="text-right">


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('dns/dns_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                    </tr>


                </tmpl_loop>




 interface/web/dns/templates/dns_wizard.htm


@@ -4,7 +4,7 @@


<p><tmpl_var name="list_desc_txt"></p>




<tmpl_if name="error">


    <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>


    <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>


</tmpl_if>








 interface/web/help/faq_list.php


@@ -29,7 +29,7 @@


$app->listform_actions->SQLExtWhere = "help_faq.hf_section = $hf_section";






if($hf_section) $res = $app->db->queryOneRecord("SELECT hfs_name FROM help_faq_sections WHERE hfs_id=$hf_section");


if($hf_section) $res = $app->db->queryOneRecord("SELECT hfs_name FROM help_faq_sections WHERE hfs_id=?", $hf_section);


// Start the form rendering and action ahndling


echo "<h2>FAQ: ".$res['hfs_name']."</h2>";


if($hf_section) $app->listform_actions->onLoad();




 interface/web/help/form/support_message.tform.php


@@ -46,7 +46,7 @@


if(isset($_GET['reply']))


{


    $sm_msg_id = preg_replace("/[^0-9]/", "", $_GET['reply']);


    $res = $app->db->queryOneRecord("SELECT sender_id, subject FROM support_message WHERE support_message_id=$sm_msg_id");


    $res = $app->db->queryOneRecord("SELECT sender_id, subject FROM support_message WHERE support_message_id=?", $sm_msg_id);


    if($res['sender_id'])


    {


        $sm_default_recipient_id = $res['sender_id'];




 interface/web/help/support_message_edit.php


@@ -33,8 +33,8 @@




        //* Get recipient email address


        if($this->dataRecord['recipient_id'] > 1){


            $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$app->functions->intval($this->dataRecord['recipient_id'])." AND sys_user.client_id = client.client_id";


            $client = $app->db->queryOneRecord($sql);


            $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id";


            $client = $app->db->queryOneRecord($sql, $this->dataRecord['recipient_id']);


            $recipient_email = $client['email'];


        } else {


            $app->uses('ini_parser,getconf');


@@ -44,8 +44,8 @@




        //* Get sender email address


        if($this->dataRecord['sender_id'] > 1){


            $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$app->functions->intval($this->dataRecord['sender_id'])." AND sys_user.client_id = client.client_id";


            $client = $app->db->queryOneRecord($sql);


            $sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id";


            $client = $app->db->queryOneRecord($sql, $this->dataRecord['sender_id']);


            $sender_email = $client['email'];


        } else {


            $app->uses('ini_parser,getconf');


@@ -91,7 +91,7 @@


        //*  read only template  if a existing message is loaded


        if($this->id > 0) {


            $app->tform->formDef['tabs']['message']['template'] = 'templates/support_message_view.htm';


            $record = $app->db->queryOneRecord("SELECT * FROM support_message WHERE support_message_id = ".$this->id);


            $record = $app->db->queryOneRecord("SELECT * FROM support_message WHERE support_message_id = ?", $this->id);


            if ($record['tstamp'] > 0) {


                // is value int?


                if (preg_match("/^[0-9]+[\.]?[0-9]*$/", $record['tstamp'], $p)) {


@@ -113,7 +113,7 @@


        global $app, $conf;




        if($_SESSION['s']['user']['typ'] == 'admin') {


            $app->db->query("UPDATE support_message SET sys_userid = ".$app->functions->intval($this->dataRecord['recipient_id'])." WHERE support_message_id = ".$this->id);


            $app->db->query("UPDATE support_message SET sys_userid = ? WHERE support_message_id = ?", $this->dataRecord['recipient_id'], $this->id);


        }




    }




 interface/web/help/templates/faq_manage_questions_list.htm


@@ -24,10 +24,10 @@


                        <td width="60%">{tmpl_var name='hf_question'}</td>


                        <td width="30%">{tmpl_var name='hf_section'}</td>


                        <td class="text-right" width="5%">


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_delete.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_delete.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                        <td class="text-right" width="5%">


                            <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="help/faq_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></button>


                            <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="help/faq_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></a>


                        </td>


                    </tr>


                </tmpl_loop>




 interface/web/help/templates/help_faq_list.htm


@@ -5,7 +5,7 @@


        {tmpl_var name='hf_answer'}


    </p>


    <tmpl_if name='is_admin'>


        <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_delete.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


        <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_delete.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


        <a href="#" data-load-content="help/faq_edit.php?id={tmpl_var name='id'}">{tmpl_var name="edit_txt"}</a>


        <br/>


        <br/>




 interface/web/help/templates/help_faq_sections_list.htm


@@ -26,10 +26,10 @@


                    <tr>


                        <td><b>{tmpl_var name='hfs_name'}</b></td>


                        <td class="text-right">


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_sections_delete.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/faq_sections_delete.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                        <td class="text-right">


                            <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="help/faq_sections_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></button>


                            <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="help/faq_sections_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></a>


                        </td>


                    </tr>


                </tmpl_loop>




 interface/web/help/templates/support_message_list.htm


@@ -37,7 +37,7 @@


                            <td><a href="#" data-load-content="help/support_message_edit.php?id={tmpl_var name='id'}">{tmpl_var name="subject"}</a></td>


                            <td><a href="#" data-load-content="help/support_message_edit.php?id={tmpl_var name='id'}">{tmpl_var name="tstamp"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/support_message_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('help/support_message_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/index.php


@@ -87,6 +87,19 @@




$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');




// Logo


$logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1");


if($logo['custom_logo'] != ''){


    $base64_logo_txt = $logo['custom_logo'];


} else {


    $base64_logo_txt = $logo['default_logo'];


}


$tmp_base64 = explode(',', $base64_logo_txt, 2);


$logo_dimensions = $app->functions->getimagesizefromstring(base64_decode($tmp_base64[1]));


$app->tpl->setVar('base64_logo_width', $logo_dimensions[0]);


$app->tpl->setVar('base64_logo_height', $logo_dimensions[1]);


$app->tpl->setVar('base64_logo_txt', $base64_logo_txt);




$app->tpl_defaults();


$app->tpl->pparse();


?>




 interface/web/login/index.php


@@ -73,9 +73,9 @@


            if(!preg_match("/^.{1,64}$/i", $_POST['passwort'])) $error = $app->lng('pw_error_length');




            //** iporting variables


            $ip    = $app->db->quote(ip2long($_SERVER['REMOTE_ADDR']));


            $username = $app->db->quote($_POST['username']);


            $passwort = $app->db->quote($_POST['passwort']);


            $ip    = ip2long($_SERVER['REMOTE_ADDR']);


            $username = $_POST['username'];


            $passwort = $_POST['passwort'];


            $loginAs  = false;


            $time = time();




@@ -103,13 +103,13 @@


                                


                                /* this is the one currently logged in (normal user) */


                                $old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


                                $old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $old_client_group_id");


                                $old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $old_client_group_id);


                                


                                /* this is the reseller, that shall be re-logged in */


                                $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";


                                $tmp = $app->db->queryOneRecord($sql);


                                $sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";


                                $tmp = $app->db->queryOneRecord($sql, $username, $passwort);


                                $client_group_id = $app->functions->intval($tmp['default_group']);


                                $tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                                $tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


                                


                                if(!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) {


                                    die("You don't have the right to 'login as' this user!");


@@ -125,12 +125,12 @@


                    } elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) || $_SESSION['s_old']['user']['typ'] != 'admin')) {


                        /* a reseller wants to 'login as', we need to check if he is allowed to */


                        $res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


                        $res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $res_client_group_id");


                        $res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $res_client_group_id);


                        


                        /* this is the user the reseller wants to 'login as' */


                        $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";


                        $tmp = $app->db->queryOneRecord($sql);


                        $tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = " . $app->functions->intval($tmp["default_group"]));


                        $sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";


                        $tmp = $app->db->queryOneRecord($sql, $username, $passwort);


                        $tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $tmp["default_group"]);


                        


                        if(!$tmp || $tmp_client["parent_client_id"] != $res_client["client_id"]) {


                            die("You don't have the right to login as this user!");


@@ -147,21 +147,21 @@


                }




                //* Check if there are already wrong logins


                $sql = "SELECT * FROM `attempts_login` WHERE `ip`= '{$ip}' AND  `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";


                $alreadyfailed = $app->db->queryOneRecord($sql);


                $sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND  `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";


                $alreadyfailed = $app->db->queryOneRecord($sql, $ip);


                //* too many failedlogins


                if($alreadyfailed['times'] > 5) {


                    $error = $app->lng('error_user_too_many_logins');


                } else {




                    if ($loginAs){


                        $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";


                        $user = $app->db->queryOneRecord($sql);


                        $sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";


                        $user = $app->db->queryOneRecord($sql, $username, $passwort);


                    } else {


                        if(stristr($username, '@')) {


                            //* mailuser login


                            $sql = "SELECT * FROM mail_user WHERE login = '$username' or email = '$username'";


                            $mailuser = $app->db->queryOneRecord($sql);


                            $sql = "SELECT * FROM mail_user WHERE login = ? or email = ?";


                            $mailuser = $app->db->queryOneRecord($sql, $username, $username);


                            $user = false;


                            if($mailuser) {


                                $saved_password = stripslashes($mailuser['password']);


@@ -187,8 +187,8 @@




                        } else {


                            //* normal cp user login


                            $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username'";


                            $user = $app->db->queryOneRecord($sql);


                            $sql = "SELECT * FROM sys_user WHERE USERNAME = ?";


                            $user = $app->db->queryOneRecord($sql, $username);




                            if($user) {


                                $saved_password = stripslashes($user['passwort']);


@@ -225,8 +225,8 @@


                            // Maintenance mode - allow logins only when maintenance mode is off or if the user is admin


                            if(!$maintenance_mode || $user['typ'] == 'admin'){


                                // User login right, so attempts can be deleted


                                $sql = "DELETE FROM `attempts_login` WHERE `ip`='{$ip}'";


                                $app->db->query($sql);


                                $sql = "DELETE FROM `attempts_login` WHERE `ip`=?";


                                $app->db->query($sql, $ip);


                                $user = $app->db->toLower($user);




                                if ($loginAs) $oldSession = $_SESSION['s'];


@@ -290,12 +290,12 @@


                        if(!$alreadyfailed['times'] )


                        {


                            //* user login the first time wrong


                            $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES ('{$ip}', 1, NOW())";


                            $app->db->query($sql);


                            $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";


                            $app->db->query($sql, $ip);


                        } elseif($alreadyfailed['times'] >= 1) {


                            //* update times wrong


                            $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `login_time` >= '{$time}' LIMIT 1";


                            $app->db->query($sql);


                            $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` < NOW() ORDER BY `login_time` DESC LIMIT 1";


                            $app->db->query($sql, $ip);


                        }


                        //* Incorrect login - Username and password incorrect


                        $error = $app->lng('error_user_password_incorrect');


@@ -322,7 +322,7 @@


        // Maintenance mode - show message when people try to log in and also when people are forcedly logged off


        if($maintenance_mode_error != '') $error = '<strong>'.$maintenance_mode_error.'</strong><br><br>'.$error;


        if($error != ''){


            $error = '<div class="box box_error"><h1>Error</h1>'.$error.'</div>';


            $error = '<div class="box box_error">'.$error.'</div>';


        }


        


        $app->load('getconf');


@@ -335,6 +335,8 @@


        }


        


        $app->tpl->setVar('error', $error);


        $app->tpl->setVar('error_txt', $app->lng('error_txt'));


        $app->tpl->setVar('login_txt', $app->lng('login_txt'));


        $app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt'));


        $app->tpl->setVar('username_txt', $app->lng('username_txt'));


        $app->tpl->setVar('password_txt', $app->lng('password_txt'));




 interface/web/login/login_as.php


@@ -54,13 +54,13 @@


    $backlink = 'admin/users_list.php';


} else {


    $client_id = $app->functions->intval($_GET['cid']);


    $tmp_client = $app->db->queryOneRecord("SELECT username, parent_client_id FROM client WHERE client_id = $client_id");


    $tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = '".$app->db->quote($tmp_client['username'])."'");


    $tmp_client = $app->db->queryOneRecord("SELECT username, parent_client_id FROM client WHERE client_id = ?", $client_id);


    $tmp_sys_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE username = ?", $tmp_client['username']);


    $userId = $app->functions->intval($tmp_sys_user['userid']);


    /* check if this client belongs to reseller that tries to log in, if we are not admin */


    if($_SESSION["s"]["user"]["typ"] != 'admin') {


        $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


        $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


        $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


        if(!$client || $tmp_client["parent_client_id"] != $client["client_id"]) {


            die("You don't have the right to login as this user!");


        }


@@ -76,7 +76,7 @@


 * Get the data to login as user x


 */


$dbData = $app->db->queryOneRecord(


    "SELECT username, passwort FROM sys_user WHERE userid = " . $userId);


    "SELECT username, passwort FROM sys_user WHERE userid = ?", $userId);




/*


 * Now generate the login-Form




 interface/web/login/logout.php


@@ -43,9 +43,11 @@


if ((isset($_SESSION['s_old']) && ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))) &&


    (!$forceLogout)){


    $utype = ($_SESSION['s_old']['user']['typ'] == 'admin' ? 'admin' : 'reseller');


    $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_login_as.lng';


    include $lng_file;


    echo '


        <br /> <br />    <br /> <br />


        Do you want to re-login as ' . $utype . ' or log out?<br />


        '.str_replace('{UTYPE}', $utype, $wb['login_as_or_logout_txt']).'<br />


        <div style="visibility:hidden">


            <input type="text" name="username" value="' . $_SESSION['s_old']['user']['username'] . '" />


            <input type="password" name="passwort" value="' . $_SESSION['s_old']['user']['passwort'] .'" />




 interface/web/login/password_reset.php


@@ -51,8 +51,8 @@


    if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error'));


    if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error'));




    $username = $app->db->quote($_POST['username']);


    $email = $app->db->quote($_POST['email']);


    $username = $_POST['username'];


    $email = $_POST['email'];




    $client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email);




@@ -62,11 +62,10 @@


        if($client['client_id'] > 0) {


            $new_password = $app->auth->get_random_password();


            $new_password_encrypted = $app->auth->crypt_password($new_password);


            $new_password_encrypted = $app->db->quote($new_password_encrypted);




            $username = $app->db->quote($client['username']);


            $app->db->query("UPDATE sys_user SET passwort = '$new_password_encrypted' WHERE username = '$username'");


            $app->db->query("UPDATE client SET password = '$new_password_encrypted' WHERE username = '$username'");


            $username = $client['username'];


            $app->db->query("UPDATE sys_user SET passwort = ? WHERE username = ?", $new_password_encrypted, $username);


            $app->db->query("UPDATE client SET password = ? WHERE username = ?", $new_password_encrypted, $username);


            $app->tpl->setVar("message", $wb['pw_reset']);




            $app->uses('getconf,ispcmail');




 interface/web/login/templates/index.htm


@@ -9,11 +9,11 @@


        <div id="OKMsg"><p><tmpl_var name="msg"></p></div>


    </tmpl_if>


    <tmpl_if name="error">


        <div id="errorMsg"><h3>ERROR</h3><ol><li><tmpl_var name="error"></li></ol><br /><a href="#" data-load-content="login/password_reset.php">{tmpl_var name='pw_lost_txt'}</a></div>


        <div id="errorMsg"><h3>{tmpl_var name='error_txt'}</h3><ol><li><tmpl_var name="error"></li></ol><br /><a href="#" data-load-content="login/password_reset.php">{tmpl_var name='pw_lost_txt'}</a></div>


    </tmpl_if>




    <div class="pnl_formsarea">


        <legend>{tmpl_var name='login_txt'}Login</legend>


        <legend>{tmpl_var name='login_txt'}</legend>


            <div class="form-group">


                <label for="username" class="col-sm-3 control-label">{tmpl_var name='username_txt'}</label>


                <div class="col-sm-9"><input type="text" name="username" id="username" value="" class="form-control"  onkeypress="if (event.keyCode && event.keyCode == 13) {ISPConfig.submitLoginForm('pageForm'); return false;};" /></div></div>




 interface/web/login/templates/password_reset.htm


@@ -9,7 +9,7 @@


        <div id="OKMsg"><p><tmpl_var name="msg"></p></div>


    </tmpl_if>


    <tmpl_if name="error">


        <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>


        <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>


    </tmpl_if>




    <div class="pnl_formsarea">




 interface/web/mail/form/xmpp_domain.tform.php


@@ -58,7 +58,7 @@


$muc_available = $muc_pastebin_available = $muc_httparchive_available = $anon_available = $vjud_available = $proxy_available = $status_available = true;


if(!$app->auth->is_admin()) {


    $client_group_id = $_SESSION["s"]["user"]["default_group"];


    $client = $app->db->queryOneRecord("SELECT limit_xmpp_muc, limit_xmpp_anon, limit_xmpp_vjud, limit_xmpp_proxy, limit_xmpp_status, limit_xmpp_pastebin, limit_xmpp_httparchive FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


    $client = $app->db->queryOneRecord("SELECT limit_xmpp_muc, limit_xmpp_anon, limit_xmpp_vjud, limit_xmpp_proxy, limit_xmpp_status, limit_xmpp_pastebin, limit_xmpp_httparchive FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




    if($client['limit_xmpp_muc'] != 'y') $muc_available = false;


    if($client['limit_xmpp_pastebin'] != 'y' || $client['limit_xmpp_muc'] != 'y') $muc_pastebin_available = false;




 interface/web/mail/lib/module.conf.php


@@ -7,6 +7,7 @@


$module['template']  = 'module.tpl.htm';


$module['startpage']  = 'mail/mail_domain_list.php';


$module['tab_width']    = '';


$module['order']    = '40';






//**** Email accounts menu




 interface/web/mail/list/mail_alias.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "source",




 interface/web/mail/list/mail_aliasdomain.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "source",




 interface/web/mail/list/mail_blacklist.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));










 interface/web/mail/list/mail_content_filter.list.php


@@ -55,7 +55,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));










 interface/web/mail/list/mail_domain.list.php


@@ -59,7 +59,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






if($_SESSION['s']['user']['typ'] == 'admin') {


@@ -70,7 +70,8 @@


        'prefix' => "",


        'suffix' => "",


        'datasource' => array (  'type' => 'SQL',


            'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',


            //'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',


            'querystring' => "SELECT sys_group.groupid,CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), IF(client.contact_firstname != '', CONCAT(client.contact_firstname, ' '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as name FROM sys_group, client WHERE sys_group.groupid != 1 AND sys_group.client_id = client.client_id ORDER BY client.company_name, client.contact_name",


            'keyfield'=> 'groupid',


            'valuefield'=> 'name'


        ),




 interface/web/mail/list/mail_domain_catchall.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "source",




 interface/web/mail/list/mail_forward.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "source",




 interface/web/mail/list/mail_get.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",




 interface/web/mail/list/mail_relay_recipient.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",




 interface/web/mail/list/mail_spamfilter.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('1' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", '0' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",




 interface/web/mail/list/mail_transport.list.php


@@ -55,7 +55,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",




 interface/web/mail/list/mail_user.list.php


@@ -87,7 +87,7 @@


    'prefix' => "",


    'suffix' => "",


    'width' => "",


    'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value' => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));




$liste["item"][] = array( 'field'  => "postfix",


    'datatype' => "VARCHAR",


@@ -96,7 +96,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));




$liste["item"][] = array( 'field'  => "disablesmtp",


    'datatype' => "VARCHAR",


@@ -105,7 +105,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));




$liste["item"][] = array( 'field'  => "disableimap",


    'datatype' => "VARCHAR",


@@ -114,7 +114,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));




$liste["item"][] = array( 'field'  => "disablepop3",


    'datatype' => "VARCHAR",


@@ -123,6 +123,6 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('n' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'y' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));




?>




 interface/web/mail/list/mail_whitelist.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",




 interface/web/mail/list/spamfilter_blacklist.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",




 interface/web/mail/list/spamfilter_policy.list.php


@@ -65,7 +65,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "spam_lover",


@@ -75,7 +75,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "banned_files_lover",


@@ -85,7 +85,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "bad_header_lover",


@@ -95,7 +95,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));










 interface/web/mail/list/spamfilter_users.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('Y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'N' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",




 interface/web/mail/list/spamfilter_whitelist.list.php


@@ -54,7 +54,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",




 interface/web/mail/mail_alias_edit.php


@@ -95,12 +95,12 @@


        global $app, $conf;




        // Check if Domain belongs to user


        $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));


        $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));


        if($domain["domain"] != $app->functions->idn_encode($_POST["email_domain"])) $app->tform->errorMessage .= $app->tform->wordbook["no_domain_perm"];




        //* Check if destination email belongs to user


        if(isset($_POST["destination"])) {


            $email = $app->db->queryOneRecord("SELECT email FROM mail_user WHERE email = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));


            $email = $app->db->queryOneRecord("SELECT email FROM mail_user WHERE email = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["destination"]));


            if($email["email"] != $app->functions->idn_encode($_POST["destination"])) $app->tform->errorMessage .= $app->tform->lng("no_destination_perm");


        }




@@ -108,11 +108,11 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_mailalias FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_mailalias FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_mailalias"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE sys_groupid = $client_group_id AND type = 'alias'");


                $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE sys_groupid = ? AND type = 'alias'", $client_group_id);


                if($tmp["number"] >= $client["limit_mailalias"]) {


                    $app->tform->errorMessage .= $app->tform->wordbook["limit_mailalias_txt"]."<br>";


                }


@@ -130,15 +130,15 @@


        unset($this->dataRecord["email_domain"]);




        //* Check if there is no active mailbox with this address


        $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = '".$app->db->quote($this->dataRecord["source"])."'");


        $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = ?", $this->dataRecord["source"]);


        if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("duplicate_mailbox_txt")."<br>";


        unset($tmp);




        //* Check if email alias exists


        if($this->id > 0) {


            $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE source = '".$app->db->quote($this->dataRecord["source"])."' AND destination = '".$app->db->quote($this->dataRecord["destination"])."' AND forwarding_id != ".$this->id);


            $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE source = ? AND destination = ? AND forwarding_id != ?", $this->dataRecord["source"], $this->dataRecord["destination"], $this->id);


        } else {


            $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE source = '".$app->db->quote($this->dataRecord["source"])."' AND destination = '".$app->db->quote($this->dataRecord["destination"])."'");


            $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE source = ? AND destination = ?", $this->dataRecord["source"], $this->dataRecord["destination"]);


        }


        if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("duplicate_email_alias_txt")."<br>";


        unset($tmp);


@@ -149,8 +149,8 @@


    function onAfterInsert() {


        global $app;




        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);


        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));


        $app->db->query("update mail_forwarding SET sys_groupid = ? WHERE forwarding_id = ?", $domain['sys_groupid'], $this->id);




    }






 interface/web/mail/mail_aliasdomain_edit.php


@@ -97,11 +97,11 @@


        global $app, $conf;




        // Check if source Domain belongs to user


        $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["source"]))."' AND ".$app->tform->getAuthSQL('r'));


        $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["source"]));


        if($domain["domain"] != $app->functions->idn_encode($_POST["source"])) $app->tform->errorMessage .= $app->tform->wordbook["no_domain_perm"];




        // Check if the destination domain belongs to the user


        $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));


        $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["destination"]));


        if($domain["domain"] != $app->functions->idn_encode($_POST["destination"])) $app->tform->errorMessage .= $app->tform->wordbook["no_domain_perm"];




        // Check the client limits, if user is not the admin


@@ -115,10 +115,11 @@


        } // end if user is not admin




        if($this->dataRecord["source"] == $this->dataRecord["destination"]) $app->tform->errorMessage .= $app->tform->wordbook["source_destination_identical_txt"];




		


        /* TODO: check if this quoting is correkt! */


        // compose the source and destination field


        $this->dataRecord["source"] = "@".$app->db->quote($this->dataRecord["source"]);


        $this->dataRecord["destination"] = "@".$app->db->quote($this->dataRecord["destination"]);


        $this->dataRecord["source"] = "@".$this->dataRecord["source"];


        $this->dataRecord["destination"] = "@".$this->dataRecord["destination"];


        // Set the server id of the mailbox = server ID of mail domain.


        $this->dataRecord["server_id"] = $app->functions->intval($domain["server_id"]);




@@ -128,8 +129,8 @@


    function onAfterInsert() {


        global $app;




        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);


        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["destination"]));


        $app->db->query("update mail_forwarding SET sys_groupid = ? WHERE forwarding_id = ?", $domain['sys_groupid'], $this->id);




    }






 interface/web/mail/mail_blacklist_edit.php


@@ -73,7 +73,7 @@


        //* Check if the server has been changed


        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


        if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


            $rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ".$this->id);


            $rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ?", $this->id);


            if($rec['server_id'] != $this->dataRecord["server_id"]) {


                //* Add a error message and switch back to old server


                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');


@@ -90,11 +90,11 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?" , $client_group_id);




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_mailfilter"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(access_id) as number FROM mail_access WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(access_id) as number FROM mail_access WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_mailfilter"]) {


                    $app->tform->errorMessage .= $app->tform->wordbook["limit_mailfilter_txt"]."<br>";


                }




 interface/web/mail/mail_content_filter_edit.php


@@ -58,7 +58,7 @@


        //* Check if the server has been changed


        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


        if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


            $rec = $app->db->queryOneRecord("SELECT server_id from mail_content_filter WHERE content_filter_id = ".$this->id);


            $rec = $app->db->queryOneRecord("SELECT server_id from mail_content_filter WHERE content_filter_id = ?", $this->id);


            if($rec['server_id'] != $this->dataRecord["server_id"]) {


                //* Add a error message and switch back to old server


                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');




 interface/web/mail/mail_domain_catchall_edit.php


@@ -94,18 +94,18 @@


        global $app, $conf;




        // Check if Domain belongs to user


        $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));


        $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));


        if($domain["domain"] != $app->functions->idn_encode($_POST["email_domain"])) $app->tform->errorMessage .= $app->tform->wordbook["no_domain_perm"];




        // Check the client limits, if user is not the admin


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_mailcatchall FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_mailcatchall FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another catchall


            if($this->id == 0 && $client["limit_mailcatchall"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE sys_groupid = $client_group_id AND type = 'catchall'");


                $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE sys_groupid = ? AND type = 'catchall'", $client_group_id);


                if($tmp["number"] >= $client["limit_mailcatchall"]) {


                    $app->tform->errorMessage .= $app->tform->wordbook["limit_mailcatchall_txt"]."<br>";


                }


@@ -127,8 +127,8 @@


    function onAfterInsert() {


        global $app;




        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);


        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));


        $app->db->query("update mail_forwarding SET sys_groupid = ? WHERE forwarding_id = ?", $domain['sys_groupid'], $this->id);




    }






 interface/web/mail/mail_domain_del.php


@@ -60,31 +60,31 @@


        // we will delete all depending records.




        // Delete all forwardings where the source or destination belongs to this domain


        $records = $app->db->queryAllRecords("SELECT forwarding_id as id FROM mail_forwarding WHERE source like '%@".$app->db->quote($domain)."' OR (destination like '%@".$app->db->quote($domain)."' AND type != 'forward')");


        $records = $app->db->queryAllRecords("SELECT forwarding_id as id FROM mail_forwarding WHERE source like ? OR (destination like ? AND type != 'forward')", '%@' . $domain, '%@' . $domain);


        foreach($records as $rec) {


            $app->db->datalogDelete('mail_forwarding', 'forwarding_id', $rec['id']);


        }




        // Delete all fetchmail accounts where destination belongs to this domain


        $records = $app->db->queryAllRecords("SELECT mailget_id as id FROM mail_get WHERE destination like '%@".$app->db->quote($domain)."'");


        $records = $app->db->queryAllRecords("SELECT mailget_id as id FROM mail_get WHERE destination like ?", '%@' . $domain);


        foreach($records as $rec) {


            $app->db->datalogDelete('mail_get', 'mailget_id', $rec['id']);


        }




        // Delete all mailboxes where destination belongs to this domain


        $records = $app->db->queryAllRecords("SELECT mailuser_id as id FROM mail_user WHERE email like '%@".$app->db->quote($domain)."'");


        $records = $app->db->queryAllRecords("SELECT mailuser_id as id FROM mail_user WHERE email like ?", '%@' . $domain);


        foreach($records as $rec) {


            $app->db->datalogDelete('mail_user', 'mailuser_id', $rec['id']);


        }




        // Delete all spamfilters that belong to this domain


        $records = $app->db->queryAllRecords("SELECT id FROM spamfilter_users WHERE email = '%@".$app->db->quote($domain)."'");


        $records = $app->db->queryAllRecords("SELECT id FROM spamfilter_users WHERE email = ?", '%@' . $domain);


        foreach($records as $rec) {


            $app->db->datalogDelete('spamfilter_users', 'id', $rec['id']);


        }




        // Delete all mailinglists that belong to this domain


        $records = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = '".$app->db->quote($domain)."'");


        $records = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = ?", $domain);


        foreach($records as $rec) {


            $app->db->datalogDelete('mail_mailinglist', 'mailinglist_id', $rec['id']);


        }




 interface/web/mail/mail_domain_edit.php


@@ -95,18 +95,18 @@




            // Get the limits of the client


            $client_group_id = $_SESSION["s"]["user"]["default_group"];


            $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id order by client.contact_name");


            $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by client.contact_name", $client_group_id);




            // Set the mailserver to the default server of the client


            $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = $client[default_mailserver]");


            $tmp = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $client['default_mailserver']);


            $app->tpl->setVar("server_id", "<option value='$client[default_mailserver]'>$tmp[server_name]</option>");


            unset($tmp);




            if ($settings['use_domain_module'] != 'y') {


                // Fill the client select field


                $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";


                $clients = $app->db->queryAllRecords($sql);


                $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));


                $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";


                $clients = $app->db->queryAllRecords($sql, $client['client_id']);


                $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);


                $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';


                //$tmp_data_record = $app->tform->getDataRecord($this->id);


                if(is_array($clients)) {


@@ -122,7 +122,7 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin')


        {


            $client_group_id = $_SESSION["s"]["user"]["default_group"];


            $client_mail = $app->db->queryOneRecord("SELECT mail_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client_mail = $app->db->queryOneRecord("SELECT mail_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            $client_mail['mail_servers_ids'] = explode(',', $client_mail['mail_servers']);




@@ -133,13 +133,13 @@


                $app->tpl->setVar('server_id_value', $client_mail['mail_servers_ids'][0]);


            }




            $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_mail['mail_servers'] . ");";


            $mail_servers = $app->db->queryAllRecords($sql);


            $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";


            $mail_servers = $app->db->queryAllRecords($sql, $client_mail['mail_servers_ids']);




            $options_mail_servers = "";




            foreach ($mail_servers as $mail_server) {


                $options_mail_servers .= "<option value='$mail_server[server_id]'>$mail_server[server_name]</option>";


                $options_mail_servers .= '<option value="'.$mail_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $mail_server['server_id'] ? ' selected="selected"' : '').'>'.$mail_server['server_name'].'</option>';


            }




            $app->tpl->setVar("client_server_id", $options_mail_servers);


@@ -183,7 +183,7 @@






        // Get the spamfilter policys for the user


        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '@".$app->db->quote($this->dataRecord["domain"])."'");


        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = ?", '@' . $this->dataRecord["domain"]);


        $sql = "SELECT id, policy_name FROM spamfilter_policy WHERE ".$app->tform->getAuthSQL('r')." ORDER BY policy_name";


        $policys = $app->db->queryAllRecords($sql);


        $policy_select = "<option value='0'>".$app->tform->wordbook["no_policy"]."</option>";


@@ -241,11 +241,11 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') {


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_maildomain, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_maildomain, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


            // When the record is updated


            if($this->id > 0) {


                // restore the server ID if the user is not admin and record is edited


                $tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_domain WHERE domain_id = ".$app->functions->intval($this->id));


                $tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_domain WHERE domain_id = ?", $this->id);


                $this->dataRecord["server_id"] = $tmp["server_id"];


                unset($tmp);


                // When the record is inserted


@@ -258,7 +258,7 @@


                }




                if($client["limit_maildomain"] >= 0) {


                    $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE sys_groupid = $client_group_id");


                    $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE sys_groupid = ?", $client_group_id);


                    if($tmp["number"] >= $client["limit_maildomain"]) {


                        $app->error($app->tform->wordbook["limit_maildomain_txt"]);


                    }


@@ -282,15 +282,26 @@


        // Spamfilter policy


        $policy_id = $app->functions->intval($this->dataRecord["policy"]);


        if($policy_id > 0) {


            $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".$app->db->quote($this->dataRecord["domain"])."'");


            $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", '@' . $this->dataRecord["domain"]);


            if($tmp_user["id"] > 0) {


                // There is already a record that we will update


                $app->db->datalogUpdate('spamfilter_users', "policy_id = $policy_id", 'id', $tmp_user["id"]);


                $app->db->datalogUpdate('spamfilter_users', array("policy_id" => $policy_id), 'id', $tmp_user["id"]);


            } else {


                $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ".$this->id);


                $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ?", $this->id);


                // We create a new record


                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)


                        VALUES (".$_SESSION["s"]["user"]["userid"].", ".$app->functions->intval($tmp_domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($this->dataRecord["server_id"]).", 5, ".$app->functions->intval($policy_id).", '@".$app->db->quote($this->dataRecord["domain"])."', '@".$app->db->quote($this->dataRecord["domain"])."', 'Y')";


                $insert_data = array(


                    "sys_userid" => $_SESSION["s"]["user"]["userid"], 


                    "sys_groupid" => $tmp_domain["sys_groupid"],


                    "sys_perm_user" => 'riud', 


                    "sys_perm_group" => 'riud', 


                    "sys_perm_other" => '',


                    "server_id" => $this->dataRecord["server_id"],


                    "priority" => 5,


                    "policy_id" => $policy_id,


                    "email" => '@' . $this->dataRecord["domain"],


                    "fullname" => '@' . $this->dataRecord["domain"],


                    "local" => 'Y'


                );


                $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');


                unset($tmp_domain);


            }


@@ -310,7 +321,7 @@


        //* Check if the server has been changed


        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


        if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


            $rec = $app->db->queryOneRecord("SELECT server_id, domain from mail_domain WHERE domain_id = ".$this->id);


            $rec = $app->db->queryOneRecord("SELECT server_id, domain from mail_domain WHERE domain_id = ?", $this->id);


            if($rec['server_id'] != $this->dataRecord["server_id"]) {


                //* Add a error message and switch back to old server


                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');


@@ -320,7 +331,7 @@


            //* If the user is neither admin nor reseller


        } else {


            //* We do not allow users to change a domain which has been created by the admin


            $rec = $app->db->queryOneRecord("SELECT domain from mail_domain WHERE domain_id = ".$this->id);


            $rec = $app->db->queryOneRecord("SELECT domain from mail_domain WHERE domain_id = ?", $this->id);


            if($rec['domain'] != $this->dataRecord["domain"] && $app->tform->checkPerm($this->id, 'u')) {


                //* Add a error message and switch back to old server


                $app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');


@@ -336,16 +347,27 @@




        // Spamfilter policy


        $policy_id = $app->functions->intval($this->dataRecord["policy"]);


        $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".$app->db->quote($this->dataRecord["domain"])."'");


        $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", '@' . $this->dataRecord["domain"]);


        if($policy_id > 0) {


            if($tmp_user["id"] > 0) {


                // There is already a record that we will update


                $app->db->datalogUpdate('spamfilter_users', "policy_id = $policy_id", 'id', $tmp_user["id"]);


                $app->db->datalogUpdate('spamfilter_users', array("policy_id" => $policy_id), 'id', $tmp_user["id"]);


            } else {


                $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ".$this->id);


                $tmp_domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain_id = ?", $this->id);


                // We create a new record


                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)


                        VALUES (".$_SESSION["s"]["user"]["userid"].", ".$app->functions->intval($tmp_domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($this->dataRecord["server_id"]).", 5, ".$app->functions->intval($policy_id).", '@".$app->db->quote($this->dataRecord["domain"])."', '@".$app->db->quote($this->dataRecord["domain"])."', 'Y')";


                $insert_data = array(


                    "sys_userid" => $_SESSION["s"]["user"]["userid"], 


                    "sys_groupid" => $tmp_domain["sys_groupid"],


                    "sys_perm_user" => 'riud', 


                    "sys_perm_group" => 'riud', 


                    "sys_perm_other" => '',


                    "server_id" => $this->dataRecord["server_id"],


                    "priority" => 5,


                    "policy_id" => $policy_id,


                    "email" => '@' . $this->dataRecord["domain"],


                    "fullname" => '@' . $this->dataRecord["domain"],


                    "local" => 'Y'


                );


                $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');


                unset($tmp_domain);


            }


@@ -361,9 +383,9 @@


            $mail_config = $app->getconf->get_server_config($this->dataRecord["server_id"], 'mail');




            //* Update the mailboxes


            $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like '%@".$app->db->quote($this->oldDataRecord['domain'])."'");


            $mailusers = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE email like ?", '%@' . $this->oldDataRecord['domain']);


            $sys_groupid = $app->functions->intval((isset($this->dataRecord['client_group_id']))?$this->dataRecord['client_group_id']:$this->oldDataRecord['sys_groupid']);


            $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $client_group_id");


            $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $client_group_id);


            $client_user_id = $app->functions->intval(($tmp['userid'] > 0)?$tmp['userid']:1);


            if(is_array($mailusers)) {


                foreach($mailusers as $rec) {


@@ -371,36 +393,35 @@


                    $mail_parts = explode("@", $rec['email']);


                    $maildir = str_replace("[domain]", $this->dataRecord['domain'], $mail_config["maildir_path"]);


                    $maildir = str_replace("[localpart]", $mail_parts[0], $maildir);


                    $maildir = $app->db->quote($maildir);


                    $email = $app->db->quote($mail_parts[0].'@'.$this->dataRecord['domain']);


                    $app->db->datalogUpdate('mail_user', "maildir = '$maildir', email = '$email', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailuser_id', $rec['mailuser_id']);


                    $email = $mail_parts[0].'@'.$this->dataRecord['domain'];


                    $app->db->datalogUpdate('mail_user', array("maildir" => $maildir, "email" => $email, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailuser_id', $rec['mailuser_id']);


                }


            }




            //* Update the aliases


            $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like '%@".$app->db->quote($this->oldDataRecord['domain'])."' OR destination like '%@".$app->db->quote($this->oldDataRecord['domain'])."'");


            $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source like ? OR destination like ?", '%@' . $this->oldDataRecord['domain'], '%@' . $this->oldDataRecord['domain']);


            if(is_array($forwardings)) {


                foreach($forwardings as $rec) {


                    $destination = $app->db->quote(str_replace($this->oldDataRecord['domain'], $this->dataRecord['domain'], $rec['destination']));


                    $source = $app->db->quote(str_replace($this->oldDataRecord['domain'], $this->dataRecord['domain'], $rec['source']));


                    $app->db->datalogUpdate('mail_forwarding', "source = '$source', destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'forwarding_id', $rec['forwarding_id']);


                    $destination = str_replace($this->oldDataRecord['domain'], $this->dataRecord['domain'], $rec['destination']);


                    $source = str_replace($this->oldDataRecord['domain'], $this->dataRecord['domain'], $rec['source']);


                    $app->db->datalogUpdate('mail_forwarding', array("source" => $source, "destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'forwarding_id', $rec['forwarding_id']);


                }


            }




            //* Update the mailinglist


            $app->db->query("UPDATE mail_mailinglist SET sys_userid = $client_user_id, sys_groupid = $sys_groupid WHERE domain = '".$app->db->quote($this->oldDataRecord['domain'])."'");


            $app->db->query("UPDATE mail_mailinglist SET sys_userid = ?, sys_groupid = ? WHERE domain = ?", $client_user_id, $sys_groupid, $this->oldDataRecord['domain']);


            


            //* Update fetchmail accounts


            $fetchmail = $app->db->queryAllRecords("SELECT * FROM mail_get WHERE destination like '%@".$app->db->quote($this->oldDataRecord['domain'])."'");


            $fetchmail = $app->db->queryAllRecords("SELECT * FROM mail_get WHERE destination like ?", '%@' . $this->oldDataRecord['domain']);


            if(is_array($fetchmail)) {


                foreach($fetchmail as $rec) {


                    $destination = $app->db->quote(str_replace($this->oldDataRecord['domain'], $this->dataRecord['domain'], $rec['destination']));


                    $app->db->datalogUpdate('mail_get', "destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailget_id', $rec['mailget_id']);


                    $destination = str_replace($this->oldDataRecord['domain'], $this->dataRecord['domain'], $rec['destination']);


                    $app->db->datalogUpdate('mail_get', array("destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailget_id', $rec['mailget_id']);


                }


            }


            


            //* Delete the old spamfilter record


            $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '@".$app->db->quote($this->oldDataRecord["domain"])."'");


            $tmp = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", '@' . $this->oldDataRecord["domain"]);


            $app->db->datalogDelete('spamfilter_users', 'id', $tmp["id"]);


            unset($tmp);




@@ -422,15 +443,15 @@


                }


            if (! $dkim_active) {


                // updated existing dmarc-record to policy 'none'


                $sql = "SELECT * from dns_rr WHERE name = ? AND data LIKE 'v=DMARC1%' AND ?";


                $rec = $app->db->queryOneRecord($sql, '_dmarc.'.$this->dataRecord['domain'].'.', $app->tform->getAuthSQL('r'));


                $sql = "SELECT * from dns_rr WHERE name = ? AND data LIKE 'v=DMARC1%' AND " . $app->tform->getAuthSQL('r');


                $rec = $app->db->queryOneRecord($sql, '_dmarc.'.$this->dataRecord['domain'].'.');


                if (is_array($rec))


                    if (strpos($rec['data'], 'p=none=') === false) {


                        $rec['data'] = str_replace(array('quarantine', 'reject'), 'none', $rec['data']);


                        $app->db->datalogUpdate('dns_rr', $rec, 'id', $rec['id']);


                        $soa_id = $app->functions->intval($soa['zone']);


                        $serial = $app->validate_dns->increase_serial($soa["serial"]);


                        $app->db->datalogUpdate('dns_soa', "serial = $serial", 'id', $soa_id);


                        $app->db->datalogUpdate('dns_soa', array("serial" => $serial), 'id', $soa_id);


                    }    


                }


        }


@@ -441,15 +462,15 @@


        global $app, $conf;




        // purge old rr-record(s)


        $sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND data LIKE 'v=DKIM1%' AND ? ORDER BY serial DESC";


        $rec = $app->db->queryAllRecords($sql, '%._domainkey.'.$dataRecord['domain'].'.', $app->tform->getAuthSQL('r'));


        $sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND data LIKE 'v=DKIM1%' AND " . $app->tform->getAuthSQL('r') . " ORDER BY serial DESC";


        $rec = $app->db->queryAllRecords($sql, '%._domainkey.'.$dataRecord['domain'].'.');


        if (is_array($rec[1])) {


            for ($i=1; $i < count($rec); ++$i)


                $app->db->datalogDelete('dns_rr', 'id', $rec[$i]['id']);


        }


        // also delete a dsn-records with same selector 


        $sql = "SELECT * from dns_rr WHERE name ? AND data LIKE 'v=DKIM1%' AND ?";


        $rec = $app->db->queryAllRecords($sql, '.._domainkey.'.$dataRecord['dkim_selector'].'.', $dataRecord['domain'], $app->tform->getAuthSQL('r'));


        $sql = "SELECT * from dns_rr WHERE name ? AND data LIKE 'v=DKIM1%' AND " . $app->tform->getAuthSQL('r');


        $rec = $app->db->queryAllRecords($sql, '._domainkey.'.$dataRecord['dkim_selector'].'.', $dataRecord['domain']);


        if (is_array($rec))


            foreach ($rec as $del)


                $app->db->datalogDelete('dns_rr', 'id', $del['id']);


@@ -464,7 +485,7 @@


        $app->db->datalogInsert('dns_rr', $new_rr, 'id', $new_rr['zone']);


        $zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $new_rr['zone']);


        $new_serial = $app->validate_dns->increase_serial($zone['serial']);


        $app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $zone['id']);


        $app->db->datalogUpdate('dns_soa', array("serial" => $new_serial), 'id', $zone['id']);


    }


}






 interface/web/mail/mail_forward_edit.php


@@ -93,18 +93,18 @@


        global $app, $conf;




        // Check if Domain belongs to user


        $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));


        $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));


        if($domain["domain"] != $app->functions->idn_encode($_POST["email_domain"])) $app->tform->errorMessage .= $app->tform->wordbook["no_domain_perm"];




        // Check the client limits, if user is not the admin


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_mailforward FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_mailforward FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_mailforward"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE sys_groupid = $client_group_id AND type = 'forward'");


                $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE sys_groupid = ? AND type = 'forward'", $client_group_id);


                if($tmp["number"] >= $client["limit_mailforward"]) {


                    $app->tform->errorMessage .= $app->tform->wordbook["limit_mailforward_txt"]."<br>";


                }


@@ -121,7 +121,7 @@


        unset($this->dataRecord["email_domain"]);




        //* Check if there is no active mailbox with this address


        $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = '".$app->db->quote($this->dataRecord["source"])."'");


        $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE postfix = 'y' AND email = ?", $this->dataRecord["source"]);


        if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("duplicate_mailbox_txt")."<br>";


        unset($tmp);




@@ -131,8 +131,8 @@


    function onAfterInsert() {


        global $app;




        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->query("update mail_forwarding SET sys_groupid = ".$app->functions->intval($domain['sys_groupid'])." WHERE forwarding_id = ".$this->id);


        $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));


        $app->db->query("update mail_forwarding SET sys_groupid = ? WHERE forwarding_id = ?", $domain['sys_groupid'], $this->id);




    }






 interface/web/mail/mail_get_edit.php


@@ -71,7 +71,7 @@




        //* Check if destination email belongs to user


        if(isset($_POST["destination"])) {


            $email = $app->db->queryOneRecord("SELECT email FROM mail_user WHERE email = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));


            $email = $app->db->queryOneRecord("SELECT email FROM mail_user WHERE email = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["destination"]));


            if($email["email"] != $app->functions->idn_encode($_POST["destination"])) $app->tform->errorMessage .= $app->tform->lng("no_destination_perm");


        }




@@ -79,11 +79,11 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_fetchmail FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_fetchmail FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another transport.


            if($this->id == 0 && $client["limit_fetchmail"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(mailget_id) as number FROM mail_get WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(mailget_id) as number FROM mail_get WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_fetchmail"]) {


                    $app->tform->errorMessage .= $app->tform->wordbook["limit_fetchmail_txt"]."<br>";


                }


@@ -93,7 +93,7 @@






        // Set the server ID according to the selected destination


        $tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE email = '".$app->db->quote($this->dataRecord["destination"])."'");


        $tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE email = ?", $this->dataRecord["destination"]);


        $this->dataRecord["server_id"] = $tmp["server_id"];


        unset($tmp);




@@ -108,8 +108,8 @@


    function onAfterInsert() {


        global $app;




        $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_user WHERE email = '".$app->db->quote($this->dataRecord["destination"])."'");


        $app->db->query("update mail_get SET sys_groupid = ".$app->functions->intval($tmp['sys_groupid'])." WHERE mailget_id = ".$this->id);


        $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_user WHERE email = ?", $this->dataRecord["destination"]);


        $app->db->query("update mail_get SET sys_groupid = ? WHERE mailget_id = ?", $tmp['sys_groupid'], $this->id);




    }






 interface/web/mail/mail_mailinglist_edit.php


@@ -89,12 +89,12 @@




            // Get the limits of the client


            $client_group_id = $_SESSION["s"]["user"]["default_group"];


            $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id order by contact_name");


            $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.default_mailserver, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by contact_name", $client_group_id);




            // Fill the client select field


            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";


            $clients = $app->db->queryAllRecords($sql);


            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($client['client_id']));


            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";


            $clients = $app->db->queryAllRecords($sql, $client['client_id']);


            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);


            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';


            $tmp_data_record = $app->tform->getDataRecord($this->id);


            if(is_array($clients)) {


@@ -138,35 +138,35 @@




            // Get the limits of the client


            $client_group_id = intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_mailmailinglist, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_mailmailinglist, default_mailserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            //* Check if Domain belongs to user


            if(isset($_POST["domain"])) {


                $domain = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = '".$app->db->quote($this->dataRecord["domain"])."' AND ".$app->tform->getAuthSQL('r'));


                $domain = $app->db->queryOneRecord("SELECT domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $this->dataRecord["domain"]);


                if($domain["domain"] != $this->dataRecord["domain"]) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");


            }




            // When the record is updated


            if($this->id == 0) {


                //Check if email is in use


                $check = $app->db->queryOneRecord("SELECT count(source) as number FROM mail_forwarding WHERE source = '".$app->db->quote($this->dataRecord["listname"])."@".$app->db->quote($this->dataRecord["domain"])."'");


                $check = $app->db->queryOneRecord("SELECT count(source) as number FROM mail_forwarding WHERE source = ?", $this->dataRecord["listname"]."@".$this->dataRecord["domain"]);


                if($check['number'] != 0) {


                    $app->error($app->tform->wordbook["email_in_use_txt"]);


                }




                $check = $app->db->queryOneRecord("SELECT count(email) as number FROM mail_user WHERE email = '".$app->db->quote($this->dataRecord["listname"])."@".$app->db->quote($this->dataRecord["domain"])."'");


                $check = $app->db->queryOneRecord("SELECT count(email) as number FROM mail_user WHERE email = ?", $this->dataRecord["listname"]."@".$this->dataRecord["domain"]);


                if($check['number'] != 0) {


                    $app->error($app->tform->wordbook["email_in_use_txt"]);


                }




                $check = $app->db->queryOneRecord("SELECT count(mailinglist_id) as number FROM mail_mailinglist WHERE listname = '".$app->db->quote($this->dataRecord["listname"])."' AND domain = '".$app->db->quote($this->dataRecord["domain"])."'");


                $check = $app->db->queryOneRecord("SELECT count(mailinglist_id) as number FROM mail_mailinglist WHERE listname = ? AND domain = ?", $this->dataRecord["listname"], $this->dataRecord["domain"]);


                if($check['number'] != 0) {


                    $app->error($app->tform->wordbook["email_in_use_txt"]);


                }




                // Check if the user may add another mail_domain


                if($client["limit_mailmailinglist"] >= 0) {


                    $tmp = $app->db->queryOneRecord("SELECT count(mailinglist_id) as number FROM mail_mailinglist WHERE sys_groupid = $client_group_id");


                    $tmp = $app->db->queryOneRecord("SELECT count(mailinglist_id) as number FROM mail_mailinglist WHERE sys_groupid = ?", $client_group_id);


                    if($tmp["number"] >= $client["limit_mailmailinglist"]) {


                        $app->error($app->tform->wordbook["limit_mailmailinglist_txt"]);


                    }


@@ -187,7 +187,7 @@


        global $app, $conf;




        // Set the server id of the mailinglist = server ID of mail domain.


        $domain = $app->db->queryOneRecord("SELECT server_id FROM mail_domain WHERE domain = '".$app->db->quote($this->dataRecord["domain"])."'");


        $domain = $app->db->queryOneRecord("SELECT server_id FROM mail_domain WHERE domain = ?", $this->dataRecord["domain"]);


        $this->dataRecord["server_id"] = $domain['server_id'];


    }




@@ -198,11 +198,11 @@


        // also make sure that the user can not delete domain created by a admin


        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE mail_mailinglist SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE mailinglist_id = ".$this->id);


            $app->db->query("UPDATE mail_mailinglist SET sys_groupid = ?, sys_perm_group = 'ru' WHERE mailinglist_id = ?", $client_group_id, $this->id);


        }


        if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE mail_mailinglist SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE mailinglist_id = ".$this->id);


            $app->db->query("UPDATE mail_mailinglist SET sys_groupid = ?, sys_perm_group = 'riud' WHERE mailinglist_id = ?", $client_group_id, $this->id);


        }


    }




@@ -212,13 +212,13 @@


        //* Check if the server has been changed


        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


        if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


            $rec = $app->db->queryOneRecord("SELECT server_id, domain from mail_mailinglist WHERE mailinglist_id = ".$this->id);


            $rec = $app->db->queryOneRecord("SELECT server_id, domain from mail_mailinglist WHERE mailinglist_id = ?", $this->id);


            $this->dataRecord["server_id"] = $rec['server_id'];


            unset($rec);


            //* If the user is neither admin nor reseller


        } else {


            //* We do not allow users to change a domain which has been created by the admin


            $rec = $app->db->queryOneRecord("SELECT domain from mail_mailinglist WHERE mailinglist_id = ".$this->id);


            $rec = $app->db->queryOneRecord("SELECT domain from mail_mailinglist WHERE mailinglist_id = ?", $this->id);


            if($rec['domain'] != $this->dataRecord["domain"] && $app->tform->checkPerm($this->id, 'u')) {


                //* Add a error message and switch back to old server


                $app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');


@@ -235,11 +235,11 @@


        // also make sure that the user can not delete domain created by a admin


        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE mail_mailinglist SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE mailinglist_id = ".$this->id);


            $app->db->query("UPDATE mail_mailinglist SET sys_groupid = ?, sys_perm_group = 'ru' WHERE mailinglist_id = ?", $client_group_id, $this->id);


        }


        if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE mail_mailinglist SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE mailinglist_id = ".$this->id);


            $app->db->query("UPDATE mail_mailinglist SET sys_groupid = ?, sys_perm_group = 'riud' WHERE mailinglist_id = ?", $client_group_id, $this->id);


        }


    }






 interface/web/mail/mail_spamfilter_edit.php


@@ -76,8 +76,8 @@


        }




        // Changing maildir to mailbox_id


        $sql = "SELECT mailbox_id FROM mail_box WHERE maildir = '".$app->db->quote($this->dataRecord["spam_redirect_maildir"])."' AND ".$app->tform->getAuthSQL('r');


        $mailbox = $app->db->queryOneRecord($sql);


        $sql = "SELECT mailbox_id FROM mail_box WHERE maildir = ? AND ".$app->tform->getAuthSQL('r');


        $mailbox = $app->db->queryOneRecord($sql, $this->dataRecord["spam_redirect_maildir"]);


        $this->dataRecord["spam_redirect_maildir"] = $mailbox["mailbox_id"];




        parent::onShowEnd();


@@ -87,7 +87,7 @@


        global $app, $conf;




        // Check if Domain belongs to user


        $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($_POST["email_domain"])."' AND ".$app->tform->getAuthSQL('r'));


        $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $_POST["email_domain"]);


        if($domain["domain"] != $_POST["email_domain"]) $app->tform->errorMessage .= $app->tform->wordbook["no_domain_perm"];




        // compose the email field


@@ -108,8 +108,8 @@


        $this->dataRecord["spam_delete_score_int"]   = $_POST["spam_delete_score_int"] * 100;




        // Changing mailbox_id to maildir


        $sql = "SELECT maildir FROM mail_box WHERE mailbox_id = '".$app->functions->intval($_POST["spam_redirect_maildir"])."' AND ".$app->tform->getAuthSQL('r');


        $mailbox = $app->db->queryOneRecord($sql);


        $sql = "SELECT maildir FROM mail_box WHERE mailbox_id = ? AND ".$app->tform->getAuthSQL('r');


        $mailbox = $app->db->queryOneRecord($sql, $_POST["spam_redirect_maildir"]);


        $this->dataRecord["spam_redirect_maildir"] = $mailbox["maildir"];




        parent::onSubmit();




 interface/web/mail/mail_transport_edit.php


@@ -136,11 +136,11 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_mailrouting FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_mailrouting FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another transport.


            if($this->id == 0 && $client["limit_mailrouting"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(transport_id) as number FROM mail_transport WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(transport_id) as number FROM mail_transport WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_mailrouting"]) {


                    $app->tform->errorMessage .= $app->tform->wordbook["limit_mailrouting_txt"]."<br>";


                }




 interface/web/mail/mail_user_del.php


@@ -54,10 +54,10 @@


    function onBeforeDelete() {


        global $app; $conf;




        $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".$app->db->quote($this->dataRecord["email"])."'");


        $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", $this->dataRecord["email"]);


        $app->db->datalogDelete('spamfilter_users', 'id', $tmp_user["id"]);




        $tmp_filters = $app->db->queryAllRecords("SELECT filter_id FROM mail_user_filter WHERE mailuser_id = '".$this->id."'");


        $tmp_filters = $app->db->queryAllRecords("SELECT filter_id FROM mail_user_filter WHERE mailuser_id = ?", $this->id);


        if(is_array($tmp_filters)) {


            foreach($tmp_filters as $tmp) {


                $app->db->datalogDelete('mail_user_filter', 'filter_id', $tmp["filter_id"]);




 interface/web/mail/mail_user_edit.php


@@ -92,7 +92,7 @@


        unset($domain_select);




        // Get the spamfilter policys for the user


        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '".$app->db->quote($this->dataRecord["email"])."'");


        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = ?", $this->dataRecord["email"]);


        $sql = "SELECT id, policy_name FROM spamfilter_policy WHERE ".$app->tform->getAuthSQL('r') . " ORDER BY policy_name";


        $policys = $app->db->queryAllRecords($sql);


        $policy_select = "<option value='0'>".$app->tform->lng("no_policy")."</option>";


@@ -139,7 +139,7 @@




        //* Check if Domain belongs to user


        if(isset($_POST["email_domain"])) {


            $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));


            $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));


            if($domain["domain"] != $app->functions->idn_encode($_POST["email_domain"])) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");


        }




@@ -153,12 +153,12 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_mailbox, limit_mailquota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_mailbox, limit_mailquota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);






            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_mailbox"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_mailbox"]) {


                    $app->tform->errorMessage .= $app->tform->lng("limit_mailbox_txt")."<br>";


                }


@@ -167,7 +167,7 @@




            // Check the quota and adjust


            if(isset($_POST["quota"]) && $client["limit_mailquota"] >= 0 && (($app->functions->intval($this->dataRecord["quota"]) * 1024 * 1024 != $this->oldDataRecord['quota']) || ($_POST["quota"] <= 0))) {


                $tmp = $app->db->queryOneRecord("SELECT sum(quota) as mailquota FROM mail_user WHERE mailuser_id != ".$app->functions->intval($this->id)." AND ".$app->tform->getAuthSQL('u'));


                $tmp = $app->db->queryOneRecord("SELECT sum(quota) as mailquota FROM mail_user WHERE mailuser_id != ? AND ".$app->tform->getAuthSQL('u'), $this->id);


                $mailquota = $tmp["mailquota"] / 1024 / 1024;


                $new_mailbox_quota = $app->functions->intval($this->dataRecord["quota"]);


                if(($mailquota + $new_mailbox_quota > $client["limit_mailquota"]) || ($new_mailbox_quota == 0 && $client["limit_mailquota"] != -1)) {


@@ -182,11 +182,11 @@




            if($client['parent_client_id'] > 0) {


                // Get the limits of the reseller


                $reseller = $app->db->queryOneRecord("SELECT limit_mailquota, limit_maildomain FROM client WHERE client_id = ".$client['parent_client_id']);


                $reseller = $app->db->queryOneRecord("SELECT limit_mailquota, limit_maildomain FROM client WHERE client_id = ?", $client['parent_client_id']);




                //* Check the website quota of the client


                if(isset($_POST["quota"]) && $reseller["limit_mailquota"] >= 0 && $app->functions->intval($this->dataRecord["quota"]) * 1024 * 1024 != $this->oldDataRecord['quota']) {


                    $tmp = $app->db->queryOneRecord("SELECT sum(quota) as mailquota FROM mail_user, sys_group, client WHERE mail_user.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ".$client['parent_client_id']." IN (client.parent_client_id, client.client_id) AND mailuser_id != ".$app->functions->intval($this->id));


                    $tmp = $app->db->queryOneRecord("SELECT sum(quota) as mailquota FROM mail_user, sys_group, client WHERE mail_user.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ? IN (client.parent_client_id, client.client_id) AND mailuser_id != ?", $client['parent_client_id'], $this->id);




                    $mailquota = $tmp["mailquota"] / 1024 / 1024;


                    $new_mailbox_quota = $app->functions->intval($this->dataRecord["quota"]);


@@ -241,7 +241,7 @@


            $this->dataRecord['gid'] = -1;


                


            //* Check if there is no alias or forward with this address


            $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE active = 'y' AND source = '".$app->db->quote($this->dataRecord["email"])."'");


            $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE active = 'y' AND source = ?", $this->dataRecord["email"]);


            if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("duplicate_alias_or_forward_txt")."<br>";


            unset($tmp);




@@ -267,20 +267,31 @@


        global $app, $conf;




        // Set the domain owner as mailbox owner


        $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->query("UPDATE mail_user SET sys_groupid = ".$app->functions->intval($domain["sys_groupid"])." WHERE mailuser_id = ".$this->id);


        $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));


        $app->db->query("UPDATE mail_user SET sys_groupid = ? WHERE mailuser_id = ?", $domain["sys_groupid"], $this->id);




        // Spamfilter policy


        $policy_id = $app->functions->intval($this->dataRecord["policy"]);


        if($policy_id > 0) {


            $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".$app->db->quote($this->dataRecord["email"])."'");


            $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", $this->dataRecord["email"]);


            if($tmp_user["id"] > 0) {


                // There is already a record that we will update


                $app->db->datalogUpdate('spamfilter_users', "policy_id = $policy_id", 'id', $tmp_user["id"]);


                $app->db->datalogUpdate('spamfilter_users', array("policy_id" => $policy_id), 'id', $tmp_user["id"]);


            } else {


                // We create a new record


                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)


                        VALUES (".$app->functions->intval($_SESSION["s"]["user"]["userid"]).", ".$app->functions->intval($domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($domain["server_id"]).", 10, ".$app->functions->intval($policy_id).", '".$app->db->quote($this->dataRecord["email"])."', '".$app->db->quote($this->dataRecord["email"])."', 'Y')";


                $insert_data = array(


                    "sys_userid" => $_SESSION["s"]["user"]["userid"],


                    "sys_groupid" => $domain["sys_groupid"],


                    "sys_perm_user" => 'riud',


                    "sys_perm_group" => 'riud',


                    "sys_perm_other" => '',


                    "server_id" => $domain["server_id"],


                    "priority" => 10,


                    "policy_id" => $policy_id,


                    "email" => $this->dataRecord["email"],


                    "fullname" => $this->dataRecord["email"],


                    "local" => 'Y'


                );


                $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');


            }


        }  // endif spamfilter policy


@@ -293,8 +304,8 @@


            $disabledeliver = ($this->dataRecord["postfix"] == 'y')?'n':'y';


            $disablesmtp = ($this->dataRecord["disablesmtp"])?'y':'n';




            $sql = "UPDATE mail_user SET disableimap = '$disableimap', disablesieve = '$disableimap', disablepop3 = '$disablepop3', disablesmtp = '$disablesmtp', disabledeliver = '$disabledeliver', disablelda = '$disabledeliver', disabledoveadm = '$disableimap' WHERE mailuser_id = ".$this->id;


            $app->db->query($sql);


            $sql = "UPDATE mail_user SET disableimap = ?, disablesieve = ?, disablepop3 = ?, disablesmtp = ?, disabledeliver = ?, disablelda = ?, disabledoveadm = ? WHERE mailuser_id = ?";


            $app->db->query($sql, $disableimap, $disableimap, $disablepop3, $disablesmtp, $disabledeliver, $disabledeliver, $disableimap, $this->id);


        }


    }




@@ -303,20 +314,31 @@




        // Set the domain owner as mailbox owner


        if(isset($_POST["email_domain"])) {


            $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["email_domain"]))."' AND ".$app->tform->getAuthSQL('r'));


            $app->db->query("UPDATE mail_user SET sys_groupid = ".$app->functions->intval($domain["sys_groupid"])." WHERE mailuser_id = ".$this->id);


            $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["email_domain"]));


            $app->db->query("UPDATE mail_user SET sys_groupid = ? WHERE mailuser_id = ?", $domain["sys_groupid"], $this->id);




            // Spamfilter policy


            $policy_id = $app->functions->intval($this->dataRecord["policy"]);


            $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".$app->db->quote($this->dataRecord["email"])."'");


            $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", $this->dataRecord["email"]);


            if($policy_id > 0) {


                if($tmp_user["id"] > 0) {


                    // There is already a record that we will update


                    $app->db->datalogUpdate('spamfilter_users', "policy_id = $policy_id", 'id', $tmp_user["id"]);


                    $app->db->datalogUpdate('spamfilter_users', array("policy_id" => $policy_id), 'id', $tmp_user["id"]);


                } else {


                    // We create a new record


                    $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)


                            VALUES (".$app->functions->intval($_SESSION["s"]["user"]["userid"]).", ".$app->functions->intval($domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($domain["server_id"]).", 10, ".$app->functions->intval($policy_id).", '".$app->db->quote($this->dataRecord["email"])."', '".$app->db->quote($this->dataRecord["email"])."', 'Y')";


                    $insert_data = array(


                        "sys_userid" => $_SESSION["s"]["user"]["userid"],


                        "sys_groupid" => $domain["sys_groupid"],


                        "sys_perm_user" => 'riud',


                        "sys_perm_group" => 'riud',


                        "sys_perm_other" => '',


                        "server_id" => $domain["server_id"],


                        "priority" => 10,


                        "policy_id" => $policy_id,


                        "email" => $this->dataRecord["email"],


                        "fullname" => $this->dataRecord["email"],


                        "local" => 'Y'


                    );


                    $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');


                }


            }else {


@@ -334,8 +356,8 @@


            $disabledeliver = ($this->dataRecord["postfix"] == 'y')?'n':'y';


            $disablesmtp = (isset($this->dataRecord["disablesmtp"]) && $this->dataRecord["disablesmtp"])?'y':'n';




            $sql = "UPDATE mail_user SET disableimap = '$disableimap', disablesieve = '$disableimap', `disablesieve-filter` = '$disableimap', disablepop3 = '$disablepop3', disablesmtp = '$disablesmtp', disabledeliver = '$disabledeliver', disablelda = '$disabledeliver', disabledoveadm = '$disableimap' WHERE mailuser_id = ".$this->id;


            $app->db->query($sql);


            $sql = "UPDATE mail_user SET disableimap = ?, disablesieve = ?, `disablesieve-filter` = ?, disablepop3 = ?, disablesmtp = ?, disabledeliver = ?, disablelda = ?, disabledoveadm = ? WHERE mailuser_id = ?";


            $app->db->query($sql, $disableimap, $disableimap, $disableimap, $disablepop3, $disablesmtp, $disabledeliver, $disabledeliver, $disableimap, $this->id);


        }




        //** If the email address has been changed, change it in all aliases too


@@ -343,11 +365,11 @@


            //if($this->oldDataRecord['email'] != $this->dataRecord['email']) {




            //* Update the aliases


            $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE destination = '".$app->db->quote($this->oldDataRecord['email'])."'");


            $forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE destination = ?", $this->oldDataRecord['email']);


            if(is_array($forwardings)) {


                foreach($forwardings as $rec) {


                    $destination = $app->db->quote($this->dataRecord['email']);


                    $app->db->datalogUpdate('mail_forwarding', "destination = '$destination'", 'forwarding_id', $rec['forwarding_id']);


                    $destination = $this->dataRecord['email'];


                    $app->db->datalogUpdate('mail_forwarding', array("destination" => $destination), 'forwarding_id', $rec['forwarding_id']);


                }


            }




@@ -355,9 +377,9 @@




        //* Change backup options when user mail backup options have been changed


        if(isset($this->dataRecord['backup_interval']) && ($this->dataRecord['backup_interval'] != $this->oldDataRecord['backup_interval'] || $this->dataRecord['backup_copies'] != $this->oldDataRecord['backup_copies'])) {


            $backup_interval = $app->db->quote($this->dataRecord['backup_interval']);


            $backup_interval = $this->dataRecord['backup_interval'];


            $backup_copies = $app->functions->intval($this->dataRecord['backup_copies']);


            $app->db->datalogUpdate('mail_user', "backup_interval = '$backup_interval', backup_copies = '$backup_copies'", 'mailuser_id', $rec['mailuser_id']);


            $app->db->datalogUpdate('mail_user', array("backup_interval" => $backup_interval, "backup_copies" => $backup_copies), 'mailuser_id', $rec['mailuser_id']);


            unset($backup_copies);


            unset($backup_interval);


        } // end if backup options changed




 interface/web/mail/mail_user_filter_del.php


@@ -51,33 +51,6 @@




class page_action extends tform_actions {




    /*


    //* Code moved to mailfilter plugin


    function onAfterDelete() {


        global $app, $conf;




        $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$this->dataRecord["mailuser_id"]);


        $skip = false;


        $lines = explode("\n",$mailuser['custom_mailfilter']);


        $out = '';




        foreach($lines as $line) {


            $line = trim($line);


            if($line == '### BEGIN FILTER_ID:'.$this->id) {


                $skip = true;


            }


            if($skip == false && $line != '') $out .= $line ."\n";


            if($line == '### END FILTER_ID:'.$this->id) {


                $skip = false;


            }


        }




        $out = $app->db->quote($out);


        $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$out'", 'mailuser_id', $this->dataRecord["mailuser_id"]);




    }


    */




}




$page = new page_action;




 interface/web/mail/mail_user_filter_edit.php


@@ -70,7 +70,7 @@


        global $app, $conf;




        // Get the parent mail_user record


        $mailuser = $app->db->queryOneRecord("SELECT * FROM mail_user WHERE mailuser_id = '".$app->functions->intval($_REQUEST["mailuser_id"])."' AND ".$app->tform->getAuthSQL('r'));


        $mailuser = $app->db->queryOneRecord("SELECT * FROM mail_user WHERE mailuser_id = ? AND ".$app->tform->getAuthSQL('r'). $_REQUEST["mailuser_id"]);




        // Check if Domain belongs to user


        if($mailuser["mailuser_id"] != $_POST["mailuser_id"]) $app->tform->errorMessage .= $app->tform->wordbook["no_mailuser_perm"];


@@ -85,11 +85,11 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another filter


            if($this->id == 0 && $client["limit_mailfilter"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(filter_id) as number FROM mail_user_filter WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(filter_id) as number FROM mail_user_filter WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_mailfilter"]) {


                    $app->tform->errorMessage .= $app->tform->lng("limit_mailfilter_txt")."<br>";


                }




 interface/web/mail/mail_user_stats.php


@@ -34,28 +34,28 @@


        //* Set the statistics colums


        //** Traffic of the current month


        $tmp_date = date('Y-m');


        $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month = '$tmp_date'");


        $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ? AND month = ?", $rec['mailuser_id'], $tmp_date);


//        $rec['this_month'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');


        $rec['this_month'] = $app->functions->formatBytes($tmp_rec['t']);


        if ($rec['this_month'] == 'NAN') $rec['this_month'] = '0 KB';




        //** Traffic of the current year


        $tmp_date = date('Y');


        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month like '$tmp_date%'");


        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ? AND month like ?", $rec['mailuser_id'], $tmp_date . '%');


//        $rec['this_year'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');


        $rec['this_year'] = $app->functions->formatBytes($tmp_rec['t']);


        if ($rec['this_year'] == 'NAN') $rec['this_year'] = '0 KB';




        //** Traffic of the last month


        $tmp_date = date('Y-m', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));


        $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month = '$tmp_date'");


        $tmp_rec = $app->db->queryOneRecord("SELECT traffic as t FROM mail_traffic WHERE mailuser_id = ? AND month = ?", $rec['mailuser_id'], $tmp_date);


//        $rec['last_month'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');


        $rec['last_month'] = $app->functions->formatBytes($tmp_rec['t']);


        if ($rec['last_month'] == 'NAN') $rec['last_month'] = '0 KB';




        //** Traffic of the last year


        $tmp_date = date('Y', mktime(0, 0, 0, date("m"), date("d"), date("Y")-1));


        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ".$app->functions->intval($rec['mailuser_id'])." AND month like '$tmp_date%'");


        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic) as t FROM mail_traffic WHERE mailuser_id = ? AND month like ?", $rec['mailuser_id'], $tmp_date . '%');


//        $rec['last_year'] = number_format($app->functions->intval($tmp_rec['t'])/1024/1024, 0, '.', ' ');


        $rec['last_year'] = $app->functions->formatBytes($tmp_rec['t']);


        if ($rec['last_year'] == 'NAN') $rec['last_year'] = '0 KB';




 interface/web/mail/mail_whitelist_edit.php


@@ -72,7 +72,7 @@


        //* Check if the server has been changed


        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


        if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


            $rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ".$this->id);


            $rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ?", $this->id);


            if($rec['server_id'] != $this->dataRecord["server_id"]) {


                //* Add a error message and switch back to old server


                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');


@@ -89,11 +89,11 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_mailfilter"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(access_id) as number FROM mail_access WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(access_id) as number FROM mail_access WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_mailfilter"]) {


                    $app->tform->errorMessage .= $app->tform->wordbook["limit_mailfilter_txt"]."<br>";


                }




 interface/web/mail/mailinglist.php


@@ -43,13 +43,13 @@


/*


 * Get the data to connect to the database


 */


$dbData = $app->db->queryAllRecords("SELECT server_id, listname FROM mail_mailinglist WHERE mailinglist_id = " . $listId);


$dbData = $app->db->queryAllRecords("SELECT server_id, listname FROM mail_mailinglist WHERE mailinglist_id = ?", $listId);


$serverId = $app->functions->intval($dbData[0]['server_id']);


if ($serverId == 0){


    die ("No List - Server found!");


}




$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$serverId);


$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $serverId);




$app->uses('getconf');


$global_config = $app->getconf->get_global_config('mail');




 interface/web/mail/spamfilter_blacklist_edit.php


@@ -65,24 +65,6 @@


        parent::onShowNew();


    }




    /*


    function onBeforeUpdate() {


        global $app, $conf;




        //* Check if the server has been changed


        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


        if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


            $rec = $app->db->queryOneRecord("SELECT server_id from spamfilter_wblist WHERE id = ".$this->id);


            if($rec['server_id'] != $this->dataRecord["server_id"]) {


                //* Add a error message and switch back to old server


                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');


                $this->dataRecord["server_id"] = $rec['server_id'];


            }


            unset($rec);


        }


    }


    */




    function onSubmit() {


        global $app, $conf;




@@ -90,11 +72,11 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_spamfilter_wblist"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(wblist_id) as number FROM spamfilter_wblist WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(wblist_id) as number FROM spamfilter_wblist WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_spamfilter_wblist"]) {


                    $app->tform->errorMessage .= $app->tform->wordbook["limit_spamfilter_wblist_txt"]."<br>";


                }


@@ -103,7 +85,7 @@


        } // end if user is not admin




        // Select and set the server_id so it matches the server_id of the spa,filter_users record


        $tmp = $app->db->queryOneRecord("SELECT server_id FROM spamfilter_users WHERE id = ".$app->functions->intval($this->dataRecord["rid"]));


        $tmp = $app->db->queryOneRecord("SELECT server_id FROM spamfilter_users WHERE id = ?", $this->dataRecord["rid"]);


        $this->dataRecord["server_id"] = $tmp["server_id"];


        unset($tmp);






 interface/web/mail/spamfilter_config_edit.php


@@ -83,8 +83,8 @@


        $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);


        $server_config_str = $app->ini_parser->get_ini_string($server_config_array);




        $sql = "UPDATE server SET config = '".$app->db->quote($server_config_str)."' WHERE server_id = ".$app->functions->intval($server_id);


        $app->db->query($sql);


        $sql = "UPDATE server SET config = ? WHERE server_id = ?";


        $app->db->query($sql, $server_config_str, $server_id);


    }




}




 interface/web/mail/spamfilter_policy_edit.php


@@ -72,11 +72,11 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_policy FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_policy FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_spamfilter_policy"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_policy WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_policy WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_spamfilter_policy"]) {


                    $app->tform->errorMessage .= $app->tform->wordbook["limit_spamfilter_policy_txt"]."<br>";


                }




 interface/web/mail/spamfilter_users_edit.php


@@ -71,7 +71,7 @@


        //* Check if the server has been changed


        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


        if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


            $rec = $app->db->queryOneRecord("SELECT server_id from spamfilter_users WHERE id = ".$this->id);


            $rec = $app->db->queryOneRecord("SELECT server_id from spamfilter_users WHERE id = ?", $this->id);


            if($rec['server_id'] != $this->dataRecord["server_id"]) {


                //* Add a error message and switch back to old server


                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');


@@ -88,11 +88,11 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_user FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_user FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_spamfilter_user"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_users WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_users WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_spamfilter_user"]) {


                    $app->tform->errorMessage .= $app->tform->wordbook["limit_spamfilter_user_txt"]."<br>";


                }




 interface/web/mail/spamfilter_whitelist_edit.php


@@ -65,24 +65,6 @@


        parent::onShowNew();


    }




    /*


    function onBeforeUpdate() {


        global $app, $conf;




        //* Check if the server has been changed


        // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


        if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


            $rec = $app->db->queryOneRecord("SELECT server_id from spamfilter_wblist WHERE id = ".$this->id);


            if($rec['server_id'] != $this->dataRecord["server_id"]) {


                //* Add a error message and switch back to old server


                $app->tform->errorMessage .= $app->lng('The Server can not be changed.');


                $this->dataRecord["server_id"] = $rec['server_id'];


            }


            unset($rec);


        }


    }


    */




    function onSubmit() {


        global $app, $conf;




@@ -90,11 +72,11 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_spamfilter_wblist FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another mailbox.


            if($this->id == 0 && $client["limit_spamfilter_wblist"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(wblist_id) as number FROM spamfilter_wblist WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(wblist_id) as number FROM spamfilter_wblist WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_spamfilter_wblist"]) {


                    $app->tform->errorMessage .= $app->tform->wordbook["limit_spamfilter_wblist_txt"]."<br>";


                }


@@ -103,7 +85,7 @@


        } // end if user is not admin




        // Select and set the server_id so it matches the server_id of the spa,filter_users record


        $tmp = $app->db->queryOneRecord("SELECT server_id FROM spamfilter_users WHERE id = ".$app->functions->intval($this->dataRecord["rid"]));


        $tmp = $app->db->queryOneRecord("SELECT server_id FROM spamfilter_users WHERE id = ?", $this->dataRecord["rid"]);


        $this->dataRecord["server_id"] = $tmp["server_id"];


        unset($tmp);






 interface/web/mail/templates/mail_alias_list.htm


@@ -53,7 +53,7 @@


                            <td><a href="#" data-load-content="mail/mail_alias_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source"}</a></td>


                            <td><a href="#" data-load-content="mail/mail_alias_edit.php?id={tmpl_var name='id'}">{tmpl_var name="destination"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_alias_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_alias_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/mail_aliasdomain_list.htm


@@ -53,7 +53,7 @@


                            <td><a href="#" data-load-content="mail/mail_aliasdomain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source"}</a></td>


                            <td><a href="#" data-load-content="mail/mail_aliasdomain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="destination"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_aliasdomain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_aliasdomain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/mail_blacklist_list.htm


@@ -56,7 +56,7 @@


                            <td><a href="#" data-load-content="mail/mail_blacklist_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source"}</a></td>


                            <td><a href="#" data-load-content="mail/mail_blacklist_edit.php?id={tmpl_var name='id'}">{tmpl_var name="type"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_blacklist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_blacklist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/mail_content_filter_list.htm


@@ -56,7 +56,7 @@


                            <td><a href="#" data-load-content="mail/mail_content_filter_edit.php?id={tmpl_var name='id'}">{tmpl_var name="pattern"}</a></td>


                            <td><a href="#" data-load-content="mail/mail_content_filter_edit.php?id={tmpl_var name='id'}">{tmpl_var name="action"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_content_filter_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_content_filter_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/mail_domain_admin_list.htm


@@ -39,7 +39,7 @@


                            <td><a href="#" data-load-content="mail/mail_domain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_id"}</a></td>


                            <td><a href="#" data-load-content="mail/mail_domain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="domain"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/mail_domain_catchall_list.htm


@@ -53,7 +53,7 @@


                            <td><a href="#" data-load-content="mail/mail_domain_catchall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source"}</a></td>


                            <td><a href="#" data-load-content="mail/mail_domain_catchall_edit.php?id={tmpl_var name='id'}">{tmpl_var name="destination"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_domain_catchall_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_domain_catchall_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/mail_domain_edit.htm


@@ -86,7 +86,7 @@


            <tmpl_else>


                <input type="hidden" name="domain_module" value="0" id="domain_module" />


            </tmpl_if>


            <div class="col-sm-3"></div><div class="col-sm-9"><button class="btn btn-default formbutton-default" type="button" data-toggle="collapse" data-target="#toggle-dkim" aria-expanded="false" aria-controls="toggle-dkim">{tmpl_var name='dkim_settings_txt'}</button></div>


            <div class="col-sm-12"><button class="btn btn-default formbutton-default" type="button" data-toggle="collapse" data-target="#toggle-dkim" aria-expanded="false" aria-controls="toggle-dkim">{tmpl_var name='dkim_settings_txt'}</button></div>


            <div id="toggle-dkim" class="collapse">


              <div class="form-group">


                <label class="col-sm-3 control-label">{tmpl_var name='dkim_txt'}</label>




 interface/web/mail/templates/mail_domain_list.htm


@@ -53,7 +53,7 @@


                            <td><a href="#" data-load-content="mail/mail_domain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_id"}</a></td>


                            <td><a href="#" data-load-content="mail/mail_domain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="domain"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/mail_forward_list.htm


@@ -53,7 +53,7 @@


                            <td><a href="#" data-load-content="mail/mail_forward_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source"}</a></td>


                            <td><a href="#" data-load-content="mail/mail_forward_edit.php?id={tmpl_var name='id'}">{tmpl_var name="destination"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_forward_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_forward_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/mail_get_list.htm


@@ -59,7 +59,7 @@


                            <td><a href="#" data-load-content="mail/mail_get_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source_username"}</a></td>


                            <td><a href="#" data-load-content="mail/mail_get_edit.php?id={tmpl_var name='id'}">{tmpl_var name="destination"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_get_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_get_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/mail_mailinglist_list.htm


@@ -50,9 +50,9 @@


                            <td><a href="#" data-load-content="mail/mail_mailinglist_edit.php?id={tmpl_var name='id'}">{tmpl_var name="domain"}</a></td>


                            <td class="text-right">


                                <tmpl_if name="mailmailinglist_link">


                                    <a class="btn btn-default formbutton-default formbutton-narrow" href="mail/mailinglist.php?id={tmpl_var name='id'}" target="mailmailinglist"><span class="icon icon-mail"></span></button>


                                    <a class="btn btn-default formbutton-default formbutton-narrow" href="mail/mailinglist.php?id={tmpl_var name='id'}" target="mailmailinglist"><span class="icon icon-mail"></span></a>


                                </tmpl_if>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_mailinglist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_mailinglist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/mail_relay_recipient_list.htm


@@ -52,7 +52,7 @@


                            <td><a href="#" data-load-content="mail/mail_relay_recipient_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_id"}</a></td>


                            <td><a href="#" data-load-content="mail/mail_relay_recipient_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_relay_recipient_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_relay_recipient_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/mail_transport_list.htm


@@ -59,7 +59,7 @@


                            <td><a href="#" data-load-content="mail/mail_transport_edit.php?id={tmpl_var name='id'}">{tmpl_var name="transport"}</a></td>


                            <td><a href="#" data-load-content="mail/mail_transport_edit.php?id={tmpl_var name='id'}">{tmpl_var name="sort_order"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_transport_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_transport_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/mail_user_autoresponder_edit.htm


@@ -14,16 +14,16 @@


            </div>


            <div class="form-group">


                <label for="autoresponder" class="col-sm-3 control-label">{tmpl_var name='autoresponder_active'}</label>


                <div class="col-sm-9"><input class="form-control" type="checkbox" value="y" id="autoresponder" name="autoresponder"


                       onclick="AR_ResetDates();" {tmpl_var name='ar_active'} /></div></div>


                <div class="col-sm-9"><input type="checkbox" value="y" id="autoresponder" name="autoresponder" onclick="AR_ResetDates();" {tmpl_var name='ar_active'} /></div>


            </div>


            <div class="form-group">


                <label for="autoresponder_start_date" class="col-sm-3 control-label">{tmpl_var name='autoresponder_start_date_txt'}</label>


                {tmpl_var name='autoresponder_start_date'}&nbsp;


                <a href="javascript:AR_SetNow();">{tmpl_var name='now_txt'}</a>


                <div class="col-sm-9">{tmpl_var name='autoresponder_start_date'}&nbsp;


                <a href="javascript:AR_SetNow();">{tmpl_var name='now_txt'}</a></div>


            </div>


            <div class="form-group">


                <label for="autoresponder_end_date" class="col-sm-3 control-label">{tmpl_var name='autoresponder_end_date_txt'}</label>


                {tmpl_var name='autoresponder_end_date'}


                <div class="col-sm-9">{tmpl_var name='autoresponder_end_date'}</div>


            </div>


        


        <input type="hidden" name="id" value="{tmpl_var name='id'}">




 interface/web/mail/templates/mail_user_backup_list.htm


@@ -2,7 +2,7 @@


    <div id="OKMsg"><p><tmpl_var name="msg"></p></div>


</tmpl_if>


<tmpl_if name="error">


    <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>


    <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>


</tmpl_if>


<h3><tmpl_var name="list_head_txt"></h3>






 interface/web/mail/templates/mail_user_filter_edit.htm


@@ -7,21 +7,22 @@


        


            <div class="form-group">


                <label for="rulename" class="col-sm-3 control-label">{tmpl_var name='rulename_txt'}</label>


                <div class="col-sm-9"><input type="text" id="rulename" name="rulename" value="{tmpl_var name='rulename'}" class="form-control"></div></div>


                <div class="col-sm-9"><input type="text" id="rulename" name="rulename" value="{tmpl_var name='rulename'}" class="form-control"></div>


            </div>


            <div class="form-group">


                <label for="source" class="col-sm-3 control-label">{tmpl_var name='source_txt'}</label>


                <div class="col-sm-9"><select id="source" name="source" class="form-control">{tmpl_var name='source'}</select></div>


                <div class="col-sm-9"><select id="op" name="op" class="form-control">{tmpl_var name='op'}</select></div><br><br>


                <div><label></label><div class="col-sm-9"><input type="text" id="searchterm" name="searchterm" value="{tmpl_var name='searchterm'}" class="form-control"></div></div>


                <div class="col-sm-9" style="margin-bottom:10px"><select id="source" name="source" class="form-control">{tmpl_var name='source'}</select></div>


                <div class="col-sm-3"></div><div class="col-sm-9" style="margin-bottom:10px"><select id="op" name="op" class="form-control">{tmpl_var name='op'}</select></div>


                <div class="col-sm-3"></div><div class="col-sm-9"><input type="text" id="searchterm" name="searchterm" value="{tmpl_var name='searchterm'}" class="form-control"></div>


            </div>


            <div class="form-group">


                <label for="action" class="col-sm-3 control-label">{tmpl_var name='action_txt'}</label>


                <div class="col-sm-9"><select id="action" name="action" class="form-control">{tmpl_var name='action'}</select></div><br><br>


                <div><label></label><div class="col-sm-9"><input type="text" id="target" name="target" value="{tmpl_var name='target'}" class="form-control"></div></div>


                <div class="col-sm-9" style="margin-bottom:10px"><select id="action" name="action" class="form-control">{tmpl_var name='action'}</select></div>


                <div class="col-sm-3"></div><div class="col-sm-9"><input type="text" id="target" name="target" value="{tmpl_var name='target'}" class="form-control"></div>


            </div>


            <div class="form-group">


                <label for="active" class="col-sm-3 control-label">{tmpl_var name='active_txt'}</label>


                <span class="">{tmpl_var name='active'}</span>


                <div class="col-sm-9"><span class="">{tmpl_var name='active'}</span></div>


            </div>


        






 interface/web/mail/templates/mail_user_filter_list.htm


@@ -42,7 +42,7 @@


                    <tr>


                        <td><a href="#" data-load-content="mail/mail_user_filter_edit.php?id={tmpl_var name='id'}">{tmpl_var name="rulename"}</a></td>


                        <td class="text-right">


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_user_filter_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_user_filter_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                    </tr>


                </tmpl_loop>


@@ -54,7 +54,7 @@


            </tbody>


            <tfoot>


                <tr>


                    <td colspan="3"><tmpl_var name="paging"></td>


                    <td colspan="2"><tmpl_var name="paging"></td>


                </tr>


            </tfoot>


        </table>




 interface/web/mail/templates/mail_user_list.htm


@@ -73,9 +73,9 @@


                        <td><a href="#" data-load-content="mail/mail_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="disablepop3"}</a></td>


                        <td class="text-right">


                            <tmpl_if name="mailboxlist_webmail_link">


                                <a class="btn btn-default formbutton-default formbutton-narrow" href="mail/webmailer.php?id={tmpl_var name='id'}" target="webmail"><span class="icon icon-mail"></span></button>


                                <a class="btn btn-default formbutton-default formbutton-narrow" href="mail/webmailer.php?id={tmpl_var name='id'}" target="webmail"><span class="icon icon-mail"></span></a>


                            </tmpl_if>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                    </tr>


                </tmpl_loop>




 interface/web/mail/templates/mail_whitelist_list.htm


@@ -40,7 +40,7 @@


                            <td><a href="#" data-load-content="mail/mail_whitelist_edit.php?id={tmpl_var name='id'}">{tmpl_var name="source"}</a></td>


                            <td><a href="#" data-load-content="mail/mail_whitelist_edit.php?id={tmpl_var name='id'}">{tmpl_var name="type"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_whitelist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/mail_whitelist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/spamfilter_blacklist_list.htm


@@ -43,7 +43,7 @@


                            <td><a href="#" data-load-content="mail/spamfilter_blacklist_edit.php?id={tmpl_var name='id'}">{tmpl_var name="rid"}</a></td>


                            <td><a href="#" data-load-content="mail/spamfilter_blacklist_edit.php?id={tmpl_var name='id'}">{tmpl_var name="email"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_blacklist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_blacklist_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/spamfilter_config_list.htm


@@ -31,7 +31,7 @@


                        <tr>


                            <td><a href="#" data-load-content="mail/spamfilter_config_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_name"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_config_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_config_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/mail/templates/spamfilter_policy_list.htm


@@ -43,7 +43,7 @@


                        <td><a href="#" data-load-content="mail/spamfilter_policy_edit.php?id={tmpl_var name='id'}">{tmpl_var name="banned_files_lover"}</a></td>


                        <td><a href="#" data-load-content="mail/spamfilter_policy_edit.php?id={tmpl_var name='id'}">{tmpl_var name="bad_header_lover"}</a></td>


                        <td class="text-right">


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_policy_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_policy_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                    </tr>


                </tmpl_loop>




 interface/web/mail/templates/spamfilter_users_list.htm


@@ -43,7 +43,7 @@


                        <td><a href="#" data-load-content="mail/spamfilter_users_edit.php?id={tmpl_var name='id'}">{tmpl_var name="policy_id"}</a></td>


                        <td><a href="#" data-load-content="mail/spamfilter_users_edit.php?id={tmpl_var name='id'}">{tmpl_var name="fullname"}</a></td>


                        <td class="text-right">


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_users_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mail/spamfilter_users_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                    </tr>


                    </tmpl_loop>




 interface/web/mail/user_quota_stats.php


@@ -19,8 +19,6 @@




$app->load('listform_actions');




// $tmp_rec = $app->db->queryOneRecord("SELECT data from monitor_data WHERE type = 'harddisk_quota' ORDER BY created DESC");


// $monitor_data = unserialize($app->db->unquote($tmp_rec['data']));


$tmp_rec =  $app->db->queryAllRecords("SELECT data from monitor_data WHERE type = 'email_quota' ORDER BY created DESC");


$monitor_data = array();


if(is_array($tmp_rec)) {




 interface/web/mail/webmailer.php


@@ -43,13 +43,13 @@


/*


 * Get the data to connect to the database


 */


$dbData = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = " . $emailId);


$dbData = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ?", $emailId);


$serverId = $app->functions->intval($dbData['server_id']);


if ($serverId == 0){


    die ("No E-Mail - Server found!");


}




$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$serverId);


$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $serverId);




$app->uses('getconf');


$global_config = $app->getconf->get_global_config('mail');




 interface/web/mail/xmpp_domain_del.php


@@ -67,8 +67,8 @@


    private function delete_accounts($domain){


        global $app;


        // get all accounts


        $sql = "SELECT * FROM xmpp_user WHERE jid LIKE ? AND ?";


        $users = $app->db->queryAllRecords($sql, '%@'.$domain, $app->tform->getAuthSQL('d'));


        $sql = "SELECT * FROM xmpp_user WHERE jid LIKE ? AND " . $app->tform->getAuthSQL('d');


        $users = $app->db->queryAllRecords($sql, '%@'.$domain);


        foreach($users AS $u)


            $app->db->datalogDelete('xmpp_user', 'xmppuser_id', $u['xmppuser_id']);


    }


@@ -77,8 +77,8 @@


        global $app;




        // purge all xmpp related rr-record


        $sql = "SELECT * FROM dns_rr WHERE zone = ? AND (name IN ? AND type = 'CNAME' OR name LIKE ? AND type = 'SRV')  AND ? ORDER BY serial DESC";


        $rec = $app->db->queryAllRecords($sql, $new_rr['zone'], array('xmpp', 'pubsub', 'proxy', 'anon', 'vjud', 'muc'), '_xmpp-%', $app->tform->getAuthSQL('r'));


        $sql = "SELECT * FROM dns_rr WHERE zone = ? AND (name IN ? AND type = 'CNAME' OR name LIKE ? AND type = 'SRV')  AND " . $app->tform->getAuthSQL('r') . " ORDER BY serial DESC";


        $rec = $app->db->queryAllRecords($sql, $new_rr['zone'], array('xmpp', 'pubsub', 'proxy', 'anon', 'vjud', 'muc'), '_xmpp-%');


        if (is_array($rec[1])) {


            for ($i=0; $i < count($rec); ++$i)


                $app->db->datalogDelete('dns_rr', 'id', $rec[$i]['id']);




 interface/web/mail/xmpp_domain_edit.php


@@ -95,7 +95,7 @@


        $read_limits = array('limit_xmpp_pastebin', 'limit_xmpp_httparchive', 'limit_xmpp_anon', 'limit_xmpp_vjud', 'limit_xmpp_proxy', 'limit_xmpp_status');


        if($_SESSION["s"]["user"]["typ"] != 'admin') {


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


            // add limits to template to be able to hide settings


            foreach($read_limits as $limit) $app->tpl->setVar($limit, $client[$limit]);


        }else{


@@ -123,13 +123,13 @@




            // Get the limits of the client


            $client_group_id = $_SESSION["s"]["user"]["default_group"];


            $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id order by client.contact_name");


            $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ? order by client.contact_name", $client_group_id);




            if ($settings['use_domain_module'] != 'y') {


                // Fill the client select field


                $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";


                $clients = $app->db->queryAllRecords($sql);


                $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));


                $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";


                $clients = $app->db->queryAllRecords($sql, $client['client_id']);


                $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);


                $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';


                //$tmp_data_record = $app->tform->getDataRecord($this->id);


                if(is_array($clients)) {


@@ -145,7 +145,7 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin')


        {


            $client_group_id = $_SESSION["s"]["user"]["default_group"];


            $client_xmpp = $app->db->queryOneRecord("SELECT xmpp_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client_xmpp = $app->db->queryOneRecord("SELECT xmpp_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            $client_xmpp['xmpp_servers_ids'] = explode(',', $client_xmpp['xmpp_servers']);




@@ -156,8 +156,8 @@


                $app->tpl->setVar('server_id_value', $client_xmpp['xmpp_servers_ids'][0]);


            }




            $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client_xmpp['xmpp_servers'] . ");";


            $xmpp_servers = $app->db->queryAllRecords($sql);


            $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";


            $xmpp_servers = $app->db->queryAllRecords($sql, $client_xmpp['xmpp_servers_ids']);




            $options_xmpp_servers = "";




@@ -239,11 +239,11 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') {


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_xmpp_domain FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_xmpp_domain FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


            // When the record is updated


            if($this->id > 0) {


                // restore the server ID if the user is not admin and record is edited


                $tmp = $app->db->queryOneRecord("SELECT server_id FROM xmpp_domain WHERE domain_id = ".$app->functions->intval($this->id));


                $tmp = $app->db->queryOneRecord("SELECT server_id FROM xmpp_domain WHERE domain_id = ?", $this->id);


                $this->dataRecord["server_id"] = $tmp["server_id"];


                unset($tmp);


                // When the record is inserted


@@ -256,7 +256,7 @@


                }




                if($client["limit_xmpp_domain"] >= 0) {


                    $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM xmpp_domain WHERE sys_groupid = $client_group_id");


                    $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM xmpp_domain WHERE sys_groupid = ?", $client_group_id);


                    if($tmp["number"] >= $client["limit_xmpp_domain"]) {


                        $app->error($app->tform->wordbook["limit_xmppdomain_txt"]);


                    }


@@ -281,7 +281,7 @@


                case 1:


                    $this->dataRecord["management_method"] = 'maildomain';


                    // Check for corresponding mail domain


                    $tmp = $app->db->queryOneRecord("SELECT count(domain_id) AS number FROM mail_domain WHERE domain = '".$this->dataRecord["domain"]."' AND ".$app->tform->getAuthSQL('r')." ORDER BY domain");


                    $tmp = $app->db->queryOneRecord("SELECT count(domain_id) AS number FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r')." ORDER BY domain", $this->dataRecord["domain"]);


                    if($tmp['number']==0){


                        $app->error($app->tform->wordbook["no_corresponding_maildomain_txt"]);


                        break;


@@ -318,11 +318,11 @@


        // also make sure that the user can not delete domain created by a admin


        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE xmpp_domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id);


            $app->db->query("UPDATE xmpp_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);


        }


        if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE xmpp_domain SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$this->id);


            $app->db->query("UPDATE xmpp_domain SET sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $client_group_id, $this->id);


        }




        //* make sure that the xmpp domain is lowercase


@@ -342,7 +342,7 @@




        if($this->_xmpp_type == 'server') {


            // Check if the domain has been changed


            $rec = $app->db->queryOneRecord("SELECT domain from xmpp_domain WHERE domain_id = ".$this->id);


            $rec = $app->db->queryOneRecord("SELECT domain from xmpp_domain WHERE domain_id = ?", $this->id);


            if($this->dataRecord['domain']!=$rec['domain'])


                $app->error($app->tform->wordbook["cant_change_domainname_txt"]);




@@ -350,7 +350,7 @@


            // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


            if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


                if (isset($this->dataRecord["server_id"])) {


                    $rec = $app->db->queryOneRecord("SELECT server_id from xmpp_domain WHERE domain_id = ".$this->id);


                    $rec = $app->db->queryOneRecord("SELECT server_id from xmpp_domain WHERE domain_id = ?", $this->id);


                    if($rec['server_id'] != $this->dataRecord["server_id"]) {


                        //* Add a error message and switch back to old server


                        $app->tform->errorMessage .= $app->lng('The Server can not be changed.');


@@ -361,7 +361,7 @@


                //* If the user is neither admin nor reseller


            } else {


                //* We do not allow users to change a domain which has been created by the admin


                $rec = $app->db->queryOneRecord("SELECT sys_perm_group, domain from xmpp_domain WHERE domain_id = ".$this->id);


                $rec = $app->db->queryOneRecord("SELECT sys_perm_group, domain from xmpp_domain WHERE domain_id = ?", $this->id);


                if(isset($this->dataRecord["domain"]) && $rec['domain'] != $this->dataRecord["domain"] && $app->tform->checkPerm($this->id, 'u')) {


                    //* Add a error message and switch back to old server


                    $app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');


@@ -411,7 +411,7 @@


    private function update_dns($dataRecord, $new_rr) {


        global $app, $conf;




        $rec = $app->db->queryOneRecord("SELECT use_pubsub, use_proxy, use_anon_host, use_vjud, use_muc_host from xmpp_domain WHERE domain_id = ".$this->id);


        $rec = $app->db->queryOneRecord("SELECT use_pubsub, use_proxy, use_anon_host, use_vjud, use_muc_host from xmpp_domain WHERE domain_id = ?", $this->id);


        $required_hosts = array('xmpp');


        if($rec['use_pubsub']=='y')


            $required_hosts[] = 'pubsub';


@@ -425,8 +425,8 @@


            $required_hosts[] = 'muc';




        // purge old rr-record


        $sql = "SELECT * FROM dns_rr WHERE zone = ? AND (name IN ? AND type = 'CNAME' OR name LIKE ? AND type = 'SRV')  AND ? ORDER BY serial DESC";


        $rec = $app->db->queryAllRecords($sql, $new_rr['zone'], array('xmpp', 'pubsub', 'proxy', 'anon', 'vjud', 'muc'), '_xmpp-%', $app->tform->getAuthSQL('r'));


        $sql = "SELECT * FROM dns_rr WHERE zone = ? AND (name IN ? AND type = 'CNAME' OR name LIKE ? AND type = 'SRV')  AND " . $app->tform->getAuthSQL('r') . " ORDER BY serial DESC";


        $rec = $app->db->queryAllRecords($sql, $new_rr['zone'], array('xmpp', 'pubsub', 'proxy', 'anon', 'vjud', 'muc'), '_xmpp-%');


        if (is_array($rec[1])) {


            for ($i=0; $i < count($rec); ++$i)


                $app->db->datalogDelete('dns_rr', 'id', $rec[$i]['id']);


@@ -468,7 +468,7 @@


        // Refresh zone


        $zone = $app->db->queryOneRecord("SELECT id, serial FROM dns_soa WHERE active = 'Y' AND id = ?", $new_rr['zone']);


        $new_serial = $app->validate_dns->increase_serial($zone['serial']);


        $app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $zone['id']);


        $app->db->datalogUpdate('dns_soa', array("serial" => $new_serial), 'id', $zone['id']);


    }




    /*




 interface/web/mail/xmpp_user_edit.php


@@ -98,7 +98,7 @@


        global $app, $conf;


        //* Check if Domain belongs to user


        if(isset($_POST["jid_domain"])) {


            $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM xmpp_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["jid_domain"]))."' AND ".$app->tform->getAuthSQL('r'));


            $domain = $app->db->queryOneRecord("SELECT server_id, domain FROM xmpp_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["jid_domain"]));


            if($domain["domain"] != $app->functions->idn_encode($_POST["jid_domain"])) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");


        }




@@ -112,12 +112,12 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_xmpp_user, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_xmpp_user, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);






            // Check if the user may add another xmpp user.


            if($this->id == 0 && $client["limit_xmpp_user"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(xmppuser_id) as number FROM xmpp_user WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(xmppuser_id) as number FROM xmpp_user WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_xmpp_user"]) {


                    $app->tform->errorMessage .= $app->tform->lng("limit_xmpp_user_txt")."<br>";


                }


@@ -148,8 +148,8 @@


        global $app, $conf;




        // Set the domain owner as xmpp user owner


        $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM xmpp_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["jid_domain"]))."' AND ".$app->tform->getAuthSQL('r'));


        $app->db->query("UPDATE xmpp_user SET sys_groupid = ".$app->functions->intval($domain["sys_groupid"])." WHERE xmppuser_id = ".$this->id);


        $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM xmpp_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["jid_domain"]));


        $app->db->query("UPDATE xmpp_user SET sys_groupid = ? WHERE xmppuser_id = ?", $domain["sys_groupid"], $this->id);




    }




@@ -158,8 +158,8 @@




        // Set the domain owner as mailbox owner


        if(isset($_POST["xmpp_domain"])) {


            $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM xmpp_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["jid_domain"]))."' AND ".$app->tform->getAuthSQL('r'));


            $app->db->query("UPDATE xmpp_user SET sys_groupid = ".$app->functions->intval($domain["sys_groupid"])." WHERE xmppuser_id = ".$this->id);


            $domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM xmpp_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["jid_domain"]));


            $app->db->query("UPDATE xmpp_user SET sys_groupid = ? WHERE xmppuser_id = ?", $domain["sys_groupid"], $this->id);




        }


    }




 interface/web/mailuser/index.php


@@ -17,8 +17,8 @@


include $lng_file;


$app->tpl->setVar($wb);




$sql = "SELECT * FROM mail_user WHERE mailuser_id = ".$app->functions->intval($_SESSION['s']['user']['mailuser_id']);


$rec = $app->db->queryOneRecord($sql);


$sql = "SELECT * FROM mail_user WHERE mailuser_id = ?";


$rec = $app->db->queryOneRecord($sql, $_SESSION['s']['user']['mailuser_id']);




if($rec['quota'] == 0) {


    $rec['quota'] = $wb['unlimited_txt'];


@@ -30,8 +30,8 @@




$app->tpl->setVar($rec);




$sql2 = "SELECT * FROM server WHERE server_id = ".$app->functions->intval($rec['server_id']);


$rec2 = $app->db->queryOneRecord($sql2);


$sql2 = "SELECT * FROM server WHERE server_id = ?";


$rec2 = $app->db->queryOneRecord($sql2, $rec['server_id']);




$app->tpl->setVar($rec2);






 interface/web/mailuser/mail_user_filter_edit.php


@@ -71,7 +71,7 @@


        global $app, $conf;




        // Get the parent mail_user record


        $mailuser = $app->db->queryOneRecord("SELECT * FROM mail_user WHERE mailuser_id = '".$app->functions->intval($_SESSION['s']['user']['mailuser_id'])."'");


        $mailuser = $app->db->queryOneRecord("SELECT * FROM mail_user WHERE mailuser_id = ?", $_SESSION['s']['user']['mailuser_id']);




        // Set the mailuser_id


        $this->dataRecord["mailuser_id"] = $mailuser["mailuser_id"];


@@ -84,11 +84,11 @@


        if($_SESSION["s"]["user"]["default_group"] > 0) { // if user is not admin


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_mailfilter FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Check if the user may add another filter


            if($this->id == 0 && $client["limit_mailfilter"] >= 0) {


                $tmp = $app->db->queryOneRecord("SELECT count(filter_id) as number FROM mail_user_filter WHERE sys_groupid = $client_group_id");


                $tmp = $app->db->queryOneRecord("SELECT count(filter_id) as number FROM mail_user_filter WHERE sys_groupid = ?", $client_group_id);


                if($tmp["number"] >= $client["limit_mailfilter"]) {


                    $app->tform->errorMessage .= $app->tform->lng("limit_mailfilter_txt")."<br>";


                }




 interface/web/mailuser/mail_user_spamfilter_edit.php


@@ -74,19 +74,30 @@


        $rec = $app->tform->getDataRecord($this->id);


        $email_parts = explode('@', $rec['email']);


        $email_domain = $email_parts[1];


        $domain = $app->db->queryOneRecord("SELECT sys_userid, sys_groupid, server_id FROM mail_domain WHERE domain = '".$app->db->quote($email_domain)."'");


        $domain = $app->db->queryOneRecord("SELECT sys_userid, sys_groupid, server_id FROM mail_domain WHERE domain = ?", $email_domain);




        // Spamfilter policy


        $policy_id = $app->functions->intval($this->dataRecord["policy"]);


        $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".$app->db->quote($rec["email"])."'");


        $tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", $rec["email"]);


        if($policy_id > 0) {


            if($tmp_user["id"] > 0) {


                // There is already a record that we will update


                $app->db->datalogUpdate('spamfilter_users', "policy_id = $policy_id", 'id', $tmp_user["id"]);


                $app->db->datalogUpdate('spamfilter_users', array("policy_id" => $policy_id), 'id', $tmp_user["id"]);


            } else {


                // We create a new record


                $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `priority`, `policy_id`, `email`, `fullname`, `local`)


                        VALUES (".$app->functions->intval($domain["sys_userid"]).", ".$app->functions->intval($domain["sys_groupid"]).", 'riud', 'riud', '', ".$app->functions->intval($domain["server_id"]).", 10, ".$app->functions->intval($policy_id).", '".$app->db->quote($rec["email"])."', '".$app->db->quote($rec["email"])."', 'Y')";


                $insert_data = array(


                    "sys_userid" => $domain["sys_userid"],


                    "sys_groupid" => $domain["sys_groupid"],


                    "sys_perm_user" => 'riud',


                    "sys_perm_group" => 'riud',


                    "sys_perm_other" => '',


                    "server_id" => $domain["server_id"],


                    "priority" => 10,


                    "policy_id" => $policy_id,


                    "email" => $rec["email"],


                    "fullname" => $rec["email"],


                    "local" => 'Y'


                );


                $app->db->datalogInsert('spamfilter_users', $insert_data, 'id');


            }


        }else {


@@ -104,7 +115,7 @@


        $app->tpl->setVar("email", $rec['email']);




        // Get the spamfilter policys for the user


        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = '".$app->db->quote($rec['email'])."'");


        $tmp_user = $app->db->queryOneRecord("SELECT policy_id FROM spamfilter_users WHERE email = ?", $rec['email']);


        $sql = "SELECT id, policy_name FROM spamfilter_policy WHERE ".$app->tform->getAuthSQL('r');


        $policys = $app->db->queryAllRecords($sql);


        $policy_select = "<option value='0'>".$app->tform->lng("no_policy")."</option>";




 interface/web/mailuser/templates/mail_user_filter_list.htm


@@ -30,7 +30,7 @@


                <tr>


                    <td><a href="#" data-load-content="mailuser/mail_user_filter_edit.php?id={tmpl_var name='id'}">{tmpl_var name="rulename"}</a></td>


                    <td class="text-right">


                        <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mailuser/mail_user_filter_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                        <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('mailuser/mail_user_filter_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                    </td>


                </tr>


                </tmpl_loop>




 interface/web/monitor/lib/module.conf.php


@@ -8,6 +8,7 @@


$module["template"]  = "module.tpl.htm";


$module["tab_width"]    = '';


$module["startpage"]  = "monitor/show_sys_state.php?state=system";


$module['order']    = '60';




unset($items);


$items[] = array( 'title'  => "Show Overview",




 interface/web/monitor/log_del.php


@@ -35,7 +35,7 @@


$app->auth->check_module_permissions('monitor');




$syslog_id = $app->functions->intval($_GET['id']);


$app->db->query("UPDATE sys_log SET loglevel = 0 WHERE syslog_id = '$syslog_id'");


$app->db->query("UPDATE sys_log SET loglevel = 0 WHERE syslog_id = ?", $syslog_id);




header('Location: log_list.php');


exit;




 interface/web/monitor/show_log.php


@@ -120,7 +120,7 @@






/* fetch the Data from the DB */


$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = '" . $app->db->quote($logId) . "' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");


$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = ? and server_id = ? order by created desc", $logId, $_SESSION['monitor']['server_id']);




if(isset($record['data'])) {


    $data = unserialize($record['data']);




 interface/web/monitor/show_sys_state.php


@@ -191,7 +191,7 @@


    /*


     * Get all monitoring-data from the server and process then


    */


    $records = $app->db->queryAllRecords("SELECT DISTINCT type, data FROM monitor_data WHERE server_id = " . $serverId);


    $records = $app->db->queryAllRecords("SELECT DISTINCT type, data FROM monitor_data WHERE server_id = ?", $serverId);


    $osData = null;


    $veInfo = null;


    $ispcData = null;


@@ -320,7 +320,7 @@


    * state


    */


    // get the State from the DB


    $record = $app->db->queryOneRecord("SELECT state FROM monitor_data WHERE type = '" . $type . "' and server_id = " . $serverId . " order by created desc");


    $record = $app->db->queryOneRecord("SELECT state FROM monitor_data WHERE type = ? and server_id = ? order by created desc", $type, $serverId);




    // change the new state to the highest state


    /*




 interface/web/monitor/templates/datalog_list.htm


@@ -33,7 +33,7 @@


                            <td>{tmpl_var name="action"}</td>


                            <td>{tmpl_var name="dbtable"}</td>


                            <td class="text-right">    


                                <!--<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('monitor/datalog_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button> -->


                                <!--<a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('monitor/datalog_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a> -->


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/monitor/templates/syslog_list.htm


@@ -34,10 +34,10 @@


                            <td>{tmpl_var name="message"}</td>


                            <td class="text-right">


                                <tmpl_if name="loglevel" op="==" value="Error">


                                    <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('monitor/log_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                    <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('monitor/log_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                                </tmpl_if>


                                <tmpl_if name="loglevel" op="==" value="Warning">


                                    <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('monitor/log_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                    <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('monitor/log_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                                </tmpl_if>


                            </td>


                        </tr>




 interface/web/nav.php


@@ -45,25 +45,41 @@


        /*


         * If the dashboard is in the list of modules it always has to be the first!


         */


        /*


        asort($modules);


        if (in_array('dashboard', $modules)) {


            $key = array_search('dashboard', $modules);


            unset($modules[$key]);


            $modules = array_merge(array('dashboard'), $modules);


        }


        */


        if(is_array($modules)) {


            foreach($modules as $mt) {


                if(is_file($mt.'/lib/module.conf.php')) {


                    if(!preg_match("/^[a-z]{2,20}$/i", $mt)) die('module name contains unallowed chars.');


                    if($mt == 'dns'){


                        $dns_servers = $app->db->queryOneRecord("SELECT COUNT(*) as cnt FROM server WHERE dns_server = 1 AND active = 1");


                        if($dns_servers['cnt'] == 0) continue;


                    }


                    if($mt == 'mail'){


                        $mail_servers = $app->db->queryOneRecord("SELECT COUNT(*) as cnt FROM server WHERE mail_server = 1 AND active = 1");


                        if($mail_servers['cnt'] == 0) continue;


                    }


                    if($mt == 'sites'){


                        $web_servers = $app->db->queryOneRecord("SELECT COUNT(*) as cnt FROM server WHERE web_server = 1 AND active = 1");


                        if($web_servers['cnt'] == 0) continue;


                    }


					


                    include_once $mt.'/lib/module.conf.php';


                    $language = (isset($_SESSION['s']['user']['language']))?$_SESSION['s']['user']['language']:$conf['language'];


                    $app->load_language_file('web/'.$mt.'/lib/'.$language.'.lng');


                    $active = ($module['name'] == $_SESSION['s']['module']['name']) ? 1 : 0;


                    $topnav[] = array( 'title'  => $app->lng($module['title']),


                    $topnav[$module['order'].'-'.$module['name']] = array( 'title'  => $app->lng($module['title']),


                        'active'  => $active,


                        'module' => $module['name']);


                }


            }


            ksort($topnav);


        }


    } else {


        //*  Loading Login Module




 interface/web/remote/monitor.php


@@ -30,7 +30,7 @@


        $sql = 'SELECT server_id, server_name FROM server WHERE 1 ORDER BY server_id';


        $records = $app->db->queryAllRecords($sql);


        foreach($records as $index => $rec) {


            $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE server_id = " . $rec['server_id'] . " AND state NOT IN ('ok', 'no_state', 'info')");


            $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE server_id = ? AND state NOT IN ('ok', 'no_state', 'info')", $rec['server_id']);


            if($rec) $records[$index]['state'] = 'warn';


            else $records[$index]['state'] = 'ok';


        }


@@ -38,7 +38,7 @@


        $out['data'] = $records;


        $out['time'] = date('Y-m-d H:i', $rec['created']);


    } else {


        $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE type = '$type' AND server_id = $server_id");


        $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE type = ? AND server_id = ?", $type, $server_id);


        if(is_array($rec)) {


            $out['state'] = $rec['state'];


            $out['data'] = unserialize(stripslashes($rec['data']));




 interface/web/sites/ajax_get_ip.php


@@ -37,15 +37,15 @@




$server_id = $app->functions->intval($_GET["server_id"]);


$client_group_id = $app->functions->intval($_GET["client_group_id"]);


$ip_type = $app->db->quote($_GET['ip_type']);


$ip_type = $_GET['ip_type'];




if($_SESSION["s"]["user"]["typ"] == 'admin' or $app->auth->has_clients($_SESSION['s']['user']['userid'])) {




    //* Get global web config


    $web_config = $app->getconf->get_server_config($server_id, 'web');




    $sql = "SELECT ip_address FROM server_ip WHERE ip_type = '$ip_type' AND server_id = $server_id";


    $ips = $app->db->queryAllRecords($sql);


    $sql = "SELECT ip_address FROM server_ip WHERE ip_type = ? AND server_id = ?";


    $ips = $app->db->queryAllRecords($sql, $ip_type, $server_id);


    // $ip_select = "<option value=''></option>";


    if($ip_type == 'IPv4'){


        $ip_select = ($web_config['enable_ip_wildcard'] == 'y')?"*#":"";




 interface/web/sites/ajax_get_json.php


@@ -56,8 +56,8 @@




if($type == 'getserverid'){


    $json = '{"serverid":"';


    $sql = "SELECT server_id FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');


    $server = $app->db->queryOneRecord($sql);


    $sql = "SELECT server_id FROM web_domain WHERE domain_id = ?? AND ".$app->tform->getAuthSQL('r');


    $server = $app->db->queryOneRecord($sql, $web_id);


    $json .= $server['server_id'];


    unset($server);


    $json .= '"}';


@@ -77,7 +77,7 @@


        $sql_where = " AND (client_id = 0 OR client_id = ".$app->functions->intval($_SESSION["s"]["user"]["client_id"]) . ")";


        //* Reseller: If the logged in user is not admin and has sub clients (is a reseller)


    } elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


        $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = $client_group_id");


        $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $client_group_id);


        //$sql_where = " AND (client_id = 0 OR client_id = ".$_SESSION["s"]["user"]["client_id"];


        $sql_where = " AND (client_id = 0";


        if($app->functions->intval($client['client_id']) > 0) $sql_where .= " OR client_id = ".$app->functions->intval($client['client_id']);


@@ -85,7 +85,7 @@


        //* Admin: If the logged in user is admin


    } else {


        //$sql_where = '';


        $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = $client_group_id");


        $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $client_group_id);


        //$sql_where = " AND (client_id = 0 OR client_id = ".$_SESSION["s"]["user"]["client_id"];


        $sql_where = " AND (client_id = 0";


        if($app->functions->intval($client['client_id']) > 0) $sql_where .= " OR client_id = ".$app->functions->intval($client['client_id']);


@@ -93,10 +93,9 @@


    }




    if($php_type == 'php-fpm'){


        $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = $server_id".$sql_where);


    }


    if($php_type == 'fast-cgi'){


        $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = $server_id".$sql_where);


        $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?".$sql_where, $server_id);


    } elseif($php_type == 'fast-cgi'){


        $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ?".$sql_where, $server_id);


    }


    $php_select = "";


    if(is_array($php_records) && !empty($php_records)) {


@@ -116,8 +115,8 @@




if($type == 'getphptype'){


    $json = '{"phptype":"';


    $sql = "SELECT php FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');


    $php = $app->db->queryOneRecord($sql);


    $sql = "SELECT php FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r');


    $php = $app->db->queryOneRecord($sql, $web_id);


    $json .= $php['php'];


    unset($php);


    $json .= '"}';


@@ -125,8 +124,8 @@




if($type == 'getredirecttype'){


    $json = '{"redirecttype":"';


    $sql = "SELECT redirect_type FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');


    $redirect = $app->db->queryOneRecord($sql);


    $sql = "SELECT redirect_type FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r');


    $redirect = $app->db->queryOneRecord($sql, $web_id);


    $json .= $redirect['redirect_type'];


    unset($redirect);


    $json .= '"}';


@@ -155,11 +154,11 @@


if($type == 'getdatabaseusers') {


    $json = '{}';




    $sql = "SELECT sys_groupid FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');


    $group = $app->db->queryOneRecord($sql);


    $sql = "SELECT sys_groupid FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r');


    $group = $app->db->queryOneRecord($sql, $web_id);


    if($group) {


        $sql = "SELECT database_user_id, database_user FROM web_database_user WHERE sys_groupid = '" . $app->functions->intval($group['sys_groupid']) . "'";


        $records = $app->db->queryAllRecords($sql);


        $sql = "SELECT database_user_id, database_user FROM web_database_user WHERE sys_groupid = ?";


        $records = $app->db->queryAllRecords($sql, $group['sys_groupid']);




        $tmp_array = array();


        foreach($records as $record) {


@@ -202,9 +201,9 @@


}




if($type == 'getclientssldata'){


    $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", intval($web_id));


    $sys_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE groupid = ?", intval($web['sys_groupid']));


    $client = $app->db->queryOneRecord("SELECT * FROM client WHERE client_id = ?", intval($sys_group['client_id']));


    $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $web_id);


    $sys_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE groupid = ?", $web['sys_groupid']);


    $client = $app->db->queryOneRecord("SELECT * FROM client WHERE client_id = ?", $sys_group['client_id']);


    if(is_array($client) && !empty($client)){


        if($client['telephone'] == '' && $client['mobile'] != '') $client['telephone'] = $client['mobile'];


        




 interface/web/sites/aps_do_operation.php


@@ -50,15 +50,15 @@


    if(!$gui->isValidPackageID($_GET['id'], true)) die($app->lng('Invalid ID'));




    // Change the existing status to the opposite


    $get_status = $app->db->queryOneRecord("SELECT package_status FROM aps_packages WHERE id = '".$app->functions->intval($_GET['id'])."';");


    $get_status = $app->db->queryOneRecord("SELECT package_status FROM aps_packages WHERE id = ?", $_GET['id']);


    if($get_status['package_status'] == strval(PACKAGE_LOCKED))


    {


        $app->db->query("UPDATE aps_packages SET package_status = ".PACKAGE_ENABLED." WHERE id = '".$app->functions->intval($_GET['id'])."';");


        $app->db->query("UPDATE aps_packages SET package_status = ? WHERE id = ?", PACKAGE_ENABLED, $_GET['id']);


        echo '<div class="swap" id="ir-Yes"><span>'.$app->lng('Yes').'</span></div>';


    }


    else


    {


        $app->db->query("UPDATE aps_packages SET Package_status = ".PACKAGE_LOCKED." WHERE id = '".$app->functions->intval($_GET['id'])."';");


        $app->db->query("UPDATE aps_packages SET Package_status = ? WHERE id = ?", PACKAGE_LOCKED, $_GET['id']);


        echo '<div class="swap" id="ir-No"><span>'.$app->lng('No').'</span></div>';


    }


}


@@ -69,7 +69,7 @@


        $is_admin = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false;


        if(!$is_admin)


        {


            $cid = $app->db->queryOneRecord("SELECT client_id FROM client WHERE username = '".$app->db->quote($_SESSION['s']['user']['username'])."';");


            $cid = $app->db->queryOneRecord("SELECT client_id FROM client WHERE username = ?", $_SESSION['s']['user']['username']);


            $client_id = $cid['client_id'];


        }




@@ -78,8 +78,8 @@




        // Only delete the instance if the status is "installed" or "flawed"


        $check = $app->db->queryOneRecord("SELECT id FROM aps_instances


        WHERE id = ".$app->db->quote($_GET['id'])." AND


        (instance_status = ".INSTANCE_SUCCESS." OR instance_status = ".INSTANCE_ERROR.");");


        WHERE id = ? AND


        (instance_status = ? OR instance_status = ?)", $_GET['id'], INSTANCE_SUCCESS, INSTANCE_ERROR);


        if($check['id'] > 0) $gui->deleteInstance($_GET['id']);


        //echo $app->lng('Installation_remove');


        @header('Location:aps_installedpackages_list.php');




 interface/web/sites/aps_install_package.php


@@ -62,7 +62,7 @@




$adminflag = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false;


$gui = new ApsGUIController($app);


$pkg_id = (isset($_GET['id'])) ? $app->db->quote($_GET['id']) : '';


$pkg_id = (isset($_GET['id'])) ? $_GET['id'] : '';




// Check if a newer version is available for the current package


// Note: It's intended that here is no strict ID check (see below)


@@ -85,9 +85,8 @@


// Get domain list


$domains = array();


$domain_for_user = '';


if(!$adminflag) $domain_for_user = "AND (sys_userid = '".$app->db->quote($_SESSION['s']['user']['userid'])."'


    OR sys_groupid = '".$app->db->quote($_SESSION['s']['user']['default_group'])."' )";


$domains_assoc = $app->db->queryAllRecords("SELECT domain FROM web_domain WHERE document_root != '' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y' ".$domain_for_user." ORDER BY domain;");


if(!$adminflag) $domain_for_user = "AND (sys_userid = ? OR sys_groupid = ?)";


$domains_assoc = $app->db->queryAllRecords("SELECT domain FROM web_domain WHERE document_root != '' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y' ".$domain_for_user." ORDER BY domain", $_SESSION['s']['user']['userid'], $_SESSION['s']['user']['default_group']);


if(!empty($domains_assoc)) foreach($domains_assoc as $domain) $domains[] = $domain['domain'];




    // If data has been submitted, validate it




 interface/web/sites/aps_installedpackages_list.php


@@ -51,7 +51,7 @@


$is_admin = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false;


if(!$is_admin)


{


    $cid = $app->db->queryOneRecord('SELECT client_id FROM client WHERE username = "'.$app->db->quote($_SESSION['s']['user']['username']).'";');


    $cid = $app->db->queryOneRecord('SELECT client_id FROM client WHERE username = ?', $_SESSION['s']['user']['username']);


    //$client_ext = ' AND aps_instances.customer_id = '.$cid['client_id'];


    $client_ext = ' AND '.$app->tform->getAuthSQL('r', 'aps_instances');


}




 interface/web/sites/aps_packagedetails_show.php


@@ -47,7 +47,7 @@


$app->tpl->setVar($wb);




$gui = new ApsGUIController($app);


$pkg_id = (isset($_GET['id'])) ? $app->db->quote($_GET['id']) : '';


$pkg_id = (isset($_GET['id'])) ? $_GET['id'] : '';




// Check if a newer version is available for the current package


// Note: It's intended that here is no strict ID check (see below)




 interface/web/sites/cron_edit.php


@@ -87,7 +87,7 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') {


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_cron, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_cron, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // When the record is updated


            if($this->id > 0) {


@@ -95,7 +95,7 @@


            } else {


                // Check if the user may add another cron job.


                if($client["limit_cron"] >= 0) {


                    $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM cron WHERE sys_groupid = $client_group_id");


                    $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM cron WHERE sys_groupid = ?", $client_group_id);


                    if($tmp["number"] >= $client["limit_cron"]) {


                        $app->error($app->tform->wordbook["limit_cron_txt"]);


                    }


@@ -104,7 +104,7 @@


        }




        // Get the record of the parent domain


        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));


        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);


        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");




        // Set fixed values


@@ -115,7 +115,7 @@


        if(preg_match("'^http(s)?:\/\/'i", $command)) {


            $this->dataRecord["type"] = 'url';


        } else {


            $domain_owner = $app->db->queryOneRecord("SELECT limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($parent_domain["sys_groupid"]));


            $domain_owner = $app->db->queryOneRecord("SELECT limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $parent_domain["sys_groupid"]);


            //* True when the site is assigned to a client


            if(isset($domain_owner["limit_cron_type"])) {


                if($domain_owner["limit_cron_type"] == 'full') {


@@ -140,7 +140,7 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') {


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_cron_frequency, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_cron_frequency, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            if($client["limit_cron_frequency"] > 1) {


                if($app->tform->cron_min_freq < $client["limit_cron_frequency"]) {


@@ -170,7 +170,7 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') {


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_cron_frequency, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_cron_frequency, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            if($client["limit_cron_frequency"] > 1) {


                if($app->tform->cron_min_freq < $client["limit_cron_frequency"]) {


@@ -196,14 +196,14 @@


    function onAfterInsert() {


        global $app, $conf;




        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));


        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);


        $server_id = $web["server_id"];




        // The cron shall be owned by the same group then the website


        $sys_groupid = $app->functions->intval($web['sys_groupid']);




        $sql = "UPDATE cron SET server_id = $server_id, sys_groupid = '$sys_groupid' WHERE id = ".$this->id;


        $app->db->query($sql);


        $sql = "UPDATE cron SET server_id = ?, sys_groupid = ? WHERE id = ?";


        $app->db->query($sql, $server_id, $sys_groupid, $this->id);


    }




    function onAfterUpdate() {




 interface/web/sites/database_edit.php


@@ -79,7 +79,7 @@


            $client = $app->db->queryOneRecord("SELECT db_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Set the webserver to the default server of the client


            $tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ($client[db_servers])");


            $tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ?", explode(',', $client['db_servers']));




            $only_one_server = count($tmp) === 1;


            $app->tpl->setVar('only_one_server', $only_one_server);


@@ -89,7 +89,7 @@


            }




            foreach ($tmp as $db_server) {


                $options_db_servers .= "<option value='$db_server[server_id]'>$db_server[server_name]</option>";


                $options_db_servers .= '<option value="'.$db_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $db_server['server_id'] ? ' selected="selected"' : '').'>'.$db_server['server_name'].'</option>';


            }




            $app->tpl->setVar("server_id", $options_db_servers);


@@ -102,7 +102,7 @@


            $client = $app->db->queryOneRecord("SELECT client.client_id, limit_web_domain, db_servers, contact_name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Set the webserver to the default server of the client


            $tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ($client[db_servers])");


            $tmp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE server_id IN ?", explode(',', $client['db_servers']));




            $only_one_server = count($tmp) === 1;


            $app->tpl->setVar('only_one_server', $only_one_server);


@@ -112,7 +112,7 @@


            }




            foreach ($tmp as $db_server) {


                $options_db_servers .= "<option value='$db_server[server_id]'>$db_server[server_name]</option>";


                $options_db_servers .= '<option value="'.$db_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $db_server['server_id'] ? ' selected="selected"' : '').'>'.$db_server['server_name'].'</option>';


            }




            $app->tpl->setVar("server_id", $options_db_servers);


@@ -168,13 +168,13 @@


    function onSubmit() {


        global $app, $conf;




        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));


        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);


        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");




        if($_SESSION["s"]["user"]["typ"] != 'admin') {


            // Get the limits of the client


            $client_group_id = $_SESSION["s"]["user"]["default_group"];


            $client = $app->db->queryOneRecord("SELECT db_servers, limit_database, limit_database_quota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT db_servers, limit_database, limit_database_quota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.groupid = ?", $client_group_id);




            // When the record is updated


            if($this->id > 0) {


@@ -207,7 +207,7 @@




                if($client['parent_client_id'] > 0) {


                    // Get the limits of the reseller


                    $reseller = $app->db->queryOneRecord("SELECT limit_database, limit_database_quota FROM client WHERE client_id = ".$client['parent_client_id']);


                    $reseller = $app->db->queryOneRecord("SELECT limit_database, limit_database_quota FROM client WHERE client_id = ?", $client['parent_client_id']);




                    //* Check the website quota of the client


                    if ($reseller['limit_database_quota'] >= 0) {


@@ -265,15 +265,15 @@


            }


        } else {


            // check if client of database parent domain is client of db user!


            $web_group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = '".$app->functions->intval($this->dataRecord['parent_domain_id'])."'");


            $web_group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $this->dataRecord['parent_domain_id']);


            if($this->dataRecord['database_user_id']) {


                $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = '".$app->functions->intval($this->dataRecord['database_user_id'])."'");


                $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = ?", $this->dataRecord['database_user_id']);


                if($group['sys_groupid'] != $web_group['sys_groupid']) {


                    $app->error($app->tform->wordbook['database_client_differs_txt']);


                }


            }


            if($this->dataRecord['database_ro_user_id']) {


                $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = '".$app->functions->intval($this->dataRecord['database_ro_user_id'])."'");


                $group = $app->db->queryOneRecord("SELECT sys_groupid FROM web_database_user WHERE database_user_id = ?", $this->dataRecord['database_ro_user_id']);


                if($group['sys_groupid'] != $web_group['sys_groupid']) {


                    $app->error($app->tform->wordbook['database_client_differs_txt']);


                }


@@ -340,11 +340,11 @@


        }




        //* Check for duplicates


        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($this->dataRecord['database_name'])."' AND server_id = '".$app->functions->intval($this->dataRecord["server_id"])."' AND database_id != '".$this->id."'");


        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = ? AND server_id = ? AND database_id != ?", $this->dataRecord['database_name'], $this->dataRecord["server_id"], $this->id);


        if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->lng('database_name_error_unique').'<br />';




        // get the web server ip (parent domain)


        $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = '".$app->functions->intval($this->dataRecord['parent_domain_id'])."'");


        $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->dataRecord['parent_domain_id']);


        if($tmp['server_id'] && $tmp['server_id'] != $this->dataRecord['server_id']) {


            // we need remote access rights for this server, so get it's ip address


            $server_config = $app->getconf->get_server_config($tmp['server_id'], 'server');


@@ -369,7 +369,7 @@


        if ($app->tform->errorMessage == '') {


            // force update of the used database user


            if($this->dataRecord['database_user_id']) {


                $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ' . $app->functions->intval($this->dataRecord['database_user_id']));


                $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_user_id']);


                if($user_old_rec) {


                    $user_new_rec = $user_old_rec;


                    $user_new_rec['server_id'] = $this->dataRecord['server_id'];


@@ -377,7 +377,7 @@


                }


            }


            if($this->dataRecord['database_ro_user_id']) {


                $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ' . $app->functions->intval($this->dataRecord['database_ro_user_id']));


                $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_ro_user_id']);


                if($user_old_rec) {


                    $user_new_rec = $user_old_rec;


                    $user_new_rec['server_id'] = $this->dataRecord['server_id'];


@@ -419,11 +419,11 @@


        }




        //* Check for duplicates


        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($this->dataRecord['database_name'])."' AND server_id = '".$app->functions->intval($this->dataRecord["server_id"])."'");


        $tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = ? AND server_id = ?", $this->dataRecord['database_name'], $this->dataRecord["server_id"]);


        if($tmp['dbnum'] > 0) $app->tform->errorMessage .= $app->tform->lng('database_name_error_unique').'<br />';




        // get the web server ip (parent domain)


        $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = '".$app->functions->intval($this->dataRecord['parent_domain_id'])."'");


        $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->dataRecord['parent_domain_id']);


        if($tmp['server_id'] && $tmp['server_id'] != $this->dataRecord['server_id']) {


            // we need remote access rights for this server, so get it's ip address


            $server_config = $app->getconf->get_server_config($tmp['server_id'], 'server');


@@ -448,7 +448,7 @@


        if ($app->tform->errorMessage == '') {


            // force update of the used database user


            if($this->dataRecord['database_user_id']) {


                $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ' . $app->functions->intval($this->dataRecord['database_user_id']));


                $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_user_id']);


                if($user_old_rec) {


                    $user_new_rec = $user_old_rec;


                    $user_new_rec['server_id'] = $this->dataRecord['server_id'];


@@ -456,7 +456,7 @@


                }


            }


            if($this->dataRecord['database_ro_user_id']) {


                $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ' . $app->functions->intval($this->dataRecord['database_ro_user_id']));


                $user_old_rec = $app->db->queryOneRecord('SELECT * FROM `web_database_user` WHERE `database_user_id` = ?', $this->dataRecord['database_ro_user_id']);


                if($user_old_rec) {


                    $user_new_rec = $user_old_rec;


                    $user_new_rec['server_id'] = $this->dataRecord['server_id'];




 interface/web/sites/database_phpmyadmin.php


@@ -45,14 +45,12 @@


/*


 * Get the data to connect to the database


 */


$dbData = $app->db->queryOneRecord("SELECT server_id, database_name FROM web_database WHERE database_id = " . $databaseId);


$dbData = $app->db->queryOneRecord("SELECT server_id, database_name FROM web_database WHERE database_id = ?", $databaseId);


$serverId = $app->functions->intval($dbData['server_id']);


if ($serverId == 0){


    die ("No DB-Server found!");


}


$serverData = $app->db->queryOneRecord(


    "SELECT server_name FROM server WHERE server_id = " .


    $serverId);


$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $serverId);




$app->uses('getconf');


$global_config = $app->getconf->get_global_config('sites');




 interface/web/sites/database_user_del.php


@@ -55,7 +55,7 @@


        $old_record = $app->tform->getDataRecord($this->id);




        /* we cannot use datalogDelete here, as we need to set server_id to 0 */


        $app->db->query("DELETE FROM `web_database_user` WHERE $index_field = '$index_value'");


        $app->db->query("DELETE FROM `web_database_user` WHERE ?? = ?", $index_field, $index_value);


        $new_rec = array();


        $old_record['server_id'] = 0;


        $app->db->datalogSave('web_database_user', 'DELETE', 'database_user_id', $this->id, $old_record, $new_rec);


@@ -65,14 +65,14 @@


        global $app; $conf;




        //* Update all records that belog to this user


        $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = '".$app->functions->intval($this->id)."'");


        $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = ?", $this->id);


        foreach($records as $rec) {


            $app->db->datalogUpdate('web_database', 'database_user_id=NULL', 'database_id', $rec['database_id']);


            $app->db->datalogUpdate('web_database', array('database_user_id' => null), 'database_id', $rec['database_id']);




        }


        $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($this->id)."'");


        $records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = ?", $this->id);


        foreach($records as $rec) {


            $app->db->datalogUpdate('web_database', 'database_ro_user_id=NULL', 'database_id', $rec['database_id']);


            $app->db->datalogUpdate('web_database', array('database_ro_user_id' => null), 'database_id', $rec['database_id']);


        }


    }






 interface/web/sites/database_user_edit.php


@@ -66,12 +66,12 @@


        if ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT client.company_name, client.contact_name, client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            // Fill the client select field


            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";


            $records = $app->db->queryAllRecords($sql);


            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));


            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";


            $records = $app->db->queryAllRecords($sql, $client['client_id']);


            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);


            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contact_name'].'</option>';


            //$tmp_data_record = $app->tform->getDataRecord($this->id);


            if(is_array($records)) {


@@ -128,7 +128,7 @@


        $global_config = $app->getconf->get_global_config('sites');


        $dbuser_prefix = $app->tools_sites->replacePrefix($global_config['dbuser_prefix'], $this->dataRecord);




        $this->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = '".$this->id."'");


        $this->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = ?", $this->id);




        $dbuser_prefix = $app->tools_sites->getPrefix($this->oldDataRecord['database_user_prefix'], $dbuser_prefix);


        $this->dataRecord['database_user_prefix'] = $dbuser_prefix;


@@ -200,11 +200,11 @@




        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);


            $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);


        }


        if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);


            $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);


        }


    }




@@ -213,24 +213,12 @@




        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);


            $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);


        }


        if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);


            $app->db->query("UPDATE web_database_user SET sys_groupid = ?, sys_perm_group = 'riud' WHERE database_user_id = ?", $client_group_id, $this->id);


        }




        /*$password = $app->db->queryOneRecord("SELECT database_password FROM web_database_user WHERE database_user_id = ".$this->id);




        $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".$app->functions->intval($this->id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($this->id)."'");


        foreach($records as $rec) {


            $new_rec = $this->dataRecord;


            $new_rec['server_id'] = $rec['server_id'];


            // Make sure to store the password in encrypted form in sys_datalog


            $new_rec['database_password'] = $password['database_password'];


            $app->db->datalogSave('web_database_user', 'UPDATE', 'database_user_id', $this->id, $this->oldDataRecord, $new_rec);


        }


        unset($new_rec);*/


    }




}




 interface/web/sites/form/web_childdomain.tform.php


@@ -58,7 +58,7 @@


$form["auth_preset"]["perm_other"] = ''; //r = read, i = insert, u = update, d = delete




$form["tabs"]['domain'] = array (


    'title'  => "Domain",


    'title'  => ($childdomain_type == 'aliasdomain'? 'Aliasdomain' : 'Subdomain'),


    'width'  => 100,


    'template'  => "templates/web_childdomain_edit.htm",


    'fields'  => array (




 interface/web/sites/form/web_vhost_domain.tform.php


@@ -41,16 +41,19 @@


$vhostdomain_type = 'domain';


$form_title = "Web Domain";


$validator_function = 'web_domain';


$first_tab_title = "Domain";




if(isset($_SESSION['s']['var']['vhostdomain_type'])) {


    if($_SESSION['s']['var']['vhostdomain_type'] == 'subdomain') {


        $vhostdomain_type = 'subdomain';


        $form_title = "Subdomain";


        $validator_function = 'sub_domain';


        $first_tab_title = "Subomain";


    } elseif($_SESSION['s']['var']['vhostdomain_type'] == 'aliasdomain') {


        $vhostdomain_type = 'aliasdomain';


        $form_title = "Aliasdomain";


        $validator_function = 'alias_domain';


        $first_tab_title = "Aliasomain";


    }


}




@@ -85,7 +88,7 @@


$backup_available = ($vhostdomain_type == 'domain');


if(!$app->auth->is_admin()) {


    $client_group_id = $_SESSION["s"]["user"]["default_group"];


    $client = $app->db->queryOneRecord("SELECT limit_wildcard, limit_ssl, limit_backup FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


    $client = $app->db->queryOneRecord("SELECT limit_wildcard, limit_ssl, limit_backup FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




    if($client['limit_wildcard'] != 'y') $wildcard_available = false;


    if($client['limit_ssl'] != 'y') $ssl_available = false;


@@ -96,7 +99,7 @@


$web_config = $app->getconf->get_global_config('sites');




$form["tabs"]['domain'] = array (


    'title'  => "Domain",


    'title'  => $first_tab_title,


    'width'  => 100,


    'template'  => "templates/web_vhost_domain_edit.htm",


    'readonly' => $web_domain_edit_readonly,




 interface/web/sites/ftp_user_edit.php


@@ -96,11 +96,11 @@




        // Get the record of the parent domain


        if(isset($this->dataRecord["parent_domain_id"])) {


            $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));


            $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);


            if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");


        } else {


            $tmp = $app->tform->getDataRecord($this->id);


            $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval($tmp["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));


            $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), $tmp["parent_domain_id"]);


            if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");


            unset($tmp);


        }


@@ -137,11 +137,11 @@


    function onAfterInsert() {


        global $app, $conf;




        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));


        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);


        $server_id = $app->functions->intval($web["server_id"]);


        $dir = $app->db->quote($web["document_root"]);


        $uid = $app->db->quote($web["system_user"]);


        $gid = $app->db->quote($web["system_group"]);


        $dir = $web["document_root"];


        $uid = $web["system_user"];


        $gid = $web["system_group"];


        


        // Check system user and group


        if($app->functions->is_allowed_user($uid) == false || $app->functions->is_allowed_group($gid) == false) {


@@ -151,8 +151,8 @@


        // The FTP user shall be owned by the same group then the website


        $sys_groupid = $app->functions->intval($web['sys_groupid']);




        $sql = "UPDATE ftp_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid', sys_groupid = '$sys_groupid' WHERE ftp_user_id = ".$this->id;


        $app->db->query($sql);


        $sql = "UPDATE ftp_user SET server_id = ?, dir = ?, uid = ?, gid = ?, sys_groupid = ? WHERE ftp_user_id = ?";


        $app->db->query($sql, $server_id, $dir, $uid, $gid, $sys_groupid, $this->id);


    }




    function onBeforeUpdate() {


@@ -181,17 +181,17 @@




        //* When the site of the FTP user has been changed


        if(isset($this->dataRecord['parent_domain_id']) && $this->oldDataRecord['parent_domain_id'] != $this->dataRecord['parent_domain_id']) {


            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));


            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);


            $server_id = $app->functions->intval($web["server_id"]);


            $dir = $app->db->quote($web["document_root"]);


            $uid = $app->db->quote($web["system_user"]);


            $gid = $app->db->quote($web["system_group"]);


            $dir = $web["document_root"];


            $uid = $web["system_user"];


            $gid = $web["system_group"];




            // The FTP user shall be owned by the same group then the website


            $sys_groupid = $app->functions->intval($web['sys_groupid']);




            $sql = "UPDATE ftp_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid', sys_groupid = '$sys_groupid' WHERE ftp_user_id = ".$this->id;


            $app->db->query($sql);


            $sql = "UPDATE ftp_user SET server_id = ?, dir = ?, uid = ?, gid = ?, sys_groupid = ? WHERE ftp_user_id = ?";


            $app->db->query($sql, $server_id, $dir, $uid, $gid, $sys_groupid, $this->id);


        }




        //* 2. check to ensure that the FTP user path is not changed to a path outside of the docroot by a normal user


@@ -201,11 +201,11 @@


            //* This check should normally never be triggered


            //* Set the path to a safe path (web doc root).


            if($error_message != '') {


                $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = '".$app->db->quote($app->tform->primary_id)."'");


                $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($ftp_data["parent_domain_id"]));


                $dir = $app->db->quote($web["document_root"]);


                $sql = "UPDATE ftp_user SET dir = '$dir' WHERE ftp_user_id = ".$this->id;


                $app->db->query($sql);


                $ftp_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM ftp_user WHERE ftp_user_id = ?", $app->tform->primary_id);


                $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $ftp_data["parent_domain_id"]);


                $dir = $web["document_root"];


                $sql = "UPDATE ftp_user SET dir = ? WHERE ftp_user_id = ?";


                $app->db->query($sql, $dir, $this->id);


                $app->log("Error in FTP path settings of FTP user ".$this->dataRecord['username'], 1);


            }






 interface/web/sites/lib/module.conf.php


@@ -7,6 +7,7 @@


$module["template"]  = "module.tpl.htm";


$module["startpage"]  = "sites/web_vhost_domain_list.php";


$module["tab_width"]    = '';


$module['order']    = '30';




// Websites menu


$items=array();


@@ -96,10 +97,24 @@




if($app->auth->get_client_limit($userid, 'webdav_user') != 0)


{


    $items[] = array(   'title'  => "Webdav-User",


        'target'  => 'content',


        'link' => 'sites/webdav_user_list.php',


        'html_id'   => 'webdav_user_list');


    $apache_in_use = false;


    $servers = $app->db->queryAllRecords("SELECT * FROM server WHERE web_server = 1 AND active = 1");


    if(is_array($servers) && !empty($servers)){


        foreach($servers as $server){


            $tmp_web_config = $app->getconf->get_server_config($server['server_id'], 'web');


            if(strtolower($tmp_web_config['server_type']) == 'apache'){


                $apache_in_use = true;


                break;


            }


        }


    }




    if($apache_in_use == true){


        $items[] = array(   'title'  => "Webdav-User",


            'target'  => 'content',


            'link' => 'sites/webdav_user_list.php',


            'html_id'   => 'webdav_user_list');


    }


}




$items[] = array(   'title'     => "Folder",




 interface/web/sites/list/cron.list.php


@@ -55,7 +55,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",




 interface/web/sites/list/database.list.php


@@ -59,7 +59,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));




$liste["item"][] = array( 'field'  => "remote_access",


    'datatype' => "VARCHAR",


@@ -68,7 +68,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));




$liste["item"][] = array( 'field'  => "type",


    'datatype' => "VARCHAR",


@@ -91,7 +91,8 @@


        'prefix' => "",


        'suffix' => "",


        'datasource' => array (  'type' => 'SQL',


            'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',


            //'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',


            'querystring' => "SELECT sys_group.groupid,CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), IF(client.contact_firstname != '', CONCAT(client.contact_firstname, ' '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as name FROM sys_group, client WHERE sys_group.groupid != 1 AND sys_group.client_id = client.client_id ORDER BY client.company_name, client.contact_name",


            'keyfield'=> 'groupid',


            'valuefield'=> 'name'


        ),




 interface/web/sites/list/ftp_user.list.php


@@ -55,7 +55,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",




 interface/web/sites/list/shell_user.list.php


@@ -55,7 +55,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",




 interface/web/sites/list/web_childdomain.list.php


@@ -55,7 +55,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",




 interface/web/sites/list/web_folder.list.php


@@ -55,7 +55,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",




 interface/web/sites/list/web_folder_user.list.php


@@ -57,7 +57,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "web_folder_id",




 interface/web/sites/list/web_vhost_domain.list.php


@@ -78,7 +78,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));




if($_SESSION['s']['user']['typ'] == 'admin' && $vhostdomain_type == 'domain') {


    $liste["item"][] = array( 'field'  => "sys_groupid",


@@ -88,7 +88,8 @@


        'prefix' => "",


        'suffix' => "",


        'datasource' => array (  'type' => 'SQL',


            'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',


            //'querystring' => 'SELECT groupid, name FROM sys_group WHERE groupid != 1 ORDER BY name',


            'querystring' => "SELECT sys_group.groupid,CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), IF(client.contact_firstname != '', CONCAT(client.contact_firstname, ' '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as name FROM sys_group, client WHERE sys_group.groupid != 1 AND sys_group.client_id = client.client_id ORDER BY client.company_name, client.contact_name",


            'keyfield'=> 'groupid',


            'valuefield'=> 'name'


        ),




 interface/web/sites/list/webdav_user.list.php


@@ -55,7 +55,7 @@


    'prefix' => "",


    'suffix' => "",


    'width'  => "",


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>Yes</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>No</span></div>"));


    'value'  => array('y' => "<div id=\"ir-Yes\" class=\"swap\"><span>".$app->lng('Yes')."</span></div>", 'n' => "<div class=\"swap\" id=\"ir-No\"><span>".$app->lng('No')."</span></div>"));






$liste["item"][] = array( 'field'  => "server_id",




 interface/web/sites/shell_user_edit.php


@@ -103,14 +103,12 @@


        global $app, $conf;




        // Get the record of the parent domain


        //$parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));


        //if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");


        if(isset($this->dataRecord["parent_domain_id"])) {


            $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));


            $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);


            if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");


        } else {


            $tmp = $app->tform->getDataRecord($this->id);


            $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval($tmp["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));


            $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), $tmp["parent_domain_id"]);


            if(!$parent_domain) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");


            unset($tmp);


        }


@@ -163,12 +161,12 @@


    function onAfterInsert() {


        global $app, $conf;




        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));


        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);




        $server_id = $app->functions->intval($web["server_id"]);


        $dir = $app->db->quote($web["document_root"]);


        $uid = $app->db->quote($web["system_user"]);


        $gid = $app->db->quote($web["system_group"]);


        $dir = $web["document_root"];


        $uid = $web["system_user"];


        $gid = $web["system_group"];


        


        // Check system user and group


        if($app->functions->is_allowed_user($uid) == false || $app->functions->is_allowed_group($gid) == false) {


@@ -178,8 +176,8 @@


        // The FTP user shall be owned by the same group then the website


        $sys_groupid = $app->functions->intval($web['sys_groupid']);




        $sql = "UPDATE shell_user SET server_id = $server_id, dir = '$dir', puser = '$uid', pgroup = '$gid', sys_groupid = '$sys_groupid' WHERE shell_user_id = ".$this->id;


        $app->db->query($sql);


        $sql = "UPDATE shell_user SET server_id = ?, dir = ?, puser = ?, pgroup = ?, sys_groupid = ? WHERE shell_user_id = ?";


        $app->db->query($sql, $server_id, $dir, $uid, $gid, $sys_groupid, $this->id);




    }






 interface/web/sites/templates/cron_list.htm


@@ -56,7 +56,7 @@


                            <td><a href="#" data-load-content="sites/cron_edit.php?id={tmpl_var name='id'}">{tmpl_var name="command"}</a></td>


                            <td class="text-right">


                                <div class="buttons icons16">    


                                    <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/cron_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                    <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/cron_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                                </div>


                            </td>


                        </tr>




 interface/web/sites/templates/database_admin_list.htm


@@ -52,22 +52,22 @@


                            <td><a href="#" data-load-content="sites/database_edit.php?id={tmpl_var name='id'}">{tmpl_var name="database_name"}</a></td>


                            <td class="text-right">


                                <tmpl_if name="dblist_phpmyadmin_link">


                                    <a class="btn btn-default formbutton-default formbutton-narrow" href="sites/database_phpmyadmin.php?id={tmpl_var name='id'}" target="phpmyadmin"><span class="icon icon-dbadmin"></span></button>


                                    <a class="btn btn-default formbutton-default formbutton-narrow" href="sites/database_phpmyadmin.php?id={tmpl_var name='id'}" target="phpmyadmin"><span class="icon icon-dbadmin"></span></a>


                                </tmpl_if>


                                <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_del.php?id={tmpl_var name='id'}&amp;phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></a>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_del.php?id={tmpl_var name='id'}&amp;phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>


                    <tmpl_unless name="records">


                        <tr class="tbl_row_noresults tbl_row_<tmpl_if name='__EVEN__'}even<tmpl_else>uneven</tmpl_if>">


                            <td colspan="8">{tmpl_var name='globalsearch_noresults_text_txt'}</td>


                            <td colspan="9">{tmpl_var name='globalsearch_noresults_text_txt'}</td>


                        </tr>


                    </tmpl_unless>


                </tbody>


                <tfoot>


                    <tr>


                        <td colspan="8"><tmpl_var name="paging"></td>


                        <td colspan="9"><tmpl_var name="paging"></td>


                    </tr>


                </tfoot>


            </table>




 interface/web/sites/templates/database_list.htm


@@ -66,22 +66,22 @@


                            <td><a href="#" data-load-content="sites/database_edit.php?id={tmpl_var name='id'}">{tmpl_var name="database_name"}</a></td>


                            <td class="text-right">


                                <tmpl_if name="dblist_phpmyadmin_link">


                                    <a class="btn btn-default formbutton-default formbutton-narrow" href="sites/database_phpmyadmin.php?id={tmpl_var name='id'}" target="phpmyadmin"><span class="icon icon-dbadmin"></span></button>


                                    <a class="btn btn-default formbutton-default formbutton-narrow" href="sites/database_phpmyadmin.php?id={tmpl_var name='id'}" target="phpmyadmin"><span class="icon icon-dbadmin"></span></a>


                                </tmpl_if>


                                <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_del.php?id={tmpl_var name='id'}&amp;phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></a>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_del.php?id={tmpl_var name='id'}&amp;phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>


                    <tmpl_unless name="records">


                        <tr class="tbl_row_noresults tbl_row_<tmpl_if name='__EVEN__'}even<tmpl_else>uneven</tmpl_if>">


                            <td colspan="7">{tmpl_var name='globalsearch_noresults_text_txt'}</td>


                            <td colspan="8">{tmpl_var name='globalsearch_noresults_text_txt'}</td>


                        </tr>


                    </tmpl_unless>


                </tbody>


                <tfoot>


                    <tr>


                        <td colspan="7"><tmpl_var name="paging"></td>


                        <td colspan="8"><tmpl_var name="paging"></td>


                    </tr>


                </tfoot>


            </table>




 interface/web/sites/templates/database_user_admin_list.htm


@@ -29,8 +29,8 @@


                        <tr>


                            <td><a href="#" data-load-content="sites/database_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="database_user"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_user_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_user_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></a>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/sites/templates/database_user_list.htm


@@ -45,8 +45,8 @@


                        <tr>


                            <td><a href="#" data-load-content="sites/database_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="database_user"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_user_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="sites/database_user_edit.php?id={tmpl_var name='id'}"><span class="icon icon-edit"></span></a>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/database_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/sites/templates/shell_user_list.htm


@@ -56,7 +56,7 @@


                            <td><a href="#" data-load-content="sites/shell_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="parent_domain_id"}</a></td>


                            <td><a href="#" data-load-content="sites/shell_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="username"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/shell_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/shell_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/sites/templates/web_backup_list.htm


@@ -2,7 +2,7 @@


    <div id="OKMsg"><p><tmpl_var name="msg"></p></div>


</tmpl_if>


<tmpl_if name="error">


    <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>


    <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>


</tmpl_if>


<h3><tmpl_var name="list_head_txt"></h3>




@@ -28,9 +28,9 @@


                            <td>{tmpl_var name="filesize"}</td>


                            <td class="text-right">


                                <div class="buttons">


                                    <button class="btn btn-default formbutton-default" type="button" onclick="ISPConfig.confirm_action('sites/web_domain_edit.php?id={tmpl_var name='parent_id'}&next_tab=backup&backup_action=restore&backup_id={tmpl_var name='backup_id'}','{tmpl_var name='restore_confirm_txt'}');">{tmpl_var name="restore_backup_txt"}</button>


                                    <button class="btn btn-default formbutton-default" type="button" onclick="ISPConfig.confirm_action('sites/web_vhost_domain_edit.php?id={tmpl_var name='parent_id'}&next_tab=backup&backup_action=restore&backup_id={tmpl_var name='backup_id'}','{tmpl_var name='restore_confirm_txt'}');">{tmpl_var name="restore_backup_txt"}</button>


                                    <tmpl_if name="download_available">


                                        <button class="btn btn-default formbutton-default" type="button" data-load-content="sites/web_domain_edit.php?id={tmpl_var name='parent_id'}&next_tab=backup&backup_action=download&backup_id={tmpl_var name='backup_id'}">{tmpl_var name="download_backup_txt"}</button>


                                        <button class="btn btn-default formbutton-default" type="button" data-load-content="sites/web_vhost_domain_edit.php?id={tmpl_var name='parent_id'}&next_tab=backup&backup_action=download&backup_id={tmpl_var name='backup_id'}">{tmpl_var name="download_backup_txt"}</button>


                                    </tmpl_if>


                                </div>


                            </td>




 interface/web/sites/templates/web_childdomain_list.htm


@@ -1,5 +1,5 @@


<div class='page-header'>


    <h1><tmpl_var name="list_head_txt"></h1>


    <h1><tmpl_if name='childdomain_type' op='==' value='aliasdomain'><tmpl_var name="aliasdomain_list_head_txt"></tmpl_else><tmpl_var name="subdomain_list_head_txt"></tmpl_if></h1>


</div>


<p><tmpl_var name="list_desc_txt"></p>




@@ -22,7 +22,7 @@


        </tmpl_if>


        <p class="fieldset-legend">{tmpl_var name="toolsarea_head_txt"}</p>


            


                <button class="btn btn-default formbutton-success" type="button" data-load-content="sites/web_childdomain_edit.php?type={tmpl_var name='childdomain_type'}">{tmpl_var name="add_new_record_txt"}</button>


                <button class="btn btn-default formbutton-success" type="button" data-load-content="sites/web_childdomain_edit.php?type={tmpl_var name='childdomain_type'}"><tmpl_if name='childdomain_type' op='==' value='aliasdomain'>{tmpl_var name="add_new_aliasdomain_txt"}</tmpl_else>{tmpl_var name="add_new_subdomain_txt"}</tmpl_if></button>


            


        




@@ -35,7 +35,7 @@


                        <th class="tiny-col" data-column="active"><tmpl_var name="active_txt"></th>


                        <th data-column="server_id"><tmpl_var name="server_id_txt"></th>


                        <th data-column="parent_domain_id"><tmpl_var name="parent_domain_id_txt"></th>


                        <th data-column="domain"><tmpl_var name="domain_txt"></th>


                        <th data-column="domain"><tmpl_if name='childdomain_type' op='==' value='aliasdomain'>{tmpl_var name="aliasdomain_txt"}</tmpl_else>{tmpl_var name="subdomain_txt"}</tmpl_if></th>


                        <th class="small-col text-right">{tmpl_var name='search_limit'}</th>


                    </tr>


                    <tr>


@@ -56,7 +56,7 @@


                            <td><a href="#" data-load-content="sites/web_childdomain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="parent_domain_id"}</a></td>


                            <td><a href="#" data-load-content="sites/web_childdomain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="domain"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_childdomain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_childdomain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/sites/templates/web_folder_list.htm


@@ -55,7 +55,7 @@


                        <td><a href="#" data-load-content="sites/web_folder_edit.php?id={tmpl_var name='id'}">{tmpl_var name="parent_domain_id"}</a></td>


                        <td><a href="#" data-load-content="sites/web_folder_edit.php?id={tmpl_var name='id'}">{tmpl_var name="path"}</a></td>


                        <td class="text-right">


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_folder_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_folder_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                    </tr>


                </tmpl_loop>




 interface/web/sites/templates/web_folder_user_list.htm


@@ -52,7 +52,7 @@


                        <td><a href="#" data-load-content="sites/web_folder_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="web_folder_id"}</a></td>


                        <td><a href="#" data-load-content="sites/web_folder_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="username"}</a></td>


                        <td class="text-right">


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_folder_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_folder_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                    </tr>


                </tmpl_loop>




 interface/web/sites/templates/web_vhost_domain_admin_list.htm


@@ -1,11 +1,11 @@


<div class='page-header'>


    <h1><tmpl_var name="list_head_txt"></h1>


    <h1><tmpl_if name='vhostdomain_type' op='==' value='domain'>{tmpl_var name="domain_list_head_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='subdomain'>{tmpl_var name="subdomain_list_head_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='aliasdomain'>{tmpl_var name="aliasdomain_list_head_txt"}</tmpl_if></h1>


</div>






        <p class="fieldset-legend">{tmpl_var name="toolsarea_head_txt"}</p>


            


                <button class="btn btn-default formbutton-success" type="button" data-load-content="sites/web_vhost_domain_edit.php?type={tmpl_var name='vhostdomain_type'}">{tmpl_var name="add_new_record_txt"}</button>


                <button class="btn btn-default formbutton-success" type="button" data-load-content="sites/web_vhost_domain_edit.php?type={tmpl_var name='vhostdomain_type'}"><tmpl_if name='vhostdomain_type' op='==' value='domain'>{tmpl_var name="add_new_record_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='subdomain'>{tmpl_var name="add_new_subdomain_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='aliasdomain'>{tmpl_var name="add_new_aliasdomain_txt"}</tmpl_if></button>


            


        




@@ -20,7 +20,7 @@


                    <th data-column="sys_groupid"><tmpl_var name="sys_groupid_txt"></th>


                    <th data-column="server_id"><tmpl_var name="server_id_txt"></th>


                    <tmpl_if name="vhostdomain_type" op="!=" value="domain"><th data-column="parent_domain_id"><tmpl_var name="parent_domain_id_txt"></th></tmpl_if>


                    <th data-column="domain"><tmpl_var name="domain_txt"></th>


                    <th data-column="domain"><tmpl_if name='vhostdomain_type' op='==' value='domain'>{tmpl_var name="domain_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='subdomain'>{tmpl_var name="subdomain_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='aliasdomain'>{tmpl_var name="aliasdomain_txt"}</tmpl_if></th>


                    <th class="small-col text-right">{tmpl_var name='search_limit'}</th>


                </tr>


                <tr>


@@ -45,8 +45,8 @@


                        <tmpl_if name="vhostdomain_type" op="!=" value="domain"><td><a href="#" data-load-content="sites/web_vhost_aliasdomain_edit.php?id={tmpl_var name='id'}">{tmpl_var name="parent_domain_id"}</a></td></tmpl_if>


                        <td><a href="#" data-load-content="sites/web_vhost_domain_edit.php?id={tmpl_var name='id'}&type={tmpl_var name='vhostdomain_type'}">{tmpl_var name="domain"}</a></td>


                        <td class="text-right">


                            <a href="http://{tmpl_var name="domain"}" target="_blank" class="btn btn-default formbutton-default formbutton-narrow"><span class="icon icon-link"></span></button>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_vhost_domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                            <a href="http://{tmpl_var name="domain"}" target="_blank" class="btn btn-default formbutton-default formbutton-narrow"><span class="icon icon-link"></span></a>


                            <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/web_vhost_domain_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                        </td>


                    </tr>


                </tmpl_loop>




 interface/web/sites/templates/web_vhost_domain_edit.htm


@@ -274,6 +274,8 @@


    jQuery('#parent_domain_id').change(function() {


        reloadServerId(false);


    });


    // new Vhostsubdomains/Vhostaliasdomains


    if(serverId == '') jQuery('#parent_domain_id').trigger('change');


    


    function reloadServerId(noFormChange) {


        var parentWebId = jQuery('#parent_domain_id').val();


@@ -331,22 +333,44 @@


    }


        


    function reloadWebIP() {


        ISPConfig.loadOptionInto('ip_address','sites/ajax_get_ip.php?ip_type=IPv4&server_id='+serverId+'&client_group_id='+clientGroupId);


        ISPConfig.loadOptionInto('ipv6_address','sites/ajax_get_ip.php?ip_type=IPv6&server_id='+serverId+'&client_group_id='+clientGroupId);


        ISPConfig.loadOptionInto('ip_address','sites/ajax_get_ip.php?ip_type=IPv4&server_id='+serverId+'&client_group_id='+clientGroupId<tmpl_if name="use_combobox" value="y">, rerenderSelect2</tmpl_if>);


        ISPConfig.loadOptionInto('ipv6_address','sites/ajax_get_ip.php?ip_type=IPv6&server_id='+serverId+'&client_group_id='+clientGroupId<tmpl_if name="use_combobox" value="y">, rerenderSelect2</tmpl_if>);


        <tmpl_if name="use_combobox" value="y">


        //$('#ip_address').add('#ipv6_address').select2();


        </tmpl_if>


    }


	


    function rerenderSelect2(elem) {


        $('#'+elem).select2();


    }


        


    function reloadFastcgiPHPVersions(noFormChange) {


        jQuery.getJSON('sites/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), {server_id : serverId, php_type : jQuery('#php').val(), type : "getphpfastcgi", client_group_id : clientGroupId}, function(data) {


            var options = '<option value="">Default</option>';


            //var options = '<option value="">Default</option>';


            var options = '';


            var phpfastcgiselected = '';


            $.each(data, function(key, val) {


                <tmpl_if name="id">


                if($('#fastcgi_php_version').val() == key){


                    phpfastcgiselected = ' selected="selected"';


                } else {


                    phpfastcgiselected = '';


                }


                </tmpl_else>


                    phpfastcgiselected = '';


                </tmpl_if>


                options += '<option value="'+key+'"'+phpfastcgiselected+'>'+val+'</option>';


            });


            <tmpl_if name="id">


            if($('#fastcgi_php_version').val() == ''){


                phpfastcgiselected = ' selected="selected"';


            } else {


                phpfastcgiselected = '';


            }


            </tmpl_else>


                phpfastcgiselected = '';


            </tmpl_if>


            options += '<option value=""'+phpfastcgiselected+'>{tmpl_var name="default_php_txt"}</option>';


            $('#fastcgi_php_version').html(options).change();


            if(noFormChange) ISPConfig.resetFormChanged();


        });




 interface/web/sites/templates/web_vhost_domain_list.htm


@@ -1,5 +1,5 @@


<div class='page-header'>


    <h1><tmpl_var name="list_head_txt"></h1>


    <h1><tmpl_if name='vhostdomain_type' op='==' value='domain'>{tmpl_var name="domain_list_head_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='subdomain'>{tmpl_var name="subdomain_list_head_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='aliasdomain'>{tmpl_var name="aliasdomain_list_head_txt"}</tmpl_if></h1>


</div>


<p><tmpl_var name="list_desc_txt"></p>




@@ -22,7 +22,7 @@


        </tmpl_if>


        <p class="fieldset-legend">{tmpl_var name="toolsarea_head_txt"}</p>


            


                <button class="btn btn-default formbutton-success" type="button" data-load-content="sites/web_vhost_domain_edit.php?type={tmpl_var name='vhostdomain_type'}">{tmpl_var name="add_new_record_txt"}</button>


                <button class="btn btn-default formbutton-success" type="button" data-load-content="sites/web_vhost_domain_edit.php?type={tmpl_var name='vhostdomain_type'}"><tmpl_if name='vhostdomain_type' op='==' value='domain'>{tmpl_var name="add_new_record_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='subdomain'>{tmpl_var name="add_new_subdomain_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='aliasdomain'>{tmpl_var name="add_new_aliasdomain_txt"}</tmpl_if></button>


            


        




@@ -36,7 +36,7 @@


                    <th class="tiny-col" data-column="active"><tmpl_var name="active_txt"></th>


                    <th data-column="server_id"><tmpl_var name="server_id_txt"></th>


                    <tmpl_if name="vhostdomain_type" op="!=" value="domain"><th data-column="parent_domain_id"><tmpl_var name="parent_domain_id_txt"></th></tmpl_if>


                    <th data-column="domain"><tmpl_var name="domain_txt"></th>


                    <th data-column="domain"><tmpl_if name='vhostdomain_type' op='==' value='domain'>{tmpl_var name="domain_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='subdomain'>{tmpl_var name="subdomain_txt"}</tmpl_if><tmpl_if name='vhostdomain_type' op='==' value='aliasdomain'>{tmpl_var name="aliasdomain_txt"}</tmpl_if></th>


                    <th class="small-col text-right">{tmpl_var name='search_limit'}</th>


                </tr>


                <tr>




 interface/web/sites/templates/web_vhost_domain_ssl.htm


@@ -91,7 +91,7 @@




    $('#reset_data').click(function(){


        $('#ssl_organisation').add('#ssl_locality').add('#ssl_state').add('#ssl_organisation_unit').val('');


        $('#ssl_country').val($("#ssl_country option:first").val());


        $('#ssl_country').val($("#ssl_country option:first").val()).trigger('change');


    });


    $('#load_data').click(function(){


        loadClientData();


@@ -104,7 +104,7 @@


        jQuery.getJSON('sites/ajax_get_json.php'+ '?' + Math.round(new Date().getTime()), {'web_id': web_id, 'type': "getclientssldata"}, function(data) {


            $('#ssl_organisation').val(data['company_name']);


            $('#ssl_locality').val(data['city']);


            $('#ssl_country').val(data['country']);


            $('#ssl_country').val(data['country']).trigger('change');


            $('#ssl_state').val(data['state']);


            $('#ssl_organisation_unit').val('IT');


        });




 interface/web/sites/templates/webdav_user_list.htm


@@ -56,7 +56,7 @@


                            <td><a href="#" data-load-content="sites/webdav_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="parent_domain_id"}</a></td>


                            <td><a href="#" data-load-content="sites/webdav_user_edit.php?id={tmpl_var name='id'}">{tmpl_var name="username"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/webdav_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('sites/webdav_user_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/sites/user_quota_stats.php


@@ -19,8 +19,6 @@




$app->load('listform_actions');




// $tmp_rec = $app->db->queryOneRecord("SELECT data from monitor_data WHERE type = 'harddisk_quota' ORDER BY created DESC");


// $monitor_data = unserialize($app->db->unquote($tmp_rec['data']));


$tmp_rec =  $app->db->queryAllRecords("SELECT data from monitor_data WHERE type = 'harddisk_quota' ORDER BY created DESC");


$monitor_data = array();


if(is_array($tmp_rec)) {


@@ -43,7 +41,7 @@


        $rec['bgcolor'] = $this->DataRowColor;


        $username = $rec['system_user'];




        $server = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$rec['server_id']);


        $server = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $rec['server_id']);


        $rec['domain'] = $rec['domain'].($server['server_name'] != '' ? ' ('.$server['server_name'].')' : '');


        


        $rec['used'] = $monitor_data['user'][$username]['used'];




 interface/web/sites/web_childdomain_edit.php


@@ -136,7 +136,7 @@


        } else {


            if($this->_childdomain_type == 'subdomain') {


                // Get the record of the parent domain


                $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));


                $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ?", @$this->dataRecord["parent_domain_id"]);




                // remove the parent domain part of the domain name before we show it in the text field.


                $this->dataRecord["domain"] = str_replace('.'.$parent_domain["domain"], '', $this->dataRecord["domain"]);


@@ -168,13 +168,13 @@


        


        // Get the record of the parent domain


        if(!@$this->dataRecord["parent_domain_id"] && $this->id) {


            $tmp = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));


            $tmp = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_domain WHERE domain_id = ?", $this->id);


            if($tmp) $this->dataRecord["parent_domain_id"] = $tmp['parent_domain_id'];


            unset($tmp);


        }




        // Get the record of the parent domain


        $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));


        $parent_domain = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);


        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");


        /* check if the domain module is used - and check if the selected domain can be used! */


        $app->uses('ini_parser,getconf');


@@ -236,7 +236,7 @@




            //* Update the old website, so that the vhost alias gets removed


            //* We force the update by inserting a transaction record without changes manually.


            $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$app->functions->intval($this->oldDataRecord['domain_id']));


            $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = ?', $this->oldDataRecord['domain_id']);


            $app->db->datalogSave('web_domain', 'UPDATE', 'domain_id', $app->functions->intval($this->oldDataRecord['parent_domain_id']), $old_website, $old_website, true);


        }






 interface/web/sites/web_folder_del.php


@@ -56,7 +56,7 @@


        if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));




        // Delete all users that belong to this folder.


        $records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$app->functions->intval($this->id)."'");


        $records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = ?", $this->id);


        foreach($records as $rec) {


            $app->db->datalogDelete('web_folder_user', 'web_folder_user_id', $rec['web_folder_user_id']);


        }




 interface/web/sites/web_folder_edit.php


@@ -55,7 +55,7 @@


        global $app, $conf;




        // Get the record of the parent domain


        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));


        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);


        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");




        // Set a few fixed values


@@ -63,9 +63,9 @@


        


        // make sure this folder isn't protected already


        if($this->id > 0){


            $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE parent_domain_id = ".$this->dataRecord['parent_domain_id']." AND path = '".$this->dataRecord['path']."' AND web_folder_id != ".$this->id);


            $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE parent_domain_id = ? AND path = ? AND web_folder_id != ?", $this->dataRecord['parent_domain_id'], $this->dataRecord['path'], $this->id);


        } else {


            $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE parent_domain_id = ".$this->dataRecord['parent_domain_id']." AND path = '".$this->dataRecord['path']."'");


            $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE parent_domain_id = ? AND path = ?", $this->dataRecord['parent_domain_id'], $this->dataRecord['path']);


        }


        if(is_array($folder) && !empty($folder)) $app->tform->errorMessage .= $app->tform->lng('error_folder_already_protected_txt');




@@ -75,13 +75,13 @@


    function onAfterInsert() {


        global $app, $conf;




        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));


        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);




        // The web folder entry shall be owned by the same group as the website


        $sys_groupid = $app->functions->intval($web['sys_groupid']);




        $sql = "UPDATE web_folder SET sys_groupid = '$sys_groupid' WHERE web_folder_id = ".$this->id;


        $app->db->query($sql);


        $sql = "UPDATE web_folder SET sys_groupid = ? WHERE web_folder_id = ?";


        $app->db->query($sql, $sys_groupid, $this->id);


    }


    


    function onAfterUpdate() {


@@ -89,13 +89,13 @@




        //* When the site of the web folder has been changed


        if(isset($this->dataRecord['parent_domain_id']) && $this->oldDataRecord['parent_domain_id'] != $this->dataRecord['parent_domain_id']) {


            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));


            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);




            // The web folder entry shall be owned by the same group as the website


            $sys_groupid = $app->functions->intval($web['sys_groupid']);




            $sql = "UPDATE web_folder SET sys_groupid = '$sys_groupid' WHERE web_folder_id = ".$this->id;


            $app->db->query($sql);


            $sql = "UPDATE web_folder SET sys_groupid = ? WHERE web_folder_id = ?";


            $app->db->query($sql, $sys_groupid, $this->id);


        }




    }




 interface/web/sites/web_folder_user_edit.php


@@ -55,7 +55,7 @@


        global $app, $conf;




        // Get the record of the parent domain


        $folder = $app->db->queryOneRecord("select * FROM web_folder WHERE web_folder_id = ".$app->functions->intval(@$this->dataRecord["web_folder_id"]) . " AND ".$app->tform->getAuthSQL('r'));


        $folder = $app->db->queryOneRecord("select * FROM web_folder WHERE web_folder_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["web_folder_id"]);


        if(!$folder || $folder['web_folder_id'] != @$this->dataRecord['web_folder_id']) $app->tform->errorMessage .= $app->tform->lng("no_folder_perm");




        // Set a few fixed values


@@ -63,9 +63,9 @@


        


        // make sure this folder/user combination does not exist already


        if($this->id > 0){


            $user = $app->db->queryOneRecord("SELECT * FROM web_folder_user WHERE web_folder_id = ".$this->dataRecord['web_folder_id']." AND username = '".$this->dataRecord['username']."' AND web_folder_user_id != ".$this->id);


            $user = $app->db->queryOneRecord("SELECT * FROM web_folder_user WHERE web_folder_id = ? AND username = ? AND web_folder_user_id != ?", $this->dataRecord['web_folder_id'], $this->dataRecord['username'], $this->id);


        } else {


            $user = $app->db->queryOneRecord("SELECT * FROM web_folder_user WHERE web_folder_id = ".$this->dataRecord['web_folder_id']." AND username = '".$this->dataRecord['username']."'");


            $user = $app->db->queryOneRecord("SELECT * FROM web_folder_user WHERE web_folder_id = ? AND username = ?", $this->dataRecord['web_folder_id'], $this->dataRecord['username']);


        }


        if(is_array($user) && !empty($user)) $app->tform->errorMessage .= $app->tform->lng('error_user_exists_already_txt');




@@ -75,13 +75,13 @@


    function onAfterInsert() {


        global $app, $conf;




        $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ".$app->functions->intval($this->dataRecord["web_folder_id"]));


        $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ?", $this->dataRecord["web_folder_id"]);




        // The web folder user entry shall be owned by the same group as the web folder


        $sys_groupid = $app->functions->intval($folder['sys_groupid']);




        $sql = "UPDATE web_folder_user SET sys_groupid = '$sys_groupid' WHERE web_folder_user_id = ".$this->id;


        $app->db->query($sql);


        $sql = "UPDATE web_folder_user SET sys_groupid = ? WHERE web_folder_user_id = ?";


        $app->db->query($sql, $sys_groupid, $this->id);


    }


    


    function onAfterUpdate() {


@@ -89,13 +89,13 @@




        //* When the web folder has been changed


        if(isset($this->dataRecord['web_folder_id']) && $this->oldDataRecord['web_folder_id'] != $this->dataRecord['web_folder_id']) {


            $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ".$app->functions->intval($this->dataRecord["web_folder_id"]));


            $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ?", $this->dataRecord["web_folder_id"]);




            // The web folder user entry shall be owned by the same group as the web folder


            $sys_groupid = $app->functions->intval($folder['sys_groupid']);




            $sql = "UPDATE web_folder_user SET sys_groupid = '$sys_groupid' WHERE web_folder_user_id = ".$this->id;


            $app->db->query($sql);


            $sql = "UPDATE web_folder_user SET sys_groupid = ? WHERE web_folder_user_id = ?";


            $app->db->query($sql, $sys_groupid, $this->id);


        }




    }




 interface/web/sites/web_sites_stats.php


@@ -40,36 +40,28 @@


        //** Traffic of the current month


        $tmp_year = date('Y');


        $tmp_month = date('m');


        $tmp_rec = $app->db->queryOneRecord("SELECT SUM(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year' AND MONTH(traffic_date) = '$tmp_month'");


//        $rec['this_month'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');


//        $this->sum_this_month += ($tmp_rec['t']/1024/1024);


        $tmp_rec = $app->db->queryOneRecord("SELECT SUM(traffic_bytes) as t FROM web_traffic WHERE hostname = ? AND YEAR(traffic_date) = ? AND MONTH(traffic_date) = ?", $rec['domain'], $tmp_year, $tmp_month);


        $rec['this_month'] = $app->functions->formatBytes($tmp_rec['t']);


        $this->sum_this_month += $app->functions->formatBytes($tmp_rec['t']);


        $this->sum_this_month += $tmp_rec['t'];






        //** Traffic of the current year


        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year'");


//        $rec['this_year'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');


//        $this->sum_this_year += ($tmp_rec['t']/1024/1024);


        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = ? AND YEAR(traffic_date) = ?", $rec['domain'], $tmp_year);


        $rec['this_year'] = $app->functions->formatBytes($tmp_rec['t']);


        $this->sum_this_year += $app->functions->formatBytes($tmp_rec['t']);


        $this->sum_this_year += $tmp_rec['t'];




        //** Traffic of the last month


        $tmp_year = date('Y', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));


        $tmp_month = date('m', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")));


        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year' AND MONTH(traffic_date) = '$tmp_month'");


//        $rec['last_month'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');


//        $this->sum_last_month += ($tmp_rec['t']/1024/1024);


        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = ? AND YEAR(traffic_date) = ? AND MONTH(traffic_date) = ?", $rec['domain'], $tmp_year, $tmp_month);


        $rec['last_month'] = $app->functions->formatBytes($tmp_rec['t']);


        $this->sum_last_month += $app->functions->formatBytes($tmp_rec['t']);


        $this->sum_last_month += $tmp_rec['t'];




        //** Traffic of the last year


        $tmp_year = date('Y', mktime(0, 0, 0, date("m"), date("d"), date("Y")-1));


        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."' AND YEAR(traffic_date) = '$tmp_year'");


//        $rec['last_year'] = number_format($tmp_rec['t']/1024/1024, 0, '.', ' ');


//        $this->sum_last_year += ($tmp_rec['t']/1024/1024);


        $tmp_rec = $app->db->queryOneRecord("SELECT sum(traffic_bytes) as t FROM web_traffic WHERE hostname = ? AND YEAR(traffic_date) = ?", $rec['domain'], $tmp_year);


        $rec['last_year'] = $app->functions->formatBytes($tmp_rec['t']);


        $this->sum_last_year += $app->functions->formatBytes($tmp_rec['t']);


        $this->sum_last_year += $tmp_rec['t'];




        //* The variable "id" contains always the index variable


        $rec['id'] = $rec[$this->idx_key];


@@ -81,10 +73,10 @@


    {


        global $app;




        $app->tpl->setVar('sum_this_month', number_format($app->functions->intval($this->sum_this_month), 0, '.', ' '));


        $app->tpl->setVar('sum_this_year', number_format($app->functions->intval($this->sum_this_year), 0, '.', ' '));


        $app->tpl->setVar('sum_last_month', number_format($app->functions->intval($this->sum_last_month), 0, '.', ' '));


        $app->tpl->setVar('sum_last_year', number_format($app->functions->intval($this->sum_last_year), 0, '.', ' '));


        $app->tpl->setVar('sum_this_month', $app->functions->formatBytes($this->sum_this_month));


        $app->tpl->setVar('sum_this_year', $app->functions->formatBytes($this->sum_this_year));


        $app->tpl->setVar('sum_last_month', $app->functions->formatBytes($this->sum_last_month));


        $app->tpl->setVar('sum_last_year', $app->functions->formatBytes($this->sum_last_year));


        $app->tpl->setVar('sum_txt', $app->listform->lng('sum_txt'));




        $app->tpl_defaults();




 interface/web/sites/web_vhost_domain_del.php


@@ -72,45 +72,45 @@


            if($app->tform->checkPerm($this->id, 'd') == false) $app->error($app->lng('error_no_delete_permission'));




            //* Delete all records that belong to this web.


            $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE parent_domain_id = '".$app->functions->intval($this->id)."' AND type != 'vhost'");


            $records = $app->db->queryAllRecords("SELECT domain_id FROM web_domain WHERE parent_domain_id = ? AND type != 'vhost'", $this->id);


            foreach($records as $rec) {


                $app->db->datalogDelete('web_domain', 'domain_id', $rec['domain_id']);


            }




            //* Delete all records that belong to this web.


            $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");


            $records = $app->db->queryAllRecords("SELECT ftp_user_id FROM ftp_user WHERE parent_domain_id = ?", $this->id);


            foreach($records as $rec) {


                $app->db->datalogDelete('ftp_user', 'ftp_user_id', $rec['ftp_user_id']);


            }




            //* Delete all records that belong to this web.


            $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");


            $records = $app->db->queryAllRecords("SELECT shell_user_id FROM shell_user WHERE parent_domain_id = ?", $this->id);


            foreach($records as $rec) {


                $app->db->datalogDelete('shell_user', 'shell_user_id', $rec['shell_user_id']);


            }




            //* Delete all records that belong to this web.


            $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");


            $records = $app->db->queryAllRecords("SELECT id FROM cron WHERE parent_domain_id = ?", $this->id);


            foreach($records as $rec) {


                $app->db->datalogDelete('cron', 'id', $rec['id']);


            }




            //* Delete all records that belong to this web


            $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");


            $records = $app->db->queryAllRecords("SELECT webdav_user_id FROM webdav_user WHERE parent_domain_id = ?", $this->id);


            foreach($records as $rec) {


                $app->db->datalogDelete('webdav_user', 'webdav_user_id', $rec['webdav_user_id']);


            }




            //* Delete all records that belong to this web


            $records = $app->db->queryAllRecords("SELECT backup_id FROM web_backup WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");


            $records = $app->db->queryAllRecords("SELECT backup_id FROM web_backup WHERE parent_domain_id = ?", $this->id);


            foreach($records as $rec) {


                $app->db->datalogDelete('web_backup', 'backup_id', $rec['backup_id']);


            }




            //* Delete all records that belog to this web.


            $web_domain = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));


            $web_domain = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ?", $this->id);


            if($web_domain['domain'] != ''){


                $aps_instances = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = '".$app->db->quote($web_domain['domain'])."'");


                $aps_instances = $app->db->queryAllRecords("SELECT instance_id FROM aps_instances_settings WHERE name = 'main_domain' AND value = ?", $web_domain['domain']);


                if(is_array($aps_instances) && !empty($aps_instances)){


                    foreach($aps_instances as $aps_instance){


                        if($aps_instance['instance_id'] > 0){


@@ -123,10 +123,10 @@


        }




        //* Delete all web folders


        $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = '".$app->functions->intval($this->id)."'");


        $records = $app->db->queryAllRecords("SELECT web_folder_id FROM web_folder WHERE parent_domain_id = ?", $this->id);


        foreach($records as $rec) {


            //* Delete all web folder users


            $records2 = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$app->functions->intval($rec['web_folder_id'])."'");


            $records2 = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = ?", $rec['web_folder_id']);


            foreach($records2 as $rec2) {


                $app->db->datalogDelete('web_folder_user', 'web_folder_user_id', $rec2['web_folder_user_id']);


            }




 interface/web/sites/web_vhost_domain_edit.php


@@ -111,7 +111,7 @@


            }


            // Get the limits of the client


            $client_group_id = $_SESSION["s"]["user"]["default_group"];


            $client = $app->db->queryOneRecord("SELECT client.web_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT client.web_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


            $web_servers = explode(',', $client['web_servers']);


            $server_id = $web_servers[0];


            $app->tpl->setVar("server_id_value", $server_id);


@@ -141,7 +141,7 @@




        $read_limits = array('limit_cgi', 'limit_ssi', 'limit_perl', 'limit_ruby', 'limit_python', 'force_suexec', 'limit_hterror', 'limit_wildcard', 'limit_ssl');




        if($this->_vhostdomain_type != 'domain') $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]));


        if($this->_vhostdomain_type != 'domain') $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ?", @$this->dataRecord["parent_domain_id"]);


        


        $is_admin = false;




@@ -151,11 +151,11 @@


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            if($this->_vhostdomain_type == 'domain') {


                $client = $app->db->queryOneRecord("SELECT client.limit_web_domain, client.web_servers, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                $client = $app->db->queryOneRecord("SELECT client.limit_web_domain, client.web_servers, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


            } elseif($this->_vhostdomain_type == 'subdomain') {


                $client = $app->db->queryOneRecord("SELECT client.limit_web_subdomain, client.web_servers, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                $client = $app->db->queryOneRecord("SELECT client.limit_web_subdomain, client.web_servers, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


            } elseif($this->_vhostdomain_type == 'aliasdomain') {


                $client = $app->db->queryOneRecord("SELECT client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                $client = $app->db->queryOneRecord("SELECT client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


            }




            $client['web_servers_ids'] = explode(',', $client['web_servers']);


@@ -167,13 +167,13 @@


                $web_config[$web_server_id] = $app->getconf->get_server_config($web_server_id, 'web');


            }




            $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client['web_servers'] . ");";


            $web_servers = $app->db->queryAllRecords($sql);


            $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";


            $web_servers = $app->db->queryAllRecords($sql, $client['web_servers_ids']);




            $options_web_servers = "";




            foreach ($web_servers as $web_server) {


                $options_web_servers .= "<option value='$web_server[server_id]'>$web_server[server_name]</option>";


                $options_web_servers .= '<option value="'.$web_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $web_server['server_id'] ? ' selected="selected"' : '').'>'.$web_server['server_name'].'</option>';


            }




            $app->tpl->setVar("server_id", $options_web_servers);


@@ -181,7 +181,7 @@




            if($this->id > 0) {


                if(!isset($this->dataRecord["server_id"])){


                    $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));


                    $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->id);


                    $this->dataRecord["server_id"] = $tmp["server_id"];


                    unset($tmp);


                }


@@ -200,8 +200,8 @@


            }


            


            //* Fill the IPv4 select field with the IP addresses that are allowed for this client


            $sql = "SELECT ip_address FROM server_ip WHERE server_id IN (" . $client['web_servers'] . ") AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";


            $ips = $app->db->queryAllRecords($sql);


            $sql = "SELECT ip_address FROM server_ip WHERE server_id IN ? AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";


            $ips = $app->db->queryAllRecords($sql, explode(',', $client['web_servers']));


            $ip_select = ($web_config[$server_id]['enable_ip_wildcard'] == 'y')?"<option value='*'>*</option>":"";


            //if(!in_array($this->dataRecord["ip_address"], $ips)) $ip_select .= "<option value='".$this->dataRecord["ip_address"]."' SELECTED>".$this->dataRecord["ip_address"]."</option>\r\n";


            //$ip_select = "";


@@ -216,8 +216,8 @@


            unset($ips);




            //* Fill the IPv6 select field with the IP addresses that are allowed for this client


            $sql = "SELECT ip_address FROM server_ip WHERE server_id IN (" . $client['web_servers'] . ") AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";


            $ips = $app->db->queryAllRecords($sql);


            $sql = "SELECT ip_address FROM server_ip WHERE server_id IN ? AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=?)";


            $ips = $app->db->queryAllRecords($sql, explode(',', $client['web_servers']), $_SESSION['s']['user']['client_id']);


            $ip_select = "<option value=''></option>";


            //$ip_select = "";


            if(is_array($ips)) {


@@ -237,17 +237,17 @@




            if($this->_vhostdomain_type == 'domain') {


                if($this->dataRecord['php'] == 'php-fpm'){


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver']))." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ? AND (client_id = 0 OR client_id=?)", ($this->id > 0 ? $this->dataRecord['server_id'] : $client['default_webserver']), $_SESSION['s']['user']['client_id']);


                }


                if($this->dataRecord['php'] == 'fast-cgi'){


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver']))." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ? AND (client_id = 0 OR client_id=?)", ($this->id > 0 ? $this->dataRecord['server_id'] : $client['default_webserver']), $_SESSION['s']['user']['client_id']);


                }


            } else {


                if($this->dataRecord['php'] == 'php-fpm'){


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ? AND (client_id = 0 OR client_id=?)", $parent_domain['server_id'], $_SESSION['s']['user']['client_id']);


                }


                if($this->dataRecord['php'] == 'fast-cgi'){


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ? AND (client_id = 0 OR client_id=?)", $parent_domain['server_id'], $_SESSION['s']['user']['client_id']);


                }


            }


            $php_select = "<option value=''>Default</option>";


@@ -276,12 +276,12 @@


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);




            if($this->_vhostdomain_type == 'domain') {


                $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_domain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_domain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


                $app->tpl->setVar('only_one_server', $only_one_server);


            } elseif($this->_vhostdomain_type == 'subdomain') {


                $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_subdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_subdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


            } elseif($this->_vhostdomain_type == 'aliasdomain') {


                $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                $client = $app->db->queryOneRecord("SELECT client.client_id, client.limit_web_aliasdomain, client.web_servers, client.default_webserver, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


            }




            $client['web_servers_ids'] = explode(',', $client['web_servers']);


@@ -292,13 +292,13 @@


                $web_config[$web_server_id] = $app->getconf->get_server_config($web_server_id, 'web');


            }




            $sql = "SELECT server_id, server_name FROM server WHERE server_id IN (" . $client['web_servers'] . ");";


            $web_servers = $app->db->queryAllRecords($sql);


            $sql = "SELECT server_id, server_name FROM server WHERE server_id IN ?";


            $web_servers = $app->db->queryAllRecords($sql, $client['web_servers_ids']);




            $options_web_servers = "";




            foreach ($web_servers as $web_server) {


                $options_web_servers .= "<option value='$web_server[server_id]'>$web_server[server_name]</option>";


                $options_web_servers .= '<option value="'.$web_server['server_id'].'"'.($this->id > 0 && $this->dataRecord["server_id"] == $web_server['server_id'] ? ' selected="selected"' : '').'>'.$web_server['server_name'].'</option>';


            }




            $app->tpl->setVar("server_id", $options_web_servers);


@@ -306,9 +306,9 @@




            if ($settings['use_domain_module'] != 'y') {


                // Fill the client select field


                $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY client.company_name, client.contact_name, sys_group.name";


                $records = $app->db->queryAllRecords($sql);


                $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));


                $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";


                $records = $app->db->queryAllRecords($sql, $client['client_id']);


                $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);


                $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';


                //$tmp_data_record = $app->tform->getDataRecord($this->id);


                if(is_array($records)) {


@@ -333,8 +333,8 @@


            }


            


            //* Fill the IPv4 select field with the IP addresses that are allowed for this client


            $sql = "SELECT ip_address FROM server_ip WHERE server_id IN (" . $client['web_servers'] . ") AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";


            $ips = $app->db->queryAllRecords($sql);


            $sql = "SELECT ip_address FROM server_ip WHERE server_id IN ? AND ip_type = 'IPv4' AND (client_id = 0 OR client_id=?)";


            $ips = $app->db->queryAllRecords($sql, explode(',', $client['web_servers']), $_SESSION['s']['user']['client_id']);


            $ip_select = ($web_config[$server_id]['enable_ip_wildcard'] == 'y')?"<option value='*'>*</option>":"";


            //if(!in_array($this->dataRecord["ip_address"], $ips)) $ip_select .= "<option value='".$this->dataRecord["ip_address"]."' SELECTED>".$this->dataRecord["ip_address"]."</option>\r\n";


            //$ip_select = "";


@@ -349,8 +349,8 @@


            unset($ips);




            //* Fill the IPv6 select field with the IP addresses that are allowed for this client


            $sql = "SELECT ip_address FROM server_ip WHERE server_id IN (" . $client['web_servers'] . ") AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id'].")";


            $ips = $app->db->queryAllRecords($sql);


            $sql = "SELECT ip_address FROM server_ip WHERE server_id IN ? AND ip_type = 'IPv6' AND (client_id = 0 OR client_id=?)";


            $ips = $app->db->queryAllRecords($sql, $client['web_servers'], $_SESSION['s']['user']['client_id']);


            $ip_select = "<option value=''></option>";


            //$ip_select = "";


            if(is_array($ips)) {


@@ -367,22 +367,21 @@


            $server_type = 'apache';


            if(!empty($web_config[$server_id]['server_type'])) $server_type = $web_config[$server_id]['server_type'];


            if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';


            $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ".$app->functions->intval($selected_client_group_id));


            //$sql_where = " AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id']." OR client_id = ".intval($selected_client['client_id']).")";


            $sql_where = " AND (client_id = 0 OR client_id = ".intval($selected_client['client_id']).")";


            $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $selected_client_group_id);


            $sql_where = " AND (client_id = 0 OR client_id = ?)";


            if($this->_vhostdomain_type == 'domain') {


                if($this->dataRecord['php'] == 'php-fpm'){


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver'])).$sql_where);


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?".$sql_where, ($this->id > 0 ? $this->dataRecord['server_id'] : $client['default_webserver']), $selected_client['client_id']);


                }


                if($this->dataRecord['php'] == 'fast-cgi') {


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".($this->id > 0 ? $app->functions->intval($this->dataRecord['server_id']) : $app->functions->intval($client['default_webserver'])).$sql_where);


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ?".$sql_where, ($this->id > 0 ? $this->dataRecord['server_id'] : $client['default_webserver']), $selected_client['client_id']);


                }


            } else {


                if($this->dataRecord['php'] == 'php-fpm'){


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ? AND (client_id = 0 OR client_id=?)", $parent_domain['server_id'], $_SESSION['s']['user']['client_id']);


                }


                if($this->dataRecord['php'] == 'fast-cgi') {


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$app->functions->intval($parent_domain['server_id'])." AND (client_id = 0 OR client_id=".$app->functions->intval($_SESSION['s']['user']['client_id']).")");


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ? AND (client_id = 0 OR client_id=?)", $parent_domain['server_id'], $_SESSION['s']['user']['client_id']);


                }


            }


            $php_select = "<option value=''>Default</option>";


@@ -410,6 +409,7 @@


                $php_directive_snippets_txt = '';


                if(is_array($php_directive_snippets) && !empty($php_directive_snippets)){


                    foreach($php_directive_snippets as $php_directive_snippet){


                        $php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL;


                        $php_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$php_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($php_directive_snippet['snippet']).'</pre></a> ';


                    }


                }


@@ -421,6 +421,7 @@


                    $apache_directive_snippets_txt = '';


                    if(is_array($apache_directive_snippets) && !empty($apache_directive_snippets)){


                        foreach($apache_directive_snippets as $apache_directive_snippet){


                            $apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL;


                            $apache_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$apache_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($apache_directive_snippet['snippet']).'</pre></a> ';


                        }


                    }


@@ -433,6 +434,7 @@


                    $nginx_directive_snippets_txt = '';


                    if(is_array($nginx_directive_snippets) && !empty($nginx_directive_snippets)){


                        foreach($nginx_directive_snippets as $nginx_directive_snippet){


                            $nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL;


                            $nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$nginx_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($nginx_directive_snippet['snippet']).'</pre></a> ';


                        }


                    }


@@ -444,6 +446,7 @@


                $proxy_directive_snippets_txt = '';


                if(is_array($proxy_directive_snippets) && !empty($proxy_directive_snippets)){


                    foreach($proxy_directive_snippets as $proxy_directive_snippet){


                        $proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL;


                        $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';


                    }


                }


@@ -460,7 +463,7 @@


                // The user is admin, so we fill in all IP addresses of the server


                if($this->id > 0) {


                    if(!isset($this->dataRecord["server_id"])){


                        $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));


                        $tmp = $app->db->queryOneRecord("SELECT server_id FROM web_domain WHERE domain_id = ?", $this->id);


                        $this->dataRecord["server_id"] = $tmp["server_id"];


                        unset($tmp);


                    }


@@ -483,8 +486,8 @@


            }




            //* Fill the IPv4 select field


            $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv4' AND server_id = ".$app->functions->intval($server_id);


            $ips = $app->db->queryAllRecords($sql);


            $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv4' AND server_id = ?";


            $ips = $app->db->queryAllRecords($sql, $server_id);


            $ip_select = ($web_config['enable_ip_wildcard'] == 'y')?"<option value='*'>*</option>":"";


            //$ip_select = "";


            if(is_array($ips)) {


@@ -498,8 +501,8 @@


            unset($ips);




            //* Fill the IPv6 select field


            $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND server_id = ".$app->functions->intval($server_id);


            $ips = $app->db->queryAllRecords($sql);


            $sql = "SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND server_id = ?";


            $ips = $app->db->queryAllRecords($sql, $server_id);


            $ip_select = "<option value=''></option>";


            //$ip_select = "";


            if(is_array($ips)) {


@@ -535,22 +538,21 @@


            $server_type = 'apache';


            if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];


            if($server_type == 'nginx' && $this->dataRecord['php'] == 'fast-cgi') $this->dataRecord['php'] = 'php-fpm';


            $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ".$app->functions->intval($selected_client_group_id));


            //$sql_where = " AND (client_id = 0 OR client_id=".$_SESSION['s']['user']['client_id']." OR client_id = ".intval($selected_client['client_id']).")";


            $sql_where = " AND (client_id = 0 OR client_id = ".$app->functions->intval($selected_client['client_id']).")";


            $selected_client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $selected_client_group_id);


            $sql_where = " AND (client_id = 0 OR client_id = ?)";


            if($this->_vhostdomain_type == 'domain') {


                if($this->dataRecord['php'] == 'php-fpm'){


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = $server_id".$sql_where);


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?".$sql_where, $server_id, $selected_client['client_id']);


                }


                if($this->dataRecord['php'] == 'fast-cgi') {


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ".$app->functions->intval($server_id).$sql_where);


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ?".$sql_where, $server_id, $selected_client['client_id']);


                }


            } else {


                if($this->dataRecord['php'] == 'php-fpm'){


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = " . $app->functions->intval($parent_domain['server_id']));


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?", $parent_domain['server_id']);


                }


                if($this->dataRecord['php'] == 'fast-cgi') {


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = " . $app->functions->intval($parent_domain['server_id']));


                    $php_records = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fastcgi_binary != '' AND php_fastcgi_ini_dir != '' AND server_id = ?", $parent_domain['server_id']);


                }


            }


            $php_select = "<option value=''>Default</option>";


@@ -575,6 +577,7 @@


            $php_directive_snippets_txt = '';


            if(is_array($php_directive_snippets) && !empty($php_directive_snippets)){


                foreach($php_directive_snippets as $php_directive_snippet){


                    $php_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $php_directive_snippet['snippet'] . PHP_EOL;


                    $php_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$php_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($php_directive_snippet['snippet']).'</pre></a> ';


                }


            }


@@ -586,6 +589,7 @@


                $apache_directive_snippets_txt = '';


                if(is_array($apache_directive_snippets) && !empty($apache_directive_snippets)){


                    foreach($apache_directive_snippets as $apache_directive_snippet){


                        $apache_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $apache_directive_snippet['snippet'] . PHP_EOL;


                        $apache_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$apache_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($apache_directive_snippet['snippet']).'</pre></a> ';


                    }


                }


@@ -598,6 +602,7 @@


                $nginx_directive_snippets_txt = '';


                if(is_array($nginx_directive_snippets) && !empty($nginx_directive_snippets)){


                    foreach($nginx_directive_snippets as $nginx_directive_snippet){


                        $nginx_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $nginx_directive_snippet['snippet'] . PHP_EOL;


                        $nginx_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$nginx_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($nginx_directive_snippet['snippet']).'</pre></a> ';


                    }


                }


@@ -609,6 +614,7 @@


            $proxy_directive_snippets_txt = '';


            if(is_array($proxy_directive_snippets) && !empty($proxy_directive_snippets)){


                foreach($proxy_directive_snippets as $proxy_directive_snippet){


                    $proxy_directive_snippet['snippet'] = PHP_EOL . PHP_EOL . $proxy_directive_snippet['snippet'] . PHP_EOL;


                    $proxy_directive_snippets_txt .= '<a href="javascript:void(0);" class="addPlaceholderContent">['.$proxy_directive_snippet['name'].']<pre class="addPlaceholderContent" style="display:none;">'.htmlentities($proxy_directive_snippet['snippet']).'</pre></a> ';


                }


            }


@@ -618,7 +624,7 @@




        $ssl_domain_select = '';


        $ssl_domains = array();


        $tmpd = $app->db->queryAllRecords("SELECT domain, type FROM web_domain WHERE domain_id = ".$this->id." OR parent_domain_id = ".$this->id);


        $tmpd = $app->db->queryAllRecords("SELECT domain, type FROM web_domain WHERE domain_id = ? OR parent_domain_id = ?", $this->id, $this->id);


        foreach($tmpd as $tmp) {


            if($tmp['type'] == 'subdomain' || $tmp['type'] == 'vhostsubdomain') {


                $ssl_domains[] = $tmp["domain"];


@@ -629,7 +635,7 @@


        if(is_array($ssl_domains)) {


            foreach( $ssl_domains as $ssl_domain) {


                $selected = ($ssl_domain == $this->dataRecord['ssl_domain'])?'SELECTED':'';


                $ssl_domain_select .= "<option value='$ssl_domain' $selected>$ssl_domain</option>\r\n";


                $ssl_domain_select .= "<option value='$ssl_domain' $selected>".$app->functions->idn_decode($ssl_domain)."</option>\r\n";


            }


        }


        $app->tpl->setVar("ssl_domain", $ssl_domain_select);


@@ -687,12 +693,16 @@


                $domain_select .= "<option value=''></option>\r\n";


            }


            $app->tpl->setVar("domain_option", $domain_select);


        } else {




            // remove the parent domain part of the domain name before we show it in the text field.


            if($this->dataRecord["type"] == 'vhostsubdomain') $this->dataRecord["domain"] = str_replace('.'.$parent_domain["domain"], '', $this->dataRecord["domain"]);


        }


        if($this->_vhostdomain_type != 'domain') $app->tpl->setVar("domain", $this->dataRecord["domain"]);




        // check for configuration errors in sys_datalog


        if($this->id > 0) {


            $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'web_domain' AND sys_datalog.dbidx = 'domain_id:".$app->functions->intval($this->id)."' AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC");


            $datalog = $app->db->queryOneRecord("SELECT sys_datalog.error, sys_log.tstamp FROM sys_datalog, sys_log WHERE sys_datalog.dbtable = 'web_domain' AND sys_datalog.dbidx = ? AND sys_datalog.datalog_id = sys_log.datalog_id AND sys_log.message = CONCAT('Processed datalog_id ',sys_log.datalog_id) ORDER BY sys_datalog.tstamp DESC", 'domain_id:' . $this->id);


            if(is_array($datalog) && !empty($datalog)){


                if(trim($datalog['error']) != ''){


                    $app->tpl->setVar("config_error_msg", nl2br(htmlentities($datalog['error'])));


@@ -713,6 +723,10 @@


            if(is_array($tmp_client) && !empty($tmp_client) && trim($this->dataRecord['ssl_organisation']) == '' && trim($this->dataRecord['ssl_locality']) == '' && trim($this->dataRecord['ssl_state']) == '' && trim($this->dataRecord['ssl_organisation_unit']) == '') $app->tpl->setVar("show_helper_links", true);


        }




        $sys_config = $app->getconf->get_global_config('misc');


        if($sys_config['use_combobox'] == 'y') {


            $app->tpl->setVar('use_combobox', 'y');


        }


        parent::onShowEnd();


    }




@@ -733,12 +747,12 @@


        } else {


            // Get the record of the parent domain


            if(!@$this->dataRecord["parent_domain_id"] && $this->id) {


                $tmp = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));


                $tmp = $app->db->queryOneRecord("SELECT parent_domain_id FROM web_domain WHERE domain_id = ?", $this->id);


                if($tmp) $this->dataRecord["parent_domain_id"] = $tmp['parent_domain_id'];


                unset($tmp);


            }




            $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));


            $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);


            if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");




            if($this->_vhostdomain_type == 'subdomain') {


@@ -800,14 +814,6 @@




                // vhostaliasdomains do not have a quota of their own


                $this->dataRecord["hd_quota"] = 0;




                // check for duplicate folder usage


                /*


                $check = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_domain` WHERE `type` = 'vhostalias' AND `parent_domain_id` = '" . $app->functions->intval($this->dataRecord['parent_domain_id']) . "' AND `web_folder` = '" . $app->db->quote($this->dataRecord['web_folder']) . "' AND `domain_id` != '" . $app->functions->intval($this->id) . "'");


                if($check && $check['cnt'] > 0) {


                    $app->tform->errorMessage .= $app->tform->lng("web_folder_unique_txt")."<br>";


                }


                */


            }


        }




@@ -816,7 +822,7 @@


        if($_SESSION["s"]["user"]["typ"] != 'admin') {


            // Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, limit_web_aliasdomain, limit_web_subdomain, web_servers, parent_client_id, limit_web_quota, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, limit_web_aliasdomain, limit_web_subdomain, web_servers, parent_client_id, limit_web_quota, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            $client['web_servers_ids'] = explode(',', $client['web_servers']);




@@ -832,7 +838,7 @@




            // only generate quota and traffic warnings if value has changed


            if($this->id > 0) {


                $old_web_values = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));


                $old_web_values = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->id);


            } else {


                $old_web_values = array();


            }


@@ -840,7 +846,7 @@


            if($this->_vhostdomain_type == 'domain') {


                //* Check the website quota of the client


                if(isset($_POST["hd_quota"]) && $client["limit_web_quota"] >= 0 && $_POST["hd_quota"] != $old_web_values["hd_quota"]) {


                    $tmp = $app->db->queryOneRecord("SELECT sum(hd_quota) as webquota FROM web_domain WHERE domain_id != ".$app->functions->intval($this->id)." AND type = 'vhost' AND ".$app->tform->getAuthSQL('u'));


                    $tmp = $app->db->queryOneRecord("SELECT sum(hd_quota) as webquota FROM web_domain WHERE domain_id != ? AND type = 'vhost' AND ".$app->tform->getAuthSQL('u'), $this->id);


                    $webquota = $tmp["webquota"];


                    $new_web_quota = $app->functions->intval($this->dataRecord["hd_quota"]);


                    if(($webquota + $new_web_quota > $client["limit_web_quota"]) || ($new_web_quota < 0 && $client["limit_web_quota"] >= 0)) {


@@ -857,7 +863,7 @@




            //* Check the traffic quota of the client


            if(isset($_POST["traffic_quota"]) && $client["limit_traffic_quota"] > 0 && $_POST["traffic_quota"] != $old_web_values["traffic_quota"]) {


                $tmp = $app->db->queryOneRecord("SELECT sum(traffic_quota) as trafficquota FROM web_domain WHERE domain_id != ".$app->functions->intval($this->id)." AND ".$app->tform->getAuthSQL('u'));


                $tmp = $app->db->queryOneRecord("SELECT sum(traffic_quota) as trafficquota FROM web_domain WHERE domain_id != ? AND ".$app->tform->getAuthSQL('u'), $this->id);


                $trafficquota = $tmp["trafficquota"];


                $new_traffic_quota = $app->functions->intval($this->dataRecord["traffic_quota"]);


                if(($trafficquota + $new_traffic_quota > $client["limit_traffic_quota"]) || ($new_traffic_quota < 0 && $client["limit_traffic_quota"] >= 0)) {


@@ -873,12 +879,12 @@




            if($client['parent_client_id'] > 0) {


                // Get the limits of the reseller


                $reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, limit_web_aliasdomain, limit_web_subdomain, web_servers, limit_web_quota FROM client WHERE client_id = ".$client['parent_client_id']);


                $reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_domain, limit_web_aliasdomain, limit_web_subdomain, web_servers, limit_web_quota FROM client WHERE client_id = ?", $client['parent_client_id']);




                if($this->_vhostdomain_type == 'domain') {


                    //* Check the website quota of the client


                    if(isset($_POST["hd_quota"]) && $reseller["limit_web_quota"] >= 0 && $_POST["hd_quota"] != $old_web_values["hd_quota"]) {


                        $tmp = $app->db->queryOneRecord("SELECT sum(hd_quota) as webquota FROM web_domain, sys_group, client WHERE web_domain.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ".$client['parent_client_id']." IN (client.parent_client_id, client.client_id) AND domain_id != ".$app->functions->intval($this->id)." AND type = 'vhost'");


                        $tmp = $app->db->queryOneRecord("SELECT sum(hd_quota) as webquota FROM web_domain, sys_group, client WHERE web_domain.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ? IN (client.parent_client_id, client.client_id) AND domain_id != ? AND type = 'vhost'", $client['parent_client_id'], $this->id);




                        $webquota = $tmp["webquota"];


                        $new_web_quota = $app->functions->intval($this->dataRecord["hd_quota"]);


@@ -896,7 +902,7 @@




                //* Check the traffic quota of the client


                if(isset($_POST["traffic_quota"]) && $reseller["limit_traffic_quota"] > 0 && $_POST["traffic_quota"] != $old_web_values["traffic_quota"]) {


                    $tmp = $app->db->queryOneRecord("SELECT sum(traffic_quota) as trafficquota FROM web_domain, sys_group, client WHERE web_domain.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ".$client['parent_client_id']." IN (client.parent_client_id, client.client_id) AND domain_id != ".$app->functions->intval($this->id)." AND type = 'vhost'");


                    $tmp = $app->db->queryOneRecord("SELECT sum(traffic_quota) as trafficquota FROM web_domain, sys_group, client WHERE web_domain.sys_groupid=sys_group.groupid AND sys_group.client_id=client.client_id AND ? IN (client.parent_client_id, client.client_id) AND domain_id != ? AND type = 'vhost'", $client['parent_client_id'], $this->id);


                    $trafficquota = $tmp["trafficquota"];


                    $new_traffic_quota = $app->functions->intval($this->dataRecord["traffic_quota"]);


                    if(($trafficquota + $new_traffic_quota > $reseller["limit_traffic_quota"]) || ($new_traffic_quota < 0 && $reseller["limit_traffic_quota"] >= 0)) {


@@ -914,7 +920,7 @@


            // When the record is updated


            if($this->id > 0) {


                // restore the server ID if the user is not admin and record is edited


                $tmp = $app->db->queryOneRecord("SELECT server_id, `system_user`, `system_group`, `web_folder`, `cgi`, `ssi`, `perl`, `ruby`, `python`, `suexec`, `errordocs`, `subdomain`, `ssl` FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));


                $tmp = $app->db->queryOneRecord("SELECT server_id, `system_user`, `system_group`, `web_folder`, `cgi`, `ssi`, `perl`, `ruby`, `python`, `suexec`, `errordocs`, `subdomain`, `ssl` FROM web_domain WHERE domain_id = ?", $this->id);


                $this->dataRecord["server_id"] = $tmp["server_id"];


                $this->dataRecord['web_folder'] = $tmp['web_folder']; // cannot be changed!


                $this->dataRecord['system_user'] = $tmp['system_user'];


@@ -943,17 +949,17 @@




                // Check if the user may add another web_domain


                if($this->_vhostdomain_type == 'domain' && $client["limit_web_domain"] >= 0) {


                    $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = $client_group_id and type = 'vhost'");


                    $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = ? and type = 'vhost'", $client_group_id);


                    if($tmp["number"] >= $client["limit_web_domain"]) {


                        $app->error($app->tform->wordbook["limit_web_domain_txt"]);


                    }


                } elseif($this->_vhostdomain_type == 'aliasdomain' && $client["limit_web_aliasdomain"] >= 0) {


                    $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = $client_group_id and (type = 'alias' OR type = 'vhostalias')");


                    $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = ? and (type = 'alias' OR type = 'vhostalias')", $client_group_id);


                    if($tmp["number"] >= $client["limit_web_aliasdomain"]) {


                        $app->error($app->tform->wordbook["limit_web_aliasdomain_txt"]);


                    }


                } elseif($this->_vhostdomain_type == 'subdomain' && $client["limit_web_subdomain"] >= 0) {


                    $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = $client_group_id and (type = 'subdomain' OR type = 'vhostsubdomain')");


                    $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM web_domain WHERE sys_groupid = ? and (type = 'subdomain' OR type = 'vhostsubdomain')", $client_group_id);


                    if($tmp["number"] >= $client["limit_web_subdomain"]) {


                        $app->error($app->tform->wordbook["limit_web_subdomain_txt"]);


                    }


@@ -980,8 +986,8 @@


        $web_config = $app->getconf->get_server_config($app->functions->intval(isset($this->dataRecord["server_id"]) ? $this->dataRecord["server_id"] : $server_id), 'web');


        //* Check for duplicate ssl certs per IP if SNI is disabled


        if(isset($this->dataRecord['ssl']) && $this->dataRecord['ssl'] == 'y' && $web_config['enable_sni'] != 'y') {


            $sql = "SELECT count(domain_id) as number FROM web_domain WHERE `ssl` = 'y' AND ip_address = '".$app->db->quote($this->dataRecord['ip_address'])."' and domain_id != ".$this->id;


            $tmp = $app->db->queryOneRecord($sql);


            $sql = "SELECT count(domain_id) as number FROM web_domain WHERE `ssl` = 'y' AND ip_address = ? and domain_id != ?";


            $tmp = $app->db->queryOneRecord($sql, $this->dataRecord['ip_address'], $this->id);


            if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng("error_no_sni_txt");


        }




@@ -1096,11 +1102,11 @@


        // also make sure that the user can not delete domain created by a admin


        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id);


            $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);


        }


        if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {


            $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);


            $app->db->query("UPDATE web_domain SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$this->id);


            $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $client_group_id, $this->id);


        }




        // Get configuration for the web system


@@ -1118,47 +1124,48 @@


            // get the ID of the client


            if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {


                $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


                $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = $client_group_id");


                $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $client_group_id);


                $client_id = $app->functions->intval($client["client_id"]);


            } else {


                //$client_id = $app->functions->intval($this->dataRecord["client_group_id"]);


                $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".$app->functions->intval($this->dataRecord["client_group_id"]));


                $client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $this->dataRecord["client_group_id"]);


                $client_id = $app->functions->intval($client["client_id"]);


            }




            // Set the values for document_root, system_user and system_group


            $system_user = $app->db->quote('web'.$this->id);


            $system_group = $app->db->quote('client'.$client_id);


            $system_user = 'web'.$this->id;


            $system_group = 'client'.$client_id;


            $document_root = str_replace("[client_id]", $client_id, $document_root);


            $document_root = str_replace("[client_idhash_1]", $this->id_hash($client_id, 1), $document_root);


            $document_root = str_replace("[client_idhash_2]", $this->id_hash($client_id, 2), $document_root);


            $document_root = str_replace("[client_idhash_3]", $this->id_hash($client_id, 3), $document_root);


            $document_root = str_replace("[client_idhash_4]", $this->id_hash($client_id, 4), $document_root);


            $document_root = $app->db->quote($document_root);


            $document_root = $document_root;


            $php_open_basedir = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]);


            $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir));


            $htaccess_allow_override = $app->db->quote($web_config["htaccess_allow_override"]);


            $php_open_basedir = str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir);


            $htaccess_allow_override = $web_config["htaccess_allow_override"];


            $added_date = date($app->lng('conf_format_dateshort'));


            $added_by = $app->db->quote($_SESSION['s']['user']['username']);


            $added_by = $_SESSION['s']['user']['username'];




            $sql = "UPDATE web_domain SET system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir', added_date = '$added_date', added_by = '$added_by'  WHERE domain_id = ".$this->id;


            $sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ?, added_date = ?, added_by = ?  WHERE domain_id = ?";


            $app->db->query($sql, $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $added_date, $added_by, $this->id);


        } else  {


            // Set the values for document_root, system_user and system_group


            $system_user = $app->db->quote($this->parent_domain_record['system_user']);


            $system_group = $app->db->quote($this->parent_domain_record['system_group']);


            $document_root = $app->db->quote($this->parent_domain_record['document_root']);


            $system_user = $this->parent_domain_record['system_user'];


            $system_group = $this->parent_domain_record['system_group'];


            $document_root = $this->parent_domain_record['document_root'];


            $php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$web_rec['web_folder'], $web_config["php_open_basedir"]);


            $php_open_basedir = str_replace("[website_domain]/web", $web_rec['domain'].'/'.$web_rec['web_folder'], $php_open_basedir);


            $php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir);


            $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir));


            $htaccess_allow_override = $app->db->quote($this->parent_domain_record['allow_override']);


            $php_open_basedir = str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir);


            $htaccess_allow_override = $this->parent_domain_record['allow_override'];


            $added_date = date($app->lng('conf_format_dateshort'));


            $added_by = $app->db->quote($_SESSION['s']['user']['username']);




            $sql = "UPDATE web_domain SET sys_groupid = ".$app->functions->intval($this->parent_domain_record['sys_groupid']).",system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir', added_date = '$added_date', added_by = '$added_by' WHERE domain_id = ".$this->id;


            $added_by = $_SESSION['s']['user']['username'];


			


            $sql = "UPDATE web_domain SET sys_groupid = ?, system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ?, added_date = ?, added_by = ?  WHERE domain_id = ?";


            $app->db->query($sql, $this->parent_domain_record['sys_groupid'], $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $added_date, $added_by, $this->id);


        }




        $app->db->query($sql);


    }




    function onBeforeUpdate () {


@@ -1169,7 +1176,7 @@


            // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway


            if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {


                if (isset($this->dataRecord["server_id"])) {


                    $rec = $app->db->queryOneRecord("SELECT server_id from web_domain WHERE domain_id = ".$this->id);


                    $rec = $app->db->queryOneRecord("SELECT server_id from web_domain WHERE domain_id = ?", $this->id);


                    if($rec['server_id'] != $this->dataRecord["server_id"]) {


                        //* Add a error message and switch back to old server


                        $app->tform->errorMessage .= $app->lng('The Server can not be changed.');


@@ -1180,7 +1187,7 @@


                //* If the user is neither admin nor reseller


            } else {


                //* We do not allow users to change a domain which has been created by the admin


                $rec = $app->db->queryOneRecord("SELECT sys_perm_group, domain, ip_address, ipv6_address from web_domain WHERE domain_id = ".$this->id);


                $rec = $app->db->queryOneRecord("SELECT sys_perm_group, domain, ip_address, ipv6_address from web_domain WHERE domain_id = ?", $this->id);


                if(isset($this->dataRecord["domain"]) && $rec['domain'] != $this->dataRecord["domain"] && $app->tform->checkPerm($this->id, 'u')) {


                    //* Add a error message and switch back to old server


                    $app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');




 interface/web/sites/webdav_user_edit.php


@@ -102,7 +102,7 @@


        global $app, $conf;




        /* Get the record of the parent domain */


        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));


        $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);


        if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");




        /*


@@ -145,7 +145,7 @@


    function onAfterInsert() {


        global $app, $conf;




        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));


        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);


        $server_id = $app->functions->intval($web["server_id"]);




        // The webdav user shall be owned by the same group then the website


@@ -157,8 +157,8 @@


        $hash = md5($this->dataRecord["username"] . ':' . $this->dataRecord["dir"] . ':' . $this->dataRecord["password"]);


        $this->dataRecord["password"] = $hash;


        


        $sql = "UPDATE webdav_user SET server_id = ".$server_id.", sys_groupid = '".$sys_groupid."', password = '".$this->dataRecord["password"]."' WHERE webdav_user_id = ".$this->id;


        $app->db->query($sql);


        $sql = "UPDATE webdav_user SET server_id = ?, sys_groupid = ?, password = ? WHERE webdav_user_id = ?";


        $app->db->query($sql, $server_id, $sys_groupid, $this->dataRecord["password"], $this->id);


        


    }




@@ -169,7 +169,7 @@


         * we can not change the username and the dir, so get the "old" - data from the db


         * and set it


        */


        $data = $app->db->queryOneRecord("SELECT * FROM webdav_user WHERE webdav_user_id = ".$app->functions->intval($this->id));


        $data = $app->db->queryOneRecord("SELECT * FROM webdav_user WHERE webdav_user_id = ?", $this->id);


        $this->dataRecord["username"] = $data['username'];


        $this->dataRecord["dir"]      = $data['dir'];


        $this->dataRecord['username_prefix'] = $data['username_prefix'];


@@ -183,14 +183,14 @@




        //* When the site of the webdav user has been changed


        if(isset($this->dataRecord['parent_domain_id']) && $this->oldDataRecord['parent_domain_id'] != $this->dataRecord['parent_domain_id']) {


            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$app->functions->intval($this->dataRecord["parent_domain_id"]));


            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->dataRecord["parent_domain_id"]);


            $server_id = $app->functions->intval($web["server_id"]);




            // The webdav user shall be owned by the same group then the website


            $sys_groupid = $app->functions->intval($web['sys_groupid']);




            $sql = "UPDATE webdav_user SET server_id = $server_id, sys_groupid = '$sys_groupid' WHERE webdav_user_id = ".$this->id;


            $app->db->query($sql);


            $sql = "UPDATE webdav_user SET server_id = ?, sys_groupid = ? WHERE webdav_user_id = ?";


            $app->db->query($sql, $server_id, $sys_groupid, $this->id);


        }


        


        /*


@@ -200,7 +200,7 @@


        if ((isset($this->dataRecord["password"])) && ($this->dataRecord["password"] != '') && ($this->dataRecord["password"] != $this->dataRecord['passwordOld'])) {


            $hash = md5($this->dataRecord["username"] . ':' . $this->dataRecord["dir"] . ':' . $this->dataRecord["password"]);


            $this->dataRecord["password"] = $hash;


            $app->db->query("UPDATE webdav_user SET password = '".$this->dataRecord["password"]."' WHERE webdav_user_id = ".$this->id);


            $app->db->query("UPDATE webdav_user SET password = ? WHERE webdav_user_id = ?", $this->dataRecord["password"], $this->id);


        }


        


    }




 interface/web/themes/blue/css/styles.css


File was deleted




 interface/web/themes/blue/icons/x32_sprite.png

Binary files differ



 interface/web/themes/blue/images/ajax-loader.gif

Binary files differ



 interface/web/themes/blue/images/header_bg.png

Binary files differ



 interface/web/themes/blue/images/lists_tfoot_bg.png

Binary files differ



 interface/web/themes/blue/images/lists_thead_bg.png

Binary files differ



 interface/web/themes/blue/ispconfig_version


File was deleted




 interface/web/themes/blue/templates/main.tpl.htm


File was deleted




 interface/web/themes/default/assets/javascripts/ispconfig.js


@@ -464,7 +464,7 @@


        });


    },




    loadOptionInto: function(elementid,pagename) {


    loadOptionInto: function(elementid,pagename,callback) {


        var pageContentObject2 = $.ajax({


            type: "GET",


            url: pagename,


@@ -481,6 +481,9 @@


                    foo2.appendChild(document.createTextNode(elemente[i]));


                    foo2.value=elemente[i];


                    el.appendChild(foo2);


                }


                if (typeof(callback) != 'undefined') {


                    callback(elementid,pagename);


                }


            },


            error: function() {


@@ -635,7 +638,11 @@


        


        var dir = $self.attr('data-ordered');


        


        act = act + '?orderby=' + column;


        var separator = '?';


        if(act.indexOf("?") >= 0){


            separator = '&';


        }


        act = act + separator + 'orderby=' + column;


        ISPConfig.submitForm(form, act);


        


        $(document).ajaxComplete(function() {




 interface/web/themes/default/assets/stylesheets/ispconfig.css


@@ -65,7 +65,8 @@


  float: left;


  width: 200px;


  height: 65px;


  background: url("../images/logo.png") no-repeat; }


  margin-top:10px;


  /*background: url("../images/logo.png") no-repeat;*/ }


  #logo a {


    display: block;


    width: 100%;


@@ -474,6 +475,7 @@


span.flag-ee {background-position:0 -1387px}


span.flag-eg {background-position:0 -1409px}


span.flag-eh {background-position:0 -1431px}


/*span.flag-en {background-position:0 -1453px}*/


span.flag-er {background-position:0 -1475px}


span.flag-es {background-position:0 -1497px}


span.flag-et {background-position:0 -1519px}


@@ -484,7 +486,7 @@


span.flag-fo {background-position:0 -1673px}


span.flag-fr {background-position:0 -1695px}


span.flag-ga {background-position:0 -1717px}


span.flag-gb {background-position:0 -1739px}


span.flag-gb, span.flag-en {background-position:0 -1739px}


span.flag-gd {background-position:0 -1761px}


span.flag-ge {background-position:0 -1783px}


span.flag-gf {background-position:0 -1805px}




 interface/web/themes/default/assets/stylesheets/select2.css


@@ -442,7 +442,7 @@


}


.select2-results .select2-disabled {


  background: #f4f4f4;


  display: list-item;


  display: none;


  cursor: default;


}






 interface/web/themes/default/templates/error.tpl.htm


@@ -1,5 +1,5 @@


<div class='alert alert-danger clear'>


  <div class='alert-label'><strong>ERROR</strong></div>


  <div class='alert-label'><strong><tmpl_var name="error_txt"></strong></div>


  <div class='alert-content'>


    <ol>


        <li>###ERRORMSG###</li>




 interface/web/themes/default/templates/main.tpl.htm


@@ -33,7 +33,7 @@


            <!-- off canvas menu button -->


            <div class='menu-btn left'>&#9776;</div>


            <!-- logo -->


            <div id='logo'><a href='#'></a></div>


            <div id='logo' style="background: url({tmpl_var name="base64_logo_txt"}) no-repeat;width:{tmpl_var name="base64_logo_width"};height:{tmpl_var name="base64_logo_height"}"><a href='#'></a></div>


          </div>


          <div id='headerbar' class='clear'>


            <!-- logout button -->




 interface/web/themes/default/templates/sidenav.tpl.htm


@@ -9,13 +9,13 @@


            <tmpl_else>


                <a href="#" data-load-content="<tmpl_var name='link'>">


            </tmpl_if>


        <tmpl_else>


            <a href="#">


        </tmpl_if>


          <div>


            <strong><tmpl_var name="title"></strong>


          </div>


        <tmpl_if name="link">


        </a>


        </tmpl_if>


      </li>


      </tmpl_loop>


    </ul>




 interface/web/themes/default/templates/tabbed_form.tpl.htm


@@ -10,7 +10,7 @@


    </tmpl_if>


    <tmpl_if name="error">


        <div class='alert alert-danger clear'>


          <div class='alert-label'><strong>ERROR</strong></div>


          <div class='alert-label'><strong><tmpl_var name="error_txt"></strong></div>


          <div class='alert-content'>


            <ol><tmpl_var name="error"></ol>


            <div>TODO: IP address is empty.</div>




 interface/web/themes/default_64_navimg/css/additional.css


File was deleted




 interface/web/themes/default_64_navimg/icons/x16/arrow.png

Binary files differ



 interface/web/themes/default_64_navimg/icons/x16/arrow_180.png

Binary files differ



 interface/web/themes/default_64_navimg/icons/x16/arrow_stop.png

Binary files differ



 interface/web/themes/default_64_navimg/icons/x16/arrow_stop_180.png

Binary files differ



 interface/web/themes/default_64_navimg/ispconfig_version


File was deleted




 interface/web/themes/default_64_navimg/templates/main.tpl.htm


File was deleted




 interface/web/themes/default_combobox/css/additional.css


File was deleted




 interface/web/themes/default_combobox/icons/x16/arrow.png

Binary files differ



 interface/web/themes/default_combobox/icons/x16/arrow_180.png

Binary files differ



 interface/web/themes/default_combobox/icons/x16/arrow_stop.png

Binary files differ



 interface/web/themes/default_combobox/icons/x16/arrow_stop_180.png

Binary files differ



 interface/web/themes/default_combobox/images/ui-image.png

Binary files differ



 interface/web/themes/default_combobox/ispconfig_version


File was deleted




 interface/web/themes/default_combobox/templates/main.tpl.htm


File was deleted




 interface/web/themes/default_no_navimg/css/additional.css


File was deleted




 interface/web/themes/default_no_navimg/icons/x16/arrow.png

Binary files differ



 interface/web/themes/default_no_navimg/icons/x16/arrow_180.png

Binary files differ



 interface/web/themes/default_no_navimg/icons/x16/arrow_stop.png

Binary files differ



 interface/web/themes/default_no_navimg/icons/x16/arrow_stop_180.png

Binary files differ



 interface/web/themes/default_no_navimg/ispconfig_version


File was deleted




 interface/web/themes/default_no_navimg/templates/main.tpl.htm


File was deleted




 interface/web/tools/dns_import_tupa.php


@@ -86,44 +86,74 @@


        $domains = $exdb->queryAllRecords("SELECT * FROM domains WHERE type = 'MASTER'");


        if(is_array($domains)) {


            foreach($domains as $domain) {


                $soa = $exdb->queryOneRecord("SELECT * FROM records WHERE type = 'SOA' AND domain_id = ".$domain['id']);


                $soa = $exdb->queryOneRecord("SELECT * FROM records WHERE type = 'SOA' AND domain_id = ?", $domain['id']);


                if(is_array($soa)) {


                    $parts = explode(' ', $soa['content']);


                    $origin = $app->db->quote(addot($soa['name']));


                    $ns = $app->db->quote(addot($parts[0]));


                    $mbox = $app->db->quote(addot($parts[1]));


                    $serial = $app->db->quote($parts[2]);


                    $origin = addot($soa['name']);


                    $ns = addot($parts[0]);


                    $mbox = addot($parts[1]);


                    $serial = $parts[2];


                    $refresh = 7200;


                    $retry =  540;


                    $expire = 604800;


                    $minimum = 86400;


                    $ttl = $app->db->quote($soa['ttl']);


                    $minimum = 3600;


                    $ttl = $soa['ttl'];




                    $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`) VALUES


                    ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '')";


                    $insert_data = array(


                        "sys_userid" => $sys_userid,


                        "sys_groupid" => $sys_groupid,


                        "sys_perm_user" => 'riud',


                        "sys_perm_group" => 'riud',


                        "sys_perm_other" => '',


                        "server_id" => $server_id,


                        "origin" => $origin,


                        "ns" => $ns,


                        "mbox" => $mbox,


                        "serial" => $serial,


                        "refresh" => $refresh,


                        "retry" => $retry,


                        "expire" => $expire,


                        "minimum" => $minimum,


                        "ttl" => $ttl,


                        "active" => 'Y',


                        "xfer" => ''


                    );


                    $dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');


                    unset($parts);


                    $msg .= 'Import Zone: '.$soa['name'].'<br />';




                    //* Process the other records


                    $records = $exdb->queryAllRecords("SELECT * FROM records WHERE type != 'SOA' AND domain_id = ".$domain['id']);


                    $records = $exdb->queryAllRecords("SELECT * FROM records WHERE type != 'SOA' AND domain_id = ?", $domain['id']);


                    if(is_array($records)) {


                        foreach($records as $rec) {


                            $rr = array();




                            $rr['name'] = $app->db->quote(addot($rec['name']));


                            $rr['type'] = $app->db->quote($rec['type']);


                            $rr['aux'] = $app->db->quote($rec['prio']);


                            $rr['ttl'] = $app->db->quote($rec['ttl']);


                            $rr['name'] = addot($rec['name']);


                            $rr['type'] = $rec['type'];


                            $rr['aux'] = $rec['prio'];


                            $rr['ttl'] = $rec['ttl'];




                            if($rec['type'] == 'NS' || $rec['type'] == 'MX' || $rec['type'] == 'CNAME') {


                                $rr['data'] = $app->db->quote(addot($rec['content']));


                                $rr['data'] = addot($rec['content']);


                            } else {


                                $rr['data'] = $app->db->quote($rec['content']);


                                $rr['data'] = $rec['content'];


                            }




                            $insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES


                            ('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')";


                            $insert_data = array(


                                "sys_userid" => $sys_userid,


                                "sys_groupid" => $sys_groupid,


                                "sys_perm_user" => 'riud',


                                "sys_perm_group" => 'riud',


                                "sys_perm_other" => '',


                                "server_id" => $server_id,


                                "zone" => $dns_soa_id,


                                "name" => $rr['name'],


                                "type" => $rr['type'],


                                "data" => $rr['data'],


                                "aux" => $rr['aux'],


                                "ttl" => $rr['ttl'],


                                "active" => 'Y'


                            );


                            $dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');


                            //$msg .= $insert_data.'<br />';






 interface/web/tools/form/interface_settings.tform.php


@@ -96,7 +96,7 @@


        }


    }


} else {


    $tmp = $app->db->queryOneRecord("SELECT * FROM sys_user where username = '".$_SESSION["s"]["user"]['username']."'");


    $tmp = $app->db->queryOneRecord("SELECT * FROM sys_user where username = ?", $_SESSION["s"]["user"]['username']);


    $modules = $tmp['modules'];


    //$modules = $conf['interface_modules_enabled'];


    if($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {




 interface/web/tools/import_ispconfig.php


@@ -143,7 +143,7 @@




    //* Get the user and groupid for the new records


    $sys_groupid = $app->functions->intval($_POST['client_group_id']);


    $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = $sys_groupid");


    $tmp = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE default_group = ?", $sys_groupid);


    $sys_userid = $app->functions->intval($tmp['userid']);


    unset($tmp);


    if($sys_groupid == 0) $error .= 'Inavlid groupid<br />';


@@ -159,7 +159,7 @@


    $mail_domain_rec = $client->mail_domain_get($remote_session_id, array('domain' => $mail_domain));


    if(is_array($mail_domain_rec)) {


        $mail_domain_rec = $mail_domain_rec[0];


        $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE domain = '".$app->db->quote($mail_domain)."'");


        $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE domain = ?", $mail_domain);


        if($tmp['number'] > 0) $error .= 'Domain '.$mail_domain.' exists already in local database.<br />';


        unset($tmp);




@@ -182,7 +182,7 @@


            $mail_users = $client->mail_user_get($remote_session_id, array('email' => '%@'.$mail_domain));


            if(is_array($mail_users)) {


                foreach($mail_users as $mail_user) {


                    $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE email = '".$app->db->quote($mail_user['email'])."'");


                    $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE email = ?", $mail_user['email']);


                    if($tmp['number'] == 0) {




                        //* Prepare record


@@ -229,7 +229,7 @@


            $mail_aliases = $client->mail_alias_get($remote_session_id, array('type' => 'alias', 'destination' => '%@'.$mail_domain));


            if(is_array($mail_aliases)) {


                foreach($mail_aliases as $mail_alias) {


                    $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'alias' AND source = '".$app->db->quote($mail_alias['source'])."' AND destination = '".$app->db->quote($mail_alias['destination'])."'");


                    $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'alias' AND source = ? AND destination = ?", $mail_alias['source'], $mail_alias['destination']);


                    if($tmp['number'] == 0) {


                        $mail_alias['sys_userid'] = $sys_userid;


                        $mail_alias['sys_groupid'] = $sys_groupid;


@@ -250,7 +250,7 @@


            $mail_aliases = $client->mail_alias_get($remote_session_id, array('type' => 'aliasdomain', 'destination' => '@'.$mail_domain));


            if(is_array($mail_aliases)) {


                foreach($mail_aliases as $mail_alias) {


                    $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'aliasdomain' AND source = '".$app->db->quote($mail_alias['source'])."' AND destination = '".$app->db->quote($mail_alias['destination'])."'");


                    $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'aliasdomain' AND source = ? AND destination = ?", $mail_alias['source'], $mail_alias['destination']);


                    if($tmp['number'] == 0) {


                        $mail_alias['sys_userid'] = $sys_userid;


                        $mail_alias['sys_groupid'] = $sys_groupid;


@@ -271,7 +271,7 @@


            $mail_forwards = $client->mail_forward_get($remote_session_id, array('type' => 'forward', 'source' => '%@'.$mail_domain));


            if(is_array($mail_forwards)) {


                foreach($mail_forwards as $mail_forward) {


                    $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'forward' AND source = '".$app->db->quote($mail_forward['source'])."' AND destination = '".$app->db->quote($mail_forward['destination'])."'");


                    $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE `type` = 'forward' AND source = ? AND destination = ?", $mail_forward['source'], $mail_forward['destination']);


                    if($tmp['number'] == 0) {


                        $mail_forward['sys_userid'] = $sys_userid;


                        $mail_forward['sys_groupid'] = $sys_groupid;


@@ -292,7 +292,7 @@


            $mail_spamfilters = $client->mail_spamfilter_user_get($remote_session_id, array('email' => '%@'.$mail_domain));


            if(is_array($mail_spamfilters)) {


                foreach($mail_spamfilters as $mail_spamfilter) {


                    $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_users WHERE email = '".$app->db->quote($mail_spamfilter['email'])."'");


                    $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM spamfilter_users WHERE email = ?", $mail_spamfilter['email']);


                    if($tmp['number'] == 0) {


                        $mail_spamfilter['sys_userid'] = $sys_userid;


                        $mail_spamfilter['sys_groupid'] = $sys_groupid;




 interface/web/tools/import_plesk.php


File was deleted




 interface/web/tools/import_vpopmail.php


@@ -68,7 +68,7 @@


        $msg .= 'Databse connection succeeded<br />';




        $local_server_id = intval($_POST['local_server_id']);


        $tmp = $app->db->queryOneRecord("SELECT mail_server FROM server WHERE server_id = $local_server_id");


        $tmp = $app->db->queryOneRecord("SELECT mail_server FROM server WHERE server_id = ?", $local_server_id);




        if($tmp['mail_server'] == 1) {


            start_import();


@@ -106,41 +106,41 @@


        foreach($records as $rec) {


            $pw_domain = $rec['pw_domain'];


            //* Check if we have a client with that username already


            $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE username = '$pw_domain'");


            $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE username = ?", $pw_domain);


            if($tmp['number'] == 0) {


                $pw_crypt_password = $app->auth->crypt_password($rec['pw_clear_passwd']);


                $country = 'FI';




                //* add client


                $sql = "INSERT INTO `client` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `company_name`, `company_id`, `contact_name`, `customer_no`, `vat_id`, `street`, `zip`, `city`, `state`, `country`, `telephone`, `mobile`, `fax`, `email`, `internet`, `icq`, `notes`, `bank_account_owner`, `bank_account_number`, `bank_code`, `bank_name`, `bank_account_iban`, `bank_account_swift`, `default_mailserver`, `limit_maildomain`, `limit_mailbox`, `limit_mailalias`, `limit_mailaliasdomain`, `limit_mailforward`, `limit_mailcatchall`, `limit_mailrouting`, `limit_mailfilter`, `limit_fetchmail`, `limit_mailquota`, `limit_spamfilter_wblist`, `limit_spamfilter_user`, `limit_spamfilter_policy`, `default_webserver`, `limit_web_ip`, `limit_web_domain`, `limit_web_quota`, `web_php_options`, `limit_cgi`, `limit_ssi`, `limit_perl`, `limit_ruby`, `limit_python`, `force_suexec`, `limit_hterror`, `limit_wildcard`, `limit_ssl`, `limit_web_subdomain`, `limit_web_aliasdomain`, `limit_ftp_user`, `limit_shell_user`, `ssh_chroot`, `limit_webdav_user`, `limit_aps`, `default_dnsserver`, `limit_dns_zone`, `limit_dns_slave_zone`, `limit_dns_record`, `default_dbserver`, `limit_database`, `limit_cron`, `limit_cron_type`, `limit_cron_frequency`, `limit_traffic_quota`, `limit_client`, `limit_mailmailinglist`, `limit_openvz_vm`, `limit_openvz_vm_template_id`, `parent_client_id`, `username`, `password`, `language`, `usertheme`, `template_master`, `template_additional`, `created_at`, `id_rsa`, `ssh_rsa`)


                VALUES(1, 1, 'riud', 'riud', '', '', '', '$pw_domain', '', '', '', '', '', '', '$country', '', '', '', '', 'http://', '', '', '', '', '', '', '', '', 1, -1, -1, -1, -1, -1, -1, 0, -1, -1, -1, 0, 0, 0, 1, NULL, -1, -1, 'no,fast-cgi,cgi,mod,suphp', 'n', 'n', 'n', 'n', 'n', 'y', 'n', 'n', 'n', -1, -1, -1, 0, 'no,jailkit', 0, 0, 1, -1, -1, -1, 1, -1, 0, 'url', 5, -1, 0, -1, 0, 0, 0, '$pw_domain', '$pw_crypt_password', '".$conf['language']."', 'default', 0, '', NOW(), '', '')";


                $app->db->query($sql);


                VALUES(1, 1, 'riud', 'riud', '', '', '', ?, '', '', '', '', '', '', ?, '', '', '', '', 'http://', '', '', '', '', '', '', '', '', 1, -1, -1, -1, -1, -1, -1, 0, -1, -1, -1, 0, 0, 0, 1, NULL, -1, -1, 'no,fast-cgi,cgi,mod,suphp', 'n', 'n', 'n', 'n', 'n', 'y', 'n', 'n', 'n', -1, -1, -1, 0, 'no,jailkit', 0, 0, 1, -1, -1, -1, 1, -1, 0, 'url', 5, -1, 0, -1, 0, 0, 0, ?, ?, ?, 'default', 0, '', NOW(), '', '')";


                $app->db->query($sql, $pw_domain,$country, $pw_domain, $pw_crypt_password, $conf['language']);


                $client_id = $app->db->insertID();




                //* add sys_group


                $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".$app->db->quote($pw_domain)."','',".$client_id.")", 'groupid');


                $groupid = $app->db->datalogInsert('sys_group', array("name" => $pw_domain, "description" => '', "client_id" => $client_id), 'groupid');


                $groups = $groupid;




                $username = $app->db->quote($pw_domain);


                $username = $pw_domain;


                $password = $pw_crypt_password;


                $modules = $conf['interface_modules_enabled'];


                $startmodule = 'dashboard';


                $usertheme = $app->db->quote('default');


                $usertheme = 'default';


                $type = 'user';


                $active = 1;


                $language = $app->db->quote($conf["language"]);


                $language = $conf["language"];


                //$password = $app->auth->crypt_password($password);




                // Create the controlpaneluser for the client


                //Generate ssh-rsa-keys


                exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');


                $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa.pub'))."' WHERE client_id = ".$client_id);


                $app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $client_id);


                exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');




                // Create the controlpaneluser for the client


                $sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)


                VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$client_id.")";


                $app->db->query($sql);


                VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";


                $app->db->query($sql, $username,$password,$modules,$startmodule,$usertheme,$type,$active,$language,$groups,$groupid,$client_id);




                //* Set the default servers


                $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE mail_server = 1 AND mirror_server_id = 0 LIMIT 0,1');


@@ -152,8 +152,8 @@


                $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE db_server = 1 AND mirror_server_id = 0 LIMIT 0,1');


                $default_dbserver = $app->functions->intval($tmp['server_id']);




                $sql = "UPDATE client SET default_mailserver = $default_mailserver, default_webserver = $default_webserver, default_dnsserver = $default_dnsserver, default_dbserver = $default_dbserver WHERE client_id = ".$client_id;


                $app->db->query($sql);


                $sql = "UPDATE client SET default_mailserver = ?, default_webserver = ?, default_dnsserver = ?, default_dbserver = ? WHERE client_id = ?";


                $app->db->query($sql, $default_mailserver, $default_webserver, $default_dnsserver, $default_dbserver, $client_id);




                $msg .= "Added Client $username.<br />";


            } else {


@@ -169,14 +169,22 @@


            $domain = $rec['pw_domain'];




            //* Check if domain exists already


            $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE domain = '$domain'");


            $tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE domain = ?", $domain);


            if($tmp['number'] == 0) {


                $user_rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = '$domain'");


                $user_rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $domain);


                $sys_userid = ($user_rec['userid'] > 0)?$user_rec['userid']:1;


                $sys_groupid = ($user_rec['default_group'] > 0)?$user_rec['default_group']:1;




                $sql = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `domain`, `active`)


                VALUES(".$sys_userid.", ".$sys_groupid.", 'riud', 'riud', '', $local_server_id, '$domain', 'y')";


                $sql = array(


                    "sys_userid" => $sys_userid,


                    "sys_groupid" => $sys_groupid,


                    "sys_perm_user" => 'riud',


                    "sys_perm_group" => 'riud',


                    "sys_perm_other" => '',


                    "server_id" => $local_server_id,


                    "domain" => $domain,


                    "active" => 'y'


                );


                $app->db->datalogInsert('mail_domain', $sql, 'domain_id');


                $msg .= "Imported domain $domain <br />";


            } else {


@@ -193,20 +201,52 @@


            $email = $rec['pw_name'].'@'.$rec['pw_domain'];




            //* Check for duplicate mailboxes


            $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE email = '".$app->db->quote($email)."'");


            $tmp = $app->db->queryOneRecord("SELECT count(mailuser_id) as number FROM mail_user WHERE email = ?", $email);




            if($tmp['number'] == 0) {




                //* get the mail domain for the mailbox


                $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = '$domain'");


                $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = ?", $domain);




                if(is_array($domain_rec)) {


                    $pw_crypt_password = $app->auth->crypt_password($rec['pw_clear_passwd']);


                    $maildir_path = "/var/vmail/".$rec['pw_domain']."/".$rec['pw_name'];




                    //* Insert the mailbox


                    $sql = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `email`, `login`, `password`, `name`, `uid`, `gid`, `maildir`, `quota`, `cc`, `homedir`, `autoresponder`, `autoresponder_start_date`, `autoresponder_end_date`, `autoresponder_subject`, `autoresponder_text`, `move_junk`, `custom_mailfilter`, `postfix`, `access`, `disableimap`, `disablepop3`, `disabledeliver`, `disablesmtp`, `disablesieve`, `disablelda`, `disabledoveadm`)


                    VALUES(".$domain_rec['sys_userid'].", ".$domain_rec['sys_groupid'].", 'riud', 'riud', '', $local_server_id, '$email', '$email', '$pw_crypt_password', '$email', 5000, 5000, '$maildir_path', 0, '', '/var/vmail', 'n', '0000-00-00 00:00:00', '0000-00-00 00:00:00', 'Out of office reply', '', 'n', '', 'y', 'n', 'n', 'n', 'n', 'n', 'n', 'n', 'n')";


                    $sql = array(


                        "sys_userid" => $domain_rec['sys_userid'],


                        "sys_groupid" => $domain_rec['sys_groupid'],


                        "sys_perm_user" => 'riud',


                        "sys_perm_group" => 'riud',


                        "sys_perm_other" => '',


                        "server_id" => $local_server_id,


                        "email" => $email,


                        "login" => $email,


                        "password" => $pw_crypt_password,


                        "name" => $email,


                        "uid" => 5000,


                        "gid" => 5000,


                        "maildir" => $maildir_path,


                        "quota" => 0,


                        "cc" => '',


                        "homedir" => '/var/vmail',


                        "autoresponder" => 'n',


                        "autoresponder_start_date" => '0000-00-00 00:00:00',


                        "autoresponder_end_date" => '0000-00-00 00:00:00',


                        "autoresponder_subject" => 'Out of office reply',


                        "autoresponder_text" => '',


                        "move_junk" => 'n',


                        "custom_mailfilter" => '',


                        "postfix" => 'y',


                        "access" => 'n',


                        "disableimap" => 'n',


                        "disablepop3" => 'n',


                        "disabledeliver" => 'n',


                        "disablesmtp" => 'n',


                        "disablesieve" => 'n',


                        "disablelda" => 'n',


                        "disabledoveadm" => 'n'


                    );


                    $app->db->datalogInsert('mail_user', $sql, 'mailuser_id');


                    $msg .= "Imported mailbox $email <br />";


                }


@@ -242,16 +282,26 @@


            }




            //* Check for duplicate forwards


            $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE source = '".$app->db->quote($email)."' AND destination = '".$app->db->quote($target)."'");


            $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE source = ? AND destination = ?", $email, $target);




            if($tmp['number'] == 0 && $target != '') {




                //* get the mail domain


                $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = '".$rec['domain']."'");


                $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = ?", $rec['domain']);




                if(is_array($domain_rec)) {


                    $sql = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `source`, `destination`, `type`, `active`)


                    VALUES(".$domain_rec['sys_userid'].", ".$domain_rec['sys_groupid'].", 'riud', 'riud', '', $local_server_id, '".$app->db->quote($email)."', '".$app->db->quote($target)."', 'forward', 'y')";


                    $sql = array(


                        "sys_userid" => $domain_rec['sys_userid'],


                        "sys_groupid" => $domain_rec['sys_groupid'],


                        "sys_perm_user" => 'riud',


                        "sys_perm_group" => 'riud',


                        "sys_perm_other" => '',


                        "server_id" => $local_server_id,


                        "source" => $email,


                        "destination" => $target,


                        "type" => 'forward',


                        "active" => 'y' 


                    );


                    $app->db->datalogInsert('mail_forwarding', $sql, 'forwarding_id');


                }


                $msg .= "Imported alias $email.<br />";




 interface/web/tools/lib/module.conf.php


@@ -7,6 +7,7 @@


$module['template']  = 'module.tpl.htm';


$module['startpage']  = 'tools/index.php';


$module['tab_width']    = '60';


$module['order']    = '80';






//**** Change User password




 interface/web/tools/resync.php


@@ -182,8 +182,8 @@


        //* firewall


        $array_out = array();


        foreach($server_data as $db_table => $data) {


            $sql = @(isset($data['server_id']))?"SELECT * FROM $db_table WHERE server_id = $server_id":"SELECT * FROM $db_table";;


            $records = $app->db->queryAllRecords($sql);


            $sql = @(isset($data['server_id']))?"SELECT * FROM ?? WHERE server_id = ?":"SELECT * FROM ??";


            $records = $app->db->queryAllRecords($sql, $db_table, $server_id);


            if (!empty($records)) array_push($array_out, $db_table);


        }




@@ -377,7 +377,7 @@




        $server_name = array();


        if ( $server_id == 0 ) { //* resync multiple server


            $temp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE ".$server_type."_server = 1 AND active = 1 AND mirror_server_id = 0");


            $temp = $app->db->queryAllRecords("SELECT server_id, server_name FROM server WHERE ?? = 1 AND active = 1 AND mirror_server_id = 0", $server_type."_server");


            foreach ($temp as $server) {


                $temp_id .= $server['server_id'].',';


                $server_name[$server['server_id']] = $server['server_name'];


@@ -389,11 +389,11 @@


        unset($temp);




        if ( isset($temp_id) ) $server_id = rtrim($temp_id,',');


        $sql = "SELECT * FROM $db_table";


        $sql = "SELECT * FROM ??";


        if ($db_table != "mail_user_filter") $sql .= " WHERE server_id IN (".$server_id.") ";


        $sql .= $opt;


        if ($active) $sql .= " AND active = 'y'"; 


        $records = $app->db->queryAllRecords($sql);


        $records = $app->db->queryAllRecords($sql, $db_table);




        return array($records, $server_name);


    }            


@@ -511,13 +511,13 @@


                    if(!empty($rr_records)) {


                        foreach($rr_records as $rec) {


                            $new_serial = $app->validate_dns->increase_serial($rec['serial']);


                            $app->db->datalogUpdate('dns_rr', "serial = '".$new_serial."'", 'id', $rec['id']);


                            $app->db->datalogUpdate('dns_rr', array("serial" => $new_serial), 'id', $rec['id']);


                        }


                    } else { 


                        $msg .= $app->tform->wordbook['no_results_txt'].'<br>';


                    }


                    $new_serial = $app->validate_dns->increase_serial($soa_rec['serial']);


                    $app->db->datalogUpdate('dns_soa', "serial = '".$new_serial."'", 'id', $soa_rec['id']);


                    $app->db->datalogUpdate('dns_soa', array("serial" => $new_serial), 'id', $soa_rec['id']);


                    $msg .= '['.$server_name[$soa_rec['server_id']].'] '.$soa_rec['origin'].' ('.count($rr_records).')<br>';


                }


            else $msg .= $app->tform->wordbook['no_results_txt'].'<br>'; 


@@ -529,7 +529,7 @@


        if($this->dataRecord['resync_client'] == 1) {


            $db_table = 'client';


            $index_field = 'client_id';


            $records = $app->db->queryAllRecords("SELECT * FROM ".$db_table);


            $records = $app->db->queryAllRecords("SELECT * FROM ??", $db_table);


            $msg .= '<b>'.$app->tform->wordbook['do_clients_txt'].'</b><br>';


            if(!empty($records)) {


                $tform_def_file = '../client/form/client.tform.php';




 interface/web/tools/templates/dns_import_tupa.htm


@@ -25,7 +25,7 @@


            <div id="OKMsg"><p><tmpl_var name="msg"></p></div>


        </tmpl_if>


        <tmpl_if name="error">


            <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>


            <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>


        </tmpl_if>




        <input type="hidden" name="id" value="{tmpl_var name='id'}">




 interface/web/tools/templates/import_ispconfig.htm


@@ -70,7 +70,7 @@


        <div id="OKMsg"><p><tmpl_var name="msg"></p></div>


    </tmpl_if>


    <tmpl_if name="error">


        <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>


        <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>


    </tmpl_if>


    


    <input type="hidden" name="remote_session_id" value="{tmpl_var name='remote_session_id'}">




 interface/web/tools/templates/import_plesk.htm


@@ -42,7 +42,7 @@


            <div id="OKMsg"><p><tmpl_var name="msg"></p></div>


        </tmpl_if>


        <tmpl_if name="error">


            <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>


            <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>


        </tmpl_if>




        <input type="hidden" name="id" value="{tmpl_var name='id'}">




 interface/web/tools/templates/import_vpopmail.htm


@@ -34,7 +34,7 @@


        <div id="OKMsg"><p><tmpl_var name="msg"></p></div>


    </tmpl_if>


    <tmpl_if name="error">


        <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>


        <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>


    </tmpl_if>


    


    <input type="hidden" name="remote_session_id" value="{tmpl_var name='remote_session_id'}">




 interface/web/tools/user_settings.php


@@ -102,7 +102,7 @@


        global $app;


        


        if($_POST['passwort'] != '') {


            $tmp_user = $app->db->queryOneRecord("SELECT passwort FROM sys_user WHERE userid = '".$app->functions->intval($_SESSION['s']['user']['userid'])."'");


            $tmp_user = $app->db->queryOneRecord("SELECT passwort FROM sys_user WHERE userid = ?", $_SESSION['s']['user']['userid']);


            $_SESSION['s']['user']['passwort'] = $tmp_user['passwort'];


            unset($tmp_user);


        }




 interface/web/vm/ajax_get_ip.php


@@ -38,8 +38,8 @@




if($_SESSION["s"]["user"]["typ"] == 'admin' or $app->auth->has_clients($_SESSION['s']['user']['userid'])) {




    $sql = "SELECT ip_address FROM openvz_ip WHERE reserved = 'n' AND server_id = $server_id";


    $ips = $app->db->queryAllRecords($sql);


    $sql = "SELECT ip_address FROM openvz_ip WHERE reserved = 'n' AND server_id = ?";


    $ips = $app->db->queryAllRecords($sql, $server_id);


    $ip_select = "";


    if(is_array($ips)) {


        foreach( $ips as $ip) {




 interface/web/vm/lib/module.conf.php


@@ -5,6 +5,7 @@


$module['template']  = 'module.tpl.htm';


$module['startpage']  = 'vm/openvz_vm_list.php';


$module['tab_width']    = '';


$module['order'] = '50';




//**** Templates menu


$items = array();




 interface/web/vm/openvz_action.php


@@ -17,7 +17,7 @@




if($vm_id == 0) die('Invalid VM ID');




$vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = $vm_id");


$vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = ?", $vm_id);


$veid = $app->functions->intval($vm['veid']);


$server_id = $app->functions->intval($vm['server_id']);




@@ -47,15 +47,8 @@




    //* Start the virtual machine


    $sql =  "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .


        "VALUES (".


        (int)$server_id . ", ".


        time() . ", ".


        "'openvz_start_vm', ".


        $veid.", ".


        "'pending', ".


        "''".


        ")";


    $app->db->query($sql);


        "VALUES (?, UNIX_TIMESTAMP(), 'openvz_start_vm', ?, 'pending', '')";


    $app->db->query($sql, $server_id, $veid);




    $app->tpl->setVar('msg', $wb['start_exec_txt']);


    $options['start_option_enabled'] = 'checked="checked"';


@@ -64,15 +57,8 @@




    //* Stop the virtual machine


    $sql =  "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .


        "VALUES (".


        (int)$server_id . ", ".


        time() . ", ".


        "'openvz_stop_vm', ".


        $veid.", ".


        "'pending', ".


        "''".


        ")";


    $app->db->query($sql);


        "VALUES (?, UNIX_TIMESTAMP(), 'openvz_stop_vm', ?, 'pending', '')";


    $app->db->query($sql, $server_id, $veid);




    $app->tpl->setVar('msg', $wb['stop_exec_txt']);


    $options['stop_option_enabled'] = 'checked="checked"';


@@ -81,15 +67,8 @@




    //* Restart the virtual machine


    $sql =  "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .


        "VALUES (".


        (int)$server_id . ", ".


        time() . ", ".


        "'openvz_restart_vm', ".


        $veid.", ".


        "'pending', ".


        "''".


        ")";


    $app->db->query($sql);


        "VALUES (?, UNIX_TIMESTAMP(), 'openvz_restart_vm', ?, 'pending', '')";


    $app->db->query($sql, $server_id, $veid);




    $app->tpl->setVar('msg', $wb['restart_exec_txt']);


    $options['restart_option_enabled'] = 'checked="checked"';


@@ -104,30 +83,22 @@


    }




    //* Quote name


    $ostemplate_name = $app->db->quote($ostemplate_name);




    //* Check for duplicates


    $tmp = $app->db->queryOneRecord("SELECT count(ostemplate_id) as number FROM openvz_ostemplate WHERE template_file = '$ostemplate_name'");


    $tmp = $app->db->queryOneRecord("SELECT count(ostemplate_id) as number FROM openvz_ostemplate WHERE template_file = ?", $ostemplate_name);


    if($tmp['number'] > 0) $error_msg .= $wb['ostemplate_name_unique_error'].'<br />';


    unset($tmp);




    if($error_msg == '') {


        //* Create ostemplate action


        $sql =  "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .


            "VALUES (".


            (int)$server_id . ", ".


            time() . ", ".


            "'openvz_create_ostpl', ".


            "'".$veid.":".$ostemplate_name."', ".


            "'pending', ".


            "''".


            ")";


        $app->db->query($sql);


            "VALUES (?, UNIX_TIMESTAMP(), 'openvz_create_ostpl', ?, 'pending', '')";


        $app->db->query($sql, $server_id, $veid.":".$ostemplate_name);




        //* Create a record in the openvz_ostemplate table


        $sql = "INSERT INTO `openvz_ostemplate` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `template_name`, `template_file`, `server_id`, `allservers`, `active`, `description`)


        VALUES(1, 1, 'riud', 'riud', '', '$ostemplate_name', '$ostemplate_name', $server_id, 'n', 'y', '')";


        $app->db->query($sql);


        VALUES(1, 1, 'riud', 'riud', '', ?, ?, ?, 'n', 'y', '')";


        $app->db->query($sql, $ostemplate_name, $ostemplate_name, $server_id);




        $app->tpl->setVar('msg', $wb['ostemplate_exec_txt']);


        $options['ostemplate_option_enabled'] = 'checked="checked"';




 interface/web/vm/openvz_template_edit.php


@@ -54,10 +54,7 @@


    function onAfterInsert() {


        global $app, $conf;




        $guar_ram = $app->functions->intval($this->dataRecord['ram']*256);


        $burst_ram = $app->functions->intval($this->dataRecord['ram_burst']*256);


        $sql = "UPDATE openvz_template SET shmpages = '$guar_ram:$guar_ram',vmguarpages = '$guar_ram:$guar_ram', oomguarpages = '$guar_ram:$guar_ram',privvmpages = '$burst_ram:$burst_ram' WHERE template_id = $this->id";


        $app->db->query($sql);


        $this->onAfterUpdate();


    }




    function onAfterUpdate() {


@@ -65,8 +62,8 @@




        $guar_ram = $app->functions->intval($this->dataRecord['ram']*256);


        $burst_ram = $app->functions->intval($this->dataRecord['ram_burst']*256);


        $sql = "UPDATE openvz_template SET shmpages = '$guar_ram:$guar_ram',vmguarpages = '$guar_ram:$guar_ram', oomguarpages = '$guar_ram:$guar_ram',privvmpages = '$burst_ram:$burst_ram' WHERE template_id = $this->id";


        $app->db->query($sql);


        $sql = "UPDATE openvz_template SET shmpages = ?,vmguarpages = ?, oomguarpages = ?,privvmpages = ? WHERE template_id = ?";


        $app->db->query($sql, $guar_ram . ':' . $guar_ram, $guar_ram . ':' . $guar_ram, $guar_ram . ':' . $guar_ram, $burst_ram . ':' . $burst_ram, $this->id);


    }




}




 interface/web/vm/openvz_vm_edit.php


@@ -74,15 +74,15 @@




            //* Get the limits of the client


            $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);


            $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);




            //* Fill the template_id field


            if($client['limit_openvz_vm_template_id'] == 0) {


                $sql = 'SELECT template_id,template_name FROM openvz_template WHERE 1 ORDER BY template_name';


            } else {


                $sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = '.$app->functions->intval($client['limit_openvz_vm_template_id']).' ORDER BY template_name';


                $sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = ? ORDER BY template_name';


            }


            $records = $app->db->queryAllRecords($sql);


            $records = $app->db->queryAllRecords($sql, $client['limit_openvz_vm_template_id']);


            if(is_array($records)) {


                foreach( $records as $rec) {


                    $selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';


@@ -96,13 +96,13 @@




            //* Get the limits of the client


            $client_group_id = $_SESSION["s"]["user"]["default_group"];


            $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


            $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);






            //* Fill the client select field


            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY client.company_name, client.contact_name, sys_group.name";


            $records = $app->db->queryAllRecords($sql);


            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));


            $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";


            $records = $app->db->queryAllRecords($sql, $client['client_id']);


            $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);


            $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';


            //$tmp_data_record = $app->tform->getDataRecord($this->id);


            if(is_array($records)) {


@@ -117,9 +117,9 @@


            if($client['limit_openvz_vm_template_id'] == 0) {


                $sql = 'SELECT template_id,template_name FROM openvz_template WHERE 1 ORDER BY template_name';


            } else {


                $sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = '.$app->functions->intval($client['limit_openvz_vm_template_id']).' ORDER BY template_name';


                $sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = ? ORDER BY template_name';


            }


            $records = $app->db->queryAllRecords($sql);


            $records = $app->db->queryAllRecords($sql, $client['limit_openvz_vm_template_id']);


            if(is_array($records)) {


                foreach( $records as $rec) {


                    $selected = @($rec["template_id"] == $this->dataRecord["template_id"])?'SELECTED':'';


@@ -166,8 +166,8 @@


            $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE vserver_server = 1 AND mirror_server_id = 0 ORDER BY server_name LIMIT 0,1');


            $vm_server_id = $app->functions->intval($tmp['server_id']);


        }


        $sql = "SELECT ip_address FROM openvz_ip WHERE reserved = 'n' AND (vm_id = 0 or vm_id = '".$this->id."') AND server_id = ".$app->functions->intval($vm_server_id)." ORDER BY ip_address";


        $ips = $app->db->queryAllRecords($sql);


        $sql = "SELECT ip_address FROM openvz_ip WHERE reserved = 'n' AND (vm_id = 0 or vm_id = ?) AND server_id = ? ORDER BY ip_address";


        $ips = $app->db->queryAllRecords($sql, $this->id, $vm_server_id);


        $ip_select = "";


        if(is_array($ips)) {


            foreach( $ips as $ip) {




 interface/web/vm/templates/openvz_action.htm


@@ -10,7 +10,7 @@


                <div id="OKMsg"><p><tmpl_var name="msg"></p></div>


            </tmpl_if>


            <tmpl_if name="error">


                <div id="errorMsg"><h3>ERROR</h3><ol><tmpl_var name="error"></ol></div>


                <div id="errorMsg"><h3><tmpl_var name="error_txt"></h3><ol><tmpl_var name="error"></ol></div>


            </tmpl_if>


                


            <div class="form-group">




 interface/web/vm/templates/openvz_ip_list.htm


@@ -39,7 +39,7 @@


                            <td><a href="#" data-load-content="vm/openvz_ip_edit.php?id={tmpl_var name='id'}">{tmpl_var name="ip_address"}</a></td>


                            <td><a href="#" data-load-content="vm/openvz_ip_edit.php?id={tmpl_var name='id'}">{tmpl_var name="reserved"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_ip_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_ip_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/vm/templates/openvz_ostemplate_list.htm


@@ -42,7 +42,7 @@


                            <td><a href="#" data-load-content="vm/openvz_ostemplate_edit.php?id={tmpl_var name='id'}">{tmpl_var name="server_id"}</a></td>


                            <td><a href="#" data-load-content="vm/openvz_ostemplate_edit.php?id={tmpl_var name='id'}">{tmpl_var name="allservers"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_ostemplate_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_ostemplate_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/vm/templates/openvz_template_list.htm


@@ -33,7 +33,7 @@


                            <td><a href="#" data-load-content="vm/openvz_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="active"}</a></td>


                            <td><a href="#" data-load-content="vm/openvz_template_edit.php?id={tmpl_var name='id'}">{tmpl_var name="template_name"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_template_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 interface/web/vm/templates/openvz_vm_list.htm


@@ -48,8 +48,8 @@


                            <td><a href="#" data-load-content="vm/openvz_vm_edit.php?id={tmpl_var name='id'}">{tmpl_var name="hostname"}</a></td>


                            <td><a href="#" data-load-content="vm/openvz_vm_edit.php?id={tmpl_var name='id'}">{tmpl_var name="ip_address"}</a></td>


                            <td class="text-right">


                                <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="vm/openvz_action.php?id={tmpl_var name='id'}"><span class="icon icon-action"></span></button>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_vm_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></button>


                                <a class="btn btn-default formbutton-default formbutton-narrow" data-load-content="vm/openvz_action.php?id={tmpl_var name='id'}"><span class="icon icon-action"></span></a>


                                <a class="btn btn-default formbutton-danger formbutton-narrow" href="javascript: ISPConfig.confirm_action('vm/openvz_vm_del.php?id={tmpl_var name='id'}&phpsessid={tmpl_var name='phpsessid'}','{tmpl_var name='delete_confirmation'}');"><span class="icon icon-delete"></span></a>


                            </td>


                        </tr>


                    </tmpl_loop>




 remoting_client/examples/dns_a_add.php


@@ -23,7 +23,7 @@


        'type' => 'a',


        'data' => '192.168.1.88',


        'aux' => '0',


        'ttl' => '86400',


        'ttl' => '3600',


        'active' => 'y',


        'stamp' => 'CURRENT_TIMESTAMP',


        'serial' => '1',




 remoting_client/examples/dns_aaaa_add.php


@@ -23,7 +23,7 @@


        'type' => 'aaaa',


        'data' => '3ffe:b00:c18:3::a',


        'aux' => '0',


        'ttl' => '86400',


        'ttl' => '3600',


        'active' => 'y',


        'stamp' => 'CURRENT_TIMESTAMP',


        'serial' => '1',




 remoting_client/examples/dns_alias_add.php


@@ -23,7 +23,7 @@


        'type' => 'alias',


        'data' => 'hostmachine',


        'aux' => '0',


        'ttl' => '86400',


        'ttl' => '3600',


        'active' => 'y',


        'stamp' => 'CURRENT_TIMESTAMP',


        'serial' => '1',




 remoting_client/examples/dns_cname_add.php


@@ -23,7 +23,7 @@


        'type' => 'cname',


        'data' => 'hostmachine',


        'aux' => '0',


        'ttl' => '86400',


        'ttl' => '3600',


        'active' => 'y',


        'stamp' => 'CURRENT_TIMESTAMP',


        'serial' => '1',




 remoting_client/examples/dns_hinfo_add.php


@@ -23,7 +23,7 @@


        'type' => 'hinfo',


        'data' => '"Pentium Pro" Linux',


        'aux' => '0',


        'ttl' => '86400',


        'ttl' => '3600',


        'active' => 'y',


        'stamp' => 'CURRENT_TIMESTAMP',


        'serial' => '1',




 remoting_client/examples/dns_mx_add.php


@@ -23,7 +23,7 @@


        'type' => 'mx',


        'data' => 'mail',


        'aux' => '0',


        'ttl' => '86400',


        'ttl' => '3600',


        'active' => 'y',


        'stamp' => 'CURRENT_TIMESTAMP',


        'serial' => '1',




 remoting_client/examples/dns_ns_add.php


@@ -23,7 +23,7 @@


        'type' => 'ns',


        'data' => 'ns1',


        'aux' => '0',


        'ttl' => '86400',


        'ttl' => '3600',


        'active' => 'y',


        'stamp' => 'CURRENT_TIMESTAMP',


        'serial' => '1',




 remoting_client/examples/dns_ptr_add.php


@@ -23,7 +23,7 @@


        'type' => 'ptr',


        'data' => 'webmaster.test.int.',


        'aux' => '0',


        'ttl' => '86400',


        'ttl' => '3600',


        'active' => 'y',


        'stamp' => 'CURRENT_TIMESTAMP',


        'serial' => '1',




 remoting_client/examples/dns_rp_add.php


@@ -23,7 +23,7 @@


        'type' => 'rp',


        'data' => 'webmaster.test.int. contactinfo.test.int',


        'aux' => '0',


        'ttl' => '86400',


        'ttl' => '3600',


        'active' => 'y',


        'stamp' => 'CURRENT_TIMESTAMP',


        'serial' => '1',




 remoting_client/examples/dns_srv_add.php


@@ -23,7 +23,7 @@


        'type' => 'srv',


        'data' => '0 9 server.test.int.',


        'aux' => '0',


        'ttl' => '86400',


        'ttl' => '3600',


        'active' => 'y',


        'stamp' => 'CURRENT_TIMESTAMP',


        'serial' => '1',




 remoting_client/examples/dns_txt_add.php


@@ -23,7 +23,7 @@


        'type' => 'txt',


        'data' => 'any text can go here',


        'aux' => '0',


        'ttl' => '86400',


        'ttl' => '3600',


        'active' => 'y',


        'stamp' => 'CURRENT_TIMESTAMP',


        'serial' => '1',




 remoting_client/examples/dns_zone_add.php


@@ -25,8 +25,8 @@


        'refresh' => '28800',


        'retry' => '7200',


        'expire' => '604800',


        'minimum' => '86400',


        'ttl' => '86400',


        'minimum' => '3600',


        'ttl' => '3600',


        'active' => 'y',


        'xfer' => '',


        'also_notify' => '',




 server/conf/hhvm_monit.master


New file


@@ -0,0 +1,3 @@


check process hhvm_{SYSTEM_USER} with pidfile /var/run/hhvm/hhvm_{SYSTEM_USER}.pid



   start program = "/etc/init.d/hhvm_{SYSTEM_USER} restart"



   stop  program = "/etc/init.d/hhvm_{SYSTEM_USER} stop"




 server/conf/hhvm_starter.master


@@ -37,15 +37,29 @@


    


    umask 017


    sudo -u {SYSTEM_USER} touch /var/run/hhvm/hhvm_{SYSTEM_USER}.pid


	


    BASEINIFILE=""


    if [[ -e "/etc/hhvm/php.ini" ]] ; then


        BASEINIFILE="--config /etc/hhvm/php.ini" ;


    fi


	


    INIFILE=""


    if [[ -e "/var/www/conf/{SYSTEM_USER}/php.ini" ]] ; then


        INIFILE="-vServer.IniFile=/var/www/conf/{SYSTEM_USER}/php.ini" ;


        INIFILE="--config /var/www/conf/{SYSTEM_USER}/php.ini" ;


    elif [[ -e "/etc/php5/hhvm/php.ini" ]] ; then


        INIFILE="-vServer.IniFile=/etc/php5/hhvm/php.ini" ;


        INIFILE="--config /etc/php5/hhvm/php.ini" ;


    elif [[ -e "/etc/php5/fpm/php.ini" ]] ; then


        INIFILE="--config /etc/php5/fpm/php.ini" ;


    elif [[ -e "/etc/php5/cgi/php.ini" ]] ; then


        INIFILE="-vServer.IniFile=/etc/php5/cgi/php.ini" ;


        INIFILE="--config /etc/php5/cgi/php.ini" ;


    fi


    /usr/bin/hhvm --mode daemon -vServer.Type=fastcgi --user {SYSTEM_USER} -vServer.FileSocket=/var/run/hhvm/hhvm.{SYSTEM_USER}.sock -vLog.Level=Warning -vLog.UseLogFile=false -vRepo.Central.Path=/var/run/hhvm/hhvm.{SYSTEM_USER}.hhbc -vServer.FixPathInfo=false $INIFILE -vPidFile=/var/run/hhvm/hhvm_{SYSTEM_USER}.pid & echo $! > /var/run/hhvm/hhvm_{SYSTEM_USER}.pid


	


    CUSTOMINIFILE=""


    if [[ -e "/etc/hhvm/{SYSTEM_USER}.ini" ]] ; then


        CUSTOMINIFILE="--config /etc/hhvm/{SYSTEM_USER}.ini" ;


    fi


	


    /usr/bin/hhvm --mode daemon -vServer.Type=fastcgi --user {SYSTEM_USER} -vServer.FileSocket=/var/run/hhvm/hhvm.{SYSTEM_USER}.sock -vLog.Level=Warning -vLog.UseLogFile=false -vRepo.Central.Path=/var/run/hhvm/hhvm.{SYSTEM_USER}.hhbc -vServer.FixPathInfo=false $BASEINIFILE $INIFILE $CUSTOMINIFILE -vPidFile=/var/run/hhvm/hhvm_{SYSTEM_USER}.pid & echo $! > /var/run/hhvm/hhvm_{SYSTEM_USER}.pid


}




do_stop()




 server/cron.php


@@ -74,7 +74,7 @@


            unset($cronjob);


            continue;


        }


        print 'Included ' . $class_name . ' from ' . $file_path . ' -> will now run job.' . "\n";


        print 'Included ' . $class_name . ' from ' . $path . '/' . $f . ' -> will now run job.' . "\n";




        $cronjob->run();






 server/lib/app.inc.php


@@ -151,19 +151,18 @@


            if(isset($this->dbmaster)) {


                $server_id = $conf['server_id'];


                $loglevel = $priority;


                $tstamp = time();


                $message = $this->dbmaster->quote($msg);


                $message = $msg;


                $datalog_id = (isset($this->modules->current_datalog_id) && $this->modules->current_datalog_id > 0)?$this->modules->current_datalog_id:0;


                if($datalog_id > 0) {


                    $tmp_rec = $this->dbmaster->queryOneRecord("SELECT count(syslog_id) as number FROM sys_log WHERE datalog_id = $datalog_id AND loglevel = ".LOGLEVEL_ERROR);


                    $tmp_rec = $this->dbmaster->queryOneRecord("SELECT count(syslog_id) as number FROM sys_log WHERE datalog_id = ? AND loglevel = ?", $datalog_id, LOGLEVEL_ERROR);


                    //* Do not insert duplicate errors into the web log.


                    if($tmp_rec['number'] == 0) {


                        $sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ('$server_id',$datalog_id,'$loglevel','$tstamp','$message')";


                        $this->dbmaster->query($sql);


                        $sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, ?, ?, UNIX_TIMESTAMP(), ?)";


                        $this->dbmaster->query($sql, $server_id, $datalog_id, $loglevel, $message);


                    }


                } else {


                    $sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ('$server_id',0,'$loglevel','$tstamp','$message')";


                    $this->dbmaster->query($sql);


                    $sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, UNIX_TIMESTAMP(), ?)";


                    $this->dbmaster->query($sql, $server_id, $loglevel, $message);


                }


            }






 server/lib/classes/aps_installer.inc.php


@@ -259,18 +259,15 @@




        // Get the domain name to use for the installation


        // Would be possible in one query too, but we use 2 for easier debugging


        $main_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings


            WHERE name = 'main_domain' AND instance_id = '".$app->db->quote($task['instance_id'])."';");


        $main_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_domain' AND instance_id = ?", $task['instance_id']);


        $this->domain = $main_domain['value'];




        // Get the document root


        $domain_res = $app->db->queryOneRecord("SELECT document_root, web_folder, type FROM web_domain


            WHERE domain = '".$app->db->quote($this->domain)."';");


        $domain_res = $app->db->queryOneRecord("SELECT document_root, web_folder, type FROM web_domain WHERE domain = ?", $this->domain);


        $this->document_root = $domain_res['document_root'];




        // Get the sub location


        $location_res = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings


            WHERE name = 'main_location' AND instance_id = '".$app->db->quote($task['instance_id'])."';");


        $location_res = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_location' AND instance_id = ?", $task['instance_id']);


        $this->sublocation = $location_res['value'];




        // Make sure the document_root ends with /


@@ -309,67 +306,19 @@


        $db_id = parent::getXPathValue($sxe, '//db:id');


        if(empty($db_id)) return; // No database needed




        /* WARNING: if this will ever be uncommented please check the updated prefix handling for user and db names!!!


         *


        // Set the database owner to the domain owner


        // ISPConfig identifies the owner by the sys_groupid (not sys_userid!)


        // so sys_userid can be set to any value


        $perm = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM web_domain


            WHERE domain = '".$this->domain."';");


        $task['sys_groupid'] = $perm['sys_groupid'];


        $serverid = $perm['server_id'];




        // Get the database prefix and db user prefix


        $app->uses('getconf');


        $global_config = $app->getconf->get_global_config('sites');


        $dbname_prefix = str_replace('[CLIENTID]', '', $global_config['dbname_prefix']);


        $dbuser_prefix = str_replace('[CLIENTID]', '', $global_config['dbuser_prefix']);


        $this->dbhost = DB_HOST; // Taken from config.inc.php


        if(empty($this->dbhost)) $this->dbhost = 'localhost'; // Just to ensure any hostname... ;)




        $this->newdb_name = $dbname_prefix.$task['CustomerID'].'aps'.$task['InstanceID'];


        $this->newdb_user = $dbuser_prefix.$task['CustomerID'].'aps'.$task['InstanceID'];


        $dbpw_res = $app->db->queryOneRecord("SELECT Value FROM aps_instances_settings


            WHERE Name = 'main_database_password' AND InstanceID = '".$app->db->quote($task['InstanceID'])."';");


        $newdb_pw = $dbpw_res['Value'];




        // In any case delete an existing database (install and removal procedure)


        $app->db->query('DROP DATABASE IF EXISTS `'.$app->db->quote($this->newdb_name).'`;');


        // Delete an already existing database with this name


        $app->db->query("DELETE FROM web_database WHERE database_name = '".$app->db->quote($this->newdb_name)."';");






        // Create the new database and assign it to a user


        if($this->handle_type == 'install')


        {


            $app->db->query('CREATE DATABASE IF NOT EXISTS `'.$app->db->quote($this->newdb_name).'`;');


            $app->db->query('GRANT ALL PRIVILEGES ON '.$app->db->quote($this->newdb_name).'.* TO '.$app->db->quote($this->newdb_user).'@'.$app->db->quote($this->dbhost).' IDENTIFIED BY \'password\';');


            $app->db->query('SET PASSWORD FOR '.$app->db->quote($this->newdb_user).'@'.$app->db->quote($this->dbhost).' = PASSWORD(\''.$newdb_pw.'\');');


            $app->db->query('FLUSH PRIVILEGES;');




            // Add the new database to the customer databases


            // Assumes: charset = utf8


            $app->db->query('INSERT INTO web_database (sys_userid, sys_groupid, sys_perm_user, sys_perm_group, sys_perm_other, server_id,


                type, database_name, database_user, database_password, database_charset, remote_access, remote_ips, active)


                VALUES ('.$task['sys_userid'].', '.$task['sys_groupid'].', "'.$task['sys_perm_user'].'", "'.$task['sys_perm_group'].'",


                "'.$task['sys_perm_other'].'", '.$app->db->quote($serverid).', "mysql", "'.$app->db->quote($this->newdb_name).'",


                "'.$app->db->quote($this->newdb_user).'", "'.$app->db->quote($newdb_pw).'", "utf8", "n", "", "y");');


        }


        */




        $mysqlver_res = $app->db->queryOneRecord('SELECT VERSION() as ver;');


        $mysqlver = $mysqlver_res['ver'];




        $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_password' AND instance_id = '".$app->db->quote($task['instance_id'])."';");


        $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_password' AND instance_id = ?", $task['instance_id']);


        $newdb_pw = $tmp['value'];




        $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_host' AND instance_id = '".$app->db->quote($task['instance_id'])."';");


        $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_host' AND instance_id = ?", $task['instance_id']);


        $newdb_host = $tmp['value'];




        $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_name' AND instance_id = '".$app->db->quote($task['instance_id'])."';");


        $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_name' AND instance_id = ?", $task['instance_id']);


        $newdb_name = $tmp['value'];




        $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_login' AND instance_id = '".$app->db->quote($task['instance_id'])."';");


        $tmp = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_database_login' AND instance_id = ?", $task['instance_id']);


        $newdb_login = $tmp['value'];


        


        /* Test if the new mysql connection is laready working to ensure that db servers in multiserver


@@ -470,10 +419,8 @@


                $this->processMappings($mapping, $mapping_url, $this->local_installpath);




                // Set the appropriate file owner


                $main_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings


                    WHERE name = 'main_domain' AND instance_id = '".$app->db->quote($task['instance_id'])."';");


                $owner_res = $app->db->queryOneRecord("SELECT system_user, system_group FROM web_domain


                        WHERE domain = '".$app->db->quote($main_domain['value'])."';");


                $main_domain = $app->db->queryOneRecord("SELECT value FROM aps_instances_settings WHERE name = 'main_domain' AND instance_id = ?", $task['instance_id']);


                $owner_res = $app->db->queryOneRecord("SELECT system_user, system_group FROM web_domain WHERE domain = ?", $main_domain['value']);


                $this->file_owner_user = $owner_res['system_user'];


                $this->file_owner_group = $owner_res['system_group'];


                exec('chown -R '.$this->file_owner_user.':'.$this->file_owner_group.' '.escapeshellarg($this->local_installpath));


@@ -486,8 +433,7 @@


        }


        catch(Exception $e)


        {


            $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'"


                WHERE id = "'.$app->db->quote($task['instance_id']).'";');


            $app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_ERROR, $task['instance_id']);


            $app->log($e->getMessage(), 1);


            return false;


        }


@@ -506,8 +452,7 @@


    {


        global $app;




        $userdata = $app->db->queryAllRecords("SELECT name, value FROM aps_instances_settings


            WHERE instance_id = '".$app->db->quote($task['instance_id'])."';");


        $userdata = $app->db->queryAllRecords("SELECT name, value FROM aps_instances_settings WHERE instance_id = ?", $task['instance_id']);


        if(empty($userdata)) return false;




        foreach($userdata as $data)


@@ -628,15 +573,13 @@


                    exec('chown -R root:root '.escapeshellarg($this->local_installpath.'stats'));


                }




                $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_SUCCESS.'"


                    WHERE id = "'.$app->db->quote($task['instance_id']).'";');


                $app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_SUCCESS, $task['instance_id']);


            }


        }




        catch(Exception $e)


        {


            $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'"


                WHERE id = "'.$app->db->quote($task['instance_id']).'";');


            $app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_ERROR, $task['instance_id']);


            $app->log($e->getMessage(), 1);


            return false;


        }


@@ -675,15 +618,7 @@


        else return false;




        // Get all instance metadata


        /*


        $task = $app->db->queryOneRecord("SELECT * FROM aps_instances AS i


            INNER JOIN aps_packages AS p ON i.package_id = p.id


            INNER JOIN client AS c ON i.customer_id = c.client_id


            WHERE i.id = ".$instanceid.";");


        */


        $task = $app->db->queryOneRecord("SELECT * FROM aps_instances AS i


            INNER JOIN aps_packages AS p ON i.package_id = p.id


            WHERE i.id = ".$instanceid.";");


        $task = $app->db->queryOneRecord("SELECT * FROM aps_instances AS i INNER JOIN aps_packages AS p ON i.package_id = p.id WHERE i.id = ?", $instanceid);


        if(!$task) return false;  // formerly: throw new Exception('The InstanceID doesn\'t exist.');


        if(!isset($task['instance_id'])) $task['instance_id'] = $instanceid;




@@ -698,6 +633,7 @@


            curl_setopt($ch, CURLOPT_TIMEOUT, 0);


            curl_setopt($ch, CURLOPT_FAILONERROR, 1);


            curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);


            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);


            if(curl_exec($ch) === false) $app->log(curl_error($ch), 1);


            fclose($fh);


            curl_close($ch);


@@ -720,8 +656,7 @@


        // Check if the meta file is existing


        if(!$metafile)


        {


            $app->dbmaster->query('UPDATE aps_instances SET instance_status = "'.INSTANCE_ERROR.'"


                WHERE id = "'.$app->db->quote($task['instance_id']).'";');


            $app->dbmaster->query('UPDATE aps_instances SET instance_status = ? WHERE id = ?', INSTANCE_ERROR, $task['instance_id']);


            $app->log('Unable to find the meta data file of package '.$task['path'], 1);


            return false;


        }


@@ -754,11 +689,11 @@


        // Finally delete the instance entry + settings


        if($this->handle_type == 'delete')


        {


            $app->db->query('DELETE FROM aps_instances WHERE id = "'.$app->db->quote($task['instance_id']).'";');


            $app->db->query('DELETE FROM aps_instances_settings WHERE instance_id = "'.$app->db->quote($task['instance_id']).'";');


            $app->db->query('DELETE FROM aps_instances WHERE id = ?', $task['instance_id']);


            $app->db->query('DELETE FROM aps_instances_settings WHERE instance_id = ?', $task['instance_id']);


            if ($app->dbmaster != $app->db) {


                $app->dbmaster->query('DELETE FROM aps_instances WHERE id = "'.$app->db->quote($task['instance_id']).'";');


                $app->dbmaster->query('DELETE FROM aps_instances_settings WHERE instance_id = "'.$app->db->quote($task['instance_id']).'";');


                $app->dbmaster->query('DELETE FROM aps_instances WHERE id = ?', $task['instance_id']);


                $app->dbmaster->query('DELETE FROM aps_instances_settings WHERE instance_id = ?', $task['instance_id']);


            }


        }






 server/lib/classes/cron.d/100-mailbox_stats.inc.php


@@ -32,6 +32,9 @@




    // job schedule


    protected $_schedule = '0 0 * * *';


    protected $mailbox_traffic = array();


    protected $mail_boxes = array();


    protected $mail_rewrites = array();




    /* this function is optional if it contains no custom code */


    public function onPrepare() {


@@ -57,8 +60,8 @@


        //######################################################################################################




        $parse_mail_log = false;


        $sql = "SELECT mailuser_id,maildir FROM mail_user WHERE server_id = ".$conf['server_id'];


        $records = $app->db->queryAllRecords($sql);


        $sql = "SELECT mailuser_id,maildir FROM mail_user WHERE server_id = ?";


        $records = $app->db->queryAllRecords($sql, $conf['server_id']);


        if(count($records) > 0) $parse_mail_log = true;




        foreach($records as $rec) {


@@ -82,16 +85,17 @@


                // Save the traffic stats in the sql database


                $tstamp = date('Y-m');




                $sql = "SELECT * FROM mail_traffic WHERE month = '$tstamp' AND mailuser_id = ".$rec['mailuser_id'];


                $tr = $app->dbmaster->queryOneRecord($sql);


                $sql = "SELECT * FROM mail_traffic WHERE month = '$tstamp' AND mailuser_id = ?";


                $tr = $app->dbmaster->queryOneRecord($sql, $rec['mailuser_id']);




                $mail_traffic += $tr['traffic'];


                if($tr['traffic_id'] > 0) {


                    $sql = "UPDATE mail_traffic SET traffic = $mail_traffic WHERE traffic_id = ".$tr['traffic_id'];


                    $sql = "UPDATE mail_traffic SET traffic = ? WHERE traffic_id = ?";


                    $app->dbmaster->query($sql, $mail_traffic, $tr['traffic_id']);


                } else {


                    $sql = "INSERT INTO mail_traffic (month,mailuser_id,traffic) VALUES ('$tstamp',".$rec['mailuser_id'].",$mail_traffic)";


                    $sql = "INSERT INTO mail_traffic (month,mailuser_id,traffic) VALUES (?,?,?)";


                    $app->dbmaster->query($sql, $tstamp, $rec['mailuser_id'], $mail_traffic);


                }


                $app->dbmaster->query($sql);


                //echo $sql;




            }


@@ -140,13 +144,13 @@


                }


            }




            $sql = "SELECT email FROM mail_user WHERE server_id = ".$conf['server_id'];


            $records = $app->db->queryAllRecords($sql);


            $sql = "SELECT email FROM mail_user WHERE server_id = ?";


            $records = $app->db->queryAllRecords($sql, $conf['server_id']);


            foreach($records as $record) {


                $mail_boxes[] = $record['email'];


            }


            $sql = "SELECT source, destination FROM mail_forwarding WHERE server_id = ".$conf['server_id'];


            $records = $app->db->queryAllRecords($sql);


            $sql = "SELECT source, destination FROM mail_forwarding WHERE server_id = ?";


            $records = $app->db->queryAllRecords($sql, $conf['server_id']);


            foreach($records as $record) {


                $targets = preg_split('/[\n,]+/', $record['destination']);


                foreach($targets as $target) {


@@ -163,7 +167,7 @@


            $cur_line = false;




            if(file_exists($state_file)) {


                $prev_line = parse_mail_log_line(trim(file_get_contents($state_file)));


                $prev_line = $this->parse_mail_log_line(trim(file_get_contents($state_file)));


                //if($prev_line) echo "continuing from previous run, log position: " . $prev_line['message-id'] . " at " . strftime('%d.%m.%Y %H:%M:%S', $prev_line['timestamp']) . "\n";


            }




@@ -174,7 +178,8 @@


                while($line = fgets($fp, 8192)) {


                    $l++;


                    //if($l % 1000 == 0) echo "\rline $l";


                    $cur_line = parse_mail_log_line($line);


                    $cur_line = $this->parse_mail_log_line($line);


                    //print_r($cur_line);


                    if(!$cur_line) continue;




                    if($prev_line) {


@@ -189,9 +194,13 @@


                        }


                    }




                    add_mailbox_traffic($mailbox_traffic, $cur_line['from'], $cur_line['size']);


                    $this->add_mailbox_traffic($cur_line['from'], $cur_line['size']);


                    //echo "1\n";


                    //print_r($this->mailbox_traffic);


                    foreach($cur_line['to'] as $to) {


                        add_mailbox_traffic($mailbox_traffic, $to, $cur_line['size']);


                        $this->add_mailbox_traffic($to, $cur_line['size']);


                        //echo "2\n";


                        //print_r($this->mailbox_traffic);


                    }


                    $last_line = $line; // store for the state file


                }


@@ -206,7 +215,7 @@


                while($line = fgets($fp, 8192)) {


                    $l++;


                    //if($l % 1000 == 0) echo "\rline $l";


                    $cur_line = parse_mail_log_line($line);


                    $cur_line = $this->parse_mail_log_line($line);


                    if(!$cur_line) continue;




                    if($prev_line) {


@@ -231,20 +240,21 @@




            // Save the traffic stats in the sql database


            $tstamp = date('Y-m');


            $sql = "SELECT mailuser_id,email FROM mail_user WHERE server_id = ".$conf['server_id'];


            $records = $app->db->queryAllRecords($sql);


            $sql = "SELECT mailuser_id,email FROM mail_user WHERE server_id = ?";


            $records = $app->db->queryAllRecords($sql, $conf['server_id']);


            foreach($records as $rec) {


                if(array_key_exists($rec['email'], $mailbox_traffic)) {


                    $sql = "SELECT * FROM mail_traffic WHERE month = '$tstamp' AND mailuser_id = ".$rec['mailuser_id'];


                    $tr = $app->dbmaster->queryOneRecord($sql);


                    $sql = "SELECT * FROM mail_traffic WHERE month = ? AND mailuser_id = ?";


                    $tr = $app->dbmaster->queryOneRecord($sql, $tstamp, $rec['mailuser_id']);




                    $mail_traffic = $tr['traffic'] + $mailbox_traffic[$rec['email']];


                    if($tr['traffic_id'] > 0) {


                        $sql = "UPDATE mail_traffic SET traffic = $mail_traffic WHERE traffic_id = ".$tr['traffic_id'];


                        $sql = "UPDATE mail_traffic SET traffic = ? WHERE traffic_id = ?";


                        $app->dbmaster->query($sql, $mail_traffic, $tr['traffic_id']);


                    } else {


                        $sql = "INSERT INTO mail_traffic (month,mailuser_id,traffic) VALUES ('$tstamp',".$rec['mailuser_id'].",$mail_traffic)";


                        $sql = "INSERT INTO mail_traffic (month,mailuser_id,traffic) VALUES (?,?,?)";


                        $app->dbmaster->query($sql, $tstamp, $rec['mailuser_id'], $mail_traffic);


                    }


                    $app->dbmaster->query($sql);


                    //echo $sql;


                }


            }


@@ -263,6 +273,41 @@




        parent::onAfterRun();


    }


	


    private function parse_mail_log_line($line) {


        //Oct 31 17:35:48 mx01 amavis[32014]: (32014-05) Passed CLEAN, [IPv6:xxxxx] [IPv6:xxxxx] <xxx@yyyy> -> <aaaa@bbbb>, Message-ID: <xxxx@yyyyy>, mail_id: xxxxxx, Hits: -1.89, size: 1591, queued_as: xxxxxxx, 946 ms




        if(preg_match('/^(\w+\s+\d+\s+\d+:\d+:\d+)\s+[^ ]+\s+amavis.* <([^>]+)>\s+->\s+((<[^>]+>,)+) .*Message-ID:\s+<([^>]+)>.* size:\s+(\d+),.*$/', $line, $matches) == false) return false;




        $timestamp = strtotime($matches[1]);


        if(!$timestamp) return false;




        $to = array();


        $recipients = explode(',', $matches[3]);


        foreach($recipients as $recipient) {


            $recipient = substr($recipient, 1, -1);


            if(!$recipient || $recipient == $matches[2]) continue;


            $to[] = $recipient;


        }


        return array('line' => $line, 'timestamp' => $timestamp, 'size' => $matches[6], 'from' => $matches[2], 'to' => $to, 'message-id' => $matches[5]);


    }


	


    private function add_mailbox_traffic($address, $traffic) {




        $address = strtolower($address);




        if(in_array($address, $this->mail_boxes) == true) {


            if(!isset($this->mailbox_traffic[$address])) $this->mailbox_traffic[$address] = 0;


            $this->mailbox_traffic[$address] += $traffic;


        } elseif(array_key_exists($address, $this->mail_rewrites)) {


            foreach($this->mail_rewrites[$address] as $address) {


                if(!isset($this->mailbox_traffic[$address])) $this->mailbox_traffic[$address] = 0;


                $this->mailbox_traffic[$address] += $traffic;


            }


        } else {


            // this is not a local address - skip it


        }


    }




}






 server/lib/classes/cron.d/100-monitor_clamav_log.inc.php


@@ -82,14 +82,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);


@@ -158,14 +152,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_cpu.inc.php


@@ -111,14 +111,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_database_size.inc.php


@@ -78,7 +78,7 @@


        $state = 'ok';




        /** Fetch the data of all databases into an array */


        $databases = $app->db->queryAllRecords("SELECT database_name, sys_groupid FROM web_database WHERE server_id = $server_id GROUP BY sys_groupid, database_name ASC");


        $databases = $app->db->queryAllRecords("SELECT database_name, sys_groupid FROM web_database WHERE server_id = ? GROUP BY sys_groupid, database_name ASC", $server_id);




        if(is_array($databases) && !empty($databases)) {




@@ -98,14 +98,8 @@




            //* Insert the data into the database


            $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


                'VALUES (' .


                $res['server_id'] . ', ' .


                "'" . $app->dbmaster->quote($res['type']) . "', " .


                'UNIX_TIMESTAMP(), ' .


                "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


                "'" . $res['state'] . "'" .


                ')';


            $app->dbmaster->query($sql);


                'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


            $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




            //* The new data is written, now we can delete the old one


            $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_disk_usage.inc.php


@@ -142,14 +142,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_email_quota.inc.php


@@ -75,7 +75,7 @@


        //* The state of the email_quota.


        $state = 'ok';




        $mailboxes = $app->db->queryAllRecords("SELECT email,maildir FROM mail_user WHERE server_id = $server_id");


        $mailboxes = $app->db->queryAllRecords("SELECT email,maildir FROM mail_user WHERE server_id = ?", $server_id);


        if(is_array($mailboxes)) {




            //* with dovecot we can use doveadm instead of 'du -s'


@@ -134,14 +134,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_fail2ban.inc.php


@@ -102,14 +102,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_hd_quota.inc.php


@@ -134,14 +134,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_iptables.inc.php


@@ -107,14 +107,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_ispconfig_log.inc.php


@@ -82,14 +82,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);


@@ -123,14 +117,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_ispconfig_version.inc.php


@@ -85,14 +85,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_mail_log.inc.php


@@ -88,14 +88,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);


@@ -122,14 +116,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);


@@ -156,14 +144,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_mail_queue.inc.php


@@ -113,14 +113,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_mem_usage.inc.php


@@ -99,14 +99,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_mongodb.inc.php


@@ -102,14 +102,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_openvz.inc.php


@@ -86,14 +86,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);


@@ -158,14 +152,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_os_version.inc.php


@@ -87,14 +87,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_raid.inc.php


@@ -240,14 +240,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_rkhunter.inc.php


@@ -102,14 +102,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_server.inc.php


@@ -108,14 +108,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_services.inc.php


@@ -67,14 +67,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_syslog.inc.php


@@ -70,7 +70,7 @@


         * is there any warning or error for this server?


         */


        $state = 'ok';


        $dbData = $app->dbmaster->queryAllRecords('SELECT loglevel FROM sys_log WHERE server_id = ' . $server_id . ' AND loglevel > 0');


        $dbData = $app->dbmaster->queryAllRecords('SELECT loglevel FROM sys_log WHERE server_id = ? AND loglevel > 0', $server_id);


        if (is_array($dbData)) {


            foreach ($dbData as $item) {


                if ($item['loglevel'] == 1)


@@ -93,14 +93,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);


@@ -127,14 +121,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/100-monitor_system_update.inc.php


@@ -187,14 +187,8 @@


         * Insert the data into the database


         */


        $sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .


            'VALUES (' .


            $res['server_id'] . ', ' .


            "'" . $app->dbmaster->quote($res['type']) . "', " .


            'UNIX_TIMESTAMP(), ' .


            "'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .


            "'" . $res['state'] . "'" .


            ')';


        $app->dbmaster->query($sql);


            'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';


        $app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);




        /* The new data is written, now we can delete the old one */


        $this->_tools->delOldRecords($res['type'], $res['server_id']);




 server/lib/classes/cron.d/150-awstats.inc.php


@@ -54,8 +54,8 @@


        // Create awstats statistics


        //######################################################################################################




        $sql = "SELECT domain_id, domain, document_root, web_folder, type, system_user, system_group, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'awstats' AND server_id = ".$conf['server_id'];


        $records = $app->db->queryAllRecords($sql);


        $sql = "SELECT domain_id, domain, document_root, web_folder, type, system_user, system_group, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'awstats' AND server_id = ?";


        $records = $app->db->queryAllRecords($sql, $conf['server_id']);




        $web_config = $app->getconf->get_server_config($conf['server_id'], 'web');




@@ -65,7 +65,7 @@




            $log_folder = 'log';


            if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') {


                $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($rec['parent_domain_id']));


                $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $rec['parent_domain_id']);


                $subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $rec['domain']);


                if($subdomain_host == '') $subdomain_host = 'web'.$rec['domain_id'];


                $log_folder .= '/' . $subdomain_host;


@@ -89,8 +89,8 @@




            if(is_file($awstats_website_conf_file)) unlink($awstats_website_conf_file);




            $sql = "SELECT domain FROM web_domain WHERE (type = 'alias' OR type = 'subdomain') AND parent_domain_id = ".$rec['domain_id'];


            $aliases = $app->db->queryAllRecords($sql);


            $sql = "SELECT domain FROM web_domain WHERE (type = 'alias' OR type = 'subdomain') AND parent_domain_id = ?";


            $aliases = $app->db->queryAllRecords($sql, $rec['domain_id']);


            $aliasdomain = '';




            if(is_array($aliases)) {




 server/lib/classes/cron.d/150-webalizer.inc.php


@@ -79,8 +79,8 @@


        }






        $sql = "SELECT domain_id, domain, document_root, web_folder, type, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'webalizer' AND server_id = ".$conf['server_id'];


        $records = $app->db->queryAllRecords($sql);


        $sql = "SELECT domain_id, domain, document_root, web_folder, type, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') and stats_type = 'webalizer' AND server_id = ?";


        $records = $app->db->queryAllRecords($sql, $conf['server_id']);




        foreach($records as $rec) {


            //$yesterday = date('Ymd',time() - 86400);


@@ -88,7 +88,7 @@




            $log_folder = 'log';


            if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') {


                $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($rec['parent_domain_id']));


                $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $rec['parent_domain_id']);


                $subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $rec['domain']);


                if($subdomain_host == '') $subdomain_host = 'web'.$rec['domain_id'];


                $log_folder .= '/' . $subdomain_host;




 server/lib/classes/cron.d/200-logfiles.inc.php


@@ -60,8 +60,8 @@


        // Manage and compress web logfiles and create traffic statistics


        //######################################################################################################




        $sql = "SELECT domain_id, domain, type, document_root, web_folder, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') AND server_id = ".$conf['server_id'];


        $records = $app->db->queryAllRecords($sql);


        $sql = "SELECT domain_id, domain, type, document_root, web_folder, parent_domain_id FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') AND server_id = ?";


        $records = $app->db->queryAllRecords($sql, $conf['server_id']);


        foreach($records as $rec) {




            //* create traffic statistics based on yesterdays access log file


@@ -69,7 +69,7 @@




            $log_folder = 'log';


            if($rec['type'] == 'vhostsubdomain' || $rec['type'] == 'vhostalias') {


                $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($rec['parent_domain_id']));


                $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $rec['parent_domain_id']);


                $subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $rec['domain']);


                if($subdomain_host == '') $subdomain_host = 'web'.$rec['domain_id'];


                $log_folder .= '/' . $subdomain_host;


@@ -89,16 +89,14 @@




                //* Insert / update traffic in master database


                $traffic_date = date('Y-m-d', time() - 86400);


                $tmp = $app->dbmaster->queryOneRecord("select hostname from web_traffic where hostname='".$rec['domain']."' and traffic_date='".$traffic_date."'");


                $tmp = $app->dbmaster->queryOneRecord("select hostname from web_traffic where hostname=? and traffic_date=?", $rec['domain'], $traffic_date);


                if(is_array($tmp) && count($tmp) > 0) {


                    $sql = "update web_traffic set traffic_bytes=traffic_bytes+"


                        . $total_bytes


                        . " where hostname='" . $rec['domain']


                        . "' and traffic_date='" . $traffic_date . "'";


                    $sql = "UPDATE web_traffic SET traffic_bytes=traffic_bytes + ? WHERE hostname = ? AND traffic_date = ?";


                    $app->dbmaster->query($sql, $total_bytes, $rec['domain'], $traffic_date);


                } else {


                    $sql = "insert into web_traffic (hostname, traffic_date, traffic_bytes) values ('".$rec['domain']."', '".$traffic_date."', '".$total_bytes."')";


                    $sql = "INSERT INTO web_traffic (hostname, traffic_date, traffic_bytes) VALUES (?, ?, ?)";


                    $app->dbmaster->query($sql, $rec['domain'], $traffic_date, $total_bytes);


                }


                $app->dbmaster->query($sql);




                fclose($handle);


            }


@@ -197,8 +195,8 @@


        // Cleanup website tmp directories


        //######################################################################################################




        $sql = "SELECT domain_id, domain, document_root, system_user FROM web_domain WHERE server_id = ".$conf['server_id'];


        $records = $app->db->queryAllRecords($sql);


        $sql = "SELECT domain_id, domain, document_root, system_user FROM web_domain WHERE server_id = ?";


        $records = $app->db->queryAllRecords($sql, $conf['server_id']);


        $app->uses('system');


        if(is_array($records)) {


            foreach($records as $rec){


@@ -225,8 +223,8 @@


             * if they are NOT ok, the server will try to process them in 1 minute and so the


             * error appears again after 1 minute. So it is no problem to delete the old one!


             */


            $sql = "DELETE FROM sys_log WHERE tstamp < " . $tstamp . " AND server_id != 0";


            $app->dbmaster->query($sql);


            $sql = "DELETE FROM sys_log WHERE tstamp < ? AND server_id != 0";


            $app->dbmaster->query($sql, $tstamp);




            /*


             * Delete all remote-actions "done" and older than 7 days


@@ -236,11 +234,8 @@


            $sql = "SELECT max(action_id) FROM sys_remoteaction";


            $res = $app->dbmaster->queryOneRecord($sql);


            $maxId = $res['max(action_id)'];


            $sql =  "DELETE FROM sys_remoteaction " .


                "WHERE tstamp < " . $tstamp . " " .


                " AND action_state = 'ok' " .


                " AND action_id <" . intval($maxId);


            $app->dbmaster->query($sql);


            $sql =  "DELETE FROM sys_remoteaction WHERE tstamp < ? AND action_state = 'ok' AND action_id < ?";


            $app->dbmaster->query($sql, $tstamp, $maxId);




            /*


             * The sys_datalog is more difficult.


@@ -270,14 +265,10 @@


            foreach($records as $server) {


                $tmp_server_id = intval($server['server_id']);


                if($tmp_server_id > 0) {


                    $sql =  "DELETE FROM sys_datalog " .


                        "WHERE tstamp < " . $tstamp .


                        " AND server_id = " . intval($server['server_id']) .


                        " AND datalog_id < " . intval($server['updated']) .


                        " AND datalog_id < " . intval($maxId);


                    $sql =  "DELETE FROM sys_datalog WHERE tstamp < ? AND server_id = ? AND datalog_id < ? AND datalog_id < ?";


                    //  echo $sql . "\n";


                    $app->dbmaster->query($sql, $tstamp, $server['server_id'], $server['updated'], $maxId);


                }


                //  echo $sql . "\n";


                $app->dbmaster->query($sql);


            }


        }






 server/lib/classes/cron.d/300-quota_notify.inc.php


@@ -49,6 +49,11 @@




    public function onRunJob() {


        global $app, $conf;


		


        /* used for all monitor cronjobs */


        $app->load('monitor_tools');


        $this->_tools = new monitor_tools();


        /* end global section for monitor cronjobs */




        //######################################################################################################


        // enforce traffic quota (run only on the "master-server")


@@ -69,26 +74,12 @@


                    $web_traffic_quota = $rec['traffic_quota'];


                    $domain = $rec['domain'];




                    // get the client


                    /*


                    $client_group_id = $rec["sys_groupid"];


                    $client = $app->db->queryOneRecord("SELECT limit_traffic_quota,parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                    $reseller = $app->db->queryOneRecord("SELECT limit_traffic_quota FROM client WHERE client_id = ".intval($client['parent_client_id']));




                    $client_traffic_quota = intval($client['limit_traffic_quota']);


                    $reseller_traffic_quota = intval($reseller['limit_traffic_quota']);


                    */




                    //* get the traffic


                    $tmp = $app->db->queryOneRecord("SELECT SUM(traffic_bytes) As total_traffic_bytes FROM web_traffic WHERE traffic_date like '$current_month%' AND hostname = '$domain'");


                    $web_traffic = round($tmp['total_traffic_bytes']/1024/1024);




                    //* Website is over quota, we will disable it


                    /*if( ($web_traffic_quota > 0 && $web_traffic > $web_traffic_quota) ||


                        ($client_traffic_quota > 0 && $web_traffic > $client_traffic_quota) ||


                        ($reseller_traffic_quota > 0 && $web_traffic > $reseller_traffic_quota)) {*/


                    if($web_traffic_quota > 0 && $web_traffic > $web_traffic_quota) {


                        $app->dbmaster->datalogUpdate('web_domain', "traffic_quota_lock = 'y',active = 'n'", 'domain_id', $rec['domain_id']);


                        $app->dbmaster->datalogUpdate('web_domain', array("traffic_quota_lock" => 'y', "active" => 'n'), 'domain_id', $rec['domain_id']);


                        $app->log('Traffic quota for '.$rec['domain'].' exceeded. Disabling website.', LOGLEVEL_DEBUG);




                        //* Send traffic notifications


@@ -106,7 +97,7 @@


                            //* Send email to client


                            if($web_config['overtraffic_notify_client'] == 'y') {


                                $client_group_id = $rec["sys_groupid"];


                                $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                                $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


                                if($client['email'] != '') {


                                    $recipients[] = $client['email'];


                                }


@@ -118,7 +109,7 @@


                    } else {


                        //* unlock the website, if traffic is lower then quota


                        if($rec['traffic_quota_lock'] == 'y') {


                            $app->dbmaster->datalogUpdate('web_domain', "traffic_quota_lock = 'n',active = 'y'", 'domain_id', $rec['domain_id']);


                            $app->dbmaster->datalogUpdate('web_domain', array("traffic_quota_lock" => 'n', "active" => 'y'), 'domain_id', $rec['domain_id']);


                            $app->log('Traffic quota for '.$rec['domain'].' ok again. Re-enabling website.', LOGLEVEL_DEBUG);


                        }


                    }


@@ -206,7 +197,7 @@


                    // send notifications only if 90% or more of the quota are used


                    if($used_ratio < 0.9) {


                        // reset notification date


                        if($rec['last_quota_notification']) $app->dbmaster->datalogUpdate('web_domain', "last_quota_notification = NULL", 'domain_id', $rec['domain_id']);


                        if($rec['last_quota_notification']) $app->dbmaster->datalogUpdate('web_domain', array("last_quota_notification" => null), 'domain_id', $rec['domain_id']);




                        // send notification - everything ok again


                        if($rec['last_quota_notification'] && $web_config['overquota_notify_onok'] == 'y' && ($web_config['overquota_notify_admin'] == 'y' || $web_config['overquota_notify_client'] == 'y')) {


@@ -227,7 +218,7 @@


                            //* Send email to client


                            if($web_config['overquota_notify_client'] == 'y') {


                                $client_group_id = $rec["sys_groupid"];


                                $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                                $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


                                if($client['email'] != '') {


                                    $recipients[] = $client['email'];


                                }


@@ -243,7 +234,7 @@




                        //* Send quota notifications


                        if(($web_config['overquota_notify_admin'] == 'y' || $web_config['overquota_notify_client'] == 'y') && $send_notification == true) {


                            $app->dbmaster->datalogUpdate('web_domain', "last_quota_notification = CURDATE()", 'domain_id', $rec['domain_id']);


                            $app->dbmaster->datalogUpdate('web_domain', array("last_quota_notification" => array("SQL" => "CURDATE()")), 'domain_id', $rec['domain_id']);




                            $placeholders = array('{domain}' => $rec['domain'],


                                '{admin_mail}' => ($global_config['admin_mail'] != ''? $global_config['admin_mail'] : 'root'),


@@ -262,7 +253,7 @@


                            //* Send email to client


                            if($web_config['overquota_notify_client'] == 'y') {


                                $client_group_id = $rec["sys_groupid"];


                                $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                                $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


                                if($client['email'] != '') {


                                    $recipients[] = $client['email'];


                                }


@@ -335,7 +326,7 @@


                    // send notifications only if 90% or more of the quota are used


                    if($used_ratio < 0.9) {


                        // reset notification date


                        if($rec['last_quota_notification']) $app->dbmaster->datalogUpdate('mail_user', "last_quota_notification = NULL", 'mailuser_id', $rec['mailuser_id']);


                        if($rec['last_quota_notification']) $app->dbmaster->datalogUpdate('mail_user', array("last_quota_notification" => null), 'mailuser_id', $rec['mailuser_id']);




                        // send notification - everything ok again


                        if($rec['last_quota_notification'] && $mail_config['overquota_notify_onok'] == 'y' && ($mail_config['overquota_notify_admin'] == 'y' || $mail_config['overquota_notify_client'] == 'y')) {


@@ -355,7 +346,7 @@


                            //* Send email to client


                            if($mail_config['overquota_notify_client'] == 'y') {


                                $client_group_id = $rec["sys_groupid"];


                                $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                                $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


                                if($client['email'] != '') {


                                    $recipients[] = $client['email'];


                                }


@@ -372,7 +363,7 @@


                        elseif($mail_config['overquota_notify_freq'] > 0 && $rec['notified_before'] >= $mail_config['overquota_notify_freq']) $send_notification = true;




                        if(($mail_config['overquota_notify_admin'] == 'y' || $mail_config['overquota_notify_client'] == 'y') && $send_notification == true) {


                            $app->dbmaster->datalogUpdate('mail_user', "last_quota_notification = CURDATE()", 'mailuser_id', $rec['mailuser_id']);


                            $app->dbmaster->datalogUpdate('mail_user', array("last_quota_notification" => array("SQL" => "CURDATE()")), 'mailuser_id', $rec['mailuser_id']);




                            $placeholders = array('{email}' => $rec['email'],


                                '{admin_mail}' => ($global_config['admin_mail'] != ''? $global_config['admin_mail'] : 'root'),


@@ -390,7 +381,7 @@


                            //* Send email to client


                            if($mail_config['overquota_notify_client'] == 'y') {


                                $client_group_id = $rec["sys_groupid"];


                                $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");


                                $client = $app->db->queryOneRecord("SELECT client.email FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);


                                if($client['email'] != '') {


                                    $recipients[] = $client['email'];


                                }


@@ -427,7 +418,7 @@


            }




            //* get databases


            $database_records = $app->db->queryAllRecords("SELECT database_id,sys_groupid,database_name,database_quota,last_quota_notification,DATEDIFF(CURDATE(), last_quota_notification) as `notified_before` FROM web_database;");


            $database_records = $app->db->queryAllRecords("SELECT database_id,sys_groupid,database_name,database_quota,last_quota_notification,DATEDIFF(CURDATE(), last_quota_notification) as `notified_before` FROM web_database");




            if(is_array($database_records) && !empty($database_records) && is_array($monitor_data) && !empty($monitor_data)) {


                //* check database-quota


@@ -442,7 +433,7 @@




                            if ($monitor['database_name'] == $database) {


                                //* get the client


                                $client = $app->db->queryOneRecord("SELECT client.username, client.email FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name='".$database."'");


                                $client = $app->db->queryOneRecord("SELECT client.username, client.email FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name=?", $database);




                                //* check quota


                                if ($quota > 0) $used_ratio = $monitor['size'] / $quota;


@@ -452,9 +443,9 @@


                                if($used_ratio > 0.9) {




                                    //* reset notification date


                                    if($rec['last_quota_notification']) $app->dbmaster->datalogUpdate('web_database', "last_quota_notification = NULL", 'database_id', $rec['database_id']);


                                    if($rec['last_quota_notification']) $app->dbmaster->datalogUpdate('web_database', array("last_quota_notification" => null), 'database_id', $rec['database_id']);




                                    $app->dbmaster->datalogUpdate('web_database', "last_quota_notification = CURDATE()", 'database_id', $rec['database_id']);


                                    $app->dbmaster->datalogUpdate('web_database', array("last_quota_notification" => array("SQL" => "CURDATE()")), 'database_id', $rec['database_id']);




                                    // send notification - everything ok again


                                    if($rec['last_quota_notification'] && $web_config['overquota_notify_onok'] == 'y' && ($web_config['overquota_db_notify_admin'] == 'y' || $web_config['overquota_db_notify_client'] == 'y')) {


@@ -489,7 +480,7 @@




                                //* Send quota notifications


                                if(($web_config['overquota_db_notify_admin'] == 'y' || $web_config['overquota_db_notify_client'] == 'y') && $send_notification == true) {


                                    $app->dbmaster->datalogUpdate('web_database', "last_quota_notification = CURDATE()", 'database_id', $rec['database_id']);


                                    $app->dbmaster->datalogUpdate('web_database', array("last_quota_notification" => array("SQL" => "CURDATE()")), 'database_id', $rec['database_id']);


                                    $placeholders = array(


                                        '{database_name}' => $rec['database_name'],


                                        '{admin_mail}' => ($global_config['admin_mail'] != ''? $global_config['admin_mail'] : 'root'),




 server/lib/classes/cron.d/400-openvz.inc.php


@@ -55,14 +55,12 @@


        //######################################################################################################




        if ($app->dbmaster == $app->db) {


            $current_date = date('Y-m-d');




            //* Check which virtual machines have to be deactivated


            $sql = "SELECT * FROM openvz_vm WHERE active = 'y' AND active_until_date != '0000-00-00' AND active_until_date < '$current_date'";


            $sql = "SELECT * FROM openvz_vm WHERE active = 'y' AND active_until_date != '0000-00-00' AND active_until_date < CURDATE()";


            $records = $app->db->queryAllRecords($sql);


            if(is_array($records)) {


                foreach($records as $rec) {


                    $app->dbmaster->datalogUpdate('openvz_vm', "active = 'n'", 'vm_id', $rec['vm_id']);


                    $app->dbmaster->datalogUpdate('openvz_vm', array("active" => 'n'), 'vm_id', $rec['vm_id']);


                    $app->log('Virtual machine active date expired. Disabling VM '.$rec['veid'], LOGLEVEL_DEBUG);


                }


            }




 server/lib/classes/cron.d/500-backup.inc.php


@@ -76,6 +76,8 @@


            //* mount backup directory, if necessary


            if( $server_config['backup_dir_is_mount'] == 'y' && !$app->system->mount_backup_dir($backup_dir) ) $run_backups = false;


            if($run_backups){


                $web_array = array();


				


                //* backup only active domains


                $sql = "SELECT * FROM web_domain WHERE server_id = ? AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y'";


                $records = $app->db->queryAllRecords($sql, $conf['server_id']);


@@ -89,6 +91,7 @@


                            $web_user = $rec['system_user'];


                            $web_group = $rec['system_group'];


                            $web_id = $rec['domain_id'];


                            if(!in_array($web_id, $web_array)) $web_array[] = $web_id;


                            $web_backup_dir = $backup_dir.'/web'.$web_id;


                            if(!is_dir($web_backup_dir)) mkdir($web_backup_dir, 0750);


                            chmod($web_backup_dir, 0750);


@@ -130,8 +133,6 @@


                                    chmod($web_backup_dir.'/'.$web_backup_file, 0750);




                                    //* Insert web backup record in database


                                    //$insert_data = "(server_id,parent_domain_id,backup_type,backup_mode,tstamp,filename) VALUES (".$conf['server_id'].",".$web_id.",'web','".$backup_mode."',".time().",'".$app->db->quote($web_backup_file)."')";


                                    //$app->dbmaster->datalogInsert('web_backup', $insert_data, 'backup_id');


                                    $filesize = filesize($web_backup_dir.'/'.$web_backup_file);


                                    $sql = "INSERT INTO web_backup (server_id, parent_domain_id, backup_type, backup_mode, tstamp, filename, filesize) VALUES (?, ?, ?, ?, ?, ?, ?)";


                                    $app->db->query($sql, $conf['server_id'], $web_id, 'web', $backup_mode, time(), $web_backup_file, $filesize);


@@ -159,14 +160,10 @@




                            for ($n = $backup_copies; $n <= 10; $n++) {


                                if(isset($files[$n]) && is_file($web_backup_dir.'/'.$files[$n])) {


                                    unlink($web_backup_dir.'/'.$files[$n]);


                                    //$sql = "SELECT backup_id FROM web_backup WHERE server_id = ".$conf['server_id']." AND parent_domain_id = $web_id AND filename = '".$app->db->quote($files[$n])."'";


                                    //$tmp = $app->dbmaster->queryOneRecord($sql);


                                    //$app->dbmaster->datalogDelete('web_backup', 'backup_id', $tmp['backup_id']);


                                    //$sql = "DELETE FROM web_backup WHERE backup_id = ".intval($tmp['backup_id']);


                                    $sql = "DELETE FROM web_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";


                                    $app->db->query($sql, $conf['server_id'], $web_id, $files[$n]);


                                    if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql, $conf['server_id'],  $web_id, $files[$n]);


                                    @unlink($web_backup_dir.'/'.$files[$n]);


                                }


                            }




@@ -215,6 +212,7 @@


                        if($rec['backup_interval'] == 'daily' or ($rec['backup_interval'] == 'weekly' && date('w') == 0) or ($rec['backup_interval'] == 'monthly' && date('d') == '01')) {




                            $web_id = $rec['parent_domain_id'];


                            if(!in_array($web_id, $web_array)) $web_array[] = $web_id;


                            $db_backup_dir = $backup_dir.'/web'.$web_id;


                            if(!is_dir($db_backup_dir)) mkdir($db_backup_dir, 0750);


                            chmod($db_backup_dir, 0750);


@@ -234,7 +232,7 @@


                            $db_name = $rec['database_name'];


                            $db_backup_file = 'db_'.$db_name.'_'.date('Y-m-d_H-i').'.sql';


                            //$command = "mysqldump -h '".escapeshellcmd($clientdb_host)."' -u '".escapeshellcmd($clientdb_user)."' -p'".escapeshellcmd($clientdb_password)."' -c --add-drop-table --create-options --quick --result-file='".$db_backup_dir.'/'.$db_backup_file."' '".$db_name."'";


                            $command = "mysqldump -h ".escapeshellarg($clientdb_host)." -u ".escapeshellarg($clientdb_user)." -p".escapeshellarg($clientdb_password)." -c --add-drop-table --create-options --quick --result-file='".$db_backup_dir.'/'.$db_backup_file."' '".$db_name."'";


                            $command = "mysqldump -h ".escapeshellarg($clientdb_host)." -u ".escapeshellarg($clientdb_user)." -p".escapeshellarg($clientdb_password)." -c --add-drop-table --create-options --quick --max_allowed_packet=512M --result-file='".$db_backup_dir.'/'.$db_backup_file."' '".$db_name."'";


                            exec($command, $tmp_output, $retval);




                            //* Compress the backup with gzip


@@ -247,8 +245,6 @@


                                    chgrp($db_backup_dir.'/'.$db_backup_file.'.gz', filegroup($db_backup_dir));




                                    //* Insert web backup record in database


                                    //$insert_data = "(server_id,parent_domain_id,backup_type,backup_mode,tstamp,filename) VALUES (".$conf['server_id'].",$web_id,'mysql','sqlgz',".time().",'".$app->db->quote($db_backup_file).".gz')";


                                    //$app->dbmaster->datalogInsert('web_backup', $insert_data, 'backup_id');


                                    $filesize = filesize($db_backup_dir.'/'.$db_backup_file.'.gz');


                                    $sql = "INSERT INTO web_backup (server_id, parent_domain_id, backup_type, backup_mode, tstamp, filename, filesize) VALUES (?, ?, ?, ?, ?, ?, ?)";


                                    $app->db->query($sql, $conf['server_id'], $web_id, 'mysql', 'sqlgz', time(), $db_backup_file.'.gz', $filesize);


@@ -268,7 +264,7 @@


                            $dir_handle = dir($db_backup_dir);


                            $files = array();


                            while (false !== ($entry = $dir_handle->read())) {


                                if($entry != '.' && $entry != '..' && preg_match('/^db_(.*?)_\d{4}-\d{2}-\d{2}_\d{2}-\d{2}\.sql.gz$/', $entry, $matches) && is_file($db_backup_dir.'/'.$entry)) {


                                if($entry != '.' && $entry != '..' && preg_match('/^db_('.$db_name.')_\d{4}-\d{2}-\d{2}_\d{2}-\d{2}\.sql.gz$/', $entry, $matches) && is_file($db_backup_dir.'/'.$entry)) {


                                    if(array_key_exists($matches[1], $files) == false) $files[$matches[1]] = array();


                                    $files[$matches[1]][] = $entry;


                                }


@@ -280,13 +276,10 @@


                                rsort($filelist);


                                for ($n = $backup_copies; $n <= 10; $n++) {


                                    if(isset($filelist[$n]) && is_file($db_backup_dir.'/'.$filelist[$n])) {


                                        unlink($db_backup_dir.'/'.$filelist[$n]);


                                        //$sql = "SELECT backup_id FROM web_backup WHERE server_id = ".$conf['server_id']." AND parent_domain_id = $web_id AND filename = '".$app->db->quote($filelist[$n])."'";


                                        //$tmp = $app->dbmaster->queryOneRecord($sql);


                                        //$sql = "DELETE FROM web_backup WHERE backup_id = ".intval($tmp['backup_id']);


                                        $sql = "DELETE FROM web_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";


                                        $app->db->query($sql, $conf['server_id'], $web_id, $filelist[$n]);


                                        if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql, $conf['server_id'], $web_id, $filelist[$n]);


                                        @unlink($db_backup_dir.'/'.$filelist[$n]);


                                    }


                                }


                            }


@@ -310,7 +303,51 @@


                        if(!is_file($backup_file)){


                            $sql = "DELETE FROM web_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";


                            $app->db->query($sql, $conf['server_id'], $backup['parent_domain_id'], $backup['filename']);


                            if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql, $conf['server_id'], $backup['parent_domain_id'], $backup['filename']);


                        }


                    }


                }


                if($app->db->dbHost != $app->dbmaster->dbHost){


                    $backups = $app->dbmaster->queryAllRecords("SELECT * FROM web_backup WHERE server_id = ?", $conf['server_id']);


                    if(is_array($backups) && !empty($backups)){


                        foreach($backups as $backup){


                            $backup_file = $backup_dir.'/web'.$backup['parent_domain_id'].'/'.$backup['filename'];


                            if(!is_file($backup_file)){


                                $sql = "DELETE FROM web_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";


                                $app->dbmaster->query($sql, $conf['server_id'], $backup['parent_domain_id'], $backup['filename']);


                            }


                        }


                    }


                }


				


                // garbage collection (non-existing databases)


                if(is_array($web_array) && !empty($web_array)){


                    foreach($web_array as $tmp_web_id){


                        $tmp_backup_dir = $backup_dir.'/web'.$tmp_web_id;


                        if(is_dir($tmp_backup_dir)){


                            $dir_handle = dir($tmp_backup_dir);


                            $files = array();


                            while (false !== ($entry = $dir_handle->read())) {


                                if($entry != '.' && $entry != '..' && preg_match('/^db_(.*?)_\d{4}-\d{2}-\d{2}_\d{2}-\d{2}\.sql.gz$/', $entry, $matches) && is_file($tmp_backup_dir.'/'.$entry)) {




                                    $tmp_db_name = $matches[1];


                                    $tmp_database = $app->db->queryOneRecord("SELECT * FROM web_database WHERE server_id = ? AND parent_domain_id = ? AND database_name = ?", $conf['server_id'], $tmp_web_id, $tmp_db_name);




                                    if(is_array($tmp_database) && !empty($tmp_database)){


                                        if($tmp_database['backup_interval'] == 'none' || intval($tmp_database['backup_copies']) == 0){


                                            @unlink($tmp_backup_dir.'/'.$entry);


                                            $sql = "DELETE FROM web_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";


                                            $app->db->query($sql, $conf['server_id'], $tmp_web_id, $entry);


                                            if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql, $conf['server_id'], $tmp_web_id, $entry);


                                        }


                                    } else {


                                        @unlink($tmp_backup_dir.'/'.$entry);


                                        $sql = "DELETE FROM web_backup WHERE server_id = ? AND parent_domain_id = ? AND filename = ?";


                                        $app->db->query($sql, $conf['server_id'], $tmp_web_id, $entry);


                                        if($app->db->dbHost != $app->dbmaster->dbHost) $app->dbmaster->query($sql, $conf['server_id'], $tmp_web_id, $entry);


                                    }


                                }


                            }


                            $dir_handle->close();


                        }


                    }


                }


@@ -326,6 +363,27 @@


                }


            }


        }


		


        // delete files from backup download dir (/var/www/example.com/backup)


        unset($records, $entry, $files);


        $sql = "SELECT * FROM web_domain WHERE server_id = ? AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y'";


        $records = $app->db->queryAllRecords($sql, $conf['server_id']);


        if(is_array($records)) {


            foreach($records as $rec) {


                $backup_download_dir = $rec['document_root'].'/backup';


                if(is_dir($backup_download_dir)){


                    $dir_handle = dir($backup_download_dir);


                    $files = array();


                    while (false !== ($entry = $dir_handle->read())) {


                        if($entry != '.' && $entry != '..' && is_file($backup_download_dir.'/'.$entry)) {


                            // delete files older than 3 days


                            if(time() - filemtime($backup_download_dir.'/'.$entry) >= 60*60*24*3) @unlink($backup_download_dir.'/'.$entry);


                        }


                    }


                    $dir_handle->close();


                }


            }


        }




        parent::onRunJob();


    }




 server/lib/classes/cron.d/500-backup_mail.inc.php


@@ -65,7 +65,7 @@


            //* mount backup directory, if necessary


            if( $server_config['backup_dir_is_mount'] == 'y' && !$app->system->mount_backup_dir($backup_dir) ) $run_backups = false;




            $records = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE server_id = ? AND maildir <> ''", intval($conf['server_id']));


            $records = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE server_id = ? AND maildir != ''", intval($conf['server_id']));




            if(is_array($records) && $run_backups) {


                if(!is_dir($backup_dir)) {


@@ -88,13 +88,13 @@


                        if ($global_config['backups_include_into_web_quota'] == 'y') {


                            // this only works, if mail and webdomains are on the same server


                            // find webdomain fitting to maildomain


                            $sql = "SELECT * FROM web_domain WHERE domain = '".$domain_rec['domain']."'";


                            $webdomain = $app->db->queryOneRecord($sql);


                            $sql = "SELECT * FROM web_domain WHERE domain = ?";


                            $webdomain = $app->db->queryOneRecord($sql, $domain_rec['domain']);


                            // if this is not also the website, find website now


                            if ($webdomain && ($webdomain['parent_domain_id'] != 0)) {


                                do {


                                    $sql = "SELECT * FROM web_domain WHERE domain_id = ".$webdomain['parent_domain_id'];


                                    $webdomain = $app->db->queryOneRecord($sql);


                                    $sql = "SELECT * FROM web_domain WHERE domain_id = ?";


                                    $webdomain = $app->db->queryOneRecord($sql, $webdomain['parent_domain_id']);


                                } while ($webdomain && ($webdomain['parent_domain_id'] != 0));


                            }


                            // if webdomain is found, change username/group now




 server/lib/classes/cron.d/600-cleanup.inc.php


@@ -58,8 +58,8 @@


            $records = $app->db->queryAllRecords("SELECT s.instance_id, s.name, s.value FROM `aps_instances_settings` as s INNER JOIN `aps_instances` as i ON (i.id = s.instance_id) WHERE s.value != '' AND s.name IN ('main_database_password', 'admin_password') AND i.instance_status > 1");


            if(is_array($records)) {


                foreach($records as $rec) {


                    $tmp = $app->db->queryOneRecord("SELECT id FROM aps_instances_settings WHERE instance_id = '".$app->db->quote($rec['instance_id'])."' AND name = '".$app->db->quote($rec['name'])."'");


                    $app->db->datalogUpdate('aps_instances_settings', "value = ''", 'id', $tmp['id']);


                    $tmp = $app->db->queryOneRecord("SELECT id FROM aps_instances_settings WHERE instance_id = ? AND name = ?", $rec['instance_id'], $rec['name']);


                    $app->db->datalogUpdate('aps_instances_settings', array("value" => ''), 'id', $tmp['id']);


                }


            }


        }




 server/lib/classes/cronjob.inc.php


@@ -76,7 +76,7 @@


        // check the run time and values for this job




        // get previous run data


        $data = $app->db->queryOneRecord("SELECT `last_run`, `next_run`, `running` FROM `sys_cron` WHERE `name` = '" . $app->db->quote(get_class($this)) . "'");


        $data = $app->db->queryOneRecord("SELECT `last_run`, `next_run`, `running` FROM `sys_cron` WHERE `name` = ?", get_class($this));


        if($data) {


            if($data['last_run']) $this->_last_run = $data['last_run'];


            if($data['next_run']) $this->_next_run = $data['next_run'];


@@ -90,7 +90,7 @@


                $next_run = $app->cron->getNextRun(ISPConfigDateTime::dbtime());


                $this->_next_run = $next_run;




                $app->db->query("REPLACE INTO `sys_cron` (`name`, `last_run`, `next_run`, `running`) VALUES ('" . $app->db->quote(get_class($this)) . "', " . ($this->_last_run ? "'" . $app->db->quote($this->_last_run) . "'" : "NULL") . ", " . ($next_run === false ? "NULL" : "'" . $app->db->quote($next_run) . "'") . ", " . ($this->_running == true ? "1" : "0") . ")");


                $app->db->query("REPLACE INTO `sys_cron` (`name`, `last_run`, `next_run`, `running`) VALUES (?, ?, ?, ?)", get_class($this), ($this->_last_run ? $this->_last_run : "#NULL#"), ($next_run === false ? "#NULL#" : $next_run . "'"), ($this->_running == true ? "1" : "0"));


            }


        }


    }


@@ -131,7 +131,7 @@




        print "Jobs next run is now " . $next_run . "\n";




        $app->db->query("REPLACE INTO `sys_cron` (`name`, `last_run`, `next_run`, `running`) VALUES ('" . $app->db->quote(get_class($this)) . "', NOW(), " . ($next_run === false ? "NULL" : "'" . $app->db->quote($next_run) . "'") . ", 1)");


        $app->db->query("REPLACE INTO `sys_cron` (`name`, `last_run`, `next_run`, `running`) VALUES (?, NOW(), ?, 1)", get_class($this), ($next_run === false ? "#NULL#" : $next_run));


        return true;


    }




@@ -154,7 +154,7 @@


        global $app;




        print "Called onCompleted() for class " . get_class($this) . "\n";


        $app->db->query("UPDATE `sys_cron` SET `running` = 0 WHERE `name` = '" . $app->db->quote(get_class($this)) . "'");


        $app->db->query("UPDATE `sys_cron` SET `running` = 0 WHERE `name` = ?", get_class($this));


    }




}




 server/lib/classes/db_mysql.inc.php


@@ -132,8 +132,10 @@


                if($iPos2 !== false && ($iPos === false || $iPos2 <= $iPos)) {


                    $sTxt = $this->escape($sValue);




                    if(strpos($sTxt, '.') !== false) $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);


                    else $sTxt = '`' . $sTxt . '`';


                    if(strpos($sTxt, '.') !== false) {


                        $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);


                        $sTxt = str_replace('.`*`', '.*', $sTxt);


                    } else $sTxt = '`' . $sTxt . '`';




                    $sQuery = substr_replace($sQuery, $sTxt, $iPos2, 2);


                    $iPos2 += strlen($sTxt);


@@ -141,13 +143,17 @@


                } else {


                    if(is_int($sValue) || is_float($sValue)) {


                        $sTxt = $sValue;


                    } elseif(is_string($sValue) && (strcmp($sValue, '#NULL#') == 0)) {


                    } elseif(is_null($sValue) || (is_string($sValue) && (strcmp($sValue, '#NULL#') == 0))) {


                        $sTxt = 'NULL';


                    } elseif(is_array($sValue)) {


                        $sTxt = '';


                        foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';


                        $sTxt = '(' . substr($sTxt, 1) . ')';


                        if($sTxt == '()') $sTxt = '(0)';


                        if(isset($sValue['SQL'])) {


                            $sTxt = $sValue['SQL'];


                        } else {


                            $sTxt = '';


                            foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';


                            $sTxt = '(' . substr($sTxt, 1) . ')';


                            if($sTxt == '()') $sTxt = '(0)';


                        }


                    } else {


                        $sTxt = '\'' . $this->escape($sValue) . '\'';


                    }


@@ -615,20 +621,27 @@


        if(is_array($insert_data)) {


            $key_str = '';


            $val_str = '';


            $params = array($tablename);


            $v_params = array();


            foreach($insert_data as $key => $val) {


                $key_str .= "`".$key ."`,";


                $val_str .= "'".$this->escape($val)."',";


                $key_str .= '??,';


                $params[] = $key;


				


                $val_str .= '?,';


                $v_params[] = $val;


            }


            $key_str = substr($key_str, 0, -1);


            $val_str = substr($val_str, 0, -1);


            $insert_data_str = '('.$key_str.') VALUES ('.$val_str.')';


            $this->query("INSERT INTO ?? $insert_data_str", true, $params + $v_params);


        } else {


            /* TODO: deprecate this method! */


            $insert_data_str = $insert_data;


            $this->query("INSERT INTO ?? $insert_data_str", $tablename);


            $app->log("deprecated use of passing values to datalogInsert() - table " . $tablename, 1);


        }


        /* TODO: reduce risk of insert_data_str! */




		


        $old_rec = array();


        $this->query("INSERT INTO ?? $insert_data_str", $tablename);


        $index_value = $this->insertID();


        $new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ? = ?", $tablename, $index_field, $index_value);


        $this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);


@@ -643,17 +656,24 @@


        $old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);




        if(is_array($update_data)) {


            $params = array($tablename);


            $update_data_str = '';


            foreach($update_data as $key => $val) {


                $update_data_str .= "`".$key ."` = '".$this->escape($val)."',";


                $update_data_str .= '?? = ?,';


                $params[] = $key;


                $params[] = $val;


            }


            $params[] = $index_field;


            $params[] = $index_value;


            $update_data_str = substr($update_data_str, 0, -1);


            $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", true, $params);


        } else {


            /* TODO: deprecate this method! */


            $update_data_str = $update_data;


            $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);


            $app->log("deprecated use of passing values to datalogUpdate() - table " . $tablename, 1);


        }


        /* TODO: reduce risk of update_data_str */




        $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);


        $new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);


        $this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec, $force_update);




@@ -676,7 +696,7 @@


    public function datalogError($errormsg) {


        global $app;




        if(isset($app->modules->current_datalog_id) && $app->modules->current_datalog_id > 0) $this->query("UPDATE sys_datalog set error = '".$this->quote($errormsg)."' WHERE datalog_id = ".$app->modules->current_datalog_id);


        if(isset($app->modules->current_datalog_id) && $app->modules->current_datalog_id > 0) $this->query("UPDATE sys_datalog set error = ? WHERE datalog_id = ?", $errormsg, $app->modules->current_datalog_id);




        return true;


    }




 server/lib/classes/functions.inc.php


@@ -237,7 +237,7 @@


        }




        $ips = array();


        $results = $app->db->queryAllRecords("SELECT ip_address AS ip FROM server_ip WHERE ip_type = '".$type."'");


        $results = $app->db->queryAllRecords("SELECT ip_address AS ip FROM server_ip WHERE ip_type = ?", $type);


        if(!empty($results) && is_array($results)){


            foreach($results as $result){


                if(preg_match($regex, $result['ip'])) $ips[] = $result['ip'];




 server/lib/classes/getconf.inc.php


@@ -38,7 +38,7 @@


        if(!is_array($this->config[$server_id])) {


            $app->uses('ini_parser');


            $server_id = intval($server_id);


            $server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = '.$server_id);


            $server = $app->db->queryOneRecord('SELECT config FROM server WHERE server_id = ?', $server_id);


            $this->config[$server_id] = $app->ini_parser->parse_ini_string(stripslashes($server['config']));


        }






 server/lib/classes/modules.inc.php


@@ -85,12 +85,12 @@


        //* If its a multiserver setup


        if($app->db->dbHost != $app->dbmaster->dbHost || ($app->db->dbHost == $app->dbmaster->dbHost && $app->db->dbName != $app->dbmaster->dbName)) {


            if($conf['mirror_server_id'] > 0) {


                $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ".$conf['last_datalog_id']." AND (server_id = ".$conf['server_id']." OR server_id = ".$conf['mirror_server_id']." OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";


                $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ? AND (server_id = ? OR server_id = ? OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";


            } else {


                $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ".$conf['last_datalog_id']." AND (server_id = ".$conf['server_id']." OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";


                $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ? AND (server_id = ? OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";


            }




            $records = $app->dbmaster->queryAllRecords($sql);


            $records = $app->dbmaster->queryAllRecords($sql, $conf['last_datalog_id'], $conf['server_id'], $conf['mirror_server_id']);


            foreach($records as $d) {




                //** encode data to utf-8 and unserialize it


@@ -133,46 +133,38 @@


                        $idx = explode(':', $d['dbidx']);


                        $tmp_sql1 = '';


                        $tmp_sql2 = '';


                        $f_params = array($d['dbtable']);


                        $params = array();


                        foreach($data['new'] as $fieldname => $val) {


                            $tmp_sql1 .= "`$fieldname`,";


                            $tmp_sql2 .= "'".$app->db->quote($val)."',";


                            $tmp_sql1 .= "??,";


                            $tmp_sql2 .= "?,";


                            $f_params[] = $fieldname;


                            $params[] = $val;


                        }


                        $params = $f_params + $params;


                        unset($f_params);


						


                        $tmp_sql1 = substr($tmp_sql1, 0, -1);


                        $tmp_sql2 = substr($tmp_sql2, 0, -1);


                        //$tmp_sql1 .= "$idx[0]";


                        //$tmp_sql2 .= "$idx[1]";


                        $sql = "REPLACE INTO $d[dbtable] ($tmp_sql1) VALUES ($tmp_sql2)";


                        $sql = "REPLACE INTO ?? ($tmp_sql1) VALUES ($tmp_sql2)";


                        $app->db->errorNumber = 0;


                        $app->db->errorMessage = '';


                        $app->db->query($sql);


                        $app->db->query($sql, true, $params);


                        unset($params);


                        if($app->db->errorNumber > 0) {


                            $replication_error = true;


                            $app->log("Replication failed. Error: (" . $d['dbtable'] . ") in MySQL server: (".$app->db->dbHost.") " . $app->db->errorMessage . " # SQL: " . $sql, LOGLEVEL_ERROR);


                        }


                        $app->log('Replicated from master: '.$sql, LOGLEVEL_DEBUG);


                    }


                    /*


                    if($d["action"] == 'u') {


                        $sql = "UPDATE $d[dbtable] SET ";


                        foreach($data['new'] as $fieldname => $val) {


                            $sql .= "`$fieldname` = '$val',";


                        }


                        $sql = substr($sql,0,-1);


                        $idx = explode(":",$d["dbidx"]);


                        $sql .= " WHERE $idx[0] = $idx[1]";


                        $app->db->query($sql);


                        if($app->db->errorNumber > 0) {


                            $replication_error = true;


                            $app->log("Replication failed. Error: (" . $d[dbtable] . ") " . $app->db->errorMessage . " # SQL: " . $sql,LOGLEVEL_ERROR);


                        }


                        $app->log("Replicated from master: ".$sql,LOGLEVEL_DEBUG);


                    }


                    */


					


                    if($d['action'] == 'd') {


                        $idx = explode(':', $d['dbidx']);


                        $sql = "DELETE FROM $d[dbtable] ";


                        $sql .= " WHERE $idx[0] = $idx[1]";


                        $app->db->query($sql);


                        $sql = "DELETE FROM ?? ";


                        $sql .= " WHERE ?? = ?";


                        $app->db->query($sql, $d['dbtable'], $idx[0], $idx[1]);


                        if($app->db->errorNumber > 0) {


                            $replication_error = true;


                            $app->log("Replication failed. Error: (" . $d[dbtable] . ") " . $app->db->errorMessage . " # SQL: " . $sql, LOGLEVEL_ERROR);


@@ -183,12 +175,12 @@




                    if($replication_error == false) {


                        if(is_array($data['old']) || is_array($data['new'])) {


                            $app->db->query("UPDATE server SET updated = ".$d["datalog_id"]." WHERE server_id = ".$conf['server_id']);


                            $app->db->query("UPDATE server SET updated = ? WHERE server_id = ?", $d["datalog_id"], $conf['server_id']);


                            $this->raiseTableHook($d['dbtable'], $d['action'], $data);


                        } else {


                            $app->log('Data array was empty for datalog_id '.$d['datalog_id'], LOGLEVEL_WARN);


                        }


                        $app->dbmaster->query("UPDATE server SET updated = ".$d["datalog_id"]." WHERE server_id = ".$conf['server_id']);


                        $app->dbmaster->query("UPDATE server SET updated = ? WHERE server_id = ?", $d["datalog_id"], $conf['server_id']);


                        $app->log('Processed datalog_id '.$d['datalog_id'], LOGLEVEL_DEBUG);


                    } else {


                        $app->log('Error in Replication, changes were not processed.', LOGLEVEL_ERROR);


@@ -205,23 +197,14 @@




            //* if we have a single server setup


        } else {


            $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ".$conf['last_datalog_id']." AND (server_id = ".$conf['server_id']." OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";


            $records = $app->db->queryAllRecords($sql);


            $sql = "SELECT * FROM sys_datalog WHERE datalog_id > ? AND (server_id = ? OR server_id = 0) ORDER BY datalog_id LIMIT 0,1000";


            $records = $app->db->queryAllRecords($sql, $conf['last_datalog_id'], $conf['server_id']);


            foreach($records as $d) {




                //** encode data to utf-8 to be able to unserialize it and then unserialize it


                if(!$data = unserialize(stripslashes($d['data']))) {


                    $data = unserialize($d['data']);


                }


                //** decode data back to current locale


                /*


                foreach($data['old'] as $key => $val) {


                    $data['old'][$key] = utf8_decode($val);


                }


                foreach($data['new'] as $key => $val) {


                    $data['new'][$key] = utf8_decode($val);


                }


                */




                //* Data on a single server is never mirrored


                $data['mirrored'] = false;


@@ -232,9 +215,7 @@


                } else {


                    $app->log('Data array was empty for datalog_id '.$d['datalog_id'], LOGLEVEL_WARN);


                }


                //$app->db->query("DELETE FROM sys_datalog WHERE datalog_id = ".$rec["datalog_id"]);


                //$app->log("Deleting sys_datalog ID ".$rec["datalog_id"],LOGLEVEL_DEBUG);


                $app->db->query("UPDATE server SET updated = ".$d['datalog_id']." WHERE server_id = ".$conf['server_id']);


                $app->db->query("UPDATE server SET updated = ? WHERE server_id = ?", $d['datalog_id'], $conf['server_id']);


                $app->log('Processed datalog_id '.$d['datalog_id'], LOGLEVEL_DEBUG);


            }


        }


@@ -251,11 +232,11 @@


        //* SQL query to get all pending actions


        $sql = "SELECT action_id, action_type, action_param " .


            "FROM sys_remoteaction " .


            "WHERE server_id = " . $server_id . " ".


            " AND  action_id > " . intval($maxid_remote_action) . " ".


            "WHERE server_id = ? ".


            " AND  action_id > ? ".


            "ORDER BY action_id";




        $actions = $app->dbmaster->queryAllRecords($sql);


        $actions = $app->dbmaster->queryAllRecords($sql, $server_id, $maxid_remote_action);




        if(is_array($actions)) {


            foreach($actions as $action) {


@@ -265,9 +246,9 @@




                //* Update the action state


                $sql = "UPDATE sys_remoteaction " .


                    "SET action_state = '" . $app->dbmaster->quote($state) . "' " .


                    "WHERE action_id = " . intval($action['action_id']);


                $app->dbmaster->query($sql);


                    "SET action_state = ? " .


                    "WHERE action_id = ?";


                $app->dbmaster->query($sql, $state, $action['action_id']);




                /*


                * Then save the maxid for the next time...




 server/lib/classes/monitor_tools.inc.php


@@ -259,7 +259,7 @@


        $server_id = intval($conf['server_id']);




        /**  get the "active" Services of the server from the DB */


        $services = $app->db->queryOneRecord('SELECT * FROM server WHERE server_id = ' . $server_id);


        $services = $app->db->queryOneRecord('SELECT * FROM server WHERE server_id = ?', $server_id);


        /*


         * If the DB is down, we have to set the db to "yes".


         * If we don't do this, then the monitor will NOT monitor, that the db is down and so the


@@ -670,12 +670,12 @@


         */


        $sql = 'DELETE FROM monitor_data ' .


            'WHERE ' .


            '  type =' . "'" . $app->dbmaster->quote($type) . "' " .


            '  type = ?' .


            'AND ' .


            '  created < ' . $old . ' ' .


            '  created < ? ' .


            'AND ' .


            '  server_id = ' . $serverId;


        $app->dbmaster->query($sql);


            '  server_id = ?';


        $app->dbmaster->query($sql, $type, $old, $serverId);


    }




    public function send_notification_email($template, $placeholders, $recipients) {




 server/mods-available/remoteaction_core_module.inc.php


@@ -62,10 +62,8 @@


         * First set the state


         */


        global $app;


        $sql = "UPDATE sys_remoteaction " .


            "SET action_state = '" . $app->dbmaster->quote($state) . "' " .


            "WHERE action_id = " . intval($id);


        $app->dbmaster->query($sql);


        $sql = "UPDATE sys_remoteaction SET action_state = ? WHERE action_id = ?";


        $app->dbmaster->query($sql, $state, $id);




        /*


         * Then save the maxid for the next time...


@@ -103,12 +101,8 @@


        /*


         * Get all actions this server should execute


        */


        $sql = "SELECT action_id, action_type, action_param " .


            "FROM sys_remoteaction " .


            "WHERE server_id = " . $server_id . " ".


            " AND  action_id > " . intval($maxid_remote_action) . " ".


            "ORDER BY action_id";


        $actions = $app->dbmaster->queryAllRecords($sql);


        $sql = "SELECT action_id, action_type, action_param FROM sys_remoteaction WHERE server_id = ? AND action_id > ? ORDER BY action_id";


        $actions = $app->dbmaster->queryAllRecords($sql, $server_id, $maxid_remote_action);




        /*


         * process all actions




 server/plugins-available/apache2_plugin.inc.php


@@ -108,23 +108,27 @@


         * php_version -> php ini path that changed (additional php versions)


         */




        $param = '';


        $qrystr = "SELECT * FROM web_domain WHERE custom_php_ini != ''";


        if($data['mode'] == 'mod') {


            $qrystr .= " AND php = 'mod'";


        } elseif($data['mode'] == 'fast-cgi') {


            $qrystr .= " AND php = 'fast-cgi'";


            if($data['php_version']) {


                $qrystr .= " AND fastcgi_php_version LIKE '%:" . $app->db->quote($data['php_version']) . "'";


                $qrystr .= " AND fastcgi_php_version LIKE ?";


                $param = '%:' . $data['php_version'];


            }


        } elseif($data['mode'] == 'php-fpm') {


            $qrystr .= " AND php = 'php-fpm'";


            if($data['php_version']) {


                $qrystr .= " AND fastcgi_php_version LIKE '%:" . $app->db->quote($data['php_version']) . ":%'";


                $qrystr .= " AND fastcgi_php_version LIKE ?";


                $param = '%:' . $data['php_version'] . ':%';


            }


        } elseif($data['mode'] == 'hhvm') {


            $qrystr .= " AND php = 'hhvm'";


            if($data['php_version']) {


                $qrystr .= " AND fastcgi_php_version LIKE '%:" . $app->db->quote($data['php_version']) . ":%'";


                $qrystr .= " AND fastcgi_php_version LIKE ?";


                $param = '%:' . $data['php_version'] . ':%';


            }


        } else {


            $qrystr .= " AND php != 'mod' AND php != 'fast-cgi'";


@@ -132,7 +136,7 @@






        //** Get all the webs


        $web_domains = $app->db->queryAllRecords($qrystr);


        $web_domains = $app->db->queryAllRecords($qrystr, $param);


        foreach($web_domains as $web_data) {


            $custom_php_ini_dir = $web_config['website_basedir'].'/conf/'.$web_data['system_user'];


            $web_folder = 'web';


@@ -157,6 +161,26 @@


            if($master_php_ini_path != '' && substr($master_php_ini_path, -7) == 'php.ini' && is_file($master_php_ini_path)) {


                $php_ini_content .= $app->system->file_get_contents($master_php_ini_path)."\n";


            }


			


            if(intval($web_data['directive_snippets_id']) > 0){


                $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($web_data['directive_snippets_id']));


                if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){


                    $required_php_snippets = explode(',', trim($snippet['required_php_snippets']));


                    if(is_array($required_php_snippets) && !empty($required_php_snippets)){


                        foreach($required_php_snippets as $required_php_snippet){


                            $required_php_snippet = intval($required_php_snippet);


                            if($required_php_snippet > 0){


                                $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);


                                $php_snippet['snippet'] = trim($php_snippet['snippet']);


                                if($php_snippet['snippet'] != ''){


                                    $web_data['custom_php_ini'] .= "\n".$php_snippet['snippet'];


                                }


                            }


                        }


                    }


                }


            }


		


            $php_ini_content .= str_replace("\r", '', trim($web_data['custom_php_ini']));


            $app->system->file_put_contents($custom_php_ini_dir.'/php.ini', $php_ini_content);


            $app->log('Info: rewrote custom php.ini for web ' . $web_data['domain_id'] . ' (' . $web_data['domain'] . ').', LOGLEVEL_DEBUG);


@@ -303,15 +327,15 @@


            $app->system->chmod($key_file2, 0400);


            @$app->system->unlink($config_file);


            @$app->system->unlink($rand_file);


            $ssl_request = $app->db->quote($app->system->file_get_contents($csr_file));


            $ssl_cert = $app->db->quote($app->system->file_get_contents($crt_file));


            $ssl_key2 = $app->db->quote($app->system->file_get_contents($key_file2));


            $ssl_request = $app->system->file_get_contents($csr_file);


            $ssl_cert = $app->system->file_get_contents($crt_file);


            $ssl_key2 = $app->system->file_get_contents($key_file2);


            /* Update the DB of the (local) Server */


            $app->db->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");


            $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");


            $app->db->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key2, $data['new']['domain']);


            $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);


            /* Update also the master-DB of the Server-Farm */


            $app->dbmaster->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");


            $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");


            $app->dbmaster->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key2, $data['new']['domain']);


            $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);


        }




        //* Save a SSL certificate to disk


@@ -355,18 +379,18 @@


                $app->system->file_put_contents($key_file2, $data["new"]["ssl_key"]);


                $app->system->chmod($key_file2, 0400);


            } else {


                $ssl_key2 = $app->db->quote($app->system->file_get_contents($key_file2));


                $ssl_key2 = $app->system->file_get_contents($key_file2);


                /* Update the DB of the (local) Server */


                $app->db->query("UPDATE web_domain SET ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");


                $app->db->query("UPDATE web_domain SET ssl_key = ? WHERE domain = ?", $ssl_key2, $data['new']['domain']);


                /* Update also the master-DB of the Server-Farm */


                $app->dbmaster->query("UPDATE web_domain SET ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");


                $app->dbmaster->query("UPDATE web_domain SET ssl_key = ? WHERE domain = ?", $ssl_key2, $data['new']['domain']);


            }




            /* Update the DB of the (local) Server */


            $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");


            $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);




            /* Update also the master-DB of the Server-Farm */


            $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");


            $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);


            $app->log('Saving SSL Cert for: '.$domain, LOGLEVEL_DEBUG);


        }




@@ -386,11 +410,11 @@


            $app->system->unlink($crt_file);


            $app->system->unlink($bundle_file);


            /* Update the DB of the (local) Server */


            $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = '".$data['new']['domain']."'");


            $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");


            $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']);


            $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);


            /* Update also the master-DB of the Server-Farm */


            $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = '".$data['new']['domain']."'");


            $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");


            $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']);


            $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);


            $app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);


        }




@@ -420,7 +444,7 @@




            // If the parent_domain_id has been changed, we will have to update the old site as well.


            if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {


                $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$old_parent_domain_id." AND active = 'y'");


                $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = ? AND active = ?', $old_parent_domain_id, 'y');


                $data['new'] = $tmp;


                $data['old'] = $tmp;


                $this->action = 'update';


@@ -428,7 +452,7 @@


            }




            // This is not a vhost, so we need to update the parent record instead.


            $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$new_parent_domain_id." AND active = 'y'");


            $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = ? AND active = ', $new_parent_domain_id, 'y');


            $data['new'] = $tmp;


            $data['old'] = $tmp;


            $this->action = 'update';


@@ -466,7 +490,7 @@


        $old_log_folder = 'log';


        if($data['new']['type'] == 'vhostsubdomain' || $data['new']['type'] == 'vhostalias') {


            // new one


            $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($data['new']['parent_domain_id']));


            $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $data['new']['parent_domain_id']);


            $subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['new']['domain']);


            if($subdomain_host == '') $subdomain_host = 'web'.$data['new']['domain_id'];


            $web_folder = $data['new']['web_folder'];


@@ -475,7 +499,7 @@


            


            if(isset($data['old']['parent_domain_id'])) {


                // old one


                $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($data['old']['parent_domain_id']));


                $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $data['old']['parent_domain_id']);


                $subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['old']['domain']);


                if($subdomain_host == '') $subdomain_host = 'web'.$data['old']['domain_id'];


                $old_web_folder = $data['old']['web_folder'];


@@ -529,7 +553,7 @@


        if($this->action == 'update' && $data['new']['document_root'] != $data['old']['document_root']) {




            //* Get the old client ID


            $old_client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['old']['sys_groupid']));


            $old_client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = ?', $data['old']['sys_groupid']);


            $old_client_id = intval($old_client['client_id']);


            unset($old_client);




@@ -671,7 +695,7 @@


        $app->system->web_folder_protection($data['new']['document_root'], true);




        // Get the client ID


        $client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['new']['sys_groupid']));


        $client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = ?', $data['new']['sys_groupid']);


        $client_id = intval($client['client_id']);


        unset($client);




@@ -1004,6 +1028,26 @@


                $php_ini_content .= $app->system->file_get_contents($master_php_ini_path)."\n";


            }


            $php_ini_content .= str_replace("\r", '', trim($data['new']['custom_php_ini']));


			


            if(intval($data['new']['directive_snippets_id']) > 0){


                $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));


                if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){


                    $required_php_snippets = explode(',', trim($snippet['required_php_snippets']));


                    if(is_array($required_php_snippets) && !empty($required_php_snippets)){


                        foreach($required_php_snippets as $required_php_snippet){


                            $required_php_snippet = intval($required_php_snippet);


                            if($required_php_snippet > 0){


                                $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);


                                $php_snippet['snippet'] = trim($php_snippet['snippet']);


                                if($php_snippet['snippet'] != ''){


                                    $php_ini_content .= "\n".$php_snippet['snippet'];


                                }


                            }


                        }


                    }


                }


            }


		


            $app->system->file_put_contents($custom_php_ini_dir.'/php.ini', $php_ini_content);


        } else {


            $has_custom_php_ini = false;


@@ -1031,7 +1075,7 @@




        // Custom Apache directives


        if(intval($data['new']['directive_snippets_id']) > 0){


            $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'apache' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));


            $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'apache' AND active = 'y' AND customer_viewable = 'y'", $data['new']['directive_snippets_id']);


            if(isset($snippet['snippet'])){


                $vhost_data['apache_directives'] = $snippet['snippet'];


            }


@@ -1137,7 +1181,7 @@


        $auto_alias = $web_config['website_autoalias'];


        if($auto_alias != '') {


            // get the client username


            $client = $app->db->queryOneRecord("SELECT `username` FROM `client` WHERE `client_id` = '" . intval($client_id) . "'");


            $client = $app->db->queryOneRecord("SELECT `username` FROM `client` WHERE `client_id` = ?", $client_id);


            $aa_search = array('[client_id]', '[website_id]', '[client_username]', '[website_domain]');


            $aa_replace = array($client_id, $data['new']['domain_id'], $client['username'], $data['new']['domain']);


            $auto_alias = str_replace($aa_search, $aa_replace, $auto_alias);


@@ -1148,7 +1192,7 @@


        }




        // get alias domains (co-domains and subdomains)


        $aliases = $app->db->queryAllRecords('SELECT * FROM web_domain WHERE parent_domain_id = '.$data['new']['domain_id']." AND active = 'y' AND (type != 'vhostsubdomain' AND type != 'vhostalias')");


        $aliases = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND active = 'y' AND (type != 'vhostsubdomain' AND type != 'vhostalias')", $data['new']['domain_id']);


        $alias_seo_redirects = array();


        switch($data['new']['subdomain']) {


        case 'www':


@@ -1792,7 +1836,7 @@


        $log_folder = 'log';


        $web_folder = '';


        if($data['old']['type'] == 'vhostsubdomain' || $data['old']['type'] == 'vhostalias') {


            $tmp = $app->db->queryOneRecord('SELECT `domain`,`document_root` FROM web_domain WHERE domain_id = '.intval($data['old']['parent_domain_id']));


            $tmp = $app->db->queryOneRecord('SELECT `domain`,`document_root` FROM web_domain WHERE domain_id = ?', $data['old']['parent_domain_id']);


            if($tmp['domain'] != ''){


                $subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['old']['domain']);


            } else {


@@ -1864,7 +1908,7 @@


        if($data['old']['type'] != 'vhost' && $data['old']['type'] != 'vhostsubdomain' && $data['old']['type'] != 'vhostalias' && $data['old']['parent_domain_id'] > 0) {


            //* This is a alias domain or subdomain, so we have to update the website instead


            $parent_domain_id = intval($data['old']['parent_domain_id']);


            $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$parent_domain_id." AND active = 'y'");


            $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $parent_domain_id);


            $data['new'] = $tmp;


            $data['old'] = $tmp;


            $this->action = 'update';


@@ -1918,7 +1962,7 @@


                        } else {


                            // read all vhost subdomains and alias with same parent domain


                            $used_paths = array();


                            $tmp = $app->db->queryAllRecords("SELECT `web_folder` FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ".intval($data['old']['parent_domain_id'])." AND domain_id != ".intval($data['old']['domain_id']));


                            $tmp = $app->db->queryAllRecords("SELECT `web_folder` FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ? AND domain_id != ?", $data['old']['parent_domain_id'], $data['old']['domain_id']);


                            foreach($tmp as $tmprec) {


                                // we normalize the folder entries because we need to compare them


                                $tmp_folder = preg_replace('/[\/]{2,}/', '/', $tmprec['web_folder']); // replace / occuring multiple times


@@ -2000,7 +2044,7 @@


                $app->log('Removing website: '.$docroot, LOGLEVEL_DEBUG);




                // Delete the symlinks for the sites


                $client = $app->db->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['old']['sys_groupid']));


                $client = $app->db->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = ?', $data['old']['sys_groupid']);


                $client_id = intval($client['client_id']);


                unset($client);


                $tmp_symlinks_array = explode(':', $web_config['website_symlinks']);


@@ -2089,7 +2133,7 @@


        $tpl = new tpl();


        $tpl->newTemplate('apache_ispconfig.conf.master');


        $tpl->setVar('apache_version', $app->system->getapacheversion());


        $records = $app->db->queryAllRecords('SELECT * FROM server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");


        $records = $app->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ? AND virtualhost = 'y'", $conf['server_id']);




        $records_out= array();


        if(is_array($records)) {


@@ -2135,8 +2179,8 @@


            $folder_id = $data['new']['web_folder_id'];


        }




        $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ".intval($folder_id));


        $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($folder['parent_domain_id']));


        $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ?", $folder_id);


        $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $folder['parent_domain_id']);




        if(!is_array($folder) or !is_array($website)) {


            $app->log('Not able to retrieve folder or website record.', LOGLEVEL_DEBUG);


@@ -2171,19 +2215,6 @@


            $app->system->chgrp($folder_path.'.htpasswd', $website['system_group']);


            $app->log('Created file '.$folder_path.'.htpasswd', LOGLEVEL_DEBUG);


        }




        /*


        $auth_users = $app->db->queryAllRecords("SELECT * FROM web_folder_user WHERE active = 'y' AND web_folder_id = ".intval($folder_id));


        $htpasswd_content = '';


        if(is_array($auth_users) && !empty($auth_users)){


            foreach($auth_users as $auth_user){


                $htpasswd_content .= $auth_user['username'].':'.$auth_user['password']."\n";


            }


        }


        $htpasswd_content = trim($htpasswd_content);


        @file_put_contents($folder_path.'.htpasswd', $htpasswd_content);


        $app->log('Changed .htpasswd file: '.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);


        */




        if(($data['new']['username'] != $data['old']['username'] || $data['new']['active'] == 'n') && $data['old']['username'] != '') {


            $app->system->removeLine($folder_path.'.htpasswd', $data['old']['username'].':');


@@ -2235,7 +2266,7 @@


        $folder_id = $data['old']['web_folder_id'];




        $folder = $data['old'];


        $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($folder['parent_domain_id']));


        $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $folder['parent_domain_id']);




        if(!is_array($folder) or !is_array($website)) {


            $app->log('Not able to retrieve folder or website record.', LOGLEVEL_DEBUG);


@@ -2290,7 +2321,7 @@


    function web_folder_update($event_name, $data) {


        global $app, $conf;




        $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));


        $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);




        if(!is_array($website)) {


            $app->log('Not able to retrieve folder or website record.', LOGLEVEL_DEBUG);


@@ -2450,7 +2481,7 @@


            /*


             * Get additional informations


            */


            $sitedata = $app->db->queryOneRecord('SELECT document_root, domain, system_user, system_group FROM web_domain WHERE domain_id = ' . $data['new']['parent_domain_id']);


            $sitedata = $app->db->queryOneRecord('SELECT document_root, domain, system_user, system_group FROM web_domain WHERE domain_id = ?', $data['new']['parent_domain_id']);


            $documentRoot = $sitedata['document_root'];


            $domain = $sitedata['domain'];


            $user = $sitedata['system_user'];


@@ -2538,7 +2569,7 @@


            /*


             * Get additional informations


            */


            $sitedata = $app->db->queryOneRecord('SELECT document_root, domain FROM web_domain WHERE domain_id = ' . $data['old']['parent_domain_id']);


            $sitedata = $app->db->queryOneRecord('SELECT document_root, domain FROM web_domain WHERE domain_id = ?', $data['old']['parent_domain_id']);


            $documentRoot = $sitedata['document_root'];


            $domain = $sitedata['domain'];




@@ -2768,17 +2799,63 @@


        } else {


            $content = file_get_contents($conf['rootpath'] . '/conf/hhvm_starter.master');


        }


        if(file_exists($conf['rootpath'] . '/conf-custom/hhvm_monit.master')) {


            $monit_content = file_get_contents($conf['rootpath'] . '/conf-custom/hhvm_monit.master');


        } else {


            $monit_content = file_get_contents($conf['rootpath'] . '/conf/hhvm_monit.master');


        }


        


        if($data['new']['php'] == 'hhvm' && $data['old']['php'] != 'hhvm') {


        if($data['new']['php'] == 'hhvm' && $data['old']['php'] != 'hhvm' || $data['new']['custom_php_ini'] != $data['old']['custom_php_ini']) {


		


            // Custom php.ini settings


            $custom_php_ini_settings = trim($data['new']['custom_php_ini']);


            if(intval($data['new']['directive_snippets_id']) > 0){


                $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));


                if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){


                    $required_php_snippets = explode(',', trim($snippet['required_php_snippets']));


                    if(is_array($required_php_snippets) && !empty($required_php_snippets)){


                        foreach($required_php_snippets as $required_php_snippet){


                            $required_php_snippet = intval($required_php_snippet);


                            if($required_php_snippet > 0){


                                $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);


                                $php_snippet['snippet'] = trim($php_snippet['snippet']);


                                if($php_snippet['snippet'] != ''){


                                    $custom_php_ini_settings .= "\n".$php_snippet['snippet'];


                                }


                            }


                        }


                    }


                }


            }


            if($custom_php_ini_settings != ''){


                // Make sure we only have Unix linebreaks


                $custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);


                $custom_php_ini_settings = str_replace("\r", "\n", $custom_php_ini_settings);


                file_put_contents('/etc/hhvm/'.$data['new']['system_user'].'.ini', $custom_php_ini_settings);


            } else {


                if(is_file('/etc/hhvm/'.$data['old']['system_user'].'.ini')) unlink('/etc/hhvm/'.$data['old']['system_user'].'.ini');


            }


			


            $content = str_replace('{SYSTEM_USER}', $data['new']['system_user'], $content);


            file_put_contents('/etc/init.d/hhvm_' . $data['new']['system_user'], $content);


            exec('chmod +x /etc/init.d/hhvm_' . $data['new']['system_user'] . ' >/dev/null 2>&1');


            exec('/usr/sbin/update-rc.d hhvm_' . $data['new']['system_user'] . ' defaults >/dev/null 2>&1');


            exec('/etc/init.d/hhvm_' . $data['new']['system_user'] . ' start >/dev/null 2>&1');


			


            $monit_content = str_replace('{SYSTEM_USER}', $data['new']['system_user'], $monit_content);


            file_put_contents('/etc/monit/conf.d/hhvm_' . $data['new']['system_user'], $monit_content);


            exec('/etc/init.d/monit restart >/dev/null 2>&1');


			


         } elseif($data['new']['php'] != 'hhvm' && $data['old']['php'] == 'hhvm') {


            exec('/etc/init.d/hhvm_' . $data['old']['system_user'] . ' stop >/dev/null 2>&1');


            exec('/usr/sbin/update-rc.d hhvm_' . $data['old']['system_user'] . ' remove >/dev/null 2>&1');


            unlink('/etc/init.d/hhvm_' . $data['old']['system_user']);


            if(is_file('/etc/hhvm/'.$data['old']['system_user'].'.ini')) unlink('/etc/hhvm/'.$data['old']['system_user'].'.ini');


			


            if(is_file('/etc/monit/conf.d/hhvm_' . $data['new']['system_user'])){


                unlink('/etc/monit/conf.d/hhvm_' . $data['new']['system_user']);


                exec('/etc/init.d/monit restart >/dev/null 2>&1');


            }


        }


    }




@@ -2873,6 +2950,26 @@


        // Custom php.ini settings


        $final_php_ini_settings = array();


        $custom_php_ini_settings = trim($data['new']['custom_php_ini']);


		


        if(intval($data['new']['directive_snippets_id']) > 0){


            $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'apache' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));


            if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){


                $required_php_snippets = explode(',', trim($snippet['required_php_snippets']));


                if(is_array($required_php_snippets) && !empty($required_php_snippets)){


                    foreach($required_php_snippets as $required_php_snippet){


                        $required_php_snippet = intval($required_php_snippet);


                        if($required_php_snippet > 0){


                            $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);


                            $php_snippet['snippet'] = trim($php_snippet['snippet']);


                            if($php_snippet['snippet'] != ''){


                                $custom_php_ini_settings .= "\n".$php_snippet['snippet'];


                            }


                        }


                    }


                }


            }


        }


		


        if($custom_php_ini_settings != ''){


            // Make sure we only have Unix linebreaks


            $custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);


@@ -2925,7 +3022,7 @@


                $app->services->restartService('php-fpm', 'reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);


            }


        }


        $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$conf["server_id"]);


        $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?", $conf["server_id"]);


        if(is_array($php_versions) && !empty($php_versions)){


            foreach($php_versions as $php_version){


                if(substr($php_version['php_fpm_pool_dir'], -1) != '/') $php_version['php_fpm_pool_dir'] .= '/';


@@ -2989,7 +3086,7 @@


                $app->services->restartService('php-fpm', 'reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);


            }


        }


        $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$data['old']['server_id']);


        $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?", $data['old']['server_id']);


        if(is_array($php_versions) && !empty($php_versions)){


            foreach($php_versions as $php_version){


                if(substr($php_version['php_fpm_pool_dir'], -1) != '/') $php_version['php_fpm_pool_dir'] .= '/';




 server/plugins-available/backup_plugin.inc.php


@@ -63,19 +63,19 @@


        global $app, $conf;




        $backup_id = intval($data);


        $backup = $app->dbmaster->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = $backup_id");


        $backup = $app->dbmaster->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);




        if(is_array($backup)) {




            $app->uses('ini_parser,file,getconf,system');




            $web = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$backup['parent_domain_id']);


            $web = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $backup['parent_domain_id']);


            $server_config = $app->getconf->get_server_config($conf['server_id'], 'server');


            $backup_dir = $server_config['backup_dir'].'/web'.$web['domain_id'];


            


            $backup_dir_is_ready = true;


            //* mount backup directory, if necessary


            if( $server_config['backup_dir_is_mount'] == 'y' && !$app->system->mount_backup_dir($backup_dir) ) $backup_dir_is_ready = false;


            if( $server_config['backup_dir_is_mount'] == 'y' && !$app->system->mount_backup_dir($server_config['backup_dir']) ) $backup_dir_is_ready = false;




            if($backup_dir_is_ready){


                //* Make backup available for download


@@ -172,7 +172,7 @@


        global $app, $conf;


    


        $backup_id = intval($data);


        $mail_backup = $app->dbmaster->queryOneRecord("SELECT * FROM mail_backup WHERE backup_id = $backup_id");


        $mail_backup = $app->dbmaster->queryOneRecord("SELECT * FROM mail_backup WHERE backup_id = ?", $backup_id);


    


        if (is_array($mail_backup) && $action_name == 'backup_restore_mail') {


            $app->uses('ini_parser,file,getconf');


@@ -186,13 +186,13 @@


    


            if($backup_dir_is_ready){


                $mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');


                $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain_id = ".intval($mail_backup['parent_domain_id']));


                $domain_rec = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain_id = ?", $mail_backup['parent_domain_id']);


            


                $backup_dir = $server_config['backup_dir'].'/mail'.$domain_rec['domain_id'];


                $mail_backup_file = $backup_dir.'/'.$mail_backup['filename'];


            


                $sql = "SELECT * FROM mail_user WHERE server_id = '".$conf['server_id']."' AND mailuser_id = ".intval($mail_backup['mailuser_id']);


                $record = $app->db->queryOneRecord($sql);


                $sql = "SELECT * FROM mail_user WHERE server_id = ? AND mailuser_id = ?";


                $record = $app->db->queryOneRecord($sql, $conf['server_id'], $mail_backup['mailuser_id']);


            


                //* strip mailbox from maildir


                $domain_dir=explode('/',$record['maildir']);




 server/plugins-available/bind_dlz_plugin.inc.php


@@ -34,7 +34,7 @@


CREATE TABLE IF NOT EXISTS `records` (


  `id` int(10) unsigned NOT NULL auto_increment,


  `zone` varchar(255) NOT NULL,


  `ttl` int(11) NOT NULL default '86400',


  `ttl` int(11) NOT NULL default '3600',


  `type` varchar(255) NOT NULL,


  `host` varchar(255) NOT NULL default '@',


  `mx_priority` int(11) default NULL,


@@ -121,7 +121,7 @@




        $origin = substr($data["new"]["origin"], 0, -1);


        $ispconfig_id = $data["new"]["id"];


        $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$ispconfig_id);


        $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);




        $ttl = $data["new"]["ttl"];




@@ -129,8 +129,7 @@


        //$_db->dbName = 'named';




        $app->db->query("INSERT INTO named.records (zone, ttl, type, primary_ns, resp_contact, serial, refresh, retry, expire, minimum, ispconfig_id) VALUES ".


            "('$origin', $ttl, 'SOA', '{$data["new"]["ns"]}', '{$data["new"]["mbox"]}', '{$serial["serial"]}', '{$serial["refresh"]}'," .


            "'{$serial["retry"]}', '{$serial["expire"]}', '{$serial["minimum"]}', $ispconfig_id)");


            "(?, ?, 'SOA', ?, ?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $ispconfig_id);


        //unset($_db);


    }




@@ -149,16 +148,14 @@


            {


                $origin = substr($data["new"]["origin"], 0, -1);


                $ispconfig_id = $data["new"]["id"];


                $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$ispconfig_id);


                $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);




                $ttl = $data["new"]["ttl"];




                //$_db = clone $app->db;


                //$_db->dbName = 'named';




                $app->db->query("UPDATE named.records SET zone = '$origin', ttl = $ttl, primary_ns = '{$data["new"]["ns"]}', resp_contact = '{$data["new"]["mbox"]}', ".


                    "serial = '{$serial["serial"]}', refresh = '{$serial["refresh"]}', retry = '{$serial["retry"]}', expire = '{$serial["expire"]}', ".


                    "minimum = '{$serial["minimum"]}' WHERE ispconfig_id = ".$data["new"]["id"]." AND type = 'SOA'");


                $app->db->query("UPDATE named.records SET zone = ?, ttl = ?, primary_ns = ?, resp_contact = ?, serial = ?, refresh = ?, retry = ?, expire = ?, minimum = ? WHERE ispconfig_id = ? AND type = 'SOA'", $origin, $ttl, $data["new"]["ns"], $data["new"]["mbox"], $serial["serial"], $serial["refresh"], $serial["retry"], $serial["expire"], $serial["minimum"], $data["new"]["id"]);


                //unset($_db);


            }


            else


@@ -166,7 +163,7 @@


                $this->soa_insert($event_name, $data);


                $ispconfig_id = $data["new"]["id"];




                if ($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = $ispconfig_id AND active = 'Y'"))


                if ($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $ispconfig_id))


                {


                    foreach($records as $record)


                    {


@@ -188,7 +185,7 @@


        //$_db = clone $app->db;


        //$_db->dbName = 'named';




        $app->db->query( "DELETE FROM named.dns_records WHERE zone = '".substr($data['old']['origin'], 0, -1)."'");


        $app->db->query( "DELETE FROM named.dns_records WHERE zone = ?", substr($data['old']['origin'], 0, -1));


        //unset($_db);


    }




@@ -197,7 +194,7 @@


        global $app, $conf;


        if($data["new"]["active"] != 'Y') return;




        $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data["new"]["zone"]);


        $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);


        $origin = substr($zone["origin"], 0, -1);


        $ispconfig_id = $data["new"]["id"];




@@ -251,13 +248,13 @@




        if ($type == 'MX') {


            $app->db->query("INSERT INTO named.records (zone, ttl, type, host, mx_priority, data, ispconfig_id)".


                " VALUES ('$origin', $ttl, '$type', '$name', {$data["new"]["aux"]}, '$content', $ispconfig_id)");


                " VALUES (?, ?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $data["new"]["aux"], $content, $ispconfig_id);


        } elseif ($type == 'SRV') {


            $app->db->query("INSERT INTO named.records (zone, ttl, type, data, ispconfig_id)".


                " VALUES ('$origin', $ttl, '$type', '{$data["new"]["aux"]} $content', $ispconfig_id)");


                " VALUES (?, ?, ?, ?, ?)", $origin, $ttl, $type, $data["new"]["aux"] . ' ' . $content, $ispconfig_id);


        } else {


            $app->db->query("INSERT INTO named.records (zone, ttl, type, host, data, ispconfig_id)".


                " VALUES ('$origin', $ttl, '$type', '$name', '$content', $ispconfig_id)");


                " VALUES (?, ?, ?, ?, ?, ?)", $origin, $ttl, $type, $name, $content, $ispconfig_id);


        }




        //unset($_db);


@@ -276,7 +273,7 @@


        {


            if ($data["old"]["active"] == 'Y')


            {


                $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data["new"]["zone"]);


                $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);


                $origin = substr($zone["origin"], 0, -1);


                $ispconfig_id = $data["new"]["id"];




@@ -328,14 +325,11 @@


                //$_db->dbName = 'named';




                if ($type == 'MX') {


                    $app->db->query("UPDATE named.records SET zone = '$origin', ttl = $ttl, type = '$type', host = '$name', mx_priority = $prio, ".


                        "data = '$content' WHERE ispconfig_id = $ispconfig_id AND type != 'SOA'");


                    $app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, mx_priority = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $prio, $content, $ispconfig_id);


                } elseif ($type == 'SRV') {


                    $app->db->query("UPDATE named.records SET zone = '$origin', ttl = $ttl, type = '$type', ".


                        "data = '$prio $content' WHERE ispconfig_id = $ispconfig_id AND type != 'SOA'");


                    $app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $prio . ' ' . $content, $ispconfig_id);


                } else {


                    $app->db->query("UPDATE named.records SET zone = '$origin', ttl = $ttl, type = '$type', host = '$name', ".


                        "data = '$content' WHERE ispconfig_id = $ispconfig_id AND type != 'SOA'");


                    $app->db->query("UPDATE named.records SET zone = ?, ttl = ?, type = ?, host = ?, data = ? WHERE ispconfig_id = ? AND type != 'SOA'", $origin, $ttl, $type, $name, $content, $ispconfig_id);


                }




                //unset($_db);


@@ -351,7 +345,7 @@


        //$_db = clone $app->db;


        //$_db->dbName = 'named';




        $app->db->query( "DELETE FROM named.dns_records WHERE type != 'SOA' AND zone = '".substr($data['old']['origin'], 0, -1)."'");


        $app->db->query( "DELETE FROM named.dns_records WHERE type != 'SOA' AND zone = ?", substr($data['old']['origin'], 0, -1));


        //unset($_db);


    }






 server/plugins-available/bind_plugin.inc.php


@@ -102,7 +102,7 @@


            $zone = $data['new'];


            $tpl->setVar($zone);




            $records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ".$zone['id']." AND active = 'Y'");


            $records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $zone['id']);


            if(is_array($records) && !empty($records)){


                for($i=0;$i<sizeof($records);$i++){


                    if($records[$i]['ttl'] == 0) $records[$i]['ttl'] = '';


@@ -281,7 +281,7 @@


        global $app, $conf;




        //* Get the data of the soa and call soa_update


        $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data['new']['zone']);


        $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['new']['zone']);


        $data["new"] = $tmp;


        $data["old"] = $tmp;


        $this->action = 'update';


@@ -293,7 +293,7 @@


        global $app, $conf;




        //* Get the data of the soa and call soa_update


        $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data['new']['zone']);


        $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['new']['zone']);


        $data["new"] = $tmp;


        $data["old"] = $tmp;


        $this->action = 'update';


@@ -305,7 +305,7 @@


        global $app, $conf;




        //* Get the data of the soa and call soa_update


        $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".intval($data['old']['zone']));


        $tmp = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data['old']['zone']);


        $data["new"] = $tmp;


        $data["old"] = $tmp;


        $this->action = 'update';


@@ -319,18 +319,10 @@


        global $app, $conf;




        //* Only write the master file for the current server


        $tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl FROM dns_soa WHERE active = 'Y' AND server_id=".$conf["server_id"]);


        $tmps = $app->db->queryAllRecords("SELECT origin, xfer, also_notify, update_acl FROM dns_soa WHERE active = 'Y' AND server_id=?", $conf["server_id"]);


        $zones = array();




        //* Check if the current zone that triggered this function has at least one NS record


        /* Has been replaced by a better zone check


        $rec_num = $app->db->queryOneRecord("SELECT count(id) as ns FROM dns_rr WHERE type = 'NS' AND zone = ".intval($data['new']['id'])." AND active = 'Y'");


        if($rec_num['ns'] == 0) {


            $exclude_zone = $data['new']['origin'];


        } else {


            $exclude_zone = '';


        }


        */




        //TODO : change this when distribution information has been integrated into server record


        if (file_exists('/etc/gentoo-release')) {


@@ -370,7 +362,7 @@


        $tpl->setLoop('zones', $zones);




        //* And loop through the secondary zones, but only for the current server


        $tmps_sec = $app->db->queryAllRecords("SELECT origin, xfer, ns FROM dns_slave WHERE active = 'Y' AND server_id=".$conf["server_id"]);


        $tmps_sec = $app->db->queryAllRecords("SELECT origin, xfer, ns FROM dns_slave WHERE active = 'Y' AND server_id=?", $conf["server_id"]);


        $zones_sec = array();




        foreach($tmps_sec as $tmp) {




 server/plugins-available/cron_jailkit_plugin.inc.php


@@ -76,7 +76,7 @@


        }




        //* get data from web


        $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"]));


        $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);


        if(!$parent_domain["domain_id"]) {


            $app->log("Parent domain not found", LOGLEVEL_WARN);


            return 0;


@@ -155,7 +155,7 @@


            return 0;


        }


        //* get data from web


        $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"]));


        $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `domain` FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);


        if(!$parent_domain["domain_id"]) {


            $app->log("Parent domain not found", LOGLEVEL_WARN);


            return 0;


@@ -333,7 +333,7 @@


        $web_config = $app->getconf->get_server_config($conf["server_id"], 'web');




        // Get the parent website of this shell user


        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);


        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $this->data['new']['parent_domain_id']);




        //* If the security level is set to high


        if($web_config['security_level'] == 20 && is_array($web)) {




 server/plugins-available/cron_plugin.inc.php


@@ -92,7 +92,7 @@


        }




        //* get data from web


        $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ".intval($data["new"]["parent_domain_id"]));


        $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);


        if(!$parent_domain["domain_id"]) {


            $app->log("Parent domain not found", LOGLEVEL_WARN);


            return 0;


@@ -105,7 +105,7 @@


        }


        


        // Get the client ID


        $client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".intval($data["new"]["sys_groupid"]));


        $client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $data["new"]["sys_groupid"]);


        $client_id = intval($client["client_id"]);


        unset($client);




@@ -161,14 +161,14 @@


        global $app, $conf;




        //* get data from web


        $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ".intval($data["old"]["parent_domain_id"]));


        $parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota` FROM `web_domain` WHERE `domain_id` = ?", $data["old"]["parent_domain_id"]);


        if(!$parent_domain["domain_id"]) {


            $app->log("Parent domain not found", LOGLEVEL_WARN);


            return 0;


        }




        // Get the client ID


        $client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ".intval($data["old"]["sys_groupid"]));


        $client = $app->dbmaster->queryOneRecord("SELECT client_id FROM sys_group WHERE sys_group.groupid = ?", $data["old"]["sys_groupid"]);


        $client_id = intval($client["client_id"]);


        unset($client);




@@ -196,7 +196,7 @@


        $chr_cmd_count = 0;




        //* read all active cron jobs from database and write them to file


        $cron_jobs = $app->db->queryAllRecords("SELECT c.`run_min`, c.`run_hour`, c.`run_mday`, c.`run_month`, c.`run_wday`, c.`command`, c.`type`, c.`log`, `web_domain`.`domain` as `domain` FROM `cron` as c INNER JOIN `web_domain` ON `web_domain`.`domain_id` = c.`parent_domain_id` WHERE c.`parent_domain_id` = ".intval($this->parent_domain["domain_id"]) . " AND c.`active` = 'y'");


        $cron_jobs = $app->db->queryAllRecords("SELECT c.`run_min`, c.`run_hour`, c.`run_mday`, c.`run_month`, c.`run_wday`, c.`command`, c.`type`, c.`log`, `web_domain`.`domain` as `domain` FROM `cron` as c INNER JOIN `web_domain` ON `web_domain`.`domain_id` = c.`parent_domain_id` WHERE c.`parent_domain_id` = ? AND c.`active` = 'y'", $this->parent_domain["domain_id"]);


        if($cron_jobs && count($cron_jobs) > 0) {


            foreach($cron_jobs as $job) {


                if($job['run_month'] == '@reboot') {


@@ -210,7 +210,7 @@


                $log_root = '';


                if($job['log'] == 'y') {


                    if($job['type'] != 'chrooted') $log_root = $this->parent_domain['document_root'];


                    $log_root .= '/log';


                    $log_root .= '/private';


                    


                    $log_target = '>>' . $log_root . '/cron.log 2>>' . $log_root . '/cron_error.log';


                    $log_wget_target = $log_root . '/cron_wget.log';




 server/plugins-available/ftpuser_base_plugin.inc.php


@@ -74,7 +74,7 @@


        if(!is_dir($data['new']['dir'])) {


            $app->log("FTP User directory '".$data['new']['dir']."' does not exist. Creating it now.", LOGLEVEL_DEBUG);




            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));


            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);




            //* Check if the resulting path is inside the docroot


            if(substr($data['new']['dir'], 0, strlen($web['document_root'])) != $web['document_root']) {


@@ -100,7 +100,7 @@


        if(!is_dir($data['new']['dir'])) {


            $app->log("FTP User directory '".$data['new']['dir']."' does not exist. Creating it now.", LOGLEVEL_DEBUG);




            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));


            $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);




            //* Check if the resulting path is inside the docroot


            if(substr($data['new']['dir'], 0, strlen($web['document_root'])) != $web['document_root']) {




 server/plugins-available/mail_plugin.inc.php


@@ -98,10 +98,10 @@


            if ($mail_config["mailbox_virtual_uidgid_maps"] == 'y') {


                $app->log('Map uid to linux-user',LOGLEVEL_DEBUG);


                $email_parts = explode('@',$data['new']['email']);


                $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");


                $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain = ?", $email_parts[1]);


                if ($webdomain) {


                    while (($webdomain['system_user'] == null) && ($webdomain['parent_domain_id'] != 0)) {


                        $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain_id = '".$webdomain['parent_domain_id']."'");


                        $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain_id = ?", $webdomain['parent_domain_id']);


                    }


                    $app->log($data['new']['server_id'].' == '.$webdomain['server_id'],LOGLEVEL_DEBUG);




@@ -118,7 +118,7 @@


        $app->log('Mailuser uid: '.$data['new']['uid'].', gid: '.$data['new']['gid'],LOGLEVEL_DEBUG);




        // update DB if values changed


        $app->db->query("UPDATE mail_user SET uid = ".$data['new']['uid'].", gid = ".$data['new']['gid']." WHERE mailuser_id = ".$data['new']['mailuser_id']);


        $app->db->query("UPDATE mail_user SET uid = ?, gid = ? WHERE mailuser_id = ?", $data['new']['uid'], $data['new']['gid'], $data['new']['mailuser_id']);




        // now get names of uid and gid


        $user = $app->system->getuser($data['new']['uid']);


@@ -280,10 +280,10 @@


            if ($mail_config["mailbox_virtual_uidgid_maps"] == 'y') {


                $app->log('Map uid to linux-user',LOGLEVEL_DEBUG);


                $email_parts = explode('@',$data['new']['email']);


                $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain = '".$app->db->quote($email_parts[1])."'");


                $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain = ?", $email_parts[1]);


                if ($webdomain) {


                    while ($webdomain['parent_domain_id'] != 0) {


                        $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain_id = '".$webdomain['parent_domain_id']."'");


                        $webdomain = $app->db->queryOneRecord("SELECT domain_id, server_id, system_user, parent_domain_id FROM web_domain WHERE domain_id = ?", $webdomain['parent_domain_id']);


                    }


                    $app->log($data['new']['server_id'].' == '.$webdomain['server_id'],LOGLEVEL_DEBUG);




@@ -300,7 +300,7 @@


        $app->log('Mailuser uid: '.$data['new']['uid'].', gid: '.$data['new']['gid'],LOGLEVEL_DEBUG);




        // update DB if values changed


        $app->db->query("UPDATE mail_user SET uid = ".$data['new']['uid'].", gid = ".$data['new']['gid']." WHERE mailuser_id = ".$data['new']['mailuser_id']);


        $app->db->query("UPDATE mail_user SET uid = ?, gid = ? WHERE mailuser_id = ?", $data['new']['uid'], $data['new']['gid'], $data['new']['mailuser_id']);




        $user = $app->system->getuser($data['new']['uid']);


        $group = $app->system->getgroup($data['new']['gid']);




 server/plugins-available/maildeliver_plugin.inc.php


@@ -165,8 +165,8 @@


            $tpl->setVar('autoresponder_text', $data["new"]["autoresponder_text"]);




            //* Set alias addresses for autoresponder


            $sql = "SELECT * FROM mail_forwarding WHERE type = 'alias' AND destination = '".$app->db->quote($data["new"]["email"])."'";


            $records = $app->db->queryAllRecords($sql);


            $sql = "SELECT * FROM mail_forwarding WHERE type = 'alias' AND destination = ?";


            $records = $app->db->queryAllRecords($sql, $data["new"]["email"]);




            $addresses = array();


            $addresses[] = $data["new"]["email"];


@@ -181,8 +181,8 @@


            $alias_addresses = array();




            $email_parts = explode('@', $data["new"]["email"]);


            $sql = "SELECT * FROM mail_forwarding WHERE type = 'aliasdomain' AND destination = '@".$app->db->quote($email_parts[1])."'";


            $records = $app->db->queryAllRecords($sql);


            $sql = "SELECT * FROM mail_forwarding WHERE type = 'aliasdomain' AND destination = ?";


            $records = $app->db->queryAllRecords($sql, '@'.$email_parts[1]);


            if(is_array($records) && count($records) > 0) {


                $app->log("Found " . count($records) . " records (aliasdomains).", LOGLEVEL_DEBUG);


                foreach($records as $rec) {




 server/plugins-available/mailman_plugin.inc.php


@@ -78,7 +78,7 @@


        if(is_file('/var/lib/mailman/data/transport-mailman')) exec('postmap /var/lib/mailman/data/transport-mailman');


        exec('nohup '.$conf['init_scripts'] . '/' . 'mailman reload >/dev/null 2>&1 &');




        $app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ".$app->db->quote($data["new"]['mailinglist_id']));


        $app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ?", $data["new"]['mailinglist_id']);




    }




@@ -91,7 +91,7 @@


        if($data["new"]["password"] != $data["old"]["password"] && $data["new"]["password"] != '') {


            exec("nohup /usr/lib/mailman/bin/change_pw -l ".escapeshellcmd($data["new"]["listname"])." -p ".escapeshellcmd($data["new"]["password"])." >/dev/null 2>&1 &");


            exec('nohup '.$conf['init_scripts'] . '/' . 'mailman reload >/dev/null 2>&1 &');


            $app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ".$app->db->quote($data["new"]['mailinglist_id']));


            $app->db->query("UPDATE mail_mailinglist SET password = '' WHERE mailinglist_id = ?", $data["new"]['mailinglist_id']);


        }


        


        if(is_file('/var/lib/mailman/data/virtual-mailman')) exec('postmap /var/lib/mailman/data/virtual-mailman');




 server/plugins-available/mongo_clientdb_plugin.inc.php


@@ -500,8 +500,8 @@


                return;


            }




            $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_user_id']) . "'");


            $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_ro_user_id']) . "'");


            $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_user_id']);


            $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_ro_user_id']);




            $user = $db_user['database_user'];


            $password = $db_user['database_password_mongo'];


@@ -573,8 +573,8 @@


                return;


            }




            $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_user_id']) . "'");


            $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_ro_user_id']) . "'");


            $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_user_id']);


            $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_ro_user_id']);




            $user = $db_user['database_user'];


            $password = $db_user['database_password_mongo'];


@@ -600,7 +600,7 @@


                } else {


                // selected user has changed -> drop old one


                if ($data['new']['database_user_id'] != $data['old']['database_user_id']) {


                    $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['old']['database_user_id']) . "'");


                    $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_user_id']);




                    if ((bool) $old_db_user) {


                        if ($old_db_user['database_user'] == 'root') {


@@ -613,7 +613,7 @@




                // selected read-only user has changed -> drop old one


                if ($data['new']['database_ro_user_id'] != $data['old']['database_ro_user_id']) {


                    $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['old']['database_ro_user_id']) . "'");


                    $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_ro_user_id']);




                    if ((bool) $old_db_user) {


                        if ($old_db_user['database_user'] == 'root') {




 server/plugins-available/network_settings_plugin.inc.php


@@ -101,7 +101,7 @@


                $network_tpl->setVar('broadcast', $this->broadcast($server_config['ip_address'], $server_config['netmask']));


                $network_tpl->setVar('network', $this->network($server_config['ip_address'], $server_config['netmask']));




                $records = $app->db->queryAllRecords("SELECT ip_address FROM server_ip WHERE server_id = ".intval($conf['server_id']) . ' ORDER BY server_ip_id ASC');


                $records = $app->db->queryAllRecords("SELECT ip_address FROM server_ip WHERE server_id = ? ORDER BY server_ip_id ASC", $conf['server_id']);


                $ip_records = array();


                $additionl_ip_records = 0;


                $n = 0;


@@ -179,7 +179,7 @@


                $network_tpl->setVar('gateway', $server_config['gateway']);


                $network_tpl->setVar('broadcast', $this->broadcast($server_config['ip_address'], $server_config['netmask']));




                $records = $app->db->queryAllRecords("SELECT ip_address FROM server_ip WHERE server_id = ".intval($conf['server_id']) . " order by ip_address");


                $records = $app->db->queryAllRecords("SELECT ip_address FROM server_ip WHERE server_id = ? order by ip_address", $conf['server_id']);


                $ip_records = array();


                $additionl_ip_records = 0;


                $n = 0;




 server/plugins-available/nginx_plugin.inc.php


@@ -208,15 +208,15 @@


            $app->system->chmod($key_file2, 0400);


            @$app->system->unlink($config_file);


            @$app->system->unlink($rand_file);


            $ssl_request = $app->db->quote($app->system->file_get_contents($csr_file));


            $ssl_cert = $app->db->quote($app->system->file_get_contents($crt_file));


            $ssl_key2 = $app->db->quote($app->system->file_get_contents($key_file2));


            $ssl_request = $app->system->file_get_contents($csr_file);


            $ssl_cert = $app->system->file_get_contents($crt_file);


            $ssl_key2 = $app->system->file_get_contents($key_file2);


            /* Update the DB of the (local) Server */


            $app->db->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");


            $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");


            $app->db->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key2, $data['new']['domain']);


            $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);


            /* Update also the master-DB of the Server-Farm */


            $app->dbmaster->query("UPDATE web_domain SET ssl_request = '$ssl_request', ssl_cert = '$ssl_cert', ssl_key = '$ssl_key2' WHERE domain = '".$data['new']['domain']."'");


            $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");


            $app->dbmaster->query("UPDATE web_domain SET ssl_request = ?, ssl_cert = ?, ssl_key = ? WHERE domain = ?", $ssl_request, $ssl_cert, $ssl_key2, $data['new']['domain']);


            $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);


        }




        //* Save a SSL certificate to disk


@@ -263,10 +263,10 @@


                unset($crt_file_contents);


            }


            /* Update the DB of the (local) Server */


            $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");


            $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);




            /* Update also the master-DB of the Server-Farm */


            $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");


            $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);


            $app->log('Saving SSL Cert for: '.$domain, LOGLEVEL_DEBUG);


        }




@@ -286,11 +286,11 @@


            $app->system->unlink($crt_file);


            //$app->system->unlink($bundle_file);


            /* Update the DB of the (local) Server */


            $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = '".$data['new']['domain']."'");


            $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");


            $app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']);


            $app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);


            /* Update also the master-DB of the Server-Farm */


            $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = '".$data['new']['domain']."'");


            $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = '".$data['new']['domain']."'");


            $app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '' WHERE domain = ?", $data['new']['domain']);


            $app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);


            $app->log('Deleting SSL Cert for: '.$domain, LOGLEVEL_DEBUG);


        }




@@ -326,7 +326,7 @@




            // If the parent_domain_id has been changed, we will have to update the old site as well.


            if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {


                $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$old_parent_domain_id." AND active = 'y'");


                $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);


                $data['new'] = $tmp;


                $data['old'] = $tmp;


                $this->action = 'update';


@@ -334,7 +334,7 @@


            }




            // This is not a vhost, so we need to update the parent record instead.


            $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$new_parent_domain_id." AND active = 'y'");


            $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);


            $data['new'] = $tmp;


            $data['old'] = $tmp;


            $this->action = 'update';


@@ -374,7 +374,7 @@


        $old_log_folder = 'log';


        if($data['new']['type'] == 'vhostsubdomain' || $data['new']['type'] == 'vhostalias') {


            // new one


            $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($data['new']['parent_domain_id']));


            $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $data['new']['parent_domain_id']);


            $subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['new']['domain']);


            if($subdomain_host == '') $subdomain_host = 'web'.$data['new']['domain_id'];


            $web_folder = $data['new']['web_folder'];


@@ -383,7 +383,7 @@


            


            if(isset($data['old']['parent_domain_id'])) {


                // old one


                $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = '.intval($data['old']['parent_domain_id']));


                $tmp = $app->db->queryOneRecord('SELECT `domain` FROM web_domain WHERE domain_id = ?', $data['old']['parent_domain_id']);


                $subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['old']['domain']);


                if($subdomain_host == '') $subdomain_host = 'web'.$data['old']['domain_id'];


                $old_web_folder = $data['old']['web_folder'];


@@ -437,7 +437,7 @@


        if($this->action == 'update' && $data['new']['document_root'] != $data['old']['document_root']) {




            //* Get the old client ID


            $old_client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['old']['sys_groupid']));


            $old_client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = ?', $data['old']['sys_groupid']);


            $old_client_id = intval($old_client['client_id']);


            unset($old_client);




@@ -576,7 +576,7 @@


        $app->system->web_folder_protection($data['new']['document_root'], true);




        // Get the client ID


        $client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['new']['sys_groupid']));


        $client = $app->dbmaster->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = ?', $data['new']['sys_groupid']);


        $client_id = intval($client['client_id']);


        unset($client);




@@ -1090,7 +1090,7 @@


        // Custom nginx directives


        $final_nginx_directives = array();


        if(intval($data['new']['directive_snippets_id']) > 0){


            $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));


            $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", $data['new']['directive_snippets_id']);


            if(isset($snippet['snippet'])){


                $nginx_directives = $snippet['snippet'];


            } else {


@@ -1336,7 +1336,7 @@


        $auto_alias = $web_config['website_autoalias'];


        if($auto_alias != '') {


            // get the client username


            $client = $app->db->queryOneRecord("SELECT `username` FROM `client` WHERE `client_id` = '" . intval($client_id) . "'");


            $client = $app->db->queryOneRecord("SELECT `username` FROM `client` WHERE `client_id` = ?", $client_id);


            $aa_search = array('[client_id]', '[website_id]', '[client_username]', '[website_domain]');


            $aa_replace = array($client_id, $data['new']['domain_id'], $client['username'], $data['new']['domain']);


            $auto_alias = str_replace($aa_search, $aa_replace, $auto_alias);


@@ -1356,7 +1356,7 @@


        }




        // get alias domains (co-domains and subdomains)


        $aliases = $app->db->queryAllRecords('SELECT * FROM web_domain WHERE parent_domain_id = '.$data['new']['domain_id']." AND active = 'y' AND (type != 'vhostsubdomain' AND type != 'vhostalias')");


        $aliases = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND active = 'y' AND (type != 'vhostsubdomain' AND type != 'vhostalias')", $data['new']['domain_id']);


        $alias_seo_redirects = array();


        if(is_array($aliases)) {


            foreach($aliases as $alias) {


@@ -1805,7 +1805,7 @@


        $log_folder = 'log';


        $web_folder = '';


        if($data['old']['type'] == 'vhostsubdomain' || $data['old']['type'] == 'vhostalias') {


            $tmp = $app->db->queryOneRecord('SELECT `domain`,`document_root` FROM web_domain WHERE domain_id = '.intval($data['old']['parent_domain_id']));


            $tmp = $app->db->queryOneRecord('SELECT `domain`,`document_root` FROM web_domain WHERE domain_id = ?', $data['old']['parent_domain_id']);


            if($tmp['domain'] != ''){


                $subdomain_host = preg_replace('/^(.*)\.' . preg_quote($tmp['domain'], '/') . '$/', '$1', $data['old']['domain']);


            } else {


@@ -1877,7 +1877,7 @@


        if($data['old']['type'] != 'vhost' && $data['old']['type'] != 'vhostsubdomain' && $data['old']['type'] != 'vhostalias' && $data['old']['parent_domain_id'] > 0) {


            //* This is a alias domain or subdomain, so we have to update the website instead


            $parent_domain_id = intval($data['old']['parent_domain_id']);


            $tmp = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$parent_domain_id." AND active = 'y'");


            $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $parent_domain_id);


            $data['new'] = $tmp;


            $data['old'] = $tmp;


            $this->action = 'update';


@@ -1931,7 +1931,7 @@


                        } else {


                            // read all vhost subdomains with same parent domain


                            $used_paths = array();


                            $tmp = $app->db->queryAllRecords("SELECT `web_folder` FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ".intval($data['old']['parent_domain_id'])." AND domain_id != ".intval($data['old']['domain_id']));


                            $tmp = $app->db->queryAllRecords("SELECT `web_folder` FROM web_domain WHERE (type = 'vhostsubdomain' OR type = 'vhostalias') AND parent_domain_id = ? AND domain_id != ?", $data['old']['parent_domain_id'], $data['old']['domain_id']);


                            foreach($tmp as $tmprec) {


                                // we normalize the folder entries because we need to compare them


                                $tmp_folder = preg_replace('/[\/]{2,}/', '/', $tmprec['web_folder']); // replace / occuring multiple times


@@ -2014,7 +2014,7 @@


                $app->log('Removing website: '.$docroot, LOGLEVEL_DEBUG);




                // Delete the symlinks for the sites


                $client = $app->db->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = '.intval($data['old']['sys_groupid']));


                $client = $app->db->queryOneRecord('SELECT client_id FROM sys_group WHERE sys_group.groupid = ?', $data['old']['sys_groupid']);


                $client_id = intval($client['client_id']);


                unset($client);


                $tmp_symlinks_array = explode(':', $web_config['website_symlinks']);


@@ -2102,8 +2102,8 @@


            $folder_id = $data['new']['web_folder_id'];


        }




        $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ".intval($folder_id));


        $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($folder['parent_domain_id']));


        $folder = $app->db->queryOneRecord("SELECT * FROM web_folder WHERE web_folder_id = ?", $folder_id);


        $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $folder['parent_domain_id']);




        if(!is_array($folder) or !is_array($website)) {


            $app->log('Not able to retrieve folder or website record.', LOGLEVEL_DEBUG);


@@ -2139,19 +2139,6 @@


            $app->log('Created file '.$folder_path.'.htpasswd', LOGLEVEL_DEBUG);


        }




        /*


        $auth_users = $app->db->queryAllRecords("SELECT * FROM web_folder_user WHERE active = 'y' AND web_folder_id = ".intval($folder_id));


        $htpasswd_content = '';


        if(is_array($auth_users) && !empty($auth_users)){


            foreach($auth_users as $auth_user){


                $htpasswd_content .= $auth_user['username'].':'.$auth_user['password']."\n";


            }


        }


        $htpasswd_content = trim($htpasswd_content);


        @file_put_contents($folder_path.'.htpasswd', $htpasswd_content);


        $app->log('Changed .htpasswd file: '.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);


        */




        if(($data['new']['username'] != $data['old']['username'] || $data['new']['active'] == 'n') && $data['old']['username'] != '') {


            $app->system->removeLine($folder_path.'.htpasswd', $data['old']['username'].':');


            $app->log('Removed user: '.$data['old']['username'], LOGLEVEL_DEBUG);


@@ -2180,7 +2167,7 @@


        $folder_id = $data['old']['web_folder_id'];




        $folder = $data['old'];


        $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($folder['parent_domain_id']));


        $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $folder['parent_domain_id']);




        if(!is_array($folder) or !is_array($website)) {


            $app->log('Not able to retrieve folder or website record.', LOGLEVEL_DEBUG);


@@ -2217,7 +2204,7 @@


    function web_folder_update($event_name, $data) {


        global $app, $conf;




        $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".intval($data['new']['parent_domain_id']));


        $website = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ?", $data['new']['parent_domain_id']);




        if(!is_array($website)) {


            $app->log('Not able to retrieve folder or website record.', LOGLEVEL_DEBUG);


@@ -2286,7 +2273,7 @@


        //$app->load('tpl');


        //$tpl = new tpl();


        //$tpl->newTemplate('nginx_http_authentication.auth.master');


        $website_auth_locations = $app->db->queryAllRecords("SELECT * FROM web_folder WHERE active = 'y' AND parent_domain_id = ".intval($website['domain_id']));


        $website_auth_locations = $app->db->queryAllRecords("SELECT * FROM web_folder WHERE active = 'y' AND parent_domain_id = ?", $website['domain_id']);


        $basic_auth_locations = array();


        if(is_array($website_auth_locations) && !empty($website_auth_locations)){


            foreach($website_auth_locations as $website_auth_location){


@@ -2368,17 +2355,63 @@


        } else {


            $content = file_get_contents($conf['rootpath'] . '/conf/hhvm_starter.master');


        }


        if(file_exists($conf['rootpath'] . '/conf-custom/hhvm_monit.master')) {


            $monit_content = file_get_contents($conf['rootpath'] . '/conf-custom/hhvm_monit.master');


        } else {


            $monit_content = file_get_contents($conf['rootpath'] . '/conf/hhvm_monit.master');


        }


        


        if($data['new']['php'] == 'hhvm' && $data['old']['php'] != 'hhvm') {


        if($data['new']['php'] == 'hhvm' && $data['old']['php'] != 'hhvm' || $data['new']['custom_php_ini'] != $data['old']['custom_php_ini']) {




            // Custom php.ini settings


            $custom_php_ini_settings = trim($data['new']['custom_php_ini']);


            if(intval($data['new']['directive_snippets_id']) > 0){


                $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));


                if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){


                    $required_php_snippets = explode(',', trim($snippet['required_php_snippets']));


                    if(is_array($required_php_snippets) && !empty($required_php_snippets)){


                        foreach($required_php_snippets as $required_php_snippet){


                            $required_php_snippet = intval($required_php_snippet);


                            if($required_php_snippet > 0){


                                $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);


                                $php_snippet['snippet'] = trim($php_snippet['snippet']);


                                if($php_snippet['snippet'] != ''){


                                    $custom_php_ini_settings .= "\n".$php_snippet['snippet'];


                                }


                            }


                        }


                    }


                }


            }


            if($custom_php_ini_settings != ''){


                // Make sure we only have Unix linebreaks


                $custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);


                $custom_php_ini_settings = str_replace("\r", "\n", $custom_php_ini_settings);


                file_put_contents('/etc/hhvm/'.$data['new']['system_user'].'.ini', $custom_php_ini_settings);


            } else {


                if(is_file('/etc/hhvm/'.$data['old']['system_user'].'.ini')) unlink('/etc/hhvm/'.$data['old']['system_user'].'.ini');


            }


		


            $content = str_replace('{SYSTEM_USER}', $data['new']['system_user'], $content);


            file_put_contents('/etc/init.d/hhvm_' . $data['new']['system_user'], $content);


            exec('chmod +x /etc/init.d/hhvm_' . $data['new']['system_user'] . ' >/dev/null 2>&1');


            exec('/usr/sbin/update-rc.d hhvm_' . $data['new']['system_user'] . ' defaults >/dev/null 2>&1');


            exec('/etc/init.d/hhvm_' . $data['new']['system_user'] . ' start >/dev/null 2>&1');


            exec('/etc/init.d/hhvm_' . $data['new']['system_user'] . ' restart >/dev/null 2>&1');


			


            $monit_content = str_replace('{SYSTEM_USER}', $data['new']['system_user'], $monit_content);


            file_put_contents('/etc/monit/conf.d/hhvm_' . $data['new']['system_user'], $monit_content);


            exec('/etc/init.d/monit restart >/dev/null 2>&1');


			


         } elseif($data['new']['php'] != 'hhvm' && $data['old']['php'] == 'hhvm') {


            exec('/etc/init.d/hhvm_' . $data['old']['system_user'] . ' stop >/dev/null 2>&1');


            exec('/usr/sbin/update-rc.d hhvm_' . $data['old']['system_user'] . ' remove >/dev/null 2>&1');


            unlink('/etc/init.d/hhvm_' . $data['old']['system_user'] . ' >/dev/null 2>&1');


            unlink('/etc/init.d/hhvm_' . $data['old']['system_user']);


            if(is_file('/etc/hhvm/'.$data['old']['system_user'].'.ini')) unlink('/etc/hhvm/'.$data['old']['system_user'].'.ini');


			


            if(is_file('/etc/monit/conf.d/hhvm_' . $data['new']['system_user'])){


                unlink('/etc/monit/conf.d/hhvm_' . $data['new']['system_user']);


                exec('/etc/init.d/monit restart >/dev/null 2>&1');


            }


        }


    }




@@ -2474,6 +2507,26 @@


        // Custom php.ini settings


        $final_php_ini_settings = array();


        $custom_php_ini_settings = trim($data['new']['custom_php_ini']);


		


        if(intval($data['new']['directive_snippets_id']) > 0){


            $snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'nginx' AND active = 'y' AND customer_viewable = 'y'", intval($data['new']['directive_snippets_id']));


            if(isset($snippet['required_php_snippets']) && trim($snippet['required_php_snippets']) != ''){


                $required_php_snippets = explode(',', trim($snippet['required_php_snippets']));


                if(is_array($required_php_snippets) && !empty($required_php_snippets)){


                    foreach($required_php_snippets as $required_php_snippet){


                        $required_php_snippet = intval($required_php_snippet);


                        if($required_php_snippet > 0){


                            $php_snippet = $app->db->queryOneRecord("SELECT * FROM directive_snippets WHERE directive_snippets_id = ? AND type = 'php' AND active = 'y'", $required_php_snippet);


                            $php_snippet['snippet'] = trim($php_snippet['snippet']);


                            if($php_snippet['snippet'] != ''){


                                $custom_php_ini_settings .= "\n".$php_snippet['snippet'];


                            }


                        }


                    }


                }


            }


        }


		


        if($custom_php_ini_settings != ''){


            // Make sure we only have Unix linebreaks


            $custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);


@@ -2526,7 +2579,7 @@


                $app->services->restartService('php-fpm', 'reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);


            }


        }


        $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$conf["server_id"]);


        $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?", $conf["server_id"]);


        if(is_array($php_versions) && !empty($php_versions)){


            foreach($php_versions as $php_version){


                if(substr($php_version['php_fpm_pool_dir'], -1) != '/') $php_version['php_fpm_pool_dir'] .= '/';


@@ -2584,7 +2637,7 @@


                $app->services->restartService('php-fpm', 'reload:'.$conf['init_scripts'].'/'.$web_config['php_fpm_init_script']);


            }


        }


        $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ".$data['old']['server_id']);


        $php_versions = $app->db->queryAllRecords("SELECT * FROM server_php WHERE php_fpm_init_script != '' AND php_fpm_ini_dir != '' AND php_fpm_pool_dir != '' AND server_id = ?", $data['old']['server_id']);


        if(is_array($php_versions) && !empty($php_versions)){


            foreach($php_versions as $php_version){


                if(substr($php_version['php_fpm_pool_dir'], -1) != '/') $php_version['php_fpm_pool_dir'] .= '/';




 server/plugins-available/nginx_reverseproxy_plugin.inc.php


@@ -70,7 +70,7 @@




            // If the parent_domain_id has been chenged, we will have to update the old site as well.


            if($this->action == 'update' && $data['new']['parent_domain_id'] != $data['old']['parent_domain_id']) {


                $tmp = $app->dbmaster->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$old_parent_domain_id." AND active = 'y'");


                $tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);


                $data['new'] = $tmp;


                $data['old'] = $tmp;


                $this->action = 'update';


@@ -78,7 +78,7 @@


            }




            // This is not a vhost, so we need to update the parent record instead.


            $tmp = $app->dbmaster->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$new_parent_domain_id." AND active = 'y'");


            $tmp = $app->dbmaster->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);


            $data['new'] = $tmp;


            $data['old'] = $tmp;


            $this->action = 'update';


@@ -130,7 +130,7 @@






        // get alias domains (co-domains and subdomains)


        $aliases = $app->dbmaster->queryAllRecords('SELECT * FROM web_domain WHERE parent_domain_id = '.$data['new']['domain_id']." AND (type != 'vhostsubdomain' OR type != 'vhostalias') AND active = 'y'");


        $aliases = $app->dbmaster->queryAllRecords("SELECT * FROM web_domain WHERE parent_domain_id = ? AND (type != 'vhostsubdomain' OR type != 'vhostalias') AND active = 'y'", $data['new']['domain_id']);


        $server_alias = array();


        switch($data['new']['subdomain']) {


        case 'www':


@@ -243,7 +243,7 @@




        //* Save a SSL certificate to disk


        if($data["new"]["ssl_action"] == 'save') {


            $web = $app->masterdb->queryOneRecord("select wd.document_root, sp.ip_address from web_domain wd INNER JOIN server_ip sp USING(server_id) WHERE domain = '".$data['new']['domain']."'");


            $web = $app->masterdb->queryOneRecord("select wd.document_root, sp.ip_address from web_domain wd INNER JOIN server_ip sp USING(server_id) WHERE domain = ?", $data['new']['domain']);




            $src_ssl_dir = $web["document_root"]."/ssl";


            //$domain = $data["new"]["ssl_domain"];




 server/plugins-available/openvz_plugin.inc.php


@@ -85,7 +85,7 @@


            return;


        }




        $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ".$data['new']['ostemplate_id']);


        $tmp = $app->db->queryOneRecord("SELECT template_file FROM openvz_ostemplate WHERE ostemplate_id = ?", $data['new']['ostemplate_id']);


        $ostemplate = escapeshellcmd($tmp['template_file']);


        unset($tmp);






 server/plugins-available/pma_symlink_plugin.inc.php


@@ -81,7 +81,7 @@




            // If the parent_domain_id has been chenged, we will have to update the old site as well.


            if($this->action == 'update' && $data["new"]["parent_domain_id"] != $data["old"]["parent_domain_id"]) {


                $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$old_parent_domain_id." AND active = 'y'");


                $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $old_parent_domain_id);


                $data["new"] = $tmp;


                $data["old"] = $tmp;


                $this->action = 'update';


@@ -89,7 +89,7 @@


            }




            // This is not a vhost, so we need to update the parent record instead.


            $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$new_parent_domain_id." AND active = 'y'");


            $tmp = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ? AND active = 'y'", $new_parent_domain_id);


            $data["new"] = $tmp;


            $data["old"] = $tmp;


            $this->action = 'update';




 server/plugins-available/postfix_filter_plugin.inc.php


@@ -80,8 +80,8 @@




        $type = $data["new"]["type"];


        if($type != '') {


            $sql = "SELECT * FROM mail_content_filter WHERE server_id = ".intval($conf["server_id"])." AND type = '".$app->db->quote($type)."' AND active = 'y'";


            $rules = $app->db->queryAllRecords($sql);


            $sql = "SELECT * FROM mail_content_filter WHERE server_id = ? AND type = ?' AND active = 'y'";


            $rules = $app->db->queryAllRecords($sql, $conf["server_id"], $type);


            $content = '';


            foreach($rules as $rule) {


                $content .= $rule["pattern"];


@@ -111,8 +111,8 @@




        $type = $data["old"]["type"];


        if($type != '') {


            $sql = "SELECT * FROM mail_content_filter WHERE server_id = ".intval($conf["server_id"])." AND type = '".$app->db->quote($type)."' AND active = 'y'";


            $rules = $app->db->queryAllRecords($sql);


            $sql = "SELECT * FROM mail_content_filter WHERE server_id = ? AND type = ? AND active = 'y'";


            $rules = $app->db->queryAllRecords($sql, $conf["server_id"], $type);


            $content = '';


            foreach($rules as $rule) {


                $content .= $rule["pattern"];




 server/plugins-available/powerdns_plugin.inc.php


@@ -132,9 +132,9 @@




        $origin = substr($data["new"]["origin"], 0, -1);


        $ispconfig_id = $data["new"]["id"];


        $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$ispconfig_id);


        $serial = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $ispconfig_id);


        $serial_id = $serial["serial"];


        $app->db->query("INSERT INTO powerdns.domains (name, type, notified_serial, ispconfig_id) VALUES ('$origin', 'MASTER', $serial_id, $ispconfig_id)");


        $app->db->query("INSERT INTO powerdns.domains (name, type, notified_serial, ispconfig_id) VALUES (?, ?, ?, ?)", $origin, 'MASTER', $serial_id, $ispconfig_id);


        $zone_id = $app->db->insertID();


        if(substr($data["new"]["ns"], -1) == '.'){


            $ns = substr($data["new"]["ns"], 0, -1);


@@ -147,7 +147,7 @@


        $content = $ns.' '.$hostmaster.' '.$data["new"]["serial"].' '.$data["new"]["refresh"].' '.$data["new"]["retry"].' '.$data["new"]["expire"].' '.$data["new"]["minimum"];


        $ttl = $data["new"]["ttl"];




        $app->db->query("INSERT INTO powerdns.records (domain_id, name, type, content, ttl, prio, change_date, ispconfig_id) VALUES ($zone_id, '$origin', 'SOA', '$content', $ttl, 0, ".time().", $ispconfig_id)");


        $app->db->query("INSERT INTO powerdns.records (domain_id, name, type, content, ttl, prio, change_date, ispconfig_id) VALUES (?, ?, 'SOA', ?, ?, 0, UNIX_TIMESTAMP(), ?)", $zone_id, $origin, $content, $ttl, $ispconfig_id);




        //* tell pdns to rediscover zones in DB


        $this->zoneRediscover();


@@ -164,7 +164,7 @@


            if($data["old"]["active"] != 'Y') return;


            $this->soa_delete($event_name, $data);


        } else {


            $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["new"]["id"]);


            $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ?", $data["new"]["id"]);


            if($data["old"]["active"] == 'Y' && is_array($exists)){


                $origin = substr($data["new"]["origin"], 0, -1);


                $ispconfig_id = $data["new"]["id"];


@@ -179,7 +179,7 @@


                $hostmaster = substr($data["new"]["mbox"], 0, -1);


                $content = $ns.' '.$hostmaster.' '.$data["new"]["serial"].' '.$data["new"]["refresh"].' '.$data["new"]["retry"].' '.$data["new"]["expire"].' '.$data["new"]["minimum"];


                $ttl = $data["new"]["ttl"];


                $app->db->query("UPDATE powerdns.records SET name = '$origin', content = '$content', ttl = $ttl, change_date = ".time()." WHERE ispconfig_id = ".$data["new"]["id"]." AND type = 'SOA'");


                $app->db->query("UPDATE powerdns.records SET name = ?, content = ?, ttl = ?, change_date = UNIX_TIMESTAMP() WHERE ispconfig_id = ? AND type = 'SOA'", $origin, $content, $ttl, $data["new"]["id"]);




                //* tell pdns to use 'pdnssec rectify' on the new zone


                $this->rectifyZone($data);


@@ -188,7 +188,7 @@


            } else {


                $this->soa_insert($event_name, $data);


                $ispconfig_id = $data["new"]["id"];


                if($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = $ispconfig_id AND active = 'Y'")){


                if($records = $app->db->queryAllRecords("SELECT * FROM dns_rr WHERE zone = ? AND active = 'Y'", $ispconfig_id)){


                    foreach($records as $record){


                        foreach($record as $key => $val){


                            $data["new"][$key] = $val;


@@ -207,10 +207,10 @@


    function soa_delete($event_name, $data) {


        global $app, $conf;




        $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["old"]["id"]." AND type = 'MASTER'");


        $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'MASTER'", $data["old"]["id"]);


        $zone_id = $zone["id"];


        $app->db->query("DELETE FROM powerdns.records WHERE domain_id = $zone_id");


        $app->db->query("DELETE FROM powerdns.domains WHERE id = $zone_id");


        $app->db->query("DELETE FROM powerdns.records WHERE domain_id = ?", $zone_id);


        $app->db->query("DELETE FROM powerdns.domains WHERE id = ?", $zone_id);


    }




    function slave_insert($event_name, $data) {


@@ -222,7 +222,7 @@


        $ispconfig_id = $data["new"]["id"];


        $master_ns = $data["new"]["ns"];




        $app->db->query("INSERT INTO powerdns.domains (name, type, master, ispconfig_id) VALUES ('$origin', 'SLAVE', '$master_ns', $ispconfig_id)");


        $app->db->query("INSERT INTO powerdns.domains (name, type, master, ispconfig_id) VALUES (?, ?, ?, ?)", $origin, 'SLAVE', $master_ns, $ispconfig_id);




        $zone_id = $app->db->insertID();




@@ -243,12 +243,12 @@


                $ispconfig_id = $data["new"]["id"];


                $master_ns = $data["new"]["ns"];




                $app->db->query("UPDATE powerdns.domains SET name = '$origin', type = 'SLAVE', master = '$master_ns' WHERE ispconfig_id=$ispconfig_id AND type = 'SLAVE'");


                $app->db->query("UPDATE powerdns.domains SET name = ?, type = 'SLAVE', master = ? WHERE ispconfig_id=? AND type = 'SLAVE'", $origin, $master_ns, $ispconfig_id);


                $zone_id = $app->db->insertID();




                $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$ispconfig_id." AND type = 'SLAVE'");


                $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'SLAVE'", $ispconfig_id);


                $zone_id = $zone["id"];


                $app->db->query("DELETE FROM powerdns.records WHERE domain_id = $zone_id AND ispconfig_id = 0");


                $app->db->query("DELETE FROM powerdns.records WHERE domain_id = ? AND ispconfig_id = 0", $zone_id);




                //* tell pdns to fetch zone from master server


                $this->fetchFromMaster($data);


@@ -264,21 +264,21 @@


    function slave_delete($event_name, $data) {


        global $app, $conf;




        $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["old"]["id"]." AND type = 'SLAVE'");


        $zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'SLAVE'", $data["old"]["id"]);


        $zone_id = $zone["id"];


        $app->db->query("DELETE FROM powerdns.records WHERE domain_id = $zone_id");


        $app->db->query("DELETE FROM powerdns.domains WHERE id = $zone_id");


        $app->db->query("DELETE FROM powerdns.records WHERE domain_id = ?", $zone_id);


        $app->db->query("DELETE FROM powerdns.domains WHERE id = ?", $zone_id);


    }




    function rr_insert($event_name, $data) {


        global $app, $conf;


        if($data["new"]["active"] != 'Y') return;


        $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.records WHERE ispconfig_id = ".$data["new"]["id"]);


        $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.records WHERE ispconfig_id = ?", $data["new"]["id"]);


        if ( is_array($exists) ) return;




        $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data["new"]["zone"]);


        $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);


        $origin = substr($zone["origin"], 0, -1);


        $powerdns_zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["new"]["zone"]." AND type = 'MASTER'");


        $powerdns_zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'MASTER'", $data["new"]["zone"]);


        $zone_id = $powerdns_zone["id"];




        $type = $data["new"]["type"];


@@ -327,7 +327,7 @@


        $change_date = time();


        $ispconfig_id = $data["new"]["id"];




        $app->db->query("INSERT INTO powerdns.records (domain_id, name, type, content, ttl, prio, change_date, ispconfig_id) VALUES ($zone_id, '$name', '$type', '$content', $ttl, $prio, $change_date, $ispconfig_id)");


        $app->db->query("INSERT INTO powerdns.records (domain_id, name, type, content, ttl, prio, change_date, ispconfig_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", $zone_id, $name, $type, $content, $ttl, $prio, $change_date, $ispconfig_id);




        //* tell pdns to use 'pdnssec rectify' on the new zone


        $this->rectifyZone($data);


@@ -340,11 +340,11 @@


            if($data["old"]["active"] != 'Y') return;


            $this->rr_delete($event_name, $data);


        } else {


            $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.records WHERE ispconfig_id = ".$data["new"]["id"]);


            $exists = $app->db->queryOneRecord("SELECT * FROM powerdns.records WHERE ispconfig_id = ?", $data["new"]["id"]);


            if($data["old"]["active"] == 'Y' && is_array($exists)){


                $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ".$data["new"]["zone"]);


                $zone = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE id = ?", $data["new"]["zone"]);


                $origin = substr($zone["origin"], 0, -1);


                $powerdns_zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ".$data["new"]["zone"]." AND type = 'MASTER'");


                $powerdns_zone = $app->db->queryOneRecord("SELECT * FROM powerdns.domains WHERE ispconfig_id = ? AND type = 'MASTER'", $data["new"]["zone"]);


                $zone_id = $powerdns_zone["id"];




                $type = $data["new"]["type"];


@@ -392,7 +392,7 @@


                $prio = $data["new"]["aux"];


                $change_date = time();


                $ispconfig_id = $data["new"]["id"];


                $app->db->query("UPDATE powerdns.records SET name = '$name', type = '$type', content = '$content', ttl = $ttl, prio = $prio, change_date = ".time()." WHERE ispconfig_id = $ispconfig_id AND type != 'SOA'");


                $app->db->query("UPDATE powerdns.records SET name = ?, type = ?, content = ?, ttl = ?, prio = ?, change_date = UNIX_TIMESTAMP() WHERE ispconfig_id = ? AND type != 'SOA'", $name, $type, $content, $ttl, $prio, $ispconfig_id);




                //* tell pdns to use 'pdnssec rectify' on the new zone


                $this->rectifyZone($data);


@@ -406,7 +406,7 @@


        global $app, $conf;




        $ispconfig_id = $data["old"]["id"];


        $app->db->query("DELETE FROM powerdns.records WHERE ispconfig_id = $ispconfig_id AND type != 'SOA'");


        $app->db->query("DELETE FROM powerdns.records WHERE ispconfig_id = ? AND type != 'SOA'", $ispconfig_id);


    }




    function find_pdns_control() {


@@ -475,7 +475,7 @@


                    exec($pdns_pdnssec . ' rectify-zone ' . rtrim($data["new"]["origin"],"."));


                } else {


                    // get origin from DB for all other recordtypes


                    $zn = $app->db->queryOneRecord("SELECT d.name AS name FROM powerdns.domains d, powerdns.records r WHERE r.ispconfig_id=".$data["new"]["id"]." AND r.domain_id = d.id");


                    $zn = $app->db->queryOneRecord("SELECT d.name AS name FROM powerdns.domains d, powerdns.records r WHERE r.ispconfig_id=? AND r.domain_id = d.id", $data["new"]["id"]);


                    exec($pdns_pdnssec . ' rectify-zone ' . trim($zn["name"]));


                }


            }




Diff truncated after the above file
server/plugins-available/shelluser_base_plugin.inc.php
server/plugins-available/shelluser_jailkit_plugin.inc.php
server/plugins-available/software_update_plugin.inc.php
server/plugins-available/webmail_symlink_plugin.inc.php
server/plugins-available/webserver_plugin.inc.php
server/plugins-available/xmpp_plugin.inc.php
server/server.php