From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty
---
interface/web/client/client_del.php | 147 ++++++++++++++++++++++++-------------------------
1 files changed, 72 insertions(+), 75 deletions(-)
diff --git a/interface/web/client/client_del.php b/interface/web/client/client_del.php
index ecee8f5..3e0d6bc 100644
--- a/interface/web/client/client_del.php
+++ b/interface/web/client/client_del.php
@@ -39,8 +39,8 @@
* End Form configuration
******************************************/
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
//* Check permissions for module
$app->auth->check_module_permissions('client');
@@ -50,95 +50,91 @@
$app->load('tform_actions');
class page_action extends tform_actions {
-
+
function onDelete() {
- global $app, $conf,$list_def_file,$tform_def_file;
-
+ global $app, $conf, $list_def_file, $tform_def_file;
+
// Loading tform framework
- if(!is_object($app->tform)) $app->uses('tform');
-
+ if(!is_object($app->tform)) $app->uses('tform');
+
if($_POST["confirm"] == 'yes') {
parent::onDelete();
} else {
-
- $app->uses('tpl');
- $app->tpl->newTemplate("form.tpl.htm");
- $app->tpl->setInclude('content_tpl', 'templates/client_del.htm');
-
- include_once($list_def_file);
-
- // Load table definition from file
- $app->tform->loadFormDef($tform_def_file);
-
- $this->id = $app->functions->intval($_REQUEST["id"]);
-
- $this->dataRecord = $app->tform->getDataRecord($this->id);
- $client_id = $app->functions->intval($this->dataRecord['client_id']);
-
- //$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
- //$parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
- $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
-
- // Get all records (sub-clients, mail, web, etc....) of this client.
- $tables = 'cron,client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain';
- $tables_array = explode(',',$tables);
- $client_group_id = $app->functions->intval($client_group['groupid']);
-
- $table_list = array();
- if($client_group_id > 1) {
- foreach($tables_array as $table) {
- if($table != '') {
- $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);
- $number = count($records);
- if($number > 0) $table_list[] = array('table' => $table."(".$number.")");
+ $app->uses('tpl');
+ $app->tpl->newTemplate("form.tpl.htm");
+ $app->tpl->setInclude('content_tpl', 'templates/client_del.htm');
+
+ include_once $list_def_file;
+
+ // Load table definition from file
+ $app->tform->loadFormDef($tform_def_file);
+
+ $this->id = $app->functions->intval($_REQUEST["id"]);
+
+ $this->dataRecord = $app->tform->getDataRecord($this->id);
+ $client_id = $app->functions->intval($this->dataRecord['client_id']);
+ $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
+
+ // Get all records (sub-clients, mail, web, etc....) of this client.
+ $tables = 'cron,client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain';
+ $tables_array = explode(',', $tables);
+ $client_group_id = $app->functions->intval($client_group['groupid']);
+
+ $table_list = array();
+ if($client_group_id > 1) {
+ foreach($tables_array as $table) {
+ if($table != '') {
+ $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ?", $table, $client_group_id);
+ $number = count($records);
+ if($number > 0) $table_list[] = array('table' => $table."(".$number.")");
+ }
}
}
- }
-
- $app->tpl->setVar('id',$this->id);
- $app->tpl->setVar('number_records',$number);
- $app->tpl->setLoop('records', $table_list);
-
- //* load language file
- $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_client_del.lng';
- include($lng_file);
- $app->tpl->setVar($wb);
-
- $app->tpl_defaults();
- $app->tpl->pparse();
+
+ $app->tpl->setVar('id', $this->id);
+ $app->tpl->setVar('number_records', $number);
+ $app->tpl->setLoop('records', $table_list);
+
+ //* load language file
+ $lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_client_del.lng';
+ include $lng_file;
+ $app->tpl->setVar($wb);
+
+ $app->tpl_defaults();
+ $app->tpl->pparse();
}
}
-
-
-
-
+
+
+
+
function onBeforeDelete() {
global $app, $conf;
-
+
$client_id = $app->functions->intval($this->dataRecord['client_id']);
-
- if($client_id > 0) {
+
+ if($client_id > 0) {
// remove the group of the client from the resellers group
$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
- $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
- $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
- $app->auth->remove_group_from_user($parent_user['userid'],$client_group['groupid']);
-
+ $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
+ $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
+ $app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);
+
// delete the group of the client
- $app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");
-
+ $app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
+
// delete the sys user(s) of the client
- $app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");
-
+ $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
+
// Delete all records (sub-clients, mail, web, etc....) of this client.
$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_folder,web_folder_user,domain';
- $tables_array = explode(',',$tables);
+ $tables_array = explode(',', $tables);
$client_group_id = $app->functions->intval($client_group['groupid']);
if($client_group_id > 1) {
foreach($tables_array as $table) {
if($table != '') {
- $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);
+ $records = $app->db->queryAllRecords("SELECT * FROM ?? WHERE sys_groupid = ?", $table, $client_group_id);
//* find the primary ID of the table
$table_info = $app->db->tableInfo($table);
$index_field = '';
@@ -152,25 +148,26 @@
$app->db->datalogDelete($table, $index_field, $rec[$index_field]);
//* Delete traffic records that dont have a sys_groupid column
if($table == 'web_domain') {
- $app->db->query("DELETE FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."'");
+ $app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']);
}
//* Delete mail_traffic records that dont have a sys_groupid
if($table == 'mail_user') {
- $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = '".$app->db->quote($rec['mailuser_id'])."'");
+ $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']);
}
}
}
}
-
+
}
}
}
-
-
-
+
+
+
}
-
+
}
+
}
$page = new page_action;
--
Gitblit v1.9.1