From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty
---
interface/web/client/client_edit.php | 211 ++++++++++++++++++++++++++++++----------------------
1 files changed, 120 insertions(+), 91 deletions(-)
diff --git a/interface/web/client/client_edit.php b/interface/web/client/client_edit.php
index f731cca..7bc9ecd 100644
--- a/interface/web/client/client_edit.php
+++ b/interface/web/client/client_edit.php
@@ -59,11 +59,11 @@
// Get the limits of the client
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another website.
if($client["limit_client"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_client"]) {
$app->error($app->tform->wordbook["limit_client_txt"]);
}
@@ -82,11 +82,11 @@
// Get the limits of the client
$client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+ $client = $app->db->queryOneRecord("SELECT limit_client FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
// Check if the user may add another website.
if($client["limit_client"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = $client_group_id");
+ $tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE sys_groupid = ?", $client_group_id);
if($tmp["number"] >= $client["limit_client"]) {
$app->error($app->tform->wordbook["limit_client_txt"]);
}
@@ -96,10 +96,14 @@
//* Resellers shall not be able to create another reseller
if($_SESSION["s"]["user"]["typ"] == 'user') {
$this->dataRecord['limit_client'] = 0;
+ } else {
+ if($this->dataRecord["reseller"]) {
+ $this->dataRecord["limit_client"] = 1; // allow 1 client, template limits will be applied later, if we set -1 it would override template limits
+ }
}
if($this->id != 0) {
- $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $this->id);
+ $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $this->id);
if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
// check previous type of storing templates
$tpls = explode('/', $this->oldDataRecord['template_additional']);
@@ -136,7 +140,7 @@
$app->tpl->setVar('tpl_add_select', $option);
// check for new-style records
- $result = $app->db->queryAllRecords('SELECT assigned_template_id, client_template_id FROM client_template_assigned WHERE client_id = ' . $this->id);
+ $result = $app->db->queryAllRecords('SELECT assigned_template_id, client_template_id FROM client_template_assigned WHERE client_id = ?', $this->id);
if($result && count($result) > 0) {
// new style
$items = array();
@@ -162,8 +166,8 @@
unset($tmprec);
} else {
// old style
- $sql = "SELECT template_additional FROM client WHERE client_id = " . $this->id;
- $result = $app->db->queryOneRecord($sql);
+ $sql = "SELECT template_additional FROM client WHERE client_id = ?";
+ $result = $app->db->queryOneRecord($sql, $this->id);
$tplAdd = explode("/", $result['template_additional']);
$text = '';
foreach($tplAdd as $item){
@@ -192,38 +196,25 @@
$customer_no = $app->functions->intval($system_config['misc']['customer_no_start']+$system_config['misc']['customer_no_counter']);
$customer_no_string = str_replace('[CUSTOMER_NO]',$customer_no,$system_config['misc']['customer_no_template']);
$app->tpl->setVar('customer_no',$customer_no_string);
-
- //* save new counter value
- /*
- $system_config['misc']['customer_no_counter']++;
- $system_config_str = $app->ini_parser->get_ini_string($system_config);
- $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($system_config_str)."'", 'sysini_id', 1);
- */
}
} else {
//* Logged in user must be a reseller
//* get the record of the reseller
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $reseller = $app->db->queryOneRecord("SELECT client.client_id, client.customer_no_template, client.customer_no_counter, client.customer_no_start FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ".$client_group_id);
+ $reseller = $app->db->queryOneRecord("SELECT client.client_id, client.customer_no_template, client.customer_no_counter, client.customer_no_start FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ?", $client_group_id);
if($reseller['customer_no_template'] != '') {
//* Set customer no default
$customer_no = $app->functions->intval($reseller['customer_no_start']+$reseller['customer_no_counter']);
$customer_no_string = str_replace('[CUSTOMER_NO]',$customer_no,$reseller['customer_no_template']);
$app->tpl->setVar('customer_no',$customer_no_string);
-
- //* save new counter value
- /*
- $customer_no_counter = $app->functions->intval($reseller['customer_no_counter']+1);
- $app->db->query("UPDATE client SET customer_no_counter = $customer_no_counter WHERE client_id = ".$app->functions->intval($reseller['client_id']));
- */
}
}
}
if($app->auth->is_admin()) {
// Fill the client select field
- $sql = "SELECT client.client_id, sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 AND client.limit_client > 0 ORDER BY sys_group.name";
+ $sql = "SELECT client.client_id, sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 AND client.limit_client != 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
$client_select = "<option value='0'>- ".$app->tform->lng('none_txt')." -</option>";
//$tmp_data_record = $app->tform->getDataRecord($this->id);
@@ -250,58 +241,73 @@
function onAfterInsert() {
global $app, $conf;
// Create the group for the client
- $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".$app->db->quote($this->dataRecord["username"])."','',".$this->id.")", 'groupid');
+ $groupid = $app->db->datalogInsert('sys_group', array("name" => $this->dataRecord["username"], "description" => '', "client_id" => $this->id), 'groupid');
$groups = $groupid;
- $username = $app->db->quote($this->dataRecord["username"]);
- $password = $app->db->quote($this->dataRecord["password"]);
+ $username = $this->dataRecord["username"];
+ $password = $this->dataRecord["password"];
$modules = $conf['interface_modules_enabled'];
if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] > 0) $modules .= ',client';
$startmodule = (stristr($modules, 'dashboard'))?'dashboard':'client';
- $usertheme = $app->db->quote($this->dataRecord["usertheme"]);
+ $usertheme = (isset($this->dataRecord["usertheme"]) && $this->dataRecord["usertheme"] != ''? $this->dataRecord["usertheme"] : 'default');
$type = 'user';
$active = 1;
- $language = $app->db->quote($this->dataRecord["language"]);
+ $language = $this->dataRecord["language"];
$password = $app->auth->crypt_password($password);
// Create the controlpaneluser for the client
//Generate ssh-rsa-keys
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
- $app->db->query("UPDATE client SET created_at = ".time().", id_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa'))."', ssh_rsa = '".$app->db->quote(@file_get_contents('/tmp/id_rsa.pub'))."' WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id);
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
// Create the controlpaneluser for the client
$sql = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
- VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,".$this->id.")";
- $app->db->query($sql);
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+ $app->db->query($sql, $username, $password, $modules, $startmodule, $usertheme, $type, $active, $language, $groups, $groupid, $this->id);
//* If the user who inserted the client is a reseller (not admin), we will have to add this new client group
//* to his groups, so he can administrate the records of this client.
if($_SESSION['s']['user']['typ'] == 'user') {
$app->auth->add_group_to_user($_SESSION['s']['user']['userid'], $groupid);
- $app->db->query("UPDATE client SET parent_client_id = ".$app->functions->intval($_SESSION['s']['user']['client_id'])." WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET parent_client_id = ? WHERE client_id = ?", $_SESSION['s']['user']['client_id'], $this->id);
} else {
if($this->dataRecord['parent_client_id'] > 0) {
//* get userid of the reseller and add it to the group of the client
- $tmp = $app->db->queryOneRecord("SELECT sys_user.userid FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ".$app->functions->intval($this->dataRecord['parent_client_id']));
+ $tmp = $app->db->queryOneRecord("SELECT sys_user.userid FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ?", $this->dataRecord['parent_client_id']);
$app->auth->add_group_to_user($tmp['userid'], $groupid);
- $app->db->query("UPDATE client SET parent_client_id = ".$app->functions->intval($this->dataRecord['parent_client_id'])." WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET parent_client_id = ? WHERE client_id = ?", $this->dataRecord['parent_client_id'], $this->id);
unset($tmp);
}
}
//* Set the default servers
- $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE mail_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
- $default_mailserver = $app->functions->intval($tmp['server_id']);
- $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE web_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
- $default_webserver = $app->functions->intval($tmp['server_id']);
- $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE dns_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
- $default_dnsserver = $app->functions->intval($tmp['server_id']);
- $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE db_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
- $default_dbserver = $app->functions->intval($tmp['server_id']);
+ $tmp = $app->getconf->get_global_config('mail');
+ $default_mailserver = $app->functions->intval($tmp['default_mailserver']);
+ if (!$default_mailserver) {
+ $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE mail_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
+ $default_mailserver = $app->functions->intval($tmp['server_id']);
+ }
+ $tmp = $app->getconf->get_global_config('sites');
+ $default_webserver = $app->functions->intval($tmp['default_webserver']);
+ $default_dbserver = $app->functions->intval($tmp['default_dbserver']);
+ if (!$default_webserver) {
+ $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE web_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
+ $default_webserver = $app->functions->intval($tmp['server_id']);
+ }
+ if (!$default_dbserver) {
+ $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE db_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
+ $default_dbserver = $app->functions->intval($tmp['server_id']);
+ }
+ $tmp = $app->getconf->get_global_config('dns');
+ $default_dnsserver = $app->functions->intval($tmp['default_dnsserver']);
+ if (!$default_dnsserver) {
+ $tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE dns_server = 1 AND mirror_server_id = 0 LIMIT 0,1');
+ $default_dnsserver = $app->functions->intval($tmp['server_id']);
+ }
- $sql = "UPDATE client SET mail_servers = $default_mailserver, web_servers = $default_webserver, dns_servers = $default_dnsserver, default_slave_dnsserver = $default_dnsserver, db_servers = $default_dbserver WHERE client_id = ".$this->id;
- $app->db->query($sql);
+ $sql = "UPDATE client SET mail_servers = ?, web_servers = ?, dns_servers = ?, default_slave_dnsserver = ?, db_servers = ? WHERE client_id = ?";
+ $app->db->query($sql, $default_mailserver, $default_webserver, $default_dnsserver, $default_dnsserver, $default_dbserver, $this->id);
if(isset($this->dataRecord['template_master'])) {
$app->uses('client_templates');
@@ -319,26 +325,26 @@
//* save new counter value
$system_config['misc']['customer_no_counter']++;
$system_config_str = $app->ini_parser->get_ini_string($system_config);
- $app->db->datalogUpdate('sys_ini', "config = '".$app->db->quote($system_config_str)."'", 'sysini_id', 1);
+ $app->db->datalogUpdate('sys_ini', array("config" => $system_config_str), 'sysini_id', 1);
}
} else {
//* Logged in user must be a reseller
//* get the record of the reseller
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $reseller = $app->db->queryOneRecord("SELECT client.client_id, client.customer_no_template, client.customer_no_counter, client.customer_no_start FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ".$client_group_id);
+ $reseller = $app->db->queryOneRecord("SELECT client.client_id, client.customer_no_template, client.customer_no_counter, client.customer_no_start FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ?", $client_group_id);
if($reseller['customer_no_template'] != '') {
//* save new counter value
$customer_no_counter = $app->functions->intval($reseller['customer_no_counter']+1);
- $app->db->query("UPDATE client SET customer_no_counter = $customer_no_counter WHERE client_id = ".$app->functions->intval($reseller['client_id']));
+ $app->db->query("UPDATE client SET customer_no_counter = ? WHERE client_id = ?", $customer_no_counter, $reseller['client_id']);
}
}
}
//* Send welcome email
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $sql = "SELECT * FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ".$client_group_id;
- $email_template = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ?";
+ $email_template = $app->db->queryOneRecord($sql, $client_group_id);
$client = $app->tform->getDataRecord($this->id);
if(is_array($email_template) && $client['email'] != '') {
@@ -352,8 +358,8 @@
$subject = str_replace('{password}', $this->dataRecord['password'], $subject);
break;
case 'gender':
- $message = str_replace('{salutation}', $wb['gender_'.$val.'_txt'], $message);
- $subject = str_replace('{salutation}', $wb['gender_'.$val.'_txt'], $subject);
+ $message = str_replace('{salutation}', $app->tform->lng('gender_'.$val.'_txt'), $message);
+ $subject = str_replace('{salutation}', $app->tform->lng('gender_'.$val.'_txt'), $subject);
break;
default:
$message = str_replace('{'.$key.'}', $val, $message);
@@ -364,11 +370,11 @@
//* Get sender address
if($app->auth->is_admin()) {
$app->uses('getconf');
- $system_config = $app->getconf->get_global_config();
+ $system_config = $app->getconf->get_global_config('mail');
$from = $system_config['admin_mail'];
} else {
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
- $reseller = $app->db->queryOneRecord("SELECT client.email FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ".$client_group_id);
+ $reseller = $app->db->queryOneRecord("SELECT client.email FROM sys_group,client WHERE client.client_id = sys_group.client_id and sys_group.groupid = ?", $client_group_id);
$from = $reseller["email"];
}
@@ -389,19 +395,19 @@
global $app, $conf;
// username changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['username']) && $this->dataRecord['username'] != '' && $this->oldDataRecord['username'] != $this->dataRecord['username']) {
- $username = $app->db->quote($this->dataRecord["username"]);
+ $username = $this->dataRecord["username"];
$client_id = $this->id;
- $sql = "UPDATE sys_user SET username = '$username' WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET username = ? WHERE client_id = ?";
+ $app->db->query($sql, $username, $client_id);
- $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = $client_id");
- $app->db->datalogUpdate("sys_group", "name = '$username'", 'groupid', $tmp['groupid']);
+ $tmp = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $client_id);
+ $app->db->datalogUpdate("sys_group", array("name" => $username), 'groupid', $tmp['groupid']);
unset($tmp);
}
// password changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord["password"]) && $this->dataRecord["password"] != '') {
- $password = $app->db->quote($this->dataRecord["password"]);
+ $password = $this->dataRecord["password"];
$salt="$1$";
$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
@@ -410,8 +416,8 @@
$salt.="$";
$password = crypt(stripslashes($password), $salt);
$client_id = $this->id;
- $sql = "UPDATE sys_user SET passwort = '$password' WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET passwort = ? WHERE client_id = ?";
+ $app->db->query($sql, $password, $client_id);
}
if(!isset($this->dataRecord['locked'])) $this->dataRecord['locked'] = 'n';
@@ -420,7 +426,7 @@
// get tmp_data of client
- $client_data = $app->db->queryOneRecord('SELECT `tmp_data` FROM `client` WHERE `client_id` = ' . $this->id);
+ $client_data = $app->db->queryOneRecord('SELECT `tmp_data` FROM `client` WHERE `client_id` = ?', $this->id);
if($client_data['tmp_data'] == '') $tmp_data = array();
else $tmp_data = unserialize($client_data['tmp_data']);
@@ -431,6 +437,8 @@
$to_disable = array('cron' => 'id',
'ftp_user' => 'ftp_user_id',
'mail_domain' => 'domain_id',
+ 'mail_user' => 'mailuser_id',
+ 'mail_user_smtp' => 'mailuser_id',
'mail_forwarding' => 'forwarding_id',
'mail_get' => 'mailget_id',
'openvz_vm' => 'vm_id',
@@ -442,8 +450,8 @@
'web_folder_user' => 'web_folder_user_id'
);
- $udata = $app->db->queryOneRecord('SELECT `userid` FROM `sys_user` WHERE `client_id` = ' . $this->id);
- $gdata = $app->db->queryOneRecord('SELECT `groupid` FROM `sys_group` WHERE `client_id` = ' . $this->id);
+ $udata = $app->db->queryOneRecord('SELECT `userid` FROM `sys_user` WHERE `client_id` = ?', $this->id);
+ $gdata = $app->db->queryOneRecord('SELECT `groupid` FROM `sys_group` WHERE `client_id` = ?', $this->id);
$sys_groupid = $gdata['groupid'];
$sys_userid = $udata['userid'];
@@ -452,45 +460,67 @@
$prev_active = array();
$prev_sysuser = array();
foreach($to_disable as $current => $keycolumn) {
- $prev_active[$current] = array();
- $prev_sysuser[$current] = array();
+ $active_col = 'active';
+ $reverse = false;
+ if($current == 'mail_user') {
+ $active_col = 'postfix';
+ } elseif($current == 'mail_user_smtp') {
+ $current = 'mail_user';
+ $active_col = 'disablesmtp';
+ $reverse = true;
+ }
+
+ if(!isset($prev_active[$current])) $prev_active[$current] = array();
+ if(!isset($prev_sysuser[$current])) $prev_sysuser[$current] = array();
- $entries = $app->db->queryAllRecords('SELECT `' . $keycolumn . '` as `id`, `sys_userid`, `active` FROM `' . $current . '` WHERE `sys_groupid` = ' . $sys_groupid);
+ $entries = $app->db->queryAllRecords('SELECT ?? as `id`, `sys_userid`, ?? FROM ?? WHERE `sys_groupid` = ?', $keycolumn, $active_col, $current, $sys_groupid);
foreach($entries as $item) {
- if($item['active'] != 'y') $prev_active[$current][$item['id']]['active'] = 'n';
- if($item['sys_userid'] != $sys_userid) $prev_sysuser[$current][$item['id']]['active'] = $item['sys_userid'];
+ if($item[$active_col] != 'y' && $reverse == false) $prev_active[$current][$item['id']][$active_col] = 'n';
+ elseif($item[$active_col] == 'y' && $reverse == true) $prev_active[$current][$item['id']][$active_col] = 'y';
+ if($item['sys_userid'] != $sys_userid) $prev_sysuser[$current][$item['id']] = $item['sys_userid'];
// we don't have to store these if y, as everything without previous state gets enabled later
- $app->db->datalogUpdate($current, array('active' => 'n', 'sys_userid' => $_SESSION["s"]["user"]["userid"]), $keycolumn, $item['id']);
+ $app->db->datalogUpdate($current, array($active_col => ($reverse == true ? 'y' : 'n'), 'sys_userid' => $_SESSION["s"]["user"]["userid"]), $keycolumn, $item['id']);
}
}
$tmp_data['prev_active'] = $prev_active;
$tmp_data['prev_sys_userid'] = $prev_sysuser;
- $app->db->query("UPDATE `client` SET `tmp_data` = '" . $app->db->quote(serialize($tmp_data)) . "' WHERE `client_id` = " . $this->id);
+ $app->db->query("UPDATE `client` SET `tmp_data` = ? WHERE `client_id` = ?", serialize($tmp_data), $this->id);
unset($prev_active);
unset($prev_sysuser);
} elseif($this->dataRecord['locked'] == 'n') {
foreach($to_disable as $current => $keycolumn) {
- $entries = $app->db->queryAllRecords('SELECT `' . $keycolumn . '` as `id` FROM `' . $current . '` WHERE `sys_groupid` = ' . $sys_groupid);
+ $active_col = 'active';
+ $reverse = false;
+ if($current == 'mail_user') {
+ $active_col = 'postfix';
+ } elseif($current == 'mail_user_smtp') {
+ $current = 'mail_user';
+ $active_col = 'disablesmtp';
+ $reverse = true;
+ }
+
+ $entries = $app->db->queryAllRecords('SELECT ?? as `id` FROM ?? WHERE `sys_groupid` = ?', $keycolumn, $current, $sys_groupid);
foreach($entries as $item) {
- $set_active = 'y';
+ $set_active = ($reverse == true ? 'n' : 'y');
+ $set_inactive = ($reverse == true ? 'y' : 'n');
$set_sysuser = $sys_userid;
if(array_key_exists('prev_active', $tmp_data) == true
&& array_key_exists($current, $tmp_data['prev_active']) == true
&& array_key_exists($item['id'], $tmp_data['prev_active'][$current]) == true
- && $tmp_data['prev_active'][$current][$item['id']] == 'n') $set_active = 'n';
+ && $tmp_data['prev_active'][$current][$item['id']][$active_col] == $set_inactive) $set_active = $set_inactive;
if(array_key_exists('prev_sysuser', $tmp_data) == true
&& array_key_exists($current, $tmp_data['prev_sysuser']) == true
&& array_key_exists($item['id'], $tmp_data['prev_sysuser'][$current]) == true
&& $tmp_data['prev_sysuser'][$current][$item['id']] != $sys_userid) $set_sysuser = $tmp_data['prev_sysuser'][$current][$item['id']];
- $app->db->datalogUpdate($current, array('active' => $set_active, 'sys_userid' => $set_sysuser), $keycolumn, $item['id']);
+ $app->db->datalogUpdate($current, array($active_col => $set_active, 'sys_userid' => $set_sysuser), $keycolumn, $item['id']);
}
}
if(array_key_exists('prev_active', $tmp_data)) unset($tmp_data['prev_active']);
- $app->db->query("UPDATE `client` SET `tmp_data` = '" . $app->db->quote(serialize($tmp_data)) . "' WHERE `client_id` = " . $this->id);
+ $app->db->query("UPDATE `client` SET `tmp_data` = ? WHERE `client_id` = ?", serialize($tmp_data), $this->id);
}
unset($tmp_data);
unset($entries);
@@ -500,43 +530,42 @@
if(!isset($this->dataRecord['canceled'])) $this->dataRecord['canceled'] = 'n';
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && $this->dataRecord["canceled"] != $this->oldDataRecord['canceled']) {
if($this->dataRecord['canceled'] == 'y') {
- $sql = "UPDATE sys_user SET active = '0' WHERE client_id = " . $this->id;
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET active = '0' WHERE client_id = ?";
+ $app->db->query($sql, $this->id);
} elseif($this->dataRecord['canceled'] == 'n') {
- $sql = "UPDATE sys_user SET active = '1' WHERE client_id = " . $this->id;
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET active = '1' WHERE client_id = ?";
+ $app->db->query($sql, $this->id);
}
}
// language changed
if(isset($conf['demo_mode']) && $conf['demo_mode'] != true && isset($this->dataRecord['language']) && $this->dataRecord['language'] != '' && $this->oldDataRecord['language'] != $this->dataRecord['language']) {
- $language = $app->db->quote($this->dataRecord["language"]);
+ $language = $this->dataRecord["language"];
$client_id = $this->id;
- $sql = "UPDATE sys_user SET language = '$language' WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET language = ? WHERE client_id = ?";
+ $app->db->query($sql, $language, $client_id);
}
//* reseller status changed
if(isset($this->dataRecord["limit_client"]) && $this->dataRecord["limit_client"] != $this->oldDataRecord["limit_client"]) {
$modules = $conf['interface_modules_enabled'];
if($this->dataRecord["limit_client"] > 0) $modules .= ',client';
- $modules = $app->db->quote($modules);
$client_id = $this->id;
- $sql = "UPDATE sys_user SET modules = '$modules' WHERE client_id = $client_id";
- $app->db->query($sql);
+ $sql = "UPDATE sys_user SET modules = ? WHERE client_id = ?";
+ $app->db->query($sql, $modules, $client_id);
}
//* Client has been moved to another reseller
if($_SESSION['s']['user']['typ'] == 'admin' && isset($this->dataRecord['parent_client_id']) && $this->dataRecord['parent_client_id'] != $this->oldDataRecord['parent_client_id']) {
//* Get groupid of the client
- $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".intval($this->id));
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $this->id);
$groupid = $tmp['groupid'];
unset($tmp);
//* Remove sys_user of old reseller from client group
if($this->oldDataRecord['parent_client_id'] > 0) {
//* get userid of the old reseller remove it from the group of the client
- $tmp = $app->db->queryOneRecord("SELECT sys_user.userid FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ".$app->functions->intval($this->oldDataRecord['parent_client_id']));
+ $tmp = $app->db->queryOneRecord("SELECT sys_user.userid FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ?", $this->oldDataRecord['parent_client_id']);
$app->auth->remove_group_from_user($tmp['userid'], $groupid);
unset($tmp);
}
@@ -544,13 +573,13 @@
//* Add sys_user of new reseller to client group
if($this->dataRecord['parent_client_id'] > 0) {
//* get userid of the reseller and add it to the group of the client
- $tmp = $app->db->queryOneRecord("SELECT sys_user.userid, sys_user.default_group FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ".$app->functions->intval($this->dataRecord['parent_client_id']));
+ $tmp = $app->db->queryOneRecord("SELECT sys_user.userid, sys_user.default_group FROM sys_user,sys_group WHERE sys_user.default_group = sys_group.groupid AND sys_group.client_id = ?", $this->dataRecord['parent_client_id']);
$app->auth->add_group_to_user($tmp['userid'], $groupid);
- $app->db->query("UPDATE client SET sys_userid = ".$app->functions->intval($tmp['userid']).", sys_groupid = ".$app->functions->intval($tmp['default_group']).", parent_client_id = ".$app->functions->intval($this->dataRecord['parent_client_id'])." WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET sys_userid = ?, sys_groupid = ?, parent_client_id = ? WHERE client_id = ?", $tmp['userid'], $tmp['default_group'], $this->dataRecord['parent_client_id'], $this->id);
unset($tmp);
} else {
//* Client is not assigned to a reseller anymore, so we assign it to the admin
- $app->db->query("UPDATE client SET sys_userid = 1, sys_groupid = 1, parent_client_id = 0 WHERE client_id = ".$this->id);
+ $app->db->query("UPDATE client SET sys_userid = 1, sys_groupid = 1, parent_client_id = 0 WHERE client_id = ?", $this->id);
}
}
--
Gitblit v1.9.1