From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Thu, 06 Aug 2015 03:18:44 -0400 Subject: [PATCH] - don't set password via remoting if field is empty --- interface/web/client/domain_edit.php | 62 ++++++++++++++++++++++++------ 1 files changed, 49 insertions(+), 13 deletions(-) diff --git a/interface/web/client/domain_edit.php b/interface/web/client/domain_edit.php index a79ba85..9064581 100644 --- a/interface/web/client/domain_edit.php +++ b/interface/web/client/domain_edit.php @@ -89,7 +89,7 @@ if(is_array($clients)) { foreach( $clients as $client) { $selected = ($client["groupid"] == $tmp_data_record["sys_groupid"])?'SELECTED':''; - $client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n"; + $client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n"; } } $app->tpl->setVar("client_group_id", $client_select); @@ -97,13 +97,13 @@ } else { // Get the limits of the client $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); - $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); + $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); // Fill the client select field - $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY client.company_name, client.contact_name, sys_group.name"; + $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name"; //die($sql); - $records = $app->db->queryAllRecords($sql); - $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id'])); + $records = $app->db->queryAllRecords($sql, $client['client_id']); + $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']); $client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>'; //$tmp_data_record = $app->tform->getDataRecord($this->id); if(is_array($records)) { @@ -195,9 +195,9 @@ // make sure that the record belongs to the client group and not the admin group when admin inserts it // also make sure that the user can not delete domain created by a admin - if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) { + if(($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) || ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid']))) { $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); - $app->db->query("UPDATE domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id); + $app->db->query("UPDATE domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id); } } @@ -206,18 +206,54 @@ if($_SESSION["s"]["user"]["typ"] != 'admin' && isset($this->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); - $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); - $group = $app->db->queryOneRecord("SELECT sys_group.groupid FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." AND sys_group.groupid = ".$this->dataRecord["client_group_id"]." ORDER BY client.company_name, client.contact_name, sys_group.name"; + $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); + $group = $app->db->queryOneRecord("SELECT sys_group.groupid FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? AND sys_group.groupid = ? ORDER BY client.company_name, client.contact_name, sys_group.name", $client['client_id'], $this->dataRecord["client_group_id"]); $this->dataRecord["client_group_id"] = $group["groupid"]; - } + } // make sure that the record belongs to the client group and not the admin group when admin inserts it // also make sure that the user can not delete domain created by a admin if(isset($this->dataRecord["client_group_id"])) { $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]); - $app->db->query("UPDATE domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id); - $lng_text = $app->lng("domain_owner_changed"); - $_SESSION['show_warning_msg'] = str_replace("{domain}", $this->dataRecord["domain"], $lng_text); + $app->db->query("UPDATE domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id); + + $data = new tform_actions(); + $tform = $app->tform; + $app->tform = new tform(); + + $app->tform->loadFormDef("../dns/form/dns_soa.tform.php"); + $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM dns_soa WHERE origin = ?", $this->dataRecord['domain']."."); + if ($data->oldDataRecord) { + $data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"])); + $data->id = $data->dataRecord['id']; + $app->plugin->raiseEvent("dns:dns_soa:on_after_update", $data); + } + + $app->tform->loadFormDef("../dns/form/dns_slave.tform.php"); + $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM dns_slave WHERE origin = ?", $this->dataRecord['domain']."."); + if ($data->oldDataRecord) { + $data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"])); + $data->id = $data->dataRecord['id']; + $app->plugin->raiseEvent("dns:dns_slave:on_after_update", $data); + } + + $app->tform->loadFormDef("../mail/form/mail_domain.tform.php"); + $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM mail_domain WHERE domain = ?", $this->dataRecord['domain']); + if ($data->oldDataRecord) { + $data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"])); + $data->id = $data->dataRecord['domain_id']; + $app->plugin->raiseEvent("mail:mail_domain:on_after_update", $data); + } + + $app->tform->loadFormDef("../sites/form/web_vhost_domain.tform.php"); + $data->oldDataRecord = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = ?", $this->dataRecord['domain']); + if ($data->oldDataRecord) { + $data->dataRecord = array_merge($data->oldDataRecord, array('client_group_id' => $this->dataRecord["client_group_id"])); + $data->id = $data->dataRecord['domain_id']; + $app->plugin->raiseEvent("sites:web_vhost_domain:on_after_update", $data); + } + + $app->tform = $tform; } } -- Gitblit v1.9.1