From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/client/reseller_del.php |   49 ++++++++++++++++++++++++++-----------------------
 1 files changed, 26 insertions(+), 23 deletions(-)

diff --git a/interface/web/client/reseller_del.php b/interface/web/client/reseller_del.php
index f75ecea..55872be 100644
--- a/interface/web/client/reseller_del.php
+++ b/interface/web/client/reseller_del.php
@@ -39,8 +39,8 @@
 * End Form configuration
 ******************************************/
 
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
 
 //* Check permissions for module
 $app->auth->check_module_permissions('client');
@@ -51,42 +51,45 @@
 $app->load('tform_actions');
 
 class page_action extends tform_actions {
-	
+
 	function onBeforeDelete() {
 		global $app, $conf;
-		
-		$client_id = intval($this->dataRecord['client_id']);
-		
-		$tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE parent_client_id = ".$client_id);
+
+		if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
+
+		$client_id = $app->functions->intval($this->dataRecord['client_id']);
+
+		$tmp = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE parent_client_id = ?", $client_id);
 		if($tmp["number"] > 0) $app->error($app->lng('error_has_clients'));
-		
+
 	}
-	
+
 	function onAfterDelete() {
 		global $app, $conf;
-		
-		$client_id = intval($this->dataRecord['client_id']);
-		
+
+		$client_id = $app->functions->intval($this->dataRecord['client_id']);
+
 		if($client_id > 0) {
 			// TODO: Delete all records (sub-clients, mail, web, etc....)  of this client.
-			
+
 			// remove the group of the client from the resellers group
-			$parent_client_id = intval($this->dataRecord['parent_client_id']);
-			$parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
-			$client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
-			$app->auth->remove_group_from_user($parent_user['userid'],$client_group['groupid']);
-			
+			$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
+			$parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
+			$client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
+			$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);
+
 			// delete the group of the client
-			$app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");
-			
+			$app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
+
 			// delete the sys user(s) of the client
-			$app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");
+			$app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
 		}
-		
+
 	}
+
 }
 
 $page = new page_action;
 $page->onDelete()
 
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1