From 7b47c0aa0aeee6f059f00008e36cc210ca89ecb9 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Wed, 21 Aug 2013 10:28:20 -0400
Subject: [PATCH] Merged revisions 4069-4117 from stable branch.

---
 interface/web/sites/ajax_get_json.php |   33 +++++++++++++++++++++++++--------
 1 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/interface/web/sites/ajax_get_json.php b/interface/web/sites/ajax_get_json.php
index 334738a..9da4513 100644
--- a/interface/web/sites/ajax_get_json.php
+++ b/interface/web/sites/ajax_get_json.php
@@ -34,11 +34,12 @@
 //* Check permissions for module
 $app->auth->check_module_permissions('sites');
 
-$app->uses('getconf');
+$app->uses('getconf,tform');
 
 $server_id = $app->functions->intval($_GET["server_id"]);
 $web_id = $app->functions->intval($_GET["web_id"]);
 $php_type = $_GET["php_type"];
+$client_group_id = $app->functions->intval($_GET['client_group_id']);
 $type = $_GET["type"];
 
 //if($_SESSION["s"]["user"]["typ"] == 'admin') {
@@ -55,7 +56,7 @@
 	
 	if($type == 'getserverid'){
 		$json = '{"serverid":"';
-		$sql = "SELECT server_id FROM web_domain WHERE domain_id = $web_id";
+		$sql = "SELECT server_id FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');
 		$server = $app->db->queryOneRecord($sql);
 		$json .= $server['server_id'];
 		unset($server);
@@ -69,10 +70,26 @@
 		$web_config = $app->getconf->get_server_config($server_id, 'web');
 		if(!empty($web_config['server_type'])) $server_type = $web_config['server_type'];
 		if($server_type == 'nginx' && $php_type == 'fast-cgi') $php_type = 'php-fpm';
-		// get client id
 		$sql_where = '';
-		if($_SESSION["s"]["user"]["typ"] != 'admin'){
-			$sql_where = " AND client_id = ".$_SESSION["s"]["user"]["client_id"];
+		
+		//* Client: If the logged in user is not admin and has no sub clients (no reseller)
+		if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$sql_where = " AND (client_id = 0 OR client_id = ".$_SESSION["s"]["user"]["client_id"] . ")";
+		//* Reseller: If the logged in user is not admin and has sub clients (is a reseller)
+		} elseif ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = $client_group_id");
+			//$sql_where = " AND (client_id = 0 OR client_id = ".$_SESSION["s"]["user"]["client_id"];
+			$sql_where = " AND (client_id = 0";
+			if($app->functions->intval($client['client_id']) > 0) $sql_where .= " OR client_id = ".$app->functions->intval($client['client_id']);
+			$sql_where .= ")";
+		//* Admin: If the logged in user is admin
+		} else {
+			//$sql_where = '';
+			$client = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = $client_group_id");
+			//$sql_where = " AND (client_id = 0 OR client_id = ".$_SESSION["s"]["user"]["client_id"];
+			$sql_where = " AND (client_id = 0";
+			if($app->functions->intval($client['client_id']) > 0) $sql_where .= " OR client_id = ".$app->functions->intval($client['client_id']);
+			$sql_where .= ")";
 		}
 		
 		if($php_type == 'php-fpm'){
@@ -99,7 +116,7 @@
 	
 	if($type == 'getphptype'){
 		$json = '{"phptype":"';
-		$sql = "SELECT php FROM web_domain WHERE domain_id = $web_id";
+		$sql = "SELECT php FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');
 		$php = $app->db->queryOneRecord($sql);
 		$json .= $php['php'];
 		unset($php);
@@ -108,7 +125,7 @@
 	
 	if($type == 'getredirecttype'){
 		$json = '{"redirecttype":"';
-		$sql = "SELECT redirect_type FROM web_domain WHERE domain_id = $web_id";
+		$sql = "SELECT redirect_type FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');
 		$redirect = $app->db->queryOneRecord($sql);
 		$json .= $redirect['redirect_type'];
 		unset($redirect);
@@ -138,7 +155,7 @@
     if($type == 'getdatabaseusers') {
         $json = '{}';
 		
-		$sql = "SELECT sys_groupid FROM web_domain WHERE domain_id = $web_id";
+		$sql = "SELECT sys_groupid FROM web_domain WHERE domain_id = $web_id AND ".$app->tform->getAuthSQL('r');
         $group = $app->db->queryOneRecord($sql);
         if($group) {
             $sql = "SELECT database_user_id, database_user FROM web_database_user WHERE sys_groupid = '" . $group['sys_groupid'] . "'";

--
Gitblit v1.9.1