From 9edea9976bd605071e0694a90d704266c0b7e0f9 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 14 Aug 2014 11:30:03 -0400
Subject: [PATCH] - Added warning in the interface when a path for a shelluser is set that is outside of the website docroot. - Added security settings feature to allow the root user of a server to control most aspects of whet the admin user of the controlpanel is allowed to do in system settings. This is especially useful for managed severs where the ispconfig admin user and the root user of the server are different persons.

---
 interface/lib/classes/custom_datasource.inc.php |  116 ++++++++++++++++++++++++++++++++++++++++++++++++++--------
 1 files changed, 100 insertions(+), 16 deletions(-)

diff --git a/interface/lib/classes/custom_datasource.inc.php b/interface/lib/classes/custom_datasource.inc.php
index 52cd8b7..f8b11bd 100644
--- a/interface/lib/classes/custom_datasource.inc.php
+++ b/interface/lib/classes/custom_datasource.inc.php
@@ -29,10 +29,10 @@
 */
 
 class custom_datasource {
-	
+
 	function master_templates($field, $record) {
 		global $app, $conf;
-		$records = $app->db->queryAllRecords("SELECT template_id,template_name FROM client_template WHERE template_type ='m'");
+		$records = $app->db->queryAllRecords("SELECT template_id,template_name FROM client_template WHERE template_type ='m' and ".$app->tform->getAuthSQL('r'));
 		$records_new[0] = $app->lng('Custom');
 		foreach($records as $rec) {
 			$key = $rec['template_id'];
@@ -40,15 +40,15 @@
 		}
 		return $records_new;
 	}
-	
+
 	function dns_servers($field, $record) {
 		global $app, $conf;
-		
+
 		if($_SESSION["s"]["user"]["typ"] == 'user') {
 			// Get the limits of the client
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 			$client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['default_dnsserver'];
+			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_dnsserver']);
 		} else {
 			$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
 		}
@@ -62,22 +62,106 @@
 		}
 		return $records_new;
 	}
-	
-	
+
+	function slave_dns_servers($field, $record) {
+		global $app, $conf;
+
+		if($_SESSION["s"]["user"]["typ"] == 'user') {
+			// Get the limits of the client
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
+			$client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['default_slave_dnsserver']);
+		} else {
+			$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
+		}
+		$records = $app->db->queryAllRecords($sql);
+		$records_new = array();
+		if(is_array($records)) {
+			foreach($records as $rec) {
+				$key = $rec['server_id'];
+				$records_new[$key] = $rec['server_name'];
+			}
+		}
+		return $records_new;
+	}
+
+	function webdav_domains($field, $record) {
+		global $app, $conf;
+
+		$servers = $app->db->queryAllRecords("SELECT * FROM server WHERE active = 1 AND mirror_server_id = 0");
+		$server_ids = array();
+		$app->uses('getconf');
+		if(is_array($servers) && !empty($servers)){
+			foreach($servers as $server){
+				$web_config = $app->getconf->get_server_config($server['server_id'], 'web');
+				if($web_config['server_type'] != 'nginx') $server_ids[] = $server['server_id'];
+			}
+		}
+		if(count($server_ids) == 0) return array();
+		$server_ids = implode(',', $server_ids);
+		$records = $app->db->queryAllRecords("SELECT web_domain.domain_id, CONCAT(web_domain.domain, ' :: ', server.server_name) AS parent_domain FROM web_domain, server WHERE web_domain.type = 'vhost' AND web_domain.server_id IN (".$app->db->quote($server_ids).") AND web_domain.server_id = server.server_id AND ".$app->tform->getAuthSQL('r', 'web_domain')." ORDER BY web_domain.domain");
+
+		$records_new = array();
+		if(is_array($records)) {
+			foreach($records as $rec) {
+				$key = $rec['domain_id'];
+				$records_new[$key] = $rec['parent_domain'];
+			}
+		}
+		return $records_new;
+	}
+
+
 	function client_servers($field, $record) {
 		global $app, $conf;
-		
+
 		$server_type = $field['name'];
-		
+
+		switch($server_type) {
+		case 'default_mailserver':
+			$field = 'mail_server';
+			break;
+		case 'default_webserver':
+			$field = 'web_server';
+			break;
+		case 'default_dnsserver':
+			$field = 'dns_server';
+			break;
+		case 'default_slave_dnsserver':
+			$field = 'dns_server';
+			break;
+		case 'default_fileserver':
+			$field = 'file_server';
+			break;
+		case 'default_dbserver':
+			$field = 'db_server';
+			break;
+		case 'default_vserverserver':
+			$field = 'vserver_server';
+			break;
+		default:
+			$field = 'web_server';
+			break;
+		}
+
 		if($_SESSION["s"]["user"]["typ"] == 'user') {
 			// Get the limits of the client
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 			$sql = "SELECT $server_type as server_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id";
 			$client = $app->db->queryOneRecord($sql);
-			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$client['server_id'];
+			if($client['server_id'] > 0) {
+				//* Select the default server for the client
+				$sql = "SELECT server_id,server_name FROM server WHERE server_id = ".$app->functions->intval($client['server_id']);
+			} else {
+				//* Not able to find the clients defaults, use this as fallback and add a warning message to the log
+				$app->log('Unable to find default server for client in custom_datasource.inc.php', 1);
+				$sql = "SELECT server_id,server_name FROM server WHERE $field = 1 ORDER BY server_name";
+			}
 		} else {
-			$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
+			//* The logged in user is admin, so we show him all available servers of a specific type.
+			$sql = "SELECT server_id,server_name FROM server WHERE $field = 1 ORDER BY server_name";
 		}
+
 		$records = $app->db->queryAllRecords($sql);
 		$records_new = array();
 		if(is_array($records)) {
@@ -88,9 +172,9 @@
 		}
 		return $records_new;
 	}
-	
-	
+
+
 
 }
 
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1