From b2cee83e8894e89fd3e0793c84fb92a8cf928613 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Tue, 19 Apr 2016 14:17:54 -0400
Subject: [PATCH] - fixed problem on select boxes with hidden options

---
 interface/lib/classes/remote.d/sites.inc.php |  173 +++++++++++++++++++++++++++++++++++++++++++++++++--------
 1 files changed, 147 insertions(+), 26 deletions(-)

diff --git a/interface/lib/classes/remote.d/sites.inc.php b/interface/lib/classes/remote.d/sites.inc.php
index 704a87e..22c1657 100644
--- a/interface/lib/classes/remote.d/sites.inc.php
+++ b/interface/lib/classes/remote.d/sites.inc.php
@@ -102,7 +102,8 @@
 		$app->remoting_lib->loadFormDef('../sites/form/database.tform.php');
 		return $app->remoting_lib->getDataRecord($primary_id);
 	}
-
+	
+	/* TODO: secure queries! */
 	//* Add a record
 	public function sites_database_add($session_id, $client_id, $params)
 	{
@@ -114,7 +115,7 @@
 		}
 
 		//* Check for duplicates
-		$tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = '".$app->db->quote($params['database_name'])."' AND server_id = '".intval($params["server_id"])."'");
+		$tmp = $app->db->queryOneRecord("SELECT count(database_id) as dbnum FROM web_database WHERE database_name = ? AND server_id = ?", $params['database_name'], $params["server_id"]);
 		if($tmp['dbnum'] > 0) {
 			throw new SoapFault('database_name_error_unique', 'There is already a database with that name on the same server.');
 			return false;
@@ -126,9 +127,19 @@
 
 			$this->id = 0;
 			$this->dataRecord = $params;
-			$app->sites_database_plugin->processDatabaseInsert($this);
 
-			return $this->insertQueryExecute($sql, $params);
+			$retval = $this->insertQueryExecute($sql, $params);
+			$app->sites_database_plugin->processDatabaseInsert($this);
+			
+			// set correct values for backup_interval and backup_copies
+			if(isset($params['backup_interval']) || isset($params['backup_copies'])){
+				$sql_set = array();
+				if(isset($params['backup_interval'])) $sql_set[] = "backup_interval = '".$app->db->quote($params['backup_interval'])."'";
+				if(isset($params['backup_copies'])) $sql_set[] = "backup_copies = ".$app->functions->intval($params['backup_copies']);
+				$this->updateQueryExecute("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$retval, $retval, $params);
+			}
+			
+			return $retval;
 		}
 
 		return false;
@@ -151,7 +162,17 @@
 			$this->id = $primary_id;
 			$this->dataRecord = $params;
 			$app->sites_database_plugin->processDatabaseUpdate($this);
-			return $this->updateQueryExecute($sql, $primary_id, $params);
+			$retval = $this->updateQueryExecute($sql, $primary_id, $params);
+			
+			// set correct values for backup_interval and backup_copies
+			if(isset($params['backup_interval']) || isset($params['backup_copies'])){
+				$sql_set = array();
+				if(isset($params['backup_interval'])) $sql_set[] = "backup_interval = '".$app->db->quote($params['backup_interval'])."'";
+				if(isset($params['backup_copies'])) $sql_set[] = "backup_copies = ".$app->functions->intval($params['backup_copies']);
+				$this->updateQueryExecute("UPDATE web_database SET ".implode(', ', $sql_set)." WHERE database_id = ".$primary_id, $primary_id, $params);
+			}
+			
+			return $retval;
 		}
 
 		return false;
@@ -217,7 +238,7 @@
 
 		$new_rec = $app->remoting_lib->getDataRecord($primary_id);
 
-		$records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".$app->functions->intval($primary_id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($primary_id)."'");
+		$records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = ? UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = ?", $primary_id, $primary_id);
 		foreach($records as $rec) {
 			$tmp_rec = $new_rec;
 			$tmp_rec['server_id'] = $rec['server_id'];
@@ -243,14 +264,14 @@
 		$app->db->datalogDelete('web_database_user', 'database_user_id', $primary_id);
 		$affected_rows = $this->deleteQuery('../sites/form/database_user.tform.php', $primary_id);
 
-		$records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = '".$app->functions->intval($primary_id)."'");
+		$records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = ?", $primary_id);
 		foreach($records as $rec) {
-			$app->db->datalogUpdate('web_database', 'database_user_id=NULL', 'database_id', $rec['database_id']);
+			$app->db->datalogUpdate('web_database', array('database_user_id' => null), 'database_id', $rec['database_id']);
 
 		}
-		$records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = '".$app->functions->intval($primary_id)."'");
+		$records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = ?", $primary_id);
 		foreach($records as $rec) {
-			$app->db->datalogUpdate('web_database', 'database_ro_user_id=NULL', 'database_id', $rec['database_id']);
+			$app->db->datalogUpdate('web_database', array('database_ro_user_id' => null), 'database_id', $rec['database_id']);
 		}
 
 		return $affected_rows;
@@ -314,7 +335,7 @@
 			return false;
 		}
 
-		$data = $app->db->queryOneRecord("SELECT server_id FROM ftp_user WHERE username = '".$app->db->quote($ftp_user)."'");
+		$data = $app->db->queryOneRecord("SELECT server_id FROM ftp_user WHERE username = ?", $ftp_user);
 		//file_put_contents('/tmp/test.txt', serialize($data));
 		if(!isset($data['server_id'])) return false;
 
@@ -384,7 +405,7 @@
 			return false;
 		}
 		$app->uses('remoting_lib');
-		$app->remoting_lib->loadFormDef('../sites/form/web_domain.tform.php');
+		$app->remoting_lib->loadFormDef('../sites/form/web_vhost_domain.tform.php');
 		return $app->remoting_lib->getDataRecord($primary_id);
 	}
 
@@ -398,7 +419,7 @@
 		}
 
 		if(!isset($params['client_group_id']) or (isset($params['client_group_id']) && empty($params['client_group_id']))) {
-			$rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client_id));
+			$rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
 			$params['client_group_id'] = $rec['groupid'];
 		}
 
@@ -413,9 +434,9 @@
 		if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
 		if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
 
-		$domain_id = $this->insertQuery('../sites/form/web_domain.tform.php', $client_id, $params, 'sites:web_domain:on_after_insert');
+		$domain_id = $this->insertQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $params, 'sites:web_domain:on_after_insert');
 		if ($readonly === true)
-			$app->db->query("UPDATE web_domain SET `sys_userid` = '1' WHERE domain_id = ".$domain_id);
+			$app->db->query("UPDATE web_domain SET `sys_userid` = '1' WHERE domain_id = ?", $domain_id);
 		return $domain_id;
 	}
 
@@ -433,7 +454,7 @@
 		if($params['pm_min_spare_servers'] == '') $params['pm_min_spare_servers'] = 1;
 		if($params['pm_max_spare_servers'] == '') $params['pm_max_spare_servers'] = 1;
 
-		$affected_rows = $this->updateQuery('../sites/form/web_domain.tform.php', $client_id, $primary_id, $params);
+		$affected_rows = $this->updateQuery('../sites/form/web_vhost_domain.tform.php', $client_id, $primary_id, $params);
 		return $affected_rows;
 	}
 
@@ -444,7 +465,7 @@
 			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
 			return false;
 		}
-		$affected_rows = $this->deleteQuery('../sites/form/web_domain.tform.php', $primary_id);
+		$affected_rows = $this->deleteQuery('../sites/form/web_vhost_domain.tform.php', $primary_id);
 		return $affected_rows;
 	}
 
@@ -729,7 +750,7 @@
 		}
 
 		// Delete all users that belong to this folder. - taken from web_folder_delete.php
-		$records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = '".$app->functions->intval($primary_id)."'");
+		$records = $app->db->queryAllRecords("SELECT web_folder_user_id FROM web_folder_user WHERE web_folder_id = ?", $primary_id);
 		foreach($records as $rec) {
 			$this->deleteQuery('../sites/form/web_folder_user.tform.php', $rec['web_folder_user_id']);
 			//$app->db->datalogDelete('web_folder_user','web_folder_user_id',$rec['web_folder_user_id']);
@@ -843,11 +864,11 @@
 			} else {
 				$status = 'n';
 			}
-			$app->remoting_lib->loadFormDef('../sites/form/web_domain.tform.php');
+			$app->remoting_lib->loadFormDef('../sites/form/web_vhost_domain.tform.php');
 			$params = $app->remoting_lib->getDataRecord($primary_id);
 			$params['active'] = $status;
 			
-			$affected_rows = $this->updateQuery('../sites/form/web_domain.tform.php', 0, $primary_id, $params);
+			$affected_rows = $this->updateQuery('../sites/form/web_vhost_domain.tform.php', 0, $primary_id, $params);
 			return $affected_rows;
 		} else {
 			throw new SoapFault('status_undefined', 'The status is not available');
@@ -867,13 +888,71 @@
 			return false;
 		}
 		$client_id = $app->functions->intval($client_id);
-		$sql = "SELECT d.database_id, d.database_name, d.database_user_id, d.database_ro_user_id, du.database_user, du.database_password FROM web_database d LEFT JOIN web_database_user du ON (du.database_user_id = d.database_user_id) INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = $client_id";
-		$all = $app->db->queryAllRecords($sql);
+		$sql = "SELECT d.database_id, d.database_name, d.database_user_id, d.database_ro_user_id, du.database_user, du.database_password FROM web_database d LEFT JOIN web_database_user du ON (du.database_user_id = d.database_user_id) INNER JOIN sys_user s on(d.sys_groupid = s.default_group) WHERE client_id = ?";
+		$all = $app->db->queryAllRecords($sql, $client_id);
 		return $all;
 	}
-
+	
+	//** backup functions -----------------------------------------------------------------------------------
+	public function sites_web_domain_backup_list($session_id, $site_id = null)
+	{
+		global $app;
+	
+		if(!$this->checkPerm($session_id, 'sites_web_domain_backup')) {
+			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+			return false;
+		}
+		
+		$result = $app->db->queryAllRecords("SELECT * FROM web_backup".(($site_id != null)?' WHERE parent_domain_id = ?':''), $site_id);
+		return $result;
+	}
+	
+	//* Backup download and restoration by Abdi Joseph
+	public function sites_web_domain_backup($session_id, $primary_id, $action_type)
+	{
+		global $app;
+	
+		if(!$this->checkPerm($session_id, 'sites_web_domain_backup')) {
+			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+			return false;
+		}
+	
+		//*Set variables
+		$backup_record = $app->db->queryOneRecord("SELECT * FROM `web_backup` WHERE `backup_id`= ?", $primary_id);
+		$server_id = $backup_record['server_id'];
+	
+		//*Set default action state
+		$action_state = "pending";
+		$tstamp = time();
+	
+		//* Basic validation of variables
+		if ($server_id <= 0) {
+			$this->server->fault('invalid_backup_id', "Invalid or non existant backup_id $primary_id");
+			return false;
+		}
+	
+		if ($action_type != 'backup_download' and $action_type != 'backup_restore' and $action_type != 'backup_delete') {
+			$this->server->fault('invalid_action', "Invalid action_type $action_type");
+			return false;
+		}
+	
+		//* Validate instance
+		$instance_record = $app->db->queryOneRecord("SELECT * FROM `sys_remoteaction` WHERE `action_param`= ? and `action_type`= ? and `action_state`= ?", $primary_id, $action_type, 'pending');
+		if ($instance_record['action_id'] >= 1) {
+			$this->server->fault('duplicate_action', "There is already a pending $action_type action");
+			return false;
+		}
+	
+		//* Save the record
+		if ($app->db->query("INSERT INTO `sys_remoteaction` SET `server_id` = ?, `tstamp` = ?, `action_type` = ?, `action_param` = ?, `action_state` = ?", $server_id, $tstamp, $action_type, $primary_id, $action_state)) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+	
 	//** quota functions -----------------------------------------------------------------------------------
-	public function quota_get_by_user($session_id, $group_id)
+	public function quota_get_by_user($session_id, $client_id)
 	{
 		global $app;
 		$app->uses('quota_lib');
@@ -882,9 +961,51 @@
 			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
 			return false;
 		}
-		$group_id = $app->functions->intval($group_id);
 	
-		return $app->quota_lib->get_quota_data($group_id, false);
+		return $app->quota_lib->get_quota_data($client_id, false);
+	}
+	
+	public function trafficquota_get_by_user($session_id, $client_id, $lastdays = 0)
+	{
+		global $app;
+		$app->uses('quota_lib');
+		
+		if(!$this->checkPerm($session_id, 'trafficquota_get_by_user')) {
+			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+			return false;
+		}
+		if ($client_id != null)
+			$client_id = $app->functions->intval($client_id);
+		
+		return $app->quota_lib->get_trafficquota_data($client_id, $lastdays);
+	}
+	
+	public function ftptrafficquota_data($session_id, $client_id, $lastdays = 0)
+	{
+		global $app;
+		$app->uses('quota_lib');
+		
+		if(!$this->checkPerm($session_id, 'trafficquota_get_by_user')) {
+			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+			return false;
+		}
+		if ($client_id != null)
+			$client_id = $app->functions->intval($client_id);
+		
+		return $app->quota_lib->get_ftptrafficquota_data($client_id, $lastdays);
+	}
+	
+	public function databasequota_get_by_user($session_id, $client_id)
+	{
+		global $app;
+		$app->uses('quota_lib');
+	
+		if(!$this->checkPerm($session_id, 'databasequota_get_by_user')) {
+			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+			return false;
+		}
+	
+		return $app->quota_lib->get_databasequota_data($client_id, false);
 	}
 	
 	

--
Gitblit v1.9.1