From ce6dcf483febeb655958e0afae0eb320bed05bea Mon Sep 17 00:00:00 2001 From: tbrehm Date: Tue, 10 Mar 2009 15:54:51 +0000 Subject: [PATCH] Fixed bugs in opensuse config and docs Fixed a bug that prevented the modification of website settings of a site that the user created. --- docs/INSTALL_OPENSUSE_11_1.txt | 5 + install/dist/lib/opensuse.lib.php | 5 + install/lib/installer_base.lib.php | 2 +- interface/lib/classes/tform.inc.php | 2281 +++++++++-------- interface/lib/classes/tform_actions.inc.php | 2 +- server/conf/vhost.conf.master | 14 +- .../shelluser_base_plugin.inc.php | 4 +- .../shelluser_jailkit_plugin.inc.php | 2 +- server/server.php | 1 + 9 files changed, 1174 insertions(+), 1142 deletions(-) diff --git a/docs/INSTALL_OPENSUSE_11_1.txt b/docs/INSTALL_OPENSUSE_11_1.txt index 56e3302d8..b755dae62 100644 --- a/docs/INSTALL_OPENSUSE_11_1.txt +++ b/docs/INSTALL_OPENSUSE_11_1.txt @@ -73,6 +73,11 @@ mysqladmin -u root password yourrootsqlpassword mysqladmin -h ispconfig.local -u root password yourrootsqlpassword +// Install phpmyadmin +yast2 -i pwgen +rpm -i http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_11.1/noarch/phpMyAdmin-3.1.2-1.1.noarch.rpm + + 2) Install Amavisd-new, Spamassassin and Clamav (1 line!): yast2 -i amavisd-new clamav clamav-db zoo unzip unrar bzip2 unarj perl-DBD-mysql diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php index 25e103721..370353244 100644 --- a/install/dist/lib/opensuse.lib.php +++ b/install/dist/lib/opensuse.lib.php @@ -429,6 +429,11 @@ class installer_dist extends installer_base { //* Create the logging directory for the vhost logfiles exec('mkdir -p /var/log/ispconfig/httpd'); + if(is_file('/etc/suphp/suphp.conf')) { + replaceLine('/etc/suphp.conf','php=php:/srv/www/cgi-bin/php5','x-httpd-suphp=php:/srv/www/cgi-bin/php5',0); + replaceLine('/etc/suphp.conf','docroot=','docroot=/var/clients',0); + } + // Sites enabled and avaulable dirs exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']); exec('mkdir -p '.$conf['apache']['vhost_conf_dir']); diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index c68cd88e5..a22ab5074 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -705,7 +705,7 @@ class installer_base { if(is_file('/etc/suphp/suphp.conf')) { replaceLine('/etc/suphp/suphp.conf','php=php:/usr/bin','x-httpd-suphp=php:/usr/bin/php-cgi',0); - replaceLine('/etc/suphp/suphp.conf','docroot=','docroot=/var/clients',0); + //replaceLine('/etc/suphp/suphp.conf','docroot=','docroot=/var/clients',0); } if(is_file('/etc/apache2/sites-enabled/000-default')) { diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php index 2b4f0b946..11adc15b5 100644 --- a/interface/lib/classes/tform.inc.php +++ b/interface/lib/classes/tform.inc.php @@ -1,1135 +1,1148 @@ -tableDef = $table; - $this->table_name = $table_name; - $this->table_index = $table_index; - return true; - } - */ - - function loadFormDef($file,$module = '') { - global $app,$conf; - - include_once($file); - $this->formDef = $form; - - $this->module = $module; - $wb = array(); - - include_once(ISPC_ROOT_PATH.'/lib/lang/'.$_SESSION['s']['language'].'.lng'); - if($module == '') { - $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng"; - if(!file_exists($lng_file)) $lng_file = "lib/lang/en_".$this->formDef["name"].".lng"; - include($lng_file); - } else { - $lng_file = "../$module/lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng"; - if(!file_exists($lng_file)) $lng_file = "../$module/lib/lang/en_".$this->formDef["name"].".lng"; - include($lng_file); - } - $this->wordbook = $wb; - - return true; - } - - - /** - * Converts the data in the array to human readable format - * Datatype conversion e.g. to show the data in lists - * - * @param record - * @return record - */ - function decode($record,$tab) { - if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab does not exist or the tab is empty (TAB: $tab)."); - $new_record = ''; - if(is_array($record)) { - foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { - switch ($field['datatype']) { - case 'VARCHAR': - $new_record[$key] = stripslashes($record[$key]); - break; - - case 'TEXT': - $new_record[$key] = stripslashes($record[$key]); - break; - - case 'DATE': - if($record[$key] > 0) { - $new_record[$key] = date($this->dateformat,$record[$key]); - } - break; - - case 'INTEGER': - $new_record[$key] = intval($record[$key]); - break; - - case 'DOUBLE': - $new_record[$key] = $record[$key]; - break; - - case 'CURRENCY': - $new_record[$key] = number_format($record[$key], 2, ',', ''); - break; - - default: - $new_record[$key] = stripslashes($record[$key]); - } - } - - } - - return $new_record; - } - - /** - * Get the key => value array of a form filed from a datasource definitiom - * - * @param field = array with field definition - * @param record = Dataset as array - * @return key => value array for the value field of a form - */ - - function getDatasourceData($field, $record) { - global $app; - - $values = array(); - - if($field["datasource"]["type"] == 'SQL') { - - // Preparing SQL string. We will replace some - // common placeholders - $querystring = $field["datasource"]["querystring"]; - $querystring = str_replace("{USERID}",$_SESSION["s"]["user"]["userid"],$querystring); - $querystring = str_replace("{GROUPID}",$_SESSION["s"]["user"]["default_group"],$querystring); - $querystring = str_replace("{GROUPS}",$_SESSION["s"]["user"]["groups"],$querystring); - $table_idx = $this->formDef['db_table_idx']; - - $tmp_recordid = (isset($record[$table_idx]))?$record[$table_idx]:0; - $querystring = str_replace("{RECORDID}",$tmp_recordid,$querystring); - unset($tmp_recordid); - - $querystring = str_replace("{AUTHSQL}",$this->getAuthSQL('r'),$querystring); - - // Getting the records - $tmp_records = $app->db->queryAllRecords($querystring); - if($app->db->errorMessage != '') die($app->db->errorMessage); - if(is_array($tmp_records)) { - $key_field = $field["datasource"]["keyfield"]; - $value_field = $field["datasource"]["valuefield"]; - foreach($tmp_records as $tmp_rec) { - $tmp_id = $tmp_rec[$key_field]; - $values[$tmp_id] = $tmp_rec[$value_field]; - } - } - } - - if($field["datasource"]["type"] == 'CUSTOM') { - // Calls a custom class to validate this record - if($field["datasource"]['class'] != '' and $field["datasource"]['function'] != '') { - $datasource_class = $field["datasource"]['class']; - $datasource_function = $field["datasource"]['function']; - $app->uses($datasource_class); - $values = $app->$datasource_class->$datasource_function($field, $record); - } else { - $this->errorMessage .= "Custom datasource class or function is empty
\r\n"; - } - } - - return $values; - - } - - //* If the parameter 'valuelimit' is set - function applyValueLimit($limit,$values) { - - global $app; - - $limit_parts = explode(':',$limit); - - //* values are limited to a comma separated list - if($limit_parts[0] == 'list') { - $allowed = explode(',',$limit_parts[1]); - } - - //* values are limited to a field in the client settings - if($limit_parts[0] == 'client') { - if($_SESSION["s"]["user"]["typ"] == 'admin') { - return $values; - } else { - $client_group_id = $_SESSION["s"]["user"]["default_group"]; - $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); - $allowed = explode(',',$client['lm']); - } - } - - //* values are limited to a field in the system settings - if($limit_parts[0] == 'system') { - $app->uses('getconf'); - $tmp_conf = $app->getconf->get_global_config($limit_parts[1]); - $tmp_key = $limit_parts[2]; - $allowed = $tmp_conf[$tmp_key]; - } - - $values_new = array(); - foreach($values as $key => $val) { - if(in_array($key,$allowed)) $values_new[$key] = $val; - } - - return $values_new; - } - - - /** - * Prepare the data record to show the data in a form. - * - * @param record = Datensatz als Array - * @param action = NEW oder EDIT - * @return record - */ - function getHTML($record, $tab, $action = 'NEW') { - - global $app; - - $this->action = $action; - - if(!is_array($this->formDef)) $app->error("No form definition found."); - if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab)."); - - $new_record = array(); - if($action == 'EDIT') { - $record = $this->decode($record,$tab); - if(is_array($record)) { - foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { - $val = $record[$key]; - - // If Datasource is set, get the data from there - if(isset($field['datasource']) && is_array($field['datasource'])) { - $field["value"] = $this->getDatasourceData($field, $record); - } - - // If a limitation for the values is set - if(isset($field['valuelimit']) && is_array($field["value"])) { - $field["value"] = $this->applyValueLimit($field['valuelimit'],$field["value"]); - } - - switch ($field['formtype']) { - case 'SELECT': - $out = ''; - if(is_array($field['value'])) { - foreach($field['value'] as $k => $v) { - $selected = ($k == $val)?' SELECTED':''; - $out .= "\r\n"; - } - } - $new_record[$key] = $out; - break; - case 'MULTIPLE': - if(is_array($field['value'])) { - - // Split - $vals = explode($field['separator'],$val); - - // write HTML - $out = ''; - foreach($field['value'] as $k => $v) { - - $selected = ''; - foreach($vals as $tvl) { - if(trim($tvl) == trim($k)) $selected = ' SELECTED'; - } - - $out .= "\r\n"; - } - } - $new_record[$key] = $out; - break; - - case 'PASSWORD': - $new_record[$key] = ''; - break; - - case 'CHECKBOX': - $checked = ($val == $field['value'][1])?' CHECKED':''; - $new_record[$key] = "\r\n"; - break; - - case 'CHECKBOXARRAY': - if(is_array($field['value'])) { - - // aufsplitten ergebnisse - $vals = explode($field['separator'],$val); - - // HTML schreiben - $out = ''; - foreach($field['value'] as $k => $v) { - - $checked = ''; - foreach($vals as $tvl) { - if(trim($tvl) == trim($k)) $checked = ' CHECKED'; - } - $out .= "\r\n"; - } - } - $new_record[$key] = $out; - break; - - case 'RADIO': - if(is_array($field['value'])) { - - // HTML schreiben - $out = ''; - foreach($field['value'] as $k => $v) { - $checked = ($k == $val)?' CHECKED':''; - $out .= "\r\n"; - } - } - $new_record[$key] = $out; - break; - - default: - $new_record[$key] = htmlspecialchars($record[$key]); - } - } - } - } else { - // Action: NEW - foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { - - // If Datasource is set, get the data from there - if(@is_array($field['datasource'])) { - $field["value"] = $this->getDatasourceData($field, $record); - } - - // If a limitation for the values is set - if(isset($field['valuelimit']) && is_array($field["value"])) { - $field["value"] = $this->applyValueLimit($field['valuelimit'],$field["value"]); - } - - switch ($field['formtype']) { - case 'SELECT': - if(is_array($field['value'])) { - $out = ''; - foreach($field['value'] as $k => $v) { - //$selected = ($k == $val)?' SELECTED':''; - $selected = ''; - $out .= "\r\n"; - } - } - if(isset($out)) $new_record[$key] = $out; - break; - case 'MULTIPLE': - if(is_array($field['value'])) { - - // aufsplitten ergebnisse - $vals = explode($field['separator'],$val); - - // HTML schreiben - $out = ''; - foreach($field['value'] as $k => $v) { - - $out .= "\r\n"; - } - } - $new_record[$key] = $out; - break; - - case 'PASSWORD': - $new_record[$key] = ''; - break; - - case 'CHECKBOX': - // $checked = (empty($field["default"]))?'':' CHECKED'; - $checked = ($field["default"] == $field['value'][1])?' CHECKED':''; - $new_record[$key] = "\r\n"; - break; - - case 'CHECKBOXARRAY': - if(is_array($field['value'])) { - - // aufsplitten ergebnisse - $vals = explode($field['separator'],$field["default"]); - - // HTML schreiben - $out = ''; - foreach($field['value'] as $k => $v) { - - $checked = ''; - foreach($vals as $tvl) { - if(trim($tvl) == trim($k)) $checked = ' CHECKED'; - } - $out .= "\r\n"; - } - } - $new_record[$key] = $out; - break; - - case 'RADIO': - if(is_array($field['value'])) { - - // HTML schreiben - $out = ''; - foreach($field['value'] as $k => $v) { - $checked = ($k == $field["default"])?' CHECKED':''; - $out .= "\r\n"; - } - } - $new_record[$key] = $out; - break; - - default: - $new_record[$key] = htmlspecialchars($field['default']); - } - } - - } - - if($this->debug == 1) $this->dbg($new_record); - - return $new_record; - } - - /** - * Rewrite the record data to be stored in the database - * and check values with regular expressions. - * - * @param record = Datensatz als Array - * @return record - */ - function encode($record,$tab) { - global $app; - - if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab is empty or does not exist (TAB: $tab)."); - //$this->errorMessage = ''; - - if(is_array($record)) { - foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { - - if(isset($field['validators']) && is_array($field['validators'])) $this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']); - - switch ($field['datatype']) { - case 'VARCHAR': - if(!@is_array($record[$key])) { - $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):''; - } else { - $new_record[$key] = implode($field['separator'],$record[$key]); - } - break; - case 'TEXT': - if(!is_array($record[$key])) { - $new_record[$key] = $app->db->quote($record[$key]); - } else { - $new_record[$key] = implode($field['separator'],$record[$key]); - } - break; - case 'DATE': - if($record[$key] > 0) { - list($tag,$monat,$jahr) = explode('.',$record[$key]); - $new_record[$key] = mktime(0,0,0,$monat,$tag,$jahr); - } else { - $new_record[$key] = 0; - } - break; - case 'INTEGER': - $new_record[$key] = (isset($record[$key]))?$record[$key]:0; - //if($new_record[$key] != $record[$key]) $new_record[$key] = $field['default']; - //if($key == 'refresh') die($record[$key]); - break; - case 'DOUBLE': - $new_record[$key] = $app->db->quote($record[$key]); - break; - case 'CURRENCY': - $new_record[$key] = str_replace(",",".",$record[$key]); - break; - } - - // The use of the field value is deprecated, use validators instead - if(isset($field['regex']) && $field['regex'] != '') { - // Enable that "." matches also newlines - $field['regex'] .= 's'; - if(!preg_match($field['regex'], $record[$key])) { - $errmsg = $field['errmsg']; - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } - } - - - } - } - return $new_record; - } - - /** - * process the validators for a given field. - * - * @param field_name = Name of the field - * @param field_value = value of the field - * @param validatoors = Array of validators - * @return record - */ - - function validateField($field_name, $field_value, $validators) { - - global $app; - - $escape = '`'; - - // loop trough the validators - foreach($validators as $validator) { - - switch ($validator['type']) { - case 'REGEX': - $validator['regex'] .= 's'; - if(!preg_match($validator['regex'], $field_value)) { - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - break; - case 'UNIQUE': - if($this->action == 'NEW') { - $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'"); - if($num_rec["number"] > 0) { - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - } else { - $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id); - if($num_rec["number"] > 0) { - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - } - break; - case 'NOTEMPTY': - if(empty($field_value)) { - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - break; - case 'ISEMAIL': - if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $field_value)) { - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - break; - case 'ISINT': - $tmpval = intval($field_value); - if($tmpval === 0 and !empty($field_value)) { - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - break; - case 'ISPOSITIVE': - if(!is_numeric($field_value) || $field_value <= 0){ - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - break; - case 'ISIPV4': - $vip=1; - if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){ - $groups=explode(".",$field_value); - foreach($groups as $group){ - if($group<0 OR $group>255) - $vip=0; - } - }else{$vip=0;} - if($vip==0) { - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - break; - case 'CUSTOM': - // Calls a custom class to validate this record - if($validator['class'] != '' and $validator['function'] != '') { - $validator_class = $validator['class']; - $validator_function = $validator['function']; - $app->uses($validator_class); - $this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator); - } else { - $this->errorMessage .= "Custom validator class or function is empty
\r\n"; - } - break; - default: - $this->errorMessage .= "Unknown Validator: ".$validator['type']; - break; - } - - - } - - return true; - } - - /** - * Create the SQL staement. - * - * @param record = Datensatz als Array - * @param action = INSERT oder UPDATE - * @param primary_id - * @return record - */ - function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '') { - - global $app; - - // If there are no data records on the tab, return empty sql string - if(count($this->formDef['tabs'][$tab]['fields']) == 0) return ''; - - // checking permissions - if($this->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') { - if($action == "INSERT") { - if(!$this->checkPerm($primary_id,'i')) $this->errorMessage .= "Insert denied.
\r\n"; - } else { - if(!$this->checkPerm($primary_id,'u')) $this->errorMessage .= "Update denied.
\r\n"; - } - } - - $this->action = $action; - $this->primary_id = $primary_id; - - $record = $this->encode($record,$tab); - $sql_insert_key = ''; - $sql_insert_val = ''; - $sql_update = ''; - - if(!is_array($this->formDef)) $app->error("Keine Formulardefinition vorhanden."); - if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab)."); - - // gehe durch alle Felder des Tabs - if(is_array($record)) { - foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { - // Wenn es kein leeres Passwortfeld ist - if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) { - // Erzeuge Insert oder Update Quelltext - if($action == "INSERT") { - if($field['formtype'] == 'PASSWORD') { - $sql_insert_key .= "`$key`, "; - if($field['encryption'] == 'CRYPT') { - $salt="$1$"; - for ($n=0;$n<11;$n++) { - $salt.=chr(mt_rand(64,126)); - } - $salt.="$"; - // $salt = substr(md5(time()),0,2); - $record[$key] = crypt($record[$key],$salt); - $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; - } elseif ($field['encryption'] == 'MYSQL') { - $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), "; - } elseif ($field['encryption'] == 'CLEARTEXT') { - $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; - } else { - $record[$key] = md5($record[$key]); - $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; - } - - } elseif ($field['formtype'] == 'CHECKBOX') { - $sql_insert_key .= "`$key`, "; - if($record[$key] == '') { - // if a checkbox is not set, we set it to the unchecked value - $sql_insert_val .= "'".$field['value'][0]."', "; - $record[$key] = $field['value'][0]; - } else { - $sql_insert_val .= "'".$record[$key]."', "; - } - } else { - $sql_insert_key .= "`$key`, "; - $sql_insert_val .= "'".$record[$key]."', "; - } - } else { - if($field['formtype'] == 'PASSWORD') { - if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') { - $salt="$1$"; - for ($n=0;$n<11;$n++) { - $salt.=chr(mt_rand(64,126)); - } - $salt.="$"; - // $salt = substr(md5(time()),0,2); - $record[$key] = crypt($record[$key],$salt); - $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; - } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { - $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), "; - } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') { - $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; - } else { - $record[$key] = md5($record[$key]); - $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; - } - - } elseif ($field['formtype'] == 'CHECKBOX') { - if($record[$key] == '') { - // if a checkbox is not set, we set it to the unchecked value - $sql_update .= "`$key` = '".$field['value'][0]."', "; - $record[$key] = $field['value'][0]; - } else { - $sql_update .= "`$key` = '".$record[$key]."', "; - } - } else { - $sql_update .= "`$key` = '".$record[$key]."', "; - } - } - } else { - // we unset the password filed, if empty to tell the datalog function - // that the password has not been changed - unset($record[$key]); - } - } - } - - - // Add backticks for incomplete table names - if(stristr($this->formDef['db_table'],'.')) { - $escape = ''; - } else { - $escape = '`'; - } - - - if($action == "INSERT") { - if($this->formDef['auth'] == 'yes') { - // Set user and group - $sql_insert_key .= "`sys_userid`, "; - $sql_insert_val .= ($this->formDef["auth_preset"]["userid"] > 0)?"'".$this->formDef["auth_preset"]["userid"]."', ":"'".$_SESSION["s"]["user"]["userid"]."', "; - $sql_insert_key .= "`sys_groupid`, "; - $sql_insert_val .= ($this->formDef["auth_preset"]["groupid"] > 0)?"'".$this->formDef["auth_preset"]["groupid"]."', ":"'".$_SESSION["s"]["user"]["default_group"]."', "; - $sql_insert_key .= "`sys_perm_user`, "; - $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_user"]."', "; - $sql_insert_key .= "`sys_perm_group`, "; - $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_group"]."', "; - $sql_insert_key .= "`sys_perm_other`, "; - $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_other"]."', "; - } - $sql_insert_key = substr($sql_insert_key,0,-2); - $sql_insert_val = substr($sql_insert_val,0,-2); - $sql = "INSERT INTO ".$escape.$this->formDef['db_table'].$escape." ($sql_insert_key) VALUES ($sql_insert_val)"; - } else { - if($this->formDef['auth'] == 'yes') { - if($primary_id != 0) { - $sql_update = substr($sql_update,0,-2); - $sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->getAuthSQL('u')." AND ".$this->formDef['db_table_idx']." = ".$primary_id; - if($sql_ext_where != '') $sql .= " and ".$sql_ext_where; - } else { - $app->error("Primary ID fehlt!"); - } - } else { - if($primary_id != 0) { - $sql_update = substr($sql_update,0,-2); - $sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; - if($sql_ext_where != '') $sql .= " and ".$sql_ext_where; - } else { - $app->error("Primary ID fehlt!"); - } - } - } - - return $sql; - } - - /** - * Debugging arrays. - * - * @param array_data - */ - function dbg($array_data) { - - echo "
";
-                print_r($array_data);
-                echo "
"; - - } - - - function showForm() { - global $app,$conf; - - if(!is_array($this->formDef)) die("Form Definition wurde nicht geladen."); - - $active_tab = $this->getNextTab(); - - // go trough the tabs - foreach( $this->formDef["tabs"] as $key => $tab) { - - $tab['name'] = $key; - if($tab['name'] == $active_tab) { - - // If module is set, then set the template path relative to the module.. - if($this->module != '') $tab["template"] = "../".$this->module."/".$tab["template"]; - - // Generate the template if it does not exist yet. - - // Translate the title of the tab - $tab['title'] = $this->lng($tab['title']); - - if(!is_file($tab["template"])) { - $app->uses('tform_tpl_generator'); - $app->tform_tpl_generator->buildHTML($this->formDef,$tab['name']); - } - - $app->tpl->setInclude('content_tpl',$tab["template"]); - $tab["active"] = 1; - $_SESSION["s"]["form"]["tab"] = $tab['name']; - } else { - $tab["active"] = 0; - } - - // Unset unused variables. - unset($tab["fields"]); - unset($tab["plugins"]); - - $frmTab[] = $tab; - } - - // setting form tabs - $app->tpl->setLoop("formTab", $frmTab); - - // Set form action - $app->tpl->setVar('form_action',$this->formDef["action"]); - $app->tpl->setVar('form_active_tab',$active_tab); - - // Set form title - $form_hint = $this->lng($this->formDef["title"]); - if($this->formDef["description"] != '') $form_hint .= '
'.$this->lng($this->formDef["description"]).'
'; - $app->tpl->setVar('form_hint',$form_hint); - - // Set Wordbook for this form - - $app->tpl->setVar($this->wordbook); - } - - function getDataRecord($primary_id) { - global $app; - $escape = '`'; - $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; - return $app->db->queryOneRecord($sql); - } - - - function datalogSave($action,$primary_id, $record_old, $record_new) { - global $app,$conf; - - // Add backticks for incomplete table names. - if(stristr($this->formDef['db_table'],'.')) { - $escape = ''; - } else { - $escape = '`'; - } - - $this->diffrec = array(); - /* - if(is_array($record_new) && count($record_new) > 0) { - foreach($record_new as $key => $val) { - if(@$record_old[$key] != $val) { - // Record has changed - $diffrec[$key] = array('old' => @$record_old[$key], - 'new' => $val); - } - } - } elseif(is_array($record_old)) { - foreach($record_old as $key => $val) { - if($record_new[$key] != $val) { - // Record has changed - $diffrec[$key] = array('new' => $record_new[$key], - 'old' => $val); - } - } - } - $this->diffrec = $diffrec; - */ - - // Full diff records for ISPConfig, they have a different format then the simple diffrec - $diffrec_full = array(); - - if(is_array($record_old) && count($record_old) > 0) { - foreach($record_old as $key => $val) { - //if(isset($record_new[$key]) && $record_new[$key] != $val) { - if(!isset($record_new[$key]) || $record_new[$key] != $val) { - // Record has changed - $diffrec_full['old'][$key] = $val; - $diffrec_full['new'][$key] = $record_new[$key]; - $this->diffrec[$key] = array( 'new' => $record_new[$key], - 'old' => $val); - } else { - $diffrec_full['old'][$key] = $val; - $diffrec_full['new'][$key] = $val; - } - } - } elseif(is_array($record_new)) { - foreach($record_new as $key => $val) { - if(isset($record_new[$key]) && $record_old[$key] != $val) { - // Record has changed - $diffrec_full['new'][$key] = $val; - $diffrec_full['old'][$key] = $record_old[$key]; - $this->diffrec[$key] = array( 'old' => @$record_old[$key], - 'new' => $val); - } else { - $diffrec_full['new'][$key] = $val; - $diffrec_full['old'][$key] = $val; - } - } - } - - //$this->diffrec = $diffrec; - // Insert the server_id, if the record has a server_id - $server_id = (isset($record_old["server_id"]) && $record_old["server_id"] > 0)?$record_old["server_id"]:0; - if(isset($record_new["server_id"])) $server_id = $record_new["server_id"]; - - if(count($this->diffrec) > 0) { - $diffstr = addslashes(serialize($diffrec_full)); - $username = $app->db->quote($_SESSION["s"]["user"]["username"]); - $dbidx = $this->formDef['db_table_idx'].":".$primary_id; - // $action = ($action == 'INSERT')?'i':'u'; - - if($action == 'INSERT') $action = 'i'; - if($action == 'UPDATE') $action = 'u'; - if($action == 'DELETE') $action = 'd'; - $sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES ('".$this->formDef['db_table']."','$dbidx','$server_id','$action','".time()."','$username','$diffstr')"; - $app->db->query($sql); - } - - return true; - - } - - function getAuthSQL($perm) { - if($_SESSION["s"]["user"]["typ"] == 'admin') { - return '1'; - } else { - $groups = ( $_SESSION["s"]["user"]["groups"] ) ? $_SESSION["s"]["user"]["groups"] : 0; - $sql = '('; - $sql .= "(sys_userid = ".$_SESSION["s"]["user"]["userid"]." AND sys_perm_user like '%$perm%') OR "; - $sql .= "(sys_groupid IN (".$groups.") AND sys_perm_group like '%$perm%') OR "; - $sql .= "sys_perm_other like '%$perm%'"; - $sql .= ')'; - - return $sql; - } - } - - /* - This function checks if a user has the parmissions $perm for the data record with the ID $record_id - If record_id = 0, the the permissions are tested against the defaults of the form file. - */ - function checkPerm($record_id,$perm) { - global $app; - - if($record_id > 0) { - // Add backticks for incomplete table names. - if(stristr($this->formDef['db_table'],'.')) { - $escape = ''; - } else { - $escape = '`'; - } - - $sql = "SELECT ".$this->formDef['db_table_idx']." FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$record_id." AND ".$this->getAuthSQL($perm); - if($record = $app->db->queryOneRecord($sql)) { - return true; - } else { - return false; - } - } else { - $result = false; - if(@$this->formDef["auth_preset"]["userid"] == $_SESSION["s"]["user"]["userid"] && stristr($perm,$this->formDef["auth_preset"]["perm_user"])) $result = true; - if(@$this->formDef["auth_preset"]["groupid"] == $_SESSION["s"]["user"]["groupid"] && stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true; - if(@stristr($this->formDef["auth_preset"]["perm_other"],$perm)) $result = true; - - // if preset == 0, everyone can insert a record of this type - if($this->formDef["auth_preset"]["userid"] == 0 AND $this->formDef["auth_preset"]["groupid"] == 0 AND (@stristr($this->formDef["auth_preset"]["perm_user"],$perm) OR @stristr($this->formDef["auth_preset"]["perm_group"],$perm))) $result = true; - - return $result; - - } - - } - - function getNextTab() { - // Which tab is shown - if($this->errorMessage == '') { - // If there is no error - if(isset($_REQUEST["next_tab"]) && $_REQUEST["next_tab"] != '') { - // If the next tab is known - $active_tab = $_REQUEST["next_tab"]; - } else { - // else use the default tab - $active_tab = $this->formDef['tab_default']; - } - } else { - // Show the same tab again in case of an error - $active_tab = $_SESSION["s"]["form"]["tab"]; - } - - return $active_tab; - } - - function getCurrentTab() { - return $_SESSION["s"]["form"]["tab"]; - } - - function isReadonlyTab($tab) { - if(isset($this->formDef['tabs'][$tab]['readonly']) && $this->formDef['tabs'][$tab]['readonly'] == true) { - return true; - } else { - return false; - } - } - - - // translation function for forms, tries the form wordbook first and if this fails, it tries the global wordbook - function lng($msg) { - global $app; - - if(isset($this->wordbook[$msg])) { - return $this->wordbook[$msg]; - } else { - return $app->lng($msg); - } - - } - -} - +tableDef = $table; + $this->table_name = $table_name; + $this->table_index = $table_index; + return true; + } + */ + + function loadFormDef($file,$module = '') { + global $app,$conf; + + include_once($file); + $this->formDef = $form; + + $this->module = $module; + $wb = array(); + + include_once(ISPC_ROOT_PATH.'/lib/lang/'.$_SESSION['s']['language'].'.lng'); + if($module == '') { + $lng_file = "lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng"; + if(!file_exists($lng_file)) $lng_file = "lib/lang/en_".$this->formDef["name"].".lng"; + include($lng_file); + } else { + $lng_file = "../$module/lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng"; + if(!file_exists($lng_file)) $lng_file = "../$module/lib/lang/en_".$this->formDef["name"].".lng"; + include($lng_file); + } + $this->wordbook = $wb; + + return true; + } + + + /** + * Converts the data in the array to human readable format + * Datatype conversion e.g. to show the data in lists + * + * @param record + * @return record + */ + function decode($record,$tab) { + if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab does not exist or the tab is empty (TAB: $tab)."); + $new_record = ''; + if(is_array($record)) { + foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { + switch ($field['datatype']) { + case 'VARCHAR': + $new_record[$key] = stripslashes($record[$key]); + break; + + case 'TEXT': + $new_record[$key] = stripslashes($record[$key]); + break; + + case 'DATE': + if($record[$key] > 0) { + $new_record[$key] = date($this->dateformat,$record[$key]); + } + break; + + case 'INTEGER': + $new_record[$key] = intval($record[$key]); + break; + + case 'DOUBLE': + $new_record[$key] = $record[$key]; + break; + + case 'CURRENCY': + $new_record[$key] = number_format($record[$key], 2, ',', ''); + break; + + default: + $new_record[$key] = stripslashes($record[$key]); + } + } + + } + + return $new_record; + } + + /** + * Get the key => value array of a form filed from a datasource definitiom + * + * @param field = array with field definition + * @param record = Dataset as array + * @return key => value array for the value field of a form + */ + + function getDatasourceData($field, $record) { + global $app; + + $values = array(); + + if($field["datasource"]["type"] == 'SQL') { + + // Preparing SQL string. We will replace some + // common placeholders + $querystring = $field["datasource"]["querystring"]; + $querystring = str_replace("{USERID}",$_SESSION["s"]["user"]["userid"],$querystring); + $querystring = str_replace("{GROUPID}",$_SESSION["s"]["user"]["default_group"],$querystring); + $querystring = str_replace("{GROUPS}",$_SESSION["s"]["user"]["groups"],$querystring); + $table_idx = $this->formDef['db_table_idx']; + + $tmp_recordid = (isset($record[$table_idx]))?$record[$table_idx]:0; + $querystring = str_replace("{RECORDID}",$tmp_recordid,$querystring); + unset($tmp_recordid); + + $querystring = str_replace("{AUTHSQL}",$this->getAuthSQL('r'),$querystring); + + // Getting the records + $tmp_records = $app->db->queryAllRecords($querystring); + if($app->db->errorMessage != '') die($app->db->errorMessage); + if(is_array($tmp_records)) { + $key_field = $field["datasource"]["keyfield"]; + $value_field = $field["datasource"]["valuefield"]; + foreach($tmp_records as $tmp_rec) { + $tmp_id = $tmp_rec[$key_field]; + $values[$tmp_id] = $tmp_rec[$value_field]; + } + } + } + + if($field["datasource"]["type"] == 'CUSTOM') { + // Calls a custom class to validate this record + if($field["datasource"]['class'] != '' and $field["datasource"]['function'] != '') { + $datasource_class = $field["datasource"]['class']; + $datasource_function = $field["datasource"]['function']; + $app->uses($datasource_class); + $values = $app->$datasource_class->$datasource_function($field, $record); + } else { + $this->errorMessage .= "Custom datasource class or function is empty
\r\n"; + } + } + + return $values; + + } + + //* If the parameter 'valuelimit' is set + function applyValueLimit($limit,$values) { + + global $app; + + $limit_parts = explode(':',$limit); + + //* values are limited to a comma separated list + if($limit_parts[0] == 'list') { + $allowed = explode(',',$limit_parts[1]); + } + + //* values are limited to a field in the client settings + if($limit_parts[0] == 'client') { + if($_SESSION["s"]["user"]["typ"] == 'admin') { + return $values; + } else { + $client_group_id = $_SESSION["s"]["user"]["default_group"]; + $client = $app->db->queryOneRecord("SELECT ".$limit_parts[1]." as lm FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); + $allowed = explode(',',$client['lm']); + } + } + + //* values are limited to a field in the system settings + if($limit_parts[0] == 'system') { + $app->uses('getconf'); + $tmp_conf = $app->getconf->get_global_config($limit_parts[1]); + $tmp_key = $limit_parts[2]; + $allowed = $tmp_conf[$tmp_key]; + } + + $values_new = array(); + foreach($values as $key => $val) { + if(in_array($key,$allowed)) $values_new[$key] = $val; + } + + return $values_new; + } + + + /** + * Prepare the data record to show the data in a form. + * + * @param record = Datensatz als Array + * @param action = NEW oder EDIT + * @return record + */ + function getHTML($record, $tab, $action = 'NEW') { + + global $app; + + $this->action = $action; + + if(!is_array($this->formDef)) $app->error("No form definition found."); + if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab)."); + + $new_record = array(); + if($action == 'EDIT') { + $record = $this->decode($record,$tab); + if(is_array($record)) { + foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { + $val = $record[$key]; + + // If Datasource is set, get the data from there + if(isset($field['datasource']) && is_array($field['datasource'])) { + $field["value"] = $this->getDatasourceData($field, $record); + } + + // If a limitation for the values is set + if(isset($field['valuelimit']) && is_array($field["value"])) { + $field["value"] = $this->applyValueLimit($field['valuelimit'],$field["value"]); + } + + switch ($field['formtype']) { + case 'SELECT': + $out = ''; + if(is_array($field['value'])) { + foreach($field['value'] as $k => $v) { + $selected = ($k == $val)?' SELECTED':''; + $out .= "\r\n"; + } + } + $new_record[$key] = $out; + break; + case 'MULTIPLE': + if(is_array($field['value'])) { + + // Split + $vals = explode($field['separator'],$val); + + // write HTML + $out = ''; + foreach($field['value'] as $k => $v) { + + $selected = ''; + foreach($vals as $tvl) { + if(trim($tvl) == trim($k)) $selected = ' SELECTED'; + } + + $out .= "\r\n"; + } + } + $new_record[$key] = $out; + break; + + case 'PASSWORD': + $new_record[$key] = ''; + break; + + case 'CHECKBOX': + $checked = ($val == $field['value'][1])?' CHECKED':''; + $new_record[$key] = "\r\n"; + break; + + case 'CHECKBOXARRAY': + if(is_array($field['value'])) { + + // aufsplitten ergebnisse + $vals = explode($field['separator'],$val); + + // HTML schreiben + $out = ''; + foreach($field['value'] as $k => $v) { + + $checked = ''; + foreach($vals as $tvl) { + if(trim($tvl) == trim($k)) $checked = ' CHECKED'; + } + $out .= "\r\n"; + } + } + $new_record[$key] = $out; + break; + + case 'RADIO': + if(is_array($field['value'])) { + + // HTML schreiben + $out = ''; + foreach($field['value'] as $k => $v) { + $checked = ($k == $val)?' CHECKED':''; + $out .= "\r\n"; + } + } + $new_record[$key] = $out; + break; + + default: + $new_record[$key] = htmlspecialchars($record[$key]); + } + } + } + } else { + // Action: NEW + foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { + + // If Datasource is set, get the data from there + if(@is_array($field['datasource'])) { + $field["value"] = $this->getDatasourceData($field, $record); + } + + // If a limitation for the values is set + if(isset($field['valuelimit']) && is_array($field["value"])) { + $field["value"] = $this->applyValueLimit($field['valuelimit'],$field["value"]); + } + + switch ($field['formtype']) { + case 'SELECT': + if(is_array($field['value'])) { + $out = ''; + foreach($field['value'] as $k => $v) { + //$selected = ($k == $val)?' SELECTED':''; + $selected = ''; + $out .= "\r\n"; + } + } + if(isset($out)) $new_record[$key] = $out; + break; + case 'MULTIPLE': + if(is_array($field['value'])) { + + // aufsplitten ergebnisse + $vals = explode($field['separator'],$val); + + // HTML schreiben + $out = ''; + foreach($field['value'] as $k => $v) { + + $out .= "\r\n"; + } + } + $new_record[$key] = $out; + break; + + case 'PASSWORD': + $new_record[$key] = ''; + break; + + case 'CHECKBOX': + // $checked = (empty($field["default"]))?'':' CHECKED'; + $checked = ($field["default"] == $field['value'][1])?' CHECKED':''; + $new_record[$key] = "\r\n"; + break; + + case 'CHECKBOXARRAY': + if(is_array($field['value'])) { + + // aufsplitten ergebnisse + $vals = explode($field['separator'],$field["default"]); + + // HTML schreiben + $out = ''; + foreach($field['value'] as $k => $v) { + + $checked = ''; + foreach($vals as $tvl) { + if(trim($tvl) == trim($k)) $checked = ' CHECKED'; + } + $out .= "\r\n"; + } + } + $new_record[$key] = $out; + break; + + case 'RADIO': + if(is_array($field['value'])) { + + // HTML schreiben + $out = ''; + foreach($field['value'] as $k => $v) { + $checked = ($k == $field["default"])?' CHECKED':''; + $out .= "\r\n"; + } + } + $new_record[$key] = $out; + break; + + default: + $new_record[$key] = htmlspecialchars($field['default']); + } + } + + } + + if($this->debug == 1) $this->dbg($new_record); + + return $new_record; + } + + /** + * Rewrite the record data to be stored in the database + * and check values with regular expressions. + * + * @param record = Datensatz als Array + * @return record + */ + function encode($record,$tab) { + global $app; + + if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab is empty or does not exist (TAB: $tab)."); + //$this->errorMessage = ''; + + if(is_array($record)) { + foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { + + if(isset($field['validators']) && is_array($field['validators'])) $this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']); + + switch ($field['datatype']) { + case 'VARCHAR': + if(!@is_array($record[$key])) { + $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):''; + } else { + $new_record[$key] = implode($field['separator'],$record[$key]); + } + break; + case 'TEXT': + if(!is_array($record[$key])) { + $new_record[$key] = $app->db->quote($record[$key]); + } else { + $new_record[$key] = implode($field['separator'],$record[$key]); + } + break; + case 'DATE': + if($record[$key] > 0) { + list($tag,$monat,$jahr) = explode('.',$record[$key]); + $new_record[$key] = mktime(0,0,0,$monat,$tag,$jahr); + } else { + $new_record[$key] = 0; + } + break; + case 'INTEGER': + $new_record[$key] = (isset($record[$key]))?$record[$key]:0; + //if($new_record[$key] != $record[$key]) $new_record[$key] = $field['default']; + //if($key == 'refresh') die($record[$key]); + break; + case 'DOUBLE': + $new_record[$key] = $app->db->quote($record[$key]); + break; + case 'CURRENCY': + $new_record[$key] = str_replace(",",".",$record[$key]); + break; + } + + // The use of the field value is deprecated, use validators instead + if(isset($field['regex']) && $field['regex'] != '') { + // Enable that "." matches also newlines + $field['regex'] .= 's'; + if(!preg_match($field['regex'], $record[$key])) { + $errmsg = $field['errmsg']; + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } + } + + + } + } + return $new_record; + } + + /** + * process the validators for a given field. + * + * @param field_name = Name of the field + * @param field_value = value of the field + * @param validatoors = Array of validators + * @return record + */ + + function validateField($field_name, $field_value, $validators) { + + global $app; + + $escape = '`'; + + // loop trough the validators + foreach($validators as $validator) { + + switch ($validator['type']) { + case 'REGEX': + $validator['regex'] .= 's'; + if(!preg_match($validator['regex'], $field_value)) { + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + break; + case 'UNIQUE': + if($this->action == 'NEW') { + $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'"); + if($num_rec["number"] > 0) { + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + } else { + $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id); + if($num_rec["number"] > 0) { + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + } + break; + case 'NOTEMPTY': + if(empty($field_value)) { + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + break; + case 'ISEMAIL': + if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $field_value)) { + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + break; + case 'ISINT': + $tmpval = intval($field_value); + if($tmpval === 0 and !empty($field_value)) { + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + break; + case 'ISPOSITIVE': + if(!is_numeric($field_value) || $field_value <= 0){ + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + break; + case 'ISIPV4': + $vip=1; + if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){ + $groups=explode(".",$field_value); + foreach($groups as $group){ + if($group<0 OR $group>255) + $vip=0; + } + }else{$vip=0;} + if($vip==0) { + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + break; + case 'CUSTOM': + // Calls a custom class to validate this record + if($validator['class'] != '' and $validator['function'] != '') { + $validator_class = $validator['class']; + $validator_function = $validator['function']; + $app->uses($validator_class); + $this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator); + } else { + $this->errorMessage .= "Custom validator class or function is empty
\r\n"; + } + break; + default: + $this->errorMessage .= "Unknown Validator: ".$validator['type']; + break; + } + + + } + + return true; + } + + /** + * Create the SQL staement. + * + * @param record = Datensatz als Array + * @param action = INSERT oder UPDATE + * @param primary_id + * @return record + */ + function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '') { + + global $app; + + // If there are no data records on the tab, return empty sql string + if(count($this->formDef['tabs'][$tab]['fields']) == 0) return ''; + + // checking permissions + if($this->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') { + if($action == "INSERT") { + if(!$this->checkPerm($primary_id,'i')) $this->errorMessage .= "Insert denied.
\r\n"; + } else { + if(!$this->checkPerm($primary_id,'u')) $this->errorMessage .= "Update denied.
\r\n"; + } + } + + $this->action = $action; + $this->primary_id = $primary_id; + + $record = $this->encode($record,$tab); + $sql_insert_key = ''; + $sql_insert_val = ''; + $sql_update = ''; + + if(!is_array($this->formDef)) $app->error("Form definition not found."); + if(!is_array($this->formDef['tabs'][$tab])) $app->error("The tab is empty or does not exist (TAB: $tab)."); + + // go trough all fields of the tab + if(is_array($record)) { + foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { + // Wenn es kein leeres Passwortfeld ist + if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) { + // Erzeuge Insert oder Update Quelltext + if($action == "INSERT") { + if($field['formtype'] == 'PASSWORD') { + $sql_insert_key .= "`$key`, "; + if($field['encryption'] == 'CRYPT') { + $salt="$1$"; + for ($n=0;$n<11;$n++) { + $salt.=chr(mt_rand(64,126)); + } + $salt.="$"; + // $salt = substr(md5(time()),0,2); + $record[$key] = crypt($record[$key],$salt); + $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; + } elseif ($field['encryption'] == 'MYSQL') { + $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), "; + } elseif ($field['encryption'] == 'CLEARTEXT') { + $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; + } else { + $record[$key] = md5($record[$key]); + $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; + } + + } elseif ($field['formtype'] == 'CHECKBOX') { + $sql_insert_key .= "`$key`, "; + if($record[$key] == '') { + // if a checkbox is not set, we set it to the unchecked value + $sql_insert_val .= "'".$field['value'][0]."', "; + $record[$key] = $field['value'][0]; + } else { + $sql_insert_val .= "'".$record[$key]."', "; + } + } else { + $sql_insert_key .= "`$key`, "; + $sql_insert_val .= "'".$record[$key]."', "; + } + } else { + if($field['formtype'] == 'PASSWORD') { + if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') { + $salt="$1$"; + for ($n=0;$n<11;$n++) { + $salt.=chr(mt_rand(64,126)); + } + $salt.="$"; + // $salt = substr(md5(time()),0,2); + $record[$key] = crypt($record[$key],$salt); + $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; + } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { + $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), "; + } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') { + $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; + } else { + $record[$key] = md5($record[$key]); + $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; + } + + } elseif ($field['formtype'] == 'CHECKBOX') { + if($record[$key] == '') { + // if a checkbox is not set, we set it to the unchecked value + $sql_update .= "`$key` = '".$field['value'][0]."', "; + $record[$key] = $field['value'][0]; + } else { + $sql_update .= "`$key` = '".$record[$key]."', "; + } + } else { + $sql_update .= "`$key` = '".$record[$key]."', "; + } + } + } else { + // we unset the password filed, if empty to tell the datalog function + // that the password has not been changed + unset($record[$key]); + } + } + } + + + // Add backticks for incomplete table names + if(stristr($this->formDef['db_table'],'.')) { + $escape = ''; + } else { + $escape = '`'; + } + + + if($action == "INSERT") { + if($this->formDef['auth'] == 'yes') { + // Set user and group + $sql_insert_key .= "`sys_userid`, "; + $sql_insert_val .= ($this->formDef["auth_preset"]["userid"] > 0)?"'".$this->formDef["auth_preset"]["userid"]."', ":"'".$_SESSION["s"]["user"]["userid"]."', "; + $sql_insert_key .= "`sys_groupid`, "; + $sql_insert_val .= ($this->formDef["auth_preset"]["groupid"] > 0)?"'".$this->formDef["auth_preset"]["groupid"]."', ":"'".$_SESSION["s"]["user"]["default_group"]."', "; + $sql_insert_key .= "`sys_perm_user`, "; + $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_user"]."', "; + $sql_insert_key .= "`sys_perm_group`, "; + $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_group"]."', "; + $sql_insert_key .= "`sys_perm_other`, "; + $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_other"]."', "; + } + $sql_insert_key = substr($sql_insert_key,0,-2); + $sql_insert_val = substr($sql_insert_val,0,-2); + $sql = "INSERT INTO ".$escape.$this->formDef['db_table'].$escape." ($sql_insert_key) VALUES ($sql_insert_val)"; + } else { + if($this->formDef['auth'] == 'yes') { + if($primary_id != 0) { + $sql_update = substr($sql_update,0,-2); + $sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->getAuthSQL('u')." AND ".$this->formDef['db_table_idx']." = ".$primary_id; + if($sql_ext_where != '') $sql .= " and ".$sql_ext_where; + } else { + $app->error("Primary ID fehlt!"); + } + } else { + if($primary_id != 0) { + $sql_update = substr($sql_update,0,-2); + $sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; + if($sql_ext_where != '') $sql .= " and ".$sql_ext_where; + } else { + $app->error("Primary ID fehlt!"); + } + } + } + + return $sql; + } + + /** + * Debugging arrays. + * + * @param array_data + */ + function dbg($array_data) { + + echo "
";
+                print_r($array_data);
+                echo "
"; + + } + + + function showForm() { + global $app,$conf; + + if(!is_array($this->formDef)) die("Form Definition wurde nicht geladen."); + + $active_tab = $this->getNextTab(); + + // go trough the tabs + foreach( $this->formDef["tabs"] as $key => $tab) { + + $tab['name'] = $key; + if($tab['name'] == $active_tab) { + + // If module is set, then set the template path relative to the module.. + if($this->module != '') $tab["template"] = "../".$this->module."/".$tab["template"]; + + // Generate the template if it does not exist yet. + + // Translate the title of the tab + $tab['title'] = $this->lng($tab['title']); + + if(!is_file($tab["template"])) { + $app->uses('tform_tpl_generator'); + $app->tform_tpl_generator->buildHTML($this->formDef,$tab['name']); + } + + $app->tpl->setInclude('content_tpl',$tab["template"]); + $tab["active"] = 1; + $_SESSION["s"]["form"]["tab"] = $tab['name']; + } else { + $tab["active"] = 0; + } + + // Unset unused variables. + unset($tab["fields"]); + unset($tab["plugins"]); + + $frmTab[] = $tab; + } + + // setting form tabs + $app->tpl->setLoop("formTab", $frmTab); + + // Set form action + $app->tpl->setVar('form_action',$this->formDef["action"]); + $app->tpl->setVar('form_active_tab',$active_tab); + + // Set form title + $form_hint = $this->lng($this->formDef["title"]); + if($this->formDef["description"] != '') $form_hint .= '
'.$this->lng($this->formDef["description"]).'
'; + $app->tpl->setVar('form_hint',$form_hint); + + // Set Wordbook for this form + + $app->tpl->setVar($this->wordbook); + } + + function getDataRecord($primary_id) { + global $app; + $escape = '`'; + $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; + return $app->db->queryOneRecord($sql); + } + + + function datalogSave($action,$primary_id, $record_old, $record_new) { + global $app,$conf; + + // Add backticks for incomplete table names. + if(stristr($this->formDef['db_table'],'.')) { + $escape = ''; + } else { + $escape = '`'; + } + + $this->diffrec = array(); + /* + if(is_array($record_new) && count($record_new) > 0) { + foreach($record_new as $key => $val) { + if(@$record_old[$key] != $val) { + // Record has changed + $diffrec[$key] = array('old' => @$record_old[$key], + 'new' => $val); + } + } + } elseif(is_array($record_old)) { + foreach($record_old as $key => $val) { + if($record_new[$key] != $val) { + // Record has changed + $diffrec[$key] = array('new' => $record_new[$key], + 'old' => $val); + } + } + } + $this->diffrec = $diffrec; + */ + + // Full diff records for ISPConfig, they have a different format then the simple diffrec + $diffrec_full = array(); + + if(is_array($record_old) && count($record_old) > 0) { + foreach($record_old as $key => $val) { + //if(isset($record_new[$key]) && $record_new[$key] != $val) { + if(!isset($record_new[$key]) || $record_new[$key] != $val) { + // Record has changed + $diffrec_full['old'][$key] = $val; + $diffrec_full['new'][$key] = $record_new[$key]; + $this->diffrec[$key] = array( 'new' => $record_new[$key], + 'old' => $val); + } else { + $diffrec_full['old'][$key] = $val; + $diffrec_full['new'][$key] = $val; + } + } + } elseif(is_array($record_new)) { + foreach($record_new as $key => $val) { + if(isset($record_new[$key]) && $record_old[$key] != $val) { + // Record has changed + $diffrec_full['new'][$key] = $val; + $diffrec_full['old'][$key] = $record_old[$key]; + $this->diffrec[$key] = array( 'old' => @$record_old[$key], + 'new' => $val); + } else { + $diffrec_full['new'][$key] = $val; + $diffrec_full['old'][$key] = $val; + } + } + } + + //$this->diffrec = $diffrec; + // Insert the server_id, if the record has a server_id + $server_id = (isset($record_old["server_id"]) && $record_old["server_id"] > 0)?$record_old["server_id"]:0; + if(isset($record_new["server_id"])) $server_id = $record_new["server_id"]; + + if(count($this->diffrec) > 0) { + $diffstr = addslashes(serialize($diffrec_full)); + $username = $app->db->quote($_SESSION["s"]["user"]["username"]); + $dbidx = $this->formDef['db_table_idx'].":".$primary_id; + // $action = ($action == 'INSERT')?'i':'u'; + + if($action == 'INSERT') $action = 'i'; + if($action == 'UPDATE') $action = 'u'; + if($action == 'DELETE') $action = 'd'; + $sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES ('".$this->formDef['db_table']."','$dbidx','$server_id','$action','".time()."','$username','$diffstr')"; + $app->db->query($sql); + } + + return true; + + } + + function getAuthSQL($perm) { + if($_SESSION["s"]["user"]["typ"] == 'admin') { + return '1'; + } else { + $groups = ( $_SESSION["s"]["user"]["groups"] ) ? $_SESSION["s"]["user"]["groups"] : 0; + $sql = '('; + $sql .= "(sys_userid = ".$_SESSION["s"]["user"]["userid"]." AND sys_perm_user like '%$perm%') OR "; + $sql .= "(sys_groupid IN (".$groups.") AND sys_perm_group like '%$perm%') OR "; + $sql .= "sys_perm_other like '%$perm%'"; + $sql .= ')'; + + return $sql; + } + } + + /* + This function checks if a user has the parmissions $perm for the data record with the ID $record_id + If record_id = 0, the the permissions are tested against the defaults of the form file. + */ + function checkPerm($record_id,$perm) { + global $app; + + if($record_id > 0) { + // Add backticks for incomplete table names. + if(stristr($this->formDef['db_table'],'.')) { + $escape = ''; + } else { + $escape = '`'; + } + + $sql = "SELECT ".$this->formDef['db_table_idx']." FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$record_id." AND ".$this->getAuthSQL($perm); + if($record = $app->db->queryOneRecord($sql)) { + return true; + } else { + return false; + } + } else { + $result = false; + if(@$this->formDef["auth_preset"]["userid"] == $_SESSION["s"]["user"]["userid"] && stristr($perm,$this->formDef["auth_preset"]["perm_user"])) $result = true; + if(@$this->formDef["auth_preset"]["groupid"] == $_SESSION["s"]["user"]["groupid"] && stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true; + if(@stristr($this->formDef["auth_preset"]["perm_other"],$perm)) $result = true; + + // if preset == 0, everyone can insert a record of this type + if($this->formDef["auth_preset"]["userid"] == 0 AND $this->formDef["auth_preset"]["groupid"] == 0 AND (@stristr($this->formDef["auth_preset"]["perm_user"],$perm) OR @stristr($this->formDef["auth_preset"]["perm_group"],$perm))) $result = true; + + return $result; + + } + + } + + function getNextTab() { + // Which tab is shown + if($this->errorMessage == '') { + // If there is no error + if(isset($_REQUEST["next_tab"]) && $_REQUEST["next_tab"] != '') { + // If the next tab is known + $active_tab = $_REQUEST["next_tab"]; + } else { + // else use the default tab + $active_tab = $this->formDef['tab_default']; + } + } else { + // Show the same tab again in case of an error + $active_tab = $_SESSION["s"]["form"]["tab"]; + } + + return $active_tab; + } + + function getCurrentTab() { + return $_SESSION["s"]["form"]["tab"]; + } + + function isReadonlyTab($tab, $primary_id) { + global $app, $conf; + + // Add backticks for incomplete table names. + if(stristr($this->formDef['db_table'],'.')) { + $escape = ''; + } else { + $escape = '`'; + } + + $sql = "SELECT sys_userid FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; + $record = $app->db->queryOneRecord($sql); + + // return true if the readonly flag of the form is set and the current loggedin user is not the owner of the record. + if(isset($this->formDef['tabs'][$tab]['readonly']) && $this->formDef['tabs'][$tab]['readonly'] == true && $record['sys_userid'] != $_SESSION["s"]["user"]["userid"]) { + return true; + } else { + return false; + } + } + + + // translation function for forms, tries the form wordbook first and if this fails, it tries the global wordbook + function lng($msg) { + global $app; + + if(isset($this->wordbook[$msg])) { + return $this->wordbook[$msg]; + } else { + return $app->lng($msg); + } + + } + +} + ?> \ No newline at end of file diff --git a/interface/lib/classes/tform_actions.inc.php b/interface/lib/classes/tform_actions.inc.php index 4ca70ef9e..b280d2686 100644 --- a/interface/lib/classes/tform_actions.inc.php +++ b/interface/lib/classes/tform_actions.inc.php @@ -163,7 +163,7 @@ class tform_actions { function onUpdateSave($sql) { global $app; - if(!empty($sql) && !$app->tform->isReadonlyTab($app->tform->getCurrentTab())) { + if(!empty($sql) && !$app->tform->isReadonlyTab($app->tform->getCurrentTab(),$this->id)) { $app->db->query($sql); if($app->db->errorMessage != '') die($app->db->errorMessage); } diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master index 22a05c08f..4c95c7942 100644 --- a/server/conf/vhost.conf.master +++ b/server/conf/vhost.conf.master @@ -54,7 +54,7 @@ - + Options FollowSymLinks AllowOverride Indexes AuthConfig Limit FileInfo Order allow,deny @@ -107,6 +107,10 @@ ScriptAlias /php5-cgi Action php5-cgi /php5-cgi AddHandler php5-cgi .php .php3 .php4 .php5 + + Order allow,deny + Allow from all + # php as fast-cgi enabled @@ -195,7 +199,7 @@ - + Options FollowSymLinks AllowOverride Indexes AuthConfig Limit FileInfo Order allow,deny @@ -216,7 +220,7 @@ - + # cgi enabled ScriptAlias /cgi-bin/ /cgi-bin/ AddHandler cgi-script .cgi @@ -251,6 +255,10 @@ ScriptAlias /php5-cgi Action php5-cgi /php5-cgi AddHandler php5-cgi .php .php3 .php4 .php5 + + Order allow,deny + Allow from all + # php as fast-cgi enabled diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php index 76fdf0edc..1420a5e77 100755 --- a/server/plugins-available/shelluser_base_plugin.inc.php +++ b/server/plugins-available/shelluser_base_plugin.inc.php @@ -90,9 +90,9 @@ class shelluser_base_plugin { //* Disable shell user temporarily if we use jailkit if($data['new']['chroot'] == 'jailkit') { - $command = 'usermod --lock '.escapeshellcmd($data['new']['username']); + $command = 'usermod -L '.escapeshellcmd($data['new']['username']); exec($command); - $app->log("Disabling shelluser temporarily: ".$data['new']['username'],LOGLEVEL_DEBUG); + $app->log("Disabling shelluser temporarily: ".$command,LOGLEVEL_DEBUG); } } else { diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php index 11f4ab1a5..666251b57 100755 --- a/server/plugins-available/shelluser_jailkit_plugin.inc.php +++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php @@ -87,7 +87,7 @@ class shelluser_jailkit_plugin { $this->_setup_jailkit_chroot(); - $command .= 'usermod --unlock '.escapeshellcmd($data['new']['username']); + $command .= 'usermod -U '.escapeshellcmd($data['new']['username']); exec($command); $this->_add_jailkit_user(); diff --git a/server/server.php b/server/server.php index c673b5cbd..06aa24263 100644 --- a/server/server.php +++ b/server/server.php @@ -32,6 +32,7 @@ require("lib/config.inc.php"); require("lib/app.inc.php"); set_time_limit(0); +ini_set('error_reporting','E_ALL & ~E_NOTICE'); // make sure server_id is always an int $conf["server_id"] = intval($conf["server_id"]); -- GitLab