From 67fbfc013d3a2a7757894d9fe0ef7b5311d25a40 Mon Sep 17 00:00:00 2001
From: vogelor <vogelor@ispconfig3>
Date: Fri, 12 Dec 2008 14:53:19 +0000
Subject: [PATCH] it is not possible to change the server after a record is
 insert

---
 interface/web/admin/firewall_edit.php         | 16 ++++++++++++-
 interface/web/admin/server_ip_edit.php        | 24 +++++++++++++++++--
 interface/web/admin/server_ip_list.php        |  3 +++
 interface/web/mail/lib/module.conf.php        |  6 ++---
 interface/web/mail/mail_blacklist_edit.php    | 19 ++++++++++++++-
 .../web/mail/mail_content_filter_edit.php     | 16 ++++++++++++-
 interface/web/mail/mail_transport_edit.php    | 18 +++++++++++++-
 interface/web/mail/mail_whitelist_edit.php    | 16 +++++++++++++
 .../web/mail/spamfilter_blacklist_edit.php    | 18 +++++++++++++-
 interface/web/mail/spamfilter_users_edit.php  | 18 +++++++++++++-
 .../web/mail/spamfilter_whitelist_edit.php    | 18 +++++++++++++-
 interface/web/sites/database_edit.php         | 18 +++++++++++++-
 interface/web/sites/web_domain_edit.php       | 16 ++++++++++---
 13 files changed, 190 insertions(+), 16 deletions(-)

diff --git a/interface/web/admin/firewall_edit.php b/interface/web/admin/firewall_edit.php
index 6f426ac9d5..03e0deff18 100644
--- a/interface/web/admin/firewall_edit.php
+++ b/interface/web/admin/firewall_edit.php
@@ -49,7 +49,21 @@ $app->uses('tpl,tform,tform_actions');
 $app->load('tform_actions');
 
 class page_action extends tform_actions {
-	
+	function onBeforeUpdate() {
+		global $app, $conf;
+
+		//* Check if the server has been changed
+		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
+		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$rec = $app->db->queryOneRecord("SELECT server_id from firewall WHERE firewall_id = ".$this->id);
+			if($rec['server_id'] != $this->dataRecord["server_id"]) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
+				$this->dataRecord["server_id"] = $rec['server_id'];
+			}
+			unset($rec);
+		}
+	}
 }
 
 $page = new page_action;
diff --git a/interface/web/admin/server_ip_edit.php b/interface/web/admin/server_ip_edit.php
index 8b6160b9e3..baffa1467d 100644
--- a/interface/web/admin/server_ip_edit.php
+++ b/interface/web/admin/server_ip_edit.php
@@ -46,8 +46,28 @@ $app->auth->check_module_permissions('admin');
 
 // Loading classes
 $app->uses('tpl,tform,tform_actions');
+$app->load('tform_actions');
 
-// let tform_actions handle the page
-$app->tform_actions->onLoad();
+class page_action extends tform_actions {
+
+	function onBeforeUpdate() {
+		global $app, $conf;
+
+		//* Check if the server has been changed
+		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
+		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$rec = $app->db->queryOneRecord("SELECT server_id from server_ip WHERE server_ip_id = ".$this->id);
+			if($rec['server_id'] != $this->dataRecord["server_id"]) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
+				$this->dataRecord["server_id"] = $rec['server_id'];
+			}
+			unset($rec);
+		}
+	}
+}
+
+$page = new page_action;
+$page->onLoad();
 
 ?>
\ No newline at end of file
diff --git a/interface/web/admin/server_ip_list.php b/interface/web/admin/server_ip_list.php
index a6bd3b8399..6c98269386 100644
--- a/interface/web/admin/server_ip_list.php
+++ b/interface/web/admin/server_ip_list.php
@@ -45,6 +45,9 @@ $list_def_file = "list/server_ip.list.php";
 $app->auth->check_module_permissions('admin');
 
 $app->uses('listform_actions');
+
+$app->listform_actions->SQLOrderBy = "ORDER BY server_id, ip_address";
+
 $app->listform_actions->onLoad();
 
 
diff --git a/interface/web/mail/lib/module.conf.php b/interface/web/mail/lib/module.conf.php
index 5a6fa82c12..54d0e05f15 100644
--- a/interface/web/mail/lib/module.conf.php
+++ b/interface/web/mail/lib/module.conf.php
@@ -59,9 +59,9 @@ if($_SESSION['s']['user']['typ'] == 'admin') {
 				  		'target' 	=> 'content',
 				  		'link'	    => 'mail/spamfilter_policy_list.php');
 						
-	$items[] = array( 	'title' 	=> 'Server Settings',
-				  		'target' 	=> 'content',
-				  		'link'	    => 'mail/spamfilter_config_list.php');
+//	$items[] = array( 	'title' 	=> 'Server Settings',
+//				  		'target' 	=> 'content',
+//				  		'link'	    => 'mail/spamfilter_config_list.php');
 }
 
 $module['nav'][] = array(	'title'	=> 'Spamfilter',
diff --git a/interface/web/mail/mail_blacklist_edit.php b/interface/web/mail/mail_blacklist_edit.php
index 1e8629b2c4..558c29d33d 100644
--- a/interface/web/mail/mail_blacklist_edit.php
+++ b/interface/web/mail/mail_blacklist_edit.php
@@ -71,7 +71,24 @@ class page_action extends tform_actions {
 		
 		parent::onShowNew();
 	}
-	
+
+
+	function onBeforeUpdate() {
+		global $app, $conf;
+
+		//* Check if the server has been changed
+		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
+		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ".$this->id);
+			if($rec['server_id'] != $this->dataRecord["server_id"]) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
+				$this->dataRecord["server_id"] = $rec['server_id'];
+			}
+			unset($rec);
+		}
+	}
+
 	function onSubmit() {
 		global $app, $conf;
 				
diff --git a/interface/web/mail/mail_content_filter_edit.php b/interface/web/mail/mail_content_filter_edit.php
index 2913e8d7ad..7ec4322b9e 100644
--- a/interface/web/mail/mail_content_filter_edit.php
+++ b/interface/web/mail/mail_content_filter_edit.php
@@ -52,7 +52,21 @@ $app->uses('tpl,tform,tform_actions');
 $app->load('tform_actions');
 
 class page_action extends tform_actions {
-	
+	function onBeforeUpdate() {
+		global $app, $conf;
+
+		//* Check if the server has been changed
+		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
+		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$rec = $app->db->queryOneRecord("SELECT server_id from mail_content_filter WHERE content_filter_id = ".$this->id);
+			if($rec['server_id'] != $this->dataRecord["server_id"]) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
+				$this->dataRecord["server_id"] = $rec['server_id'];
+			}
+			unset($rec);
+		}
+	}
 }
 
 $page = new page_action;
diff --git a/interface/web/mail/mail_transport_edit.php b/interface/web/mail/mail_transport_edit.php
index 9b6c4e3ffe..6ab58fb937 100644
--- a/interface/web/mail/mail_transport_edit.php
+++ b/interface/web/mail/mail_transport_edit.php
@@ -110,7 +110,23 @@ class page_action extends tform_actions {
 		
 		parent::onShowEnd();
 	}
-	
+
+	function onBeforeUpdate() {
+		global $app, $conf;
+
+		//* Check if the server has been changed
+		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
+		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$rec = $app->db->queryOneRecord("SELECT server_id from mail_transport WHERE transport_id = ".$this->id);
+			if($rec['server_id'] != $this->dataRecord["server_id"]) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
+				$this->dataRecord["server_id"] = $rec['server_id'];
+			}
+			unset($rec);
+		}
+	}
+
 	function onSubmit() {
 		global $app, $conf;
 				
diff --git a/interface/web/mail/mail_whitelist_edit.php b/interface/web/mail/mail_whitelist_edit.php
index 2a6134e43d..c4fd8c259c 100644
--- a/interface/web/mail/mail_whitelist_edit.php
+++ b/interface/web/mail/mail_whitelist_edit.php
@@ -72,6 +72,22 @@ class page_action extends tform_actions {
 		parent::onShowNew();
 	}
 	
+	function onBeforeUpdate() {
+		global $app, $conf;
+
+		//* Check if the server has been changed
+		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
+		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ".$this->id);
+			if($rec['server_id'] != $this->dataRecord["server_id"]) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
+				$this->dataRecord["server_id"] = $rec['server_id'];
+			}
+			unset($rec);
+		}
+	}
+
 	function onSubmit() {
 		global $app, $conf;
 				
diff --git a/interface/web/mail/spamfilter_blacklist_edit.php b/interface/web/mail/spamfilter_blacklist_edit.php
index f33f964189..eda958448b 100644
--- a/interface/web/mail/spamfilter_blacklist_edit.php
+++ b/interface/web/mail/spamfilter_blacklist_edit.php
@@ -71,7 +71,23 @@ class page_action extends tform_actions {
 		parent::onShowNew();
 	}
 	
-	function onSubmit() {
+	function onBeforeUpdate() {
+		global $app, $conf;
+
+		//* Check if the server has been changed
+		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
+		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$rec = $app->db->queryOneRecord("SELECT server_id from spamfilter_wblist WHERE id = ".$this->id);
+			if($rec['server_id'] != $this->dataRecord["server_id"]) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
+				$this->dataRecord["server_id"] = $rec['server_id'];
+			}
+			unset($rec);
+		}
+	}
+
+function onSubmit() {
 		global $app, $conf;
 				
 		// Check the client limits, if user is not the admin
diff --git a/interface/web/mail/spamfilter_users_edit.php b/interface/web/mail/spamfilter_users_edit.php
index 503ff4412d..f76f909c93 100644
--- a/interface/web/mail/spamfilter_users_edit.php
+++ b/interface/web/mail/spamfilter_users_edit.php
@@ -71,7 +71,23 @@ class page_action extends tform_actions {
 		parent::onShowNew();
 	}
 	
-	function onSubmit() {
+	function onBeforeUpdate() {
+		global $app, $conf;
+
+		//* Check if the server has been changed
+		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
+		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$rec = $app->db->queryOneRecord("SELECT server_id from spamfilter_users WHERE id = ".$this->id);
+			if($rec['server_id'] != $this->dataRecord["server_id"]) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
+				$this->dataRecord["server_id"] = $rec['server_id'];
+			}
+			unset($rec);
+		}
+	}
+
+function onSubmit() {
 		global $app, $conf;
 				
 		// Check the client limits, if user is not the admin
diff --git a/interface/web/mail/spamfilter_whitelist_edit.php b/interface/web/mail/spamfilter_whitelist_edit.php
index 44d10edb11..31aff9fa60 100644
--- a/interface/web/mail/spamfilter_whitelist_edit.php
+++ b/interface/web/mail/spamfilter_whitelist_edit.php
@@ -70,7 +70,23 @@ class page_action extends tform_actions {
 		
 		parent::onShowNew();
 	}
-	
+
+	function onBeforeUpdate() {
+		global $app, $conf;
+
+		//* Check if the server has been changed
+		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
+		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$rec = $app->db->queryOneRecord("SELECT server_id from spamfilter_wblist WHERE id = ".$this->id);
+			if($rec['server_id'] != $this->dataRecord["server_id"]) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
+				$this->dataRecord["server_id"] = $rec['server_id'];
+			}
+			unset($rec);
+		}
+	}
+
 	function onSubmit() {
 		global $app, $conf;
 				
diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php
index d9b01811fa..b537c68d5c 100644
--- a/interface/web/sites/database_edit.php
+++ b/interface/web/sites/database_edit.php
@@ -188,7 +188,23 @@ class page_action extends tform_actions {
 		
 		parent::onSubmit();
 	}
-	
+
+	function onBeforeUpdate() {
+		global $app, $conf;
+
+		//* Check if the server has been changed
+		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
+		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$rec = $app->db->queryOneRecord("SELECT server_id from web_database WHERE database_id = ".$this->id);
+			if($rec['server_id'] != $this->dataRecord["server_id"]) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
+				$this->dataRecord["server_id"] = $rec['server_id'];
+			}
+			unset($rec);
+		}
+	}
+
 	function onUpdate() {
 		global $app, $conf;
 		
diff --git a/interface/web/sites/web_domain_edit.php b/interface/web/sites/web_domain_edit.php
index 0c9fec1f12..926294744e 100644
--- a/interface/web/sites/web_domain_edit.php
+++ b/interface/web/sites/web_domain_edit.php
@@ -247,6 +247,18 @@ class page_action extends tform_actions {
 	
 	function onBeforeUpdate () {
 		global $app, $conf;
+
+		//* Check if the server has been changed
+		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
+		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+			$rec = $app->db->queryOneRecord("SELECT server_id from web_domain WHERE domain_id = ".$this->id);
+			if($rec['server_id'] != $this->dataRecord["server_id"]) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
+				$this->dataRecord["server_id"] = $rec['server_id'];
+			}
+			unset($rec);
+		}
 		
 		//* Check that all fields for the SSL cert creation are filled
 		if(isset($this->dataRecord['ssl_action']) && $this->dataRecord['ssl_action'] == 'create') {
@@ -259,12 +271,10 @@ class page_action extends tform_actions {
 		
 	}
 	
-	
-	
 	function onAfterUpdate() {
 		global $app, $conf;
 		
-		// make sure that the record belongs to the clinet group and not the admin group when a dmin inserts it
+		// make sure that the record belongs to the clinet group and not the admin group when a admin inserts it
 		// also make sure that the user can not delete domain created by a admin
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
 			$client_group_id = intval($this->dataRecord["client_group_id"]);
-- 
GitLab