From d4d985e00f1f70dd390bd5aaf40062416d73f4e7 Mon Sep 17 00:00:00 2001 From: tbrehm Date: Mon, 17 Nov 2008 17:02:44 +0000 Subject: [PATCH] Data records are now assigned to the correct client group if they were created by the administrator. --- install/sql/ispconfig3.sql | 2 +- interface/lib/classes/tform.inc.php | 2154 +++++++++-------- interface/lib/classes/tform_actions.inc.php | 1158 ++++----- interface/lib/config.inc.php | 3 +- interface/web/dns/dns_a_edit.php | 5 + interface/web/dns/dns_alias_edit.php | 4 + interface/web/dns/dns_cname_edit.php | 4 + interface/web/dns/dns_hinfo_edit.php | 4 + interface/web/dns/dns_mx_edit.php | 4 + interface/web/dns/dns_ns_edit.php | 4 + interface/web/dns/dns_ptr_edit.php | 4 + interface/web/dns/dns_rp_edit.php | 4 + interface/web/dns/dns_srv_edit.php | 4 + interface/web/dns/dns_txt_edit.php | 4 + interface/web/mail/mail_alias_edit.php | 9 + .../web/mail/mail_domain_catchall_edit.php | 12 +- interface/web/mail/mail_forward_edit.php | 10 +- interface/web/mail/mail_get_edit.php | 8 + interface/web/mail/mail_user_filter_edit.php | 5 +- interface/web/sites/web_aliasdomain_edit.php | 10 + interface/web/sites/web_subdomain_edit.php | 11 + .../web/tools/form/user_settings.tform.php | 2 +- interface/web/tools/user_settings.php | 5 + 23 files changed, 1772 insertions(+), 1658 deletions(-) diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql index c06cd423a..10cd86732 100644 --- a/install/sql/ispconfig3.sql +++ b/install/sql/ispconfig3.sql @@ -444,7 +444,7 @@ CREATE TABLE `mail_user` ( `quota` int(11) NOT NULL default '0', `homedir` varchar(255) NOT NULL, `autoresponder` enum('n','y') NOT NULL default 'n', - `autoresponder_text` tinytext NOT NULL, + `autoresponder_text` tinytext NULL, `custom_mailfilter` text, `postfix` enum('y','n') NOT NULL, `access` enum('y','n') NOT NULL, diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php index 5dd3d9b5e..64fa43844 100644 --- a/interface/lib/classes/tform.inc.php +++ b/interface/lib/classes/tform.inc.php @@ -1,1073 +1,1083 @@ -tableDef = $table; - $this->table_name = $table_name; - $this->table_index = $table_index; - return true; - } - */ - - function loadFormDef($file,$module = '') { - global $app,$conf; - - include_once($file); - $this->formDef = $form; - - $this->module = $module; - $wb = array(); - - if($module == '') { - if(is_file("lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng")) { - include_once("lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng"); - } - } else { - if(is_file("../$module/lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng")) { - include_once("../$module/lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng"); - } - } - $this->wordbook = $wb; - - return true; - } - - - /** - * Konvertiert die Daten des �bergebenen assoziativen - * Arrays in "menschenlesbare" Form. - * Datentyp Konvertierung, z.B. f�r Ausgabe in Listen. - * - * @param record - * @return record - */ - function decode($record,$tab) { - if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab)."); - $new_record = ''; - if(is_array($record)) { - foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { - switch ($field['datatype']) { - case 'VARCHAR': - $new_record[$key] = stripslashes($record[$key]); - break; - - case 'TEXT': - $new_record[$key] = stripslashes($record[$key]); - break; - - case 'DATE': - if($record[$key] > 0) { - $new_record[$key] = date($this->dateformat,$record[$key]); - } - break; - - case 'INTEGER': - $new_record[$key] = intval($record[$key]); - break; - - case 'DOUBLE': - $new_record[$key] = $record[$key]; - break; - - case 'CURRENCY': - $new_record[$key] = number_format($record[$key], 2, ',', ''); - break; - - default: - $new_record[$key] = stripslashes($record[$key]); - } - } - - } - - return $new_record; - } - - /** - * Get the key => value array of a form filed from a datasource definitiom - * - * @param field = array with field definition - * @param record = Dataset as array - * @return key => value array for the value field of a form - */ - - function getDatasourceData($field, $record) { - global $app; - - $values = array(); - - if($field["datasource"]["type"] == 'SQL') { - - // Preparing SQL string. We will replace some - // common placeholders - $querystring = $field["datasource"]["querystring"]; - $querystring = str_replace("{USERID}",$_SESSION["s"]["user"]["userid"],$querystring); - $querystring = str_replace("{GROUPID}",$_SESSION["s"]["user"]["default_group"],$querystring); - $querystring = str_replace("{GROUPS}",$_SESSION["s"]["user"]["groups"],$querystring); - $table_idx = $this->formDef['db_table_idx']; - - $tmp_recordid = (isset($record[$table_idx]))?$record[$table_idx]:0; - $querystring = str_replace("{RECORDID}",$tmp_recordid,$querystring); - unset($tmp_recordid); - - $querystring = str_replace("{AUTHSQL}",$this->getAuthSQL('r'),$querystring); - - // Getting the records - $tmp_records = $app->db->queryAllRecords($querystring); - if($app->db->errorMessage != '') die($app->db->errorMessage); - if(is_array($tmp_records)) { - $key_field = $field["datasource"]["keyfield"]; - $value_field = $field["datasource"]["valuefield"]; - foreach($tmp_records as $tmp_rec) { - $tmp_id = $tmp_rec[$key_field]; - $values[$tmp_id] = $tmp_rec[$value_field]; - } - } - } - - if($field["datasource"]["type"] == 'CUSTOM') { - // Calls a custom class to validate this record - if($field["datasource"]['class'] != '' and $field["datasource"]['function'] != '') { - $datasource_class = $field["datasource"]['class']; - $datasource_function = $field["datasource"]['function']; - $app->uses($datasource_class); - $values = $app->$datasource_class->$datasource_function($field, $record); - } else { - $this->errorMessage .= "Custom datasource class or function is empty
\r\n"; - } - } - - return $values; - - } - - - /** - * Record f�r Ausgabe in Formularen vorbereiten. - * - * @param record = Datensatz als Array - * @param action = NEW oder EDIT - * @return record - */ - function getHTML($record, $tab, $action = 'NEW') { - - global $app; - - $this->action = $action; - - if(!is_array($this->formDef)) $app->error("Keine Formdefinition vorhanden."); - if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab)."); - - $new_record = array(); - if($action == 'EDIT') { - $record = $this->decode($record,$tab); - if(is_array($record)) { - foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { - $val = $record[$key]; - - // If Datasource is set, get the data from there - if(isset($field['datasource']) && is_array($field['datasource'])) { - $field["value"] = $this->getDatasourceData($field, $record); - } - - switch ($field['formtype']) { - case 'SELECT': - $out = ''; - if(is_array($field['value'])) { - foreach($field['value'] as $k => $v) { - $selected = ($k == $val)?' SELECTED':''; - $out .= "\r\n"; - } - } - $new_record[$key] = $out; - break; - case 'MULTIPLE': - if(is_array($field['value'])) { - - // aufsplitten ergebnisse - $vals = explode($field['separator'],$val); - - // HTML schreiben - $out = ''; - foreach($field['value'] as $k => $v) { - - $selected = ''; - foreach($vals as $tvl) { - if(trim($tvl) == trim($k)) $selected = ' SELECTED'; - } - - $out .= "\r\n"; - } - } - $new_record[$key] = $out; - break; - - case 'PASSWORD': - $new_record[$key] = ''; - break; - - case 'CHECKBOX': - $checked = ($val == $field['value'][1])?' CHECKED':''; - $new_record[$key] = "\r\n"; - break; - - case 'CHECKBOXARRAY': - if(is_array($field['value'])) { - - // aufsplitten ergebnisse - $vals = explode($field['separator'],$val); - - // HTML schreiben - $out = ''; - foreach($field['value'] as $k => $v) { - - $checked = ''; - foreach($vals as $tvl) { - if(trim($tvl) == trim($k)) $checked = ' CHECKED'; - } - $out .= "\r\n - \r\n - \r\n -
\r\n"; - } - } - $new_record[$key] = $out; - break; - - case 'RADIO': - if(is_array($field['value'])) { - - // HTML schreiben - $out = ''; - foreach($field['value'] as $k => $v) { - $checked = ($k == $val)?' CHECKED':''; - $out .= "\r\n - \r\n - \r\n -
\r\n"; - } - } - $new_record[$key] = $out; - break; - - default: - $new_record[$key] = htmlspecialchars($record[$key]); - } - } - } - } else { - // Action: NEW - foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { - - // If Datasource is set, get the data from there - if(@is_array($field['datasource'])) { - $field["value"] = $this->getDatasourceData($field, $record); - } - - switch ($field['formtype']) { - case 'SELECT': - if(is_array($field['value'])) { - $out = ''; - foreach($field['value'] as $k => $v) { - //$selected = ($k == $val)?' SELECTED':''; - $selected = ''; - $out .= "\r\n"; - } - } - if(isset($out)) $new_record[$key] = $out; - break; - case 'MULTIPLE': - if(is_array($field['value'])) { - - // aufsplitten ergebnisse - $vals = explode($field['separator'],$val); - - // HTML schreiben - $out = ''; - foreach($field['value'] as $k => $v) { - - $out .= "\r\n"; - } - } - $new_record[$key] = $out; - break; - - case 'PASSWORD': - $new_record[$key] = ''; - break; - - case 'CHECKBOX': - // $checked = (empty($field["default"]))?'':' CHECKED'; - $checked = ($field["default"] == $field['value'][1])?' CHECKED':''; - $new_record[$key] = "\r\n"; - break; - - case 'CHECKBOXARRAY': - if(is_array($field['value'])) { - - // aufsplitten ergebnisse - $vals = explode($field['separator'],$field["default"]); - - // HTML schreiben - $out = ''; - foreach($field['value'] as $k => $v) { - - $checked = ''; - foreach($vals as $tvl) { - if(trim($tvl) == trim($k)) $checked = ' CHECKED'; - } - $out .= "\r\n - \r\n - \r\n -
\r\n"; - } - } - $new_record[$key] = $out; - break; - - case 'RADIO': - if(is_array($field['value'])) { - - // HTML schreiben - $out = ''; - foreach($field['value'] as $k => $v) { - $checked = ($k == $field["default"])?' CHECKED':''; - $out .= "\r\n - \r\n - \r\n -
\r\n"; - } - } - $new_record[$key] = $out; - break; - - default: - $new_record[$key] = htmlspecialchars($field['default']); - } - } - - } - - if($this->debug == 1) $this->dbg($new_record); - - return $new_record; - } - - /** - * Record in "maschinen lesbares" Format �berf�hren - * und Werte gegen regul�re Ausdr�cke pr�fen. - * - * @param record = Datensatz als Array - * @return record - */ - function encode($record,$tab) { - global $app; - - if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab)."); - //$this->errorMessage = ''; - - if(is_array($record)) { - foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { - - if(isset($field['validators']) && is_array($field['validators'])) $this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']); - - switch ($field['datatype']) { - case 'VARCHAR': - if(!@is_array($record[$key])) { - $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):''; - } else { - $new_record[$key] = implode($field['separator'],$record[$key]); - } - break; - case 'TEXT': - if(!is_array($record[$key])) { - $new_record[$key] = $app->db->quote($record[$key]); - } else { - $new_record[$key] = implode($field['separator'],$record[$key]); - } - break; - case 'DATE': - if($record[$key] > 0) { - list($tag,$monat,$jahr) = explode('.',$record[$key]); - $new_record[$key] = mktime(0,0,0,$monat,$tag,$jahr); - } else { - $new_record[$key] = 0; - } - break; - case 'INTEGER': - $new_record[$key] = (isset($record[$key]))?$record[$key]:0; - //if($new_record[$key] != $record[$key]) $new_record[$key] = $field['default']; - //if($key == 'refresh') die($record[$key]); - break; - case 'DOUBLE': - $new_record[$key] = $app->db->quote($record[$key]); - break; - case 'CURRENCY': - $new_record[$key] = str_replace(",",".",$record[$key]); - break; - } - - // The use of the field value is deprecated, use validators instead - if(isset($field['regex']) && $field['regex'] != '') { - // Enable that "." matches also newlines - $field['regex'] .= 's'; - if(!preg_match($field['regex'], $record[$key])) { - $errmsg = $field['errmsg']; - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } - } - - - } - } - return $new_record; - } - - /** - * process the validators for a given field. - * - * @param field_name = Name of the field - * @param field_value = value of the field - * @param validatoors = Array of validators - * @return record - */ - - function validateField($field_name, $field_value, $validators) { - - global $app; - - $escape = '`'; - - // loop trough the validators - foreach($validators as $validator) { - - switch ($validator['type']) { - case 'REGEX': - $validator['regex'] .= 's'; - if(!preg_match($validator['regex'], $field_value)) { - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - break; - case 'UNIQUE': - if($this->action == 'NEW') { - $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'"); - if($num_rec["number"] > 0) { - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - } else { - $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id); - if($num_rec["number"] > 0) { - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - } - break; - case 'NOTEMPTY': - if(empty($field_value)) { - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - break; - case 'ISEMAIL': - if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $field_value)) { - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - break; - case 'ISINT': - $tmpval = intval($field_value); - if($tmpval === 0 and !empty($field_value)) { - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - break; - case 'ISPOSITIVE': - if(!is_numeric($field_value) || $field_value <= 0){ - $errmsg = $validator['errmsg']; - if(isset($this->wordbook[$errmsg])) { - $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; - } else { - $this->errorMessage .= $errmsg."
\r\n"; - } - } - break; - case 'CUSTOM': - // Calls a custom class to validate this record - if($validator['class'] != '' and $validator['function'] != '') { - $validator_class = $validator['class']; - $validator_function = $validator['function']; - $app->uses($validator_class); - $this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator); - } else { - $this->errorMessage .= "Custom validator class or function is empty
\r\n"; - } - break; - default: - $this->errorMessage .= "Unknown Validator: ".$validator['type']; - break; - } - - - } - - return true; - } - - /** - * SQL Statement f�r Record erzeugen. - * - * @param record = Datensatz als Array - * @param action = INSERT oder UPDATE - * @param primary_id - * @return record - */ - function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '') { - - global $app; - - // If there are no data records on the tab, return empty sql string - if(count($this->formDef['tabs'][$tab]['fields']) == 0) return ''; - - // checking permissions - if($this->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') { - if($action == "INSERT") { - if(!$this->checkPerm($primary_id,'i')) $this->errorMessage .= "Insert denied.
\r\n"; - } else { - if(!$this->checkPerm($primary_id,'u')) $this->errorMessage .= "Update denied.
\r\n"; - } - } - - $this->action = $action; - $this->primary_id = $primary_id; - - $record = $this->encode($record,$tab); - $sql_insert_key = ''; - $sql_insert_val = ''; - $sql_update = ''; - - if(!is_array($this->formDef)) $app->error("Keine Formulardefinition vorhanden."); - if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab)."); - - // gehe durch alle Felder des Tabs - if(is_array($record)) { - foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { - // Wenn es kein leeres Passwortfeld ist - if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) { - // Erzeuge Insert oder Update Quelltext - if($action == "INSERT") { - if($field['formtype'] == 'PASSWORD') { - $sql_insert_key .= "`$key`, "; - if($field['encryption'] == 'CRYPT') { - $salt="$1$"; - for ($n=0;$n<11;$n++) { - $salt.=chr(mt_rand(64,126)); - } - $salt.="$"; - // $salt = substr(md5(time()),0,2); - $record[$key] = crypt($record[$key],$salt); - $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; - } elseif ($field['encryption'] == 'MYSQL') { - $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), "; - } elseif ($field['encryption'] == 'CLEARTEXT') { - $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; - } else { - $record[$key] = md5($record[$key]); - $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; - } - - } elseif ($field['formtype'] == 'CHECKBOX') { - $sql_insert_key .= "`$key`, "; - if($record[$key] == '') { - // if a checkbox is not set, we set it to the unchecked value - $sql_insert_val .= "'".$field['value'][0]."', "; - $record[$key] = $field['value'][0]; - } else { - $sql_insert_val .= "'".$record[$key]."', "; - } - } else { - $sql_insert_key .= "`$key`, "; - $sql_insert_val .= "'".$record[$key]."', "; - } - } else { - if($field['formtype'] == 'PASSWORD') { - if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') { - $salt="$1$"; - for ($n=0;$n<11;$n++) { - $salt.=chr(mt_rand(64,126)); - } - $salt.="$"; - // $salt = substr(md5(time()),0,2); - $record[$key] = crypt($record[$key],$salt); - $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; - } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { - $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), "; - } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') { - $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; - } else { - $record[$key] = md5($record[$key]); - $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; - } - - } elseif ($field['formtype'] == 'CHECKBOX') { - if($record[$key] == '') { - // if a checkbox is not set, we set it to the unchecked value - $sql_update .= "`$key` = '".$field['value'][0]."', "; - $record[$key] = $field['value'][0]; - } else { - $sql_update .= "`$key` = '".$record[$key]."', "; - } - } else { - $sql_update .= "`$key` = '".$record[$key]."', "; - } - } - } else { - // we unset the password filed, if empty to tell the datalog function - // that the password has not been changed - unset($record[$key]); - } - } - } - - - // F�ge Backticks nur bei unvollst�ndigen Tabellennamen ein - if(stristr($this->formDef['db_table'],'.')) { - $escape = ''; - } else { - $escape = '`'; - } - - - if($action == "INSERT") { - if($this->formDef['auth'] == 'yes') { - // Setze User und Gruppe - $sql_insert_key .= "`sys_userid`, "; - $sql_insert_val .= ($this->formDef["auth_preset"]["userid"] > 0)?"'".$this->formDef["auth_preset"]["userid"]."', ":"'".$_SESSION["s"]["user"]["userid"]."', "; - $sql_insert_key .= "`sys_groupid`, "; - $sql_insert_val .= ($this->formDef["auth_preset"]["groupid"] > 0)?"'".$this->formDef["auth_preset"]["groupid"]."', ":"'".$_SESSION["s"]["user"]["default_group"]."', "; - $sql_insert_key .= "`sys_perm_user`, "; - $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_user"]."', "; - $sql_insert_key .= "`sys_perm_group`, "; - $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_group"]."', "; - $sql_insert_key .= "`sys_perm_other`, "; - $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_other"]."', "; - } - $sql_insert_key = substr($sql_insert_key,0,-2); - $sql_insert_val = substr($sql_insert_val,0,-2); - $sql = "INSERT INTO ".$escape.$this->formDef['db_table'].$escape." ($sql_insert_key) VALUES ($sql_insert_val)"; - } else { - if($primary_id != 0) { - $sql_update = substr($sql_update,0,-2); - $sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->getAuthSQL('u')." AND ".$this->formDef['db_table_idx']." = ".$primary_id; - if($sql_ext_where != '') $sql .= " and ".$sql_ext_where; - } else { - $app->error("Primary ID fehlt!"); - } - } - - return $sql; - } - - /** - * Debugging arrays. - * - * @param array_data - */ - function dbg($array_data) { - - echo "
";
-                print_r($array_data);
-                echo "
"; - - } - - - function showForm() { - global $app,$conf; - - if(!is_array($this->formDef)) die("Form Definition wurde nicht geladen."); - - $active_tab = $this->getNextTab(); - - // definiere Tabs - foreach( $this->formDef["tabs"] as $key => $tab) { - - $tab['name'] = $key; - if($tab['name'] == $active_tab) { - - // Wenn Modul gesetzt, dann setzte template pfad relativ zu modul. - if($this->module != '') $tab["template"] = "../".$this->module."/".$tab["template"]; - - // �berpr�fe, ob das Template existiert, wenn nicht - // dann generiere das Template - - // Translate the title of the tab - $tab['title'] = $this->lng($tab['title']); - - if(!is_file($tab["template"])) { - $app->uses('tform_tpl_generator'); - $app->tform_tpl_generator->buildHTML($this->formDef,$tab['name']); - } - - $app->tpl->setInclude('content_tpl',$tab["template"]); - $tab["active"] = 1; - $_SESSION["s"]["form"]["tab"] = $tab['name']; - } else { - $tab["active"] = 0; - } - - // Die Datenfelder werden f�r die Tabs nicht ben�tigt - unset($tab["fields"]); - unset($tab["plugins"]); - - $frmTab[] = $tab; - } - - // setting form tabs - $app->tpl->setLoop("formTab", $frmTab); - - // Set form action - $app->tpl->setVar('form_action',$this->formDef["action"]); - $app->tpl->setVar('form_active_tab',$active_tab); - - // Set form title - $form_hint = $this->lng($this->formDef["title"]); - if($this->formDef["description"] != '') $form_hint .= '
'.$this->lng($this->formDef["description"]).'
'; - $app->tpl->setVar('form_hint',$form_hint); - - // Set Wordbook for this form - - $app->tpl->setVar($this->wordbook); - } - - function getDataRecord($primary_id) { - global $app; - $escape = '`'; - $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; - return $app->db->queryOneRecord($sql); - } - - - function datalogSave($action,$primary_id, $record_old, $record_new) { - global $app,$conf; - - // F�ge Backticks nur bei unvollst�ndigen Tabellennamen ein - if(stristr($this->formDef['db_table'],'.')) { - $escape = ''; - } else { - $escape = '`'; - } - - $diffrec = array(); - - if(is_array($record_new) && count($record_new) > 0) { - foreach($record_new as $key => $val) { - if(@$record_old[$key] != $val) { - // Record has changed - $diffrec[$key] = array('old' => @$record_old[$key], - 'new' => $val); - } - } - } elseif(is_array($record_old)) { - foreach($record_old as $key => $val) { - if($record_new[$key] != $val) { - // Record has changed - $diffrec[$key] = array('new' => $record_new[$key], - 'old' => $val); - } - } - } - $this->diffrec = $diffrec; - - - // Full diff records for ISPConfig, they have a different format then the simple diffrec - $diffrec_full = array(); - - if(is_array($record_old) && count($record_old) > 0) { - foreach($record_old as $key => $val) { - //if(isset($record_new[$key]) && $record_new[$key] != $val) { - if(!isset($record_new[$key]) || $record_new[$key] != $val) { - // Record has changed - $diffrec_full['old'][$key] = $val; - $diffrec_full['new'][$key] = $record_new[$key]; - } else { - $diffrec_full['old'][$key] = $val; - $diffrec_full['new'][$key] = $val; - } - } - } elseif(is_array($record_new)) { - foreach($record_new as $key => $val) { - if(isset($record_new[$key]) && $record_old[$key] != $val) { - // Record has changed - $diffrec_full['new'][$key] = $val; - $diffrec_full['old'][$key] = $record_old[$key]; - } else { - $diffrec_full['new'][$key] = $val; - $diffrec_full['old'][$key] = $val; - } - } - } - - // Insert the server_id, if the record has a server_id - $server_id = (isset($record_old["server_id"]) && $record_old["server_id"] > 0)?$record_old["server_id"]:0; - if(isset($record_new["server_id"])) $server_id = $record_new["server_id"]; - - if(count($this->diffrec) > 0) { - $diffstr = $app->db->quote(serialize($diffrec_full)); - $username = $app->db->quote($_SESSION["s"]["user"]["username"]); - $dbidx = $this->formDef['db_table_idx'].":".$primary_id; - // $action = ($action == 'INSERT')?'i':'u'; - - if($action == 'INSERT') $action = 'i'; - if($action == 'UPDATE') $action = 'u'; - if($action == 'DELETE') $action = 'd'; - $sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES ('".$this->formDef['db_table']."','$dbidx','$server_id','$action','".time()."','$username','$diffstr')"; - $app->db->query($sql); - } - - return true; - - } - - function getAuthSQL($perm) { - if($_SESSION["s"]["user"]["typ"] == 'admin') { - return '1'; - } else { - $groups = ( $_SESSION["s"]["user"]["groups"] ) ? $_SESSION["s"]["user"]["groups"] : 0; - $sql = '('; - $sql .= "(sys_userid = ".$_SESSION["s"]["user"]["userid"]." AND sys_perm_user like '%$perm%') OR "; - $sql .= "(sys_groupid IN (".$groups.") AND sys_perm_group like '%$perm%') OR "; - $sql .= "sys_perm_other like '%$perm%'"; - $sql .= ')'; - - return $sql; - } - } - - /* - Diese funktion �berpr�ft, ob ein User die Berechtigung $perm f�r den Datensatz mit der ID $record_id - hat. It record_id = 0, dann wird gegen die user Defaults des Formulares getestet. - */ - function checkPerm($record_id,$perm) { - global $app; - - if($record_id > 0) { - // F�ge Backticks nur bei unvollst�ndigen Tabellennamen ein - if(stristr($this->formDef['db_table'],'.')) { - $escape = ''; - } else { - $escape = '`'; - } - - $sql = "SELECT ".$this->formDef['db_table_idx']." FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$record_id." AND ".$this->getAuthSQL($perm); - if($record = $app->db->queryOneRecord($sql)) { - return true; - } else { - return false; - } - } else { - $result = false; - if(@$this->formDef["auth_preset"]["userid"] == $_SESSION["s"]["user"]["userid"] && stristr($perm,$this->formDef["auth_preset"]["perm_user"])) $result = true; - if(@$this->formDef["auth_preset"]["groupid"] == $_SESSION["s"]["user"]["groupid"] && stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true; - if(@stristr($this->formDef["auth_preset"]["perm_other"],$perm)) $result = true; - - // if preset == 0, everyone can insert a record of this type - if($this->formDef["auth_preset"]["userid"] == 0 AND $this->formDef["auth_preset"]["groupid"] == 0 AND (@stristr($this->formDef["auth_preset"]["perm_user"],$perm) OR @stristr($this->formDef["auth_preset"]["perm_group"],$perm))) $result = true; - - return $result; - - } - - } - - function getNextTab() { - // Welcher Tab wird angezeigt - if($this->errorMessage == '') { - // wenn kein Fehler vorliegt - if(isset($_REQUEST["next_tab"]) && $_REQUEST["next_tab"] != '') { - // wenn n�chster Tab bekannt - $active_tab = $_REQUEST["next_tab"]; - } else { - // ansonsten ersten tab nehmen - $active_tab = $this->formDef['tab_default']; - } - } else { - // bei Fehlern den gleichen Tab nochmal anzeigen - $active_tab = $_SESSION["s"]["form"]["tab"]; - } - - return $active_tab; - } - - function getCurrentTab() { - return $_SESSION["s"]["form"]["tab"]; - } - - function isReadonlyTab($tab) { - if(isset($this->formDef['tabs'][$tab]['readonly']) && $this->formDef['tabs'][$tab]['readonly'] == true) { - return true; - } else { - return false; - } - } - - - // translation function for forms, tries the form wordbook first and if this fails, it tries the global wordbook - function lng($msg) { - global $app; - - if(isset($this->wordbook[$msg])) { - return $this->wordbook[$msg]; - } else { - return $app->lng($msg); - } - - } - -} - +tableDef = $table; + $this->table_name = $table_name; + $this->table_index = $table_index; + return true; + } + */ + + function loadFormDef($file,$module = '') { + global $app,$conf; + + include_once($file); + $this->formDef = $form; + + $this->module = $module; + $wb = array(); + + if($module == '') { + if(is_file("lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng")) { + include_once("lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng"); + } + } else { + if(is_file("../$module/lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng")) { + include_once("../$module/lib/lang/".$_SESSION["s"]["language"]."_".$this->formDef["name"].".lng"); + } + } + $this->wordbook = $wb; + + return true; + } + + + /** + * Konvertiert die Daten des �bergebenen assoziativen + * Arrays in "menschenlesbare" Form. + * Datentyp Konvertierung, z.B. f�r Ausgabe in Listen. + * + * @param record + * @return record + */ + function decode($record,$tab) { + if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab)."); + $new_record = ''; + if(is_array($record)) { + foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { + switch ($field['datatype']) { + case 'VARCHAR': + $new_record[$key] = stripslashes($record[$key]); + break; + + case 'TEXT': + $new_record[$key] = stripslashes($record[$key]); + break; + + case 'DATE': + if($record[$key] > 0) { + $new_record[$key] = date($this->dateformat,$record[$key]); + } + break; + + case 'INTEGER': + $new_record[$key] = intval($record[$key]); + break; + + case 'DOUBLE': + $new_record[$key] = $record[$key]; + break; + + case 'CURRENCY': + $new_record[$key] = number_format($record[$key], 2, ',', ''); + break; + + default: + $new_record[$key] = stripslashes($record[$key]); + } + } + + } + + return $new_record; + } + + /** + * Get the key => value array of a form filed from a datasource definitiom + * + * @param field = array with field definition + * @param record = Dataset as array + * @return key => value array for the value field of a form + */ + + function getDatasourceData($field, $record) { + global $app; + + $values = array(); + + if($field["datasource"]["type"] == 'SQL') { + + // Preparing SQL string. We will replace some + // common placeholders + $querystring = $field["datasource"]["querystring"]; + $querystring = str_replace("{USERID}",$_SESSION["s"]["user"]["userid"],$querystring); + $querystring = str_replace("{GROUPID}",$_SESSION["s"]["user"]["default_group"],$querystring); + $querystring = str_replace("{GROUPS}",$_SESSION["s"]["user"]["groups"],$querystring); + $table_idx = $this->formDef['db_table_idx']; + + $tmp_recordid = (isset($record[$table_idx]))?$record[$table_idx]:0; + $querystring = str_replace("{RECORDID}",$tmp_recordid,$querystring); + unset($tmp_recordid); + + $querystring = str_replace("{AUTHSQL}",$this->getAuthSQL('r'),$querystring); + + // Getting the records + $tmp_records = $app->db->queryAllRecords($querystring); + if($app->db->errorMessage != '') die($app->db->errorMessage); + if(is_array($tmp_records)) { + $key_field = $field["datasource"]["keyfield"]; + $value_field = $field["datasource"]["valuefield"]; + foreach($tmp_records as $tmp_rec) { + $tmp_id = $tmp_rec[$key_field]; + $values[$tmp_id] = $tmp_rec[$value_field]; + } + } + } + + if($field["datasource"]["type"] == 'CUSTOM') { + // Calls a custom class to validate this record + if($field["datasource"]['class'] != '' and $field["datasource"]['function'] != '') { + $datasource_class = $field["datasource"]['class']; + $datasource_function = $field["datasource"]['function']; + $app->uses($datasource_class); + $values = $app->$datasource_class->$datasource_function($field, $record); + } else { + $this->errorMessage .= "Custom datasource class or function is empty
\r\n"; + } + } + + return $values; + + } + + + /** + * Record f�r Ausgabe in Formularen vorbereiten. + * + * @param record = Datensatz als Array + * @param action = NEW oder EDIT + * @return record + */ + function getHTML($record, $tab, $action = 'NEW') { + + global $app; + + $this->action = $action; + + if(!is_array($this->formDef)) $app->error("Keine Formdefinition vorhanden."); + if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab)."); + + $new_record = array(); + if($action == 'EDIT') { + $record = $this->decode($record,$tab); + if(is_array($record)) { + foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { + $val = $record[$key]; + + // If Datasource is set, get the data from there + if(isset($field['datasource']) && is_array($field['datasource'])) { + $field["value"] = $this->getDatasourceData($field, $record); + } + + switch ($field['formtype']) { + case 'SELECT': + $out = ''; + if(is_array($field['value'])) { + foreach($field['value'] as $k => $v) { + $selected = ($k == $val)?' SELECTED':''; + $out .= "\r\n"; + } + } + $new_record[$key] = $out; + break; + case 'MULTIPLE': + if(is_array($field['value'])) { + + // aufsplitten ergebnisse + $vals = explode($field['separator'],$val); + + // HTML schreiben + $out = ''; + foreach($field['value'] as $k => $v) { + + $selected = ''; + foreach($vals as $tvl) { + if(trim($tvl) == trim($k)) $selected = ' SELECTED'; + } + + $out .= "\r\n"; + } + } + $new_record[$key] = $out; + break; + + case 'PASSWORD': + $new_record[$key] = ''; + break; + + case 'CHECKBOX': + $checked = ($val == $field['value'][1])?' CHECKED':''; + $new_record[$key] = "\r\n"; + break; + + case 'CHECKBOXARRAY': + if(is_array($field['value'])) { + + // aufsplitten ergebnisse + $vals = explode($field['separator'],$val); + + // HTML schreiben + $out = ''; + foreach($field['value'] as $k => $v) { + + $checked = ''; + foreach($vals as $tvl) { + if(trim($tvl) == trim($k)) $checked = ' CHECKED'; + } + $out .= "\r\n + \r\n + \r\n +
\r\n"; + } + } + $new_record[$key] = $out; + break; + + case 'RADIO': + if(is_array($field['value'])) { + + // HTML schreiben + $out = ''; + foreach($field['value'] as $k => $v) { + $checked = ($k == $val)?' CHECKED':''; + $out .= "\r\n + \r\n + \r\n +
\r\n"; + } + } + $new_record[$key] = $out; + break; + + default: + $new_record[$key] = htmlspecialchars($record[$key]); + } + } + } + } else { + // Action: NEW + foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { + + // If Datasource is set, get the data from there + if(@is_array($field['datasource'])) { + $field["value"] = $this->getDatasourceData($field, $record); + } + + switch ($field['formtype']) { + case 'SELECT': + if(is_array($field['value'])) { + $out = ''; + foreach($field['value'] as $k => $v) { + //$selected = ($k == $val)?' SELECTED':''; + $selected = ''; + $out .= "\r\n"; + } + } + if(isset($out)) $new_record[$key] = $out; + break; + case 'MULTIPLE': + if(is_array($field['value'])) { + + // aufsplitten ergebnisse + $vals = explode($field['separator'],$val); + + // HTML schreiben + $out = ''; + foreach($field['value'] as $k => $v) { + + $out .= "\r\n"; + } + } + $new_record[$key] = $out; + break; + + case 'PASSWORD': + $new_record[$key] = ''; + break; + + case 'CHECKBOX': + // $checked = (empty($field["default"]))?'':' CHECKED'; + $checked = ($field["default"] == $field['value'][1])?' CHECKED':''; + $new_record[$key] = "\r\n"; + break; + + case 'CHECKBOXARRAY': + if(is_array($field['value'])) { + + // aufsplitten ergebnisse + $vals = explode($field['separator'],$field["default"]); + + // HTML schreiben + $out = ''; + foreach($field['value'] as $k => $v) { + + $checked = ''; + foreach($vals as $tvl) { + if(trim($tvl) == trim($k)) $checked = ' CHECKED'; + } + $out .= "\r\n + \r\n + \r\n +
\r\n"; + } + } + $new_record[$key] = $out; + break; + + case 'RADIO': + if(is_array($field['value'])) { + + // HTML schreiben + $out = ''; + foreach($field['value'] as $k => $v) { + $checked = ($k == $field["default"])?' CHECKED':''; + $out .= "\r\n + \r\n + \r\n +
\r\n"; + } + } + $new_record[$key] = $out; + break; + + default: + $new_record[$key] = htmlspecialchars($field['default']); + } + } + + } + + if($this->debug == 1) $this->dbg($new_record); + + return $new_record; + } + + /** + * Record in "maschinen lesbares" Format �berf�hren + * und Werte gegen regul�re Ausdr�cke pr�fen. + * + * @param record = Datensatz als Array + * @return record + */ + function encode($record,$tab) { + global $app; + + if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab)."); + //$this->errorMessage = ''; + + if(is_array($record)) { + foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { + + if(isset($field['validators']) && is_array($field['validators'])) $this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']); + + switch ($field['datatype']) { + case 'VARCHAR': + if(!@is_array($record[$key])) { + $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):''; + } else { + $new_record[$key] = implode($field['separator'],$record[$key]); + } + break; + case 'TEXT': + if(!is_array($record[$key])) { + $new_record[$key] = $app->db->quote($record[$key]); + } else { + $new_record[$key] = implode($field['separator'],$record[$key]); + } + break; + case 'DATE': + if($record[$key] > 0) { + list($tag,$monat,$jahr) = explode('.',$record[$key]); + $new_record[$key] = mktime(0,0,0,$monat,$tag,$jahr); + } else { + $new_record[$key] = 0; + } + break; + case 'INTEGER': + $new_record[$key] = (isset($record[$key]))?$record[$key]:0; + //if($new_record[$key] != $record[$key]) $new_record[$key] = $field['default']; + //if($key == 'refresh') die($record[$key]); + break; + case 'DOUBLE': + $new_record[$key] = $app->db->quote($record[$key]); + break; + case 'CURRENCY': + $new_record[$key] = str_replace(",",".",$record[$key]); + break; + } + + // The use of the field value is deprecated, use validators instead + if(isset($field['regex']) && $field['regex'] != '') { + // Enable that "." matches also newlines + $field['regex'] .= 's'; + if(!preg_match($field['regex'], $record[$key])) { + $errmsg = $field['errmsg']; + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } + } + + + } + } + return $new_record; + } + + /** + * process the validators for a given field. + * + * @param field_name = Name of the field + * @param field_value = value of the field + * @param validatoors = Array of validators + * @return record + */ + + function validateField($field_name, $field_value, $validators) { + + global $app; + + $escape = '`'; + + // loop trough the validators + foreach($validators as $validator) { + + switch ($validator['type']) { + case 'REGEX': + $validator['regex'] .= 's'; + if(!preg_match($validator['regex'], $field_value)) { + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + break; + case 'UNIQUE': + if($this->action == 'NEW') { + $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'"); + if($num_rec["number"] > 0) { + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + } else { + $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id); + if($num_rec["number"] > 0) { + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + } + break; + case 'NOTEMPTY': + if(empty($field_value)) { + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + break; + case 'ISEMAIL': + if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $field_value)) { + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + break; + case 'ISINT': + $tmpval = intval($field_value); + if($tmpval === 0 and !empty($field_value)) { + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + break; + case 'ISPOSITIVE': + if(!is_numeric($field_value) || $field_value <= 0){ + $errmsg = $validator['errmsg']; + if(isset($this->wordbook[$errmsg])) { + $this->errorMessage .= $this->wordbook[$errmsg]."
\r\n"; + } else { + $this->errorMessage .= $errmsg."
\r\n"; + } + } + break; + case 'CUSTOM': + // Calls a custom class to validate this record + if($validator['class'] != '' and $validator['function'] != '') { + $validator_class = $validator['class']; + $validator_function = $validator['function']; + $app->uses($validator_class); + $this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator); + } else { + $this->errorMessage .= "Custom validator class or function is empty
\r\n"; + } + break; + default: + $this->errorMessage .= "Unknown Validator: ".$validator['type']; + break; + } + + + } + + return true; + } + + /** + * SQL Statement f�r Record erzeugen. + * + * @param record = Datensatz als Array + * @param action = INSERT oder UPDATE + * @param primary_id + * @return record + */ + function getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '') { + + global $app; + + // If there are no data records on the tab, return empty sql string + if(count($this->formDef['tabs'][$tab]['fields']) == 0) return ''; + + // checking permissions + if($this->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') { + if($action == "INSERT") { + if(!$this->checkPerm($primary_id,'i')) $this->errorMessage .= "Insert denied.
\r\n"; + } else { + if(!$this->checkPerm($primary_id,'u')) $this->errorMessage .= "Update denied.
\r\n"; + } + } + + $this->action = $action; + $this->primary_id = $primary_id; + + $record = $this->encode($record,$tab); + $sql_insert_key = ''; + $sql_insert_val = ''; + $sql_update = ''; + + if(!is_array($this->formDef)) $app->error("Keine Formulardefinition vorhanden."); + if(!is_array($this->formDef['tabs'][$tab])) $app->error("Tab ist leer oder existiert nicht (TAB: $tab)."); + + // gehe durch alle Felder des Tabs + if(is_array($record)) { + foreach($this->formDef['tabs'][$tab]['fields'] as $key => $field) { + // Wenn es kein leeres Passwortfeld ist + if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) { + // Erzeuge Insert oder Update Quelltext + if($action == "INSERT") { + if($field['formtype'] == 'PASSWORD') { + $sql_insert_key .= "`$key`, "; + if($field['encryption'] == 'CRYPT') { + $salt="$1$"; + for ($n=0;$n<11;$n++) { + $salt.=chr(mt_rand(64,126)); + } + $salt.="$"; + // $salt = substr(md5(time()),0,2); + $record[$key] = crypt($record[$key],$salt); + $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; + } elseif ($field['encryption'] == 'MYSQL') { + $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), "; + } elseif ($field['encryption'] == 'CLEARTEXT') { + $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; + } else { + $record[$key] = md5($record[$key]); + $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; + } + + } elseif ($field['formtype'] == 'CHECKBOX') { + $sql_insert_key .= "`$key`, "; + if($record[$key] == '') { + // if a checkbox is not set, we set it to the unchecked value + $sql_insert_val .= "'".$field['value'][0]."', "; + $record[$key] = $field['value'][0]; + } else { + $sql_insert_val .= "'".$record[$key]."', "; + } + } else { + $sql_insert_key .= "`$key`, "; + $sql_insert_val .= "'".$record[$key]."', "; + } + } else { + if($field['formtype'] == 'PASSWORD') { + if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') { + $salt="$1$"; + for ($n=0;$n<11;$n++) { + $salt.=chr(mt_rand(64,126)); + } + $salt.="$"; + // $salt = substr(md5(time()),0,2); + $record[$key] = crypt($record[$key],$salt); + $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; + } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { + $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), "; + } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') { + $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; + } else { + $record[$key] = md5($record[$key]); + $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; + } + + } elseif ($field['formtype'] == 'CHECKBOX') { + if($record[$key] == '') { + // if a checkbox is not set, we set it to the unchecked value + $sql_update .= "`$key` = '".$field['value'][0]."', "; + $record[$key] = $field['value'][0]; + } else { + $sql_update .= "`$key` = '".$record[$key]."', "; + } + } else { + $sql_update .= "`$key` = '".$record[$key]."', "; + } + } + } else { + // we unset the password filed, if empty to tell the datalog function + // that the password has not been changed + unset($record[$key]); + } + } + } + + + // F�ge Backticks nur bei unvollst�ndigen Tabellennamen ein + if(stristr($this->formDef['db_table'],'.')) { + $escape = ''; + } else { + $escape = '`'; + } + + + if($action == "INSERT") { + if($this->formDef['auth'] == 'yes') { + // Setze User und Gruppe + $sql_insert_key .= "`sys_userid`, "; + $sql_insert_val .= ($this->formDef["auth_preset"]["userid"] > 0)?"'".$this->formDef["auth_preset"]["userid"]."', ":"'".$_SESSION["s"]["user"]["userid"]."', "; + $sql_insert_key .= "`sys_groupid`, "; + $sql_insert_val .= ($this->formDef["auth_preset"]["groupid"] > 0)?"'".$this->formDef["auth_preset"]["groupid"]."', ":"'".$_SESSION["s"]["user"]["default_group"]."', "; + $sql_insert_key .= "`sys_perm_user`, "; + $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_user"]."', "; + $sql_insert_key .= "`sys_perm_group`, "; + $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_group"]."', "; + $sql_insert_key .= "`sys_perm_other`, "; + $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_other"]."', "; + } + $sql_insert_key = substr($sql_insert_key,0,-2); + $sql_insert_val = substr($sql_insert_val,0,-2); + $sql = "INSERT INTO ".$escape.$this->formDef['db_table'].$escape." ($sql_insert_key) VALUES ($sql_insert_val)"; + } else { + if($this->formDef['auth'] == 'yes') { + if($primary_id != 0) { + $sql_update = substr($sql_update,0,-2); + $sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->getAuthSQL('u')." AND ".$this->formDef['db_table_idx']." = ".$primary_id; + if($sql_ext_where != '') $sql .= " and ".$sql_ext_where; + } else { + $app->error("Primary ID fehlt!"); + } + } else { + if($primary_id != 0) { + $sql_update = substr($sql_update,0,-2); + $sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; + if($sql_ext_where != '') $sql .= " and ".$sql_ext_where; + } else { + $app->error("Primary ID fehlt!"); + } + } + } + + return $sql; + } + + /** + * Debugging arrays. + * + * @param array_data + */ + function dbg($array_data) { + + echo "
";
+                print_r($array_data);
+                echo "
"; + + } + + + function showForm() { + global $app,$conf; + + if(!is_array($this->formDef)) die("Form Definition wurde nicht geladen."); + + $active_tab = $this->getNextTab(); + + // definiere Tabs + foreach( $this->formDef["tabs"] as $key => $tab) { + + $tab['name'] = $key; + if($tab['name'] == $active_tab) { + + // Wenn Modul gesetzt, dann setzte template pfad relativ zu modul. + if($this->module != '') $tab["template"] = "../".$this->module."/".$tab["template"]; + + // �berpr�fe, ob das Template existiert, wenn nicht + // dann generiere das Template + + // Translate the title of the tab + $tab['title'] = $this->lng($tab['title']); + + if(!is_file($tab["template"])) { + $app->uses('tform_tpl_generator'); + $app->tform_tpl_generator->buildHTML($this->formDef,$tab['name']); + } + + $app->tpl->setInclude('content_tpl',$tab["template"]); + $tab["active"] = 1; + $_SESSION["s"]["form"]["tab"] = $tab['name']; + } else { + $tab["active"] = 0; + } + + // Die Datenfelder werden f�r die Tabs nicht ben�tigt + unset($tab["fields"]); + unset($tab["plugins"]); + + $frmTab[] = $tab; + } + + // setting form tabs + $app->tpl->setLoop("formTab", $frmTab); + + // Set form action + $app->tpl->setVar('form_action',$this->formDef["action"]); + $app->tpl->setVar('form_active_tab',$active_tab); + + // Set form title + $form_hint = $this->lng($this->formDef["title"]); + if($this->formDef["description"] != '') $form_hint .= '
'.$this->lng($this->formDef["description"]).'
'; + $app->tpl->setVar('form_hint',$form_hint); + + // Set Wordbook for this form + + $app->tpl->setVar($this->wordbook); + } + + function getDataRecord($primary_id) { + global $app; + $escape = '`'; + $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; + return $app->db->queryOneRecord($sql); + } + + + function datalogSave($action,$primary_id, $record_old, $record_new) { + global $app,$conf; + + // F�ge Backticks nur bei unvollst�ndigen Tabellennamen ein + if(stristr($this->formDef['db_table'],'.')) { + $escape = ''; + } else { + $escape = '`'; + } + + $diffrec = array(); + + if(is_array($record_new) && count($record_new) > 0) { + foreach($record_new as $key => $val) { + if(@$record_old[$key] != $val) { + // Record has changed + $diffrec[$key] = array('old' => @$record_old[$key], + 'new' => $val); + } + } + } elseif(is_array($record_old)) { + foreach($record_old as $key => $val) { + if($record_new[$key] != $val) { + // Record has changed + $diffrec[$key] = array('new' => $record_new[$key], + 'old' => $val); + } + } + } + $this->diffrec = $diffrec; + + + // Full diff records for ISPConfig, they have a different format then the simple diffrec + $diffrec_full = array(); + + if(is_array($record_old) && count($record_old) > 0) { + foreach($record_old as $key => $val) { + //if(isset($record_new[$key]) && $record_new[$key] != $val) { + if(!isset($record_new[$key]) || $record_new[$key] != $val) { + // Record has changed + $diffrec_full['old'][$key] = $val; + $diffrec_full['new'][$key] = $record_new[$key]; + } else { + $diffrec_full['old'][$key] = $val; + $diffrec_full['new'][$key] = $val; + } + } + } elseif(is_array($record_new)) { + foreach($record_new as $key => $val) { + if(isset($record_new[$key]) && $record_old[$key] != $val) { + // Record has changed + $diffrec_full['new'][$key] = $val; + $diffrec_full['old'][$key] = $record_old[$key]; + } else { + $diffrec_full['new'][$key] = $val; + $diffrec_full['old'][$key] = $val; + } + } + } + + // Insert the server_id, if the record has a server_id + $server_id = (isset($record_old["server_id"]) && $record_old["server_id"] > 0)?$record_old["server_id"]:0; + if(isset($record_new["server_id"])) $server_id = $record_new["server_id"]; + + if(count($this->diffrec) > 0) { + $diffstr = $app->db->quote(serialize($diffrec_full)); + $username = $app->db->quote($_SESSION["s"]["user"]["username"]); + $dbidx = $this->formDef['db_table_idx'].":".$primary_id; + // $action = ($action == 'INSERT')?'i':'u'; + + if($action == 'INSERT') $action = 'i'; + if($action == 'UPDATE') $action = 'u'; + if($action == 'DELETE') $action = 'd'; + $sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES ('".$this->formDef['db_table']."','$dbidx','$server_id','$action','".time()."','$username','$diffstr')"; + $app->db->query($sql); + } + + return true; + + } + + function getAuthSQL($perm) { + if($_SESSION["s"]["user"]["typ"] == 'admin') { + return '1'; + } else { + $groups = ( $_SESSION["s"]["user"]["groups"] ) ? $_SESSION["s"]["user"]["groups"] : 0; + $sql = '('; + $sql .= "(sys_userid = ".$_SESSION["s"]["user"]["userid"]." AND sys_perm_user like '%$perm%') OR "; + $sql .= "(sys_groupid IN (".$groups.") AND sys_perm_group like '%$perm%') OR "; + $sql .= "sys_perm_other like '%$perm%'"; + $sql .= ')'; + + return $sql; + } + } + + /* + Diese funktion �berpr�ft, ob ein User die Berechtigung $perm f�r den Datensatz mit der ID $record_id + hat. It record_id = 0, dann wird gegen die user Defaults des Formulares getestet. + */ + function checkPerm($record_id,$perm) { + global $app; + + if($record_id > 0) { + // F�ge Backticks nur bei unvollst�ndigen Tabellennamen ein + if(stristr($this->formDef['db_table'],'.')) { + $escape = ''; + } else { + $escape = '`'; + } + + $sql = "SELECT ".$this->formDef['db_table_idx']." FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$record_id." AND ".$this->getAuthSQL($perm); + if($record = $app->db->queryOneRecord($sql)) { + return true; + } else { + return false; + } + } else { + $result = false; + if(@$this->formDef["auth_preset"]["userid"] == $_SESSION["s"]["user"]["userid"] && stristr($perm,$this->formDef["auth_preset"]["perm_user"])) $result = true; + if(@$this->formDef["auth_preset"]["groupid"] == $_SESSION["s"]["user"]["groupid"] && stristr($perm,$this->formDef["auth_preset"]["perm_group"])) $result = true; + if(@stristr($this->formDef["auth_preset"]["perm_other"],$perm)) $result = true; + + // if preset == 0, everyone can insert a record of this type + if($this->formDef["auth_preset"]["userid"] == 0 AND $this->formDef["auth_preset"]["groupid"] == 0 AND (@stristr($this->formDef["auth_preset"]["perm_user"],$perm) OR @stristr($this->formDef["auth_preset"]["perm_group"],$perm))) $result = true; + + return $result; + + } + + } + + function getNextTab() { + // Welcher Tab wird angezeigt + if($this->errorMessage == '') { + // wenn kein Fehler vorliegt + if(isset($_REQUEST["next_tab"]) && $_REQUEST["next_tab"] != '') { + // wenn n�chster Tab bekannt + $active_tab = $_REQUEST["next_tab"]; + } else { + // ansonsten ersten tab nehmen + $active_tab = $this->formDef['tab_default']; + } + } else { + // bei Fehlern den gleichen Tab nochmal anzeigen + $active_tab = $_SESSION["s"]["form"]["tab"]; + } + + return $active_tab; + } + + function getCurrentTab() { + return $_SESSION["s"]["form"]["tab"]; + } + + function isReadonlyTab($tab) { + if(isset($this->formDef['tabs'][$tab]['readonly']) && $this->formDef['tabs'][$tab]['readonly'] == true) { + return true; + } else { + return false; + } + } + + + // translation function for forms, tries the form wordbook first and if this fails, it tries the global wordbook + function lng($msg) { + global $app; + + if(isset($this->wordbook[$msg])) { + return $this->wordbook[$msg]; + } else { + return $app->lng($msg); + } + + } + +} + ?> \ No newline at end of file diff --git a/interface/lib/classes/tform_actions.inc.php b/interface/lib/classes/tform_actions.inc.php index c5b6db99e..812c79296 100644 --- a/interface/lib/classes/tform_actions.inc.php +++ b/interface/lib/classes/tform_actions.inc.php @@ -1,580 +1,580 @@ - -* @copyright Copyright © 2005, Till Brehm -*/ - -class tform_actions { - - var $id; - var $activeTab; - var $dataRecord; - var $plugins = array(); - var $oldDataRecord; // This array is only filled during updates and when db_history is enabled. - - function onLoad() { - global $app, $conf, $tform_def_file; - - // Loading template classes and initialize template - if(!is_object($app->tpl)) $app->uses('tpl'); - if(!is_object($app->tform)) $app->uses('tform'); - - $app->tpl->newTemplate("tabbed_form.tpl.htm"); - - // Load table definition from file - $app->tform->loadFormDef($tform_def_file); - - // Importing ID - $this->id = (isset($_REQUEST["id"]))?intval($_REQUEST["id"]):0; - - // show print version of the form - if(isset($_GET["print_form"]) && $_GET["print_form"] == 1) { - die('Function disabled.'); - $this->onPrintForm(); - } - - // send this form by email - if(isset($_GET["send_form_by_mail"]) && $_GET["send_form_by_mail"] == 1) { - die('Function disabled.'); - $this->onMailSendForm(); - } - - if(count($_POST) > 1) { - $this->dataRecord = $_POST; - $this->onSubmit(); - } else { - $this->onShow(); - } - } - - /** - * Function called on page submit - */ - - function onSubmit() { - global $app, $conf; - - // Calling the action functions - if($this->id > 0) { - $this->onUpdate(); - } else { - $this->onInsert(); - } - } - - /** - * Function called on data update - */ - - function onUpdate() { - global $app, $conf; - - $this->onBeforeUpdate(); - - $ext_where = ''; - $sql = $app->tform->getSQL($this->dataRecord,$app->tform->getCurrentTab(),'UPDATE',$this->id,$ext_where); - if($app->tform->errorMessage == '') { - - if($app->tform->formDef['db_history'] == 'yes') { - $this->oldDataRecord = $app->tform->getDataRecord($this->id); - } - - // Save record in database - $this->onUpdateSave($sql); - - // loading plugins - $next_tab = $app->tform->getCurrentTab(); - $this->loadPlugins($next_tab); - - // Call plugin - foreach($this->plugins as $plugin) { - $plugin->onInsert(); - } - - $this->onAfterUpdate(); - - // Write data history (sys_datalog) - if($app->tform->formDef['db_history'] == 'yes') { - $new_data_record = $app->tform->getDataRecord($this->id); - $app->tform->datalogSave('UPDATE',$this->id,$this->oldDataRecord,$new_data_record); - unset($new_data_record); - unset($old_data_record); - } - - if($_REQUEST["next_tab"] == '') { - $list_name = $_SESSION["s"]["form"]["return_to"]; - // When a list is embedded inside of a form - - //if($list_name != '' && $_SESSION["s"]["list"][$list_name]["parent_id"] != $this->id && $_SESSION["s"]["list"][$list_name]["parent_name"] != $app->tform->formDef["name"]) { - if($list_name != '' && $_SESSION["s"]["list"][$list_name]["parent_name"] != $app->tform->formDef["name"]) { - $redirect = "Location: ".$_SESSION["s"]["list"][$list_name]["parent_script"]."?id=".$_SESSION["s"]["list"][$list_name]["parent_id"]."&next_tab=".$_SESSION["s"]["list"][$list_name]["parent_tab"]; - $_SESSION["s"]["form"]["return_to"] = ''; - session_write_close(); - header($redirect); - // When a returnto variable is set - } elseif ($_SESSION["s"]["form"]["return_to_url"] != '') { - $redirect = $_SESSION["s"]["form"]["return_to_url"]; - $_SESSION["s"]["form"]["return_to_url"] = ''; - session_write_close(); - header("Location: ".$redirect); - exit; - // Use the default list of the form - } else { - header("Location: ".$app->tform->formDef['list_default']); - } - exit; - } else { - $this->onShow(); - } - } else { - $this->onError(); - } - } - - /* - Save record in database - */ - - function onUpdateSave($sql) { - global $app; - if(!empty($sql) && !$app->tform->isReadonlyTab($app->tform->getCurrentTab())) { - $app->db->query($sql); - if($app->db->errorMessage != '') die($app->db->errorMessage); - } - } - - - /** - * Function called on data insert - */ - - function onInsert() { - global $app, $conf; - - $this->onBeforeInsert(); - - $ext_where = ''; - $sql = $app->tform->getSQL($this->dataRecord,$app->tform->getCurrentTab(),'INSERT',$this->id,$ext_where); - if($app->tform->errorMessage == '') { - - $this->id = $this->onInsertSave($sql); - - // loading plugins - $next_tab = $app->tform->getCurrentTab(); - $this->loadPlugins($next_tab); - - // Call plugin - foreach($this->plugins as $plugin) { - $plugin->onInsert(); - } - - $this->onAfterInsert(); - - // Write data history (sys_datalog) - if($app->tform->formDef['db_history'] == 'yes') { - $new_data_record = $app->tform->getDataRecord($this->id); - $app->tform->datalogSave('INSERT',$this->id,array(),$new_data_record); - unset($new_data_record); - } - - - if($_REQUEST["next_tab"] == '') { - $list_name = $_SESSION["s"]["form"]["return_to"]; - // if($list_name != '' && $_SESSION["s"]["list"][$list_name]["parent_id"] != $this->id && $_SESSION["s"]["list"][$list_name]["parent_name"] != $app->tform->formDef["name"]) { - if($list_name != '' && $_SESSION["s"]["list"][$list_name]["parent_name"] != $app->tform->formDef["name"]) { - $redirect = "Location: ".$_SESSION["s"]["list"][$list_name]["parent_script"]."?id=".$_SESSION["s"]["list"][$list_name]["parent_id"]."&next_tab=".$_SESSION["s"]["list"][$list_name]["parent_tab"]; - $_SESSION["s"]["form"]["return_to"] = ''; - session_write_close(); - header($redirect); - exit; - } elseif ($_SESSION["s"]["form"]["return_to_url"] != '') { - $_SESSION["s"]["form"]["return_to_url"] = ''; - session_write_close(); - header("Location: ".$_SESSION["s"]["form"]["return_to_url"]); - exit; - } else { - header("Location: ".$app->tform->formDef['list_default']); - } - exit; - } else { - $this->onShow(); - } - } else { - $this->onError(); - } - } - - /* - Save record in database - */ - - function onInsertSave($sql) { - global $app, $conf; - $app->db->query($sql); - if($app->db->errorMessage != '') die($app->db->errorMessage); - return $app->db->insertID(); - } - - function onBeforeUpdate() { - global $app, $conf; - } - - function onBeforeInsert() { - global $app, $conf; - } - - function onAfterUpdate() { - global $app, $conf; - } - - function onAfterInsert() { - global $app, $conf; - } - - - /** - * Function called on data insert or update error - */ - - function onError() { - global $app, $conf; - - $app->tpl->setVar("error","".$app->lng('Error').":
".$app->tform->errorMessage); - $app->tpl->setVar($this->dataRecord); - $this->onShow(); - } - - /** - * Function called on data delete - */ - - function onDelete() { - global $app, $conf,$list_def_file,$tform_def_file; - - include_once($list_def_file); - - // Loading tform framework - if(!is_object($app->tform)) $app->uses('tform'); - - // Load table definition from file - $app->tform->loadFormDef($tform_def_file); - - // importing ID - $this->id = intval($_REQUEST["id"]); - - if($this->id > 0) { - - // checking permissions - if($app->tform->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') { - if($app->tform->checkPerm($this->id,'d') == false) $app->error($app->lng('error_no_delete_permission')); - } - - //$this->dataRecord = $app->db->queryOneRecord("SELECT * FROM ".$liste["table"]." WHERE ".$liste["table_idx"]." = ".$this->id); - $this->dataRecord = $app->tform->getDataRecord($this->id); - - $this->onBeforeDelete(); - - // Saving record to datalog when db_history enabled - if($app->tform->formDef["db_history"] == 'yes') { - //$old_data_record = $app->tform->getDataRecord($this->id); - $app->tform->datalogSave('DELETE',$this->id,$this->dataRecord,array()); - } - - $app->db->query("DELETE FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." LIMIT 1"); - - - // loading plugins - $next_tab = $app->tform->getCurrentTab(); - $this->loadPlugins($next_tab); - - - // Call plugin - foreach($this->plugins as $plugin) { - $plugin->onDelete(); - } - - $this->onAfterDelete(); - } - - //header("Location: ".$liste["file"]."?PHPSESSID=".$_SESSION["s"]["id"]); - $list_name = $_SESSION["s"]["form"]["return_to"]; - if($list_name != '' && $_SESSION["s"]["list"][$list_name]["parent_id"] != $this->id && $_SESSION["s"]["list"][$list_name]["parent_name"] != $app->tform->formDef["name"]) { - $redirect = "Location: ".$_SESSION["s"]["list"][$list_name]["parent_script"]."?id=".$_SESSION["s"]["list"][$list_name]["parent_id"]."&next_tab=".$_SESSION["s"]["list"][$list_name]["parent_tab"]; - $_SESSION["s"]["form"]["return_to"] = ''; - session_write_close(); - header($redirect); - } else { - header("Location: ".$liste["file"]); - } - exit; - - } - - function onBeforeDelete() { - global $app, $conf; - } - - function onAfterDelete() { - global $app, $conf; - } - - /** - * Function to print the form content - */ - - function onPrintForm() { - global $app, $conf; - - if($app->tform->formDef['template_print'] == '') die('No print template available.'); - - $app->tpl->newTemplate("print.tpl.htm"); - $app->tpl->setInclude("content_tpl",$app->tform->formDef['template_print']); - - if($app->tform->formDef['auth'] == 'no') { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; - } else { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u'); - } - if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); - - $record["datum"] = date("d.m.Y"); - - $app->tpl->setVar($app->tform->wordbook); - - $app->tpl->setVar($record); - $app->tpl_defaults(); - $app->tpl->pparse(); - exit; - - } - - /** - * Function to print the form content - */ - - function onMailSendForm() { - global $app, $conf; - - if($app->tform->formDef['template_mailsend'] == '') die('No print template available.'); - - if($_POST["email"] == '' && $_POST["sender"] == '') { - // Zeige Formular zum versenden an. - $app->tpl->newTemplate("form.tpl.htm"); - $app->tpl->setInclude("content_tpl",$app->tform->formDef['template_mailsend']); - $app->tpl->setVar('show_form',1); - $app->tpl->setVar("form_action",$app->tform->formDef['action'].'?send_form_by_mail=1'); - $app->tpl->setVar("id",$this->id); - $app->tpl_defaults(); - $app->tpl->pparse(); - exit; - } else { - $app->tpl->newTemplate("mail.tpl.htm"); - $app->tpl->setInclude("content_tpl",$app->tform->formDef['template_mailsend']); - $app->tpl->setVar('show_mail',1); - if($app->tform->formDef['auth'] == 'no') { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; - } else { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u'); - } - if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); - - $record["datum"] = date("d.m.Y"); - $record["mailmessage"] = $_POST["message"]; - - $app->tpl->setVar($app->tform->wordbook); - - $app->tpl->setVar($record); - $app->tpl_defaults(); - - $email_message = $app->tpl->grab(); - $email = $_POST["email"]; - $sender = $_POST["sender"]; - - $headers = "MIME-Version: 1.0\n"; - $headers .= "Content-type: text/html; charset=iso-8859-1\n"; - $headers .= "From: $sender\n"; - - if (!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+' . '@' . '([-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.)+' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $sender)) { - $sender = 'noreply@iprguard.de'; - } - - if (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+' . '@' . '([-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.)+' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $email)) { - mail($email, 'Domainrecherche Statement '.$record["domain"], $email_message, $headers); - } - echo "

 

Email wurde versand.

"; - exit; - } - - - - if($app->tform->formDef['auth'] == 'no') { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; - } else { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u'); - } - if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); - - $record["datum"] = date("d.m.Y"); - - $app->tpl->setVar($app->tform->wordbook); - - $app->tpl->setVar($record); - $app->tpl_defaults(); - $app->tpl->pparse(); - exit; - - } - - /** - * Function called on page show - */ - - function onShow() { - global $app, $conf; - - // Which tab do we render - $this->active_tab = $app->tform->getNextTab(); - - if($this->id > 0) { - $this->onShowEdit(); - } else { - $this->onShowNew(); - } - - // make Form and Tabs - $app->tform->showForm(); - - // Setting default values - $app->tpl_defaults(); - - // Show the navigation bar of the form - if(isset($app->tform->formDef['navibar']) && $app->tform->formDef['navibar'] == 'yes') { - $navibar = ''; - if($app->tform->formDef['template_print'] != '') { - $navibar .= 'Drucken  '; - } - if($app->tform->formDef['template_mailsend'] != '') { - $navibar .= "tform->formDef['action'].'?id='.$this->id."&send_form_by_mail=1','send','width=370,height=240')\">\"Als"; - } - $app->tpl->setVar('form_navibar',$navibar); - } - - - // loading plugins - $this->loadPlugins($this->active_tab); - - // Calling the Plugin onShow Events and set the data in the - // plugins placeholder in the template - foreach($this->plugins as $plugin_name => $plugin) { - $app->tpl->setVar($plugin_name,$plugin->onShow()); - } - - // Parse the templates and send output to the browser - $this->onShowEnd(); - - } - - /** - * Function called on new record - */ - - function onShowNew() { - global $app, $conf; - - if($app->tform->errorMessage == '') { - $record = array(); - $record = $app->tform->getHTML($record, $app->tform->formDef['tab_default'],'NEW'); - } else { - $record = $app->tform->getHTML($app->tform->encode($_POST,$this->active_tab),$this->active_tab,'EDIT'); - } - - $app->tpl->setVar($record); - } - - /** - * Function called on edit record - */ - - function onShowEdit() { - global $app, $conf; - - // bestehenden Datensatz anzeigen - if($app->tform->errorMessage == '') { - if($app->tform->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u'); - } else { - $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; - } - if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); - } else { - // $record = $app->tform->encode($_POST,$this->active_tab); - $record = $app->tform->encode($this->dataRecord,$this->active_tab); - } - - $this->dataRecord = $record; - - // Userdaten umwandeln - $record = $app->tform->getHTML($record, $this->active_tab,'EDIT'); - $record['id'] = $this->id; - - $app->tpl->setVar($record); - } - - function onShowEnd() { - global $app, $conf; - - // Template parsen - $app->tpl->pparse(); - } - - function loadPlugins($next_tab) { - global $app; - if(@is_array($app->tform->formDef["tabs"][$next_tab]["plugins"])) { - $app->load('plugin_base'); - foreach($app->tform->formDef["tabs"][$next_tab]["plugins"] as $plugin_name => $plugin_settings) { - $plugin_class = $plugin_settings["class"]; - $app->load($plugin_class); - $this->plugins[$plugin_name] = new $plugin_class; - $this->plugins[$plugin_name]->setOptions($plugin_name,$plugin_settings['options']); - // Make the data of the form easily accessible for the plugib - $this->plugins[$plugin_name]->form = $this; - $this->plugins[$plugin_name]->onLoad(); - } - } - } - - -} - + +* @copyright Copyright © 2005, Till Brehm +*/ + +class tform_actions { + + var $id; + var $activeTab; + var $dataRecord; + var $plugins = array(); + var $oldDataRecord; // This array is only filled during updates and when db_history is enabled. + + function onLoad() { + global $app, $conf, $tform_def_file; + + // Loading template classes and initialize template + if(!is_object($app->tpl)) $app->uses('tpl'); + if(!is_object($app->tform)) $app->uses('tform'); + + $app->tpl->newTemplate("tabbed_form.tpl.htm"); + + // Load table definition from file + $app->tform->loadFormDef($tform_def_file); + + // Importing ID + $this->id = (isset($_REQUEST["id"]))?intval($_REQUEST["id"]):0; + + // show print version of the form + if(isset($_GET["print_form"]) && $_GET["print_form"] == 1) { + die('Function disabled.'); + $this->onPrintForm(); + } + + // send this form by email + if(isset($_GET["send_form_by_mail"]) && $_GET["send_form_by_mail"] == 1) { + die('Function disabled.'); + $this->onMailSendForm(); + } + + if(count($_POST) > 1) { + $this->dataRecord = $_POST; + $this->onSubmit(); + } else { + $this->onShow(); + } + } + + /** + * Function called on page submit + */ + + function onSubmit() { + global $app, $conf; + + // Calling the action functions + if($this->id > 0) { + $this->onUpdate(); + } else { + $this->onInsert(); + } + } + + /** + * Function called on data update + */ + + function onUpdate() { + global $app, $conf; + + $this->onBeforeUpdate(); + + $ext_where = ''; + $sql = $app->tform->getSQL($this->dataRecord,$app->tform->getCurrentTab(),'UPDATE',$this->id,$ext_where); + if($app->tform->errorMessage == '') { + + if($app->tform->formDef['db_history'] == 'yes') { + $this->oldDataRecord = $app->tform->getDataRecord($this->id); + } + + // Save record in database + $this->onUpdateSave($sql); + + // loading plugins + $next_tab = $app->tform->getCurrentTab(); + $this->loadPlugins($next_tab); + + // Call plugin + foreach($this->plugins as $plugin) { + $plugin->onInsert(); + } + + $this->onAfterUpdate(); + + // Write data history (sys_datalog) + if($app->tform->formDef['db_history'] == 'yes') { + $new_data_record = $app->tform->getDataRecord($this->id); + $app->tform->datalogSave('UPDATE',$this->id,$this->oldDataRecord,$new_data_record); + unset($new_data_record); + unset($old_data_record); + } + + if($_REQUEST["next_tab"] == '') { + $list_name = $_SESSION["s"]["form"]["return_to"]; + // When a list is embedded inside of a form + + //if($list_name != '' && $_SESSION["s"]["list"][$list_name]["parent_id"] != $this->id && $_SESSION["s"]["list"][$list_name]["parent_name"] != $app->tform->formDef["name"]) { + if($list_name != '' && $_SESSION["s"]["list"][$list_name]["parent_name"] != $app->tform->formDef["name"]) { + $redirect = "Location: ".$_SESSION["s"]["list"][$list_name]["parent_script"]."?id=".$_SESSION["s"]["list"][$list_name]["parent_id"]."&next_tab=".$_SESSION["s"]["list"][$list_name]["parent_tab"]; + $_SESSION["s"]["form"]["return_to"] = ''; + session_write_close(); + header($redirect); + // When a returnto variable is set + } elseif ($_SESSION["s"]["form"]["return_to_url"] != '') { + $redirect = $_SESSION["s"]["form"]["return_to_url"]; + $_SESSION["s"]["form"]["return_to_url"] = ''; + session_write_close(); + header("Location: ".$redirect); + exit; + // Use the default list of the form + } else { + header("Location: ".$app->tform->formDef['list_default']); + } + exit; + } else { + $this->onShow(); + } + } else { + $this->onError(); + } + } + + /* + Save record in database + */ + + function onUpdateSave($sql) { + global $app; + if(!empty($sql) && !$app->tform->isReadonlyTab($app->tform->getCurrentTab())) { + $app->db->query($sql); + if($app->db->errorMessage != '') die($app->db->errorMessage); + } + } + + + /** + * Function called on data insert + */ + + function onInsert() { + global $app, $conf; + + $this->onBeforeInsert(); + + $ext_where = ''; + $sql = $app->tform->getSQL($this->dataRecord,$app->tform->getCurrentTab(),'INSERT',$this->id,$ext_where); + if($app->tform->errorMessage == '') { + + $this->id = $this->onInsertSave($sql); + + // loading plugins + $next_tab = $app->tform->getCurrentTab(); + $this->loadPlugins($next_tab); + + // Call plugin + foreach($this->plugins as $plugin) { + $plugin->onInsert(); + } + + $this->onAfterInsert(); + + // Write data history (sys_datalog) + if($app->tform->formDef['db_history'] == 'yes') { + $new_data_record = $app->tform->getDataRecord($this->id); + $app->tform->datalogSave('INSERT',$this->id,array(),$new_data_record); + unset($new_data_record); + } + + + if($_REQUEST["next_tab"] == '') { + $list_name = $_SESSION["s"]["form"]["return_to"]; + // if($list_name != '' && $_SESSION["s"]["list"][$list_name]["parent_id"] != $this->id && $_SESSION["s"]["list"][$list_name]["parent_name"] != $app->tform->formDef["name"]) { + if($list_name != '' && $_SESSION["s"]["list"][$list_name]["parent_name"] != $app->tform->formDef["name"]) { + $redirect = "Location: ".$_SESSION["s"]["list"][$list_name]["parent_script"]."?id=".$_SESSION["s"]["list"][$list_name]["parent_id"]."&next_tab=".$_SESSION["s"]["list"][$list_name]["parent_tab"]; + $_SESSION["s"]["form"]["return_to"] = ''; + session_write_close(); + header($redirect); + exit; + } elseif ($_SESSION["s"]["form"]["return_to_url"] != '') { + $_SESSION["s"]["form"]["return_to_url"] = ''; + session_write_close(); + header("Location: ".$_SESSION["s"]["form"]["return_to_url"]); + exit; + } else { + header("Location: ".$app->tform->formDef['list_default']); + } + exit; + } else { + $this->onShow(); + } + } else { + $this->onError(); + } + } + + /* + Save record in database + */ + + function onInsertSave($sql) { + global $app, $conf; + $app->db->query($sql); + if($app->db->errorMessage != '') die($app->db->errorMessage); + return $app->db->insertID(); + } + + function onBeforeUpdate() { + global $app, $conf; + } + + function onBeforeInsert() { + global $app, $conf; + } + + function onAfterUpdate() { + global $app, $conf; + } + + function onAfterInsert() { + global $app, $conf; + } + + + /** + * Function called on data insert or update error + */ + + function onError() { + global $app, $conf; + + $app->tpl->setVar("error","".$app->lng('Error').":
".$app->tform->errorMessage); + $app->tpl->setVar($this->dataRecord); + $this->onShow(); + } + + /** + * Function called on data delete + */ + + function onDelete() { + global $app, $conf,$list_def_file,$tform_def_file; + + include_once($list_def_file); + + // Loading tform framework + if(!is_object($app->tform)) $app->uses('tform'); + + // Load table definition from file + $app->tform->loadFormDef($tform_def_file); + + // importing ID + $this->id = intval($_REQUEST["id"]); + + if($this->id > 0) { + + // checking permissions + if($app->tform->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') { + if($app->tform->checkPerm($this->id,'d') == false) $app->error($app->lng('error_no_delete_permission')); + } + + //$this->dataRecord = $app->db->queryOneRecord("SELECT * FROM ".$liste["table"]." WHERE ".$liste["table_idx"]." = ".$this->id); + $this->dataRecord = $app->tform->getDataRecord($this->id); + + $this->onBeforeDelete(); + + // Saving record to datalog when db_history enabled + if($app->tform->formDef["db_history"] == 'yes') { + //$old_data_record = $app->tform->getDataRecord($this->id); + $app->tform->datalogSave('DELETE',$this->id,$this->dataRecord,array()); + } + + $app->db->query("DELETE FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." LIMIT 1"); + + + // loading plugins + $next_tab = $app->tform->getCurrentTab(); + $this->loadPlugins($next_tab); + + + // Call plugin + foreach($this->plugins as $plugin) { + $plugin->onDelete(); + } + + $this->onAfterDelete(); + } + + //header("Location: ".$liste["file"]."?PHPSESSID=".$_SESSION["s"]["id"]); + $list_name = $_SESSION["s"]["form"]["return_to"]; + if($list_name != '' && $_SESSION["s"]["list"][$list_name]["parent_id"] != $this->id && $_SESSION["s"]["list"][$list_name]["parent_name"] != $app->tform->formDef["name"]) { + $redirect = "Location: ".$_SESSION["s"]["list"][$list_name]["parent_script"]."?id=".$_SESSION["s"]["list"][$list_name]["parent_id"]."&next_tab=".$_SESSION["s"]["list"][$list_name]["parent_tab"]; + $_SESSION["s"]["form"]["return_to"] = ''; + session_write_close(); + header($redirect); + } else { + header("Location: ".$liste["file"]); + } + exit; + + } + + function onBeforeDelete() { + global $app, $conf; + } + + function onAfterDelete() { + global $app, $conf; + } + + /** + * Function to print the form content + */ + + function onPrintForm() { + global $app, $conf; + + if($app->tform->formDef['template_print'] == '') die('No print template available.'); + + $app->tpl->newTemplate("print.tpl.htm"); + $app->tpl->setInclude("content_tpl",$app->tform->formDef['template_print']); + + if($app->tform->formDef['auth'] == 'no') { + $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; + } else { + $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u'); + } + if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); + + $record["datum"] = date("d.m.Y"); + + $app->tpl->setVar($app->tform->wordbook); + + $app->tpl->setVar($record); + $app->tpl_defaults(); + $app->tpl->pparse(); + exit; + + } + + /** + * Function to print the form content + */ + + function onMailSendForm() { + global $app, $conf; + + if($app->tform->formDef['template_mailsend'] == '') die('No print template available.'); + + if($_POST["email"] == '' && $_POST["sender"] == '') { + // Zeige Formular zum versenden an. + $app->tpl->newTemplate("form.tpl.htm"); + $app->tpl->setInclude("content_tpl",$app->tform->formDef['template_mailsend']); + $app->tpl->setVar('show_form',1); + $app->tpl->setVar("form_action",$app->tform->formDef['action'].'?send_form_by_mail=1'); + $app->tpl->setVar("id",$this->id); + $app->tpl_defaults(); + $app->tpl->pparse(); + exit; + } else { + $app->tpl->newTemplate("mail.tpl.htm"); + $app->tpl->setInclude("content_tpl",$app->tform->formDef['template_mailsend']); + $app->tpl->setVar('show_mail',1); + if($app->tform->formDef['auth'] == 'no') { + $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; + } else { + $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u'); + } + if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); + + $record["datum"] = date("d.m.Y"); + $record["mailmessage"] = $_POST["message"]; + + $app->tpl->setVar($app->tform->wordbook); + + $app->tpl->setVar($record); + $app->tpl_defaults(); + + $email_message = $app->tpl->grab(); + $email = $_POST["email"]; + $sender = $_POST["sender"]; + + $headers = "MIME-Version: 1.0\n"; + $headers .= "Content-type: text/html; charset=iso-8859-1\n"; + $headers .= "From: $sender\n"; + + if (!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+' . '@' . '([-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.)+' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $sender)) { + $sender = 'noreply@iprguard.de'; + } + + if (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+' . '@' . '([-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.)+' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $email)) { + mail($email, 'Domainrecherche Statement '.$record["domain"], $email_message, $headers); + } + echo "

 

Email wurde versand.

"; + exit; + } + + + + if($app->tform->formDef['auth'] == 'no') { + $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; + } else { + $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u'); + } + if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); + + $record["datum"] = date("d.m.Y"); + + $app->tpl->setVar($app->tform->wordbook); + + $app->tpl->setVar($record); + $app->tpl_defaults(); + $app->tpl->pparse(); + exit; + + } + + /** + * Function called on page show + */ + + function onShow() { + global $app, $conf; + + // Which tab do we render + $this->active_tab = $app->tform->getNextTab(); + + if($this->id > 0) { + $this->onShowEdit(); + } else { + $this->onShowNew(); + } + + // make Form and Tabs + $app->tform->showForm(); + + // Setting default values + $app->tpl_defaults(); + + // Show the navigation bar of the form + if(isset($app->tform->formDef['navibar']) && $app->tform->formDef['navibar'] == 'yes') { + $navibar = ''; + if($app->tform->formDef['template_print'] != '') { + $navibar .= 'Drucken  '; + } + if($app->tform->formDef['template_mailsend'] != '') { + $navibar .= "tform->formDef['action'].'?id='.$this->id."&send_form_by_mail=1','send','width=370,height=240')\">\"Als"; + } + $app->tpl->setVar('form_navibar',$navibar); + } + + + // loading plugins + $this->loadPlugins($this->active_tab); + + // Calling the Plugin onShow Events and set the data in the + // plugins placeholder in the template + foreach($this->plugins as $plugin_name => $plugin) { + $app->tpl->setVar($plugin_name,$plugin->onShow()); + } + + // Parse the templates and send output to the browser + $this->onShowEnd(); + + } + + /** + * Function called on new record + */ + + function onShowNew() { + global $app, $conf; + + if($app->tform->errorMessage == '') { + $record = array(); + $record = $app->tform->getHTML($record, $app->tform->formDef['tab_default'],'NEW'); + } else { + $record = $app->tform->getHTML($app->tform->encode($_POST,$this->active_tab),$this->active_tab,'EDIT'); + } + + $app->tpl->setVar($record); + } + + /** + * Function called on edit record + */ + + function onShowEdit() { + global $app, $conf; + + // bestehenden Datensatz anzeigen + if($app->tform->errorMessage == '') { + if($app->tform->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') { + $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u'); + } else { + $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id; + } + if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission')); + } else { + // $record = $app->tform->encode($_POST,$this->active_tab); + $record = $app->tform->encode($this->dataRecord,$this->active_tab); + } + + $this->dataRecord = $record; + + // Userdaten umwandeln + $record = $app->tform->getHTML($record, $this->active_tab,'EDIT'); + $record['id'] = $this->id; + + $app->tpl->setVar($record); + } + + function onShowEnd() { + global $app, $conf; + + // Template parsen + $app->tpl->pparse(); + } + + function loadPlugins($next_tab) { + global $app; + if(@is_array($app->tform->formDef["tabs"][$next_tab]["plugins"])) { + $app->load('plugin_base'); + foreach($app->tform->formDef["tabs"][$next_tab]["plugins"] as $plugin_name => $plugin_settings) { + $plugin_class = $plugin_settings["class"]; + $app->load($plugin_class); + $this->plugins[$plugin_name] = new $plugin_class; + $this->plugins[$plugin_name]->setOptions($plugin_name,$plugin_settings['options']); + // Make the data of the form easily accessible for the plugib + $this->plugins[$plugin_name]->form = $this; + $this->plugins[$plugin_name]->onLoad(); + } + } + } + + +} + ?> \ No newline at end of file diff --git a/interface/lib/config.inc.php b/interface/lib/config.inc.php index 101edf598..72ded1fd0 100644 --- a/interface/lib/config.inc.php +++ b/interface/lib/config.inc.php @@ -51,7 +51,7 @@ define('ISPC_THEMES_PATH', ISPC_ROOT_PATH.'/web/themes'); define('ISPC_WEB_TEMP_PATH', ISPC_WEB_PATH.'/temp'); // Path for downloads, accessible via browser define('ISPC_CACHE_PATH', ISPC_ROOT_PATH.'/cache'); -define('ISPC_INTERFACE_MODULES_ENABLED', 'mail,sites,dns'); +define('ISPC_INTERFACE_MODULES_ENABLED', 'mail,sites,dns,tools'); //******************************************************************************** //** Future Code idea - pedro - rfc @@ -107,6 +107,7 @@ $conf['db_database'] = 'ispconfig3'; */ + //** External programs //$conf["programs"]["convert"] = "/usr/bin/convert"; $conf['programs']['wput'] = ISPC_ROOT_PATH."\\tools\\wput\\wput.exe"; diff --git a/interface/web/dns/dns_a_edit.php b/interface/web/dns/dns_a_edit.php index 5fcb4008c..db23360a2 100644 --- a/interface/web/dns/dns_a_edit.php +++ b/interface/web/dns/dns_a_edit.php @@ -110,6 +110,11 @@ class page_action extends tform_actions { $soa_id = intval($_POST["zone"]); $serial = time(); $app->db->query("UPDATE dns_soa SET serial = $serial WHERE id = $soa_id"); + + // Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record + $soa = $app->db->queryOneRecord("SELECT sys_groupid FROM dns_soa WHERE id = '".intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); + $app->db->query("UPDATE dns_rr SET sys_groupid = ".$soa['sys_groupid']." WHERE id = ".$this->id); + } function onAfterUpdate() { diff --git a/interface/web/dns/dns_alias_edit.php b/interface/web/dns/dns_alias_edit.php index e952f56d0..134fab554 100644 --- a/interface/web/dns/dns_alias_edit.php +++ b/interface/web/dns/dns_alias_edit.php @@ -110,6 +110,10 @@ class page_action extends tform_actions { $soa_id = intval($_POST["zone"]); $serial = time(); $app->db->query("UPDATE dns_soa SET serial = $serial WHERE id = $soa_id"); + + // Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record + $soa = $app->db->queryOneRecord("SELECT sys_groupid FROM dns_soa WHERE id = '".intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); + $app->db->query("UPDATE dns_rr SET sys_groupid = ".$soa['sys_groupid']." WHERE id = ".$this->id); } function onAfterUpdate() { diff --git a/interface/web/dns/dns_cname_edit.php b/interface/web/dns/dns_cname_edit.php index 5123d10e7..1243f4560 100644 --- a/interface/web/dns/dns_cname_edit.php +++ b/interface/web/dns/dns_cname_edit.php @@ -110,6 +110,10 @@ class page_action extends tform_actions { $soa_id = intval($_POST["zone"]); $serial = time(); $app->db->query("UPDATE dns_soa SET serial = $serial WHERE id = $soa_id"); + + // Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record + $soa = $app->db->queryOneRecord("SELECT sys_groupid FROM dns_soa WHERE id = '".intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); + $app->db->query("UPDATE dns_rr SET sys_groupid = ".$soa['sys_groupid']." WHERE id = ".$this->id); } function onAfterUpdate() { diff --git a/interface/web/dns/dns_hinfo_edit.php b/interface/web/dns/dns_hinfo_edit.php index 950d74eca..28e5a9cdc 100644 --- a/interface/web/dns/dns_hinfo_edit.php +++ b/interface/web/dns/dns_hinfo_edit.php @@ -110,6 +110,10 @@ class page_action extends tform_actions { $soa_id = intval($_POST["zone"]); $serial = time(); $app->db->query("UPDATE dns_soa SET serial = $serial WHERE id = $soa_id"); + + // Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record + $soa = $app->db->queryOneRecord("SELECT sys_groupid FROM dns_soa WHERE id = '".intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); + $app->db->query("UPDATE dns_rr SET sys_groupid = ".$soa['sys_groupid']." WHERE id = ".$this->id); } function onAfterUpdate() { diff --git a/interface/web/dns/dns_mx_edit.php b/interface/web/dns/dns_mx_edit.php index 112a4daf7..6eef0ab94 100644 --- a/interface/web/dns/dns_mx_edit.php +++ b/interface/web/dns/dns_mx_edit.php @@ -110,6 +110,10 @@ class page_action extends tform_actions { $soa_id = intval($_POST["zone"]); $serial = time(); $app->db->query("UPDATE dns_soa SET serial = $serial WHERE id = $soa_id"); + + // Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record + $soa = $app->db->queryOneRecord("SELECT sys_groupid FROM dns_soa WHERE id = '".intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); + $app->db->query("UPDATE dns_rr SET sys_groupid = ".$soa['sys_groupid']." WHERE id = ".$this->id); } function onAfterUpdate() { diff --git a/interface/web/dns/dns_ns_edit.php b/interface/web/dns/dns_ns_edit.php index 74ce119b9..9cbeca602 100644 --- a/interface/web/dns/dns_ns_edit.php +++ b/interface/web/dns/dns_ns_edit.php @@ -110,6 +110,10 @@ class page_action extends tform_actions { $soa_id = intval($_POST["zone"]); $serial = time(); $app->db->query("UPDATE dns_soa SET serial = $serial WHERE id = $soa_id"); + + // Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record + $soa = $app->db->queryOneRecord("SELECT sys_groupid FROM dns_soa WHERE id = '".intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); + $app->db->query("UPDATE dns_rr SET sys_groupid = ".$soa['sys_groupid']." WHERE id = ".$this->id); } function onAfterUpdate() { diff --git a/interface/web/dns/dns_ptr_edit.php b/interface/web/dns/dns_ptr_edit.php index 3828aa01e..5611f44ce 100644 --- a/interface/web/dns/dns_ptr_edit.php +++ b/interface/web/dns/dns_ptr_edit.php @@ -110,6 +110,10 @@ class page_action extends tform_actions { $soa_id = intval($_POST["zone"]); $serial = time(); $app->db->query("UPDATE dns_soa SET serial = $serial WHERE id = $soa_id"); + + // Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record + $soa = $app->db->queryOneRecord("SELECT sys_groupid FROM dns_soa WHERE id = '".intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); + $app->db->query("UPDATE dns_rr SET sys_groupid = ".$soa['sys_groupid']." WHERE id = ".$this->id); } function onAfterUpdate() { diff --git a/interface/web/dns/dns_rp_edit.php b/interface/web/dns/dns_rp_edit.php index ef70c1e85..759eac4af 100644 --- a/interface/web/dns/dns_rp_edit.php +++ b/interface/web/dns/dns_rp_edit.php @@ -110,6 +110,10 @@ class page_action extends tform_actions { $soa_id = intval($_POST["zone"]); $serial = time(); $app->db->query("UPDATE dns_soa SET serial = $serial WHERE id = $soa_id"); + + // Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record + $soa = $app->db->queryOneRecord("SELECT sys_groupid FROM dns_soa WHERE id = '".intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); + $app->db->query("UPDATE dns_rr SET sys_groupid = ".$soa['sys_groupid']." WHERE id = ".$this->id); } function onAfterUpdate() { diff --git a/interface/web/dns/dns_srv_edit.php b/interface/web/dns/dns_srv_edit.php index 74177666f..b66c0a144 100644 --- a/interface/web/dns/dns_srv_edit.php +++ b/interface/web/dns/dns_srv_edit.php @@ -110,6 +110,10 @@ class page_action extends tform_actions { $soa_id = intval($_POST["zone"]); $serial = time(); $app->db->query("UPDATE dns_soa SET serial = $serial WHERE id = $soa_id"); + + // Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record + $soa = $app->db->queryOneRecord("SELECT sys_groupid FROM dns_soa WHERE id = '".intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); + $app->db->query("UPDATE dns_rr SET sys_groupid = ".$soa['sys_groupid']." WHERE id = ".$this->id); } function onAfterUpdate() { diff --git a/interface/web/dns/dns_txt_edit.php b/interface/web/dns/dns_txt_edit.php index 1fda14cce..95af18fa7 100644 --- a/interface/web/dns/dns_txt_edit.php +++ b/interface/web/dns/dns_txt_edit.php @@ -110,6 +110,10 @@ class page_action extends tform_actions { $soa_id = intval($_POST["zone"]); $serial = time(); $app->db->query("UPDATE dns_soa SET serial = $serial WHERE id = $soa_id"); + + // Set the sys_groupid of the rr record to be the same then the sys_groupid of the soa record + $soa = $app->db->queryOneRecord("SELECT sys_groupid FROM dns_soa WHERE id = '".intval($this->dataRecord["zone"])."' AND ".$app->tform->getAuthSQL('r')); + $app->db->query("UPDATE dns_rr SET sys_groupid = ".$soa['sys_groupid']." WHERE id = ".$this->id); } function onAfterUpdate() { diff --git a/interface/web/mail/mail_alias_edit.php b/interface/web/mail/mail_alias_edit.php index 9ef53c613..641d60984 100644 --- a/interface/web/mail/mail_alias_edit.php +++ b/interface/web/mail/mail_alias_edit.php @@ -129,6 +129,15 @@ class page_action extends tform_actions { parent::onSubmit(); } + function onAfterInsert() { + global $app; + + $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($_POST["email_domain"])."' AND ".$app->tform->getAuthSQL('r')); + $app->db->query("update mail_forwarding SET sys_groupid = ".$domain['sys_groupid']." WHERE forwarding_id = ".$this->id); + + } + + } $page = new page_action; diff --git a/interface/web/mail/mail_domain_catchall_edit.php b/interface/web/mail/mail_domain_catchall_edit.php index f6c27fcb5..93a063574 100644 --- a/interface/web/mail/mail_domain_catchall_edit.php +++ b/interface/web/mail/mail_domain_catchall_edit.php @@ -85,7 +85,7 @@ class page_action extends tform_actions { $domain_select = ''; if(is_array($domains)) { foreach( $domains as $domain) { - $selected = ($domain["domain"] == $email_parts[1])?'SELECTED':''; + $selected = (isset($email_parts[1]) && $domain["domain"] == $email_parts[1])?'SELECTED':''; $domain_select .= "\r\n"; } } @@ -107,7 +107,7 @@ class page_action extends tform_actions { $client_group_id = $_SESSION["s"]["user"]["default_group"]; $client = $app->db->queryOneRecord("SELECT limit_mailcatchall FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); - // Check if the user may add another mailbox. + // Check if the user may add another catchall if($this->id == 0 && $client["limit_mailcatchall"] >= 0) { $tmp = $app->db->queryOneRecord("SELECT count(forwarding_id) as number FROM mail_forwarding WHERE sys_groupid = $client_group_id AND type = 'catchall'"); if($tmp["number"] >= $client["limit_mailcatchall"]) { @@ -128,6 +128,14 @@ class page_action extends tform_actions { parent::onSubmit(); } + function onAfterInsert() { + global $app; + + $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($_POST["email_domain"])."' AND ".$app->tform->getAuthSQL('r')); + $app->db->query("update mail_forwarding SET sys_groupid = ".$domain['sys_groupid']." WHERE forwarding_id = ".$this->id); + + } + } $page = new page_action; diff --git a/interface/web/mail/mail_forward_edit.php b/interface/web/mail/mail_forward_edit.php index a8cfd0306..b6871aa4e 100644 --- a/interface/web/mail/mail_forward_edit.php +++ b/interface/web/mail/mail_forward_edit.php @@ -84,7 +84,7 @@ class page_action extends tform_actions { $domains = $app->db->queryAllRecords($sql); $domain_select = ''; foreach( $domains as $domain) { - $selected = ($domain["domain"] == $email_parts[1])?'SELECTED':''; + $selected = (isset($email_parts[1]) && $domain["domain"] == $email_parts[1])?'SELECTED':''; $domain_select .= "\r\n"; } $app->tpl->setVar("email_domain",$domain_select); @@ -126,6 +126,14 @@ class page_action extends tform_actions { parent::onSubmit(); } + function onAfterInsert() { + global $app; + + $domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($_POST["email_domain"])."' AND ".$app->tform->getAuthSQL('r')); + $app->db->query("update mail_forwarding SET sys_groupid = ".$domain['sys_groupid']." WHERE forwarding_id = ".$this->id); + + } + } $page = new page_action; diff --git a/interface/web/mail/mail_get_edit.php b/interface/web/mail/mail_get_edit.php index 573fe78a3..4cc301c80 100644 --- a/interface/web/mail/mail_get_edit.php +++ b/interface/web/mail/mail_get_edit.php @@ -99,6 +99,14 @@ class page_action extends tform_actions { parent::onSubmit(); } + function onAfterInsert() { + global $app; + + $tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_user WHERE email = '".mysql_real_escape_string($this->dataRecord["destination"])."'"); + $app->db->query("update mail_get SET sys_groupid = ".$tmp['sys_groupid']." WHERE mailget_id = ".$this->id); + + } + } $page = new page_action; diff --git a/interface/web/mail/mail_user_filter_edit.php b/interface/web/mail/mail_user_filter_edit.php index c62dcd478..a16d3d12a 100644 --- a/interface/web/mail/mail_user_filter_edit.php +++ b/interface/web/mail/mail_user_filter_edit.php @@ -68,9 +68,12 @@ class page_action extends tform_actions { function onAfterInsert() { global $app, $conf; - $mailuser = $app->db->queryOneRecord("SELECT custom_mailfilter FROM mail_user WHERE mailuser_id = ".$this->dataRecord["mailuser_id"]); + $mailuser = $app->db->queryOneRecord("SELECT sys_groupid, custom_mailfilter FROM mail_user WHERE mailuser_id = ".$this->dataRecord["mailuser_id"]); $rule_content = $mailuser['custom_mailfilter']."\n".$app->db->quote($this->getRule()); $app->db->datalogUpdate('mail_user', "custom_mailfilter = '$rule_content'", 'mailuser_id', $this->dataRecord["mailuser_id"]); + + // set permissions + $app->db->query("UPDATE mail_user_filter SET sys_groupid = ".$mailuser['sys_groupid']." WHERE filter_id = "$this->id); } diff --git a/interface/web/sites/web_aliasdomain_edit.php b/interface/web/sites/web_aliasdomain_edit.php index b9f6e2e46..0f86b62f9 100644 --- a/interface/web/sites/web_aliasdomain_edit.php +++ b/interface/web/sites/web_aliasdomain_edit.php @@ -50,6 +50,8 @@ $app->load('tform_actions'); class page_action extends tform_actions { + var $parent_domain_record; + function onShowNew() { global $app, $conf; @@ -98,10 +100,18 @@ class page_action extends tform_actions { $this->dataRecord["server_id"] = $parent_domain["server_id"]; //$this->dataRecord["domain"] = $this->dataRecord["domain"].'.'.$parent_domain["domain"]; + $this->parent_domain_record = $parent_domain; parent::onSubmit(); } + function onAfterInsert() { + global $app, $conf; + + $app->db->query('UPDATE web_domain SET sys_groupid = '.intval($this->parent_domain_record['sys_groupid']).' WHERE domain_id = '.$this->id); + + } + } $page = new page_action; diff --git a/interface/web/sites/web_subdomain_edit.php b/interface/web/sites/web_subdomain_edit.php index 49001a361..3dd2f64bd 100644 --- a/interface/web/sites/web_subdomain_edit.php +++ b/interface/web/sites/web_subdomain_edit.php @@ -50,6 +50,8 @@ $app->load('tform_actions'); class page_action extends tform_actions { + var $parent_domain_record; + function onShowNew() { global $app, $conf; @@ -97,10 +99,19 @@ class page_action extends tform_actions { $this->dataRecord["server_id"] = $parent_domain["server_id"]; $this->dataRecord["domain"] = $this->dataRecord["domain"].'.'.$parent_domain["domain"]; + $this->parent_domain_record = $parent_domain; parent::onSubmit(); } + function onAfterInsert() { + global $app, $conf; + + $app->db->query('UPDATE web_domain SET sys_groupid = '.intval($this->parent_domain_record['sys_groupid']).' WHERE domain_id = '.$this->id); + + } + + } $page = new page_action; diff --git a/interface/web/tools/form/user_settings.tform.php b/interface/web/tools/form/user_settings.tform.php index 4ca94421a..05b3e8c0f 100644 --- a/interface/web/tools/form/user_settings.tform.php +++ b/interface/web/tools/form/user_settings.tform.php @@ -69,7 +69,7 @@ $form['db_table_idx'] = 'userid'; $form["db_history"] = "no"; $form['tab_default'] = 'users'; $form['list_default'] = 'index.php'; -$form['auth'] = 'yes'; +$form['auth'] = 'no'; //* 0 = id of the user, > 0 id must match with id of current user $form['auth_preset']['userid'] = 0; diff --git a/interface/web/tools/user_settings.php b/interface/web/tools/user_settings.php index d618ef08d..9d75347d1 100644 --- a/interface/web/tools/user_settings.php +++ b/interface/web/tools/user_settings.php @@ -64,6 +64,7 @@ class page_action extends tform_actions { // Importing ID $this->id = $_SESSION['s']['user']['userid']; + $_POST['id'] = $_SESSION['s']['user']['userid']; if(count($_POST) > 1) { $this->dataRecord = $_POST; @@ -72,6 +73,10 @@ class page_action extends tform_actions { $this->onShow(); } } + + function onInsert() { + die('No inserts allowed.'); + } function onBeforeUpdate() { global $app, $conf; -- GitLab