interface/lib/app.inc.php

@@ -39,14 +39,14 @@ ob_start('ob_gzhandler');
 if(isset($conf['timezone']) && $conf['timezone'] != '') date_default_timezone_set($conf['timezone']);
 
 //* Set error reporting level when we are not on a developer system
-if(DEVSYSTEM == 0) {
-	@ini_set('error_reporting', E_ALL & ~E_NOTICE & ~E_DEPRECATED);
+if(DEVSYSTEM !== true) {
+	@ini_set('error_reporting', E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_WARNING);
 }
 
 /*
     Application Class
 */
-class app {
+class app extends stdClass {
 
 	private $_language_inc = 0;
 	private $_wb;
@@ -212,6 +212,12 @@ class app {
 		}
 	}
 
+	public function auth_log($msg) {
+		$authlog_handle = fopen($this->_conf['ispconfig_log_dir'].'/auth.log', 'a');
+		fwrite($authlog_handle, $msg . PHP_EOL);
+		fclose($authlog_handle);
+	}
+
 	/** Priority values are: 0 = DEBUG, 1 = WARNING,  2 = ERROR */
 	public function error($msg, $next_link = '', $stop = true, $priority = 1) {
 		//$this->uses("error");

interface/lib/classes/custom_datasource.inc.php

@@ -47,12 +47,12 @@ class custom_datasource {
 		if($_SESSION["s"]["user"]["typ"] == 'user') {
 			// Get the limits of the client
 			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-			$client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
-			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
+			$client = $app->db->queryOneRecord("SELECT dns_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+			$sql = "SELECT server_id,server_name FROM server WHERE server_id in (?)";
 		} else {
 			$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name AND mirror_server_id = 0";
 		}
-		$records = $app->db->queryAllRecords($sql, $client['default_dnsserver']);
+		$records = $app->db->queryAllRecords($sql, $client['dns_servers']);
 		$records_new = array();
 		if(is_array($records)) {
 			foreach($records as $rec) {

interface/lib/classes/db_mysql.inc.php

@@ -82,6 +82,8 @@ class db
 		$this->dbClientFlags = ($flags !== NULL) ? $flags : $conf['db_client_flags'];
 		$this->_iConnId = mysqli_init();
 
+		mysqli_report(MYSQLI_REPORT_OFF);
+
 		mysqli_real_connect($this->_iConnId, $this->dbHost, $this->dbUser, $this->dbPass, '', (int)$this->dbPort, NULL, $this->dbClientFlags);
 		for($try=0;(!is_object($this->_iConnId) || mysqli_connect_errno()) && $try < 5;++$try) {
 			sleep($try);
@@ -524,7 +526,7 @@ class db
 			$sString = '';
 		}
 
-		$cur_encoding = mb_detect_encoding($sString);
+		$cur_encoding = mb_detect_encoding($sString, "auto");
 		if($cur_encoding != "UTF-8") {
 			if($cur_encoding != 'ASCII') {
 				if(is_object($app) && method_exists($app, 'log')) $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_DEBUG);
@@ -823,12 +825,13 @@ class db
 		return true;
 	}
 
-	//** Deletes a record and saves the changes into the datalog
+	// Updates a datalog record to store an error state.
 	public function datalogError($errormsg) {
 		global $app;
 
-		if(isset($app->modules->current_datalog_id) && $app->modules->current_datalog_id > 0) $this->query("UPDATE sys_datalog set error = ? WHERE datalog_id = ?", $errormsg, $app->modules->current_datalog_id);
-
+		if(isset($app->modules->current_datalog_id) && $app->modules->current_datalog_id > 0) {
+			$this->query("UPDATE sys_datalog set error = ? WHERE datalog_id = ?", $errormsg, $app->modules->current_datalog_id);
+		}
 		return true;
 	}
 
@@ -842,7 +845,11 @@ class db
 			$login = $_SESSION['s']['user']['username'];
 		}
 
-		$result = $this->queryAllRecords("SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable FROM sys_datalog, server WHERE server.server_id = sys_datalog.server_id AND sys_datalog.user = ? AND sys_datalog.datalog_id > server.updated GROUP BY sys_datalog.dbtable, sys_datalog.action", $login);
+		$result = $this->queryAllRecords("SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable
+				FROM sys_datalog, server
+				WHERE (server.server_id = sys_datalog.server_id or sys_datalog.server_id = 0) AND sys_datalog.user = ? AND sys_datalog.datalog_id > server.updated
+				GROUP BY sys_datalog.dbtable, sys_datalog.action",
+			$login);
 		foreach($result as $row) {
 			if(!$row['dbtable'] || in_array($row['dbtable'], array('aps_instances', 'aps_instances_settings', 'mail_access', 'mail_content_filter'))) continue; // ignore some entries, maybe more to come
 			$return['entries'][] = array('table' => $row['dbtable'], 'action' => $row['action'], 'count' => $row['cnt'], 'text' => $app->lng('datalog_status_' . $row['action'] . '_' . $row['dbtable'])); $return['count'] += $row['cnt'];

interface/lib/classes/functions.inc.php

@@ -334,6 +334,14 @@ class functions {
 			$domain = substr($domain, strrpos($domain, '@') + 1);
 		}
 
+		// idn_to_* chokes on leading dots, but we need them for amavis, so remove it for later
+		if(substr($domain, 0, 1) === '.') {
+			$leading_dot = true;
+			$domain = substr($domain, 1);
+		} else {
+			$leading_dot = false;
+		}
+
 		if($encode == true) {
 			if(function_exists('idn_to_ascii')) {
 				if(defined('IDNA_NONTRANSITIONAL_TO_ASCII') && defined('INTL_IDNA_VARIANT_UTS46') && constant('IDNA_NONTRANSITIONAL_TO_ASCII')) {
@@ -378,6 +386,10 @@ class functions {
 			}
 		}
 
+		if($leading_dot == true) {
+			$domain = '.' . $domain;
+		}
+
 		if($user_part !== false) return $user_part . '@' . $domain;
 		else return $domain;
 	}

interface/lib/classes/ids.inc.php

@@ -77,7 +77,7 @@ class ids {
 				$line = trim($line);
 				if(substr($line,0,1) != '#') {
 					list($user,$path,$varname) = explode(':',$line);
-					if($current_script_name == $path) {
+					if($current_script_name == $path || $path == '*') {
 						if($user = 'any' 
 							|| ($user == 'user' && ($_SESSION['s']['user']['typ'] == 'user' || $_SESSION['s']['user']['typ'] == 'admin')) 
 							|| ($user == 'admin' && $_SESSION['s']['user']['typ'] == 'admin')) {
@@ -100,7 +100,7 @@ class ids {
 				$line = trim($line);
 				if(substr($line,0,1) != '#') {
 					list($user,$path,$varname) = explode(':',$line);
-					if($current_script_name == $path) {
+					if($current_script_name == $path || $path == '*') {
 						if($user = 'any' 
 							|| ($user == 'user' && ($_SESSION['s']['user']['typ'] == 'user' || $_SESSION['s']['user']['typ'] == 'admin')) 
 							|| ($user == 'admin' && $_SESSION['s']['user']['typ'] == 'admin')) {

interface/lib/classes/ispcmail.inc.php

@@ -169,7 +169,7 @@ class ispcmail {
 			$this->smtp_host = $value;
 			break;
 		case 'smtp_port':
-			if(intval($value) > 0) $this->smtp_port = $value;
+			if(intval($value) > 0) $this->smtp_port = intval($value);
 			break;
 		case 'smtp_user':
 			$this->smtp_user = $value;
@@ -585,7 +585,7 @@ class ispcmail {
 	 * @access private
 	 */
 	private function _smtp_login() {
-		$this->_smtp_conn = fsockopen(($this->smtp_crypt == 'ssl' ? 'tls://' : '') . $this->smtp_host, $this->smtp_port, $errno, $errstr, 30);
+		$this->_smtp_conn = fsockopen(($this->smtp_crypt == 'ssl' ? 'tls://' : '') . $this->smtp_host, (int)$this->smtp_port, $errno, $errstr, 30);
 		if(empty($this->_smtp_conn)) return false;
 		$response = fgets($this->_smtp_conn, 515);
 

interface/lib/classes/listform.inc.php

@@ -80,7 +80,7 @@ class listform {
 
 	private function getDatasourceData($field)
 	{
-		global $app;
+		global $app, $api;
 		$values = array();
 
 		if($field['datasource']['type'] == 'SQL') {
@@ -97,7 +97,8 @@ class listform {
 			$querystring = str_replace("{AUTHSQL}", $app->tform->getAuthSQL('r'), $querystring);
 			$querystring = str_replace("{AUTHSQL-A}", $app->tform->getAuthSQL('r', 'a'), $querystring);
 			$querystring = str_replace("{AUTHSQL-B}", $app->tform->getAuthSQL('r', 'b'), $querystring);
-			$querystring = preg_replace_callback('@{AUTHSQL::(.+?)}@', create_function('$matches','global $app; $tmp = $app->tform->getAuthSQL("r", $matches[1]); return $tmp;'), $querystring);
+			//$querystring = preg_replace_callback('@{AUTHSQL::(.+?)}@', create_function('$matches','global $app; $tmp = $app->tform->getAuthSQL("r", $matches[1]); return $tmp;'), $querystring);
+			$querystring = preg_replace_callback('@{AUTHSQL::(.+?)}@', function($matches) {global $app; $tmp = $app->tform->getAuthSQL("r", $matches[1]); return $tmp;}, $querystring);
 
 			//* Getting the records
 			$tmp_records = $app->db->queryAllRecords($querystring);
@@ -195,9 +196,9 @@ class listform {
 		if(@is_array($this->listDef['item'])) {
 			foreach($this->listDef['item'] as $i) {
 				$field = $i['field'];
-				$table = $i['table'];
+				$table = (isset($i['table']))?$i['table']:'';
 
-				$searchval = $_SESSION['search'][$list_name][$search_prefix.$field];
+				$searchval = (isset($_SESSION['search'][$list_name][$search_prefix.$field]))?$_SESSION['search'][$list_name][$search_prefix.$field]:'';
 				// IDN
 				if($searchval != ''){
 					if(is_array($i['filters'])) {
@@ -325,7 +326,7 @@ class listform {
 		if($this->searchChanged == 1) $_SESSION['search'][$list_name]['page'] = 0;
 
 		$sql_von = $app->functions->intval($_SESSION['search'][$list_name]['page'] * $records_per_page);
-		$record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM ??".($app->listform->listDef['additional_tables'] != ''? ','.$app->listform->listDef['additional_tables'] : '')." WHERE $sql_where", $table);
+		$record_count = $app->db->queryOneRecord("SELECT count(*) AS anzahl FROM ??".(isset($app->listform->listDef['additional_tables']) && $app->listform->listDef['additional_tables'] != ''? ','.$app->listform->listDef['additional_tables'] : '')." WHERE $sql_where", $table);
 		$pages = $app->functions->intval(($record_count['anzahl'] - 1) / $records_per_page);
 
 

interface/lib/classes/listform_actions.inc.php

@@ -135,7 +135,7 @@ class listform_actions {
 			}
 		}
 
-		if($_SESSION['search'][$_SESSION['s']['module']['name'].$app->listform->listDef["name"].$app->listform->listDef['table']]['order_in_php']) $php_sort = true;
+		if(@$_SESSION['search'][$_SESSION['s']['module']['name'].$app->listform->listDef["name"].$app->listform->listDef['table']]['order_in_php']) $php_sort = true;
 
 		// Getting Datasets from DB
 		$records = $app->db->queryAllRecords($this->getQueryString($php_sort));
@@ -189,7 +189,7 @@ class listform_actions {
 		//* substitute value for select fields
 		if(is_array($app->listform->listDef['item']) && count($app->listform->listDef['item']) > 0) {
 			foreach($app->listform->listDef['item'] as $field) {
-				if($rec['active'] == 'n') $rec['warn_inactive'] = 'y';
+				if(isset($rec['active']) && $rec['active'] == 'n') $rec['warn_inactive'] = 'y';
 				$key = $field['field'];
 				if(isset($field['formtype']) && $field['formtype'] == 'SELECT') {
 					if(strtolower($rec[$key]) == 'y' or strtolower($rec[$key]) == 'n') {
@@ -226,7 +226,7 @@ class listform_actions {
 		}
 
 		$sql_where = $app->listform->getSearchSQL($sql_where);
-		if($app->listform->listDef['join_sql']) $sql_where .= ' AND '.$app->listform->listDef['join_sql'];
+		if(isset($app->listform->listDef['join_sql']) && $app->listform->listDef['join_sql'] != '') $sql_where .= ' AND '.$app->listform->listDef['join_sql'];
 		$app->tpl->setVar($app->listform->searchValues);
 
 		$order_by_sql = $this->SQLOrderBy;
@@ -245,8 +245,9 @@ class listform_actions {
 
 		$table_selects = array();
 		$table_selects[] = trim($app->listform->listDef['table']).'.*';
-		$app->listform->listDef['additional_tables'] = trim($app->listform->listDef['additional_tables']);
-		if($app->listform->listDef['additional_tables'] != ''){
+
+		if(isset($app->listform->listDef['additional_tables']) && trim($app->listform->listDef['additional_tables']) != ''){
+			$app->listform->listDef['additional_tables'] = trim($app->listform->listDef['additional_tables']);
 			$additional_tables = explode(',', $app->listform->listDef['additional_tables']);
 			foreach($additional_tables as $additional_table){
 				$table_selects[] = trim($additional_table).'.*';
@@ -254,7 +255,7 @@ class listform_actions {
 		}
 		$select = implode(', ', $table_selects);
 
-		$sql = 'SELECT '.$select.$extselect.' FROM '.$app->listform->listDef['table'].($app->listform->listDef['additional_tables'] != ''? ','.$app->listform->listDef['additional_tables'] : '')."$join WHERE $sql_where $order_by_sql";
+		$sql = 'SELECT '.$select.$extselect.' FROM '.$app->listform->listDef['table'].(isset($app->listform->listDef['additional_tables']) && $app->listform->listDef['additional_tables'] != ''? ','.$app->listform->listDef['additional_tables'] : '')."$join WHERE $sql_where $order_by_sql";
 		if($no_limit == false) $sql .= " $limit_sql";
 		//echo $sql;
 		return $sql;

interface/lib/classes/quota_lib.inc.php

@@ -326,7 +326,7 @@ class quota_lib {
 					if($used_ratio >= 0.8) $databases[$i]['display_colour'] = '#fd934f';
 					if($used_ratio >= 1) $databases[$i]['display_colour'] = '#cc0000';
 
-					if($databases[$i]['database_quota'] == 0){
+					if($databases[$i]['database_quota'] == -1) {
 						$databases[$i]['database_quota'] = $app->lng('unlimited_txt');
 					} else {
 						$databases[$i]['database_quota'] = $databases[$i]['database_quota'] . ' MB';

interface/lib/classes/system.inc.php

@@ -33,6 +33,7 @@ class system {
 	var $client_service = null;
 	private $_last_exec_out = null;
 	private $_last_exec_retcode = null;
+	private $server_count = null;
 
 	public function has_service($userid, $service) {
 		global $app;