maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

let customers edit password, def-language and theme in Customers.edit

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-24 15:02:49 +01:00
parent d2aaf84eff
commit 0bf430e0c1
2 changed files with 376 additions and 443 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
customer_mysql.php
View File

@@ -132,134 +132,12 @@ if ($page == 'overview') {
} elseif ($action == 'add') { } elseif ($action == 'add') {
if ($userinfo['mysqls_used'] < $userinfo['mysqls'] || $userinfo['mysqls'] == '-1') { if ($userinfo['mysqls_used'] < $userinfo['mysqls'] || $userinfo['mysqls'] == '-1') {
if (isset($_POST['send']) && $_POST['send'] == 'send') { if (isset($_POST['send']) && $_POST['send'] == 'send') {
$password = validate($_POST['mysql_password'], 'password');
$password = validatePassword($password);
$sendinfomail = isset($_POST['sendinfomail']) ? 1 : 0;
if ($sendinfomail != 1) {
$sendinfomail = 0;
}
if ($password == '') {
standard_error(array('stringisempty', 'mypassword'));
} else {
$dbserver = 0;
$dbservers_stmt = Database::query("SELECT COUNT(DISTINCT `dbserver`) as numservers FROM `".TABLE_PANEL_DATABASES."`");
$_dbserver = $dbservers_stmt->fetch(PDO::FETCH_ASSOC);
$count_mysqlservers = $_dbserver['numservers'];
if ($count_mysqlservers > 1) {
$dbserver = validate($_POST['mysql_server'], html_entity_decode($lng['mysql']['mysql_server']), '', '', 0);
Database::needRoot(true, $dbserver);
Database::needSqlData();
$sql_root = Database::getSqlData();
Database::needRoot(false);
if (!isset($sql_root) || !is_array($sql_root)) {
$dbserver = 0;
}
}
// validate description before actual adding the database, #1052
$databasedescription = validate(trim($_POST['description']), 'description');
// create database, user, set permissions, etc.pp.
$dbm = new DbManager($log);
$username = $dbm->createDatabase(
$userinfo['loginname'],
$password,
$userinfo['mysql_lastaccountnumber']
);
// we've checked against the password in dbm->createDatabase
if ($username == false) {
standard_error('passwordshouldnotbeusername');
}
// Statement modified for Database description -- PH 2004-11-29
$stmt = Database::prepare('INSERT INTO `' . TABLE_PANEL_DATABASES . '`
(`customerid`, `databasename`, `description`, `dbserver`)
VALUES (:customerid, :databasename, :description, :dbserver)'
);
$params = array(
"customerid" => $userinfo['customerid'],
"databasename" => $username,
"description" => $databasedescription,
"dbserver" => $dbserver
);
Database::pexecute($stmt, $params);
$stmt = Database::prepare('UPDATE `' . TABLE_PANEL_CUSTOMERS . '`
SET `mysqls_used` = `mysqls_used` + 1, `mysql_lastaccountnumber` = `mysql_lastaccountnumber` + 1
WHERE `customerid` = :customerid'
);
Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
if ($sendinfomail == 1) {
$pma = $lng['admin']['notgiven'];
if (Settings::Get('panel.phpmyadmin_url') != '') {
$pma = Settings::Get('panel.phpmyadmin_url');
}
Database::needRoot(true, $dbserver);
Database::needSqlData();
$sql_root = Database::getSqlData();
Database::needRoot(false);
$replace_arr = array(
'SALUTATION' => getCorrectUserSalutation($userinfo),
'CUST_NAME' => getCorrectUserSalutation($userinfo), // < keep this for compatibility
'DB_NAME' => $username,
'DB_PASS' => $password,
'DB_DESC' => $databasedescription,
'DB_SRV' => $sql_root['host'],
'PMA_URI' => $pma
);
$def_language = $userinfo['def_language'];
$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid
AND `language` = :lang
AND `templategroup`='mails'
AND `varname`='new_database_by_customer_subject'"
);
Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['new_database_by_customer']['subject']), $replace_arr));
$result_stmt = Database::prepare("SELECT `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid`= :adminid
AND `language`= :lang
AND `templategroup` = 'mails'
AND `varname` = 'new_database_by_customer_mailbody'"
);
Database::pexecute($result_stmt, array("adminid" => $userinfo['adminid'], "lang" => $def_language));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $lng['mails']['new_database_by_customer']['mailbody']), $replace_arr));
$_mailerror = false;
try { try {
$mail->Subject = $mail_subject; Mysqls::getLocal($userinfo, $_POST)->add();
$mail->AltBody = $mail_body;
$mail->MsgHTML(str_replace("\n", "<br />", $mail_body));
$mail->AddAddress($userinfo['email'], getCorrectUserSalutation($userinfo));
$mail->Send();
} catch(phpmailerException $e) {
$mailerr_msg = $e->errorMessage();
$_mailerror = true;
} catch (Exception $e) { } catch (Exception $e) {
$mailerr_msg = $e->getMessage(); dynamic_error($e->getMessage());
$_mailerror = true;
} }
if ($_mailerror) {
$log->logAction(USR_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
standard_error('errorsendingmail', $userinfo['email']);
}
$mail->ClearAddresses();
}
redirectTo($filename, array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
}
} else { } else {
$dbservers_stmt = Database::query("SELECT DISTINCT `dbserver` FROM `".TABLE_PANEL_DATABASES."`"); $dbservers_stmt = Database::query("SELECT DISTINCT `dbserver` FROM `".TABLE_PANEL_DATABASES."`");
@@ -284,12 +162,14 @@ if ($page == 'overview') {
} }
} }
} elseif ($action == 'edit' && $id != 0) { } elseif ($action == 'edit' && $id != 0) {
$result_stmt = Database::prepare("SELECT `id`, `databasename`, `description`, `dbserver` FROM `" . TABLE_PANEL_DATABASES . "` try {
WHERE `customerid` = :customerid $json_result = Mysqls::getLocal($userinfo, array(
AND `id` = :id" 'id' => $id
); ))->get();
Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid'], "id" => $id)); } catch (Exception $e) {
$result = $result_stmt->fetch(PDO::FETCH_ASSOC); dynamic_error($e->getMessage());
}
$result = json_decode($json_result, true)['data'];
if (isset($result['databasename']) && $result['databasename'] != '') { if (isset($result['databasename']) && $result['databasename'] != '') {
if (!isset($sql_root[$result['dbserver']]) || !is_array($sql_root[$result['dbserver']])) { if (!isset($sql_root[$result['dbserver']]) || !is_array($sql_root[$result['dbserver']])) {

63
lib/classes/api/commands/class.Customers.php
View File

@@ -697,6 +697,7 @@ class Customers extends ApiCommand implements ResourceEntity
$result = json_decode($json_result, true)['data']; $result = json_decode($json_result, true)['data'];
$id = $result['customerid']; $id = $result['customerid'];
if ($this->isAdmin()) {
// parameters // parameters
$move_to_admin = intval_ressource($this->getParam('move_to_admin', true, 0)); $move_to_admin = intval_ressource($this->getParam('move_to_admin', true, 0));
@@ -738,6 +739,52 @@ class Customers extends ApiCommand implements ResourceEntity
$dnsenabled = $this->getParam('dnsenabled', true, $result['dnsenabled']); $dnsenabled = $this->getParam('dnsenabled', true, $result['dnsenabled']);
$deactivated = $this->getParam('deactivated', true, $result['deactivated']); $deactivated = $this->getParam('deactivated', true, $result['deactivated']);
$theme = $this->getParam('theme', true, $result['theme']); $theme = $this->getParam('theme', true, $result['theme']);
} else {
// allowed parameters
$def_language = $this->getParam('def_language', true, $result['def_language']);
$password = $this->getParam('new_customer_password', true, '');
$theme = $this->getParam('theme', true, $result['theme']);
// unchangeable parameters for customers
$move_to_admin = 0;
$idna_convert = new idna_convert_wrapper();
$email = $idna_convert->decode($result['email']);
$name = $result['name'];
$firstname = $result['firstname'];
$company = $result['company'];
$street = $result['street'];
$zipcode = $result['zipcode'];
$city = $result['city'];
$phone = $result['phone'];
$fax = $result['fax'];
$customernumber = $result['customernumber'];
$gender = $result['gender'];
$custom_notes = $result['custom_notes'];
$custom_notes_show = $result['custom_notes_show'];
$dec_places = Settings::Get('panel.decimal_places');
$diskspace = round($result['diskspace'] / 1024, $dec_places);
$traffic = round($result['traffic'] / (1024 * 1024), $dec_places);
$subdomains = $result['subdomains'];
$emails = $result['emails'];
$email_accounts = $result['email_accounts'];
$email_forwarders = $result['email_forwarders'];
$email_quota = $result['email_quota'];
$email_imap = $result['imap'];
$email_pop3 = $result['pop3'];
$ftps = $result['ftps'];
$tickets = $result['tickets'];
$mysqls = $result['mysqls'];
// if we got one, it's true so none will be generated (it exists already)
// if not, none will be generated
$createstdsubdomain = ($result['standardsubdomain'] > 0 ? 1 : 0);
$sendpassword = 0;
$phpenabled = $result['phpenabled'];
$allowed_phpconfigs = json_decode($result['allowed_phpconfigs'], true);
$perlenabled = $result['perlenabled'];
$dnsenabled = $result['dnsenabled'];
$deactivated = $result['deactivated'];
}
// validation // validation
$idna_convert = new idna_convert_wrapper(); $idna_convert = new idna_convert_wrapper();
@@ -770,6 +817,7 @@ class Customers extends ApiCommand implements ResourceEntity
$diskspace = $diskspace * 1024; $diskspace = $diskspace * 1024;
$traffic = $traffic * 1024 * 1024; $traffic = $traffic * 1024 * 1024;
if ($this->isAdmin()) {
if (((($this->getUserDetail('diskspace_used') + $diskspace - $result['diskspace']) > $this->getUserDetail('diskspace')) && ($this->getUserDetail('diskspace') / 1024) != '-1') || ((($this->getUserDetail('mysqls_used') + $mysqls - $result['mysqls']) > $this->getUserDetail('mysqls')) && $this->getUserDetail('mysqls') != '-1') || ((($this->getUserDetail('emails_used') + $emails - $result['emails']) > $this->getUserDetail('emails')) && $this->getUserDetail('emails') != '-1') || ((($this->getUserDetail('email_accounts_used') + $email_accounts - $result['email_accounts']) > $this->getUserDetail('email_accounts')) && $this->getUserDetail('email_accounts') != '-1') || ((($this->getUserDetail('email_forwarders_used') + $email_forwarders - $result['email_forwarders']) > $this->getUserDetail('email_forwarders')) && $this->getUserDetail('email_forwarders') != '-1') || ((($this->getUserDetail('email_quota_used') + $email_quota - $result['email_quota']) > $this->getUserDetail('email_quota')) && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ((($this->getUserDetail('ftps_used') + $ftps - $result['ftps']) > $this->getUserDetail('ftps')) && $this->getUserDetail('ftps') != '-1') || ((($this->getUserDetail('tickets_used') + $tickets - $result['tickets']) > $this->getUserDetail('tickets')) && $this->getUserDetail('tickets') != '-1') || ((($this->getUserDetail('subdomains_used') + $subdomains - $result['subdomains']) > $this->getUserDetail('subdomains')) && $this->getUserDetail('subdomains') != '-1') || (($diskspace / 1024) == '-1' && ($this->getUserDetail('diskspace') / 1024) != '-1') || ($mysqls == '-1' && $this->getUserDetail('mysqls') != '-1') || ($emails == '-1' && $this->getUserDetail('emails') != '-1') || ($email_accounts == '-1' && $this->getUserDetail('email_accounts') != '-1') || ($email_forwarders == '-1' && $this->getUserDetail('email_forwarders') != '-1') || ($email_quota == '-1' && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ($ftps == '-1' && $this->getUserDetail('ftps') != '-1') || ($tickets == '-1' && $this->getUserDetail('tickets') != '-1') || ($subdomains == '-1' && $this->getUserDetail('subdomains') != '-1')) { if (((($this->getUserDetail('diskspace_used') + $diskspace - $result['diskspace']) > $this->getUserDetail('diskspace')) && ($this->getUserDetail('diskspace') / 1024) != '-1') || ((($this->getUserDetail('mysqls_used') + $mysqls - $result['mysqls']) > $this->getUserDetail('mysqls')) && $this->getUserDetail('mysqls') != '-1') || ((($this->getUserDetail('emails_used') + $emails - $result['emails']) > $this->getUserDetail('emails')) && $this->getUserDetail('emails') != '-1') || ((($this->getUserDetail('email_accounts_used') + $email_accounts - $result['email_accounts']) > $this->getUserDetail('email_accounts')) && $this->getUserDetail('email_accounts') != '-1') || ((($this->getUserDetail('email_forwarders_used') + $email_forwarders - $result['email_forwarders']) > $this->getUserDetail('email_forwarders')) && $this->getUserDetail('email_forwarders') != '-1') || ((($this->getUserDetail('email_quota_used') + $email_quota - $result['email_quota']) > $this->getUserDetail('email_quota')) && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ((($this->getUserDetail('ftps_used') + $ftps - $result['ftps']) > $this->getUserDetail('ftps')) && $this->getUserDetail('ftps') != '-1') || ((($this->getUserDetail('tickets_used') + $tickets - $result['tickets']) > $this->getUserDetail('tickets')) && $this->getUserDetail('tickets') != '-1') || ((($this->getUserDetail('subdomains_used') + $subdomains - $result['subdomains']) > $this->getUserDetail('subdomains')) && $this->getUserDetail('subdomains') != '-1') || (($diskspace / 1024) == '-1' && ($this->getUserDetail('diskspace') / 1024) != '-1') || ($mysqls == '-1' && $this->getUserDetail('mysqls') != '-1') || ($emails == '-1' && $this->getUserDetail('emails') != '-1') || ($email_accounts == '-1' && $this->getUserDetail('email_accounts') != '-1') || ($email_forwarders == '-1' && $this->getUserDetail('email_forwarders') != '-1') || ($email_quota == '-1' && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ($ftps == '-1' && $this->getUserDetail('ftps') != '-1') || ($tickets == '-1' && $this->getUserDetail('tickets') != '-1') || ($subdomains == '-1' && $this->getUserDetail('subdomains') != '-1')) {
standard_error('youcantallocatemorethanyouhave', '', true); standard_error('youcantallocatemorethanyouhave', '', true);
} }
@@ -792,7 +840,8 @@ class Customers extends ApiCommand implements ResourceEntity
), '', true); ), '', true);
} elseif (! validateEmail($email)) { } elseif (! validateEmail($email)) {
standard_error('emailiswrong', $email, true); standard_error('emailiswrong', $email, true);
} else { }
}
if ($password != '') { if ($password != '') {
$password = validatePassword($password, true); $password = validatePassword($password, true);
@@ -884,7 +933,8 @@ class Customers extends ApiCommand implements ResourceEntity
$imap = (($deactivated) ? '0' : (int) $result['imap']); $imap = (($deactivated) ? '0' : (int) $result['imap']);
$upd_stmt = Database::prepare(" $upd_stmt = Database::prepare("
UPDATE `" . TABLE_MAIL_USERS . "` SET `postfix`= :yesno, `pop3` = :pop3, `imap` = :imap WHERE `customerid` = :customerid"); UPDATE `" . TABLE_MAIL_USERS . "` SET `postfix`= :yesno, `pop3` = :pop3, `imap` = :imap WHERE `customerid` = :customerid
");
Database::pexecute($upd_stmt, array( Database::pexecute($upd_stmt, array(
'yesno' => $yesno, 'yesno' => $yesno,
'pop3' => $pop3, 'pop3' => $pop3,
@@ -893,7 +943,8 @@ class Customers extends ApiCommand implements ResourceEntity
)); ));
$upd_stmt = Database::prepare(" $upd_stmt = Database::prepare("
UPDATE `" . TABLE_FTP_USERS . "` SET `login_enabled` = :yesno WHERE `customerid` = :customerid"); UPDATE `" . TABLE_FTP_USERS . "` SET `login_enabled` = :yesno WHERE `customerid` = :customerid
");
Database::pexecute($upd_stmt, array( Database::pexecute($upd_stmt, array(
'yesno' => $yesno, 'yesno' => $yesno,
'customerid' => $id 'customerid' => $id
@@ -1041,6 +1092,7 @@ class Customers extends ApiCommand implements ResourceEntity
"); ");
Database::pexecute($upd_stmt, $upd_data); Database::pexecute($upd_stmt, $upd_data);
if ($this->isAdmin()) {
// Using filesystem - quota, insert a task which cleans the filesystem - quota // Using filesystem - quota, insert a task which cleans the filesystem - quota
inserttask('10'); inserttask('10');
@@ -1147,7 +1199,9 @@ class Customers extends ApiCommand implements ResourceEntity
$admin_update_query .= " WHERE `adminid` = '" . (int) $result['adminid'] . "'"; $admin_update_query .= " WHERE `adminid` = '" . (int) $result['adminid'] . "'";
Database::query($admin_update_query); Database::query($admin_update_query);
$this->logger()->logAction(ADM_ACTION, LOG_INFO, "[API] edited user '" . $result['loginname'] . "'"); }
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] edited user '" . $result['loginname'] . "'");
/* /*
* move customer to another admin/reseller; #1166 * move customer to another admin/reseller; #1166
@@ -1161,7 +1215,6 @@ class Customers extends ApiCommand implements ResourceEntity
return $this->response(200, "successfull", $upd_data); return $this->response(200, "successfull", $upd_data);
} }
}
throw new Exception("Not allowed to execute given command.", 403); throw new Exception("Not allowed to execute given command.", 403);
} }