do not update fields of customer a customer cannot even change; unset custom_notes when admin of customer set custom_notes_show to 0
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
@@ -95,6 +95,10 @@ class Customers extends ApiCommand implements ResourceEntity
|
||||
}
|
||||
$result = Database::pexecute_first($result_stmt, $params, true, true);
|
||||
if ($result) {
|
||||
// check whether the admin does not want the customer to see the notes
|
||||
if (! $this->isAdmin() && $result['custom_notes_show'] != 1) {
|
||||
$result['custom_notes'] = "";
|
||||
}
|
||||
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_NOTICE, "[API] get customer '" . $result['loginname'] . "'");
|
||||
return $this->response(200, "successfull", $result);
|
||||
}
|
||||
@@ -732,49 +736,10 @@ class Customers extends ApiCommand implements ResourceEntity
|
||||
$def_language = $this->getParam('def_language', true, $result['def_language']);
|
||||
$password = $this->getParam('new_customer_password', true, '');
|
||||
$theme = $this->getParam('theme', true, $result['theme']);
|
||||
|
||||
// unchangeable parameters for customers
|
||||
$move_to_admin = 0;
|
||||
$idna_convert = new idna_convert_wrapper();
|
||||
$email = $idna_convert->decode($result['email']);
|
||||
$name = $result['name'];
|
||||
$firstname = $result['firstname'];
|
||||
$company = $result['company'];
|
||||
$street = $result['street'];
|
||||
$zipcode = $result['zipcode'];
|
||||
$city = $result['city'];
|
||||
$phone = $result['phone'];
|
||||
$fax = $result['fax'];
|
||||
$customernumber = $result['customernumber'];
|
||||
$gender = $result['gender'];
|
||||
$custom_notes = $result['custom_notes'];
|
||||
$custom_notes_show = $result['custom_notes_show'];
|
||||
|
||||
$dec_places = Settings::Get('panel.decimal_places');
|
||||
$diskspace = round($result['diskspace'] / 1024, $dec_places);
|
||||
$traffic = round($result['traffic'] / (1024 * 1024), $dec_places);
|
||||
$subdomains = $result['subdomains'];
|
||||
$emails = $result['emails'];
|
||||
$email_accounts = $result['email_accounts'];
|
||||
$email_forwarders = $result['email_forwarders'];
|
||||
$email_quota = $result['email_quota'];
|
||||
$email_imap = $result['imap'];
|
||||
$email_pop3 = $result['pop3'];
|
||||
$ftps = $result['ftps'];
|
||||
$tickets = $result['tickets'];
|
||||
$mysqls = $result['mysqls'];
|
||||
// if we got one, it's true so none will be generated (it exists already)
|
||||
// if not, none will be generated
|
||||
$createstdsubdomain = ($result['standardsubdomain'] > 0 ? 1 : 0);
|
||||
$sendpassword = 0;
|
||||
$phpenabled = $result['phpenabled'];
|
||||
$allowed_phpconfigs = json_decode($result['allowed_phpconfigs'], true);
|
||||
$perlenabled = $result['perlenabled'];
|
||||
$dnsenabled = $result['dnsenabled'];
|
||||
$deactivated = $result['deactivated'];
|
||||
}
|
||||
|
||||
// validation
|
||||
if ($this->isAdmin()) {
|
||||
$idna_convert = new idna_convert_wrapper();
|
||||
$name = validate($name, 'name', '', '', array(), true);
|
||||
$firstname = validate($firstname, 'first name', '', '', array(), true);
|
||||
@@ -786,8 +751,9 @@ class Customers extends ApiCommand implements ResourceEntity
|
||||
$fax = validate($fax, 'fax', '/^[0-9\- \+\(\)\/]*$/', '', array(), true);
|
||||
$email = $idna_convert->encode(validate($email, 'email', '', '', array(), true));
|
||||
$customernumber = validate($customernumber, 'customer number', '/^[A-Za-z0-9 \-]*$/Di', '', array(), true);
|
||||
$def_language = validate($def_language, 'default language', '', '', array(), true);
|
||||
$custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true);
|
||||
}
|
||||
$def_language = validate($def_language, 'default language', '', '', array(), true);
|
||||
$theme = validate($theme, 'theme', '', '', array(), true);
|
||||
|
||||
if (Settings::Get('system.mail_quota_enabled') != '1') {
|
||||
@@ -802,10 +768,11 @@ class Customers extends ApiCommand implements ResourceEntity
|
||||
$theme = Settings::Get('panel.default_theme');
|
||||
}
|
||||
|
||||
if ($this->isAdmin()) {
|
||||
|
||||
$diskspace = $diskspace * 1024;
|
||||
$traffic = $traffic * 1024 * 1024;
|
||||
|
||||
if ($this->isAdmin()) {
|
||||
if (((($this->getUserDetail('diskspace_used') + $diskspace - $result['diskspace']) > $this->getUserDetail('diskspace')) && ($this->getUserDetail('diskspace') / 1024) != '-1') || ((($this->getUserDetail('mysqls_used') + $mysqls - $result['mysqls']) > $this->getUserDetail('mysqls')) && $this->getUserDetail('mysqls') != '-1') || ((($this->getUserDetail('emails_used') + $emails - $result['emails']) > $this->getUserDetail('emails')) && $this->getUserDetail('emails') != '-1') || ((($this->getUserDetail('email_accounts_used') + $email_accounts - $result['email_accounts']) > $this->getUserDetail('email_accounts')) && $this->getUserDetail('email_accounts') != '-1') || ((($this->getUserDetail('email_forwarders_used') + $email_forwarders - $result['email_forwarders']) > $this->getUserDetail('email_forwarders')) && $this->getUserDetail('email_forwarders') != '-1') || ((($this->getUserDetail('email_quota_used') + $email_quota - $result['email_quota']) > $this->getUserDetail('email_quota')) && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ((($this->getUserDetail('ftps_used') + $ftps - $result['ftps']) > $this->getUserDetail('ftps')) && $this->getUserDetail('ftps') != '-1') || ((($this->getUserDetail('tickets_used') + $tickets - $result['tickets']) > $this->getUserDetail('tickets')) && $this->getUserDetail('tickets') != '-1') || ((($this->getUserDetail('subdomains_used') + $subdomains - $result['subdomains']) > $this->getUserDetail('subdomains')) && $this->getUserDetail('subdomains') != '-1') || (($diskspace / 1024) == '-1' && ($this->getUserDetail('diskspace') / 1024) != '-1') || ($mysqls == '-1' && $this->getUserDetail('mysqls') != '-1') || ($emails == '-1' && $this->getUserDetail('emails') != '-1') || ($email_accounts == '-1' && $this->getUserDetail('email_accounts') != '-1') || ($email_forwarders == '-1' && $this->getUserDetail('email_forwarders') != '-1') || ($email_quota == '-1' && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ($ftps == '-1' && $this->getUserDetail('ftps') != '-1') || ($tickets == '-1' && $this->getUserDetail('tickets') != '-1') || ($subdomains == '-1' && $this->getUserDetail('subdomains') != '-1')) {
|
||||
standard_error('youcantallocatemorethanyouhave', '', true);
|
||||
}
|
||||
@@ -838,6 +805,7 @@ class Customers extends ApiCommand implements ResourceEntity
|
||||
$password = $result['password'];
|
||||
}
|
||||
|
||||
if ($this->isAdmin()) {
|
||||
if ($createstdsubdomain != '1') {
|
||||
$createstdsubdomain = '0';
|
||||
}
|
||||
@@ -1003,10 +971,17 @@ class Customers extends ApiCommand implements ResourceEntity
|
||||
'customerid' => $id
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
$upd_data = array(
|
||||
'customerid' => $id,
|
||||
'passwd' => $password,
|
||||
'lang' => $def_language,
|
||||
'theme' => $theme
|
||||
);
|
||||
|
||||
if ($this->isAdmin()) {
|
||||
$admin_upd_data = array(
|
||||
'name' => $name,
|
||||
'firstname' => $firstname,
|
||||
'gender' => $gender,
|
||||
@@ -1018,7 +993,6 @@ class Customers extends ApiCommand implements ResourceEntity
|
||||
'fax' => $fax,
|
||||
'email' => $email,
|
||||
'customerno' => $customernumber,
|
||||
'lang' => $def_language,
|
||||
'diskspace' => $diskspace,
|
||||
'traffic' => $traffic,
|
||||
'subdomains' => $subdomains,
|
||||
@@ -1037,11 +1011,18 @@ class Customers extends ApiCommand implements ResourceEntity
|
||||
'perlenabled' => $perlenabled,
|
||||
'dnsenabled' => $dnsenabled,
|
||||
'custom_notes' => $custom_notes,
|
||||
'custom_notes_show' => $custom_notes_show,
|
||||
'theme' => $theme
|
||||
'custom_notes_show' => $custom_notes_show
|
||||
);
|
||||
$upd_stmt = Database::prepare("
|
||||
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
|
||||
$upd_data = $upd_data + $admin_upd_data;
|
||||
}
|
||||
|
||||
$upd_query = "UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
|
||||
`def_language` = :lang,
|
||||
`password` = :passwd,
|
||||
`theme` = :theme";
|
||||
|
||||
if ($this->isAdmin()) {
|
||||
$admin_upd_query = ",
|
||||
`name` = :name,
|
||||
`firstname` = :firstname,
|
||||
`gender` = :gender,
|
||||
@@ -1053,8 +1034,6 @@ class Customers extends ApiCommand implements ResourceEntity
|
||||
`fax` = :fax,
|
||||
`email` = :email,
|
||||
`customernumber` = :customerno,
|
||||
`def_language` = :lang,
|
||||
`password` = :passwd,
|
||||
`diskspace` = :diskspace,
|
||||
`traffic` = :traffic,
|
||||
`subdomains` = :subdomains,
|
||||
@@ -1073,10 +1052,11 @@ class Customers extends ApiCommand implements ResourceEntity
|
||||
`perlenabled` = :perlenabled,
|
||||
`dnsenabled` = :dnsenabled,
|
||||
`custom_notes` = :custom_notes,
|
||||
`custom_notes_show` = :custom_notes_show,
|
||||
`theme` = :theme
|
||||
WHERE `customerid` = :customerid
|
||||
");
|
||||
`custom_notes_show` = :custom_notes_show";
|
||||
$upd_query .= $admin_upd_query;
|
||||
}
|
||||
$upd_query .= " WHERE `customerid` = :customerid";
|
||||
$upd_stmt = Database::prepare($upd_query);
|
||||
Database::pexecute($upd_stmt, $upd_data);
|
||||
|
||||
if ($this->isAdmin()) {
|
||||
@@ -1193,6 +1173,7 @@ class Customers extends ApiCommand implements ResourceEntity
|
||||
/*
|
||||
* move customer to another admin/reseller; #1166
|
||||
*/
|
||||
if ($this->isAdmin()) {
|
||||
if ($move_to_admin > 0 && $move_to_admin != $result['adminid']) {
|
||||
$json_result = Customers::getLocal($this->getUserData(), array(
|
||||
'id' => $result['customerid'],
|
||||
@@ -1203,6 +1184,7 @@ class Customers extends ApiCommand implements ResourceEntity
|
||||
standard_error('moveofcustomerfailed', $move_result, true);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$json_result = Customers::getLocal($this->getUserData(), array(
|
||||
'id' => $result['customerid']
|
||||
|
||||
Reference in New Issue
Block a user