From 5c330505ea6a508ebdd7d9ca13d20586dc208efd Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Sun, 25 Feb 2018 20:47:36 +0100 Subject: [PATCH] correct Admins.update and Admins.delete Signed-off-by: Michael Kaufmann (d00p) --- lib/classes/api/commands/class.Admins.php | 576 +++++++++++----------- 1 file changed, 297 insertions(+), 279 deletions(-) diff --git a/lib/classes/api/commands/class.Admins.php b/lib/classes/api/commands/class.Admins.php index 382ff0c0..d6af8258 100644 --- a/lib/classes/api/commands/class.Admins.php +++ b/lib/classes/api/commands/class.Admins.php @@ -54,7 +54,7 @@ class Admins extends ApiCommand implements ResourceEntity * optional, the admin-id * @param string $loginname * optional, the loginname - * + * * @access admin * @throws Exception * @return array @@ -64,7 +64,7 @@ class Admins extends ApiCommand implements ResourceEntity $id = $this->getParam('id', true, 0); $ln_optional = ($id <= 0 ? false : true); $loginname = trim($this->getParam('loginname', $ln_optional, '')); - + if ($this->isAdmin() && ($this->getUserDetail('change_serversettings') == 1 || ($this->getUserDetail('adminid') == $id || $this->getUserDetail('loginname') == $loginname))) { $result_stmt = Database::prepare(" SELECT * FROM `" . TABLE_PANEL_ADMINS . "` @@ -93,11 +93,11 @@ class Admins extends ApiCommand implements ResourceEntity public function add() { if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) { - + // required parameters $name = $this->getParam('name'); $email = $this->getParam('email'); - + // parameters $def_language = $this->getParam('def_language', true, Settings::Get('panel.standardlanguage')); $custom_notes = $this->getParam('custom_notes', true, ''); @@ -105,7 +105,7 @@ class Admins extends ApiCommand implements ResourceEntity $password = $this->getParam('admin_password', true, ''); $sendpassword = $this->getParam('sendpassword', true, 0); $loginname = $this->getParam('new_loginname', true, ''); - + $diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, 0); $traffic = $this->getUlParam('traffic', 'traffic_ul', true, 0); $customers = $this->getUlParam('customers', 'customers_ul', true, 0); @@ -118,53 +118,57 @@ class Admins extends ApiCommand implements ResourceEntity $ftps = $this->getUlParam('ftps', 'ftps_ul', true, 0); $tickets = $this->getUlParam('tickets', 'tickets_ul', true, 0); $mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, 0); - + $customers_see_all = $this->getParam('customers_see_all', true, 0); $domains_see_all = $this->getParam('domains_see_all', true, 0); $tickets_see_all = $this->getParam('tickets_see_all', true, 0); $caneditphpsettings = $this->getParam('caneditphpsettings', true, 0); $change_serversettings = $this->getParam('change_serversettings', true, 0); - $ipaddress = intval_ressource($this->getParam('ipaddress', true, -1)); - + $ipaddress = intval_ressource($this->getParam('ipaddress', true, - 1)); + // validation $name = validate($name, 'name', '', '', array(), true); $idna_convert = new idna_convert_wrapper(); $email = $idna_convert->encode(validate($email, 'email', '', '', array(), true)); $def_language = validate($def_language, 'default language', '', '', array(), true); $custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true); - + if (Settings::Get('system.mail_quota_enabled') != '1') { $email_quota = - 1; } - + if (Settings::Get('ticket.enabled') != '1') { $tickets = - 1; } - + $password = validate($password, 'password', '', '', array(), true); // only check if not empty, // cause empty == generate password automatically if ($password != '') { $password = validatePassword($password, true); } - + $diskspace = $diskspace * 1024; $traffic = $traffic * 1024 * 1024; - + // Check if the account already exists // do not check via api as we skip any permission checks for this task $loginname_check_stmt = Database::prepare(" SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :login "); - $loginname_check = Database::pexecute_first($loginname_check_stmt, array('login' => $loginname), true, true); - + $loginname_check = Database::pexecute_first($loginname_check_stmt, array( + 'login' => $loginname + ), true, true); + // Check if an admin with the loginname already exists // do not check via api as we skip any permission checks for this task $loginname_check_admin_stmt = Database::prepare(" SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :login "); - $loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array('login' => $loginname), true, true); - + $loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array( + 'login' => $loginname + ), true, true); + if ($loginname == '') { standard_error(array( 'stringisempty', @@ -190,33 +194,33 @@ class Admins extends ApiCommand implements ResourceEntity } elseif (! validateEmail($email)) { standard_error('emailiswrong', $email, true); } else { - + if ($customers_see_all != '1') { $customers_see_all = '0'; } - + if ($domains_see_all != '1') { $domains_see_all = '0'; } - + if ($caneditphpsettings != '1') { $caneditphpsettings = '0'; } - + if ($change_serversettings != '1') { $change_serversettings = '0'; } - + if ($tickets_see_all != '1') { $tickets_see_all = '0'; } - + if ($password == '') { $password = generatePassword(); } - + $_theme = Settings::Get('panel.default_theme'); - + $ins_data = array( 'loginname' => $loginname, 'password' => makeCryptPassword($password), @@ -245,7 +249,7 @@ class Admins extends ApiCommand implements ResourceEntity 'custom_notes' => $custom_notes, 'custom_notes_show' => $custom_notes_show ); - + $ins_stmt = Database::prepare(" INSERT INTO `" . TABLE_PANEL_ADMINS . "` SET `loginname` = :loginname, @@ -276,11 +280,11 @@ class Admins extends ApiCommand implements ResourceEntity `custom_notes_show` = :custom_notes_show "); Database::pexecute($ins_stmt, $ins_data, true, true); - + $adminid = Database::lastInsertId(); $ins_data['adminid'] = $adminid; $this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] added admin '" . $loginname . "'"); - + // get all admin-data for return-array $json_result = Admins::getLocal($this->getUserData(), array( 'id' => $adminid @@ -299,261 +303,263 @@ class Admins extends ApiCommand implements ResourceEntity * optional, the admin-id * @param string $loginname * optional, the loginname - * + * * @access admin * @throws Exception * @return array */ public function update() { - if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) { - + if ($this->isAdmin()) { + $id = $this->getParam('id', true, 0); $ln_optional = ($id <= 0 ? false : true); $loginname = trim($this->getParam('loginname', $ln_optional, '')); - + $json_result = Admins::getLocal($this->getUserData(), array( 'id' => $id, 'loginname' => $loginname ))->get(); $result = json_decode($json_result, true)['data']; $id = $result['adminid']; - - // parameters - $name = $this->getParam('name', true, $result['name']); - $idna_convert = new idna_convert_wrapper(); - $email = $this->getParam('email', true, $idna_convert->decode($result['email'])); - $password = $this->getParam('admin_password', true, ''); - $def_language = $this->getParam('def_language', true, $result['def_language']); - $custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']); - $custom_notes_show = $this->getParam('custom_notes_show', true, $result['custom_notes_show']); - $theme = $this->getParam('theme', true, $result['theme']); - - // you cannot edit some of the details of yourself - if ($result['adminid'] == $this->getUserDetail('userid')) { - $deactivated = $result['deactivated']; - $customers = $result['customers']; - $domains = $result['domains']; - $subdomains = $result['subdomains']; - $emails = $result['emails']; - $email_accounts = $result['email_accounts']; - $email_forwarders = $result['email_forwarders']; - $email_quota = $result['email_quota']; - $ftps = $result['ftps']; - $tickets = $result['tickets']; - $mysqls = $result['mysqls']; - $tickets_see_all = $result['tickets_see_all']; - $customers_see_all = $result['customers_see_all']; - $domains_see_all = $result['domains_see_all']; - $caneditphpsettings = $result['caneditphpsettings']; - $change_serversettings = $result['change_serversettings']; - $diskspace = $result['diskspace']; - $traffic = $result['traffic']; - $ipaddress = $result['ip']; - } else { - $deactivated = $this->getParam('deactivated', true, $result['deactivated']); - - $dec_places = Settings::Get('panel.decimal_places'); - $diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, round($result['diskspace'] / 1024, $dec_places)); - $traffic = $this->getUlParam('traffic', 'traffic_ul', true, round($result['traffic'] / (1024 * 1024), $dec_places)); - $customers = $this->getUlParam('customers', 'customers_ul', true, $result['customers']); - $domains = $this->getUlParam('domains', 'domains_ul', true, $result['domains']); - $subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, $result['subdomains']); - $emails = $this->getUlParam('emails', 'emails_ul', true, $result['emails']); - $email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, $result['email_accounts']); - $email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, $result['email_forwarders']); - $email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, $result['email_quota']); - $ftps = $this->getUlParam('ftps', 'ftps_ul', true, $result['ftps']); - $tickets = $this->getUlParam('tickets', 'tickets_ul', true, $result['tickets']); - $mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, $result['mysqls']); - - $customers_see_all = $this->getParam('customers_see_all', true, $result['customers_see_all']); - $domains_see_all = $this->getParam('domains_see_all', true, $result['domains_see_all']); - $tickets_see_all = $this->getParam('tickets_see_all', true, $result['tickets_see_all']); - $caneditphpsettings = $this->getParam('caneditphpsettings', true, $result['caneditphpsettings']); - $change_serversettings = $this->getParam('change_serversettings', true, $result['change_serversettings']); - $ipaddress = intval_ressource($this->getParam('ipaddress', true, $result['ip'])); - - $diskspace = $diskspace * 1024; - $traffic = $traffic * 1024 * 1024; - } - - // validation - $name = validate($name, 'name', '', '', array(), true); - $idna_convert = new idna_convert_wrapper(); - $email = $idna_convert->encode(validate($email, 'email', '', '', array(), true)); - $def_language = validate($def_language, 'default language', '', '', array(), true); - $custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true); - $theme = validate($theme, 'theme', '', '', array(), true); - $password = validate($password, 'password', '', '', array(), true); - - if (Settings::Get('system.mail_quota_enabled') != '1') { - $email_quota = - 1; - } - - if (Settings::Get('ticket.enabled') != '1') { - $tickets = - 1; - } - - if (empty($theme)) { - $theme = Settings::Get('panel.default_theme'); - } - - if ($name == '') { - standard_error(array( - 'stringisempty', - 'myname' - ), '', true); - } elseif ($email == '') { - standard_error(array( - 'stringisempty', - 'emailadd' - ), '', true); - } elseif (! validateEmail($email)) { - standard_error('emailiswrong', $email, true); - } else { - - if ($deactivated != '1') { - $deactivated = '0'; - } - - if ($customers_see_all != '1') { - $customers_see_all = '0'; - } - - if ($domains_see_all != '1') { - $domains_see_all = '0'; - } - - if ($caneditphpsettings != '1') { - $caneditphpsettings = '0'; - } - - if ($change_serversettings != '1') { - $change_serversettings = '0'; - } - - if ($tickets_see_all != '1') { - $tickets_see_all = '0'; - } - - if ($password != '') { - $password = validatePassword($password, true); - $password = makeCryptPassword($password); + + if ($this->getUserDetail('change_serversettings') == 1 || $result['adminid'] == $this->getUserDetail('adminid')) { + // parameters + $name = $this->getParam('name', true, $result['name']); + $idna_convert = new idna_convert_wrapper(); + $email = $this->getParam('email', true, $idna_convert->decode($result['email'])); + $password = $this->getParam('admin_password', true, ''); + $def_language = $this->getParam('def_language', true, $result['def_language']); + $custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']); + $custom_notes_show = $this->getParam('custom_notes_show', true, $result['custom_notes_show']); + $theme = $this->getParam('theme', true, $result['theme']); + + // you cannot edit some of the details of yourself + if ($result['adminid'] == $this->getUserDetail('adminid')) { + $deactivated = $result['deactivated']; + $customers = $result['customers']; + $domains = $result['domains']; + $subdomains = $result['subdomains']; + $emails = $result['emails']; + $email_accounts = $result['email_accounts']; + $email_forwarders = $result['email_forwarders']; + $email_quota = $result['email_quota']; + $ftps = $result['ftps']; + $tickets = $result['tickets']; + $mysqls = $result['mysqls']; + $tickets_see_all = $result['tickets_see_all']; + $customers_see_all = $result['customers_see_all']; + $domains_see_all = $result['domains_see_all']; + $caneditphpsettings = $result['caneditphpsettings']; + $change_serversettings = $result['change_serversettings']; + $diskspace = $result['diskspace']; + $traffic = $result['traffic']; + $ipaddress = $result['ip']; } else { - $password = $result['password']; + $deactivated = $this->getParam('deactivated', true, $result['deactivated']); + + $dec_places = Settings::Get('panel.decimal_places'); + $diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, round($result['diskspace'] / 1024, $dec_places)); + $traffic = $this->getUlParam('traffic', 'traffic_ul', true, round($result['traffic'] / (1024 * 1024), $dec_places)); + $customers = $this->getUlParam('customers', 'customers_ul', true, $result['customers']); + $domains = $this->getUlParam('domains', 'domains_ul', true, $result['domains']); + $subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, $result['subdomains']); + $emails = $this->getUlParam('emails', 'emails_ul', true, $result['emails']); + $email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, $result['email_accounts']); + $email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, $result['email_forwarders']); + $email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, $result['email_quota']); + $ftps = $this->getUlParam('ftps', 'ftps_ul', true, $result['ftps']); + $tickets = $this->getUlParam('tickets', 'tickets_ul', true, $result['tickets']); + $mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, $result['mysqls']); + + $customers_see_all = $this->getParam('customers_see_all', true, $result['customers_see_all']); + $domains_see_all = $this->getParam('domains_see_all', true, $result['domains_see_all']); + $tickets_see_all = $this->getParam('tickets_see_all', true, $result['tickets_see_all']); + $caneditphpsettings = $this->getParam('caneditphpsettings', true, $result['caneditphpsettings']); + $change_serversettings = $this->getParam('change_serversettings', true, $result['change_serversettings']); + $ipaddress = intval_ressource($this->getParam('ipaddress', true, $result['ip'])); + + $diskspace = $diskspace * 1024; + $traffic = $traffic * 1024 * 1024; } - - // check if a resource was set to something lower - // than actually used by the admin/reseller - $res_warning = ""; - if ($customers != $result['customers'] && $customers != -1 && $customers < $result['customers_used']) { - $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'customers'); + + // validation + $name = validate($name, 'name', '', '', array(), true); + $idna_convert = new idna_convert_wrapper(); + $email = $idna_convert->encode(validate($email, 'email', '', '', array(), true)); + $def_language = validate($def_language, 'default language', '', '', array(), true); + $custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true); + $theme = validate($theme, 'theme', '', '', array(), true); + $password = validate($password, 'password', '', '', array(), true); + + if (Settings::Get('system.mail_quota_enabled') != '1') { + $email_quota = - 1; } - if ($domains != $result['domains'] && $domains != -1 && $domains < $result['domains_used']) { - $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'domains'); + + if (Settings::Get('ticket.enabled') != '1') { + $tickets = - 1; } - if ($diskspace != $result['diskspace'] && ($diskspace / 1024) != -1 && $diskspace < $result['diskspace_used']) { - $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'diskspace'); + + if (empty($theme)) { + $theme = Settings::Get('panel.default_theme'); } - if ($traffic != $result['traffic'] && ($traffic / 1024 / 1024) != -1 && $traffic < $result['traffic_used']) { - $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'traffic'); + + if ($name == '') { + standard_error(array( + 'stringisempty', + 'myname' + ), '', true); + } elseif ($email == '') { + standard_error(array( + 'stringisempty', + 'emailadd' + ), '', true); + } elseif (! validateEmail($email)) { + standard_error('emailiswrong', $email, true); + } else { + + if ($deactivated != '1') { + $deactivated = '0'; + } + + if ($customers_see_all != '1') { + $customers_see_all = '0'; + } + + if ($domains_see_all != '1') { + $domains_see_all = '0'; + } + + if ($caneditphpsettings != '1') { + $caneditphpsettings = '0'; + } + + if ($change_serversettings != '1') { + $change_serversettings = '0'; + } + + if ($tickets_see_all != '1') { + $tickets_see_all = '0'; + } + + if ($password != '') { + $password = validatePassword($password, true); + $password = makeCryptPassword($password); + } else { + $password = $result['password']; + } + + // check if a resource was set to something lower + // than actually used by the admin/reseller + $res_warning = ""; + if ($customers != $result['customers'] && $customers != - 1 && $customers < $result['customers_used']) { + $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'customers'); + } + if ($domains != $result['domains'] && $domains != - 1 && $domains < $result['domains_used']) { + $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'domains'); + } + if ($diskspace != $result['diskspace'] && ($diskspace / 1024) != - 1 && $diskspace < $result['diskspace_used']) { + $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'diskspace'); + } + if ($traffic != $result['traffic'] && ($traffic / 1024 / 1024) != - 1 && $traffic < $result['traffic_used']) { + $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'traffic'); + } + if ($emails != $result['emails'] && $emails != - 1 && $emails < $result['emails_used']) { + $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'emails'); + } + if ($email_accounts != $result['email_accounts'] && $email_accounts != - 1 && $email_accounts < $result['email_accounts_used']) { + $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'email accounts'); + } + if ($email_forwarders != $result['email_forwarders'] && $email_forwarders != - 1 && $email_forwarders < $result['email_forwarders_used']) { + $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'email forwarders'); + } + if ($email_quota != $result['email_quota'] && $email_quota != - 1 && $email_quota < $result['email_quota_used']) { + $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'email quota'); + } + if ($ftps != $result['ftps'] && $ftps != - 1 && $ftps < $result['ftps_used']) { + $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'ftps'); + } + if ($tickets != $result['tickets'] && $tickets != - 1 && $tickets < $result['tickets_used']) { + $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'tickets'); + } + if ($mysqls != $result['mysqls'] && $mysqls != - 1 && $mysqls < $result['mysqls_used']) { + $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'mysqls'); + } + + if (! empty($res_warning)) { + throw new Exception($res_warning, 406); + } + + $upd_data = array( + 'password' => $password, + 'name' => $name, + 'email' => $email, + 'lang' => $def_language, + 'change_serversettings' => $change_serversettings, + 'customers' => $customers, + 'customers_see_all' => $customers_see_all, + 'domains' => $domains, + 'domains_see_all' => $domains_see_all, + 'caneditphpsettings' => $caneditphpsettings, + 'diskspace' => $diskspace, + 'traffic' => $traffic, + 'subdomains' => $subdomains, + 'emails' => $emails, + 'accounts' => $email_accounts, + 'forwarders' => $email_forwarders, + 'quota' => $email_quota, + 'ftps' => $ftps, + 'tickets' => $tickets, + 'tickets_see_all' => $tickets_see_all, + 'mysqls' => $mysqls, + 'ip' => $ipaddress, + 'deactivated' => $deactivated, + 'custom_notes' => $custom_notes, + 'custom_notes_show' => $custom_notes_show, + 'theme' => $theme, + 'adminid' => $id + ); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_ADMINS . "` SET + `password` = :password, + `name` = :name, + `email` = :email, + `def_language` = :lang, + `change_serversettings` = :change_serversettings, + `customers` = :customers, + `customers_see_all` = :customers_see_all, + `domains` = :domains, + `domains_see_all` = :domains_see_all, + `caneditphpsettings` = :caneditphpsettings, + `diskspace` = :diskspace, + `traffic` = :traffic, + `subdomains` = :subdomains, + `emails` = :emails, + `email_accounts` = :accounts, + `email_forwarders` = :forwarders, + `email_quota` = :quota, + `ftps` = :ftps, + `tickets` = :tickets, + `tickets_see_all` = :tickets_see_all, + `mysqls` = :mysqls, + `ip` = :ip, + `deactivated` = :deactivated, + `custom_notes` = :custom_notes, + `custom_notes_show` = :custom_notes_show, + `theme` = :theme + WHERE `adminid` = :adminid + "); + Database::pexecute($upd_stmt, $upd_data, true, true); + $this->logger()->logAction(ADM_ACTION, LOG_INFO, "[API] edited admin '" . $result['loginname'] . "'"); + + // get all admin-data for return-array + $json_result = Admins::getLocal($this->getUserData(), array( + 'id' => $adminid + ))->get(); + $result = json_decode($json_result, true)['data']; + return $this->response(200, "successfull", $result); } - if ($emails != $result['emails'] && $emails != -1 && $emails < $result['emails_used']) { - $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'emails'); - } - if ($email_accounts != $result['email_accounts'] && $email_accounts != -1 && $email_accounts < $result['email_accounts_used']) { - $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'email accounts'); - } - if ($email_forwarders != $result['email_forwarders'] && $email_forwarders != -1 && $email_forwarders < $result['email_forwarders_used']) { - $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'email forwarders'); - } - if ($email_quota != $result['email_quota'] && $email_quota != -1 && $email_quota < $result['email_quota_used']) { - $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'email quota'); - } - if ($ftps != $result['ftps'] && $ftps != -1 && $ftps < $result['ftps_used']) { - $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'ftps'); - } - if ($tickets != $result['tickets'] && $tickets != -1 && $tickets < $result['tickets_used']) { - $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'tickets'); - } - if ($mysqls != $result['mysqls'] && $mysqls != -1 && $mysqls < $result['mysqls_used']) { - $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'mysqls'); - } - - if (!empty($res_warning)) { - throw new Exception($res_warning, 406); - } - - $upd_data = array( - 'password' => $password, - 'name' => $name, - 'email' => $email, - 'lang' => $def_language, - 'change_serversettings' => $change_serversettings, - 'customers' => $customers, - 'customers_see_all' => $customers_see_all, - 'domains' => $domains, - 'domains_see_all' => $domains_see_all, - 'caneditphpsettings' => $caneditphpsettings, - 'diskspace' => $diskspace, - 'traffic' => $traffic, - 'subdomains' => $subdomains, - 'emails' => $emails, - 'accounts' => $email_accounts, - 'forwarders' => $email_forwarders, - 'quota' => $email_quota, - 'ftps' => $ftps, - 'tickets' => $tickets, - 'tickets_see_all' => $tickets_see_all, - 'mysqls' => $mysqls, - 'ip' => $ipaddress, - 'deactivated' => $deactivated, - 'custom_notes' => $custom_notes, - 'custom_notes_show' => $custom_notes_show, - 'theme' => $theme, - 'adminid' => $id - ); - - $upd_stmt = Database::prepare(" - UPDATE `" . TABLE_PANEL_ADMINS . "` SET - `password` = :password, - `name` = :name, - `email` = :email, - `def_language` = :lang, - `change_serversettings` = :change_serversettings, - `customers` = :customers, - `customers_see_all` = :customers_see_all, - `domains` = :domains, - `domains_see_all` = :domains_see_all, - `caneditphpsettings` = :caneditphpsettings, - `diskspace` = :diskspace, - `traffic` = :traffic, - `subdomains` = :subdomains, - `emails` = :emails, - `email_accounts` = :accounts, - `email_forwarders` = :forwarders, - `email_quota` = :quota, - `ftps` = :ftps, - `tickets` = :tickets, - `tickets_see_all` = :tickets_see_all, - `mysqls` = :mysqls, - `ip` = :ip, - `deactivated` = :deactivated, - `custom_notes` = :custom_notes, - `custom_notes_show` = :custom_notes_show, - `theme` = :theme - WHERE `adminid` = :adminid - "); - Database::pexecute($upd_stmt, $upd_data, true, true); - $this->logger()->logAction(ADM_ACTION, LOG_INFO, "[API] edited admin '" . $result['loginname'] . "'"); - - // get all admin-data for return-array - $json_result = Admins::getLocal($this->getUserData(), array( - 'id' => $adminid - ))->get(); - $result = json_decode($json_result, true)['data']; - return $this->response(200, "successfull", $result); } } throw new Exception("Not allowed to execute given command.", 403); @@ -566,7 +572,7 @@ class Admins extends ApiCommand implements ResourceEntity * optional, the admin-id * @param string $loginname * optional, the loginname - * + * * @access admin * @throws Exception * @return array @@ -577,46 +583,58 @@ class Admins extends ApiCommand implements ResourceEntity $id = $this->getParam('id', true, 0); $ln_optional = ($id <= 0 ? false : true); $loginname = trim($this->getParam('loginname', $ln_optional, '')); - + $json_result = Admins::getLocal($this->getUserData(), array( 'id' => $id, 'loginname' => $loginname ))->get(); $result = json_decode($json_result, true)['data']; $id = $result['adminid']; - + // don't be stupid - if ($id == $this->getUserDetail('userid')) { + if ($id == $this->getUserDetail('adminid')) { standard_error('youcantdeleteyourself', '', true); } - + $del_stmt = Database::prepare(" DELETE FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid "); - Database::pexecute($del_stmt, array('adminid' => $id), true, true); - + Database::pexecute($del_stmt, array( + 'adminid' => $id + ), true, true); + $del_stmt = Database::prepare(" DELETE FROM `" . TABLE_PANEL_TRAFFIC_ADMINS . "` WHERE `adminid` = :adminid "); - Database::pexecute($del_stmt, array('adminid' => $id), true, true); - + Database::pexecute($del_stmt, array( + 'adminid' => $id + ), true, true); + $del_stmt = Database::prepare(" DELETE FROM `" . TABLE_PANEL_DISKSPACE_ADMINS . "` WHERE `adminid` = :adminid "); - Database::pexecute($del_stmt, array('adminid' => $id), true, true); - + Database::pexecute($del_stmt, array( + 'adminid' => $id + ), true, true); + $upd_stmt = Database::prepare(" UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `adminid` = :userid WHERE `adminid` = :adminid "); - Database::pexecute($upd_stmt, array('userid' => $this->getUserDetail('userid'), 'adminid' => $id), true, true); - + Database::pexecute($upd_stmt, array( + 'userid' => $this->getUserDetail('adminid'), + 'adminid' => $id + ), true, true); + $upd_stmt = Database::prepare(" UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `adminid` = :userid WHERE `adminid` = :adminid "); - Database::pexecute($upd_stmt, array('userid' => $this->getUserDetail('userid'), 'adminid' => $id), true, true); - + Database::pexecute($upd_stmt, array( + 'userid' => $this->getUserDetail('adminid'), + 'adminid' => $id + ), true, true); + $this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] deleted admin '" . $result['loginname'] . "'"); updateCounters(); return $this->response(200, "successfull", $result); @@ -631,7 +649,7 @@ class Admins extends ApiCommand implements ResourceEntity * optional, the admin-id * @param string $loginname * optional, the loginname - * + * * @access admin * @throws Exception * @return array @@ -642,7 +660,7 @@ class Admins extends ApiCommand implements ResourceEntity $id = $this->getParam('id', true, 0); $ln_optional = ($id <= 0 ? false : true); $loginname = trim($this->getParam('loginname', $ln_optional, '')); - + $json_result = Admins::getLocal($this->getUserData(), array( 'id' => $id, 'loginname' => $loginname