fixes in Admins.update(); use ApiCommand for theme-, language- and password-change

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

admin_index.php

@@ -214,15 +214,11 @@ if ($page == 'overview') {
 		} elseif($new_password != $new_password_confirm) {
 			standard_error('newpasswordconfirmerror');
 		} else {
-			$chgpwd_stmt = Database::prepare("
-				UPDATE `" . TABLE_PANEL_ADMINS . "`
-				SET `password`= :newpasswd
-				WHERE `adminid`= :adminid"
-			);
-			Database::pexecute($chgpwd_stmt, array(
-				'newpasswd' => makeCryptPassword($new_password),
-				'adminid' => (int)$userinfo['adminid']
-			));
+			try {
+				Admins::getLocal($userinfo, array('id' => $userinfo['adminid'], 'admin_password' => $new_password))->update();
+			} catch (Exception $e) {
+				dynamic_error($e->getMessage());
+			}
 			$log->logAction(ADM_ACTION, LOG_NOTICE, 'changed password');
 			redirectTo($filename, Array('s' => $s));
 		}
@@ -238,16 +234,13 @@ if ($page == 'overview') {
 		$def_language = validate($_POST['def_language'], 'default language');
 
 		if (isset($languages[$def_language])) {
-			$lng_stmt = Database::prepare("
-				UPDATE `" . TABLE_PANEL_ADMINS . "`
-				SET `def_language`= :deflng
-				WHERE `adminid`= :adminid"
-			);
-			Database::pexecute($lng_stmt, array(
-				'deflng' => $def_language,
-				'adminid' => (int)$userinfo['adminid']
-			));
+			try {
+				Admins::getLocal($userinfo, array('id' => $userinfo['adminid'], 'def_language' => $def_language))->update();
+			} catch (Exception $e) {
+				dynamic_error($e->getMessage());
+			}
 
+			// also update current session
 			$lng_stmt = Database::prepare("
 				UPDATE `" . TABLE_PANEL_SESSIONS . "`
 				SET `language`= :lng
@@ -258,7 +251,6 @@ if ($page == 'overview') {
 				'hash' => $s
 			));
 		}
-
 		$log->logAction(ADM_ACTION, LOG_NOTICE, "changed his/her default language to '" . $def_language . "'");
 		redirectTo($filename, array('s' => $s));
 
@@ -284,17 +276,13 @@ if ($page == 'overview') {
 		&& $_POST['send'] == 'send'
 	) {
 		$theme = validate($_POST['theme'], 'theme');
+		try {
+			Admins::getLocal($userinfo, array('id' => $userinfo['adminid'], 'theme' => $theme))->update();
+		} catch (Exception $e) {
+			dynamic_error($e->getMessage());
+		}
 
-		$theme_stmt = Database::prepare("
-				UPDATE `" . TABLE_PANEL_ADMINS . "`
-				SET `theme`= :theme
-				WHERE `adminid`= :adminid"
-		);
-		Database::pexecute($theme_stmt, array(
-			'theme' => $theme,
-			'adminid' => (int)$userinfo['adminid']
-		));
-
+		// also update current session
 		$theme_stmt = Database::prepare("
 				UPDATE `" . TABLE_PANEL_SESSIONS . "`
 				SET `theme`= :theme

customer_index.php

@@ -122,15 +122,11 @@ if ($page == 'overview') {
 			standard_error('newpasswordconfirmerror');
 		} else {
 			// Update user password
-			$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
-				SET `password` = :newpassword
-				WHERE `customerid` = :customerid"
-			);
-			$params = array(
-				"newpassword" => makeCryptPassword($new_password),
-				"customerid" => $userinfo['customerid']
-			);
-			Database::pexecute($stmt, $params);
+			try {
+				Customers::getLocal($userinfo, array('id' => $userinfo['customerid'], 'new_customer_password' => $new_password))->update();
+			} catch (Exception $e) {
+				dynamic_error($e->getMessage());
+			}
 			$log->logAction(USR_ACTION, LOG_NOTICE, 'changed password');
 
 			// Update ftp password
@@ -181,21 +177,20 @@ if ($page == 'overview') {
 	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$def_language = validate($_POST['def_language'], 'default language');
 		if (isset($languages[$def_language])) {
-			$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
-				SET `def_language` = :lang
-				WHERE `customerid` = :customerid"
-			);
-			Database::pexecute($stmt, array("lang" => $def_language, "customerid" => $userinfo['customerid']));
+			try {
+				Customers::getLocal($userinfo, array('id' => $userinfo['customerid'], 'def_language' => $def_language))->update();
+			} catch (Exception $e) {
+				dynamic_error($e->getMessage());
+			}
 
+			// also update current session
 			$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_SESSIONS . "`
 				SET `language` = :lang
 				WHERE `hash` = :hash"
 			);
 			Database::pexecute($stmt, array("lang" => $def_language, "hash" => $s));
-
-			$log->logAction(USR_ACTION, LOG_NOTICE, "changed default language to '" . $def_language . "'");
 		}
-
+		$log->logAction(USR_ACTION, LOG_NOTICE, "changed default language to '" . $def_language . "'");
 		redirectTo($filename, array('s' => $s));
 	} else {
 		$default_lang = Settings::Get('panel.standardlanguage');
@@ -213,13 +208,13 @@ if ($page == 'overview') {
 } elseif ($page == 'change_theme') {
 	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$theme = validate($_POST['theme'], 'theme');
+		try {
+			Customers::getLocal($userinfo, array('id' => $userinfo['customerid'], 'theme' => $theme))->update();
+		} catch (Exception $e) {
+			dynamic_error($e->getMessage());
+		}
 
-		$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
-			SET `theme` = :theme
-			WHERE `customerid` = :customerid"
-		);
-		Database::pexecute($stmt, array("theme" => $theme, "customerid" => $userinfo['customerid']));
-
+		// also update current session
 		$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_SESSIONS . "`
 			SET `theme` = :theme
 			WHERE `hash` = :hash"

lib/classes/api/commands/class.Admins.php

@@ -313,14 +313,14 @@ class Admins extends ApiCommand implements ResourceEntity
 			$name = $this->getParam('name', true, $result['name']);
 			$idna_convert = new idna_convert_wrapper();
 			$email = $this->getParam('email', true, $idna_convert->decode($result['email']));
+			$password = $this->getParam('admin_password', true, '');
+			$def_language = $this->getParam('def_language', true, $result['def_language']);
 			$custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']);
 			$custom_notes_show = $this->getParam('custom_notes_show', true, $result['custom_notes_show']);
 			$theme = $this->getParam('theme', true, $result['theme']);
 
 			// you cannot edit some of the details of yourself
 			if ($result['adminid'] == $this->getUserDetail('userid')) {
-				$password = '';
-				$def_language = $result['def_language'];
 				$deactivated = $result['deactivated'];
 				$customers = $result['customers'];
 				$domains = $result['domains'];
@@ -341,8 +341,6 @@ class Admins extends ApiCommand implements ResourceEntity
 				$traffic = $result['traffic'];
 				$ipaddress = $result['ip'];
 			} else {
-				$password = $this->getParam('admin_password', true, '');
-				$def_language = $this->getParam('def_language', true, $result['def_language']);
 				$deactivated = $this->getParam('deactivated', true, $result['deactivated']);
 
 				$dec_places = Settings::Get('panel.decimal_places');
@@ -377,6 +375,7 @@ class Admins extends ApiCommand implements ResourceEntity
 			$def_language = validate($def_language, 'default language', '', '', array(), true);
 			$custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true);
 			$theme = validate($theme, 'theme', '', '', array(), true);
+			$password = validate($password, 'password', '', '', array(), true);
 
 			if (Settings::Get('system.mail_quota_enabled') != '1') {
 				$email_quota = - 1;
@@ -390,16 +389,6 @@ class Admins extends ApiCommand implements ResourceEntity
 				$theme = Settings::Get('panel.default_theme');
 			}
 
-			$password = validate($password, 'password', '', '', array(), true);
-			// only check if not empty,
-			// cause empty == generate password automatically
-			if ($password != '') {
-				$password = validatePassword($password, true);
-			}
-
-			$diskspace = $diskspace * 1024;
-			$traffic = $traffic * 1024 * 1024;
-
 			if ($name == '') {
 				standard_error(array(
 					'stringisempty',