maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

add Admins.update()

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-23 11:57:29 +01:00
parent 8930d2a1bf
commit 8e0bfe9d09
3 changed files with 362 additions and 332 deletions
Download Patch File Download Diff File Expand all files Collapse all files

356
admin_admins.php
View File

@@ -107,10 +107,14 @@ if ($page == 'admins'
} elseif($action == 'su') {
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid
");
$result = Database::pexecute_first($result_stmt, array('adminid' => $id));
try {
$json_result = Admins::getLocal($userinfo, array(
'id' => $id
))->get();
} catch (Exception $e) {
dynamic_error($e->getMessage());
}
$result = json_decode($json_result, true)['data'];
$destination_admin = $result['loginname'];
if ($destination_admin != ''
@@ -147,10 +151,14 @@ if ($page == 'admins'
} elseif ($action == 'delete'
&& $id != 0
) {
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid
");
$result = Database::pexecute_first($result_stmt, array('adminid' => $id));
try {
$json_result = Admins::getLocal($userinfo, array(
'id' => $id
))->get();
} catch (Exception $e) {
dynamic_error($e->getMessage());
}
$result = json_decode($json_result, true)['data'];
if ($result['loginname'] != '') {
if ($result['adminid'] == $userinfo['userid']) {
@@ -160,37 +168,10 @@ if ($page == 'admins'
if (isset($_POST['send'])
&& $_POST['send'] == 'send'
) {
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid
");
Database::pexecute($del_stmt, array('adminid' => $id));
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_TRAFFIC_ADMINS . "` WHERE `adminid` = :adminid
");
Database::pexecute($del_stmt, array('adminid' => $id));
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_DISKSPACE_ADMINS . "` WHERE `adminid` = :adminid
");
Database::pexecute($del_stmt, array('adminid' => $id));
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
`adminid` = :userid WHERE `adminid` = :adminid
");
Database::pexecute($upd_stmt, array('userid' => $userinfo['userid'], 'adminid' => $id));
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
`adminid` = :userid WHERE `adminid` = :adminid
");
Database::pexecute($upd_stmt, array('userid' => $userinfo['userid'], 'adminid' => $id));
$log->logAction(ADM_ACTION, LOG_INFO, "deleted admin '" . $result['loginname'] . "'");
updateCounters();
Admins::getLocal($this->getUserData(), array(
'id' => $id
))->delete();
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
ask_yesno('admin_admin_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['loginname']);
}
@@ -249,299 +230,26 @@ if ($page == 'admins'
&& $id != 0
) {
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid
");
$result = Database::pexecute_first($result_stmt, array('adminid' => $id));
try {
$json_result = Admins::getLocal($userinfo, array(
'id' => $id
))->get();
} catch (Exception $e) {
dynamic_error($e->getMessage());
}
$result = json_decode($json_result, true)['data'];
if ($result['loginname'] != '') {
if (isset($_POST['send'])
&& $_POST['send'] == 'send'
) {
$name = validate($_POST['name'], 'name');
$email = $idna_convert->encode(validate($_POST['email'], 'email'));
$custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/');
$custom_notes_show = $result['custom_notes_show'];
if (isset($_POST['custom_notes_show'])) {
$custom_notes_show = intval_ressource($_POST['custom_notes_show']);
try {
Admins::getLocal($userinfo, $_POST)->update();
} catch (Exception $e) {
dynamic_error($e->getMessage());
}
if ($result['adminid'] == $userinfo['userid']) {
$password = '';
$def_language = $result['def_language'];
$deactivated = $result['deactivated'];
$customers = $result['customers'];
$domains = $result['domains'];
$subdomains = $result['subdomains'];
$emails = $result['emails'];
$email_accounts = $result['email_accounts'];
$email_forwarders = $result['email_forwarders'];
$email_quota = $result['email_quota'];
$ftps = $result['ftps'];
$tickets = $result['tickets'];
$mysqls = $result['mysqls'];
$tickets_see_all = $result['tickets_see_all'];
$customers_see_all = $result['customers_see_all'];
$domains_see_all = $result['domains_see_all'];
$caneditphpsettings = $result['caneditphpsettings'];
$change_serversettings = $result['change_serversettings'];
$diskspace = $result['diskspace'];
$traffic = $result['traffic'];
$ipaddress = $result['ip'];
} else {
$password = validate($_POST['admin_password'], 'new password');
$def_language = validate($_POST['def_language'], 'default language');
$deactivated = isset($_POST['deactivated']) ? 1 : 0;
$customers = intval_ressource($_POST['customers']);
if (isset($_POST['customers_ul'])) {
$customers = -1;
}
$domains = intval_ressource($_POST['domains']);
if (isset($_POST['domains_ul'])) {
$domains = -1;
}
$subdomains = intval_ressource($_POST['subdomains']);
if (isset($_POST['subdomains_ul'])) {
$subdomains = -1;
}
$emails = intval_ressource($_POST['emails']);
if (isset($_POST['emails_ul'])) {
$emails = -1;
}
$email_accounts = intval_ressource($_POST['email_accounts']);
if (isset($_POST['email_accounts_ul'])) {
$email_accounts = -1;
}
$email_forwarders = intval_ressource($_POST['email_forwarders']);
if (isset($_POST['email_forwarders_ul'])) {
$email_forwarders = -1;
}
if (Settings::Get('system.mail_quota_enabled') == '1') {
$email_quota = validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array('0', ''));
if (isset($_POST['email_quota_ul'])) {
$email_quota = -1;
}
} else {
$email_quota = -1;
}
$ftps = intval_ressource($_POST['ftps']);
if (isset($_POST['ftps_ul'])) {
$ftps = -1;
}
if (Settings::Get('ticket.enabled') == 1) {
$tickets = intval_ressource($_POST['tickets']);
if (isset($_POST['tickets_ul'])) {
$tickets = -1;
}
} else {
$tickets = 0;
}
$mysqls = intval_ressource($_POST['mysqls']);
if (isset($_POST['mysqls_ul'])) {
$mysqls = -1;
}
$customers_see_all = 0;
if (isset($_POST['customers_see_all'])) {
$customers_see_all = intval($_POST['customers_see_all']);
}
$domains_see_all = 0;
if (isset($_POST['domains_see_all'])) {
$domains_see_all = intval($_POST['domains_see_all']);
}
$caneditphpsettings = 0;
if (isset($_POST['caneditphpsettings'])) {
$caneditphpsettings = intval($_POST['caneditphpsettings']);
}
$change_serversettings = 0;
if (isset($_POST['change_serversettings'])) {
$change_serversettings = isset($_POST['change_serversettings']) ? 1 : 0;
}
$tickets_see_all = 0;
if (isset($_POST['tickets_see_all'])) {
$tickets_see_all = intval($_POST['tickets_see_all']);
}
$diskspace = intval($_POST['diskspace']);
if (isset($_POST['diskspace_ul'])) {
$diskspace = -1;
}
$traffic = doubleval_ressource($_POST['traffic']);
if (isset($_POST['traffic_ul'])) {
$traffic = -1;
}
$diskspace = $diskspace * 1024;
$traffic = $traffic * 1024 * 1024;
$ipaddress = intval_ressource($_POST['ipaddress']);
}
if ($name == '') {
standard_error(array('stringisempty', 'myname'));
} elseif($email == '') {
standard_error(array('stringisempty', 'emailadd'));
} elseif(!validateEmail($email)) {
standard_error('emailiswrong', $email);
} else {
if ($password != '') {
$password = validatePassword($password);
$password = makeCryptPassword($password);
} else {
$password = $result['password'];
}
if ($deactivated != '1') {
$deactivated = '0';
}
if ($customers_see_all != '1') {
$customers_see_all = '0';
}
if ($domains_see_all != '1') {
$domains_see_all = '0';
}
if ($caneditphpsettings != '1') {
$caneditphpsettings = '0';
}
if ($change_serversettings != '1') {
$change_serversettings = '0';
}
if ($tickets_see_all != '1') {
$tickets_see_all = '0';
}
// check if a resource was set to something lower
// than actually used by the admin/reseller
$res_warning = "";
if ($customers != $result['customers'] && $customers != -1 && $customers < $result['customers_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'customers');
}
if ($domains != $result['domains'] && $domains != -1 && $domains < $result['domains_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'domains');
}
if ($diskspace != $result['diskspace'] && ($diskspace / 1024) != -1 && $diskspace < $result['diskspace_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'diskspace');
}
if ($traffic != $result['traffic'] && ($traffic / 1024 / 1024) != -1 && $traffic < $result['traffic_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'traffic');
}
if ($emails != $result['emails'] && $emails != -1 && $emails < $result['emails_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'emails');
}
if ($email_accounts != $result['email_accounts'] && $email_accounts != -1 && $email_accounts < $result['email_accounts_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email accounts');
}
if ($email_forwarders != $result['email_forwarders'] && $email_forwarders != -1 && $email_forwarders < $result['email_forwarders_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email forwarders');
}
if ($email_quota != $result['email_quota'] && $email_quota != -1 && $email_quota < $result['email_quota_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email quota');
}
if ($ftps != $result['ftps'] && $ftps != -1 && $ftps < $result['ftps_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'ftps');
}
if ($tickets != $result['tickets'] && $tickets != -1 && $tickets < $result['tickets_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'tickets');
}
if ($mysqls != $result['mysqls'] && $mysqls != -1 && $mysqls < $result['mysqls_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'mysqls');
}
if ($res_warning != "") {
$link = '';
$error = $res_warning;
eval("echo \"" . getTemplate('misc/error', '1') . "\";");
exit;
}
$upd_data = array(
'password' => $password,
'name' => $name,
'email' => $email,
'lang' => $def_language,
'change_serversettings' => $change_serversettings,
'customers' => $customers,
'customers_see_all' => $customers_see_all,
'domains' => $domains,
'domains_see_all' => $domains_see_all,
'caneditphpsettings' => $caneditphpsettings,
'diskspace' => $diskspace,
'traffic' => $traffic,
'subdomains' => $subdomains,
'emails' => $emails,
'accounts' => $email_accounts,
'forwarders' => $email_forwarders,
'quota' => $email_quota,
'ftps' => $ftps,
'tickets' => $tickets,
'tickets_see_all' => $tickets_see_all,
'mysqls' => $mysqls,
'ip' => $ipaddress,
'deactivated' => $deactivated,
'custom_notes' => $custom_notes,
'custom_notes_show' => $custom_notes_show,
'adminid' => $id
);
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_ADMINS . "` SET
`password` = :password,
`name` = :name,
`email` = :email,
`def_language` = :lang,
`change_serversettings` = :change_serversettings,
`customers` = :customers,
`customers_see_all` = :customers_see_all,
`domains` = :domains,
`domains_see_all` = :domains_see_all,
`caneditphpsettings` = :caneditphpsettings,
`diskspace` = :diskspace,
`traffic` = :traffic,
`subdomains` = :subdomains,
`emails` = :emails,
`email_accounts` = :accounts,
`email_forwarders` = :forwarders,
`email_quota` = :quota,
`ftps` = :ftps,
`tickets` = :tickets,
`tickets_see_all` = :tickets_see_all,
`mysqls` = :mysqls,
`ip` = :ip,
`deactivated` = :deactivated,
`custom_notes` = :custom_notes,
`custom_notes_show` = :custom_notes_show
WHERE `adminid` = :adminid
");
Database::pexecute($upd_stmt, $upd_data);
$log->logAction(ADM_ACTION, LOG_INFO, "edited admin '#" . $id . "'");
redirectTo($filename, array('page' => $page, 's' => $s));
}
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
$dec_places = Settings::Get('panel.decimal_places');

326
lib/classes/api/commands/class.Admins.php
View File

@@ -86,7 +86,7 @@ class Admins extends ApiCommand implements ResourceEntity
public function add()
{
if ($this->isAdmin()) {
if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {
// required parameters
$name = $this->getParam('name');
@@ -291,7 +291,269 @@ class Admins extends ApiCommand implements ResourceEntity
}
public function update()
{}
{
if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {
$id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, '');
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Admins::getLocal($this->getUserData(), array(
'id' => $id,
'loginname' => $loginname
))->get();
$result = json_decode($json_result, true)['data'];
$id = $result['adminid'];
// parameters
$name = $this->getParam('name', true, $result['name']);
$idna_convert = new idna_convert_wrapper();
$email = $this->getParam('email', true, $idna_convert->decode($result['email']));
$custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']);
$custom_notes_show = $this->getParam('custom_notes_show', true, $result['custom_notes_show']);
$theme = $this->getParam('theme', true, $result['theme']);
// you cannot edit some of the details of yourself
if ($result['adminid'] == $this->getUserDetail('userid')) {
$password = '';
$def_language = $result['def_language'];
$deactivated = $result['deactivated'];
$customers = $result['customers'];
$domains = $result['domains'];
$subdomains = $result['subdomains'];
$emails = $result['emails'];
$email_accounts = $result['email_accounts'];
$email_forwarders = $result['email_forwarders'];
$email_quota = $result['email_quota'];
$ftps = $result['ftps'];
$tickets = $result['tickets'];
$mysqls = $result['mysqls'];
$tickets_see_all = $result['tickets_see_all'];
$customers_see_all = $result['customers_see_all'];
$domains_see_all = $result['domains_see_all'];
$caneditphpsettings = $result['caneditphpsettings'];
$change_serversettings = $result['change_serversettings'];
$diskspace = $result['diskspace'];
$traffic = $result['traffic'];
$ipaddress = $result['ip'];
} else {
$password = $this->getParam('admin_password', true, '');
$def_language = $this->getParam('def_language', true, $result['def_language']);
$deactivated = $this->getParam('deactivated', true, $result['deactivated']);
$dec_places = Settings::Get('panel.decimal_places');
$diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, round($result['diskspace'] / 1024, $dec_places));
$traffic = $this->getUlParam('traffic', 'traffic_ul', true, round($result['traffic'] / (1024 * 1024), $dec_places));
$customers = $this->getUlParam('customers', 'customers_ul', true, $result['customers']);
$domains = $this->getUlParam('domains', 'domains_ul', true, $result['domains']);
$subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, $result['subdomains']);
$emails = $this->getUlParam('emails', 'emails_ul', true, $result['emails']);
$email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, $result['email_accounts']);
$email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, $result['email_forwarders']);
$email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, $result['email_quota']);
$ftps = $this->getUlParam('ftps', 'ftps_ul', true, $result['ftps']);
$tickets = $this->getUlParam('tickets', 'tickets_ul', true, $result['tickets']);
$mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, $result['mysqls']);
$customers_see_all = $this->getParam('customers_see_all', true, $result['customers_see_all']);
$domains_see_all = $this->getParam('domains_see_all', true, $result['domains_see_all']);
$tickets_see_all = $this->getParam('tickets_see_all', true, $result['tickets_see_all']);
$caneditphpsettings = $this->getParam('caneditphpsettings', true, $result['caneditphpsettings']);
$change_serversettings = $this->getParam('change_serversettings', true, $result['change_serversettings']);
$ipaddress = intval_ressource($this->getParam('ipaddress', true, $result['ip']));
$diskspace = $diskspace * 1024;
$traffic = $traffic * 1024 * 1024;
}
// validation
$name = validate($name, 'name', '', '', array(), true);
$idna_convert = new idna_convert_wrapper();
$email = $idna_convert->encode(validate($email, 'email', '', '', array(), true));
$def_language = validate($def_language, 'default language', '', '', array(), true);
$custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true);
$theme = validate($theme, 'theme', '', '', array(), true);
if (Settings::Get('system.mail_quota_enabled') != '1') {
$email_quota = - 1;
}
if (Settings::Get('ticket.enabled') != '1') {
$tickets = - 1;
}
if (empty($theme)) {
$theme = Settings::Get('panel.default_theme');
}
$password = validate($password, 'password', '', '', array(), true);
// only check if not empty,
// cause empty == generate password automatically
if ($password != '') {
$password = validatePassword($password, true);
}
$diskspace = $diskspace * 1024;
$traffic = $traffic * 1024 * 1024;
if ($name == '') {
standard_error(array(
'stringisempty',
'myname'
), '', true);
} elseif ($email == '') {
standard_error(array(
'stringisempty',
'emailadd'
), '', true);
} elseif (! validateEmail($email)) {
standard_error('emailiswrong', $email, true);
} else {
if ($deactivated != '1') {
$deactivated = '0';
}
if ($customers_see_all != '1') {
$customers_see_all = '0';
}
if ($domains_see_all != '1') {
$domains_see_all = '0';
}
if ($caneditphpsettings != '1') {
$caneditphpsettings = '0';
}
if ($change_serversettings != '1') {
$change_serversettings = '0';
}
if ($tickets_see_all != '1') {
$tickets_see_all = '0';
}
if ($password != '') {
$password = validatePassword($password, true);
$password = makeCryptPassword($password);
} else {
$password = $result['password'];
}
// check if a resource was set to something lower
// than actually used by the admin/reseller
$res_warning = "";
if ($customers != $result['customers'] && $customers != -1 && $customers < $result['customers_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'customers');
}
if ($domains != $result['domains'] && $domains != -1 && $domains < $result['domains_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'domains');
}
if ($diskspace != $result['diskspace'] && ($diskspace / 1024) != -1 && $diskspace < $result['diskspace_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'diskspace');
}
if ($traffic != $result['traffic'] && ($traffic / 1024 / 1024) != -1 && $traffic < $result['traffic_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'traffic');
}
if ($emails != $result['emails'] && $emails != -1 && $emails < $result['emails_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'emails');
}
if ($email_accounts != $result['email_accounts'] && $email_accounts != -1 && $email_accounts < $result['email_accounts_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email accounts');
}
if ($email_forwarders != $result['email_forwarders'] && $email_forwarders != -1 && $email_forwarders < $result['email_forwarders_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email forwarders');
}
if ($email_quota != $result['email_quota'] && $email_quota != -1 && $email_quota < $result['email_quota_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email quota');
}
if ($ftps != $result['ftps'] && $ftps != -1 && $ftps < $result['ftps_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'ftps');
}
if ($tickets != $result['tickets'] && $tickets != -1 && $tickets < $result['tickets_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'tickets');
}
if ($mysqls != $result['mysqls'] && $mysqls != -1 && $mysqls < $result['mysqls_used']) {
$res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'mysqls');
}
if (!empty($res_warning)) {
throw new Exception($res_warning, 406);
}
$upd_data = array(
'password' => $password,
'name' => $name,
'email' => $email,
'lang' => $def_language,
'change_serversettings' => $change_serversettings,
'customers' => $customers,
'customers_see_all' => $customers_see_all,
'domains' => $domains,
'domains_see_all' => $domains_see_all,
'caneditphpsettings' => $caneditphpsettings,
'diskspace' => $diskspace,
'traffic' => $traffic,
'subdomains' => $subdomains,
'emails' => $emails,
'accounts' => $email_accounts,
'forwarders' => $email_forwarders,
'quota' => $email_quota,
'ftps' => $ftps,
'tickets' => $tickets,
'tickets_see_all' => $tickets_see_all,
'mysqls' => $mysqls,
'ip' => $ipaddress,
'deactivated' => $deactivated,
'custom_notes' => $custom_notes,
'custom_notes_show' => $custom_notes_show,
'theme' => $theme,
'adminid' => $id
);
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_ADMINS . "` SET
`password` = :password,
`name` = :name,
`email` = :email,
`def_language` = :lang,
`change_serversettings` = :change_serversettings,
`customers` = :customers,
`customers_see_all` = :customers_see_all,
`domains` = :domains,
`domains_see_all` = :domains_see_all,
`caneditphpsettings` = :caneditphpsettings,
`diskspace` = :diskspace,
`traffic` = :traffic,
`subdomains` = :subdomains,
`emails` = :emails,
`email_accounts` = :accounts,
`email_forwarders` = :forwarders,
`email_quota` = :quota,
`ftps` = :ftps,
`tickets` = :tickets,
`tickets_see_all` = :tickets_see_all,
`mysqls` = :mysqls,
`ip` = :ip,
`deactivated` = :deactivated,
`custom_notes` = :custom_notes,
`custom_notes_show` = :custom_notes_show,
`theme` = :theme
WHERE `adminid` = :adminid
");
Database::pexecute($upd_stmt, $upd_data, true, true);
$this->logger()->logAction(ADM_ACTION, LOG_INFO, "[API] edited admin '" . $result['loginname'] . "'");
return $this->response(200, "successfull", $upd_data);
}
}
throw new Exception("Not allowed to execute given command.", 403);
}
/**
* delete a admin entry by either id or loginname
@@ -300,14 +562,66 @@ class Admins extends ApiCommand implements ResourceEntity
* optional, the admin-id
* @param string $loginname
* optional, the loginname
* @param bool $delete_userfiles
* optional, default false
*
* @throws Exception
* @return array
*/
public function delete()
{}
{
if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {
$id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, '');
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Admins::getLocal($this->getUserData(), array(
'id' => $id,
'loginname' => $loginname
))->get();
$result = json_decode($json_result, true)['data'];
$id = $result['adminid'];
// don't be stupid
if ($id == $this->getUserDetail('userid')) {
standard_error('youcantdeleteyourself', '', true);
}
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid
");
Database::pexecute($del_stmt, array('adminid' => $id), true, true);
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_TRAFFIC_ADMINS . "` WHERE `adminid` = :adminid
");
Database::pexecute($del_stmt, array('adminid' => $id), true, true);
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_DISKSPACE_ADMINS . "` WHERE `adminid` = :adminid
");
Database::pexecute($del_stmt, array('adminid' => $id), true, true);
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
`adminid` = :userid WHERE `adminid` = :adminid
");
Database::pexecute($upd_stmt, array('userid' => $this->getUserDetail('userid'), 'adminid' => $id), true, true);
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
`adminid` = :userid WHERE `adminid` = :adminid
");
Database::pexecute($upd_stmt, array('userid' => $this->getUserDetail('userid'), 'adminid' => $id), true, true);
$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] deleted admin '" . $result['loginname'] . "'");
updateCounters();
return $this->response(200, "successfull", $result);
}
throw new Exception("Not allowed to execute given command.", 403);
}
/**
* unlock a locked admin by either id or loginname
@@ -322,7 +636,7 @@ class Admins extends ApiCommand implements ResourceEntity
*/
public function unlock()
{
if ($this->isAdmin()) {
if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {
$id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, '');

12
lib/classes/api/commands/class.Customers.php
View File

@@ -706,6 +706,7 @@ class Customers extends ApiCommand implements ResourceEntity
$perlenabled = $this->getParam('perlenabled', true, $result['perlenabled']);
$dnsenabled = $this->getParam('dnsenabled', true, $result['dnsenabled']);
$deactivated = $this->getParam('deactivated', true, $result['deactivated']);
$theme = $this->getParam('theme', true, $result['theme']);
// validation
$idna_convert = new idna_convert_wrapper();
@@ -721,6 +722,7 @@ class Customers extends ApiCommand implements ResourceEntity
$customernumber = validate($customernumber, 'customer number', '/^[A-Za-z0-9 \-]*$/Di', '', array(), true);
$def_language = validate($def_language, 'default language', '', '', array(), true);
$custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true);
$theme = validate($theme, 'theme', '', '', array(), true);
if (Settings::Get('system.mail_quota_enabled') != '1') {
$email_quota = - 1;
@@ -730,6 +732,10 @@ class Customers extends ApiCommand implements ResourceEntity
$tickets = - 1;
}
if (empty($theme)) {
$theme = Settings::Get('panel.default_theme');
}
$diskspace = $diskspace * 1024;
$traffic = $traffic * 1024 * 1024;
@@ -980,7 +986,8 @@ class Customers extends ApiCommand implements ResourceEntity
'perlenabled' => $perlenabled,
'dnsenabled' => $dnsenabled,
'custom_notes' => $custom_notes,
'custom_notes_show' => $custom_notes_show
'custom_notes_show' => $custom_notes_show,
'theme' => $theme
);
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
@@ -1015,7 +1022,8 @@ class Customers extends ApiCommand implements ResourceEntity
`perlenabled` = :perlenabled,
`dnsenabled` = :dnsenabled,
`custom_notes` = :custom_notes,
`custom_notes_show` = :custom_notes_show
`custom_notes_show` = :custom_notes_show,
`theme` = :theme
WHERE `customerid` = :customerid
");
Database::pexecute($upd_stmt, $upd_data);