diff --git a/admin_admins.php b/admin_admins.php index ce0f8488..1404aa6d 100644 --- a/admin_admins.php +++ b/admin_admins.php @@ -107,10 +107,14 @@ if ($page == 'admins' } elseif($action == 'su') { - $result_stmt = Database::prepare(" - SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid - "); - $result = Database::pexecute_first($result_stmt, array('adminid' => $id)); + try { + $json_result = Admins::getLocal($userinfo, array( + 'id' => $id + ))->get(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); + } + $result = json_decode($json_result, true)['data']; $destination_admin = $result['loginname']; if ($destination_admin != '' @@ -147,10 +151,14 @@ if ($page == 'admins' } elseif ($action == 'delete' && $id != 0 ) { - $result_stmt = Database::prepare(" - SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid - "); - $result = Database::pexecute_first($result_stmt, array('adminid' => $id)); + try { + $json_result = Admins::getLocal($userinfo, array( + 'id' => $id + ))->get(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); + } + $result = json_decode($json_result, true)['data']; if ($result['loginname'] != '') { if ($result['adminid'] == $userinfo['userid']) { @@ -160,37 +168,10 @@ if ($page == 'admins' if (isset($_POST['send']) && $_POST['send'] == 'send' ) { - $del_stmt = Database::prepare(" - DELETE FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid - "); - Database::pexecute($del_stmt, array('adminid' => $id)); - - $del_stmt = Database::prepare(" - DELETE FROM `" . TABLE_PANEL_TRAFFIC_ADMINS . "` WHERE `adminid` = :adminid - "); - Database::pexecute($del_stmt, array('adminid' => $id)); - - $del_stmt = Database::prepare(" - DELETE FROM `" . TABLE_PANEL_DISKSPACE_ADMINS . "` WHERE `adminid` = :adminid - "); - Database::pexecute($del_stmt, array('adminid' => $id)); - - $upd_stmt = Database::prepare(" - UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET - `adminid` = :userid WHERE `adminid` = :adminid - "); - Database::pexecute($upd_stmt, array('userid' => $userinfo['userid'], 'adminid' => $id)); - - $upd_stmt = Database::prepare(" - UPDATE `" . TABLE_PANEL_DOMAINS . "` SET - `adminid` = :userid WHERE `adminid` = :adminid - "); - Database::pexecute($upd_stmt, array('userid' => $userinfo['userid'], 'adminid' => $id)); - - $log->logAction(ADM_ACTION, LOG_INFO, "deleted admin '" . $result['loginname'] . "'"); - updateCounters(); + Admins::getLocal($this->getUserData(), array( + 'id' => $id + ))->delete(); redirectTo($filename, array('page' => $page, 's' => $s)); - } else { ask_yesno('admin_admin_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['loginname']); } @@ -249,299 +230,26 @@ if ($page == 'admins' && $id != 0 ) { - $result_stmt = Database::prepare(" - SELECT * FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid - "); - $result = Database::pexecute_first($result_stmt, array('adminid' => $id)); + try { + $json_result = Admins::getLocal($userinfo, array( + 'id' => $id + ))->get(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); + } + $result = json_decode($json_result, true)['data']; if ($result['loginname'] != '') { if (isset($_POST['send']) && $_POST['send'] == 'send' ) { - $name = validate($_POST['name'], 'name'); - $email = $idna_convert->encode(validate($_POST['email'], 'email')); - - $custom_notes = validate(str_replace("\r\n", "\n", $_POST['custom_notes']), 'custom_notes', '/^[^\0]*$/'); - $custom_notes_show = $result['custom_notes_show']; - if (isset($_POST['custom_notes_show'])) { - $custom_notes_show = intval_ressource($_POST['custom_notes_show']); + try { + Admins::getLocal($userinfo, $_POST)->update(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); } - - if ($result['adminid'] == $userinfo['userid']) { - - $password = ''; - $def_language = $result['def_language']; - $deactivated = $result['deactivated']; - $customers = $result['customers']; - $domains = $result['domains']; - $subdomains = $result['subdomains']; - $emails = $result['emails']; - $email_accounts = $result['email_accounts']; - $email_forwarders = $result['email_forwarders']; - $email_quota = $result['email_quota']; - $ftps = $result['ftps']; - $tickets = $result['tickets']; - $mysqls = $result['mysqls']; - $tickets_see_all = $result['tickets_see_all']; - $customers_see_all = $result['customers_see_all']; - $domains_see_all = $result['domains_see_all']; - $caneditphpsettings = $result['caneditphpsettings']; - $change_serversettings = $result['change_serversettings']; - $diskspace = $result['diskspace']; - $traffic = $result['traffic']; - $ipaddress = $result['ip']; - - } else { - - $password = validate($_POST['admin_password'], 'new password'); - $def_language = validate($_POST['def_language'], 'default language'); - $deactivated = isset($_POST['deactivated']) ? 1 : 0; - - $customers = intval_ressource($_POST['customers']); - if (isset($_POST['customers_ul'])) { - $customers = -1; - } - - $domains = intval_ressource($_POST['domains']); - if (isset($_POST['domains_ul'])) { - $domains = -1; - } - - $subdomains = intval_ressource($_POST['subdomains']); - if (isset($_POST['subdomains_ul'])) { - $subdomains = -1; - } - - $emails = intval_ressource($_POST['emails']); - if (isset($_POST['emails_ul'])) { - $emails = -1; - } - - $email_accounts = intval_ressource($_POST['email_accounts']); - if (isset($_POST['email_accounts_ul'])) { - $email_accounts = -1; - } - - $email_forwarders = intval_ressource($_POST['email_forwarders']); - if (isset($_POST['email_forwarders_ul'])) { - $email_forwarders = -1; - } - - if (Settings::Get('system.mail_quota_enabled') == '1') { - $email_quota = validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array('0', '')); - if (isset($_POST['email_quota_ul'])) { - $email_quota = -1; - } - } else { - $email_quota = -1; - } - - $ftps = intval_ressource($_POST['ftps']); - if (isset($_POST['ftps_ul'])) { - $ftps = -1; - } - - if (Settings::Get('ticket.enabled') == 1) { - $tickets = intval_ressource($_POST['tickets']); - if (isset($_POST['tickets_ul'])) { - $tickets = -1; - } - } else { - $tickets = 0; - } - - $mysqls = intval_ressource($_POST['mysqls']); - if (isset($_POST['mysqls_ul'])) { - $mysqls = -1; - } - - $customers_see_all = 0; - if (isset($_POST['customers_see_all'])) { - $customers_see_all = intval($_POST['customers_see_all']); - } - - $domains_see_all = 0; - if (isset($_POST['domains_see_all'])) { - $domains_see_all = intval($_POST['domains_see_all']); - } - - $caneditphpsettings = 0; - if (isset($_POST['caneditphpsettings'])) { - $caneditphpsettings = intval($_POST['caneditphpsettings']); - } - - $change_serversettings = 0; - if (isset($_POST['change_serversettings'])) { - $change_serversettings = isset($_POST['change_serversettings']) ? 1 : 0; - } - - $tickets_see_all = 0; - if (isset($_POST['tickets_see_all'])) { - $tickets_see_all = intval($_POST['tickets_see_all']); - } - - $diskspace = intval($_POST['diskspace']); - if (isset($_POST['diskspace_ul'])) { - $diskspace = -1; - } - - $traffic = doubleval_ressource($_POST['traffic']); - if (isset($_POST['traffic_ul'])) { - $traffic = -1; - } - - $diskspace = $diskspace * 1024; - $traffic = $traffic * 1024 * 1024; - $ipaddress = intval_ressource($_POST['ipaddress']); - } - - if ($name == '') { - standard_error(array('stringisempty', 'myname')); - } elseif($email == '') { - standard_error(array('stringisempty', 'emailadd')); - } elseif(!validateEmail($email)) { - standard_error('emailiswrong', $email); - } else { - if ($password != '') { - $password = validatePassword($password); - $password = makeCryptPassword($password); - } else { - $password = $result['password']; - } - - if ($deactivated != '1') { - $deactivated = '0'; - } - - if ($customers_see_all != '1') { - $customers_see_all = '0'; - } - - if ($domains_see_all != '1') { - $domains_see_all = '0'; - } - - if ($caneditphpsettings != '1') { - $caneditphpsettings = '0'; - } - - if ($change_serversettings != '1') { - $change_serversettings = '0'; - } - - if ($tickets_see_all != '1') { - $tickets_see_all = '0'; - } - - // check if a resource was set to something lower - // than actually used by the admin/reseller - $res_warning = ""; - if ($customers != $result['customers'] && $customers != -1 && $customers < $result['customers_used']) { - $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'customers'); - } - if ($domains != $result['domains'] && $domains != -1 && $domains < $result['domains_used']) { - $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'domains'); - } - if ($diskspace != $result['diskspace'] && ($diskspace / 1024) != -1 && $diskspace < $result['diskspace_used']) { - $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'diskspace'); - } - if ($traffic != $result['traffic'] && ($traffic / 1024 / 1024) != -1 && $traffic < $result['traffic_used']) { - $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'traffic'); - } - if ($emails != $result['emails'] && $emails != -1 && $emails < $result['emails_used']) { - $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'emails'); - } - if ($email_accounts != $result['email_accounts'] && $email_accounts != -1 && $email_accounts < $result['email_accounts_used']) { - $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email accounts'); - } - if ($email_forwarders != $result['email_forwarders'] && $email_forwarders != -1 && $email_forwarders < $result['email_forwarders_used']) { - $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email forwarders'); - } - if ($email_quota != $result['email_quota'] && $email_quota != -1 && $email_quota < $result['email_quota_used']) { - $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email quota'); - } - if ($ftps != $result['ftps'] && $ftps != -1 && $ftps < $result['ftps_used']) { - $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'ftps'); - } - if ($tickets != $result['tickets'] && $tickets != -1 && $tickets < $result['tickets_used']) { - $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'tickets'); - } - if ($mysqls != $result['mysqls'] && $mysqls != -1 && $mysqls < $result['mysqls_used']) { - $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'mysqls'); - } - - if ($res_warning != "") { - $link = ''; - $error = $res_warning; - eval("echo \"" . getTemplate('misc/error', '1') . "\";"); - exit; - } - - $upd_data = array( - 'password' => $password, - 'name' => $name, - 'email' => $email, - 'lang' => $def_language, - 'change_serversettings' => $change_serversettings, - 'customers' => $customers, - 'customers_see_all' => $customers_see_all, - 'domains' => $domains, - 'domains_see_all' => $domains_see_all, - 'caneditphpsettings' => $caneditphpsettings, - 'diskspace' => $diskspace, - 'traffic' => $traffic, - 'subdomains' => $subdomains, - 'emails' => $emails, - 'accounts' => $email_accounts, - 'forwarders' => $email_forwarders, - 'quota' => $email_quota, - 'ftps' => $ftps, - 'tickets' => $tickets, - 'tickets_see_all' => $tickets_see_all, - 'mysqls' => $mysqls, - 'ip' => $ipaddress, - 'deactivated' => $deactivated, - 'custom_notes' => $custom_notes, - 'custom_notes_show' => $custom_notes_show, - 'adminid' => $id - ); - - $upd_stmt = Database::prepare(" - UPDATE `" . TABLE_PANEL_ADMINS . "` SET - `password` = :password, - `name` = :name, - `email` = :email, - `def_language` = :lang, - `change_serversettings` = :change_serversettings, - `customers` = :customers, - `customers_see_all` = :customers_see_all, - `domains` = :domains, - `domains_see_all` = :domains_see_all, - `caneditphpsettings` = :caneditphpsettings, - `diskspace` = :diskspace, - `traffic` = :traffic, - `subdomains` = :subdomains, - `emails` = :emails, - `email_accounts` = :accounts, - `email_forwarders` = :forwarders, - `email_quota` = :quota, - `ftps` = :ftps, - `tickets` = :tickets, - `tickets_see_all` = :tickets_see_all, - `mysqls` = :mysqls, - `ip` = :ip, - `deactivated` = :deactivated, - `custom_notes` = :custom_notes, - `custom_notes_show` = :custom_notes_show - WHERE `adminid` = :adminid - "); - Database::pexecute($upd_stmt, $upd_data); - - $log->logAction(ADM_ACTION, LOG_INFO, "edited admin '#" . $id . "'"); - redirectTo($filename, array('page' => $page, 's' => $s)); - } - + redirectTo($filename, array('page' => $page, 's' => $s)); } else { $dec_places = Settings::Get('panel.decimal_places'); diff --git a/lib/classes/api/commands/class.Admins.php b/lib/classes/api/commands/class.Admins.php index 68781b59..5779b68c 100644 --- a/lib/classes/api/commands/class.Admins.php +++ b/lib/classes/api/commands/class.Admins.php @@ -86,7 +86,7 @@ class Admins extends ApiCommand implements ResourceEntity public function add() { - if ($this->isAdmin()) { + if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) { // required parameters $name = $this->getParam('name'); @@ -291,7 +291,269 @@ class Admins extends ApiCommand implements ResourceEntity } public function update() - {} + { + if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) { + + $id = $this->getParam('id', true, 0); + $ln_optional = ($id <= 0 ? false : true); + $loginname = $this->getParam('loginname', $ln_optional, ''); + + if ($id <= 0 && empty($loginname)) { + throw new Exception("Either 'id' or 'loginname' parameter must be given", 406); + } + + $json_result = Admins::getLocal($this->getUserData(), array( + 'id' => $id, + 'loginname' => $loginname + ))->get(); + $result = json_decode($json_result, true)['data']; + $id = $result['adminid']; + + // parameters + $name = $this->getParam('name', true, $result['name']); + $idna_convert = new idna_convert_wrapper(); + $email = $this->getParam('email', true, $idna_convert->decode($result['email'])); + $custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']); + $custom_notes_show = $this->getParam('custom_notes_show', true, $result['custom_notes_show']); + $theme = $this->getParam('theme', true, $result['theme']); + + // you cannot edit some of the details of yourself + if ($result['adminid'] == $this->getUserDetail('userid')) { + $password = ''; + $def_language = $result['def_language']; + $deactivated = $result['deactivated']; + $customers = $result['customers']; + $domains = $result['domains']; + $subdomains = $result['subdomains']; + $emails = $result['emails']; + $email_accounts = $result['email_accounts']; + $email_forwarders = $result['email_forwarders']; + $email_quota = $result['email_quota']; + $ftps = $result['ftps']; + $tickets = $result['tickets']; + $mysqls = $result['mysqls']; + $tickets_see_all = $result['tickets_see_all']; + $customers_see_all = $result['customers_see_all']; + $domains_see_all = $result['domains_see_all']; + $caneditphpsettings = $result['caneditphpsettings']; + $change_serversettings = $result['change_serversettings']; + $diskspace = $result['diskspace']; + $traffic = $result['traffic']; + $ipaddress = $result['ip']; + } else { + $password = $this->getParam('admin_password', true, ''); + $def_language = $this->getParam('def_language', true, $result['def_language']); + $deactivated = $this->getParam('deactivated', true, $result['deactivated']); + + $dec_places = Settings::Get('panel.decimal_places'); + $diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, round($result['diskspace'] / 1024, $dec_places)); + $traffic = $this->getUlParam('traffic', 'traffic_ul', true, round($result['traffic'] / (1024 * 1024), $dec_places)); + $customers = $this->getUlParam('customers', 'customers_ul', true, $result['customers']); + $domains = $this->getUlParam('domains', 'domains_ul', true, $result['domains']); + $subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, $result['subdomains']); + $emails = $this->getUlParam('emails', 'emails_ul', true, $result['emails']); + $email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, $result['email_accounts']); + $email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, $result['email_forwarders']); + $email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, $result['email_quota']); + $ftps = $this->getUlParam('ftps', 'ftps_ul', true, $result['ftps']); + $tickets = $this->getUlParam('tickets', 'tickets_ul', true, $result['tickets']); + $mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, $result['mysqls']); + + $customers_see_all = $this->getParam('customers_see_all', true, $result['customers_see_all']); + $domains_see_all = $this->getParam('domains_see_all', true, $result['domains_see_all']); + $tickets_see_all = $this->getParam('tickets_see_all', true, $result['tickets_see_all']); + $caneditphpsettings = $this->getParam('caneditphpsettings', true, $result['caneditphpsettings']); + $change_serversettings = $this->getParam('change_serversettings', true, $result['change_serversettings']); + $ipaddress = intval_ressource($this->getParam('ipaddress', true, $result['ip'])); + + $diskspace = $diskspace * 1024; + $traffic = $traffic * 1024 * 1024; + } + + // validation + $name = validate($name, 'name', '', '', array(), true); + $idna_convert = new idna_convert_wrapper(); + $email = $idna_convert->encode(validate($email, 'email', '', '', array(), true)); + $def_language = validate($def_language, 'default language', '', '', array(), true); + $custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true); + $theme = validate($theme, 'theme', '', '', array(), true); + + if (Settings::Get('system.mail_quota_enabled') != '1') { + $email_quota = - 1; + } + + if (Settings::Get('ticket.enabled') != '1') { + $tickets = - 1; + } + + if (empty($theme)) { + $theme = Settings::Get('panel.default_theme'); + } + + $password = validate($password, 'password', '', '', array(), true); + // only check if not empty, + // cause empty == generate password automatically + if ($password != '') { + $password = validatePassword($password, true); + } + + $diskspace = $diskspace * 1024; + $traffic = $traffic * 1024 * 1024; + + if ($name == '') { + standard_error(array( + 'stringisempty', + 'myname' + ), '', true); + } elseif ($email == '') { + standard_error(array( + 'stringisempty', + 'emailadd' + ), '', true); + } elseif (! validateEmail($email)) { + standard_error('emailiswrong', $email, true); + } else { + + if ($deactivated != '1') { + $deactivated = '0'; + } + + if ($customers_see_all != '1') { + $customers_see_all = '0'; + } + + if ($domains_see_all != '1') { + $domains_see_all = '0'; + } + + if ($caneditphpsettings != '1') { + $caneditphpsettings = '0'; + } + + if ($change_serversettings != '1') { + $change_serversettings = '0'; + } + + if ($tickets_see_all != '1') { + $tickets_see_all = '0'; + } + + if ($password != '') { + $password = validatePassword($password, true); + $password = makeCryptPassword($password); + } else { + $password = $result['password']; + } + + // check if a resource was set to something lower + // than actually used by the admin/reseller + $res_warning = ""; + if ($customers != $result['customers'] && $customers != -1 && $customers < $result['customers_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'customers'); + } + if ($domains != $result['domains'] && $domains != -1 && $domains < $result['domains_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'domains'); + } + if ($diskspace != $result['diskspace'] && ($diskspace / 1024) != -1 && $diskspace < $result['diskspace_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'diskspace'); + } + if ($traffic != $result['traffic'] && ($traffic / 1024 / 1024) != -1 && $traffic < $result['traffic_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'traffic'); + } + if ($emails != $result['emails'] && $emails != -1 && $emails < $result['emails_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'emails'); + } + if ($email_accounts != $result['email_accounts'] && $email_accounts != -1 && $email_accounts < $result['email_accounts_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email accounts'); + } + if ($email_forwarders != $result['email_forwarders'] && $email_forwarders != -1 && $email_forwarders < $result['email_forwarders_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email forwarders'); + } + if ($email_quota != $result['email_quota'] && $email_quota != -1 && $email_quota < $result['email_quota_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email quota'); + } + if ($ftps != $result['ftps'] && $ftps != -1 && $ftps < $result['ftps_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'ftps'); + } + if ($tickets != $result['tickets'] && $tickets != -1 && $tickets < $result['tickets_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'tickets'); + } + if ($mysqls != $result['mysqls'] && $mysqls != -1 && $mysqls < $result['mysqls_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'mysqls'); + } + + if (!empty($res_warning)) { + throw new Exception($res_warning, 406); + } + + $upd_data = array( + 'password' => $password, + 'name' => $name, + 'email' => $email, + 'lang' => $def_language, + 'change_serversettings' => $change_serversettings, + 'customers' => $customers, + 'customers_see_all' => $customers_see_all, + 'domains' => $domains, + 'domains_see_all' => $domains_see_all, + 'caneditphpsettings' => $caneditphpsettings, + 'diskspace' => $diskspace, + 'traffic' => $traffic, + 'subdomains' => $subdomains, + 'emails' => $emails, + 'accounts' => $email_accounts, + 'forwarders' => $email_forwarders, + 'quota' => $email_quota, + 'ftps' => $ftps, + 'tickets' => $tickets, + 'tickets_see_all' => $tickets_see_all, + 'mysqls' => $mysqls, + 'ip' => $ipaddress, + 'deactivated' => $deactivated, + 'custom_notes' => $custom_notes, + 'custom_notes_show' => $custom_notes_show, + 'theme' => $theme, + 'adminid' => $id + ); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_ADMINS . "` SET + `password` = :password, + `name` = :name, + `email` = :email, + `def_language` = :lang, + `change_serversettings` = :change_serversettings, + `customers` = :customers, + `customers_see_all` = :customers_see_all, + `domains` = :domains, + `domains_see_all` = :domains_see_all, + `caneditphpsettings` = :caneditphpsettings, + `diskspace` = :diskspace, + `traffic` = :traffic, + `subdomains` = :subdomains, + `emails` = :emails, + `email_accounts` = :accounts, + `email_forwarders` = :forwarders, + `email_quota` = :quota, + `ftps` = :ftps, + `tickets` = :tickets, + `tickets_see_all` = :tickets_see_all, + `mysqls` = :mysqls, + `ip` = :ip, + `deactivated` = :deactivated, + `custom_notes` = :custom_notes, + `custom_notes_show` = :custom_notes_show, + `theme` = :theme + WHERE `adminid` = :adminid + "); + Database::pexecute($upd_stmt, $upd_data, true, true); + + $this->logger()->logAction(ADM_ACTION, LOG_INFO, "[API] edited admin '" . $result['loginname'] . "'"); + return $this->response(200, "successfull", $upd_data); + } + } + throw new Exception("Not allowed to execute given command.", 403); + } /** * delete a admin entry by either id or loginname @@ -300,14 +562,66 @@ class Admins extends ApiCommand implements ResourceEntity * optional, the admin-id * @param string $loginname * optional, the loginname - * @param bool $delete_userfiles - * optional, default false * * @throws Exception * @return array */ public function delete() - {} + { + if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) { + $id = $this->getParam('id', true, 0); + $ln_optional = ($id <= 0 ? false : true); + $loginname = $this->getParam('loginname', $ln_optional, ''); + + if ($id <= 0 && empty($loginname)) { + throw new Exception("Either 'id' or 'loginname' parameter must be given", 406); + } + + $json_result = Admins::getLocal($this->getUserData(), array( + 'id' => $id, + 'loginname' => $loginname + ))->get(); + $result = json_decode($json_result, true)['data']; + $id = $result['adminid']; + + // don't be stupid + if ($id == $this->getUserDetail('userid')) { + standard_error('youcantdeleteyourself', '', true); + } + + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid + "); + Database::pexecute($del_stmt, array('adminid' => $id), true, true); + + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_PANEL_TRAFFIC_ADMINS . "` WHERE `adminid` = :adminid + "); + Database::pexecute($del_stmt, array('adminid' => $id), true, true); + + $del_stmt = Database::prepare(" + DELETE FROM `" . TABLE_PANEL_DISKSPACE_ADMINS . "` WHERE `adminid` = :adminid + "); + Database::pexecute($del_stmt, array('adminid' => $id), true, true); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET + `adminid` = :userid WHERE `adminid` = :adminid + "); + Database::pexecute($upd_stmt, array('userid' => $this->getUserDetail('userid'), 'adminid' => $id), true, true); + + $upd_stmt = Database::prepare(" + UPDATE `" . TABLE_PANEL_DOMAINS . "` SET + `adminid` = :userid WHERE `adminid` = :adminid + "); + Database::pexecute($upd_stmt, array('userid' => $this->getUserDetail('userid'), 'adminid' => $id), true, true); + + $this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] deleted admin '" . $result['loginname'] . "'"); + updateCounters(); + return $this->response(200, "successfull", $result); + } + throw new Exception("Not allowed to execute given command.", 403); + } /** * unlock a locked admin by either id or loginname @@ -322,7 +636,7 @@ class Admins extends ApiCommand implements ResourceEntity */ public function unlock() { - if ($this->isAdmin()) { + if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) { $id = $this->getParam('id', true, 0); $ln_optional = ($id <= 0 ? false : true); $loginname = $this->getParam('loginname', $ln_optional, ''); diff --git a/lib/classes/api/commands/class.Customers.php b/lib/classes/api/commands/class.Customers.php index d707c7f8..339631b2 100644 --- a/lib/classes/api/commands/class.Customers.php +++ b/lib/classes/api/commands/class.Customers.php @@ -706,6 +706,7 @@ class Customers extends ApiCommand implements ResourceEntity $perlenabled = $this->getParam('perlenabled', true, $result['perlenabled']); $dnsenabled = $this->getParam('dnsenabled', true, $result['dnsenabled']); $deactivated = $this->getParam('deactivated', true, $result['deactivated']); + $theme = $this->getParam('theme', true, $result['theme']); // validation $idna_convert = new idna_convert_wrapper(); @@ -721,6 +722,7 @@ class Customers extends ApiCommand implements ResourceEntity $customernumber = validate($customernumber, 'customer number', '/^[A-Za-z0-9 \-]*$/Di', '', array(), true); $def_language = validate($def_language, 'default language', '', '', array(), true); $custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true); + $theme = validate($theme, 'theme', '', '', array(), true); if (Settings::Get('system.mail_quota_enabled') != '1') { $email_quota = - 1; @@ -730,6 +732,10 @@ class Customers extends ApiCommand implements ResourceEntity $tickets = - 1; } + if (empty($theme)) { + $theme = Settings::Get('panel.default_theme'); + } + $diskspace = $diskspace * 1024; $traffic = $traffic * 1024 * 1024; @@ -980,7 +986,8 @@ class Customers extends ApiCommand implements ResourceEntity 'perlenabled' => $perlenabled, 'dnsenabled' => $dnsenabled, 'custom_notes' => $custom_notes, - 'custom_notes_show' => $custom_notes_show + 'custom_notes_show' => $custom_notes_show, + 'theme' => $theme ); $upd_stmt = Database::prepare(" UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET @@ -1015,7 +1022,8 @@ class Customers extends ApiCommand implements ResourceEntity `perlenabled` = :perlenabled, `dnsenabled` = :dnsenabled, `custom_notes` = :custom_notes, - `custom_notes_show` = :custom_notes_show + `custom_notes_show` = :custom_notes_show, + `theme` = :theme WHERE `customerid` = :customerid "); Database::pexecute($upd_stmt, $upd_data);