maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

remove unnecessary parameter-checks as they will never happen; make Customers.update callable for customers

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-25 15:02:58 +01:00
parent 243b68cc37
commit a222114d0a
6 changed files with 488 additions and 552 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/classes/api/commands/class.Admins.php
View File

@@ -63,11 +63,7 @@ class Admins extends ApiCommand implements ResourceEntity
{ {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
if ($this->isAdmin() && ($this->getUserDetail('change_serversettings') == 1 || ($this->getUserDetail('adminid') == $id || $this->getUserDetail('loginname') == $loginname))) { if ($this->isAdmin() && ($this->getUserDetail('change_serversettings') == 1 || ($this->getUserDetail('adminid') == $id || $this->getUserDetail('loginname') == $loginname))) {
$result_stmt = Database::prepare(" $result_stmt = Database::prepare("
@@ -318,11 +314,7 @@ class Admins extends ApiCommand implements ResourceEntity
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Admins::getLocal($this->getUserData(), array( $json_result = Admins::getLocal($this->getUserData(), array(
'id' => $id, 'id' => $id,
@@ -583,11 +575,7 @@ class Admins extends ApiCommand implements ResourceEntity
if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) { if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Admins::getLocal($this->getUserData(), array( $json_result = Admins::getLocal($this->getUserData(), array(
'id' => $id, 'id' => $id,
@@ -652,11 +640,7 @@ class Admins extends ApiCommand implements ResourceEntity
if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) { if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Admins::getLocal($this->getUserData(), array( $json_result = Admins::getLocal($this->getUserData(), array(
'id' => $id, 'id' => $id,

902
lib/classes/api/commands/class.Customers.php
View File

@@ -70,11 +70,7 @@ class Customers extends ApiCommand implements ResourceEntity
{ {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
if ($this->isAdmin()) { if ($this->isAdmin()) {
$result_stmt = Database::prepare(" $result_stmt = Database::prepare("
@@ -131,7 +127,7 @@ class Customers extends ApiCommand implements ResourceEntity
$phone = $this->getParam('phone', true, ''); $phone = $this->getParam('phone', true, '');
$fax = $this->getParam('fax', true, ''); $fax = $this->getParam('fax', true, '');
$customernumber = $this->getParam('customernumber', true, ''); $customernumber = $this->getParam('customernumber', true, '');
$def_language = $this->getParam('def_language', true, ''); $def_language = $this->getParam('def_language', true, Settings::Get('panel.standardlanguage'));
$gender = intval_ressource($this->getParam('gender', true, 0)); $gender = intval_ressource($this->getParam('gender', true, 0));
$custom_notes = $this->getParam('custom_notes', true, ''); $custom_notes = $this->getParam('custom_notes', true, '');
$custom_notes_show = $this->getParam('custom_notes_show', true, 0); $custom_notes_show = $this->getParam('custom_notes_show', true, 0);
@@ -681,379 +677,373 @@ class Customers extends ApiCommand implements ResourceEntity
*/ */
public function update() public function update()
{ {
$id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true);
$loginname = trim($this->getParam('loginname', $ln_optional, ''));
$json_result = Customers::getLocal($this->getUserData(), array(
'id' => $id,
'loginname' => $loginname
))->get();
$result = json_decode($json_result, true)['data'];
$id = $result['customerid'];
if ($this->isAdmin()) { if ($this->isAdmin()) {
$id = $this->getParam('id', true, 0); // parameters
$ln_optional = ($id <= 0 ? false : true); $move_to_admin = intval_ressource($this->getParam('move_to_admin', true, 0));
$loginname = $this->getParam('loginname', $ln_optional, '');
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Customers::getLocal($this->getUserData(), array(
'id' => $id,
'loginname' => $loginname
))->get();
$result = json_decode($json_result, true)['data'];
$id = $result['customerid'];
if ($this->isAdmin()) {
// parameters
$move_to_admin = intval_ressource($this->getParam('move_to_admin', true, 0));
$idna_convert = new idna_convert_wrapper();
$email = $this->getParam('email', true, $idna_convert->decode($result['email']));
$name = $this->getParam('name', true, $result['name']);
$firstname = $this->getParam('firstname', true, $result['firstname']);
$company = $this->getParam('company', true, $result['company']);
$street = $this->getParam('street', true, $result['street']);
$zipcode = $this->getParam('zipcode', true, $result['zipcode']);
$city = $this->getParam('city', true, $result['city']);
$phone = $this->getParam('phone', true, $result['phone']);
$fax = $this->getParam('fax', true, $result['fax']);
$customernumber = $this->getParam('customernumber', true, $result['customernumber']);
$def_language = $this->getParam('def_language', true, $result['def_language']);
$gender = intval_ressource($this->getParam('gender', true, $result['gender']));
$custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']);
$custom_notes_show = $this->getParam('custom_notes_show', true, $result['custom_notes_show']);
$dec_places = Settings::Get('panel.decimal_places');
$diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, round($result['diskspace'] / 1024, $dec_places));
$traffic = $this->getUlParam('traffic', 'traffic_ul', true, round($result['traffic'] / (1024 * 1024), $dec_places));
$subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, $result['subdomains']);
$emails = $this->getUlParam('emails', 'emails_ul', true, $result['emails']);
$email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, $result['email_accounts']);
$email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, $result['email_forwarders']);
$email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, $result['email_quota']);
$email_imap = $this->getParam('email_imap', true, $result['imap']);
$email_pop3 = $this->getParam('email_pop3', true, $result['pop3']);
$ftps = $this->getUlParam('ftps', 'ftps_ul', true, $result['ftps']);
$tickets = $this->getUlParam('tickets', 'tickets_ul', true, $result['tickets']);
$mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, $result['mysqls']);
$createstdsubdomain = $this->getParam('createstdsubdomain', true, 0);
$password = $this->getParam('new_customer_password', true, '');
$sendpassword = $this->getParam('sendpassword', true, 0);
$phpenabled = $this->getParam('phpenabled', true, $result['phpenabled']);
$allowed_phpconfigs = $this->getParam('allowed_phpconfigs', true, json_decode($result['allowed_phpconfigs'], true));
$perlenabled = $this->getParam('perlenabled', true, $result['perlenabled']);
$dnsenabled = $this->getParam('dnsenabled', true, $result['dnsenabled']);
$deactivated = $this->getParam('deactivated', true, $result['deactivated']);
$theme = $this->getParam('theme', true, $result['theme']);
} else {
// allowed parameters
$def_language = $this->getParam('def_language', true, $result['def_language']);
$password = $this->getParam('new_customer_password', true, '');
$theme = $this->getParam('theme', true, $result['theme']);
// unchangeable parameters for customers
$move_to_admin = 0;
$idna_convert = new idna_convert_wrapper();
$email = $idna_convert->decode($result['email']);
$name = $result['name'];
$firstname = $result['firstname'];
$company = $result['company'];
$street = $result['street'];
$zipcode = $result['zipcode'];
$city = $result['city'];
$phone = $result['phone'];
$fax = $result['fax'];
$customernumber = $result['customernumber'];
$gender = $result['gender'];
$custom_notes = $result['custom_notes'];
$custom_notes_show = $result['custom_notes_show'];
$dec_places = Settings::Get('panel.decimal_places');
$diskspace = round($result['diskspace'] / 1024, $dec_places);
$traffic = round($result['traffic'] / (1024 * 1024), $dec_places);
$subdomains = $result['subdomains'];
$emails = $result['emails'];
$email_accounts = $result['email_accounts'];
$email_forwarders = $result['email_forwarders'];
$email_quota = $result['email_quota'];
$email_imap = $result['imap'];
$email_pop3 = $result['pop3'];
$ftps = $result['ftps'];
$tickets = $result['tickets'];
$mysqls = $result['mysqls'];
// if we got one, it's true so none will be generated (it exists already)
// if not, none will be generated
$createstdsubdomain = ($result['standardsubdomain'] > 0 ? 1 : 0);
$sendpassword = 0;
$phpenabled = $result['phpenabled'];
$allowed_phpconfigs = json_decode($result['allowed_phpconfigs'], true);
$perlenabled = $result['perlenabled'];
$dnsenabled = $result['dnsenabled'];
$deactivated = $result['deactivated'];
}
// validation
$idna_convert = new idna_convert_wrapper(); $idna_convert = new idna_convert_wrapper();
$name = validate($name, 'name', '', '', array(), true); $email = $this->getParam('email', true, $idna_convert->decode($result['email']));
$firstname = validate($firstname, 'first name', '', '', array(), true); $name = $this->getParam('name', true, $result['name']);
$company = validate($company, 'company', '', '', array(), true); $firstname = $this->getParam('firstname', true, $result['firstname']);
$street = validate($street, 'street', '', '', array(), true); $company = $this->getParam('company', true, $result['company']);
$zipcode = validate($zipcode, 'zipcode', '/^[0-9 \-A-Z]*$/', '', array(), true); $street = $this->getParam('street', true, $result['street']);
$city = validate($city, 'city', '', '', array(), true); $zipcode = $this->getParam('zipcode', true, $result['zipcode']);
$phone = validate($phone, 'phone', '/^[0-9\- \+\(\)\/]*$/', '', array(), true); $city = $this->getParam('city', true, $result['city']);
$fax = validate($fax, 'fax', '/^[0-9\- \+\(\)\/]*$/', '', array(), true); $phone = $this->getParam('phone', true, $result['phone']);
$email = $idna_convert->encode(validate($email, 'email', '', '', array(), true)); $fax = $this->getParam('fax', true, $result['fax']);
$customernumber = validate($customernumber, 'customer number', '/^[A-Za-z0-9 \-]*$/Di', '', array(), true); $customernumber = $this->getParam('customernumber', true, $result['customernumber']);
$def_language = validate($def_language, 'default language', '', '', array(), true); $def_language = $this->getParam('def_language', true, $result['def_language']);
$custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true); $gender = intval_ressource($this->getParam('gender', true, $result['gender']));
$theme = validate($theme, 'theme', '', '', array(), true); $custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']);
$custom_notes_show = $this->getParam('custom_notes_show', true, $result['custom_notes_show']);
if (Settings::Get('system.mail_quota_enabled') != '1') { $dec_places = Settings::Get('panel.decimal_places');
$email_quota = - 1; $diskspace = $this->getUlParam('diskspace', 'diskspace_ul', true, round($result['diskspace'] / 1024, $dec_places));
$traffic = $this->getUlParam('traffic', 'traffic_ul', true, round($result['traffic'] / (1024 * 1024), $dec_places));
$subdomains = $this->getUlParam('subdomains', 'subdomains_ul', true, $result['subdomains']);
$emails = $this->getUlParam('emails', 'emails_ul', true, $result['emails']);
$email_accounts = $this->getUlParam('email_accounts', 'email_accounts_ul', true, $result['email_accounts']);
$email_forwarders = $this->getUlParam('email_forwarders', 'email_forwarders_ul', true, $result['email_forwarders']);
$email_quota = $this->getUlParam('email_quota', 'email_quota_ul', true, $result['email_quota']);
$email_imap = $this->getParam('email_imap', true, $result['imap']);
$email_pop3 = $this->getParam('email_pop3', true, $result['pop3']);
$ftps = $this->getUlParam('ftps', 'ftps_ul', true, $result['ftps']);
$tickets = $this->getUlParam('tickets', 'tickets_ul', true, $result['tickets']);
$mysqls = $this->getUlParam('mysqls', 'mysqls_ul', true, $result['mysqls']);
$createstdsubdomain = $this->getParam('createstdsubdomain', true, 0);
$password = $this->getParam('new_customer_password', true, '');
$sendpassword = $this->getParam('sendpassword', true, 0);
$phpenabled = $this->getParam('phpenabled', true, $result['phpenabled']);
$allowed_phpconfigs = $this->getParam('allowed_phpconfigs', true, json_decode($result['allowed_phpconfigs'], true));
$perlenabled = $this->getParam('perlenabled', true, $result['perlenabled']);
$dnsenabled = $this->getParam('dnsenabled', true, $result['dnsenabled']);
$deactivated = $this->getParam('deactivated', true, $result['deactivated']);
$theme = $this->getParam('theme', true, $result['theme']);
} else {
// allowed parameters
$def_language = $this->getParam('def_language', true, $result['def_language']);
$password = $this->getParam('new_customer_password', true, '');
$theme = $this->getParam('theme', true, $result['theme']);
// unchangeable parameters for customers
$move_to_admin = 0;
$idna_convert = new idna_convert_wrapper();
$email = $idna_convert->decode($result['email']);
$name = $result['name'];
$firstname = $result['firstname'];
$company = $result['company'];
$street = $result['street'];
$zipcode = $result['zipcode'];
$city = $result['city'];
$phone = $result['phone'];
$fax = $result['fax'];
$customernumber = $result['customernumber'];
$gender = $result['gender'];
$custom_notes = $result['custom_notes'];
$custom_notes_show = $result['custom_notes_show'];
$dec_places = Settings::Get('panel.decimal_places');
$diskspace = round($result['diskspace'] / 1024, $dec_places);
$traffic = round($result['traffic'] / (1024 * 1024), $dec_places);
$subdomains = $result['subdomains'];
$emails = $result['emails'];
$email_accounts = $result['email_accounts'];
$email_forwarders = $result['email_forwarders'];
$email_quota = $result['email_quota'];
$email_imap = $result['imap'];
$email_pop3 = $result['pop3'];
$ftps = $result['ftps'];
$tickets = $result['tickets'];
$mysqls = $result['mysqls'];
// if we got one, it's true so none will be generated (it exists already)
// if not, none will be generated
$createstdsubdomain = ($result['standardsubdomain'] > 0 ? 1 : 0);
$sendpassword = 0;
$phpenabled = $result['phpenabled'];
$allowed_phpconfigs = json_decode($result['allowed_phpconfigs'], true);
$perlenabled = $result['perlenabled'];
$dnsenabled = $result['dnsenabled'];
$deactivated = $result['deactivated'];
}
// validation
$idna_convert = new idna_convert_wrapper();
$name = validate($name, 'name', '', '', array(), true);
$firstname = validate($firstname, 'first name', '', '', array(), true);
$company = validate($company, 'company', '', '', array(), true);
$street = validate($street, 'street', '', '', array(), true);
$zipcode = validate($zipcode, 'zipcode', '/^[0-9 \-A-Z]*$/', '', array(), true);
$city = validate($city, 'city', '', '', array(), true);
$phone = validate($phone, 'phone', '/^[0-9\- \+\(\)\/]*$/', '', array(), true);
$fax = validate($fax, 'fax', '/^[0-9\- \+\(\)\/]*$/', '', array(), true);
$email = $idna_convert->encode(validate($email, 'email', '', '', array(), true));
$customernumber = validate($customernumber, 'customer number', '/^[A-Za-z0-9 \-]*$/Di', '', array(), true);
$def_language = validate($def_language, 'default language', '', '', array(), true);
$custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true);
$theme = validate($theme, 'theme', '', '', array(), true);
if (Settings::Get('system.mail_quota_enabled') != '1') {
$email_quota = - 1;
}
if (Settings::Get('ticket.enabled') != '1') {
$tickets = - 1;
}
if (empty($theme)) {
$theme = Settings::Get('panel.default_theme');
}
$diskspace = $diskspace * 1024;
$traffic = $traffic * 1024 * 1024;
if ($this->isAdmin()) {
if (((($this->getUserDetail('diskspace_used') + $diskspace - $result['diskspace']) > $this->getUserDetail('diskspace')) && ($this->getUserDetail('diskspace') / 1024) != '-1') || ((($this->getUserDetail('mysqls_used') + $mysqls - $result['mysqls']) > $this->getUserDetail('mysqls')) && $this->getUserDetail('mysqls') != '-1') || ((($this->getUserDetail('emails_used') + $emails - $result['emails']) > $this->getUserDetail('emails')) && $this->getUserDetail('emails') != '-1') || ((($this->getUserDetail('email_accounts_used') + $email_accounts - $result['email_accounts']) > $this->getUserDetail('email_accounts')) && $this->getUserDetail('email_accounts') != '-1') || ((($this->getUserDetail('email_forwarders_used') + $email_forwarders - $result['email_forwarders']) > $this->getUserDetail('email_forwarders')) && $this->getUserDetail('email_forwarders') != '-1') || ((($this->getUserDetail('email_quota_used') + $email_quota - $result['email_quota']) > $this->getUserDetail('email_quota')) && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ((($this->getUserDetail('ftps_used') + $ftps - $result['ftps']) > $this->getUserDetail('ftps')) && $this->getUserDetail('ftps') != '-1') || ((($this->getUserDetail('tickets_used') + $tickets - $result['tickets']) > $this->getUserDetail('tickets')) && $this->getUserDetail('tickets') != '-1') || ((($this->getUserDetail('subdomains_used') + $subdomains - $result['subdomains']) > $this->getUserDetail('subdomains')) && $this->getUserDetail('subdomains') != '-1') || (($diskspace / 1024) == '-1' && ($this->getUserDetail('diskspace') / 1024) != '-1') || ($mysqls == '-1' && $this->getUserDetail('mysqls') != '-1') || ($emails == '-1' && $this->getUserDetail('emails') != '-1') || ($email_accounts == '-1' && $this->getUserDetail('email_accounts') != '-1') || ($email_forwarders == '-1' && $this->getUserDetail('email_forwarders') != '-1') || ($email_quota == '-1' && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ($ftps == '-1' && $this->getUserDetail('ftps') != '-1') || ($tickets == '-1' && $this->getUserDetail('tickets') != '-1') || ($subdomains == '-1' && $this->getUserDetail('subdomains') != '-1')) {
standard_error('youcantallocatemorethanyouhave', '', true);
} }
if (Settings::Get('ticket.enabled') != '1') { // Either $name and $firstname or the $company must be inserted
$tickets = - 1; if ($name == '' && $company == '') {
standard_error(array(
'stringisempty',
'myname'
), '', true);
} elseif ($firstname == '' && $company == '') {
standard_error(array(
'stringisempty',
'myfirstname'
), '', true);
} elseif ($email == '') {
standard_error(array(
'stringisempty',
'emailadd'
), '', true);
} elseif (! validateEmail($email)) {
standard_error('emailiswrong', $email, true);
} }
}
if (empty($theme)) { if ($password != '') {
$theme = Settings::Get('panel.default_theme'); $password = validatePassword($password, true);
} $password = makeCryptPassword($password);
} else {
$password = $result['password'];
}
$diskspace = $diskspace * 1024; if ($createstdsubdomain != '1') {
$traffic = $traffic * 1024 * 1024; $createstdsubdomain = '0';
}
if ($this->isAdmin()) { if ($createstdsubdomain == '1' && $result['standardsubdomain'] == '0') {
if (((($this->getUserDetail('diskspace_used') + $diskspace - $result['diskspace']) > $this->getUserDetail('diskspace')) && ($this->getUserDetail('diskspace') / 1024) != '-1') || ((($this->getUserDetail('mysqls_used') + $mysqls - $result['mysqls']) > $this->getUserDetail('mysqls')) && $this->getUserDetail('mysqls') != '-1') || ((($this->getUserDetail('emails_used') + $emails - $result['emails']) > $this->getUserDetail('emails')) && $this->getUserDetail('emails') != '-1') || ((($this->getUserDetail('email_accounts_used') + $email_accounts - $result['email_accounts']) > $this->getUserDetail('email_accounts')) && $this->getUserDetail('email_accounts') != '-1') || ((($this->getUserDetail('email_forwarders_used') + $email_forwarders - $result['email_forwarders']) > $this->getUserDetail('email_forwarders')) && $this->getUserDetail('email_forwarders') != '-1') || ((($this->getUserDetail('email_quota_used') + $email_quota - $result['email_quota']) > $this->getUserDetail('email_quota')) && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ((($this->getUserDetail('ftps_used') + $ftps - $result['ftps']) > $this->getUserDetail('ftps')) && $this->getUserDetail('ftps') != '-1') || ((($this->getUserDetail('tickets_used') + $tickets - $result['tickets']) > $this->getUserDetail('tickets')) && $this->getUserDetail('tickets') != '-1') || ((($this->getUserDetail('subdomains_used') + $subdomains - $result['subdomains']) > $this->getUserDetail('subdomains')) && $this->getUserDetail('subdomains') != '-1') || (($diskspace / 1024) == '-1' && ($this->getUserDetail('diskspace') / 1024) != '-1') || ($mysqls == '-1' && $this->getUserDetail('mysqls') != '-1') || ($emails == '-1' && $this->getUserDetail('emails') != '-1') || ($email_accounts == '-1' && $this->getUserDetail('email_accounts') != '-1') || ($email_forwarders == '-1' && $this->getUserDetail('email_forwarders') != '-1') || ($email_quota == '-1' && $this->getUserDetail('email_quota') != '-1' && Settings::Get('system.mail_quota_enabled') == '1') || ($ftps == '-1' && $this->getUserDetail('ftps') != '-1') || ($tickets == '-1' && $this->getUserDetail('tickets') != '-1') || ($subdomains == '-1' && $this->getUserDetail('subdomains') != '-1')) {
standard_error('youcantallocatemorethanyouhave', '', true);
}
// Either $name and $firstname or the $company must be inserted if (Settings::Get('system.stdsubdomain') !== null && Settings::Get('system.stdsubdomain') != '') {
if ($name == '' && $company == '') { $_stdsubdomain = $result['loginname'] . '.' . Settings::Get('system.stdsubdomain');
standard_error(array(
'stringisempty',
'myname'
), '', true);
} elseif ($firstname == '' && $company == '') {
standard_error(array(
'stringisempty',
'myfirstname'
), '', true);
} elseif ($email == '') {
standard_error(array(
'stringisempty',
'emailadd'
), '', true);
} elseif (! validateEmail($email)) {
standard_error('emailiswrong', $email, true);
}
}
if ($password != '') {
$password = validatePassword($password, true);
$password = makeCryptPassword($password);
} else { } else {
$password = $result['password']; $_stdsubdomain = $result['loginname'] . '.' . Settings::Get('system.hostname');
} }
if ($createstdsubdomain != '1') { $ins_data = array(
$createstdsubdomain = '0'; 'domain' => $_stdsubdomain,
'customerid' => $result['customerid'],
'adminid' => $this->getUserDetail('adminid'),
'docroot' => $result['documentroot'],
'phpenabled' => $phpenabled,
'openbasedir' => '1'
);
$domainid = - 1;
try {
$std_domain = Domains::getLocal($this->getUserData(), $ins_data)->add();
$domainid = json_decode($std_domain, true)['data']['id'];
} catch (Exception $e) {
$this->logger()->logAction(ADM_ACTION, LOG_ERR, "[API] Unable to add standard-subdomain: " . $e->getMessage());
} }
if ($createstdsubdomain == '1' && $result['standardsubdomain'] == '0') { if ($domainid > 0) {
$upd_stmt = Database::prepare("
if (Settings::Get('system.stdsubdomain') !== null && Settings::Get('system.stdsubdomain') != '') {
$_stdsubdomain = $result['loginname'] . '.' . Settings::Get('system.stdsubdomain');
} else {
$_stdsubdomain = $result['loginname'] . '.' . Settings::Get('system.hostname');
}
$ins_data = array(
'domain' => $_stdsubdomain,
'customerid' => $result['customerid'],
'adminid' => $this->getUserDetail('adminid'),
'docroot' => $result['documentroot'],
'phpenabled' => $phpenabled,
'openbasedir' => '1'
);
$domainid = - 1;
try {
$std_domain = Domains::getLocal($this->getUserData(), $ins_data)->add();
$domainid = json_decode($std_domain, true)['data']['id'];
} catch (Exception $e) {
$this->logger()->logAction(ADM_ACTION, LOG_ERR, "[API] Unable to add standard-subdomain: " . $e->getMessage());
}
if ($domainid > 0) {
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `standardsubdomain` = :domainid WHERE `customerid` = :customerid
"); ");
Database::pexecute($upd_stmt, array( Database::pexecute($upd_stmt, array(
'domainid' => $domainid, 'domainid' => $domainid,
'customerid' => $result['customerid'] 'customerid' => $result['customerid']
), true, true); ), true, true);
$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] automatically added standardsubdomain for user '" . $result['loginname'] . "'"); $this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] automatically added standardsubdomain for user '" . $result['loginname'] . "'");
inserttask('1');
}
}
if ($createstdsubdomain == '0' && $result['standardsubdomain'] != '0') {
try {
$std_domain = Domains::getLocal($this->getUserData(), array(
'id' => $result['standardsubdomain'],
'is_stdsubdomain' => 1
))->delete();
} catch (Exception $e) {
$this->logger()->logAction(ADM_ACTION, LOG_ERR, "[API] Unable to delete standard-subdomain: " . $e->getMessage());
}
$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] automatically deleted standardsubdomain for user '" . $result['loginname'] . "'");
inserttask('1'); inserttask('1');
} }
}
if ($deactivated != '1') { if ($createstdsubdomain == '0' && $result['standardsubdomain'] != '0') {
$deactivated = '0'; try {
$std_domain = Domains::getLocal($this->getUserData(), array(
'id' => $result['standardsubdomain'],
'is_stdsubdomain' => 1
))->delete();
} catch (Exception $e) {
$this->logger()->logAction(ADM_ACTION, LOG_ERR, "[API] Unable to delete standard-subdomain: " . $e->getMessage());
} }
$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] automatically deleted standardsubdomain for user '" . $result['loginname'] . "'");
inserttask('1');
}
if ($phpenabled != '0') { if ($deactivated != '1') {
$phpenabled = '1'; $deactivated = '0';
} }
if ($perlenabled != '0') { if ($phpenabled != '0') {
$perlenabled = '1'; $phpenabled = '1';
} }
if ($dnsenabled != '0') { if ($perlenabled != '0') {
$dnsenabled = '1'; $perlenabled = '1';
} }
if ($phpenabled != $result['phpenabled'] || $perlenabled != $result['perlenabled']) { if ($dnsenabled != '0') {
inserttask('1'); $dnsenabled = '1';
} }
// activate/deactivate customer services if ($phpenabled != $result['phpenabled'] || $perlenabled != $result['perlenabled']) {
if ($deactivated != $result['deactivated']) { inserttask('1');
}
$yesno = (($deactivated) ? 'N' : 'Y'); // activate/deactivate customer services
$pop3 = (($deactivated) ? '0' : (int) $result['pop3']); if ($deactivated != $result['deactivated']) {
$imap = (($deactivated) ? '0' : (int) $result['imap']);
$upd_stmt = Database::prepare(" $yesno = (($deactivated) ? 'N' : 'Y');
$pop3 = (($deactivated) ? '0' : (int) $result['pop3']);
$imap = (($deactivated) ? '0' : (int) $result['imap']);
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_MAIL_USERS . "` SET `postfix`= :yesno, `pop3` = :pop3, `imap` = :imap WHERE `customerid` = :customerid UPDATE `" . TABLE_MAIL_USERS . "` SET `postfix`= :yesno, `pop3` = :pop3, `imap` = :imap WHERE `customerid` = :customerid
"); ");
Database::pexecute($upd_stmt, array( Database::pexecute($upd_stmt, array(
'yesno' => $yesno, 'yesno' => $yesno,
'pop3' => $pop3, 'pop3' => $pop3,
'imap' => $imap, 'imap' => $imap,
'customerid' => $id 'customerid' => $id
)); ));
$upd_stmt = Database::prepare(" $upd_stmt = Database::prepare("
UPDATE `" . TABLE_FTP_USERS . "` SET `login_enabled` = :yesno WHERE `customerid` = :customerid UPDATE `" . TABLE_FTP_USERS . "` SET `login_enabled` = :yesno WHERE `customerid` = :customerid
"); ");
Database::pexecute($upd_stmt, array( Database::pexecute($upd_stmt, array(
'yesno' => $yesno, 'yesno' => $yesno,
'customerid' => $id 'customerid' => $id
)); ));
$upd_stmt = Database::prepare(" $upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `deactivated`= :deactivated WHERE `customerid` = :customerid"); UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `deactivated`= :deactivated WHERE `customerid` = :customerid");
Database::pexecute($upd_stmt, array( Database::pexecute($upd_stmt, array(
'deactivated' => $deactivated, 'deactivated' => $deactivated,
'customerid' => $id 'customerid' => $id
)); ));
// Retrieve customer's databases // Retrieve customer's databases
$databases_stmt = Database::prepare("SELECT * FROM " . TABLE_PANEL_DATABASES . " WHERE customerid = :customerid ORDER BY `dbserver`"); $databases_stmt = Database::prepare("SELECT * FROM " . TABLE_PANEL_DATABASES . " WHERE customerid = :customerid ORDER BY `dbserver`");
Database::pexecute($databases_stmt, array( Database::pexecute($databases_stmt, array(
'customerid' => $id 'customerid' => $id
)); ));
Database::needRoot(true); Database::needRoot(true);
$last_dbserver = 0; $last_dbserver = 0;
$dbm = new DbManager($this->logger()); $dbm = new DbManager($this->logger());
// For each of them // For each of them
while ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) { while ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) {
if ($last_dbserver != $row_database['dbserver']) { if ($last_dbserver != $row_database['dbserver']) {
$dbm->getManager()->flushPrivileges(); $dbm->getManager()->flushPrivileges();
Database::needRoot(true, $row_database['dbserver']); Database::needRoot(true, $row_database['dbserver']);
$last_dbserver = $row_database['dbserver']; $last_dbserver = $row_database['dbserver'];
}
foreach (array_unique(explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
$mysql_access_host = trim($mysql_access_host);
// Prevent access, if deactivated
if ($deactivated) {
// failsafe if user has been deleted manually (requires MySQL 4.1.2+)
$dbm->getManager()->disableUser($row_database['databasename'], $mysql_access_host);
} else {
// Otherwise grant access
$dbm->getManager()->enableUser($row_database['databasename'], $mysql_access_host);
}
}
} }
// At last flush the new privileges foreach (array_unique(explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
$dbm->getManager()->flushPrivileges(); $mysql_access_host = trim($mysql_access_host);
Database::needRoot(false);
$this->logger()->logAction(ADM_ACTION, LOG_INFO, "[API] deactivated user '" . $result['loginname'] . "'"); // Prevent access, if deactivated
inserttask('1'); if ($deactivated) {
// failsafe if user has been deleted manually (requires MySQL 4.1.2+)
$dbm->getManager()->disableUser($row_database['databasename'], $mysql_access_host);
} else {
// Otherwise grant access
$dbm->getManager()->enableUser($row_database['databasename'], $mysql_access_host);
}
}
} }
// Disable or enable POP3 Login for customers Mail Accounts // At last flush the new privileges
if ($email_pop3 != $result['pop3']) { $dbm->getManager()->flushPrivileges();
$upd_stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "` SET `pop3` = :pop3 WHERE `customerid` = :customerid"); Database::needRoot(false);
Database::pexecute($upd_stmt, array(
'pop3' => $email_pop3,
'customerid' => $id
));
}
// Disable or enable IMAP Login for customers Mail Accounts $this->logger()->logAction(ADM_ACTION, LOG_INFO, "[API] deactivated user '" . $result['loginname'] . "'");
if ($email_imap != $result['imap']) { inserttask('1');
$upd_stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "` SET `imap` = :imap WHERE `customerid` = :customerid"); }
Database::pexecute($upd_stmt, array(
'imap' => $email_imap,
'customerid' => $id
));
}
$upd_data = array( // Disable or enable POP3 Login for customers Mail Accounts
'customerid' => $id, if ($email_pop3 != $result['pop3']) {
'passwd' => $password, $upd_stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "` SET `pop3` = :pop3 WHERE `customerid` = :customerid");
'name' => $name, Database::pexecute($upd_stmt, array(
'firstname' => $firstname,
'gender' => $gender,
'company' => $company,
'street' => $street,
'zipcode' => $zipcode,
'city' => $city,
'phone' => $phone,
'fax' => $fax,
'email' => $email,
'customerno' => $customernumber,
'lang' => $def_language,
'diskspace' => $diskspace,
'traffic' => $traffic,
'subdomains' => $subdomains,
'emails' => $emails,
'email_accounts' => $email_accounts,
'email_forwarders' => $email_forwarders,
'email_quota' => $email_quota,
'ftps' => $ftps,
'tickets' => $tickets,
'mysqls' => $mysqls,
'deactivated' => $deactivated,
'phpenabled' => $phpenabled,
'allowed_phpconfigs' => empty($allowed_phpconfigs) ? "" : json_encode($allowed_phpconfigs),
'imap' => $email_imap,
'pop3' => $email_pop3, 'pop3' => $email_pop3,
'perlenabled' => $perlenabled, 'customerid' => $id
'dnsenabled' => $dnsenabled, ));
'custom_notes' => $custom_notes, }
'custom_notes_show' => $custom_notes_show,
'theme' => $theme // Disable or enable IMAP Login for customers Mail Accounts
); if ($email_imap != $result['imap']) {
$upd_stmt = Database::prepare(" $upd_stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "` SET `imap` = :imap WHERE `customerid` = :customerid");
Database::pexecute($upd_stmt, array(
'imap' => $email_imap,
'customerid' => $id
));
}
$upd_data = array(
'customerid' => $id,
'passwd' => $password,
'name' => $name,
'firstname' => $firstname,
'gender' => $gender,
'company' => $company,
'street' => $street,
'zipcode' => $zipcode,
'city' => $city,
'phone' => $phone,
'fax' => $fax,
'email' => $email,
'customerno' => $customernumber,
'lang' => $def_language,
'diskspace' => $diskspace,
'traffic' => $traffic,
'subdomains' => $subdomains,
'emails' => $emails,
'email_accounts' => $email_accounts,
'email_forwarders' => $email_forwarders,
'email_quota' => $email_quota,
'ftps' => $ftps,
'tickets' => $tickets,
'mysqls' => $mysqls,
'deactivated' => $deactivated,
'phpenabled' => $phpenabled,
'allowed_phpconfigs' => empty($allowed_phpconfigs) ? "" : json_encode($allowed_phpconfigs),
'imap' => $email_imap,
'pop3' => $email_pop3,
'perlenabled' => $perlenabled,
'dnsenabled' => $dnsenabled,
'custom_notes' => $custom_notes,
'custom_notes_show' => $custom_notes_show,
'theme' => $theme
);
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
`name` = :name, `name` = :name,
`firstname` = :firstname, `firstname` = :firstname,
@@ -1090,136 +1080,134 @@ class Customers extends ApiCommand implements ResourceEntity
`theme` = :theme `theme` = :theme
WHERE `customerid` = :customerid WHERE `customerid` = :customerid
"); ");
Database::pexecute($upd_stmt, $upd_data); Database::pexecute($upd_stmt, $upd_data);
if ($this->isAdmin()) { if ($this->isAdmin()) {
// Using filesystem - quota, insert a task which cleans the filesystem - quota // Using filesystem - quota, insert a task which cleans the filesystem - quota
inserttask('10'); inserttask('10');
$admin_update_query = "UPDATE `" . TABLE_PANEL_ADMINS . "` SET `customers_used` = `customers_used` "; $admin_update_query = "UPDATE `" . TABLE_PANEL_ADMINS . "` SET `customers_used` = `customers_used` ";
if ($mysqls != '-1' || $result['mysqls'] != '-1') { if ($mysqls != '-1' || $result['mysqls'] != '-1') {
$admin_update_query .= ", `mysqls_used` = `mysqls_used` "; $admin_update_query .= ", `mysqls_used` = `mysqls_used` ";
if ($mysqls != '-1') { if ($mysqls != '-1') {
$admin_update_query .= " + 0" . (int) $mysqls . " "; $admin_update_query .= " + 0" . (int) $mysqls . " ";
}
if ($result['mysqls'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['mysqls'] . " ";
}
} }
if ($result['mysqls'] != '-1') {
if ($emails != '-1' || $result['emails'] != '-1') { $admin_update_query .= " - 0" . (int) $result['mysqls'] . " ";
$admin_update_query .= ", `emails_used` = `emails_used` ";
if ($emails != '-1') {
$admin_update_query .= " + 0" . (int) $emails . " ";
}
if ($result['emails'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['emails'] . " ";
}
}
if ($email_accounts != '-1' || $result['email_accounts'] != '-1') {
$admin_update_query .= ", `email_accounts_used` = `email_accounts_used` ";
if ($email_accounts != '-1') {
$admin_update_query .= " + 0" . (int) $email_accounts . " ";
}
if ($result['email_accounts'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['email_accounts'] . " ";
}
}
if ($email_forwarders != '-1' || $result['email_forwarders'] != '-1') {
$admin_update_query .= ", `email_forwarders_used` = `email_forwarders_used` ";
if ($email_forwarders != '-1') {
$admin_update_query .= " + 0" . (int) $email_forwarders . " ";
}
if ($result['email_forwarders'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['email_forwarders'] . " ";
}
}
if ($email_quota != '-1' || $result['email_quota'] != '-1') {
$admin_update_query .= ", `email_quota_used` = `email_quota_used` ";
if ($email_quota != '-1') {
$admin_update_query .= " + 0" . (int) $email_quota . " ";
}
if ($result['email_quota'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['email_quota'] . " ";
}
}
if ($subdomains != '-1' || $result['subdomains'] != '-1') {
$admin_update_query .= ", `subdomains_used` = `subdomains_used` ";
if ($subdomains != '-1') {
$admin_update_query .= " + 0" . (int) $subdomains . " ";
}
if ($result['subdomains'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['subdomains'] . " ";
}
}
if ($ftps != '-1' || $result['ftps'] != '-1') {
$admin_update_query .= ", `ftps_used` = `ftps_used` ";
if ($ftps != '-1') {
$admin_update_query .= " + 0" . (int) $ftps . " ";
}
if ($result['ftps'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['ftps'] . " ";
}
}
if ($tickets != '-1' || $result['tickets'] != '-1') {
$admin_update_query .= ", `tickets_used` = `tickets_used` ";
if ($tickets != '-1') {
$admin_update_query .= " + 0" . (int) $tickets . " ";
}
if ($result['tickets'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['tickets'] . " ";
}
}
if (($diskspace / 1024) != '-1' || ($result['diskspace'] / 1024) != '-1') {
$admin_update_query .= ", `diskspace_used` = `diskspace_used` ";
if (($diskspace / 1024) != '-1') {
$admin_update_query .= " + 0" . (int) $diskspace . " ";
}
if (($result['diskspace'] / 1024) != '-1') {
$admin_update_query .= " - 0" . (int) $result['diskspace'] . " ";
}
}
$admin_update_query .= " WHERE `adminid` = '" . (int) $result['adminid'] . "'";
Database::query($admin_update_query);
}
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] edited user '" . $result['loginname'] . "'");
/*
* move customer to another admin/reseller; #1166
*/
if ($move_to_admin > 0 && $move_to_admin != $result['adminid']) {
$json_result = Customers::getLocal($this->getUserData(), array(
'id' => $result['customerid'],
'adminid' => $move_to_admin
))->move();
$move_result = json_decode($json_result, true)['data'];
if ($move_result != true) {
standard_error('moveofcustomerfailed', $move_result, true);
} }
} }
return $this->response(200, "successfull", $upd_data); if ($emails != '-1' || $result['emails'] != '-1') {
$admin_update_query .= ", `emails_used` = `emails_used` ";
if ($emails != '-1') {
$admin_update_query .= " + 0" . (int) $emails . " ";
}
if ($result['emails'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['emails'] . " ";
}
}
if ($email_accounts != '-1' || $result['email_accounts'] != '-1') {
$admin_update_query .= ", `email_accounts_used` = `email_accounts_used` ";
if ($email_accounts != '-1') {
$admin_update_query .= " + 0" . (int) $email_accounts . " ";
}
if ($result['email_accounts'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['email_accounts'] . " ";
}
}
if ($email_forwarders != '-1' || $result['email_forwarders'] != '-1') {
$admin_update_query .= ", `email_forwarders_used` = `email_forwarders_used` ";
if ($email_forwarders != '-1') {
$admin_update_query .= " + 0" . (int) $email_forwarders . " ";
}
if ($result['email_forwarders'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['email_forwarders'] . " ";
}
}
if ($email_quota != '-1' || $result['email_quota'] != '-1') {
$admin_update_query .= ", `email_quota_used` = `email_quota_used` ";
if ($email_quota != '-1') {
$admin_update_query .= " + 0" . (int) $email_quota . " ";
}
if ($result['email_quota'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['email_quota'] . " ";
}
}
if ($subdomains != '-1' || $result['subdomains'] != '-1') {
$admin_update_query .= ", `subdomains_used` = `subdomains_used` ";
if ($subdomains != '-1') {
$admin_update_query .= " + 0" . (int) $subdomains . " ";
}
if ($result['subdomains'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['subdomains'] . " ";
}
}
if ($ftps != '-1' || $result['ftps'] != '-1') {
$admin_update_query .= ", `ftps_used` = `ftps_used` ";
if ($ftps != '-1') {
$admin_update_query .= " + 0" . (int) $ftps . " ";
}
if ($result['ftps'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['ftps'] . " ";
}
}
if ($tickets != '-1' || $result['tickets'] != '-1') {
$admin_update_query .= ", `tickets_used` = `tickets_used` ";
if ($tickets != '-1') {
$admin_update_query .= " + 0" . (int) $tickets . " ";
}
if ($result['tickets'] != '-1') {
$admin_update_query .= " - 0" . (int) $result['tickets'] . " ";
}
}
if (($diskspace / 1024) != '-1' || ($result['diskspace'] / 1024) != '-1') {
$admin_update_query .= ", `diskspace_used` = `diskspace_used` ";
if (($diskspace / 1024) != '-1') {
$admin_update_query .= " + 0" . (int) $diskspace . " ";
}
if (($result['diskspace'] / 1024) != '-1') {
$admin_update_query .= " - 0" . (int) $result['diskspace'] . " ";
}
}
$admin_update_query .= " WHERE `adminid` = '" . (int) $result['adminid'] . "'";
Database::query($admin_update_query);
} }
throw new Exception("Not allowed to execute given command.", 403);
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] edited user '" . $result['loginname'] . "'");
/*
* move customer to another admin/reseller; #1166
*/
if ($move_to_admin > 0 && $move_to_admin != $result['adminid']) {
$json_result = Customers::getLocal($this->getUserData(), array(
'id' => $result['customerid'],
'adminid' => $move_to_admin
))->move();
$move_result = json_decode($json_result, true)['data'];
if ($move_result != true) {
standard_error('moveofcustomerfailed', $move_result, true);
}
}
return $this->response(200, "successfull", $upd_data);
} }
/** /**
@@ -1241,13 +1229,9 @@ class Customers extends ApiCommand implements ResourceEntity
if ($this->isAdmin()) { if ($this->isAdmin()) {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
$delete_userfiles = $this->getParam('delete_userfiles', true, 0); $delete_userfiles = $this->getParam('delete_userfiles', true, 0);
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Customers::getLocal($this->getUserData(), array( $json_result = Customers::getLocal($this->getUserData(), array(
'id' => $id, 'id' => $id,
'loginname' => $loginname 'loginname' => $loginname
@@ -1487,11 +1471,7 @@ class Customers extends ApiCommand implements ResourceEntity
if ($this->isAdmin()) { if ($this->isAdmin()) {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
$loginname = $this->getParam('loginname', $ln_optional, ''); $loginname = trim($this->getParam('loginname', $ln_optional, ''));
if ($id <= 0 && empty($loginname)) {
throw new Exception("Either 'id' or 'loginname' parameter must be given", 406);
}
$json_result = Customers::getLocal($this->getUserData(), array( $json_result = Customers::getLocal($this->getUserData(), array(
'id' => $id, 'id' => $id,

20
lib/classes/api/commands/class.Domains.php
View File

@@ -73,13 +73,8 @@ class Domains extends ApiCommand implements ResourceEntity
if ($this->isAdmin()) { if ($this->isAdmin()) {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true); $dn_optional = ($id <= 0 ? false : true);
$domainname = $this->getParam('domainname', $dn_optional, ''); $domainname = trim($this->getParam('domainname', $dn_optional, ''));
$no_std_subdomain = $this->getParam('no_std_subdomain', true, false); $no_std_subdomain = $this->getParam('no_std_subdomain', true, false);
$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] get domain #" . $id);
if ($id <= 0 && empty($domainname)) {
throw new Exception("Either 'id' or 'domainname' parameter must be given", 406);
}
// convert possible idn domain to punycode // convert possible idn domain to punycode
if (substr($domainname, 0, 4) != 'xn--') { if (substr($domainname, 0, 4) != 'xn--') {
@@ -101,6 +96,7 @@ class Domains extends ApiCommand implements ResourceEntity
} }
$result = Database::pexecute_first($result_stmt, $params, true, true); $result = Database::pexecute_first($result_stmt, $params, true, true);
if ($result) { if ($result) {
$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] get domain '" . $result['domain'] . "'");
return $this->response(200, "successfull", $result); return $this->response(200, "successfull", $result);
} }
$key = ($id > 0 ? "id #" . $id : "domainname '" . $domainname . "'"); $key = ($id > 0 ? "id #" . $id : "domainname '" . $domainname . "'");
@@ -778,11 +774,7 @@ class Domains extends ApiCommand implements ResourceEntity
// parameters // parameters
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true); $dn_optional = ($id <= 0 ? false : true);
$domainname = $this->getParam('domainname', $dn_optional, ''); $domainname = trim($this->getParam('domainname', $dn_optional, ''));
if ($id <= 0 && empty($domainname)) {
throw new Exception("Either 'id' or 'domainname' parameter must be given", 406);
}
// get requested domain // get requested domain
$json_result = Domains::getLocal($this->getUserData(), array( $json_result = Domains::getLocal($this->getUserData(), array(
@@ -1595,14 +1587,10 @@ class Domains extends ApiCommand implements ResourceEntity
if ($this->isAdmin()) { if ($this->isAdmin()) {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true); $dn_optional = ($id <= 0 ? false : true);
$domainname = $this->getParam('domainname', $dn_optional, ''); $domainname = trim($this->getParam('domainname', $dn_optional, ''));
$is_stdsubdomain = $this->getParam('is_stdsubdomain', true, 0); $is_stdsubdomain = $this->getParam('is_stdsubdomain', true, 0);
$remove_subbutmain_domains = $this->getParam('delete_mainsubdomains', true, 0); $remove_subbutmain_domains = $this->getParam('delete_mainsubdomains', true, 0);
if ($id <= 0 && empty($domainname)) {
throw new Exception("Either 'id' or 'domainname' parameter must be given", 406);
}
$json_result = Domains::getLocal($this->getUserData(), array( $json_result = Domains::getLocal($this->getUserData(), array(
'id' => $id, 'id' => $id,
'domainname' => $domainname 'domainname' => $domainname

6
lib/classes/api/commands/class.Ftps.php
View File

@@ -37,11 +37,7 @@ class Ftps extends ApiCommand implements ResourceEntity
{ {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$un_optional = ($id <= 0 ? false : true); $un_optional = ($id <= 0 ? false : true);
$username = $this->getParam('username', $un_optional, ''); $username = trim($this->getParam('username', $un_optional, ''));
if ($id <= 0 && empty($username)) {
throw new Exception("Either 'id' or 'username' parameter must be given", 406);
}
$params = array(); $params = array();
if ($this->isAdmin()) { if ($this->isAdmin()) {

18
lib/classes/api/commands/class.Mysqls.php
View File

@@ -238,13 +238,9 @@ class Mysqls extends ApiCommand implements ResourceEntity
{ {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true); $dn_optional = ($id <= 0 ? false : true);
$dbname = $this->getParam('dbname', $dn_optional, ''); $dbname = trim($this->getParam('dbname', $dn_optional, ''));
$dbserver = $this->getParam('mysql_server', true, - 1); $dbserver = $this->getParam('mysql_server', true, - 1);
if ($id <= 0 && empty($dbname)) {
throw new Exception("Either 'id' or 'dbname' parameter must be given", 406);
}
if ($this->isAdmin()) { if ($this->isAdmin()) {
if ($this->getUserDetail('customers_see_all') != 1) { if ($this->getUserDetail('customers_see_all') != 1) {
// if it's a reseller or an admin who cannot see all customers, we need to check // if it's a reseller or an admin who cannot see all customers, we need to check
@@ -341,13 +337,9 @@ class Mysqls extends ApiCommand implements ResourceEntity
{ {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true); $dn_optional = ($id <= 0 ? false : true);
$dbname = $this->getParam('dbname', $dn_optional, ''); $dbname = trim($this->getParam('dbname', $dn_optional, ''));
$dbserver = $this->getParam('mysql_server', true, - 1); $dbserver = $this->getParam('mysql_server', true, - 1);
if ($id <= 0 && empty($dbname)) {
throw new Exception("Either 'id' or 'dbname' parameter must be given", 406);
}
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) { if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) {
throw new Exception("You cannot access this resource", 405); throw new Exception("You cannot access this resource", 405);
} }
@@ -549,13 +541,9 @@ class Mysqls extends ApiCommand implements ResourceEntity
{ {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true); $dn_optional = ($id <= 0 ? false : true);
$dbname = $this->getParam('dbname', $dn_optional, ''); $dbname = trim($this->getParam('dbname', $dn_optional, ''));
$dbserver = $this->getParam('mysql_server', true, - 1); $dbserver = $this->getParam('mysql_server', true, - 1);
if ($id <= 0 && empty($dbname)) {
throw new Exception("Either 'id' or 'dbname' parameter must be given", 406);
}
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) { if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) {
throw new Exception("You cannot access this resource", 405); throw new Exception("You cannot access this resource", 405);
} }

2
lib/functions/output/function.standard_error.php
View File

@@ -61,7 +61,7 @@ function standard_error($errors = '', $replacer = '', $throw_exception = false)
} }
if ($throw_exception) { if ($throw_exception) {
throw new Exception($error, 400); throw new Exception(strip_tags($error), 400);
} }
eval("echo \"" . getTemplate('misc/error', '1') . "\";"); eval("echo \"" . getTemplate('misc/error', '1') . "\";");
exit; exit;