From b0449165f9b024c743bb5b0b46a40befdfd173f0 Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Thu, 4 Apr 2013 21:08:47 +0200 Subject: [PATCH] when editing an admin/reseller check if the changed resources are still at least as much as the admin/reseller used already Signed-off-by: Michael Kaufmann (d00p) --- admin_admins.php | 218 ++++++++++++++++++++++++-------------------- lng/english.lng.php | 1 + lng/german.lng.php | 1 + 3 files changed, 123 insertions(+), 97 deletions(-) diff --git a/admin_admins.php b/admin_admins.php index 43ac1f93..ad6ec656 100644 --- a/admin_admins.php +++ b/admin_admins.php @@ -47,26 +47,6 @@ if($page == 'admins' 'diskspace_used' => $lng['customer']['diskspace'] . ' (' . $lng['panel']['used'] . ')', 'traffic' => $lng['customer']['traffic'], 'traffic_used' => $lng['customer']['traffic'] . ' (' . $lng['panel']['used'] . ')', -/* - 'mysqls' => $lng['customer']['mysqls'], - 'mysqls_used' => $lng['customer']['mysqls'] . ' (' . $lng['panel']['used'] . ')', - 'ftps' => $lng['customer']['ftps'], - 'ftps_used' => $lng['customer']['ftps'] . ' (' . $lng['panel']['used'] . ')', - 'tickets' => $lng['customer']['tickets'], - 'tickets_used' => $lng['customer']['tickets'] . ' (' . $lng['panel']['used'] . ')', - 'subdomains' => $lng['customer']['subdomains'], - 'subdomains_used' => $lng['customer']['subdomains'] . ' (' . $lng['panel']['used'] . ')', - 'emails' => $lng['customer']['emails'], - 'emails_used' => $lng['customer']['emails'] . ' (' . $lng['panel']['used'] . ')', - 'email_accounts' => $lng['customer']['accounts'], - 'email_accounts_used' => $lng['customer']['accounts'] . ' (' . $lng['panel']['used'] . ')', - 'email_forwarders' => $lng['customer']['forwarders'], - 'email_forwarders_used' => $lng['customer']['forwarders'] . ' (' . $lng['panel']['used'] . ')', - 'email_quota' => $lng['customer']['email_quota'], - 'email_quota_used' => $lng['customer']['email_quota'] . ' (' . $lng['panel']['used'] . ')', - 'email_autoresponder' => $lng['customer']['autoresponder'], - 'email_autoresponder_used' => $lng['customer']['autoresponder'] . ' (' . $lng['panel']['used'] . ')', -*/ 'deactivated' => $lng['admin']['deactivated'] ); $paging = new paging($userinfo, $db, TABLE_PANEL_ADMINS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']); @@ -545,113 +525,84 @@ if($page == 'admins' $password = validate($_POST['admin_password'], 'new password'); $def_language = validate($_POST['def_language'], 'default language'); $deactivated = isset($_POST['deactivated']) ? 1 : 0; - $customers = intval_ressource($_POST['customers']); - if(isset($_POST['customers_ul'])) - { - $customers = - 1; + $customers = intval_ressource($_POST['customers']); + if (isset($_POST['customers_ul'])) { + $customers = -1; } $domains = intval_ressource($_POST['domains']); - - if(isset($_POST['domains_ul'])) - { - $domains = - 1; + if (isset($_POST['domains_ul'])) { + $domains = -1; } $subdomains = intval_ressource($_POST['subdomains']); - - if(isset($_POST['subdomains_ul'])) - { - $subdomains = - 1; + if (isset($_POST['subdomains_ul'])) { + $subdomains = -1; } $emails = intval_ressource($_POST['emails']); - - if(isset($_POST['emails_ul'])) - { - $emails = - 1; + if (isset($_POST['emails_ul'])) { + $emails = -1; } $email_accounts = intval_ressource($_POST['email_accounts']); - - if(isset($_POST['email_accounts_ul'])) - { - $email_accounts = - 1; + if (isset($_POST['email_accounts_ul'])) { + $email_accounts = -1; } $email_forwarders = intval_ressource($_POST['email_forwarders']); - - if(isset($_POST['email_forwarders_ul'])) - { - $email_forwarders = - 1; + if (isset($_POST['email_forwarders_ul'])) { + $email_forwarders = -1; } - if($settings['system']['mail_quota_enabled'] == '1') - { + if ($settings['system']['mail_quota_enabled'] == '1') { $email_quota = validate($_POST['email_quota'], 'email_quota', '/^\d+$/', 'vmailquotawrong', array('0', '')); - - if(isset($_POST['email_quota_ul'])) - { - $email_quota = - 1; + if (isset($_POST['email_quota_ul'])) { + $email_quota = -1; } - } - else - { - $email_quota = - 1; + } else { + $email_quota = -1; } - if($settings['autoresponder']['autoresponder_active'] == '1') - { + if ($settings['autoresponder']['autoresponder_active'] == '1') { $email_autoresponder = intval_ressource($_POST['email_autoresponder']); - - if(isset($_POST['email_autoresponder_ul'])) - { - $email_autoresponder = - 1; + if (isset($_POST['email_autoresponder_ul'])) { + $email_autoresponder = -1; } - } - else - { + } else { $email_autoresponder = 0; } $ftps = intval_ressource($_POST['ftps']); - - if(isset($_POST['ftps_ul'])) - { - $ftps = - 1; + if (isset($_POST['ftps_ul'])) { + $ftps = -1; } - if($settings['ticket']['enabled'] == 1) - { + if ($settings['ticket']['enabled'] == 1) { $tickets = intval_ressource($_POST['tickets']); - - if(isset($_POST['tickets_ul'])) - { - $tickets = - 1; + if (isset($_POST['tickets_ul'])) { + $tickets = -1; } - } - else - { + } else { $tickets = 0; } $mysqls = intval_ressource($_POST['mysqls']); - - if(isset($_POST['mysqls_ul'])) - { + if (isset($_POST['mysqls_ul'])) { $mysqls = - 1; } - $number_of_aps_packages = intval_ressource($_POST['number_of_aps_packages']); - - if(isset($_POST['number_of_aps_packages_ul'])) - { - $number_of_aps_packages = - 1; + if ($settings['aps']['aps_active'] == '1') { + $number_of_aps_packages = intval_ressource($_POST['number_of_aps_packages']); + if (isset($_POST['number_of_aps_packages_ul'])) { + $number_of_aps_packages = -1; + } + $can_manage_aps_packages = isset($_POST['can_manage_aps_packages']) ? 1 : 0; + } else { + $number_of_aps_packages = 0; } - $can_manage_aps_packages = isset($_POST['can_manage_aps_packages']) ? 1 : 0; - $customers_see_all = 0; if(isset($_POST['customers_see_all'])) $customers_see_all = intval($_POST['customers_see_all']); @@ -663,27 +614,23 @@ if($page == 'admins' $caneditphpsettings = 0; if(isset($_POST['caneditphpsettings'])) $caneditphpsettings = intval($_POST['caneditphpsettings']); - + $change_serversettings = 0; if(isset($_POST['change_serversettings'])) $change_serversettings = isset($_POST['change_serversettings']) ? 1 : 0; - - $diskspace = intval($_POST['diskspace']); $tickets_see_all = 0; if (isset($_POST['tickets_see_all'])) $tickets_see_all = intval($_POST['tickets_see_all']); - if(isset($_POST['diskspace_ul'])) - { - $diskspace = - 1; + $diskspace = intval($_POST['diskspace']); + if (isset($_POST['diskspace_ul'])) { + $diskspace = -1; } $traffic = doubleval_ressource($_POST['traffic']); - - if(isset($_POST['traffic_ul'])) - { - $traffic = - 1; + if (isset($_POST['traffic_ul'])) { + $traffic = -1; } $diskspace = $diskspace * 1024; @@ -744,7 +691,84 @@ if($page == 'admins' $tickets_see_all = '0'; } - $db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `name`='" . $db->escape($name) . "', `email`='" . $db->escape($email) . "', `def_language`='" . $db->escape($def_language) . "', `change_serversettings` = '" . $db->escape($change_serversettings) . "', `customers` = '" . $db->escape($customers) . "', `customers_see_all` = '" . $db->escape($customers_see_all) . "', `domains` = '" . $db->escape($domains) . "', `domains_see_all` = '" . $db->escape($domains_see_all) . "', `caneditphpsettings` = '" . (int)$caneditphpsettings . "', `password` = '" . $password . "', `diskspace`='" . $db->escape($diskspace) . "', `traffic`='" . $db->escape($traffic) . "', `subdomains`='" . $db->escape($subdomains) . "', `emails`='" . $db->escape($emails) . "', `email_accounts` = '" . $db->escape($email_accounts) . "', `email_forwarders`='" . $db->escape($email_forwarders) . "', `email_quota`='" . $db->escape($email_quota) . "', `email_autoresponder`='" . $db->escape($email_autoresponder) . "', `ftps`='" . $db->escape($ftps) . "', `tickets`='" . $db->escape($tickets) . "', `tickets_see_all`='".$db->escape($tickets_see_all) . "', `mysqls`='" . $db->escape($mysqls) . "', `ip`='" . (int)$ipaddress . "', `deactivated`='" . $db->escape($deactivated) . "', `can_manage_aps_packages`=" . (int)$can_manage_aps_packages . ", `aps_packages`=" . (int)$number_of_aps_packages . " WHERE `adminid`='" . $db->escape($id) . "'"); + // check if a resource was set to something lower + // than actually used by the admin/reseller + $res_warning = ""; + if ($customers != $result['customers'] && $customers < $result['customers_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'customers'); + } + if ($domains != $result['domains'] && $domains < $result['domains_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'domains'); + } + if ($diskspace != $result['diskspace'] && ($diskspace / 1024) != -1 && $diskspace < $result['diskspace_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'diskspace'); + } + if ($traffic != $result['traffic'] && ($traffic / 1024 / 1024) != -1 && $traffic < $result['traffic_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'traffic'); + } + if ($emails != $result['emails'] && $emails < $result['emails_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'emails'); + } + if ($email_accounts != $result['email_accounts'] && $email_accounts < $result['email_accounts_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email accounts'); + } + if ($email_forwarders != $result['email_forwarders'] && $email_forwarders < $result['email_forwarders_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email forwarders'); + } + if ($email_quota != $result['email_quota'] && $email_quota < $result['email_quota_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email quota'); + } + if ($email_autoresponder != $result['email_autoresponder'] && $email_autoresponder < $result['email_autoresponder_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'email autoresponder'); + } + if ($ftps != $result['ftps'] && $ftps < $result['ftps_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'ftps'); + } + if ($tickets != $result['tickets'] && $tickets < $result['tickets_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'tickets'); + } + if ($mysqls != $result['mysqls'] && $mysqls < $result['mysqls_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'mysqls'); + } + if ($number_of_aps_packages != $result['aps_packages'] && $number_of_aps_packages < $result['aps_packages_used']) { + $res_warning .= sprintf($lng['error']['setlessthanalreadyused'], 'aps packages'); + } + + if ($res_warning != "") { + $link = ''; + $error = $res_warning; + eval("echo \"" . getTemplate('misc/error', '1') . "\";"); + exit; + } + + $db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET + `name`='" . $db->escape($name) . "', + `email`='" . $db->escape($email) . "', + `def_language`='" . $db->escape($def_language) . "', + `change_serversettings` = '" . $db->escape($change_serversettings) . "', + `customers` = '" . $db->escape($customers) . "', + `customers_see_all` = '" . $db->escape($customers_see_all) . "', + `domains` = '" . $db->escape($domains) . "', + `domains_see_all` = '" . $db->escape($domains_see_all) . "', + `caneditphpsettings` = '" . (int)$caneditphpsettings . "', + `password` = '" . $password . "', + `diskspace`='" . $db->escape($diskspace) . "', + `traffic`='" . $db->escape($traffic) . "', + `subdomains`='" . $db->escape($subdomains) . "', + `emails`='" . $db->escape($emails) . "', + `email_accounts` = '" . $db->escape($email_accounts) . "', + `email_forwarders`='" . $db->escape($email_forwarders) . "', + `email_quota`='" . $db->escape($email_quota) . "', + `email_autoresponder`='" . $db->escape($email_autoresponder) . "', + `ftps`='" . $db->escape($ftps) . "', + `tickets`='" . $db->escape($tickets) . "', + `tickets_see_all`='".$db->escape($tickets_see_all) . "', + `mysqls`='" . $db->escape($mysqls) . "', + `ip`='" . (int)$ipaddress . "', + `deactivated`='" . $db->escape($deactivated) . "', + `can_manage_aps_packages`=" . (int)$can_manage_aps_packages . ", + `aps_packages`=" . (int)$number_of_aps_packages . " + WHERE `adminid`='" . $db->escape($id) . "'"); $log->logAction(ADM_ACTION, LOG_INFO, "edited admin '#" . $id . "'"); $redirect_props = Array( 'page' => $page, diff --git a/lng/english.lng.php b/lng/english.lng.php index f790177b..f8463526 100644 --- a/lng/english.lng.php +++ b/lng/english.lng.php @@ -1928,3 +1928,4 @@ $lng['serversettings']['documentroot_use_default_value']['description'] = 'If en $lng['error']['usercurrentlydeactivated'] = 'The user %s is currently deactivated'; $lng['admin']['speciallogfile']['title'] = 'Separate logfile'; $lng['admin']['speciallogfile']['description'] = 'Enable this to get a separate access-log file for this domain'; +$lng['error']['setlessthanalreadyused'] = 'You cannot set less resources of \'%s\' than this user already used'; diff --git a/lng/german.lng.php b/lng/german.lng.php index 45e13214..9657beae 100644 --- a/lng/german.lng.php +++ b/lng/german.lng.php @@ -1653,3 +1653,4 @@ $lng['serversettings']['documentroot_use_default_value']['description'] = 'Wenn $lng['error']['usercurrentlydeactivated'] = 'Der Benutzer %s ist derzeit deaktiviert'; $lng['admin']['speciallogfile']['title'] = 'Eigene Log-Datei'; $lng['admin']['speciallogfile']['description'] = 'Aktiviere diese Option, um für diese Domain eine eigene Access-Log Datei zu erhalten'; +$lng['error']['setlessthanalreadyused'] = 'Es können nicht weniger Resourcen von \'%s\' gesetzt werden, als der Benutzer bereits vergeben hat';