From b8c0688ba0639163ea0ae3ff0137c1a46beea018 Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Thu, 11 Feb 2021 12:09:42 +0100 Subject: [PATCH] added possibility to use 'in' sql-operation in sql_where parameter for Api-calls; php-8 compat fix in admin_traffic Signed-off-by: Michael Kaufmann --- admin_traffic.php | 34 +++++++++++++++++++++------------- lib/Froxlor/Api/ApiCommand.php | 9 ++++++++- 2 files changed, 29 insertions(+), 14 deletions(-) diff --git a/admin_traffic.php b/admin_traffic.php index a7f22f4f..942f47cb 100644 --- a/admin_traffic.php +++ b/admin_traffic.php @@ -56,6 +56,26 @@ if ($page == 'overview' || $page == 'customers') { $maxyears = date("Y") - $minyear['year']; } + $params = []; + if ($userinfo['customers_see_all'] == '0') { + $params = [ + 'id' => $userinfo['adminid'] + ]; + } + $customer_name_list_stmt = Database::prepare(" + SELECT `customerid`,`company`,`name`,`firstname` + FROM `" . TABLE_PANEL_CUSTOMERS . "` + WHERE `deactivated`='0'" . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :id") . " + ORDER BY name" + ); + + $traffic_list_stmt = Database::prepare(" + SELECT month, SUM(http+ftp_up+ftp_down+mail)*1024 AS traffic + FROM `" . TABLE_PANEL_TRAFFIC . "` + WHERE year = :year AND `customerid` = :id + GROUP BY month ORDER BY month" + ); + for ($years = 0; $years <= $maxyears; $years ++) { $overview['year'] = date("Y") - $years; @@ -76,14 +96,7 @@ if ($page == 'overview' || $page == 'customers') { 'dec' => 0 ); - $customer_name_list_stmt = Database::prepare(" - SELECT `customerid`,`company`,`name`,`firstname` - FROM `" . TABLE_PANEL_CUSTOMERS . "` - WHERE `deactivated`='0'" . ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :id") . " - ORDER BY name"); - Database::pexecute($customer_name_list_stmt, array( - 'id' => $userinfo['adminid'] - )); + Database::pexecute($customer_name_list_stmt, $params); while ($customer_name = $customer_name_list_stmt->fetch(PDO::FETCH_ASSOC)) { @@ -104,11 +117,6 @@ if ($page == 'overview' || $page == 'customers') { 'dec' => '-' ); - $traffic_list_stmt = Database::prepare(" - SELECT month, SUM(http+ftp_up+ftp_down+mail)*1024 AS traffic - FROM `" . TABLE_PANEL_TRAFFIC . "` - WHERE year = :year AND `customerid` = :id - GROUP BY month ORDER BY month"); Database::pexecute($traffic_list_stmt, array( 'year' => (date("Y") - $years), 'id' => $customer_name['customerid'] diff --git a/lib/Froxlor/Api/ApiCommand.php b/lib/Froxlor/Api/ApiCommand.php index 77fc415e..f561ccf8 100644 --- a/lib/Froxlor/Api/ApiCommand.php +++ b/lib/Froxlor/Api/ApiCommand.php @@ -310,6 +310,13 @@ abstract class ApiCommand extends ApiParameter } elseif (in_array($valoper['op'], $ops)) { $condition .= $field . ' ' . $valoper['op'] . ':' . $cleanfield; $query_fields[':' . $cleanfield] = $valoper['value'] ?? ''; + } elseif (strtolower($valoper['op']) == 'in' && is_array($valoper['value']) && count($valoper['value']) > 0) { + $condition .= $field . ' ' . $valoper['op'] . ' ('; + foreach ($valoper['value'] as $incnt => $invalue) { + $condition .= ":" . $cleanfield . $incnt . ", "; + $query_fields[':' . $cleanfield . $incnt] = $invalue ?? ''; + } + $condition = substr($condition, 0, - 2) . ')'; } else { continue; } @@ -518,7 +525,7 @@ abstract class ApiCommand extends ApiParameter $customer_ids[] = $customer['customerid']; } } else { - if (!$this->isInternal() && ! empty($customer_hide_option) && \Froxlor\Settings::IsInList('panel.customer_hide_options', $customer_hide_option)) { + if (! $this->isInternal() && ! empty($customer_hide_option) && \Froxlor\Settings::IsInList('panel.customer_hide_options', $customer_hide_option)) { throw new \Exception("You cannot access this resource", 405); } $customer_ids = array(