-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathddns_token_edit.php
157 lines (132 loc) · 9.51 KB
/
ddns_token_edit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?php
require_once('../../lib/config.inc.php');
require_once('../../lib/app.inc.php');
/** @var app $app */
/** @var auth $auth */
$auth = $app->auth;
/******************************************
* Begin Form configuration
******************************************/
$tform_def_file = 'form/ddns_token.tform.php';
/******************************************
* End Form configuration
******************************************/
//* Check permissions for module
$auth->check_module_permissions('dns');
$app->uses('tpl,tform,tform_actions');
$app->load('tform_actions');
// Create a class page_action that extends the tform_actions base class
class page_action extends tform_actions {
function onBeforeInsert()
{
global $app, $conf;
if($this->id <= 0) {
try {
// generate 48 character hex string (192 bits of entropy)
$this->dataRecord['token'] = bin2hex(random_bytes(24));
} catch (Exception $e) {
$app->tform->errorMessage = "Unable to generate random token: " . $e->getMessage();
}
}
parent::onBeforeInsert();
}
function onShowEnd() {
global $app, $conf;
// If user is admin, we will allow him to select to whom this record belongs
if($_SESSION["s"]["user"]["typ"] == 'admin') {
// Getting all users
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql);
$clients = $app->functions->htmlentities($clients);
$client_select = '';
if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
if(is_array($clients)) {
foreach( $clients as $client) {
$selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
$client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";
}
}
$app->tpl->setVar("client_group_id", $client_select);
} else if($app->auth->has_clients($_SESSION['s']['user']['userid'])) {
// Get the limits of the client
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client = $app->functions->htmlentities($client);
// Fill the client select field
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
$clients = $app->functions->htmlentities($clients);
$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client['client_id']);
$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
//$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
foreach( $clients as $client) {
$selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
$client_select .= "<option value='$client[groupid]' $selected>$client[contactname]</option>\r\n";
}
}
$app->tpl->setVar("client_group_id", $client_select);
}
parent::onShowEnd();
}
function onSubmit() {
global $app, $conf;
# statically limit the record to this server only (issue #11)
$this->dataRecord['server_id'] = $conf['server_id'];
if($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) unset($this->dataRecord["client_group_id"]);
parent::onSubmit();
}
function onAfterInsert() {
global $app, $conf;
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
$app->db->query("UPDATE ddns_token SET sys_groupid = ?, sys_perm_group = 'riud' WHERE id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client = $app->functions->htmlentities($client);
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
$clients = $app->functions->htmlentities($clients);
$valid_group_ids = array();
if(is_array($clients)) {
foreach( $clients as $client) {
array_push($valid_group_ids, $client['groupid']);
}
}
if (array_search($this->dataRecord["client_group_id"], $valid_group_ids)) {
$set_client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
$app->db->query("UPDATE ddns_token SET sys_groupid = ?, sys_perm_group = 'riud' WHERE id = ?", $set_client_group_id, $this->id);
}
}
}
function onAfterUpdate() {
global $app, $conf;
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
$app->db->query("UPDATE ddns_token SET sys_groupid = ?, sys_perm_group = 'riud' WHERE id = ?", $client_group_id, $this->id);
}
if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
$client_group_id = intval($_SESSION["s"]["user"]["default_group"]);
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
$client = $app->functions->htmlentities($client);
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
$clients = $app->db->queryAllRecords($sql, $client['client_id']);
$clients = $app->functions->htmlentities($clients);
$valid_group_ids = array();
if(is_array($clients)) {
foreach( $clients as $client) {
array_push($valid_group_ids, $client['groupid']);
}
}
if (array_search($this->dataRecord["client_group_id"], $valid_group_ids)) {
$set_client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
$app->db->query("UPDATE ddns_token SET sys_groupid = ?, sys_perm_group = 'riud' WHERE id = ?", $set_client_group_id, $this->id);
}
}
}
}
$page = new page_action();
$page->onLoad();
?>