dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Harden the security with specific permissions for domains, domain settings and default settings. Everyone using multi-tenant are encouraged to update. Run Upgrade Schema on wiki.fusionpbx.com. After updating go to advanced -> group manager click on the superadmin group and then select the permissions for domains, domains settings, and default settings. Logout and back in.

This commit is contained in:
Mark Crane 2012-09-27 00:34:10 +00:00
parent 6e662615d4
commit 23a2f84577
16 changed files with 161 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/xml_edit/fileread.php
View File

@ -36,7 +36,6 @@ else {
$filename = check_str($_POST["file"]); $filename = check_str($_POST["file"]);
$filename = str_replace ("\\", "/", $filename); $filename = str_replace ("\\", "/", $filename);
$handle = fopen($filename, "r"); $handle = fopen($filename, "r");
if ($handle) { if ($handle) {
while (!feof($handle)) { while (!feof($handle)) {

5
core/default_settings/app_config.php
View File

@ -1,7 +1,7 @@
<?php <?php
//application details //application details
$apps[$x]['name'] = 'Default Settings'; $apps[$x]['name'] = 'Default Settings';
$apps[$x]['guid'] = '2c2453c0-1bea-4475-9f44-4d969650de09'; $apps[$x]['uuid'] = '2c2453c0-1bea-4475-9f44-4d969650de09';
$apps[$x]['category'] = 'Core'; $apps[$x]['category'] = 'Core';
$apps[$x]['subcategory'] = ''; $apps[$x]['subcategory'] = '';
$apps[$x]['version'] = ''; $apps[$x]['version'] = '';
@ -19,6 +19,9 @@
//permission details //permission details
$y = 0; $y = 0;
$apps[$x]['permissions'][$y]['name'] = 'default_setting_view';
$apps[$x]['permissions'][$y]['groups'][] = 'superadmin';
$y++;
$apps[$x]['permissions'][$y]['name'] = 'default_setting_add'; $apps[$x]['permissions'][$y]['name'] = 'default_setting_add';
$apps[$x]['permissions'][$y]['groups'][] = 'superadmin'; $apps[$x]['permissions'][$y]['groups'][] = 'superadmin';
$y++; $y++;

37
core/default_settings/default_settings.php
View File

@ -26,7 +26,7 @@
require_once "root.php"; require_once "root.php";
require_once "includes/require.php"; require_once "includes/require.php";
require_once "includes/checkauth.php"; require_once "includes/checkauth.php";
if (if_group("admin") || if_group("superadmin")) { if (permission_exists('default_setting_view')) {
//access granted //access granted
} }
else { else {
@ -60,8 +60,7 @@ require_once "includes/paging.php";
echo "</table>\n"; echo "</table>\n";
//prepare to page the results //prepare to page the results
$sql = ""; $sql = "select count(*) as num_rows from v_default_settings ";
$sql .= " select count(*) as num_rows from v_default_settings ";
if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
$prep_statement = $db->prepare($sql); $prep_statement = $db->prepare($sql);
if ($prep_statement) { if ($prep_statement) {
@ -83,16 +82,15 @@ require_once "includes/paging.php";
list($paging_controls, $rows_per_page, $var3) = paging($num_rows, $param, $rows_per_page); list($paging_controls, $rows_per_page, $var3) = paging($num_rows, $param, $rows_per_page);
$offset = $rows_per_page * $page; $offset = $rows_per_page * $page;
//get the domain list //get the list
$sql = ""; $sql = "select * from v_default_settings ";
$sql .= " select * from v_default_settings ";
if (strlen($order_by) == 0) { if (strlen($order_by) == 0) {
$sql .= "order by default_setting_category, default_setting_subcategory asc "; $sql .= "order by default_setting_category, default_setting_subcategory asc ";
} }
else { else {
$sql .= "order by $order_by $order "; $sql .= "order by $order_by $order ";
} }
$sql .= " limit $rows_per_page offset $offset "; $sql .= "limit $rows_per_page offset $offset ";
$prep_statement = $db->prepare(check_sql($sql)); $prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute(); $prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
@ -120,7 +118,12 @@ require_once "includes/paging.php";
echo th_order_by('default_setting_enabled', 'Enabled', $order_by, $order); echo th_order_by('default_setting_enabled', 'Enabled', $order_by, $order);
echo th_order_by('default_setting_description', 'Description', $order_by, $order); echo th_order_by('default_setting_description', 'Description', $order_by, $order);
echo "<td align='right' width='42'>\n"; echo "<td align='right' width='42'>\n";
echo " <a href='default_settings_edit.php' alt='add'>$v_link_label_add</a>\n"; if (permission_exists('default_setting_add')) {
echo " <a href='default_settings_edit.php' alt='add'>$v_link_label_add</a>\n";
}
else {
echo " &nbsp;\n";
}
echo "</td>\n"; echo "</td>\n";
echo "</tr>\n"; echo "</tr>\n";
} }
@ -133,8 +136,7 @@ require_once "includes/paging.php";
$subcategory = $row['default_setting_subcategory']; $subcategory = $row['default_setting_subcategory'];
$name = $row['default_setting_name']; $name = $row['default_setting_name'];
if ($category == "domain" && $subcategory == "menu" && $name == "uuid" ) { if ($category == "domain" && $subcategory == "menu" && $name == "uuid" ) {
$sql = ""; $sql = "select * from v_menus ";
$sql .= "select * from v_menus ";
$sql .= "where menu_uuid = '".$row['default_setting_value']."' "; $sql .= "where menu_uuid = '".$row['default_setting_value']."' ";
$sub_prep_statement = $db->prepare(check_sql($sql)); $sub_prep_statement = $db->prepare(check_sql($sql));
$sub_prep_statement->execute(); $sub_prep_statement->execute();
@ -150,8 +152,12 @@ require_once "includes/paging.php";
echo " <td valign='top' class='".$row_style[$c]."'>".$row['default_setting_enabled']."&nbsp;</td>\n"; echo " <td valign='top' class='".$row_style[$c]."'>".$row['default_setting_enabled']."&nbsp;</td>\n";
echo " <td valign='top' class='".$row_style[$c]."'>".$row['default_setting_description']."&nbsp;</td>\n"; echo " <td valign='top' class='".$row_style[$c]."'>".$row['default_setting_description']."&nbsp;</td>\n";
echo " <td valign='top' align='right'>\n"; echo " <td valign='top' align='right'>\n";
echo " <a href='default_settings_edit.php?id=".$row['default_setting_uuid']."' alt='edit'>$v_link_label_edit</a>\n"; if (permission_exists('default_setting_edit')) {
echo " <a href='default_settings_delete.php?id=".$row['default_setting_uuid']."' alt='delete' onclick=\"return confirm('Do you really want to delete this?')\">$v_link_label_delete</a>\n"; echo " <a href='default_setting_edit.php?id=".$row['default_setting_uuid']."' alt='edit'>$v_link_label_edit</a>\n";
}
if (permission_exists('default_setting_delete')) {
echo " <a href='default_setting_delete.php?id=".$row['default_setting_uuid']."' alt='delete' onclick=\"return confirm('Do you really want to delete this?')\">$v_link_label_delete</a>\n";
}
echo " </td>\n"; echo " </td>\n";
echo "</tr>\n"; echo "</tr>\n";
$previous_category = $row['default_setting_category']; $previous_category = $row['default_setting_category'];
@ -167,7 +173,12 @@ require_once "includes/paging.php";
echo " <td width='33.3%' nowrap>&nbsp;</td>\n"; echo " <td width='33.3%' nowrap>&nbsp;</td>\n";
echo " <td width='33.3%' align='center' nowrap>$paging_controls</td>\n"; echo " <td width='33.3%' align='center' nowrap>$paging_controls</td>\n";
echo " <td width='33.3%' align='right'>\n"; echo " <td width='33.3%' align='right'>\n";
echo " <a href='default_settings_edit.php' alt='add'>$v_link_label_add</a>\n"; if (permission_exists('default_setting_add')) {
echo " <a href='default_setting_edit.php' alt='add'>$v_link_label_add</a>\n";
}
else {
echo " &nbsp;\n";
}
echo " </td>\n"; echo " </td>\n";
echo " </tr>\n"; echo " </tr>\n";
echo " </table>\n"; echo " </table>\n";

18
core/default_settings/default_settings_delete.php
View File

@ -26,7 +26,7 @@
require_once "root.php"; require_once "root.php";
require_once "includes/require.php"; require_once "includes/require.php";
require_once "includes/checkauth.php"; require_once "includes/checkauth.php";
if (if_group("admin") || if_group("superadmin")) { if (permission_exists('default_setting_delete')) {
//access granted //access granted
} }
else { else {
@ -39,6 +39,7 @@ if (count($_GET)>0) {
} }
if (strlen($id)>0) { if (strlen($id)>0) {
//delete default_setting
$sql = "delete from v_default_settings "; $sql = "delete from v_default_settings ";
$sql .= "where default_setting_uuid = '$id' "; $sql .= "where default_setting_uuid = '$id' ";
$prep_statement = $db->prepare(check_sql($sql)); $prep_statement = $db->prepare(check_sql($sql));
@ -46,12 +47,13 @@ if (strlen($id)>0) {
unset($sql); unset($sql);
} }
require_once "includes/header.php"; //redirect the user
echo "<meta http-equiv=\"refresh\" content=\"2;url=default_settings.php\">\n"; require_once "includes/header.php";
echo "<div align='center'>\n"; echo "<meta http-equiv=\"refresh\" content=\"2;url=default_settings.php\">\n";
echo "Delete Complete\n"; echo "<div align='center'>\n";
echo "</div>\n"; echo "Delete Complete\n";
require_once "includes/footer.php"; echo "</div>\n";
return; require_once "includes/footer.php";
return;
?> ?>

10
core/default_settings/default_settings_edit.php
View File

@ -26,7 +26,7 @@
require_once "root.php"; require_once "root.php";
require_once "includes/require.php"; require_once "includes/require.php";
require_once "includes/checkauth.php"; require_once "includes/checkauth.php";
if (if_group("admin") || if_group("superadmin")) { if (permission_exists('default_setting_add') || permission_exists('default_setting_edit')) {
//access granted //access granted
} }
else { else {
@ -82,7 +82,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
//add or update the database //add or update the database
if ($_POST["persistformvar"] != "true") { if ($_POST["persistformvar"] != "true") {
if ($action == "add") { if ($action == "add" && permission_exists('default_setting_add')) {
$sql = "insert into v_default_settings "; $sql = "insert into v_default_settings ";
$sql .= "("; $sql .= "(";
$sql .= "default_setting_uuid, "; $sql .= "default_setting_uuid, ";
@ -115,7 +115,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
return; return;
} //if ($action == "add") } //if ($action == "add")
if ($action == "update") { if ($action == "update" && permission_exists('default_setting_edit')) {
$sql = "update v_default_settings set "; $sql = "update v_default_settings set ";
$sql .= "default_setting_category = '$default_setting_category', "; $sql .= "default_setting_category = '$default_setting_category', ";
$sql .= "default_setting_subcategory = '$default_setting_subcategory', "; $sql .= "default_setting_subcategory = '$default_setting_subcategory', ";
@ -140,7 +140,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
//pre-populate the form //pre-populate the form
if (count($_GET)>0 && $_POST["persistformvar"] != "true") { if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
$default_setting_uuid = $_GET["id"]; $default_setting_uuid = check_str($_GET["id"]);
$sql = "select * from v_default_settings "; $sql = "select * from v_default_settings ";
$sql .= "where default_setting_uuid = '$default_setting_uuid' "; $sql .= "where default_setting_uuid = '$default_setting_uuid' ";
$prep_statement = $db->prepare(check_sql($sql)); $prep_statement = $db->prepare(check_sql($sql));
@ -166,7 +166,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
echo "<table width='100%' border='0' cellpadding='0' cellspacing=''>\n"; echo "<table width='100%' border='0' cellpadding='0' cellspacing=''>\n";
echo "<tr class='border'>\n"; echo "<tr class='border'>\n";
echo " <td align=\"left\">\n"; echo " <td align=\"left\">\n";
echo " <br>"; echo " <br>";
echo "<form method='post' name='frm' action=''>\n"; echo "<form method='post' name='frm' action=''>\n";
echo "<div align='center'>\n"; echo "<div align='center'>\n";

6
core/domains/app_config.php
View File

@ -31,7 +31,11 @@
$apps[$x]['permissions'][$y]['name'] = 'domain_delete'; $apps[$x]['permissions'][$y]['name'] = 'domain_delete';
$apps[$x]['permissions'][$y]['groups'][] = 'superadmin'; $apps[$x]['permissions'][$y]['groups'][] = 'superadmin';
$y++; $y++;
$apps[$x]['permissions'][$y]['name'] = 'domain_view'; $apps[$x]['permissions'][$y]['name'] = 'domain_select';
$apps[$x]['permissions'][$y]['groups'][] = 'superadmin';
$y++;
$apps[$x]['permissions'][$y]['name'] = 'domain_setting_view';
$apps[$x]['permissions'][$y]['groups'][] = 'superadmin'; $apps[$x]['permissions'][$y]['groups'][] = 'superadmin';
$y++; $y++;
$apps[$x]['permissions'][$y]['name'] = 'domain_setting_add'; $apps[$x]['permissions'][$y]['name'] = 'domain_setting_add';

41
core/domains/domain_settings.php
View File

@ -26,7 +26,7 @@
require_once "root.php"; require_once "root.php";
require_once "includes/require.php"; require_once "includes/require.php";
require_once "includes/checkauth.php"; require_once "includes/checkauth.php";
if (if_group("admin") || if_group("superadmin")) { if (permission_exists('domain_setting_view')) {
//access granted //access granted
} }
else { else {
@ -49,20 +49,20 @@ require_once "includes/paging.php";
//echo "<table width='100%' border='0'>\n"; //echo "<table width='100%' border='0'>\n";
//echo " <tr>\n"; //echo " <tr>\n";
//echo " <td width='50%' nowrap><b>Domain Settings</b></td>\n"; //echo " <td width='50%' align='left' nowrap='nowrap'><b>Domain Settings</b></td>\n";
//echo " <td width='50%' align='right'>&nbsp;</td>\n"; //echo " <td width='50%' align='right'>&nbsp;</td>\n";
//echo " </tr>\n"; //echo " </tr>\n";
//echo " <tr>\n"; //echo " <tr>\n";
//echo " <td colspan='2'>\n"; //echo " <td align='left' colspan='2'>\n";
//echo " Settings used for each domain.<br /><br />\n"; //echo " Settings used for each domain.<br /><br />\n";
//echo " </td>\n"; //echo " </td>\n";
//echo " </tr>\n"; //echo " </tr>\n";
//echo "</table>\n"; //echo "</table>\n";
//prepare to page the results //prepare to page the results
$sql = " select count(*) as num_rows from v_domain_settings "; $sql = "select count(*) as num_rows from v_domain_settings ";
$sql .= " where domain_uuid = '$domain_uuid' "; $sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= " and domain_uuid = '$domain_uuid' "; $sql .= "and domain_uuid = '$domain_uuid' ";
if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
$prep_statement = $db->prepare($sql); $prep_statement = $db->prepare($sql);
if ($prep_statement) { if ($prep_statement) {
@ -84,13 +84,11 @@ require_once "includes/paging.php";
list($paging_controls, $rows_per_page, $var3) = paging($num_rows, $param, $rows_per_page); list($paging_controls, $rows_per_page, $var3) = paging($num_rows, $param, $rows_per_page);
$offset = $rows_per_page * $page; $offset = $rows_per_page * $page;
//get the domain list //get the list
$sql = ""; $sql = "select * from v_domain_settings ";
$sql .= " select * from v_domain_settings "; $sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= " where domain_uuid = '$domain_uuid' ";
$sql .= " and domain_uuid = '$domain_uuid' ";
if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
$sql .= " limit $rows_per_page offset $offset "; $sql .= "limit $rows_per_page offset $offset ";
$prep_statement = $db->prepare(check_sql($sql)); $prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute(); $prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
@ -119,7 +117,13 @@ require_once "includes/paging.php";
echo th_order_by('domain_setting_enabled', 'Enabled', $order_by, $order); echo th_order_by('domain_setting_enabled', 'Enabled', $order_by, $order);
echo th_order_by('domain_setting_description', 'Description', $order_by, $order); echo th_order_by('domain_setting_description', 'Description', $order_by, $order);
echo "<td align='right' width='42'>\n"; echo "<td align='right' width='42'>\n";
echo " <a href='domain_settings_edit.php?domain_uuid=".$_GET['id']."' alt='add'>$v_link_label_add</a>\n"; if (permission_exists('domain_setting_add')) {
echo " <a href='domain_settings_edit.php?domain_uuid=".$_GET['id']."' alt='add'>$v_link_label_add</a>\n";
}
else {
echo " &nbsp;\n";
}
echo "</td>\n"; echo "</td>\n";
echo "</tr>\n"; echo "</tr>\n";
} }
@ -149,8 +153,12 @@ require_once "includes/paging.php";
echo " <td valign='top' class='".$row_style[$c]."'>".$row['domain_setting_enabled']."&nbsp;</td>\n"; echo " <td valign='top' class='".$row_style[$c]."'>".$row['domain_setting_enabled']."&nbsp;</td>\n";
echo " <td valign='top' class='".$row_style[$c]."'>".$row['domain_setting_description']."&nbsp;</td>\n"; echo " <td valign='top' class='".$row_style[$c]."'>".$row['domain_setting_description']."&nbsp;</td>\n";
echo " <td valign='top' align='right'>\n"; echo " <td valign='top' align='right'>\n";
if (permission_exists('domain_setting_edit')) {
echo " <a href='domain_settings_edit.php?domain_uuid=".$row['domain_uuid']."&id=".$row['domain_setting_uuid']."' alt='edit'>$v_link_label_edit</a>\n"; echo " <a href='domain_settings_edit.php?domain_uuid=".$row['domain_uuid']."&id=".$row['domain_setting_uuid']."' alt='edit'>$v_link_label_edit</a>\n";
}
if (permission_exists('domain_setting_delete')) {
echo " <a href='domain_settings_delete.php?domain_uuid=".$row['domain_uuid']."&id=".$row['domain_setting_uuid']."' alt='delete' onclick=\"return confirm('Do you really want to delete this?')\">$v_link_label_delete</a>\n"; echo " <a href='domain_settings_delete.php?domain_uuid=".$row['domain_uuid']."&id=".$row['domain_setting_uuid']."' alt='delete' onclick=\"return confirm('Do you really want to delete this?')\">$v_link_label_delete</a>\n";
}
echo " </td>\n"; echo " </td>\n";
echo "</tr>\n"; echo "</tr>\n";
$previous_category = $row['domain_setting_category']; $previous_category = $row['domain_setting_category'];
@ -166,7 +174,12 @@ require_once "includes/paging.php";
echo " <td width='33.3%' nowrap>&nbsp;</td>\n"; echo " <td width='33.3%' nowrap>&nbsp;</td>\n";
echo " <td width='33.3%' align='center' nowrap>$paging_controls</td>\n"; echo " <td width='33.3%' align='center' nowrap>$paging_controls</td>\n";
echo " <td width='33.3%' align='right'>\n"; echo " <td width='33.3%' align='right'>\n";
echo " <a href='domain_settings_edit.php?domain_uuid=".$_GET['id']."' alt='add'>$v_link_label_add</a>\n"; if (permission_exists('domain_setting_add')) {
echo " <a href='domain_settings_edit.php?domain_uuid=".$_GET['id']."' alt='add'>$v_link_label_add</a>\n";
}
else {
echo " &nbsp;\n";
}
echo " </td>\n"; echo " </td>\n";
echo " </tr>\n"; echo " </tr>\n";
echo " </table>\n"; echo " </table>\n";

31
core/domains/domain_settings_delete.php
View File

@ -26,7 +26,7 @@
require_once "root.php"; require_once "root.php";
require_once "includes/require.php"; require_once "includes/require.php";
require_once "includes/checkauth.php"; require_once "includes/checkauth.php";
if (if_group("admin") || if_group("superadmin")) { if (permission_exists('domain_setting_delete')) {
//access granted //access granted
} }
else { else {
@ -40,21 +40,22 @@ if (count($_GET)>0) {
} }
if (strlen($id)>0) { if (strlen($id)>0) {
$sql = ""; //delete domain_setting
$sql .= "delete from v_domain_settings "; $sql = "delete from v_domain_settings ";
$sql .= "where domain_uuid = '$domain_uuid' "; $sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and domain_setting_uuid = '$id' "; $sql .= "and domain_setting_uuid = '$id' ";
$prep_statement = $db->prepare(check_sql($sql)); $prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute(); $prep_statement->execute();
unset($sql); unset($sql);
} }
require_once "includes/header.php"; //redirect the user
echo "<meta http-equiv=\"refresh\" content=\"2;url=domains_edit.php?id=$domain_uuid\">\n"; require_once "includes/header.php";
echo "<div align='center'>\n"; echo "<meta http-equiv=\"refresh\" content=\"2;url=domains_edit.php?id=$domain_uuid\">\n";
echo "Delete Complete\n"; echo "<div align='center'>\n";
echo "</div>\n"; echo "Delete Complete\n";
require_once "includes/footer.php"; echo "</div>\n";
return; require_once "includes/footer.php";
return;
?> ?>

10
core/domains/domain_settings_edit.php
View File

@ -26,7 +26,7 @@
require_once "root.php"; require_once "root.php";
require_once "includes/require.php"; require_once "includes/require.php";
require_once "includes/checkauth.php"; require_once "includes/checkauth.php";
if (if_group("admin") || if_group("superadmin")) { if (permission_exists('domain_setting_add') || permission_exists('domain_setting_edit')) {
//access granted //access granted
} }
else { else {
@ -87,7 +87,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
//add or update the database //add or update the database
if ($_POST["persistformvar"] != "true") { if ($_POST["persistformvar"] != "true") {
if ($action == "add") { if ($action == "add" && permission_exists('domain_setting_add')) {
$sql = "insert into v_domain_settings "; $sql = "insert into v_domain_settings ";
$sql .= "("; $sql .= "(";
$sql .= "domain_uuid, "; $sql .= "domain_uuid, ";
@ -122,7 +122,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
return; return;
} //if ($action == "add") } //if ($action == "add")
if ($action == "update") { if ($action == "update" && permission_exists('domain_setting_edit')) {
$sql = "update v_domain_settings set "; $sql = "update v_domain_settings set ";
$sql .= "domain_setting_category = '$domain_setting_category', "; $sql .= "domain_setting_category = '$domain_setting_category', ";
$sql .= "domain_setting_subcategory = '$domain_setting_subcategory', "; $sql .= "domain_setting_subcategory = '$domain_setting_subcategory', ";
@ -148,7 +148,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
//pre-populate the form //pre-populate the form
if (count($_GET)>0 && $_POST["persistformvar"] != "true") { if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
$domain_setting_uuid = $_GET["id"]; $domain_setting_uuid = check_str($_GET["id"]);
$sql = "select * from v_domain_settings "; $sql = "select * from v_domain_settings ";
$sql .= "where domain_uuid = '$domain_uuid' "; $sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and domain_setting_uuid = '$domain_setting_uuid' "; $sql .= "and domain_setting_uuid = '$domain_setting_uuid' ";
@ -175,7 +175,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
echo "<table width='100%' border='0' cellpadding='0' cellspacing=''>\n"; echo "<table width='100%' border='0' cellpadding='0' cellspacing=''>\n";
echo "<tr class='border'>\n"; echo "<tr class='border'>\n";
echo " <td align=\"left\">\n"; echo " <td align=\"left\">\n";
echo " <br>"; echo " <br>";
echo "<form method='post' name='frm' action=''>\n"; echo "<form method='post' name='frm' action=''>\n";
echo "<div align='center'>\n"; echo "<div align='center'>\n";

97
core/domains/domains.php
View File

@ -26,7 +26,7 @@
require_once "root.php"; require_once "root.php";
require_once "includes/require.php"; require_once "includes/require.php";
require_once "includes/checkauth.php"; require_once "includes/checkauth.php";
if (if_group("admin") || if_group("superadmin")) { if (permission_exists('domain_view')) {
//access granted //access granted
} }
else { else {
@ -34,46 +34,48 @@ else {
exit; exit;
} }
//change the tenant //change the domain
if (strlen($_GET["domain_uuid"]) > 0 && $_GET["domain_change"] == "true") { if (strlen(check_str($_GET["domain_uuid"])) > 0 && check_str($_GET["domain_change"]) == "true") {
//get the domain_uuid if (permission_exists('domain_select')) {
$sql = "select * from v_domains "; //get the domain_uuid
$sql .= "order by domain_name asc "; $sql = "select * from v_domains ";
$prep_statement = $db->prepare($sql); $sql .= "order by domain_name asc ";
$prep_statement->execute(); $prep_statement = $db->prepare($sql);
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); $prep_statement->execute();
foreach($result as $row) { $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
if (count($result) == 0) { foreach($result as $row) {
$_SESSION["domain_uuid"] = $row["domain_uuid"]; if (count($result) == 0) {
$_SESSION["domain_name"] = $row['domain_name'];
}
else {
if ($row['domain_name'] == $domain_array[0] || $row['domain_name'] == 'www.'.$domain_array[0]) {
$_SESSION["domain_uuid"] = $row["domain_uuid"]; $_SESSION["domain_uuid"] = $row["domain_uuid"];
$_SESSION["domain_name"] = $row['domain_name']; $_SESSION["domain_name"] = $row['domain_name'];
} }
$_SESSION['domains'][$row['domain_uuid']]['domain_uuid'] = $row['domain_uuid']; else {
$_SESSION['domains'][$row['domain_uuid']]['domain_name'] = $row['domain_name']; if ($row['domain_name'] == $domain_array[0] || $row['domain_name'] == 'www.'.$domain_array[0]) {
$_SESSION["domain_uuid"] = $row["domain_uuid"];
$_SESSION["domain_name"] = $row['domain_name'];
}
$_SESSION['domains'][$row['domain_uuid']]['domain_uuid'] = $row['domain_uuid'];
$_SESSION['domains'][$row['domain_uuid']]['domain_name'] = $row['domain_name'];
}
} }
} unset($result, $prep_statement);
unset($result, $prep_statement);
//update the domain session variables //update the domain session variables
$domain_uuid = check_str($_GET["domain_uuid"]); $domain_uuid = check_str($_GET["domain_uuid"]);
$_SESSION['domain_uuid'] = $domain_uuid; $_SESSION['domain_uuid'] = $domain_uuid;
$_SESSION["domain_name"] = $_SESSION['domains'][$domain_uuid]['domain_name']; $_SESSION["domain_name"] = $_SESSION['domains'][$domain_uuid]['domain_name'];
$_SESSION['domain']['template']['name'] = $_SESSION['domains'][$domain_uuid]['template_name']; $_SESSION['domain']['template']['name'] = $_SESSION['domains'][$domain_uuid]['template_name'];
//clear the menu session so that it is regenerated for the selected domain //clear the menu session so that it is regenerated for the selected domain
$_SESSION["menu"] = ''; $_SESSION["menu"] = '';
//clear the extension array so that it is regenerated for the selected domain //clear the extension array so that it is regenerated for the selected domain
unset($_SESSION['extension_array']); unset($_SESSION['extension_array']);
//set the context //set the context
if (count($_SESSION["domains"]) > 1) { if (count($_SESSION["domains"]) > 1) {
$_SESSION["context"] = $_SESSION["domain_name"]; $_SESSION["context"] = $_SESSION["domain_name"];
} }
else { else {
$_SESSION["context"] = 'default'; $_SESSION["context"] = 'default';
} }
}
} }
//includes //includes
@ -151,7 +153,12 @@ else {
echo th_order_by('domain_name', 'Domain', $order_by, $order); echo th_order_by('domain_name', 'Domain', $order_by, $order);
echo th_order_by('domain_description', 'Description', $order_by, $order); echo th_order_by('domain_description', 'Description', $order_by, $order);
echo "<td align='right' width='42'>\n"; echo "<td align='right' width='42'>\n";
echo " <a href='domains_edit.php' alt='add'>$v_link_label_add</a>\n"; if (permission_exists('domain_add')) {
echo " <a href='domains_edit.php' alt='add'>$v_link_label_add</a>\n";
}
else {
echo " &nbsp;\n";
}
echo "</td>\n"; echo "</td>\n";
echo "<tr>\n"; echo "<tr>\n";
@ -161,8 +168,12 @@ else {
echo " <td valign='top' class='".$row_style[$c]."'>".$row['domain_name']."&nbsp;</td>\n"; echo " <td valign='top' class='".$row_style[$c]."'>".$row['domain_name']."&nbsp;</td>\n";
echo " <td valign='top' class='".$row_style[$c]."'>".$row['domain_description']."&nbsp;</td>\n"; echo " <td valign='top' class='".$row_style[$c]."'>".$row['domain_description']."&nbsp;</td>\n";
echo " <td valign='top' align='right'>\n"; echo " <td valign='top' align='right'>\n";
echo " <a href='domains_edit.php?id=".$row['domain_uuid']."' alt='edit'>$v_link_label_edit</a>\n"; if (permission_exists('domain_edit')) {
echo " <a href='domains_delete.php?id=".$row['domain_uuid']."' alt='delete' onclick=\"return confirm('Do you really want to delete this?')\">$v_link_label_delete</a>\n"; echo " <a href='domains_edit.php?id=".$row['domain_uuid']."' alt='edit'>$v_link_label_edit</a>\n";
}
if (permission_exists('domain_delete')) {
echo " <a href='domains_delete.php?id=".$row['domain_uuid']."' alt='delete' onclick=\"return confirm('Do you really want to delete this?')\">$v_link_label_delete</a>\n";
}
echo " </td>\n"; echo " </td>\n";
echo "</tr>\n"; echo "</tr>\n";
if ($c==0) { $c=1; } else { $c=0; } if ($c==0) { $c=1; } else { $c=0; }
@ -170,7 +181,6 @@ else {
unset($sql, $result, $row_count); unset($sql, $result, $row_count);
} //end if results } //end if results
echo "<tr>\n"; echo "<tr>\n";
echo "<td colspan='3' align='left'>\n"; echo "<td colspan='3' align='left'>\n";
echo " <table width='100%' cellpadding='0' cellspacing='0'>\n"; echo " <table width='100%' cellpadding='0' cellspacing='0'>\n";
@ -178,7 +188,12 @@ else {
echo " <td width='33.3%' nowrap>&nbsp;</td>\n"; echo " <td width='33.3%' nowrap>&nbsp;</td>\n";
echo " <td width='33.3%' align='center' nowrap>$paging_controls</td>\n"; echo " <td width='33.3%' align='center' nowrap>$paging_controls</td>\n";
echo " <td width='33.3%' align='right'>\n"; echo " <td width='33.3%' align='right'>\n";
echo " <a href='domains_edit.php' alt='add'>$v_link_label_add</a>\n"; if (permission_exists('domain_add')) {
echo " <a href='domains_edit.php' alt='add'>$v_link_label_add</a>\n";
}
else {
echo " &nbsp;\n";
}
echo " </td>\n"; echo " </td>\n";
echo " </tr>\n"; echo " </tr>\n";
echo " </table>\n"; echo " </table>\n";

2
core/domains/domains_delete.php
View File

@ -26,7 +26,7 @@
require_once "root.php"; require_once "root.php";
require_once "includes/require.php"; require_once "includes/require.php";
require_once "includes/checkauth.php"; require_once "includes/checkauth.php";
if (if_group("admin") || if_group("superadmin")) { if (permission_exists('domain_delete')) {
//access granted //access granted
} }
else { else {

8
core/domains/domains_edit.php
View File

@ -26,7 +26,7 @@
require_once "root.php"; require_once "root.php";
require_once "includes/require.php"; require_once "includes/require.php";
require_once "includes/checkauth.php"; require_once "includes/checkauth.php";
if (if_group("admin") || if_group("superadmin")) { if (permission_exists('domain_add') || permission_exists('domain_edit')) {
//access granted //access granted
} }
else { else {
@ -74,7 +74,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
//add or update the database //add or update the database
if ($_POST["persistformvar"] != "true") { if ($_POST["persistformvar"] != "true") {
if ($action == "add") { if ($action == "add" && permission_exists('domain_add')) {
$sql = "select count(*) as num_rows from v_domains "; $sql = "select count(*) as num_rows from v_domains ";
$sql .= "where domain_name = '$domain_name' "; $sql .= "where domain_name = '$domain_name' ";
$prep_statement = $db->prepare($sql); $prep_statement = $db->prepare($sql);
@ -100,7 +100,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
} }
} }
if ($action == "update") { if ($action == "update" && permission_exists('domain_edit')) {
$sql = "update v_domains set "; $sql = "update v_domains set ";
$sql .= "domain_name = '$domain_name', "; $sql .= "domain_name = '$domain_name', ";
$sql .= "domain_description = '$domain_description' "; $sql .= "domain_description = '$domain_description' ";
@ -158,7 +158,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
echo "<table width='100%' border='0' cellpadding='0' cellspacing=''>\n"; echo "<table width='100%' border='0' cellpadding='0' cellspacing=''>\n";
echo "<tr class='border'>\n"; echo "<tr class='border'>\n";
echo " <td align=\"left\">\n"; echo " <td align=\"left\">\n";
echo " <br>"; echo " <br>";
echo "<form method='post' name='frm' action=''>\n"; echo "<form method='post' name='frm' action=''>\n";
echo "<div align='center'>\n"; echo "<div align='center'>\n";

2
themes/accessible/template.php
View File

@ -421,7 +421,7 @@ function confirmdelete(url) {
</td> </td>
<td width='50%' class='' align='right' valign='middle'> <td width='50%' class='' align='right' valign='middle'>
<?php <?php
if (if_group("superadmin") && count($_SESSION['domains']) > 1) { if (permission_exists("domain_select") && count($_SESSION['domains']) > 1) {
//$tmp_style = "style=\"opacity:0.7;filter:alpha(opacity=70)\" "; //$tmp_style = "style=\"opacity:0.7;filter:alpha(opacity=70)\" ";
//$tmp_style .= "onmouseover=\"this.style.opacity=1;this.filters.alpha.opacity=90\" "; //$tmp_style .= "onmouseover=\"this.style.opacity=1;this.filters.alpha.opacity=90\" ";
//$tmp_style .= "onmouseout=\"this.style.opacity=0.7;this.filters.alpha.opacity=70\" "; //$tmp_style .= "onmouseout=\"this.style.opacity=0.7;this.filters.alpha.opacity=70\" ";

2
themes/classic/template.php
View File

@ -518,7 +518,7 @@ function confirmdelete(url) {
</td> </td>
<td width='50%' class='' align='right' valign='middle'> <td width='50%' class='' align='right' valign='middle'>
<?php <?php
if (if_group("superadmin") && count($_SESSION['domains']) > 1) { if (permission_exists("domain_select") && count($_SESSION['domains']) > 1) {
//$tmp_style = "style=\"opacity:0.7;filter:alpha(opacity=70)\" "; //$tmp_style = "style=\"opacity:0.7;filter:alpha(opacity=70)\" ";
//$tmp_style .= "onmouseover=\"this.style.opacity=1;this.filters.alpha.opacity=90\" "; //$tmp_style .= "onmouseover=\"this.style.opacity=1;this.filters.alpha.opacity=90\" ";
//$tmp_style .= "onmouseout=\"this.style.opacity=0.7;this.filters.alpha.opacity=70\" "; //$tmp_style .= "onmouseout=\"this.style.opacity=0.7;this.filters.alpha.opacity=70\" ";

2
themes/default/template.php
View File

@ -654,7 +654,7 @@ function confirmdelete(url) {
</td> </td>
<td width='50%' class='' align='right' valign='middle'> <td width='50%' class='' align='right' valign='middle'>
<?php <?php
if (if_group("superadmin") && count($_SESSION['domains']) > 1) { if (permission_exists("domain_select") && count($_SESSION['domains']) > 1) {
//$tmp_style = "style=\"opacity:0.7;filter:alpha(opacity=70)\" "; //$tmp_style = "style=\"opacity:0.7;filter:alpha(opacity=70)\" ";
//$tmp_style .= "onmouseover=\"this.style.opacity=1;this.filters.alpha.opacity=90\" "; //$tmp_style .= "onmouseover=\"this.style.opacity=1;this.filters.alpha.opacity=90\" ";
//$tmp_style .= "onmouseout=\"this.style.opacity=0.7;this.filters.alpha.opacity=70\" "; //$tmp_style .= "onmouseout=\"this.style.opacity=0.7;this.filters.alpha.opacity=70\" ";

2
themes/enhanced/template.php
View File

@ -655,7 +655,7 @@ function confirmdelete(url) {
</td> </td>
<td width='50%' class='' align='right' valign='middle'> <td width='50%' class='' align='right' valign='middle'>
<?php <?php
if (if_group("superadmin") && count($_SESSION['domains']) > 1) { if (permission_exists("domain_select") && count($_SESSION['domains']) > 1) {
//$tmp_style = "style=\"opacity:0.7;filter:alpha(opacity=70)\" "; //$tmp_style = "style=\"opacity:0.7;filter:alpha(opacity=70)\" ";
//$tmp_style .= "onmouseover=\"this.style.opacity=1;this.filters.alpha.opacity=90\" "; //$tmp_style .= "onmouseover=\"this.style.opacity=1;this.filters.alpha.opacity=90\" ";
//$tmp_style .= "onmouseout=\"this.style.opacity=0.7;this.filters.alpha.opacity=70\" "; //$tmp_style .= "onmouseout=\"this.style.opacity=0.7;this.filters.alpha.opacity=70\" ";