Fixed: FS#749 - client can change his domainname.

tbrehm · tbrehm · commit abd69db8130a · 2009-06-28T13:34:09.000Z
diff --git a/interface/web/mail/mail_domain_edit.php b/interface/web/mail/mail_domain_edit.php
@@ -221,13 +221,23 @@ function onBeforeUpdate() {
 		//* Check if the server has been changed
 		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
 		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
-			$rec = $app->db->queryOneRecord("SELECT server_id from mail_domain WHERE domain_id = ".$this->id);
+			$rec = $app->db->queryOneRecord("SELECT server_id, domain from mail_domain WHERE domain_id = ".$this->id);
 			if($rec['server_id'] != $this->dataRecord["server_id"]) {
 				//* Add a error message and switch back to old server
 				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
 				$this->dataRecord["server_id"] = $rec['server_id'];
 			}
 			unset($rec);
+		//* If the user is neither admin nor reseller
+		} else {
+			//* We do not allow users to change a domain which has been created by the admin
+			$rec = $app->db->queryOneRecord("SELECT domain from mail_domain WHERE domain_id = ".$this->id);
+			if($rec['domain'] != $this->dataRecord["domain"] && $app->tform->checkPerm($this->id,'u')) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');
+				$this->dataRecord["domain"] = $rec['domain'];
+			}
+			unset($rec);
 		}
 	}
 	
diff --git a/interface/web/sites/web_domain_edit.php b/interface/web/sites/web_domain_edit.php
@@ -294,6 +294,16 @@ function onBeforeUpdate () {
 				}
 				unset($rec);
 			}
+		//* If the user is neither admin nor reseller
+		} else {
+			//* We do not allow users to change a domain which has been created by the admin
+			$rec = $app->db->queryOneRecord("SELECT domain from web_domain WHERE domain_id = ".$this->id);
+			if(isset($this->dataRecord["domain"]) && $rec['domain'] != $this->dataRecord["domain"] && $app->tform->checkPerm($this->id,'u')) {
+				//* Add a error message and switch back to old server
+				$app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');
+				$this->dataRecord["domain"] = $rec['domain'];
+			}
+			unset($rec);
 		}
 		
 		//* Check that all fields for the SSL cert creation are filled

Original file line number	Diff line number	Diff line change
`@@ -294,6 +294,16 @@ function onBeforeUpdate () {`
`294`	`294`	`}`
`295`	`295`	`unset($rec);`
`296`	`296`	`}`
	`297`	`+ //* If the user is neither admin nor reseller`
	`298`	`+ } else {`
	`299`	`+ //* We do not allow users to change a domain which has been created by the admin`
	`300`	`+ $rec = $app->db->queryOneRecord("SELECT domain from web_domain WHERE domain_id = ".$this->id);`
	`301`	`+ if(isset($this->dataRecord["domain"]) && $rec['domain'] != $this->dataRecord["domain"] && $app->tform->checkPerm($this->id,'u')) {`
	`302`	`+ //* Add a error message and switch back to old server`
	`303`	`+ $app->tform->errorMessage .= $app->lng('The Domain can not be changed. Please ask your Administrator if you want to change the domain name.');`
	`304`	`+ $this->dataRecord["domain"] = $rec['domain'];`
	`305`	`+ }`
	`306`	`+ unset($rec);`
`297`	`307`	`}`
`298`	`308`
`299`	`309`	`//* Check that all fields for the SSL cert creation are filled`