fixing editing dns, mail, db and web domain servers by client issue

Author: sebj54

interface/web/dns/dns_soa_edit.php

@@ -171,7 +171,13 @@ function onSubmit() {
 			}
 
 			// When the record is updated
-			if(!($this->id > 0)) {
+			if($this->id > 0) {
+				// restore the server ID if the user is not admin and record is edited
+				$tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_soa WHERE id = ".$app->functions->intval($this->id));
+				$this->dataRecord["server_id"] = $tmp["server_id"];
+				unset($tmp);
+				// When the record is inserted
+			} else {
 				// Check if the user may add another maildomain.
 				if($client["limit_dns_zone"] >= 0) {
 					$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE sys_groupid = $client_group_id");

interface/web/mail/mail_domain_edit.php

@@ -221,16 +221,21 @@ function onSubmit() {
 			// Get the limits of the client
 			$client_group_id = $_SESSION["s"]["user"]["default_group"];
 			$client = $app->db->queryOneRecord("SELECT limit_maildomain, mail_servers FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+			// When the record is updated
+			if($this->id > 0) {
+				// restore the server ID if the user is not admin and record is edited
+				$tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_domain WHERE domain_id = ".$app->functions->intval($this->id));
+				$this->dataRecord["server_id"] = $tmp["server_id"];
+				unset($tmp);
+				// When the record is inserted
+			} else {
+				$client['mail_servers_ids'] = explode(',', $client['mail_servers']);
 
-			$client['mail_servers_ids'] = explode(',', $client['mail_servers']);
-
-			// Check if chosen server is in authorized servers for this client
-			if (!(is_array($client['mail_servers_ids']) && in_array($this->dataRecord["server_id"], $client['mail_servers_ids'])) && $_SESSION["s"]["user"]["typ"] != 'admin') {
-				$app->error($app->tform->wordbook['error_not_allowed_server_id']);
-			}
+				// Check if chosen server is in authorized servers for this client
+				if (!(is_array($client['mail_servers_ids']) && in_array($this->dataRecord["server_id"], $client['mail_servers_ids']))) {
+					$app->error($app->tform->wordbook['error_not_allowed_server_id']);
+				}
 
-			// When the record is updated
-			if(!($this->id > 0)) {
 				if($client["limit_maildomain"] >= 0) {
 					$tmp = $app->db->queryOneRecord("SELECT count(domain_id) as number FROM mail_domain WHERE sys_groupid = $client_group_id");
 					if($tmp["number"] >= $client["limit_maildomain"]) {

interface/web/sites/database_edit.php

@@ -168,15 +168,22 @@ function onSubmit() {
 			$client_group_id = $_SESSION["s"]["user"]["default_group"];
 			$client = $app->db->queryOneRecord("SELECT db_servers, limit_database FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
 
-			$client['db_servers_ids'] = explode(',', $client['db_servers']);
+			// When the record is updated
+			if($this->id > 0) {
+				// restore the server ID if the user is not admin and record is edited
+				$tmp = $app->db->queryOneRecord("SELECT server_id FROM web_database WHERE database_id = ".$app->functions->intval($this->id));
+				$this->dataRecord["server_id"] = $tmp["server_id"];
+				unset($tmp);
+				// When the record is inserted
+			} else {
+				$client['db_servers_ids'] = explode(',', $client['db_servers']);
 
-			// Check if chosen server is in authorized servers for this client
-			if (!(is_array($client['db_servers_ids']) && in_array($this->dataRecord["server_id"], $client['db_servers_ids'])) && $_SESSION["s"]["user"]["typ"] != 'admin') {
-				$app->error($app->tform->wordbook['error_not_allowed_server_id']);
-			}
+				// Check if chosen server is in authorized servers for this client
+				if (!(is_array($client['db_servers_ids']) && in_array($this->dataRecord["server_id"], $client['db_servers_ids'])) && $_SESSION["s"]["user"]["typ"] != 'admin') {
+					$app->error($app->tform->wordbook['error_not_allowed_server_id']);
+				}
 
-			// When the record is updated
-			if(!($this->id > 0)) {// Check if the user may add another database
+				// Check if the user may add another database
 				if($client["limit_database"] >= 0) {
 					$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE sys_groupid = $client_group_id");
 					if($tmp["number"] >= $client["limit_database"]) {

interface/web/sites/web_domain_edit.php

@@ -680,16 +680,11 @@ function onSubmit() {
 				}
 			}
 
-			// Check if chosen server is in authorized servers for this client
-			$serverChosenOk = is_array($client['web_servers_ids']) && in_array($this->dataRecord['server_id'], $client['web_servers_ids']) || $_SESSION["s"]["user"]["typ"] == 'admin';
-
 			// When the record is updated
 			if($this->id > 0) {
 				// restore the server ID if the user is not admin and record is edited
-				$tmp = $app->db->queryOneRecord("SELECT `cgi`, `ssi`, `perl`, `ruby`, `python`, `suexec`, `errordocs`, `subdomain`, `ssl` FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
-				if (!$serverChosenOk) {
-					$app->error($app->tform->wordbook['server_chosen_not_ok']);
-				}
+				$tmp = $app->db->queryOneRecord("SELECT server_id, `cgi`, `ssi`, `perl`, `ruby`, `python`, `suexec`, `errordocs`, `subdomain`, `ssl` FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
+				$this->dataRecord["server_id"] = $tmp["server_id"];
 
                 // set the settings to current if not provided (or cleared due to limits)
                 if($this->dataRecord['cgi'] == '-') $this->dataRecord['cgi'] = $tmp['cgi'];
@@ -705,9 +700,8 @@ function onSubmit() {
 				unset($tmp);
 				// When the record is inserted
 			} else {
-				//* set the server ID to the default webserver of the client
-				if (!$serverChosenOk) {
-					// $this->dataRecord["server_id"] = $client["default_webserver"];
+				//* display an error if chosen server is not allowed for this client
+				if (!is_array($client['web_servers_ids']) || !in_array($this->dataRecord['server_id'], $client['web_servers_ids'])) {
 					$app->error($app->tform->wordbook['server_chosen_not_ok']);
 				}