commit | author | age
|
532ae5
|
1 |
<?php |
L |
2 |
|
|
3 |
/* |
077c27
|
4 |
Copyright (c) 2007 - 2011, Till Brehm, projektfarm Gmbh |
532ae5
|
5 |
All rights reserved. |
L |
6 |
|
|
7 |
Redistribution and use in source and binary forms, with or without modification, |
|
8 |
are permitted provided that the following conditions are met: |
|
9 |
|
|
10 |
* Redistributions of source code must retain the above copyright notice, |
|
11 |
this list of conditions and the following disclaimer. |
|
12 |
* Redistributions in binary form must reproduce the above copyright notice, |
|
13 |
this list of conditions and the following disclaimer in the documentation |
|
14 |
and/or other materials provided with the distribution. |
|
15 |
* Neither the name of ISPConfig nor the names of its contributors |
|
16 |
may be used to endorse or promote products derived from this software without |
|
17 |
specific prior written permission. |
|
18 |
|
|
19 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|
20 |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
21 |
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
22 |
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|
23 |
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|
24 |
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
25 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|
26 |
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|
27 |
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|
28 |
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
29 |
|
|
30 |
--UPDATED 08.2009-- |
|
31 |
Full SOAP support for ISPConfig 3.1.4 b |
|
32 |
Updated by Arkadiusz Roch & Artur Edelman |
|
33 |
Copyright (c) Tri-Plex technology |
|
34 |
|
|
35 |
*/ |
|
36 |
|
|
37 |
class remoting { |
b1a6a5
|
38 |
|
532ae5
|
39 |
//* remote session timeout in seconds |
L |
40 |
private $session_timeout = 600; |
b1a6a5
|
41 |
|
532ae5
|
42 |
public $oldDataRecord; |
L |
43 |
public $dataRecord; |
|
44 |
public $id; |
b1a6a5
|
45 |
|
MC |
46 |
private $_methods = array(); |
|
47 |
|
532ae5
|
48 |
/* |
b1a6a5
|
49 |
These variables shall stay global. |
532ae5
|
50 |
Please do not make them private variables. |
b1a6a5
|
51 |
|
532ae5
|
52 |
private $app; |
L |
53 |
private $conf; |
|
54 |
*/ |
|
55 |
|
b1a6a5
|
56 |
public function __construct($methods = array()) |
MC |
57 |
{ |
|
58 |
global $app; |
|
59 |
$app->uses('remoting_lib'); |
c1418f
|
60 |
|
b1a6a5
|
61 |
$this->_methods = $methods; |
MC |
62 |
|
|
63 |
/* |
532ae5
|
64 |
$this->app = $app; |
L |
65 |
$this->conf = $conf; |
|
66 |
*/ |
b1a6a5
|
67 |
} |
MC |
68 |
|
|
69 |
//* remote login function |
5bff39
|
70 |
public function login($username, $password, $client_login = false) |
b1a6a5
|
71 |
{ |
c1418f
|
72 |
global $app, $conf; |
b1a6a5
|
73 |
|
bf7d95
|
74 |
// Maintenance mode |
F |
75 |
$app->uses('ini_parser,getconf'); |
|
76 |
$server_config_array = $app->getconf->get_global_config('misc'); |
|
77 |
if($server_config_array['maintenance_mode'] == 'y'){ |
c1418f
|
78 |
throw new SoapFault('maintenance_mode', 'This ISPConfig installation is currently under maintenance. We should be back shortly. Thank you for your patience.'); |
bf7d95
|
79 |
return false; |
F |
80 |
} |
b1a6a5
|
81 |
|
532ae5
|
82 |
if(empty($username)) { |
c1418f
|
83 |
throw new SoapFault('login_username_empty', 'The login username is empty.'); |
532ae5
|
84 |
return false; |
L |
85 |
} |
b1a6a5
|
86 |
|
532ae5
|
87 |
if(empty($password)) { |
c1418f
|
88 |
throw new SoapFault('login_password_empty', 'The login password is empty.'); |
532ae5
|
89 |
return false; |
L |
90 |
} |
b1a6a5
|
91 |
|
532ae5
|
92 |
//* Delete old remoting sessions |
cc7a82
|
93 |
$sql = "DELETE FROM remote_session WHERE tstamp < UNIX_TIMSTAMP()"; |
532ae5
|
94 |
$app->db->query($sql); |
b1a6a5
|
95 |
|
MC |
96 |
if($client_login == true) { |
cc7a82
|
97 |
$sql = "SELECT * FROM sys_user WHERE USERNAME = ?"; |
MC |
98 |
$user = $app->db->queryOneRecord($sql, $username); |
b1a6a5
|
99 |
if($user) { |
MC |
100 |
$saved_password = stripslashes($user['passwort']); |
5bff39
|
101 |
|
b1a6a5
|
102 |
if(substr($saved_password, 0, 3) == '$1$') { |
MC |
103 |
//* The password is crypt-md5 encrypted |
|
104 |
$salt = '$1$'.substr($saved_password, 3, 8).'$'; |
|
105 |
|
|
106 |
if(crypt(stripslashes($password), $salt) != $saved_password) { |
|
107 |
throw new SoapFault('client_login_failed', 'The login failed. Username or password wrong.'); |
|
108 |
return false; |
|
109 |
} |
|
110 |
} else { |
|
111 |
//* The password is md5 encrypted |
|
112 |
if(md5($password) != $saved_password) { |
|
113 |
throw new SoapFault('client_login_failed', 'The login failed. Username or password wrong.'); |
|
114 |
return false; |
|
115 |
} |
|
116 |
} |
|
117 |
} else { |
|
118 |
throw new SoapFault('client_login_failed', 'The login failed. Username or password wrong.'); |
|
119 |
return false; |
|
120 |
} |
|
121 |
if($user['active'] != 1) { |
|
122 |
throw new SoapFault('client_login_failed', 'The login failed. User is blocked.'); |
|
123 |
return false; |
|
124 |
} |
|
125 |
|
|
126 |
// now we need the client data |
cc7a82
|
127 |
$client = $app->db->queryOneRecord("SELECT client.can_use_api FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $user['default_group']); |
b1a6a5
|
128 |
if(!$client || $client['can_use_api'] != 'y') { |
MC |
129 |
throw new SoapFault('client_login_failed', 'The login failed. Client may not use api.'); |
|
130 |
return false; |
|
131 |
} |
|
132 |
|
|
133 |
//* Create a remote user session |
|
134 |
//srand ((double)microtime()*1000000); |
|
135 |
$remote_session = md5(mt_rand().uniqid('ispco')); |
|
136 |
$remote_userid = $user['userid']; |
|
137 |
$remote_functions = ''; |
|
138 |
$tstamp = time() + $this->session_timeout; |
|
139 |
$sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,client_login,tstamp' |
cc7a82
|
140 |
.') VALUES (?, ?, ?, 1, $tstamp)'; |
MC |
141 |
$app->db->query($sql, $remote_session,$remote_userid,$remote_functions,$tstamp); |
b1a6a5
|
142 |
return $remote_session; |
532ae5
|
143 |
} else { |
cc7a82
|
144 |
$sql = "SELECT * FROM remote_user WHERE remote_username = ? and remote_password = md5(?)"; |
MC |
145 |
$remote_user = $app->db->queryOneRecord($sql, $username, $password); |
b1a6a5
|
146 |
if($remote_user['remote_userid'] > 0) { |
MC |
147 |
//* Create a remote user session |
|
148 |
//srand ((double)microtime()*1000000); |
|
149 |
$remote_session = md5(mt_rand().uniqid('ispco')); |
|
150 |
$remote_userid = $remote_user['remote_userid']; |
|
151 |
$remote_functions = $remote_user['remote_functions']; |
|
152 |
$tstamp = time() + $this->session_timeout; |
|
153 |
$sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,tstamp' |
cc7a82
|
154 |
.') VALUES (?, ?, ?, ?)'; |
MC |
155 |
$app->db->query($sql, $remote_session,$remote_userid,$remote_functions,$tstamp); |
b1a6a5
|
156 |
return $remote_session; |
MC |
157 |
} else { |
|
158 |
throw new SoapFault('login_failed', 'The login failed. Username or password wrong.'); |
|
159 |
return false; |
|
160 |
} |
|
161 |
} |
|
162 |
|
532ae5
|
163 |
} |
b1a6a5
|
164 |
|
532ae5
|
165 |
//* remote logout function |
L |
166 |
public function logout($session_id) |
b1a6a5
|
167 |
{ |
532ae5
|
168 |
global $app; |
b1a6a5
|
169 |
|
532ae5
|
170 |
if(empty($session_id)) { |
c1418f
|
171 |
throw new SoapFault('session_id_empty', 'The SessionID is empty.'); |
532ae5
|
172 |
return false; |
L |
173 |
} |
b1a6a5
|
174 |
|
cc7a82
|
175 |
$sql = "DELETE FROM remote_session WHERE remote_session = ?"; |
MC |
176 |
if($app->db->query($sql, $session_id) != false) { |
57aa5e
|
177 |
return true; |
TB |
178 |
} else { |
|
179 |
return false; |
|
180 |
} |
532ae5
|
181 |
} |
b1a6a5
|
182 |
|
031054
|
183 |
//** protected functions ----------------------------------------------------------------------------------- |
b1a6a5
|
184 |
|
031054
|
185 |
protected function klientadd($formdef_file, $reseller_id, $params) |
b1a6a5
|
186 |
{ |
ecb6b3
|
187 |
global $app; |
b1a6a5
|
188 |
|
532ae5
|
189 |
//* Load the form definition |
L |
190 |
$app->remoting_lib->loadFormDef($formdef_file); |
b1a6a5
|
191 |
|
532ae5
|
192 |
//* load the user profile of the client |
L |
193 |
$app->remoting_lib->loadUserProfile($reseller_id); |
b1a6a5
|
194 |
|
532ae5
|
195 |
//* Get the SQL query |
b1a6a5
|
196 |
$sql = $app->remoting_lib->getSQL($params, 'INSERT', 0); |
MC |
197 |
|
8cf78b
|
198 |
//* Check if no system user with that username exists |
2af58c
|
199 |
$username = $params["username"]; |
cc7a82
|
200 |
$tmp = $app->db->queryOneRecord("SELECT count(userid) as number FROM sys_user WHERE username = ?", $username); |
8cf78b
|
201 |
if($tmp['number'] > 0) $app->remoting_lib->errorMessage .= "Duplicate username<br />"; |
b1a6a5
|
202 |
|
355efb
|
203 |
//* Stop on error while preparing the sql query |
532ae5
|
204 |
if($app->remoting_lib->errorMessage != '') { |
c1418f
|
205 |
throw new SoapFault('data_processing_error', $app->remoting_lib->errorMessage); |
532ae5
|
206 |
return false; |
L |
207 |
} |
b1a6a5
|
208 |
|
355efb
|
209 |
//* Execute the SQL query |
T |
210 |
$app->db->query($sql); |
c8f203
|
211 |
$insert_id = $app->db->insertID(); |
b1a6a5
|
212 |
|
MC |
213 |
|
355efb
|
214 |
//* Stop on error while executing the sql query |
T |
215 |
if($app->remoting_lib->errorMessage != '') { |
c1418f
|
216 |
throw new SoapFault('data_processing_error', $app->remoting_lib->errorMessage); |
355efb
|
217 |
return false; |
T |
218 |
} |
b1a6a5
|
219 |
|
c8f203
|
220 |
$this->id = $insert_id; |
T |
221 |
$this->dataRecord = $params; |
b1a6a5
|
222 |
|
MC |
223 |
$app->plugin->raiseEvent('client:' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . ':on_after_insert', $this); |
|
224 |
|
c8f203
|
225 |
/* |
532ae5
|
226 |
if($app->db->errorMessage != '') { |
c1418f
|
227 |
throw new SoapFault('database_error', $app->db->errorMessage . ' '.$sql); |
532ae5
|
228 |
return false; |
L |
229 |
} |
c8f203
|
230 |
*/ |
b1a6a5
|
231 |
|
MC |
232 |
/* copied from the client_edit php */ |
54f158
|
233 |
exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""'); |
cc7a82
|
234 |
$app->db->query("UPDATE client SET created_at = UNIX_TIMSTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id); |
54f158
|
235 |
exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub'); |
b1a6a5
|
236 |
|
MC |
237 |
|
|
238 |
|
532ae5
|
239 |
//$app->uses('tform'); |
L |
240 |
//* Save changes to Datalog |
|
241 |
if($app->remoting_lib->formDef["db_history"] == 'yes') { |
|
242 |
$new_rec = $app->remoting_lib->getDataRecord($insert_id); |
b1a6a5
|
243 |
$app->remoting_lib->datalogSave('INSERT', $primary_id, array(), $new_rec); |
MC |
244 |
$app->remoting_lib->ispconfig_sysuser_add($params, $insert_id); |
532ae5
|
245 |
|
b1a6a5
|
246 |
if($reseller_id) { |
cc7a82
|
247 |
$client_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $insert_id); |
MC |
248 |
$reseller_user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $reseller_id); |
b1a6a5
|
249 |
$app->auth->add_group_to_user($reseller_user['userid'], $client_group['groupid']); |
cc7a82
|
250 |
$app->db->query("UPDATE client SET parent_client_id = ? WHERE client_id = ?", $reseller_id, $insert_id); |
b1a6a5
|
251 |
} |
532ae5
|
252 |
|
L |
253 |
} |
|
254 |
return $insert_id; |
|
255 |
} |
|
256 |
|
b1a6a5
|
257 |
protected function insertQuery($formdef_file, $client_id, $params, $event_identifier = '') |
MC |
258 |
{ |
|
259 |
$sql = $this->insertQueryPrepare($formdef_file, $client_id, $params); |
|
260 |
if($sql !== false) return $this->insertQueryExecute($sql, $params, $event_identifier); |
|
261 |
else return false; |
|
262 |
} |
ecb6b3
|
263 |
|
M |
264 |
protected function insertQueryPrepare($formdef_file, $client_id, $params) |
b1a6a5
|
265 |
{ |
ecb6b3
|
266 |
global $app; |
b1a6a5
|
267 |
|
532ae5
|
268 |
$app->uses('remoting_lib'); |
b1a6a5
|
269 |
|
532ae5
|
270 |
//* load the user profile of the client |
L |
271 |
$app->remoting_lib->loadUserProfile($client_id); |
b1a6a5
|
272 |
|
532ae5
|
273 |
//* Load the form definition |
L |
274 |
$app->remoting_lib->loadFormDef($formdef_file); |
b1a6a5
|
275 |
|
532ae5
|
276 |
//* Get the SQL query |
b1a6a5
|
277 |
$sql = $app->remoting_lib->getSQL($params, 'INSERT', 0); |
532ae5
|
278 |
if($app->remoting_lib->errorMessage != '') { |
c1418f
|
279 |
throw new SoapFault('data_processing_error', $app->remoting_lib->errorMessage); |
532ae5
|
280 |
return false; |
L |
281 |
} |
864ba9
|
282 |
$app->log('Executed insertQueryPrepare', LOGLEVEL_DEBUG); |
b1a6a5
|
283 |
return $sql; |
ecb6b3
|
284 |
} |
b1a6a5
|
285 |
|
MC |
286 |
protected function insertQueryExecute($sql, $params, $event_identifier = '') |
|
287 |
{ |
ecb6b3
|
288 |
global $app; |
b1a6a5
|
289 |
|
ecb6b3
|
290 |
$app->uses('remoting_lib'); |
b1a6a5
|
291 |
|
532ae5
|
292 |
$app->db->query($sql); |
b1a6a5
|
293 |
|
532ae5
|
294 |
if($app->db->errorMessage != '') { |
c1418f
|
295 |
throw new SoapFault('database_error', $app->db->errorMessage . ' '.$sql); |
532ae5
|
296 |
return false; |
L |
297 |
} |
b1a6a5
|
298 |
|
532ae5
|
299 |
$insert_id = $app->db->insertID(); |
b1a6a5
|
300 |
|
532ae5
|
301 |
// set a few values for compatibility with tform actions, mostly used by plugins |
L |
302 |
$this->id = $insert_id; |
|
303 |
$this->dataRecord = $params; |
864ba9
|
304 |
$app->log('Executed insertQueryExecute, raising events now if any: ' . $event_identifier, LOGLEVEL_DEBUG); |
b1a6a5
|
305 |
if($event_identifier != '') $app->plugin->raiseEvent($event_identifier, $this); |
MC |
306 |
|
532ae5
|
307 |
//$app->uses('tform'); |
L |
308 |
//* Save changes to Datalog |
|
309 |
if($app->remoting_lib->formDef["db_history"] == 'yes') { |
|
310 |
$new_rec = $app->remoting_lib->getDataRecord($insert_id); |
b1a6a5
|
311 |
$app->remoting_lib->datalogSave('INSERT', $primary_id, array(), $new_rec); |
MC |
312 |
} |
532ae5
|
313 |
return $insert_id; |
L |
314 |
} |
b1a6a5
|
315 |
|
031054
|
316 |
protected function updateQuery($formdef_file, $client_id, $primary_id, $params, $event_identifier = '') |
b1a6a5
|
317 |
{ |
ecb6b3
|
318 |
global $app; |
b1a6a5
|
319 |
|
ecb6b3
|
320 |
$sql = $this->updateQueryPrepare($formdef_file, $client_id, $primary_id, $params); |
b1a6a5
|
321 |
if($sql !== false) return $this->updateQueryExecute($sql, $primary_id, $params, $event_identifier); |
MC |
322 |
else return false; |
ecb6b3
|
323 |
} |
b1a6a5
|
324 |
|
ecb6b3
|
325 |
protected function updateQueryPrepare($formdef_file, $client_id, $primary_id, $params) |
b1a6a5
|
326 |
{ |
532ae5
|
327 |
global $app; |
b1a6a5
|
328 |
|
532ae5
|
329 |
$app->uses('remoting_lib'); |
b1a6a5
|
330 |
|
532ae5
|
331 |
//* load the user profile of the client |
L |
332 |
$app->remoting_lib->loadUserProfile($client_id); |
b1a6a5
|
333 |
|
532ae5
|
334 |
//* Load the form definition |
L |
335 |
$app->remoting_lib->loadFormDef($formdef_file); |
a66fd7
|
336 |
|
TB |
337 |
//* get old record and merge with params, so only new values have to be set in $params |
|
338 |
$old_rec = $app->remoting_lib->getDataRecord($primary_id); |
37b292
|
339 |
|
MC |
340 |
foreach ($app->remoting_lib->formDef['fields'] as $fieldName => $fieldConf) |
|
341 |
{ |
|
342 |
if ($fieldConf['formtype'] === 'PASSWORD' && empty($params[$fieldName])) { |
|
343 |
unset($old_rec[$fieldName]); |
|
344 |
} |
|
345 |
} |
|
346 |
|
a66fd7
|
347 |
$params = $app->functions->array_merge($old_rec,$params); |
b1a6a5
|
348 |
|
532ae5
|
349 |
//* Get the SQL query |
b1a6a5
|
350 |
$sql = $app->remoting_lib->getSQL($params, 'UPDATE', $primary_id); |
af4c7a
|
351 |
|
c1418f
|
352 |
// throw new SoapFault('debug', $sql); |
532ae5
|
353 |
if($app->remoting_lib->errorMessage != '') { |
c1418f
|
354 |
throw new SoapFault('data_processing_error', $app->remoting_lib->errorMessage); |
532ae5
|
355 |
return false; |
L |
356 |
} |
b1a6a5
|
357 |
|
MC |
358 |
return $sql; |
ecb6b3
|
359 |
} |
M |
360 |
|
|
361 |
protected function updateQueryExecute($sql, $primary_id, $params, $event_identifier = '') |
b1a6a5
|
362 |
{ |
ecb6b3
|
363 |
global $app; |
b1a6a5
|
364 |
|
ecb6b3
|
365 |
$app->uses('remoting_lib'); |
b1a6a5
|
366 |
|
532ae5
|
367 |
$old_rec = $app->remoting_lib->getDataRecord($primary_id); |
b1a6a5
|
368 |
|
532ae5
|
369 |
// set a few values for compatibility with tform actions, mostly used by plugins |
L |
370 |
$this->oldDataRecord = $old_rec; |
|
371 |
$this->id = $primary_id; |
|
372 |
$this->dataRecord = $params; |
b1a6a5
|
373 |
|
532ae5
|
374 |
$app->db->query($sql); |
b1a6a5
|
375 |
|
532ae5
|
376 |
if($app->db->errorMessage != '') { |
c1418f
|
377 |
throw new SoapFault('database_error', $app->db->errorMessage . ' '.$sql); |
532ae5
|
378 |
return false; |
L |
379 |
} |
b1a6a5
|
380 |
|
532ae5
|
381 |
$affected_rows = $app->db->affectedRows(); |
753da5
|
382 |
$app->log('Executed updateQueryExecute, raising events now if any: ' . $event_identifier, LOGLEVEL_DEBUG); |
b1a6a5
|
383 |
|
MC |
384 |
if($event_identifier != '') $app->plugin->raiseEvent($event_identifier, $this); |
|
385 |
|
532ae5
|
386 |
//* Save changes to Datalog |
L |
387 |
if($app->remoting_lib->formDef["db_history"] == 'yes') { |
|
388 |
$new_rec = $app->remoting_lib->getDataRecord($primary_id); |
b1a6a5
|
389 |
$app->remoting_lib->datalogSave('UPDATE', $primary_id, $old_rec, $new_rec); |
532ae5
|
390 |
} |
b1a6a5
|
391 |
|
532ae5
|
392 |
return $affected_rows; |
L |
393 |
} |
ecb6b3
|
394 |
|
031054
|
395 |
protected function deleteQuery($formdef_file, $primary_id, $event_identifier = '') |
b1a6a5
|
396 |
{ |
532ae5
|
397 |
global $app; |
b1a6a5
|
398 |
|
532ae5
|
399 |
$app->uses('remoting_lib'); |
b1a6a5
|
400 |
|
532ae5
|
401 |
//* load the user profile of the client |
L |
402 |
$app->remoting_lib->loadUserProfile(0); |
b1a6a5
|
403 |
|
532ae5
|
404 |
//* Load the form definition |
L |
405 |
$app->remoting_lib->loadFormDef($formdef_file); |
b1a6a5
|
406 |
|
532ae5
|
407 |
$old_rec = $app->remoting_lib->getDataRecord($primary_id); |
b1a6a5
|
408 |
|
532ae5
|
409 |
// set a few values for compatibility with tform actions, mostly used by plugins |
L |
410 |
$this->oldDataRecord = $old_rec; |
|
411 |
$this->id = $primary_id; |
355efb
|
412 |
$this->dataRecord = $old_rec; |
28ade6
|
413 |
$app->log('Executed deleteQuery, raising events now if any: ' . $event_identifier, LOGLEVEL_DEBUG); |
355efb
|
414 |
//$this->dataRecord = $params; |
b1a6a5
|
415 |
|
532ae5
|
416 |
//* Get the SQL query |
L |
417 |
$sql = $app->remoting_lib->getDeleteSQL($primary_id); |
355efb
|
418 |
$app->db->errorMessage = ''; |
532ae5
|
419 |
$app->db->query($sql); |
355efb
|
420 |
$affected_rows = $app->db->affectedRows(); |
b1a6a5
|
421 |
|
532ae5
|
422 |
if($app->db->errorMessage != '') { |
c1418f
|
423 |
throw new SoapFault('database_error', $app->db->errorMessage . ' '.$sql); |
532ae5
|
424 |
return false; |
L |
425 |
} |
b1a6a5
|
426 |
|
355efb
|
427 |
if($event_identifier != '') { |
b1a6a5
|
428 |
$app->plugin->raiseEvent($event_identifier, $this); |
355efb
|
429 |
} |
b1a6a5
|
430 |
|
532ae5
|
431 |
//* Save changes to Datalog |
L |
432 |
if($app->remoting_lib->formDef["db_history"] == 'yes') { |
b1a6a5
|
433 |
$app->remoting_lib->datalogSave('DELETE', $primary_id, $old_rec, array()); |
532ae5
|
434 |
} |
b1a6a5
|
435 |
|
MC |
436 |
|
532ae5
|
437 |
return $affected_rows; |
L |
438 |
} |
b1a6a5
|
439 |
|
MC |
440 |
|
031054
|
441 |
protected function checkPerm($session_id, $function_name) |
b1a6a5
|
442 |
{ |
MC |
443 |
global $app; |
|
444 |
$dobre=array(); |
|
445 |
$session = $this->getSession($session_id); |
|
446 |
if(!$session){ |
|
447 |
return false; |
|
448 |
} |
|
449 |
|
|
450 |
$_SESSION['client_login'] = $session['client_login']; |
|
451 |
if($session['client_login'] == 1) { |
|
452 |
// permissions are checked at an other place |
|
453 |
$_SESSION['client_sys_userid'] = $session['remote_userid']; |
|
454 |
$app->remoting_lib->loadUserProfile(); // load the profile - we ALWAYS need this on client logins! |
|
455 |
return true; |
|
456 |
} else { |
|
457 |
$_SESSION['client_sys_userid'] = 0; |
|
458 |
} |
|
459 |
|
|
460 |
$dobre= str_replace(';', ',', $session['remote_functions']); |
ecf891
|
461 |
$check = in_array($function_name, explode(',', $dobre) ); |
N |
462 |
if(!$check) { |
b1a6a5
|
463 |
$app->log("REMOTE-LIB DENY: ".$session_id ." /". $function_name, LOGLEVEL_WARN); |
ecf891
|
464 |
} |
N |
465 |
return $check; |
532ae5
|
466 |
} |
b1a6a5
|
467 |
|
MC |
468 |
|
031054
|
469 |
protected function getSession($session_id) |
b1a6a5
|
470 |
{ |
532ae5
|
471 |
global $app; |
b1a6a5
|
472 |
|
532ae5
|
473 |
if(empty($session_id)) { |
b1a6a5
|
474 |
throw new SoapFault('session_id_empty', 'The SessionID is empty.'); |
532ae5
|
475 |
return false; |
L |
476 |
} |
b1a6a5
|
477 |
|
cc7a82
|
478 |
$sql = "SELECT * FROM remote_session WHERE remote_session = ? AND tstamp >= UNIX_TIMSTAMP()"; |
MC |
479 |
$session = $app->db->queryOneRecord($sql, $session_id); |
532ae5
|
480 |
if($session['remote_userid'] > 0) { |
L |
481 |
return $session; |
|
482 |
} else { |
b1a6a5
|
483 |
throw new SoapFault('session_does_not_exist', 'The Session is expired or does not exist.'); |
532ae5
|
484 |
return false; |
L |
485 |
} |
|
486 |
} |
b1a6a5
|
487 |
|
9f1e98
|
488 |
public function server_get($session_id, $server_id = null, $section ='') { |
b1a6a5
|
489 |
global $app; |
MC |
490 |
if(!$this->checkPerm($session_id, 'server_get')) { |
9f1e98
|
491 |
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.'); |
532ae5
|
492 |
return false; |
b1a6a5
|
493 |
} |
9f1e98
|
494 |
if (!empty($session_id)) { |
MC |
495 |
if(!empty($server_id)) { |
|
496 |
$app->uses('remoting_lib , getconf'); |
|
497 |
$section_config = $app->getconf->get_server_config($server_id, $section); |
|
498 |
return $section_config; |
|
499 |
} else { |
|
500 |
$servers = array(); |
|
501 |
$sql = "SELECT server_id FROM server WHERE 1"; |
|
502 |
$all = $app->db->queryAllRecords($sql); |
|
503 |
foreach($all as $s) { |
|
504 |
$servers[$s['server_id']] = $app->getconf->get_server_config($s['server_id'], $section); |
|
505 |
} |
|
506 |
unset($all); |
|
507 |
unset($s); |
|
508 |
return $servers; |
|
509 |
} |
|
510 |
} else { |
|
511 |
return false; |
|
512 |
} |
|
513 |
} |
|
514 |
|
|
515 |
/** |
|
516 |
Gets a list of all servers |
|
517 |
@param int session_id |
|
518 |
@param int server_name |
|
519 |
@author Marius Cramer <m.cramer@pixcept.de> 2014 |
|
520 |
*/ |
|
521 |
public function server_get_all($session_id) |
|
522 |
{ |
|
523 |
global $app; |
|
524 |
if(!$this->checkPerm($session_id, 'server_get')) { |
|
525 |
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.'); |
|
526 |
return false; |
|
527 |
} |
|
528 |
if (!empty($session_id)) { |
|
529 |
$sql = "SELECT server_id, server_name FROM server WHERE 1"; |
|
530 |
$servers = $app->db->queryAllRecords($sql); |
|
531 |
return $servers; |
b1a6a5
|
532 |
} else { |
MC |
533 |
return false; |
|
534 |
} |
|
535 |
} |
|
536 |
|
|
537 |
/** |
|
538 |
* Get a list of functions |
|
539 |
* @param int session id |
|
540 |
* @return mixed array of the available functions |
|
541 |
* @author Julio Montoya <gugli100@gmail.com> BeezNest 2010 |
|
542 |
*/ |
|
543 |
|
|
544 |
|
|
545 |
public function get_function_list($session_id) |
|
546 |
{ |
|
547 |
if(!$this->checkPerm($session_id, 'get_function_list')) { |
|
548 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
|
549 |
return false; |
|
550 |
} |
|
551 |
return $this->_methods; |
|
552 |
} |
|
553 |
|
532ae5
|
554 |
} |
b1a6a5
|
555 |
|
ecf891
|
556 |
?> |