| commit | author | age | ||
| 532ae5 | 1 | <?php |
| L | 2 | |
| 3 | /* | |
| 077c27 | 4 | Copyright (c) 2007 - 2011, Till Brehm, projektfarm Gmbh |
| 532ae5 | 5 | All rights reserved. |
| L | 6 | |
| 7 | Redistribution and use in source and binary forms, with or without modification, | |
| 8 | are permitted provided that the following conditions are met: | |
| 9 | ||
| 10 | * Redistributions of source code must retain the above copyright notice, | |
| 11 | this list of conditions and the following disclaimer. | |
| 12 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 13 | this list of conditions and the following disclaimer in the documentation | |
| 14 | and/or other materials provided with the distribution. | |
| 15 | * Neither the name of ISPConfig nor the names of its contributors | |
| 16 | may be used to endorse or promote products derived from this software without | |
| 17 | specific prior written permission. | |
| 18 | ||
| 19 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 20 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 21 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 22 | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 23 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | |
| 24 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 25 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
| 26 | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 27 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
| 28 | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 29 | ||
| 30 | --UPDATED 08.2009-- | |
| 31 | Full SOAP support for ISPConfig 3.1.4 b | |
| 32 | Updated by Arkadiusz Roch & Artur Edelman | |
| 33 | Copyright (c) Tri-Plex technology | |
| 34 | ||
| 35 | */ | |
| 36 | ||
| 37 | class remoting { | |
| b1a6a5 | 38 | |
| 532ae5 | 39 | //* remote session timeout in seconds |
| L | 40 | private $session_timeout = 600; |
| b1a6a5 | 41 | |
| 532ae5 | 42 | public $oldDataRecord; |
| L | 43 | public $dataRecord; |
| 44 | public $id; | |
| b1a6a5 | 45 | |
| MC | 46 | private $_methods = array(); |
| 47 | ||
| 532ae5 | 48 | /* |
| b1a6a5 | 49 | These variables shall stay global. |
| 532ae5 | 50 | Please do not make them private variables. |
| b1a6a5 | 51 | |
| 532ae5 | 52 | private $app; |
| L | 53 | private $conf; |
| 54 | */ | |
| 55 | ||
| b1a6a5 | 56 | public function __construct($methods = array()) |
| MC | 57 | { |
| 58 | global $app; | |
| 59 | $app->uses('remoting_lib'); | |
| c1418f | 60 | |
| b1a6a5 | 61 | $this->_methods = $methods; |
| MC | 62 | |
| 63 | /* | |
| 532ae5 | 64 | $this->app = $app; |
| L | 65 | $this->conf = $conf; |
| 66 | */ | |
| b1a6a5 | 67 | } |
| MC | 68 | |
| 69 | //* remote login function | |
| 5bff39 | 70 | public function login($username, $password, $client_login = false) |
| b1a6a5 | 71 | { |
| c1418f | 72 | global $app, $conf; |
| b1a6a5 | 73 | |
| bf7d95 | 74 | // Maintenance mode |
| F | 75 | $app->uses('ini_parser,getconf'); |
| 76 | $server_config_array = $app->getconf->get_global_config('misc'); | |
| 77 | if($server_config_array['maintenance_mode'] == 'y'){ | |
| c1418f | 78 | throw new SoapFault('maintenance_mode', 'This ISPConfig installation is currently under maintenance. We should be back shortly. Thank you for your patience.'); |
| bf7d95 | 79 | return false; |
| F | 80 | } |
| b1a6a5 | 81 | |
| 532ae5 | 82 | if(empty($username)) { |
| c1418f | 83 | throw new SoapFault('login_username_empty', 'The login username is empty.'); |
| 532ae5 | 84 | return false; |
| L | 85 | } |
| b1a6a5 | 86 | |
| 532ae5 | 87 | if(empty($password)) { |
| c1418f | 88 | throw new SoapFault('login_password_empty', 'The login password is empty.'); |
| 532ae5 | 89 | return false; |
| L | 90 | } |
| b1a6a5 | 91 | |
| 532ae5 | 92 | //* Delete old remoting sessions |
| cc7a82 | 93 | $sql = "DELETE FROM remote_session WHERE tstamp < UNIX_TIMSTAMP()"; |
| 532ae5 | 94 | $app->db->query($sql); |
| b1a6a5 | 95 | |
| MC | 96 | if($client_login == true) { |
| cc7a82 | 97 | $sql = "SELECT * FROM sys_user WHERE USERNAME = ?"; |
| MC | 98 | $user = $app->db->queryOneRecord($sql, $username); |
| b1a6a5 | 99 | if($user) { |
| MC | 100 | $saved_password = stripslashes($user['passwort']); |
| 5bff39 | 101 | |
| b1a6a5 | 102 | if(substr($saved_password, 0, 3) == '$1$') { |
| MC | 103 | //* The password is crypt-md5 encrypted |
| 104 | $salt = '$1$'.substr($saved_password, 3, 8).'$'; | |
| 105 | ||
| 106 | if(crypt(stripslashes($password), $salt) != $saved_password) { | |
| 107 | throw new SoapFault('client_login_failed', 'The login failed. Username or password wrong.'); | |
| 108 | return false; | |
| 109 | } | |
| 110 | } else { | |
| 111 | //* The password is md5 encrypted | |
| 112 | if(md5($password) != $saved_password) { | |
| 113 | throw new SoapFault('client_login_failed', 'The login failed. Username or password wrong.'); | |
| 114 | return false; | |
| 115 | } | |
| 116 | } | |
| 117 | } else { | |
| 118 | throw new SoapFault('client_login_failed', 'The login failed. Username or password wrong.'); | |
| 119 | return false; | |
| 120 | } | |
| 121 | if($user['active'] != 1) { | |
| 122 | throw new SoapFault('client_login_failed', 'The login failed. User is blocked.'); | |
| 123 | return false; | |
| 124 | } | |
| 125 | ||
| 126 | // now we need the client data | |
| cc7a82 | 127 | $client = $app->db->queryOneRecord("SELECT client.can_use_api FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $user['default_group']); |
| b1a6a5 | 128 | if(!$client || $client['can_use_api'] != 'y') { |
| MC | 129 | throw new SoapFault('client_login_failed', 'The login failed. Client may not use api.'); |
| 130 | return false; | |
| 131 | } | |
| 132 | ||
| 133 | //* Create a remote user session | |
| 134 | //srand ((double)microtime()*1000000); | |
| 135 | $remote_session = md5(mt_rand().uniqid('ispco')); | |
| 136 | $remote_userid = $user['userid']; | |
| 137 | $remote_functions = ''; | |
| 138 | $tstamp = time() + $this->session_timeout; | |
| 139 | $sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,client_login,tstamp' | |
| cc7a82 | 140 | .') VALUES (?, ?, ?, 1, $tstamp)'; |
| MC | 141 | $app->db->query($sql, $remote_session,$remote_userid,$remote_functions,$tstamp); |
| b1a6a5 | 142 | return $remote_session; |
| 532ae5 | 143 | } else { |
| cc7a82 | 144 | $sql = "SELECT * FROM remote_user WHERE remote_username = ? and remote_password = md5(?)"; |
| MC | 145 | $remote_user = $app->db->queryOneRecord($sql, $username, $password); |
| b1a6a5 | 146 | if($remote_user['remote_userid'] > 0) { |
| MC | 147 | //* Create a remote user session |
| 148 | //srand ((double)microtime()*1000000); | |
| 149 | $remote_session = md5(mt_rand().uniqid('ispco')); | |
| 150 | $remote_userid = $remote_user['remote_userid']; | |
| 151 | $remote_functions = $remote_user['remote_functions']; | |
| 152 | $tstamp = time() + $this->session_timeout; | |
| 153 | $sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,tstamp' | |
| cc7a82 | 154 | .') VALUES (?, ?, ?, ?)'; |
| MC | 155 | $app->db->query($sql, $remote_session,$remote_userid,$remote_functions,$tstamp); |
| b1a6a5 | 156 | return $remote_session; |
| MC | 157 | } else { |
| 158 | throw new SoapFault('login_failed', 'The login failed. Username or password wrong.'); | |
| 159 | return false; | |
| 160 | } | |
| 161 | } | |
| 162 | ||
| 532ae5 | 163 | } |
| b1a6a5 | 164 | |
| 532ae5 | 165 | //* remote logout function |
| L | 166 | public function logout($session_id) |
| b1a6a5 | 167 | { |
| 532ae5 | 168 | global $app; |
| b1a6a5 | 169 | |
| 532ae5 | 170 | if(empty($session_id)) { |
| c1418f | 171 | throw new SoapFault('session_id_empty', 'The SessionID is empty.'); |
| 532ae5 | 172 | return false; |
| L | 173 | } |
| b1a6a5 | 174 | |
| cc7a82 | 175 | $sql = "DELETE FROM remote_session WHERE remote_session = ?"; |
| MC | 176 | if($app->db->query($sql, $session_id) != false) { |
| 57aa5e | 177 | return true; |
| TB | 178 | } else { |
| 179 | return false; | |
| 180 | } | |
| 532ae5 | 181 | } |
| b1a6a5 | 182 | |
| 031054 | 183 | //** protected functions ----------------------------------------------------------------------------------- |
| b1a6a5 | 184 | |
| 031054 | 185 | protected function klientadd($formdef_file, $reseller_id, $params) |
| b1a6a5 | 186 | { |
| ecb6b3 | 187 | global $app; |
| b1a6a5 | 188 | |
| 532ae5 | 189 | //* Load the form definition |
| L | 190 | $app->remoting_lib->loadFormDef($formdef_file); |
| b1a6a5 | 191 | |
| 532ae5 | 192 | //* load the user profile of the client |
| L | 193 | $app->remoting_lib->loadUserProfile($reseller_id); |
| b1a6a5 | 194 | |
| 532ae5 | 195 | //* Get the SQL query |
| b1a6a5 | 196 | $sql = $app->remoting_lib->getSQL($params, 'INSERT', 0); |
| MC | 197 | |
| 8cf78b | 198 | //* Check if no system user with that username exists |
| 2af58c | 199 | $username = $params["username"]; |
| cc7a82 | 200 | $tmp = $app->db->queryOneRecord("SELECT count(userid) as number FROM sys_user WHERE username = ?", $username); |
| 8cf78b | 201 | if($tmp['number'] > 0) $app->remoting_lib->errorMessage .= "Duplicate username<br />"; |
| b1a6a5 | 202 | |
| 355efb | 203 | //* Stop on error while preparing the sql query |
| 532ae5 | 204 | if($app->remoting_lib->errorMessage != '') { |
| c1418f | 205 | throw new SoapFault('data_processing_error', $app->remoting_lib->errorMessage); |
| 532ae5 | 206 | return false; |
| L | 207 | } |
| b1a6a5 | 208 | |
| 355efb | 209 | //* Execute the SQL query |
| T | 210 | $app->db->query($sql); |
| c8f203 | 211 | $insert_id = $app->db->insertID(); |
| b1a6a5 | 212 | |
| MC | 213 | |
| 355efb | 214 | //* Stop on error while executing the sql query |
| T | 215 | if($app->remoting_lib->errorMessage != '') { |
| c1418f | 216 | throw new SoapFault('data_processing_error', $app->remoting_lib->errorMessage); |
| 355efb | 217 | return false; |
| T | 218 | } |
| b1a6a5 | 219 | |
| c8f203 | 220 | $this->id = $insert_id; |
| T | 221 | $this->dataRecord = $params; |
| b1a6a5 | 222 | |
| MC | 223 | $app->plugin->raiseEvent('client:' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . ':on_after_insert', $this); |
| 224 | ||
| c8f203 | 225 | /* |
| 532ae5 | 226 | if($app->db->errorMessage != '') { |
| c1418f | 227 | throw new SoapFault('database_error', $app->db->errorMessage . ' '.$sql); |
| 532ae5 | 228 | return false; |
| L | 229 | } |
| c8f203 | 230 | */ |
| b1a6a5 | 231 | |
| MC | 232 | /* copied from the client_edit php */ |
| 54f158 | 233 | exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""'); |
| cc7a82 | 234 | $app->db->query("UPDATE client SET created_at = UNIX_TIMSTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id); |
| 54f158 | 235 | exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub'); |
| b1a6a5 | 236 | |
| MC | 237 | |
| 238 | ||
| 532ae5 | 239 | //$app->uses('tform'); |
| L | 240 | //* Save changes to Datalog |
| 241 | if($app->remoting_lib->formDef["db_history"] == 'yes') { | |
| 242 | $new_rec = $app->remoting_lib->getDataRecord($insert_id); | |
| b1a6a5 | 243 | $app->remoting_lib->datalogSave('INSERT', $primary_id, array(), $new_rec); |
| MC | 244 | $app->remoting_lib->ispconfig_sysuser_add($params, $insert_id); |
| 532ae5 | 245 | |
| b1a6a5 | 246 | if($reseller_id) { |
| cc7a82 | 247 | $client_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $insert_id); |
| MC | 248 | $reseller_user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $reseller_id); |
| b1a6a5 | 249 | $app->auth->add_group_to_user($reseller_user['userid'], $client_group['groupid']); |
| cc7a82 | 250 | $app->db->query("UPDATE client SET parent_client_id = ? WHERE client_id = ?", $reseller_id, $insert_id); |
| b1a6a5 | 251 | } |
| 532ae5 | 252 | |
| L | 253 | } |
| 254 | return $insert_id; | |
| 255 | } | |
| 256 | ||
| b1a6a5 | 257 | protected function insertQuery($formdef_file, $client_id, $params, $event_identifier = '') |
| MC | 258 | { |
| 259 | $sql = $this->insertQueryPrepare($formdef_file, $client_id, $params); | |
| 260 | if($sql !== false) return $this->insertQueryExecute($sql, $params, $event_identifier); | |
| 261 | else return false; | |
| 262 | } | |
| ecb6b3 | 263 | |
| M | 264 | protected function insertQueryPrepare($formdef_file, $client_id, $params) |
| b1a6a5 | 265 | { |
| ecb6b3 | 266 | global $app; |
| b1a6a5 | 267 | |
| 532ae5 | 268 | $app->uses('remoting_lib'); |
| b1a6a5 | 269 | |
| 532ae5 | 270 | //* load the user profile of the client |
| L | 271 | $app->remoting_lib->loadUserProfile($client_id); |
| b1a6a5 | 272 | |
| 532ae5 | 273 | //* Load the form definition |
| L | 274 | $app->remoting_lib->loadFormDef($formdef_file); |
| b1a6a5 | 275 | |
| 532ae5 | 276 | //* Get the SQL query |
| b1a6a5 | 277 | $sql = $app->remoting_lib->getSQL($params, 'INSERT', 0); |
| 532ae5 | 278 | if($app->remoting_lib->errorMessage != '') { |
| c1418f | 279 | throw new SoapFault('data_processing_error', $app->remoting_lib->errorMessage); |
| 532ae5 | 280 | return false; |
| L | 281 | } |
| 864ba9 | 282 | $app->log('Executed insertQueryPrepare', LOGLEVEL_DEBUG); |
| b1a6a5 | 283 | return $sql; |
| ecb6b3 | 284 | } |
| b1a6a5 | 285 | |
| MC | 286 | protected function insertQueryExecute($sql, $params, $event_identifier = '') |
| 287 | { | |
| ecb6b3 | 288 | global $app; |
| b1a6a5 | 289 | |
| ecb6b3 | 290 | $app->uses('remoting_lib'); |
| b1a6a5 | 291 | |
| 532ae5 | 292 | $app->db->query($sql); |
| b1a6a5 | 293 | |
| 532ae5 | 294 | if($app->db->errorMessage != '') { |
| c1418f | 295 | throw new SoapFault('database_error', $app->db->errorMessage . ' '.$sql); |
| 532ae5 | 296 | return false; |
| L | 297 | } |
| b1a6a5 | 298 | |
| 532ae5 | 299 | $insert_id = $app->db->insertID(); |
| b1a6a5 | 300 | |
| 532ae5 | 301 | // set a few values for compatibility with tform actions, mostly used by plugins |
| L | 302 | $this->id = $insert_id; |
| 303 | $this->dataRecord = $params; | |
| 864ba9 | 304 | $app->log('Executed insertQueryExecute, raising events now if any: ' . $event_identifier, LOGLEVEL_DEBUG); |
| b1a6a5 | 305 | if($event_identifier != '') $app->plugin->raiseEvent($event_identifier, $this); |
| MC | 306 | |
| 532ae5 | 307 | //$app->uses('tform'); |
| L | 308 | //* Save changes to Datalog |
| 309 | if($app->remoting_lib->formDef["db_history"] == 'yes') { | |
| 310 | $new_rec = $app->remoting_lib->getDataRecord($insert_id); | |
| b1a6a5 | 311 | $app->remoting_lib->datalogSave('INSERT', $primary_id, array(), $new_rec); |
| MC | 312 | } |
| 532ae5 | 313 | return $insert_id; |
| L | 314 | } |
| b1a6a5 | 315 | |
| 031054 | 316 | protected function updateQuery($formdef_file, $client_id, $primary_id, $params, $event_identifier = '') |
| b1a6a5 | 317 | { |
| ecb6b3 | 318 | global $app; |
| b1a6a5 | 319 | |
| ecb6b3 | 320 | $sql = $this->updateQueryPrepare($formdef_file, $client_id, $primary_id, $params); |
| b1a6a5 | 321 | if($sql !== false) return $this->updateQueryExecute($sql, $primary_id, $params, $event_identifier); |
| MC | 322 | else return false; |
| ecb6b3 | 323 | } |
| b1a6a5 | 324 | |
| ecb6b3 | 325 | protected function updateQueryPrepare($formdef_file, $client_id, $primary_id, $params) |
| b1a6a5 | 326 | { |
| 532ae5 | 327 | global $app; |
| b1a6a5 | 328 | |
| 532ae5 | 329 | $app->uses('remoting_lib'); |
| b1a6a5 | 330 | |
| 532ae5 | 331 | //* load the user profile of the client |
| L | 332 | $app->remoting_lib->loadUserProfile($client_id); |
| b1a6a5 | 333 | |
| 532ae5 | 334 | //* Load the form definition |
| L | 335 | $app->remoting_lib->loadFormDef($formdef_file); |
| a66fd7 | 336 | |
| TB | 337 | //* get old record and merge with params, so only new values have to be set in $params |
| 338 | $old_rec = $app->remoting_lib->getDataRecord($primary_id); | |
| 37b292 | 339 | |
| MC | 340 | foreach ($app->remoting_lib->formDef['fields'] as $fieldName => $fieldConf) |
| 341 | { | |
| 342 | if ($fieldConf['formtype'] === 'PASSWORD' && empty($params[$fieldName])) { | |
| 343 | unset($old_rec[$fieldName]); | |
| 344 | } | |
| 345 | } | |
| 346 | ||
| a66fd7 | 347 | $params = $app->functions->array_merge($old_rec,$params); |
| b1a6a5 | 348 | |
| 532ae5 | 349 | //* Get the SQL query |
| b1a6a5 | 350 | $sql = $app->remoting_lib->getSQL($params, 'UPDATE', $primary_id); |
| af4c7a | 351 | |
| c1418f | 352 | // throw new SoapFault('debug', $sql); |
| 532ae5 | 353 | if($app->remoting_lib->errorMessage != '') { |
| c1418f | 354 | throw new SoapFault('data_processing_error', $app->remoting_lib->errorMessage); |
| 532ae5 | 355 | return false; |
| L | 356 | } |
| b1a6a5 | 357 | |
| MC | 358 | return $sql; |
| ecb6b3 | 359 | } |
| M | 360 | |
| 361 | protected function updateQueryExecute($sql, $primary_id, $params, $event_identifier = '') | |
| b1a6a5 | 362 | { |
| ecb6b3 | 363 | global $app; |
| b1a6a5 | 364 | |
| ecb6b3 | 365 | $app->uses('remoting_lib'); |
| b1a6a5 | 366 | |
| 532ae5 | 367 | $old_rec = $app->remoting_lib->getDataRecord($primary_id); |
| b1a6a5 | 368 | |
| 532ae5 | 369 | // set a few values for compatibility with tform actions, mostly used by plugins |
| L | 370 | $this->oldDataRecord = $old_rec; |
| 371 | $this->id = $primary_id; | |
| 372 | $this->dataRecord = $params; | |
| b1a6a5 | 373 | |
| 532ae5 | 374 | $app->db->query($sql); |
| b1a6a5 | 375 | |
| 532ae5 | 376 | if($app->db->errorMessage != '') { |
| c1418f | 377 | throw new SoapFault('database_error', $app->db->errorMessage . ' '.$sql); |
| 532ae5 | 378 | return false; |
| L | 379 | } |
| b1a6a5 | 380 | |
| 532ae5 | 381 | $affected_rows = $app->db->affectedRows(); |
| 753da5 | 382 | $app->log('Executed updateQueryExecute, raising events now if any: ' . $event_identifier, LOGLEVEL_DEBUG); |
| b1a6a5 | 383 | |
| MC | 384 | if($event_identifier != '') $app->plugin->raiseEvent($event_identifier, $this); |
| 385 | ||
| 532ae5 | 386 | //* Save changes to Datalog |
| L | 387 | if($app->remoting_lib->formDef["db_history"] == 'yes') { |
| 388 | $new_rec = $app->remoting_lib->getDataRecord($primary_id); | |
| b1a6a5 | 389 | $app->remoting_lib->datalogSave('UPDATE', $primary_id, $old_rec, $new_rec); |
| 532ae5 | 390 | } |
| b1a6a5 | 391 | |
| 532ae5 | 392 | return $affected_rows; |
| L | 393 | } |
| ecb6b3 | 394 | |
| 031054 | 395 | protected function deleteQuery($formdef_file, $primary_id, $event_identifier = '') |
| b1a6a5 | 396 | { |
| 532ae5 | 397 | global $app; |
| b1a6a5 | 398 | |
| 532ae5 | 399 | $app->uses('remoting_lib'); |
| b1a6a5 | 400 | |
| 532ae5 | 401 | //* load the user profile of the client |
| L | 402 | $app->remoting_lib->loadUserProfile(0); |
| b1a6a5 | 403 | |
| 532ae5 | 404 | //* Load the form definition |
| L | 405 | $app->remoting_lib->loadFormDef($formdef_file); |
| b1a6a5 | 406 | |
| 532ae5 | 407 | $old_rec = $app->remoting_lib->getDataRecord($primary_id); |
| b1a6a5 | 408 | |
| 532ae5 | 409 | // set a few values for compatibility with tform actions, mostly used by plugins |
| L | 410 | $this->oldDataRecord = $old_rec; |
| 411 | $this->id = $primary_id; | |
| 355efb | 412 | $this->dataRecord = $old_rec; |
| 28ade6 | 413 | $app->log('Executed deleteQuery, raising events now if any: ' . $event_identifier, LOGLEVEL_DEBUG); |
| 355efb | 414 | //$this->dataRecord = $params; |
| b1a6a5 | 415 | |
| 532ae5 | 416 | //* Get the SQL query |
| L | 417 | $sql = $app->remoting_lib->getDeleteSQL($primary_id); |
| 355efb | 418 | $app->db->errorMessage = ''; |
| 532ae5 | 419 | $app->db->query($sql); |
| 355efb | 420 | $affected_rows = $app->db->affectedRows(); |
| b1a6a5 | 421 | |
| 532ae5 | 422 | if($app->db->errorMessage != '') { |
| c1418f | 423 | throw new SoapFault('database_error', $app->db->errorMessage . ' '.$sql); |
| 532ae5 | 424 | return false; |
| L | 425 | } |
| b1a6a5 | 426 | |
| 355efb | 427 | if($event_identifier != '') { |
| b1a6a5 | 428 | $app->plugin->raiseEvent($event_identifier, $this); |
| 355efb | 429 | } |
| b1a6a5 | 430 | |
| 532ae5 | 431 | //* Save changes to Datalog |
| L | 432 | if($app->remoting_lib->formDef["db_history"] == 'yes') { |
| b1a6a5 | 433 | $app->remoting_lib->datalogSave('DELETE', $primary_id, $old_rec, array()); |
| 532ae5 | 434 | } |
| b1a6a5 | 435 | |
| MC | 436 | |
| 532ae5 | 437 | return $affected_rows; |
| L | 438 | } |
| b1a6a5 | 439 | |
| MC | 440 | |
| 031054 | 441 | protected function checkPerm($session_id, $function_name) |
| b1a6a5 | 442 | { |
| MC | 443 | global $app; |
| 444 | $dobre=array(); | |
| 445 | $session = $this->getSession($session_id); | |
| 446 | if(!$session){ | |
| 447 | return false; | |
| 448 | } | |
| 449 | ||
| 450 | $_SESSION['client_login'] = $session['client_login']; | |
| 451 | if($session['client_login'] == 1) { | |
| 452 | // permissions are checked at an other place | |
| 453 | $_SESSION['client_sys_userid'] = $session['remote_userid']; | |
| 454 | $app->remoting_lib->loadUserProfile(); // load the profile - we ALWAYS need this on client logins! | |
| 455 | return true; | |
| 456 | } else { | |
| 457 | $_SESSION['client_sys_userid'] = 0; | |
| 458 | } | |
| 459 | ||
| 460 | $dobre= str_replace(';', ',', $session['remote_functions']); | |
| ecf891 | 461 | $check = in_array($function_name, explode(',', $dobre) ); |
| N | 462 | if(!$check) { |
| b1a6a5 | 463 | $app->log("REMOTE-LIB DENY: ".$session_id ." /". $function_name, LOGLEVEL_WARN); |
| ecf891 | 464 | } |
| N | 465 | return $check; |
| 532ae5 | 466 | } |
| b1a6a5 | 467 | |
| MC | 468 | |
| 031054 | 469 | protected function getSession($session_id) |
| b1a6a5 | 470 | { |
| 532ae5 | 471 | global $app; |
| b1a6a5 | 472 | |
| 532ae5 | 473 | if(empty($session_id)) { |
| b1a6a5 | 474 | throw new SoapFault('session_id_empty', 'The SessionID is empty.'); |
| 532ae5 | 475 | return false; |
| L | 476 | } |
| b1a6a5 | 477 | |
| cc7a82 | 478 | $sql = "SELECT * FROM remote_session WHERE remote_session = ? AND tstamp >= UNIX_TIMSTAMP()"; |
| MC | 479 | $session = $app->db->queryOneRecord($sql, $session_id); |
| 532ae5 | 480 | if($session['remote_userid'] > 0) { |
| L | 481 | return $session; |
| 482 | } else { | |
| b1a6a5 | 483 | throw new SoapFault('session_does_not_exist', 'The Session is expired or does not exist.'); |
| 532ae5 | 484 | return false; |
| L | 485 | } |
| 486 | } | |
| b1a6a5 | 487 | |
| 9f1e98 | 488 | public function server_get($session_id, $server_id = null, $section ='') { |
| b1a6a5 | 489 | global $app; |
| MC | 490 | if(!$this->checkPerm($session_id, 'server_get')) { |
| 9f1e98 | 491 | $this->server->fault('permission_denied', 'You do not have the permissions to access this function.'); |
| 532ae5 | 492 | return false; |
| b1a6a5 | 493 | } |
| 9f1e98 | 494 | if (!empty($session_id)) { |
| MC | 495 | if(!empty($server_id)) { |
| 496 | $app->uses('remoting_lib , getconf'); | |
| 497 | $section_config = $app->getconf->get_server_config($server_id, $section); | |
| 498 | return $section_config; | |
| 499 | } else { | |
| 500 | $servers = array(); | |
| 501 | $sql = "SELECT server_id FROM server WHERE 1"; | |
| 502 | $all = $app->db->queryAllRecords($sql); | |
| 503 | foreach($all as $s) { | |
| 504 | $servers[$s['server_id']] = $app->getconf->get_server_config($s['server_id'], $section); | |
| 505 | } | |
| 506 | unset($all); | |
| 507 | unset($s); | |
| 508 | return $servers; | |
| 509 | } | |
| 510 | } else { | |
| 511 | return false; | |
| 512 | } | |
| 513 | } | |
| 514 | ||
| 515 | /** | |
| 516 | Gets a list of all servers | |
| 517 | @param int session_id | |
| 518 | @param int server_name | |
| 519 | @author Marius Cramer <m.cramer@pixcept.de> 2014 | |
| 520 | */ | |
| 521 | public function server_get_all($session_id) | |
| 522 | { | |
| 523 | global $app; | |
| 524 | if(!$this->checkPerm($session_id, 'server_get')) { | |
| 525 | $this->server->fault('permission_denied', 'You do not have the permissions to access this function.'); | |
| 526 | return false; | |
| 527 | } | |
| 528 | if (!empty($session_id)) { | |
| 529 | $sql = "SELECT server_id, server_name FROM server WHERE 1"; | |
| 530 | $servers = $app->db->queryAllRecords($sql); | |
| 531 | return $servers; | |
| b1a6a5 | 532 | } else { |
| MC | 533 | return false; |
| 534 | } | |
| 535 | } | |
| 536 | ||
| 537 | /** | |
| 538 | * Get a list of functions | |
| 539 | * @param int session id | |
| 540 | * @return mixed array of the available functions | |
| 541 | * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010 | |
| 542 | */ | |
| 543 | ||
| 544 | ||
| 545 | public function get_function_list($session_id) | |
| 546 | { | |
| 547 | if(!$this->checkPerm($session_id, 'get_function_list')) { | |
| 548 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); | |
| 549 | return false; | |
| 550 | } | |
| 551 | return $this->_methods; | |
| 552 | } | |
| 553 | ||
| 532ae5 | 554 | } |
| b1a6a5 | 555 | |
| ecf891 | 556 | ?> |
