| commit | author | age | ||
| c1418f | 1 | <?php |
| M | 2 | |
| 3 | /* | |
| 4 | Copyright (c) 2007 - 2013, Till Brehm, projektfarm Gmbh | |
| 5 | All rights reserved. | |
| 6 | ||
| 7 | Redistribution and use in source and binary forms, with or without modification, | |
| 8 | are permitted provided that the following conditions are met: | |
| 9 | ||
| 10 | * Redistributions of source code must retain the above copyright notice, | |
| 11 | this list of conditions and the following disclaimer. | |
| 12 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 13 | this list of conditions and the following disclaimer in the documentation | |
| 14 | and/or other materials provided with the distribution. | |
| 15 | * Neither the name of ISPConfig nor the names of its contributors | |
| 16 | may be used to endorse or promote products derived from this software without | |
| 17 | specific prior written permission. | |
| 18 | ||
| 19 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 20 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 21 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 22 | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 23 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | |
| 24 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 25 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
| 26 | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 27 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
| 28 | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 29 | ||
| 30 | --UPDATED 08.2009-- | |
| 31 | Full SOAP support for ISPConfig 3.1.4 b | |
| 32 | Updated by Arkadiusz Roch & Artur Edelman | |
| 33 | Copyright (c) Tri-Plex technology | |
| 34 | ||
| 35 | --UPDATED 08.2013-- | |
| 36 | Migrated into new remote classes system | |
| 37 | by Marius Cramer <m.cramer@pixcept.de> | |
| 38 | ||
| 39 | */ | |
| 40 | ||
| 41 | class remoting_client extends remoting { | |
| b1a6a5 | 42 | /* |
| MC | 43 | * |
| 44 | * | |
| 45 | * | |
| c1418f | 46 | * * Client functions |
| b1a6a5 | 47 | * |
| MC | 48 | * |
| c1418f | 49 | */ |
| M | 50 | //* Get client details |
| 51 | public function client_get($session_id, $client_id) | |
| b1a6a5 | 52 | { |
| c1418f | 53 | global $app; |
| b1a6a5 | 54 | |
| c1418f | 55 | if(!$this->checkPerm($session_id, 'client_get')) { |
| M | 56 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
| 57 | return false; | |
| 58 | } | |
| 59 | $app->uses('remoting_lib'); | |
| 60 | $app->remoting_lib->loadFormDef('../client/form/client.tform.php'); | |
| 61 | $data = $app->remoting_lib->getDataRecord($client_id); | |
| b1a6a5 | 62 | |
| MC | 63 | // we need to get the new-style templates for backwards-compatibility - maybe we remove this in a later version |
| 64 | if(is_array($data) && count($data) > 0) { | |
| 65 | if(isset($data['client_id'])) { | |
| 66 | // this is a single record | |
| 67 | if($data['template_additional'] == '') { | |
| cc7a82 | 68 | $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $data['client_id']); |
| b1a6a5 | 69 | $tpl_arr = array(); |
| MC | 70 | if($tpls) { |
| 71 | foreach($tpls as $tpl) $tpl_arr[] = $tpl['item']; | |
| 72 | } | |
| 73 | $data['template_additional'] = implode('/', $tpl_arr); | |
| 74 | unset($tpl_arr); | |
| 75 | unset($tpls); | |
| 76 | } | |
| 77 | } elseif(isset($data[0]['client_id'])) { | |
| 78 | // multiple client records | |
| 79 | foreach($data as $index => $client) { | |
| 80 | if($client['template_additional'] == '') { | |
| cc7a82 | 81 | $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $client['client_id']); |
| b1a6a5 | 82 | $tpl_arr = array(); |
| MC | 83 | if($tpls) { |
| 84 | foreach($tpls as $tpl) $tpl_arr[] = $tpl['item']; | |
| 85 | } | |
| 86 | $data[$index]['template_additional'] = implode('/', $tpl_arr); // dont use the $client array here - changes would not be returned to soap | |
| 87 | } | |
| 88 | unset($tpl_arr); | |
| 89 | unset($tpls); | |
| 90 | } | |
| 91 | } | |
| 92 | } | |
| 93 | ||
| 94 | return $data; | |
| c1418f | 95 | } |
| b1a6a5 | 96 | |
| c1418f | 97 | public function client_get_id($session_id, $sys_userid) |
| b1a6a5 | 98 | { |
| c1418f | 99 | global $app; |
| M | 100 | if(!$this->checkPerm($session_id, 'client_get_id')) { |
| 101 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); | |
| 102 | return false; | |
| 103 | } | |
| b1a6a5 | 104 | |
| c1418f | 105 | $sys_userid = $app->functions->intval($sys_userid); |
| b1a6a5 | 106 | |
| cc7a82 | 107 | $rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ?", $sys_userid); |
| c1418f | 108 | if(isset($rec['client_id'])) { |
| M | 109 | return $app->functions->intval($rec['client_id']); |
| 110 | } else { | |
| 111 | throw new SoapFault('no_client_found', 'There is no sysuser account for this client ID.'); | |
| 112 | return false; | |
| 113 | } | |
| b1a6a5 | 114 | |
| c1418f | 115 | } |
| 39dd4e | 116 | |
| TB | 117 | //* Get the contact details to send a email like email address, name, etc. |
| 118 | public function client_get_emailcontact($session_id, $client_id) { | |
| 119 | global $app; | |
| 120 | ||
| 121 | if(!$this->checkPerm($session_id, 'client_get_emailcontact')) { | |
| 122 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); | |
| 123 | return false; | |
| 124 | } | |
| 125 | ||
| 126 | $client_id = $app->functions->intval($client_id); | |
| 127 | ||
| cc7a82 | 128 | $rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ?", $client_id); |
| 39dd4e | 129 | |
| TB | 130 | if(is_array($rec)) { |
| 131 | return $rec; | |
| 132 | } else { | |
| 133 | throw new SoapFault('no_client_found', 'There is no client with this client ID.'); | |
| 134 | return false; | |
| 135 | } | |
| 136 | } | |
| b1a6a5 | 137 | |
| c1418f | 138 | public function client_get_groupid($session_id, $client_id) |
| b1a6a5 | 139 | { |
| c1418f | 140 | global $app; |
| M | 141 | if(!$this->checkPerm($session_id, 'client_get_id')) { |
| 142 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); | |
| 143 | return false; | |
| 144 | } | |
| b1a6a5 | 145 | |
| c1418f | 146 | $client_id = $app->functions->intval($client_id); |
| b1a6a5 | 147 | |
| cc7a82 | 148 | $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id); |
| c1418f | 149 | if(isset($rec['groupid'])) { |
| M | 150 | return $app->functions->intval($rec['groupid']); |
| 151 | } else { | |
| 152 | throw new SoapFault('no_group_found', 'There is no group for this client ID.'); | |
| 153 | return false; | |
| 154 | } | |
| b1a6a5 | 155 | |
| c1418f | 156 | } |
| b1a6a5 | 157 | |
| MC | 158 | |
| c1418f | 159 | public function client_add($session_id, $reseller_id, $params) |
| M | 160 | { |
| 797215 | 161 | global $app; |
| MC | 162 | |
| c1418f | 163 | if (!$this->checkPerm($session_id, 'client_add')) |
| b1a6a5 | 164 | { |
| MC | 165 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
| 166 | return false; | |
| 167 | } | |
| 168 | if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id; | |
| 797215 | 169 | |
| MC | 170 | if($params['parent_client_id']) { |
| 171 | // check if this one is reseller | |
| cc7a82 | 172 | $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id'])); |
| 797215 | 173 | if($check['limit_client'] == 0) { |
| MC | 174 | $this->server->fault('Invalid reseller', 'Selected client is not a reseller.'); |
| 175 | return false; | |
| 176 | } | |
| 177 | ||
| 178 | if(isset($params['limit_client']) && $params['limit_client'] != 0) { | |
| 179 | $this->server->fault('Invalid reseller', 'Reseller cannot be client of another reseller.'); | |
| 180 | return false; | |
| 181 | } | |
| 182 | } | |
| 183 | ||
| 184 | $affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params); | |
| 185 | ||
| b1a6a5 | 186 | return $affected_rows; |
| MC | 187 | |
| c1418f | 188 | } |
| b1a6a5 | 189 | |
| c1418f | 190 | public function client_update($session_id, $client_id, $reseller_id, $params) |
| M | 191 | { |
| b1a6a5 | 192 | global $app; |
| c1418f | 193 | |
| b1a6a5 | 194 | if (!$this->checkPerm($session_id, 'client_update')) |
| MC | 195 | { |
| 196 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); | |
| 197 | return false; | |
| 198 | } | |
| 199 | ||
| 200 | $app->uses('remoting_lib'); | |
| 797215 | 201 | $app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php'); |
| b1a6a5 | 202 | $old_rec = $app->remoting_lib->getDataRecord($client_id); |
| a66fd7 | 203 | |
| TB | 204 | //* merge old record with params, so only new values have to be set in $params |
| 205 | $params = $app->functions->array_merge($old_rec,$params); | |
| 797215 | 206 | |
| MC | 207 | if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id; |
| 208 | ||
| 209 | if($params['parent_client_id']) { | |
| 210 | // check if this one is reseller | |
| cc7a82 | 211 | $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id'])); |
| 797215 | 212 | if($check['limit_client'] == 0) { |
| MC | 213 | $this->server->fault('Invalid reseller', 'Selected client is not a reseller.'); |
| 214 | return false; | |
| 215 | } | |
| 216 | ||
| 217 | if(isset($params['limit_client']) && $params['limit_client'] != 0) { | |
| 218 | $this->server->fault('Invalid reseller', 'Reseller cannot be client of another reseller.'); | |
| 219 | return false; | |
| 220 | } | |
| 221 | } | |
| b1a6a5 | 222 | |
| MC | 223 | // we need the previuos templates assigned here |
| cc7a82 | 224 | $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id); |
| b1a6a5 | 225 | if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) { |
| MC | 226 | // check previous type of storing templates |
| 227 | $tpls = explode('/', $old_rec['template_additional']); | |
| 228 | $this->oldTemplatesAssigned = array(); | |
| 229 | foreach($tpls as $item) { | |
| 230 | $item = trim($item); | |
| 231 | if(!$item) continue; | |
| 232 | $this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id); | |
| 233 | } | |
| 234 | unset($tpls); | |
| 235 | } | |
| 236 | if(isset($params['template_additional'])) { | |
| 237 | $app->uses('client_templates'); | |
| 238 | $templates = explode('/', $params['template_additional']); | |
| 239 | $params['template_additional'] = ''; | |
| 240 | $app->client_templates->update_client_templates($client_id, $templates); | |
| 241 | unset($templates); | |
| 242 | } | |
| 243 | ||
| 244 | ||
| 797215 | 245 | $affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_update'); |
| b1a6a5 | 246 | |
| MC | 247 | $app->remoting_lib->ispconfig_sysuser_update($params, $client_id); |
| 248 | ||
| 249 | return $affected_rows; | |
| c1418f | 250 | } |
| b1a6a5 | 251 | |
| MC | 252 | public function client_template_additional_get($session_id, $client_id) { |
| 253 | global $app; | |
| c1418f | 254 | |
| M | 255 | if(!$this->checkPerm($session_id, 'client_get')) { |
| 256 | $this->server->fault('permission_denied', 'You do not have the permissions to access this function.'); | |
| 257 | return false; | |
| 258 | } | |
| 259 | ||
| b1a6a5 | 260 | if(@is_numeric($client_id)) { |
| cc7a82 | 261 | $sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ?"; |
| MC | 262 | return $app->db->queryOneRecord($sql, $client_id); |
| b1a6a5 | 263 | } else { |
| MC | 264 | $this->server->fault('The ID must be an integer.'); |
| 265 | return array(); | |
| c1418f | 266 | } |
| M | 267 | } |
| b1a6a5 | 268 | |
| MC | 269 | private function _set_client_formdata($client_id) { |
| 270 | global $app; | |
| 271 | ||
| 272 | $this->id = $client_id; | |
| cc7a82 | 273 | $this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ?', $client_id); |
| b1a6a5 | 274 | $this->oldDataRecord = $this->dataRecord; |
| MC | 275 | |
| cc7a82 | 276 | $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id); |
| b1a6a5 | 277 | if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) { |
| MC | 278 | // check previous type of storing templates |
| 279 | $tpls = explode('/', $this->oldDataRecord['template_additional']); | |
| 280 | $this->oldTemplatesAssigned = array(); | |
| 281 | foreach($tpls as $item) { | |
| 282 | $item = trim($item); | |
| 283 | if(!$item) continue; | |
| 284 | $this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id); | |
| 285 | } | |
| 286 | unset($tpls); | |
| c1418f | 287 | } |
| b1a6a5 | 288 | } |
| MC | 289 | |
| 290 | public function client_template_additional_add($session_id, $client_id, $template_id) { | |
| 291 | global $app; | |
| 292 | ||
| 293 | if(!$this->checkPerm($session_id, 'client_update')) { | |
| 294 | $this->server->fault('permission_denied', 'You do not have the permissions to access this function.'); | |
| 295 | return false; | |
| 296 | } | |
| 297 | ||
| 298 | if(@is_numeric($client_id) && @is_numeric($template_id)) { | |
| 299 | // check if client exists | |
| cc7a82 | 300 | $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id); |
| b1a6a5 | 301 | if(!$check) { |
| MC | 302 | $this->server->fault('Invalid client'); |
| 303 | return false; | |
| 304 | } | |
| 305 | // check if template exists | |
| cc7a82 | 306 | $check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ?', $template_id); |
| b1a6a5 | 307 | if(!$check) { |
| MC | 308 | $this->server->fault('Invalid template'); |
| 309 | return false; | |
| 310 | } | |
| 311 | ||
| 312 | // for the update event we have to cheat a bit | |
| 313 | $this->_set_client_formdata($client_id); | |
| 314 | ||
| cc7a82 | 315 | $sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)"; |
| MC | 316 | $app->db->query($sql, $client_id, $template_id); |
| b1a6a5 | 317 | $insert_id = $app->db->insertID(); |
| MC | 318 | |
| 319 | $app->plugin->raiseEvent('client:client:on_after_update', $this); | |
| 320 | ||
| 321 | return $insert_id; | |
| 322 | } else { | |
| 323 | $this->server->fault('The IDs must be of type integer.'); | |
| 324 | return false; | |
| 325 | } | |
| 326 | } | |
| 327 | ||
| 328 | public function client_template_additional_delete($session_id, $client_id, $assigned_template_id) { | |
| 329 | global $app; | |
| 330 | ||
| 331 | if(!$this->checkPerm($session_id, 'client_update')) { | |
| 332 | $this->server->fault('permission_denied', 'You do not have the permissions to access this function.'); | |
| 333 | return false; | |
| 334 | } | |
| 335 | ||
| 336 | if(@is_numeric($client_id) && @is_numeric($template_id)) { | |
| 337 | // check if client exists | |
| cc7a82 | 338 | $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id); |
| b1a6a5 | 339 | if(!$check) { |
| MC | 340 | $this->server->fault('Invalid client'); |
| 341 | return false; | |
| 342 | } | |
| 343 | // check if template exists | |
| cc7a82 | 344 | $check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $assigned_template_id); |
| b1a6a5 | 345 | if(!$check) { |
| MC | 346 | $this->server->fault('Invalid template'); |
| 347 | return false; | |
| 348 | } | |
| 349 | ||
| 350 | // for the update event we have to cheat a bit | |
| 351 | $this->_set_client_formdata($client_id); | |
| 352 | ||
| cc7a82 | 353 | $sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ? AND `client_id` = ?"; |
| MC | 354 | $app->db->query($sql, $template_id, $client_id); |
| b1a6a5 | 355 | $affected_rows = $app->db->affectedRows(); |
| MC | 356 | |
| 357 | $app->plugin->raiseEvent('client:client:on_after_update', $this); | |
| 358 | ||
| 359 | return $affected_rows; | |
| 360 | } else { | |
| 361 | $this->server->fault('The IDs must be of type integer.'); | |
| 362 | return false; | |
| 363 | } | |
| 364 | } | |
| 365 | ||
| 366 | public function client_delete($session_id, $client_id) | |
| 367 | { | |
| 368 | global $app; | |
| 369 | ||
| 370 | if (!$this->checkPerm($session_id, 'client_delete')) | |
| 371 | { | |
| 372 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); | |
| 373 | return false; | |
| 374 | } | |
| 375 | $affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id); | |
| 376 | ||
| 377 | $app->remoting_lib->ispconfig_sysuser_delete($client_id); | |
| 378 | ||
| 379 | return $affected_rows; | |
| 380 | } | |
| 381 | ||
| 382 | // ----------------------------------------------------------------------------------------------- | |
| 383 | ||
| 384 | public function client_delete_everything($session_id, $client_id) | |
| 385 | { | |
| 386 | global $app, $conf; | |
| 387 | ||
| 388 | if(!$this->checkPerm($session_id, 'client_delete_everything')) { | |
| 389 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); | |
| 390 | return false; | |
| 391 | } | |
| 392 | ||
| c1418f | 393 | $client_id = $app->functions->intval($client_id); |
| M | 394 | |
| b1a6a5 | 395 | if($client_id > 0) { |
| c1418f | 396 | //* remove the group of the client from the resellers group |
| M | 397 | $parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']); |
| cc7a82 | 398 | $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id); |
| MC | 399 | $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id); |
| b1a6a5 | 400 | $app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']); |
| MC | 401 | |
| c1418f | 402 | //* delete the group of the client |
| 9d9833 | 403 | $app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id); |
| b1a6a5 | 404 | |
| c1418f | 405 | //* delete the sys user(s) of the client |
| 9d9833 | 406 | $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id); |
| b1a6a5 | 407 | |
| c1418f | 408 | //* Delete all records (sub-clients, mail, web, etc....) of this client. |
| c795df | 409 | $tables = 'cron,client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic,domain'; |
| b1a6a5 | 410 | $tables_array = explode(',', $tables); |
| c1418f | 411 | $client_group_id = $app->functions->intval($client_group['groupid']); |
| b1a6a5 | 412 | |
| c1418f | 413 | if($client_group_id > 1) { |
| M | 414 | foreach($tables_array as $table) { |
| 415 | if($table != '') { | |
| 9d9833 | 416 | $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ?", $client_group_id); |
| c1418f | 417 | //* find the primary ID of the table |
| M | 418 | $table_info = $app->db->tableInfo($table); |
| 419 | $index_field = ''; | |
| 420 | foreach($table_info as $tmp) { | |
| 421 | if($tmp['option'] == 'primary') $index_field = $tmp['name']; | |
| 422 | } | |
| 423 | ||
| 424 | //* Delete the records | |
| 425 | if($index_field != '') { | |
| 426 | if(is_array($records)) { | |
| 427 | foreach($records as $rec) { | |
| 428 | $app->db->datalogDelete($table, $index_field, $rec[$index_field]); | |
| 429 | //* Delete traffic records that dont have a sys_groupid column | |
| 430 | if($table == 'web_domain') { | |
| cc7a82 | 431 | $app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']); |
| c1418f | 432 | } |
| M | 433 | //* Delete mail_traffic records that dont have a sys_groupid |
| 434 | if($table == 'mail_user') { | |
| cc7a82 | 435 | $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']); |
| c1418f | 436 | } |
| M | 437 | } |
| 438 | } | |
| 439 | } | |
| b1a6a5 | 440 | |
| c1418f | 441 | } |
| M | 442 | } |
| 443 | } | |
| b1a6a5 | 444 | |
| c1418f | 445 | } |
| b1a6a5 | 446 | |
| c1418f | 447 | if (!$this->checkPerm($session_id, 'client_delete')) { |
| b1a6a5 | 448 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
| c1418f | 449 | return false; |
| M | 450 | } |
| b1a6a5 | 451 | $affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id); |
| c1418f | 452 | |
| b1a6a5 | 453 | return $affected_rows; |
| c1418f | 454 | } |
| b1a6a5 | 455 | |
| c1418f | 456 | /** |
| M | 457 | * Get sys_user information by username |
| b1a6a5 | 458 | * @param int session id |
| MC | 459 | * @param string user's name |
| 460 | * @return mixed false if error | |
| 461 | * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010 | |
| c1418f | 462 | */ |
| b1a6a5 | 463 | |
| MC | 464 | |
| c1418f | 465 | public function client_get_by_username($session_id, $username) { |
| b1a6a5 | 466 | global $app; |
| MC | 467 | if(!$this->checkPerm($session_id, 'client_get_by_username')) { |
| c1418f | 468 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
| M | 469 | return false; |
| b1a6a5 | 470 | } |
| cc7a82 | 471 | $rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $username); |
| b1a6a5 | 472 | if (isset($rec)) { |
| c1418f | 473 | return $rec; |
| b1a6a5 | 474 | } else { |
| c1418f | 475 | throw new SoapFault('no_client_found', 'There is no user account for this user name.'); |
| M | 476 | return false; |
| b1a6a5 | 477 | } |
| c1418f | 478 | } |
| 9e5a11 | 479 | |
| MC | 480 | public function client_get_by_customer_no($session_id, $customer_no) { |
| 481 | global $app; | |
| 482 | if(!$this->checkPerm($session_id, 'client_get_by_customer_no')) { | |
| 483 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); | |
| 484 | return false; | |
| 485 | } | |
| 486 | $customer_no = trim($customer_no); | |
| 487 | if($customer_no == '') { | |
| 488 | throw new SoapFault('permission_denied', 'There was no customer number specified.'); | |
| 489 | return false; | |
| 490 | } | |
| 491 | $customer_no = $app->db->quote($customer_no); | |
| 492 | $rec = $app->db->queryOneRecord("SELECT * FROM client WHERE customer_no = '".$customer_no."'"); | |
| 493 | if (isset($rec)) { | |
| 494 | return $rec; | |
| 495 | } else { | |
| 496 | throw new SoapFault('no_client_found', 'There is no user account for this customer number.'); | |
| 497 | return false; | |
| 498 | } | |
| 499 | } | |
| c1418f | 500 | |
| b1a6a5 | 501 | /** |
| MC | 502 | * Get All client_id's from database |
| 503 | * @param int session_id | |
| 504 | * @return Array of all client_id's | |
| 505 | */ | |
| 506 | public function client_get_all($session_id) { | |
| 507 | global $app; | |
| 508 | if(!$this->checkPerm($session_id, 'client_get_all')) { | |
| c1418f | 509 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
| M | 510 | return false; |
| b1a6a5 | 511 | } |
| MC | 512 | $result = $app->db->queryAllRecords("SELECT client_id FROM client WHERE 1"); |
| 513 | if(!$result) { | |
| 514 | return false; | |
| 515 | } | |
| 516 | foreach( $result as $record) { | |
| 517 | $rarrary[] = $record['client_id']; | |
| 518 | } | |
| 519 | return $rarrary; | |
| 520 | } | |
| c1418f | 521 | |
| M | 522 | /** |
| b1a6a5 | 523 | * Changes client password |
| MC | 524 | * |
| 525 | * @param int session id | |
| 526 | * @param int client id | |
| 527 | * @param string new password | |
| 528 | * @return bool true if success | |
| 529 | * | |
| 530 | */ | |
| 531 | public function client_change_password($session_id, $client_id, $new_password) { | |
| 532 | global $app; | |
| 533 | ||
| d22277 | 534 | $app->uses('auth'); |
| MB | 535 | |
| b1a6a5 | 536 | if(!$this->checkPerm($session_id, 'client_change_password')) { |
| MC | 537 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
| 538 | return false; | |
| 539 | } | |
| d22277 | 540 | |
| cc7a82 | 541 | $client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id); |
| b1a6a5 | 542 | if($client['client_id'] > 0) { |
| d22277 | 543 | $new_password = $app->auth->crypt_password($new_password); |
| MB | 544 | $sql = "UPDATE client SET password = ? WHERE client_id = ?"; |
| cc7a82 | 545 | $app->db->query($sql, $new_password, $client_id); |
| d22277 | 546 | $sql = "UPDATE sys_user SET passwort = ? WHERE client_id = ?"; |
| cc7a82 | 547 | $app->db->query($sql, $new_password, $client_id); |
| b1a6a5 | 548 | return true; |
| MC | 549 | } else { |
| 550 | throw new SoapFault('no_client_found', 'There is no user account for this client_id'); | |
| 551 | return false; | |
| 552 | } | |
| 553 | } | |
| 554 | ||
| 555 | /** | |
| 556 | * Get all client templates | |
| 557 | * @param int session id | |
| 558 | * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010 | |
| c1418f | 559 | */ |
| M | 560 | public function client_templates_get_all($session_id) { |
| 561 | global $app; | |
| 562 | if(!$this->checkPerm($session_id, 'client_templates_get_all')) { | |
| b1a6a5 | 563 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
| MC | 564 | return false; |
| c1418f | 565 | } |
| b1a6a5 | 566 | $sql = "SELECT * FROM client_template"; |
| c1418f | 567 | $result = $app->db->queryAllRecords($sql); |
| b1a6a5 | 568 | return $result; |
| MC | 569 | } |
| 39dd4e | 570 | |
| TB | 571 | public function client_login_get($session_id,$username,$password,$remote_ip = '') { |
| 572 | global $app; | |
| 573 | ||
| 574 | //* Check permissions | |
| 575 | if(!$this->checkPerm($session_id, 'client_get')) { | |
| 576 | throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); | |
| 577 | return false; | |
| 578 | } | |
| 579 | ||
| 580 | //* Check username and password | |
| 581 | if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $username)) { | |
| 582 | throw new SoapFault('user_regex_error', 'Username contains invalid characters.'); | |
| 583 | return false; | |
| 584 | } | |
| 585 | if(!preg_match("/^.{1,64}$/i", $password)) { | |
| 586 | throw new SoapFault('password_length_error', 'Invalid password length or no password provided.'); | |
| 587 | return false; | |
| 588 | } | |
| 589 | ||
| 590 | //* Check failed logins | |
| cc7a82 | 591 | $sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1"; |
| MC | 592 | $alreadyfailed = $app->db->queryOneRecord($sql, $remote_ip); |
| 39dd4e | 593 | |
| TB | 594 | //* too many failedlogins |
| 595 | if($alreadyfailed['times'] > 5) { | |
| 596 | throw new SoapFault('error_user_too_many_logins', 'Too many failed logins.'); | |
| 597 | return false; | |
| 598 | } | |
| 599 | ||
| 600 | ||
| 601 | //*Set variables | |
| 602 | $returnval == false; | |
| 603 | ||
| 604 | if(strstr($username,'@')) { | |
| 605 | // Check against client table | |
| cc7a82 | 606 | $sql = "SELECT * FROM client WHERE email = ?"; |
| MC | 607 | $user = $app->db->queryOneRecord($sql, $username); |
| 39dd4e | 608 | |
| TB | 609 | if($user) { |
| 610 | $saved_password = stripslashes($user['password']); | |
| 611 | ||
| 612 | if(substr($saved_password, 0, 3) == '$1$') { | |
| 613 | //* The password is crypt-md5 encrypted | |
| 614 | $salt = '$1$'.substr($saved_password, 3, 8).'$'; | |
| 615 | ||
| 616 | if(crypt(stripslashes($password), $salt) != $saved_password) { | |
| 617 | $user = false; | |
| 618 | } | |
| 619 | } else { | |
| 620 | ||
| 621 | //* The password is md5 encrypted | |
| 622 | if(md5($password) != $saved_password) { | |
| 623 | $user = false; | |
| 624 | } | |
| 625 | } | |
| 626 | } | |
| 627 | ||
| 628 | if(is_array($user)) { | |
| 629 | $returnval = array( 'username' => $user['username'], | |
| 630 | 'type' => 'user', | |
| 631 | 'client_id' => $user['client_id'], | |
| 632 | 'language' => $user['language'], | |
| 633 | 'country' => $user['country']); | |
| 634 | } | |
| 635 | ||
| 636 | } else { | |
| 637 | // Check against sys_user table | |
| cc7a82 | 638 | $sql = "SELECT * FROM sys_user WHERE username = ?"; |
| MC | 639 | $user = $app->db->queryOneRecord($sql, $username); |
| 39dd4e | 640 | |
| TB | 641 | if($user) { |
| 642 | $saved_password = stripslashes($user['passwort']); | |
| 643 | ||
| 644 | if(substr($saved_password, 0, 3) == '$1$') { | |
| 645 | //* The password is crypt-md5 encrypted | |
| 646 | $salt = '$1$'.substr($saved_password, 3, 8).'$'; | |
| 647 | ||
| 648 | if(crypt(stripslashes($password), $salt) != $saved_password) { | |
| 649 | $user = false; | |
| 650 | } | |
| 651 | } else { | |
| 652 | ||
| 653 | //* The password is md5 encrypted | |
| 654 | if(md5($password) != $saved_password) { | |
| 655 | $user = false; | |
| 656 | } | |
| 657 | } | |
| 658 | } | |
| 659 | ||
| 660 | if(is_array($user)) { | |
| 661 | $returnval = array( 'username' => $user['username'], | |
| 662 | 'type' => $user['typ'], | |
| 663 | 'client_id' => $user['client_id'], | |
| 664 | 'language' => $user['language'], | |
| 665 | 'country' => 'de'); | |
| 666 | } else { | |
| 667 | throw new SoapFault('login_failed', 'Login failed.'); | |
| 668 | } | |
| 669 | } | |
| 670 | ||
| 671 | //* Log failed login attempts | |
| 672 | if($user === false) { | |
| 673 | if(!$alreadyfailed['times'] ) { | |
| 674 | //* user login the first time wrong | |
| cc7a82 | 675 | $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())"; |
| MC | 676 | $app->db->query($sql, $remote_ip); |
| 39dd4e | 677 | } elseif($alreadyfailed['times'] >= 1) { |
| TB | 678 | //* update times wrong |
| cc7a82 | 679 | $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) ORDER BY `login_time` DESC LIMIT 1"; |
| MC | 680 | $app->db->query($sql, $remote_ip); |
| 39dd4e | 681 | } |
| TB | 682 | } |
| 683 | ||
| 684 | return $returnval; | |
| 685 | } | |
| c1418f | 686 | } |
| M | 687 | |
| b1a6a5 | 688 | ?> |
