commit | author | age
|
c1418f
|
1 |
<?php |
M |
2 |
|
|
3 |
/* |
|
4 |
Copyright (c) 2007 - 2013, Till Brehm, projektfarm Gmbh |
|
5 |
All rights reserved. |
|
6 |
|
|
7 |
Redistribution and use in source and binary forms, with or without modification, |
|
8 |
are permitted provided that the following conditions are met: |
|
9 |
|
|
10 |
* Redistributions of source code must retain the above copyright notice, |
|
11 |
this list of conditions and the following disclaimer. |
|
12 |
* Redistributions in binary form must reproduce the above copyright notice, |
|
13 |
this list of conditions and the following disclaimer in the documentation |
|
14 |
and/or other materials provided with the distribution. |
|
15 |
* Neither the name of ISPConfig nor the names of its contributors |
|
16 |
may be used to endorse or promote products derived from this software without |
|
17 |
specific prior written permission. |
|
18 |
|
|
19 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|
20 |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
21 |
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
22 |
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|
23 |
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|
24 |
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
25 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|
26 |
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|
27 |
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|
28 |
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
29 |
|
|
30 |
--UPDATED 08.2009-- |
|
31 |
Full SOAP support for ISPConfig 3.1.4 b |
|
32 |
Updated by Arkadiusz Roch & Artur Edelman |
|
33 |
Copyright (c) Tri-Plex technology |
|
34 |
|
|
35 |
--UPDATED 08.2013-- |
|
36 |
Migrated into new remote classes system |
|
37 |
by Marius Cramer <m.cramer@pixcept.de> |
|
38 |
|
|
39 |
*/ |
|
40 |
|
|
41 |
class remoting_client extends remoting { |
b1a6a5
|
42 |
/* |
MC |
43 |
* |
|
44 |
* |
|
45 |
* |
c1418f
|
46 |
* * Client functions |
b1a6a5
|
47 |
* |
MC |
48 |
* |
c1418f
|
49 |
*/ |
M |
50 |
//* Get client details |
|
51 |
public function client_get($session_id, $client_id) |
b1a6a5
|
52 |
{ |
c1418f
|
53 |
global $app; |
b1a6a5
|
54 |
|
c1418f
|
55 |
if(!$this->checkPerm($session_id, 'client_get')) { |
M |
56 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
|
57 |
return false; |
|
58 |
} |
|
59 |
$app->uses('remoting_lib'); |
|
60 |
$app->remoting_lib->loadFormDef('../client/form/client.tform.php'); |
|
61 |
$data = $app->remoting_lib->getDataRecord($client_id); |
b1a6a5
|
62 |
|
MC |
63 |
// we need to get the new-style templates for backwards-compatibility - maybe we remove this in a later version |
|
64 |
if(is_array($data) && count($data) > 0) { |
|
65 |
if(isset($data['client_id'])) { |
|
66 |
// this is a single record |
|
67 |
if($data['template_additional'] == '') { |
cc7a82
|
68 |
$tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $data['client_id']); |
b1a6a5
|
69 |
$tpl_arr = array(); |
MC |
70 |
if($tpls) { |
|
71 |
foreach($tpls as $tpl) $tpl_arr[] = $tpl['item']; |
|
72 |
} |
|
73 |
$data['template_additional'] = implode('/', $tpl_arr); |
|
74 |
unset($tpl_arr); |
|
75 |
unset($tpls); |
|
76 |
} |
|
77 |
} elseif(isset($data[0]['client_id'])) { |
|
78 |
// multiple client records |
|
79 |
foreach($data as $index => $client) { |
|
80 |
if($client['template_additional'] == '') { |
cc7a82
|
81 |
$tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $client['client_id']); |
b1a6a5
|
82 |
$tpl_arr = array(); |
MC |
83 |
if($tpls) { |
|
84 |
foreach($tpls as $tpl) $tpl_arr[] = $tpl['item']; |
|
85 |
} |
|
86 |
$data[$index]['template_additional'] = implode('/', $tpl_arr); // dont use the $client array here - changes would not be returned to soap |
|
87 |
} |
|
88 |
unset($tpl_arr); |
|
89 |
unset($tpls); |
|
90 |
} |
|
91 |
} |
|
92 |
} |
|
93 |
|
|
94 |
return $data; |
c1418f
|
95 |
} |
b1a6a5
|
96 |
|
c1418f
|
97 |
public function client_get_id($session_id, $sys_userid) |
b1a6a5
|
98 |
{ |
c1418f
|
99 |
global $app; |
M |
100 |
if(!$this->checkPerm($session_id, 'client_get_id')) { |
|
101 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
|
102 |
return false; |
|
103 |
} |
b1a6a5
|
104 |
|
c1418f
|
105 |
$sys_userid = $app->functions->intval($sys_userid); |
b1a6a5
|
106 |
|
cc7a82
|
107 |
$rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ?", $sys_userid); |
c1418f
|
108 |
if(isset($rec['client_id'])) { |
M |
109 |
return $app->functions->intval($rec['client_id']); |
|
110 |
} else { |
|
111 |
throw new SoapFault('no_client_found', 'There is no sysuser account for this client ID.'); |
|
112 |
return false; |
|
113 |
} |
b1a6a5
|
114 |
|
c1418f
|
115 |
} |
39dd4e
|
116 |
|
TB |
117 |
//* Get the contact details to send a email like email address, name, etc. |
|
118 |
public function client_get_emailcontact($session_id, $client_id) { |
|
119 |
global $app; |
|
120 |
|
|
121 |
if(!$this->checkPerm($session_id, 'client_get_emailcontact')) { |
|
122 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
|
123 |
return false; |
|
124 |
} |
|
125 |
|
|
126 |
$client_id = $app->functions->intval($client_id); |
|
127 |
|
cc7a82
|
128 |
$rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ?", $client_id); |
39dd4e
|
129 |
|
TB |
130 |
if(is_array($rec)) { |
|
131 |
return $rec; |
|
132 |
} else { |
|
133 |
throw new SoapFault('no_client_found', 'There is no client with this client ID.'); |
|
134 |
return false; |
|
135 |
} |
|
136 |
} |
b1a6a5
|
137 |
|
c1418f
|
138 |
public function client_get_groupid($session_id, $client_id) |
b1a6a5
|
139 |
{ |
c1418f
|
140 |
global $app; |
M |
141 |
if(!$this->checkPerm($session_id, 'client_get_id')) { |
|
142 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
|
143 |
return false; |
|
144 |
} |
b1a6a5
|
145 |
|
c1418f
|
146 |
$client_id = $app->functions->intval($client_id); |
b1a6a5
|
147 |
|
cc7a82
|
148 |
$rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id); |
c1418f
|
149 |
if(isset($rec['groupid'])) { |
M |
150 |
return $app->functions->intval($rec['groupid']); |
|
151 |
} else { |
|
152 |
throw new SoapFault('no_group_found', 'There is no group for this client ID.'); |
|
153 |
return false; |
|
154 |
} |
b1a6a5
|
155 |
|
c1418f
|
156 |
} |
b1a6a5
|
157 |
|
MC |
158 |
|
c1418f
|
159 |
public function client_add($session_id, $reseller_id, $params) |
M |
160 |
{ |
797215
|
161 |
global $app; |
MC |
162 |
|
c1418f
|
163 |
if (!$this->checkPerm($session_id, 'client_add')) |
b1a6a5
|
164 |
{ |
MC |
165 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
|
166 |
return false; |
|
167 |
} |
|
168 |
if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id; |
797215
|
169 |
|
MC |
170 |
if($params['parent_client_id']) { |
|
171 |
// check if this one is reseller |
cc7a82
|
172 |
$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id'])); |
797215
|
173 |
if($check['limit_client'] == 0) { |
MC |
174 |
$this->server->fault('Invalid reseller', 'Selected client is not a reseller.'); |
|
175 |
return false; |
|
176 |
} |
|
177 |
|
|
178 |
if(isset($params['limit_client']) && $params['limit_client'] != 0) { |
|
179 |
$this->server->fault('Invalid reseller', 'Reseller cannot be client of another reseller.'); |
|
180 |
return false; |
|
181 |
} |
|
182 |
} |
|
183 |
|
|
184 |
$affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params); |
|
185 |
|
b1a6a5
|
186 |
return $affected_rows; |
MC |
187 |
|
c1418f
|
188 |
} |
b1a6a5
|
189 |
|
c1418f
|
190 |
public function client_update($session_id, $client_id, $reseller_id, $params) |
M |
191 |
{ |
b1a6a5
|
192 |
global $app; |
c1418f
|
193 |
|
b1a6a5
|
194 |
if (!$this->checkPerm($session_id, 'client_update')) |
MC |
195 |
{ |
|
196 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
|
197 |
return false; |
|
198 |
} |
|
199 |
|
|
200 |
$app->uses('remoting_lib'); |
797215
|
201 |
$app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php'); |
b1a6a5
|
202 |
$old_rec = $app->remoting_lib->getDataRecord($client_id); |
a66fd7
|
203 |
|
TB |
204 |
//* merge old record with params, so only new values have to be set in $params |
|
205 |
$params = $app->functions->array_merge($old_rec,$params); |
797215
|
206 |
|
MC |
207 |
if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id; |
|
208 |
|
|
209 |
if($params['parent_client_id']) { |
|
210 |
// check if this one is reseller |
cc7a82
|
211 |
$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id'])); |
797215
|
212 |
if($check['limit_client'] == 0) { |
MC |
213 |
$this->server->fault('Invalid reseller', 'Selected client is not a reseller.'); |
|
214 |
return false; |
|
215 |
} |
|
216 |
|
|
217 |
if(isset($params['limit_client']) && $params['limit_client'] != 0) { |
|
218 |
$this->server->fault('Invalid reseller', 'Reseller cannot be client of another reseller.'); |
|
219 |
return false; |
|
220 |
} |
|
221 |
} |
b1a6a5
|
222 |
|
MC |
223 |
// we need the previuos templates assigned here |
cc7a82
|
224 |
$this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id); |
b1a6a5
|
225 |
if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) { |
MC |
226 |
// check previous type of storing templates |
|
227 |
$tpls = explode('/', $old_rec['template_additional']); |
|
228 |
$this->oldTemplatesAssigned = array(); |
|
229 |
foreach($tpls as $item) { |
|
230 |
$item = trim($item); |
|
231 |
if(!$item) continue; |
|
232 |
$this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id); |
|
233 |
} |
|
234 |
unset($tpls); |
|
235 |
} |
|
236 |
if(isset($params['template_additional'])) { |
|
237 |
$app->uses('client_templates'); |
|
238 |
$templates = explode('/', $params['template_additional']); |
|
239 |
$params['template_additional'] = ''; |
|
240 |
$app->client_templates->update_client_templates($client_id, $templates); |
|
241 |
unset($templates); |
|
242 |
} |
|
243 |
|
|
244 |
|
797215
|
245 |
$affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_update'); |
b1a6a5
|
246 |
|
MC |
247 |
$app->remoting_lib->ispconfig_sysuser_update($params, $client_id); |
|
248 |
|
|
249 |
return $affected_rows; |
c1418f
|
250 |
} |
b1a6a5
|
251 |
|
MC |
252 |
public function client_template_additional_get($session_id, $client_id) { |
|
253 |
global $app; |
c1418f
|
254 |
|
M |
255 |
if(!$this->checkPerm($session_id, 'client_get')) { |
|
256 |
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.'); |
|
257 |
return false; |
|
258 |
} |
|
259 |
|
b1a6a5
|
260 |
if(@is_numeric($client_id)) { |
cc7a82
|
261 |
$sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ?"; |
MC |
262 |
return $app->db->queryOneRecord($sql, $client_id); |
b1a6a5
|
263 |
} else { |
MC |
264 |
$this->server->fault('The ID must be an integer.'); |
|
265 |
return array(); |
c1418f
|
266 |
} |
M |
267 |
} |
b1a6a5
|
268 |
|
MC |
269 |
private function _set_client_formdata($client_id) { |
|
270 |
global $app; |
|
271 |
|
|
272 |
$this->id = $client_id; |
cc7a82
|
273 |
$this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ?', $client_id); |
b1a6a5
|
274 |
$this->oldDataRecord = $this->dataRecord; |
MC |
275 |
|
cc7a82
|
276 |
$this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id); |
b1a6a5
|
277 |
if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) { |
MC |
278 |
// check previous type of storing templates |
|
279 |
$tpls = explode('/', $this->oldDataRecord['template_additional']); |
|
280 |
$this->oldTemplatesAssigned = array(); |
|
281 |
foreach($tpls as $item) { |
|
282 |
$item = trim($item); |
|
283 |
if(!$item) continue; |
|
284 |
$this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id); |
|
285 |
} |
|
286 |
unset($tpls); |
c1418f
|
287 |
} |
b1a6a5
|
288 |
} |
MC |
289 |
|
|
290 |
public function client_template_additional_add($session_id, $client_id, $template_id) { |
|
291 |
global $app; |
|
292 |
|
|
293 |
if(!$this->checkPerm($session_id, 'client_update')) { |
|
294 |
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.'); |
|
295 |
return false; |
|
296 |
} |
|
297 |
|
|
298 |
if(@is_numeric($client_id) && @is_numeric($template_id)) { |
|
299 |
// check if client exists |
cc7a82
|
300 |
$check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id); |
b1a6a5
|
301 |
if(!$check) { |
MC |
302 |
$this->server->fault('Invalid client'); |
|
303 |
return false; |
|
304 |
} |
|
305 |
// check if template exists |
cc7a82
|
306 |
$check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ?', $template_id); |
b1a6a5
|
307 |
if(!$check) { |
MC |
308 |
$this->server->fault('Invalid template'); |
|
309 |
return false; |
|
310 |
} |
|
311 |
|
|
312 |
// for the update event we have to cheat a bit |
|
313 |
$this->_set_client_formdata($client_id); |
|
314 |
|
cc7a82
|
315 |
$sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)"; |
MC |
316 |
$app->db->query($sql, $client_id, $template_id); |
b1a6a5
|
317 |
$insert_id = $app->db->insertID(); |
MC |
318 |
|
|
319 |
$app->plugin->raiseEvent('client:client:on_after_update', $this); |
|
320 |
|
|
321 |
return $insert_id; |
|
322 |
} else { |
|
323 |
$this->server->fault('The IDs must be of type integer.'); |
|
324 |
return false; |
|
325 |
} |
|
326 |
} |
|
327 |
|
|
328 |
public function client_template_additional_delete($session_id, $client_id, $assigned_template_id) { |
|
329 |
global $app; |
|
330 |
|
|
331 |
if(!$this->checkPerm($session_id, 'client_update')) { |
|
332 |
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.'); |
|
333 |
return false; |
|
334 |
} |
|
335 |
|
|
336 |
if(@is_numeric($client_id) && @is_numeric($template_id)) { |
|
337 |
// check if client exists |
cc7a82
|
338 |
$check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id); |
b1a6a5
|
339 |
if(!$check) { |
MC |
340 |
$this->server->fault('Invalid client'); |
|
341 |
return false; |
|
342 |
} |
|
343 |
// check if template exists |
cc7a82
|
344 |
$check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $assigned_template_id); |
b1a6a5
|
345 |
if(!$check) { |
MC |
346 |
$this->server->fault('Invalid template'); |
|
347 |
return false; |
|
348 |
} |
|
349 |
|
|
350 |
// for the update event we have to cheat a bit |
|
351 |
$this->_set_client_formdata($client_id); |
|
352 |
|
cc7a82
|
353 |
$sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ? AND `client_id` = ?"; |
MC |
354 |
$app->db->query($sql, $template_id, $client_id); |
b1a6a5
|
355 |
$affected_rows = $app->db->affectedRows(); |
MC |
356 |
|
|
357 |
$app->plugin->raiseEvent('client:client:on_after_update', $this); |
|
358 |
|
|
359 |
return $affected_rows; |
|
360 |
} else { |
|
361 |
$this->server->fault('The IDs must be of type integer.'); |
|
362 |
return false; |
|
363 |
} |
|
364 |
} |
|
365 |
|
|
366 |
public function client_delete($session_id, $client_id) |
|
367 |
{ |
|
368 |
global $app; |
|
369 |
|
|
370 |
if (!$this->checkPerm($session_id, 'client_delete')) |
|
371 |
{ |
|
372 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
|
373 |
return false; |
|
374 |
} |
|
375 |
$affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id); |
|
376 |
|
|
377 |
$app->remoting_lib->ispconfig_sysuser_delete($client_id); |
|
378 |
|
|
379 |
return $affected_rows; |
|
380 |
} |
|
381 |
|
|
382 |
// ----------------------------------------------------------------------------------------------- |
|
383 |
|
|
384 |
public function client_delete_everything($session_id, $client_id) |
|
385 |
{ |
|
386 |
global $app, $conf; |
|
387 |
|
|
388 |
if(!$this->checkPerm($session_id, 'client_delete_everything')) { |
|
389 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
|
390 |
return false; |
|
391 |
} |
|
392 |
|
c1418f
|
393 |
$client_id = $app->functions->intval($client_id); |
M |
394 |
|
b1a6a5
|
395 |
if($client_id > 0) { |
c1418f
|
396 |
//* remove the group of the client from the resellers group |
M |
397 |
$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']); |
cc7a82
|
398 |
$parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id); |
MC |
399 |
$client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id); |
b1a6a5
|
400 |
$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']); |
MC |
401 |
|
c1418f
|
402 |
//* delete the group of the client |
9d9833
|
403 |
$app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id); |
b1a6a5
|
404 |
|
c1418f
|
405 |
//* delete the sys user(s) of the client |
9d9833
|
406 |
$app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id); |
b1a6a5
|
407 |
|
c1418f
|
408 |
//* Delete all records (sub-clients, mail, web, etc....) of this client. |
c795df
|
409 |
$tables = 'cron,client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic,domain'; |
b1a6a5
|
410 |
$tables_array = explode(',', $tables); |
c1418f
|
411 |
$client_group_id = $app->functions->intval($client_group['groupid']); |
b1a6a5
|
412 |
|
c1418f
|
413 |
if($client_group_id > 1) { |
M |
414 |
foreach($tables_array as $table) { |
|
415 |
if($table != '') { |
9d9833
|
416 |
$records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ?", $client_group_id); |
c1418f
|
417 |
//* find the primary ID of the table |
M |
418 |
$table_info = $app->db->tableInfo($table); |
|
419 |
$index_field = ''; |
|
420 |
foreach($table_info as $tmp) { |
|
421 |
if($tmp['option'] == 'primary') $index_field = $tmp['name']; |
|
422 |
} |
|
423 |
|
|
424 |
//* Delete the records |
|
425 |
if($index_field != '') { |
|
426 |
if(is_array($records)) { |
|
427 |
foreach($records as $rec) { |
|
428 |
$app->db->datalogDelete($table, $index_field, $rec[$index_field]); |
|
429 |
//* Delete traffic records that dont have a sys_groupid column |
|
430 |
if($table == 'web_domain') { |
cc7a82
|
431 |
$app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']); |
c1418f
|
432 |
} |
M |
433 |
//* Delete mail_traffic records that dont have a sys_groupid |
|
434 |
if($table == 'mail_user') { |
cc7a82
|
435 |
$app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']); |
c1418f
|
436 |
} |
M |
437 |
} |
|
438 |
} |
|
439 |
} |
b1a6a5
|
440 |
|
c1418f
|
441 |
} |
M |
442 |
} |
|
443 |
} |
b1a6a5
|
444 |
|
c1418f
|
445 |
} |
b1a6a5
|
446 |
|
c1418f
|
447 |
if (!$this->checkPerm($session_id, 'client_delete')) { |
b1a6a5
|
448 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
c1418f
|
449 |
return false; |
M |
450 |
} |
b1a6a5
|
451 |
$affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id); |
c1418f
|
452 |
|
b1a6a5
|
453 |
return $affected_rows; |
c1418f
|
454 |
} |
b1a6a5
|
455 |
|
c1418f
|
456 |
/** |
M |
457 |
* Get sys_user information by username |
b1a6a5
|
458 |
* @param int session id |
MC |
459 |
* @param string user's name |
|
460 |
* @return mixed false if error |
|
461 |
* @author Julio Montoya <gugli100@gmail.com> BeezNest 2010 |
c1418f
|
462 |
*/ |
b1a6a5
|
463 |
|
MC |
464 |
|
c1418f
|
465 |
public function client_get_by_username($session_id, $username) { |
b1a6a5
|
466 |
global $app; |
MC |
467 |
if(!$this->checkPerm($session_id, 'client_get_by_username')) { |
c1418f
|
468 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
M |
469 |
return false; |
b1a6a5
|
470 |
} |
cc7a82
|
471 |
$rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $username); |
b1a6a5
|
472 |
if (isset($rec)) { |
c1418f
|
473 |
return $rec; |
b1a6a5
|
474 |
} else { |
c1418f
|
475 |
throw new SoapFault('no_client_found', 'There is no user account for this user name.'); |
M |
476 |
return false; |
b1a6a5
|
477 |
} |
c1418f
|
478 |
} |
9e5a11
|
479 |
|
MC |
480 |
public function client_get_by_customer_no($session_id, $customer_no) { |
|
481 |
global $app; |
|
482 |
if(!$this->checkPerm($session_id, 'client_get_by_customer_no')) { |
|
483 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
|
484 |
return false; |
|
485 |
} |
|
486 |
$customer_no = trim($customer_no); |
|
487 |
if($customer_no == '') { |
|
488 |
throw new SoapFault('permission_denied', 'There was no customer number specified.'); |
|
489 |
return false; |
|
490 |
} |
|
491 |
$customer_no = $app->db->quote($customer_no); |
|
492 |
$rec = $app->db->queryOneRecord("SELECT * FROM client WHERE customer_no = '".$customer_no."'"); |
|
493 |
if (isset($rec)) { |
|
494 |
return $rec; |
|
495 |
} else { |
|
496 |
throw new SoapFault('no_client_found', 'There is no user account for this customer number.'); |
|
497 |
return false; |
|
498 |
} |
|
499 |
} |
c1418f
|
500 |
|
b1a6a5
|
501 |
/** |
MC |
502 |
* Get All client_id's from database |
|
503 |
* @param int session_id |
|
504 |
* @return Array of all client_id's |
|
505 |
*/ |
|
506 |
public function client_get_all($session_id) { |
|
507 |
global $app; |
|
508 |
if(!$this->checkPerm($session_id, 'client_get_all')) { |
c1418f
|
509 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
M |
510 |
return false; |
b1a6a5
|
511 |
} |
MC |
512 |
$result = $app->db->queryAllRecords("SELECT client_id FROM client WHERE 1"); |
|
513 |
if(!$result) { |
|
514 |
return false; |
|
515 |
} |
|
516 |
foreach( $result as $record) { |
|
517 |
$rarrary[] = $record['client_id']; |
|
518 |
} |
|
519 |
return $rarrary; |
|
520 |
} |
c1418f
|
521 |
|
M |
522 |
/** |
b1a6a5
|
523 |
* Changes client password |
MC |
524 |
* |
|
525 |
* @param int session id |
|
526 |
* @param int client id |
|
527 |
* @param string new password |
|
528 |
* @return bool true if success |
|
529 |
* |
|
530 |
*/ |
|
531 |
public function client_change_password($session_id, $client_id, $new_password) { |
|
532 |
global $app; |
|
533 |
|
d22277
|
534 |
$app->uses('auth'); |
MB |
535 |
|
b1a6a5
|
536 |
if(!$this->checkPerm($session_id, 'client_change_password')) { |
MC |
537 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
|
538 |
return false; |
|
539 |
} |
d22277
|
540 |
|
cc7a82
|
541 |
$client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id); |
b1a6a5
|
542 |
if($client['client_id'] > 0) { |
d22277
|
543 |
$new_password = $app->auth->crypt_password($new_password); |
MB |
544 |
$sql = "UPDATE client SET password = ? WHERE client_id = ?"; |
cc7a82
|
545 |
$app->db->query($sql, $new_password, $client_id); |
d22277
|
546 |
$sql = "UPDATE sys_user SET passwort = ? WHERE client_id = ?"; |
cc7a82
|
547 |
$app->db->query($sql, $new_password, $client_id); |
b1a6a5
|
548 |
return true; |
MC |
549 |
} else { |
|
550 |
throw new SoapFault('no_client_found', 'There is no user account for this client_id'); |
|
551 |
return false; |
|
552 |
} |
|
553 |
} |
|
554 |
|
|
555 |
/** |
|
556 |
* Get all client templates |
|
557 |
* @param int session id |
|
558 |
* @author Julio Montoya <gugli100@gmail.com> BeezNest 2010 |
c1418f
|
559 |
*/ |
M |
560 |
public function client_templates_get_all($session_id) { |
|
561 |
global $app; |
|
562 |
if(!$this->checkPerm($session_id, 'client_templates_get_all')) { |
b1a6a5
|
563 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
MC |
564 |
return false; |
c1418f
|
565 |
} |
b1a6a5
|
566 |
$sql = "SELECT * FROM client_template"; |
c1418f
|
567 |
$result = $app->db->queryAllRecords($sql); |
b1a6a5
|
568 |
return $result; |
MC |
569 |
} |
39dd4e
|
570 |
|
TB |
571 |
public function client_login_get($session_id,$username,$password,$remote_ip = '') { |
|
572 |
global $app; |
|
573 |
|
|
574 |
//* Check permissions |
|
575 |
if(!$this->checkPerm($session_id, 'client_get')) { |
|
576 |
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.'); |
|
577 |
return false; |
|
578 |
} |
|
579 |
|
|
580 |
//* Check username and password |
|
581 |
if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $username)) { |
|
582 |
throw new SoapFault('user_regex_error', 'Username contains invalid characters.'); |
|
583 |
return false; |
|
584 |
} |
|
585 |
if(!preg_match("/^.{1,64}$/i", $password)) { |
|
586 |
throw new SoapFault('password_length_error', 'Invalid password length or no password provided.'); |
|
587 |
return false; |
|
588 |
} |
|
589 |
|
|
590 |
//* Check failed logins |
cc7a82
|
591 |
$sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1"; |
MC |
592 |
$alreadyfailed = $app->db->queryOneRecord($sql, $remote_ip); |
39dd4e
|
593 |
|
TB |
594 |
//* too many failedlogins |
|
595 |
if($alreadyfailed['times'] > 5) { |
|
596 |
throw new SoapFault('error_user_too_many_logins', 'Too many failed logins.'); |
|
597 |
return false; |
|
598 |
} |
|
599 |
|
|
600 |
|
|
601 |
//*Set variables |
|
602 |
$returnval == false; |
|
603 |
|
|
604 |
if(strstr($username,'@')) { |
|
605 |
// Check against client table |
cc7a82
|
606 |
$sql = "SELECT * FROM client WHERE email = ?"; |
MC |
607 |
$user = $app->db->queryOneRecord($sql, $username); |
39dd4e
|
608 |
|
TB |
609 |
if($user) { |
|
610 |
$saved_password = stripslashes($user['password']); |
|
611 |
|
|
612 |
if(substr($saved_password, 0, 3) == '$1$') { |
|
613 |
//* The password is crypt-md5 encrypted |
|
614 |
$salt = '$1$'.substr($saved_password, 3, 8).'$'; |
|
615 |
|
|
616 |
if(crypt(stripslashes($password), $salt) != $saved_password) { |
|
617 |
$user = false; |
|
618 |
} |
|
619 |
} else { |
|
620 |
|
|
621 |
//* The password is md5 encrypted |
|
622 |
if(md5($password) != $saved_password) { |
|
623 |
$user = false; |
|
624 |
} |
|
625 |
} |
|
626 |
} |
|
627 |
|
|
628 |
if(is_array($user)) { |
|
629 |
$returnval = array( 'username' => $user['username'], |
|
630 |
'type' => 'user', |
|
631 |
'client_id' => $user['client_id'], |
|
632 |
'language' => $user['language'], |
|
633 |
'country' => $user['country']); |
|
634 |
} |
|
635 |
|
|
636 |
} else { |
|
637 |
// Check against sys_user table |
cc7a82
|
638 |
$sql = "SELECT * FROM sys_user WHERE username = ?"; |
MC |
639 |
$user = $app->db->queryOneRecord($sql, $username); |
39dd4e
|
640 |
|
TB |
641 |
if($user) { |
|
642 |
$saved_password = stripslashes($user['passwort']); |
|
643 |
|
|
644 |
if(substr($saved_password, 0, 3) == '$1$') { |
|
645 |
//* The password is crypt-md5 encrypted |
|
646 |
$salt = '$1$'.substr($saved_password, 3, 8).'$'; |
|
647 |
|
|
648 |
if(crypt(stripslashes($password), $salt) != $saved_password) { |
|
649 |
$user = false; |
|
650 |
} |
|
651 |
} else { |
|
652 |
|
|
653 |
//* The password is md5 encrypted |
|
654 |
if(md5($password) != $saved_password) { |
|
655 |
$user = false; |
|
656 |
} |
|
657 |
} |
|
658 |
} |
|
659 |
|
|
660 |
if(is_array($user)) { |
|
661 |
$returnval = array( 'username' => $user['username'], |
|
662 |
'type' => $user['typ'], |
|
663 |
'client_id' => $user['client_id'], |
|
664 |
'language' => $user['language'], |
|
665 |
'country' => 'de'); |
|
666 |
} else { |
|
667 |
throw new SoapFault('login_failed', 'Login failed.'); |
|
668 |
} |
|
669 |
} |
|
670 |
|
|
671 |
//* Log failed login attempts |
|
672 |
if($user === false) { |
|
673 |
if(!$alreadyfailed['times'] ) { |
|
674 |
//* user login the first time wrong |
cc7a82
|
675 |
$sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())"; |
MC |
676 |
$app->db->query($sql, $remote_ip); |
39dd4e
|
677 |
} elseif($alreadyfailed['times'] >= 1) { |
TB |
678 |
//* update times wrong |
cc7a82
|
679 |
$sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) ORDER BY `login_time` DESC LIMIT 1"; |
MC |
680 |
$app->db->query($sql, $remote_ip); |
39dd4e
|
681 |
} |
TB |
682 |
} |
|
683 |
|
|
684 |
return $returnval; |
|
685 |
} |
c1418f
|
686 |
} |
M |
687 |
|
b1a6a5
|
688 |
?> |