| commit | author | age | ||
| fbdcc4 | 1 | <?php |
| T | 2 | |
| 3 | /* | |
| 4 | Copyright (c) 2007, Till Brehm, projektfarm Gmbh | |
| 5 | All rights reserved. | |
| 6 | ||
| 7 | Redistribution and use in source and binary forms, with or without modification, | |
| 8 | are permitted provided that the following conditions are met: | |
| 9 | ||
| 10 | * Redistributions of source code must retain the above copyright notice, | |
| 11 | this list of conditions and the following disclaimer. | |
| 12 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 13 | this list of conditions and the following disclaimer in the documentation | |
| 14 | and/or other materials provided with the distribution. | |
| 15 | * Neither the name of ISPConfig nor the names of its contributors | |
| 16 | may be used to endorse or promote products derived from this software without | |
| 17 | specific prior written permission. | |
| 18 | ||
| 19 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 20 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 21 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 22 | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 23 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | |
| 24 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 25 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
| 26 | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 27 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
| 28 | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 29 | ||
| 30 | --UPDATED 08.2009-- | |
| 31 | Full SOAP support for ISPConfig 3.1.4 b | |
| 32 | Updated by Arkadiusz Roch & Artur Edelman | |
| 33 | Copyright (c) Tri-Plex technology | |
| 34 | ||
| 35 | */ | |
| 36 | ||
| 37 | /** | |
| 38 | * Formularbehandlung | |
| 39 | * | |
| 40 | * Funktionen zur Umwandlung von Formulardaten | |
| 41 | * sowie zum vorbereiten von HTML und SQL | |
| 42 | * Ausgaben | |
| 43 | * | |
| 44 | * Tabellendefinition | |
| 45 | * | |
| 46 | * Datentypen: | |
| 47 | * - INTEGER (Wandelt Ausdrücke in Int um) | |
| 48 | * - DOUBLE | |
| 49 | * - CURRENCY (Formatiert Zahlen nach Währungsnotation) | |
| 50 | * - VARCHAR (kein weiterer Format Check) | |
| 51 | * - DATE (Datumsformat, Timestamp Umwandlung) | |
| 52 | * | |
| 53 | * Formtype: | |
| 54 | * - TEXT (normales Textfeld) | |
| 55 | * - PASSWORD (Feldinhalt wird nicht angezeigt) | |
| 56 | * - SELECT (Gibt Werte als option Feld aus) | |
| 57 | * - MULTIPLE (Select-Feld mit nehreren Werten) | |
| 58 | * | |
| 59 | * VALUE: | |
| 60 | * - Wert oder Array | |
| 61 | * | |
| 62 | * SEPARATOR | |
| 63 | * - Trennzeichen für multiple Felder | |
| 64 | * | |
| 65 | * Hinweis: | |
| 66 | * Das ID-Feld ist nicht bei den Table Values einzufügen. | |
| 67 | */ | |
| 68 | ||
| 69 | class remoting_lib { | |
| 70 | ||
| 71 | /** | |
| 72 | * Definition of the database atble (array) | |
| 73 | * @var tableDef | |
| 74 | */ | |
| 75 | private $tableDef; | |
| 76 | ||
| 77 | /** | |
| 78 | * Private | |
| 79 | * @var action | |
| 80 | */ | |
| 81 | private $action; | |
| 82 | ||
| 83 | /** | |
| 84 | * Table name (String) | |
| 85 | * @var table_name | |
| 86 | */ | |
| 87 | private $table_name; | |
| 88 | ||
| 89 | /** | |
| 90 | * Debug Variable | |
| 91 | * @var debug | |
| 92 | */ | |
| 93 | private $debug = 0; | |
| 94 | ||
| 95 | /** | |
| 96 | * name of the primary field of the database table (string) | |
| 97 | * @var table_index | |
| 98 | */ | |
| 99 | var $table_index; | |
| 100 | ||
| 101 | /** | |
| 102 | * contains the error messages | |
| 103 | * @var errorMessage | |
| 104 | */ | |
| 105 | var $errorMessage = ''; | |
| 106 | ||
| 107 | var $dateformat = "d.m.Y"; | |
| 108 | var $formDef = array(); | |
| 109 | var $wordbook; | |
| 110 | var $module; | |
| 111 | var $primary_id; | |
| 112 | var $diffrec = array(); | |
| 113 | ||
| 114 | var $sys_username; | |
| 115 | var $sys_userid; | |
| 116 | var $sys_default_group; | |
| 117 | var $sys_groups; | |
| 118 | ||
| 119 | ||
| 120 | //* Load the form definition from file. | |
| 121 | function loadFormDef($file) { | |
| 122 | global $app,$conf; | |
| 123 | ||
| 124 | include_once($file); | |
| 125 | ||
| 126 | $this->formDef = $form; | |
| 127 | unset($this->formDef['tabs']); | |
| 128 | ||
| 129 | //* Copy all fields from all tabs into one form definition | |
| 130 | foreach($form['tabs'] as $tab) { | |
| 131 | foreach($tab['fields'] as $key => $value) { | |
| 132 | $this->formDef['fields'][$key] = $value; | |
| 133 | } | |
| 134 | } | |
| 135 | unset($form); | |
| 136 | ||
| 137 | return true; | |
| 138 | } | |
| 139 | ||
| 140 | //* Load the user profile | |
| 141 | function loadUserProfile($client_id = 0) { | |
| 03c48f | 142 | global $app,$conf; |
| T | 143 | |
| 144 | $client_id = intval($client_id); | |
| a62fd5 | 145 | |
| 03c48f | 146 | if($client_id == 0) { |
| T | 147 | $this->sys_username = 'admin'; |
| 148 | $this->sys_userid = 1; | |
| 149 | $this->sys_default_group = 1; | |
| 150 | $this->sys_groups = 1; | |
| 45858c | 151 | $_SESSION["s"]["user"]["typ"] = 'admin'; |
| 03c48f | 152 | } else { |
| 620831 | 153 | //* load system user - try with sysuser and before with userid (workarrond) |
| 4787bc | 154 | /* |
| 03c48f | 155 | $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE sysuser_id = $client_id"); |
| T | 156 | if(empty($user["userid"])) { |
| 620831 | 157 | $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $client_id"); |
| M | 158 | if(empty($user["userid"])) { |
| 159 | $this->errorMessage .= "No sysuser with the ID $client_id found."; | |
| 160 | return false; | |
| 161 | } | |
| 4787bc | 162 | }*/ |
| T | 163 | |
| 164 | $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $client_id"); | |
| 03c48f | 165 | $this->sys_username = $user['username']; |
| T | 166 | $this->sys_userid = $user['userid']; |
| 167 | $this->sys_default_group = $user['default_group']; | |
| 168 | $this->sys_groups = $user['groups']; | |
| d5628a | 169 | // $_SESSION["s"]["user"]["typ"] = $user['typ']; |
| T | 170 | // we have to force admin priveliges for the remoting API as some function calls might fail otherwise. |
| 171 | $_SESSION["s"]["user"]["typ"] = 'admin'; | |
| 03c48f | 172 | } |
| T | 173 | |
| 174 | return true; | |
| 620831 | 175 | } |
| fbdcc4 | 176 | |
| T | 177 | |
| 178 | /** | |
| 179 | * Converts data in human readable form | |
| 180 | * | |
| 181 | * @param record | |
| 182 | * @return record | |
| 183 | */ | |
| 184 | function decode($record) { | |
| 185 | $new_record = ''; | |
| 186 | if(is_array($record)) { | |
| 187 | foreach($this->formDef['fields'] as $key => $field) { | |
| 188 | switch ($field['datatype']) { | |
| 189 | case 'VARCHAR': | |
| 190 | $new_record[$key] = stripslashes($record[$key]); | |
| 191 | break; | |
| 192 | ||
| 193 | case 'TEXT': | |
| 194 | $new_record[$key] = stripslashes($record[$key]); | |
| 195 | break; | |
| 196 | ||
| edb827 | 197 | case 'DATETSTAMP': |
| fbdcc4 | 198 | if($record[$key] > 0) { |
| T | 199 | $new_record[$key] = date($this->dateformat,$record[$key]); |
| edb827 | 200 | } |
| T | 201 | break; |
| 202 | ||
| 203 | case 'DATE': | |
| 204 | if($record[$key] != '' && $record[$key] != '0000-00-00') { | |
| 205 | $tmp = explode('-',$record[$key]); | |
| 206 | $new_record[$key] = date($this->dateformat,mktime(0, 0, 0, $tmp[1] , $tmp[2], $tmp[0])); | |
| fbdcc4 | 207 | } |
| T | 208 | break; |
| 209 | ||
| 210 | case 'INTEGER': | |
| d6f9e1 | 211 | //* We use + 0 to force the string to be a number as |
| T | 212 | //* intval return value is too limited on 32bit systems |
| 213 | if(intval($record[$key]) == 2147483647) { | |
| 214 | $new_record[$key] = $record[$key] + 0; | |
| 215 | } else { | |
| 216 | $new_record[$key] = intval($record[$key]); | |
| 217 | } | |
| fbdcc4 | 218 | break; |
| T | 219 | |
| 220 | case 'DOUBLE': | |
| 221 | $new_record[$key] = $record[$key]; | |
| 222 | break; | |
| 223 | ||
| 224 | case 'CURRENCY': | |
| 225 | $new_record[$key] = number_format($record[$key], 2, ',', ''); | |
| 226 | break; | |
| 227 | ||
| 228 | default: | |
| 229 | $new_record[$key] = stripslashes($record[$key]); | |
| 230 | } | |
| 231 | } | |
| 232 | ||
| 233 | } | |
| 234 | ||
| 235 | return $new_record; | |
| 236 | } | |
| 237 | ||
| 238 | /** | |
| 239 | * Get the key => value array of a form filled from a datasource definitiom | |
| 240 | * | |
| 241 | * @param field = array with field definition | |
| 242 | * @param record = Dataset as array | |
| 243 | * @return key => value array for the value field of a form | |
| 244 | */ | |
| 245 | ||
| 246 | function getDatasourceData($field, $record) { | |
| 247 | global $app; | |
| 248 | ||
| 249 | $values = array(); | |
| 250 | ||
| 251 | if($field["datasource"]["type"] == 'SQL') { | |
| 252 | ||
| 253 | // Preparing SQL string. We will replace some | |
| 254 | // common placeholders | |
| 255 | $querystring = $field["datasource"]["querystring"]; | |
| 256 | $querystring = str_replace("{USERID}",$this->sys_userid,$querystring); | |
| 257 | $querystring = str_replace("{GROUPID}",$this->sys_default_group,$querystring); | |
| 258 | $querystring = str_replace("{GROUPS}",$this->sys_groups,$querystring); | |
| 259 | $table_idx = $this->formDef['db_table_idx']; | |
| 260 | ||
| 261 | $tmp_recordid = (isset($record[$table_idx]))?$record[$table_idx]:0; | |
| 262 | $querystring = str_replace("{RECORDID}",$tmp_recordid,$querystring); | |
| 263 | unset($tmp_recordid); | |
| 264 | ||
| 265 | $querystring = str_replace("{AUTHSQL}",$this->getAuthSQL('r'),$querystring); | |
| 266 | ||
| 267 | // Getting the records | |
| 268 | $tmp_records = $app->db->queryAllRecords($querystring); | |
| 269 | if($app->db->errorMessage != '') die($app->db->errorMessage); | |
| 270 | if(is_array($tmp_records)) { | |
| 271 | $key_field = $field["datasource"]["keyfield"]; | |
| 272 | $value_field = $field["datasource"]["valuefield"]; | |
| 273 | foreach($tmp_records as $tmp_rec) { | |
| 274 | $tmp_id = $tmp_rec[$key_field]; | |
| 275 | $values[$tmp_id] = $tmp_rec[$value_field]; | |
| 276 | } | |
| 277 | } | |
| 278 | } | |
| 279 | ||
| 280 | if($field["datasource"]["type"] == 'CUSTOM') { | |
| 281 | // Calls a custom class to validate this record | |
| 282 | if($field["datasource"]['class'] != '' and $field["datasource"]['function'] != '') { | |
| 283 | $datasource_class = $field["datasource"]['class']; | |
| 284 | $datasource_function = $field["datasource"]['function']; | |
| 285 | $app->uses($datasource_class); | |
| 286 | $values = $app->$datasource_class->$datasource_function($field, $record); | |
| 287 | } else { | |
| 288 | $this->errorMessage .= "Custom datasource class or function is empty<br>\r\n"; | |
| 289 | } | |
| 290 | } | |
| 291 | ||
| 292 | return $values; | |
| 293 | ||
| 294 | } | |
| 295 | ||
| 296 | /** | |
| 297 | * Converts the data in a format to store it in the database table | |
| 298 | * | |
| 299 | * @param record = Datensatz als Array | |
| 300 | * @return record | |
| 301 | */ | |
| 302 | function encode($record) { | |
| 303 | ||
| 304 | if(is_array($record)) { | |
| 305 | foreach($this->formDef['fields'] as $key => $field) { | |
| 306 | ||
| 307 | if(isset($field['validators']) && is_array($field['validators'])) $this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']); | |
| 308 | ||
| 309 | switch ($field['datatype']) { | |
| 310 | case 'VARCHAR': | |
| 311 | if(!@is_array($record[$key])) { | |
| 312 | $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):''; | |
| 313 | } else { | |
| 314 | $new_record[$key] = implode($field['separator'],$record[$key]); | |
| 315 | } | |
| 316 | break; | |
| 317 | case 'TEXT': | |
| 318 | if(!is_array($record[$key])) { | |
| 319 | $new_record[$key] = mysql_real_escape_string($record[$key]); | |
| 320 | } else { | |
| 321 | $new_record[$key] = implode($field['separator'],$record[$key]); | |
| 322 | } | |
| 323 | break; | |
| edb827 | 324 | case 'DATETSTAMP': |
| fbdcc4 | 325 | if($record[$key] > 0) { |
| T | 326 | list($tag,$monat,$jahr) = explode('.',$record[$key]); |
| 327 | $new_record[$key] = mktime(0,0,0,$monat,$tag,$jahr); | |
| 328 | } else { | |
| 329 | $new_record[$key] = 0; | |
| 330 | } | |
| 331 | break; | |
| edb827 | 332 | case 'DATE': |
| T | 333 | if($record[$key] != '' && $record[$key] != '0000-00-00') { |
| e83dd1 | 334 | if(function_exists('date_parse_from_format')) { |
| T | 335 | $date_parts = date_parse_from_format($this->dateformat,$record[$key]); |
| 336 | //list($tag,$monat,$jahr) = explode('.',$record[$key]); | |
| 337 | $new_record[$key] = $date_parts['year'].'-'.$date_parts['month'].'-'.$date_parts['day']; | |
| 338 | //$tmp = strptime($record[$key],$this->dateformat); | |
| 339 | //$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday']; | |
| 340 | } else { | |
| 341 | //$tmp = strptime($record[$key],$this->dateformat); | |
| 342 | //$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday']; | |
| 343 | $tmp = strtotime($record[$key]); | |
| 344 | $new_record[$key] = date('Y-m-d',$tmp); | |
| 345 | } | |
| edb827 | 346 | } else { |
| T | 347 | $new_record[$key] = '0000-00-00'; |
| 348 | } | |
| 349 | break; | |
| fbdcc4 | 350 | case 'INTEGER': |
| T | 351 | $new_record[$key] = (isset($record[$key]))?intval($record[$key]):0; |
| 352 | //if($new_record[$key] != $record[$key]) $new_record[$key] = $field['default']; | |
| 353 | //if($key == 'refresh') die($record[$key]); | |
| 354 | break; | |
| 355 | case 'DOUBLE': | |
| 356 | $new_record[$key] = mysql_real_escape_string($record[$key]); | |
| 357 | break; | |
| 358 | case 'CURRENCY': | |
| 359 | $new_record[$key] = str_replace(",",".",$record[$key]); | |
| 360 | break; | |
| 6f4add | 361 | |
| W | 362 | case 'DATETIME': |
| 363 | if (is_array($record[$key])) | |
| 364 | { | |
| 365 | $filtered_values = array_map(create_function('$item','return (int)$item;'), $record[$key]); | |
| 366 | extract($filtered_values, EXTR_PREFIX_ALL, '_dt'); | |
| 367 | ||
| 368 | if ($_dt_day != 0 && $_dt_month != 0 && $_dt_year != 0) { | |
| 369 | $new_record[$key] = date( 'Y-m-d H:i:s', mktime($_dt_hour, $_dt_minute, $_dt_second, $_dt_month, $_dt_day, $_dt_year) ); | |
| 370 | } | |
| 371 | } | |
| 372 | break; | |
| fbdcc4 | 373 | } |
| T | 374 | |
| 375 | // The use of the field value is deprecated, use validators instead | |
| 376 | if(isset($field['regex']) && $field['regex'] != '') { | |
| 377 | // Enable that "." matches also newlines | |
| 378 | $field['regex'] .= 's'; | |
| 379 | if(!preg_match($field['regex'], $record[$key])) { | |
| 380 | $errmsg = $field['errmsg']; | |
| 381 | $this->errorMessage .= $errmsg."\r\n"; | |
| 382 | } | |
| 383 | } | |
| 384 | ||
| 385 | ||
| 386 | } | |
| 387 | } | |
| 388 | return $new_record; | |
| 389 | } | |
| 390 | ||
| 391 | /** | |
| 392 | * process the validators for a given field. | |
| 393 | * | |
| 394 | * @param field_name = Name of the field | |
| 395 | * @param field_value = value of the field | |
| 396 | * @param validatoors = Array of validators | |
| 397 | * @return record | |
| 398 | */ | |
| 399 | ||
| 400 | function validateField($field_name, $field_value, $validators) { | |
| 401 | ||
| 402 | global $app; | |
| 403 | ||
| 404 | $escape = '`'; | |
| 405 | ||
| 406 | // loop trough the validators | |
| 407 | foreach($validators as $validator) { | |
| 408 | ||
| 409 | switch ($validator['type']) { | |
| 410 | case 'REGEX': | |
| 411 | $validator['regex'] .= 's'; | |
| 412 | if(!preg_match($validator['regex'], $field_value)) { | |
| 413 | $errmsg = $validator['errmsg']; | |
| 414 | if(isset($this->wordbook[$errmsg])) { | |
| ef1286 | 415 | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
| fbdcc4 | 416 | } else { |
| ef1286 | 417 | $this->errorMessage .= $errmsg."<br />\r\n"; |
| fbdcc4 | 418 | } |
| T | 419 | } |
| 420 | break; | |
| 421 | case 'UNIQUE': | |
| ef1286 | 422 | if($this->action == 'NEW') { |
| fbdcc4 | 423 | $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'"); |
| T | 424 | if($num_rec["number"] > 0) { |
| 425 | $errmsg = $validator['errmsg']; | |
| 426 | if(isset($this->wordbook[$errmsg])) { | |
| ef1286 | 427 | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
| fbdcc4 | 428 | } else { |
| ef1286 | 429 | $this->errorMessage .= $errmsg."<br />\r\n"; |
| fbdcc4 | 430 | } |
| T | 431 | } |
| 432 | } else { | |
| 433 | $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id); | |
| 434 | if($num_rec["number"] > 0) { | |
| 435 | $errmsg = $validator['errmsg']; | |
| 436 | if(isset($this->wordbook[$errmsg])) { | |
| ef1286 | 437 | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
| fbdcc4 | 438 | } else { |
| ef1286 | 439 | $this->errorMessage .= $errmsg."<br />\r\n"; |
| fbdcc4 | 440 | } |
| T | 441 | } |
| 442 | } | |
| 443 | break; | |
| 444 | case 'NOTEMPTY': | |
| 445 | if(empty($field_value)) { | |
| 446 | $errmsg = $validator['errmsg']; | |
| 447 | if(isset($this->wordbook[$errmsg])) { | |
| ef1286 | 448 | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
| fbdcc4 | 449 | } else { |
| ef1286 | 450 | $this->errorMessage .= $errmsg."<br />\r\n"; |
| fbdcc4 | 451 | } |
| T | 452 | } |
| 453 | break; | |
| 454 | case 'ISEMAIL': | |
| ef1286 | 455 | if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) { |
| fbdcc4 | 456 | $errmsg = $validator['errmsg']; |
| T | 457 | if(isset($this->wordbook[$errmsg])) { |
| ef1286 | 458 | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
| fbdcc4 | 459 | } else { |
| ef1286 | 460 | $this->errorMessage .= $errmsg."<br />\r\n"; |
| fbdcc4 | 461 | } |
| T | 462 | } |
| 463 | break; | |
| 464 | case 'ISINT': | |
| 465 | $tmpval = intval($field_value); | |
| 466 | if($tmpval === 0 and !empty($field_value)) { | |
| 467 | $errmsg = $validator['errmsg']; | |
| 468 | if(isset($this->wordbook[$errmsg])) { | |
| ef1286 | 469 | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
| fbdcc4 | 470 | } else { |
| ef1286 | 471 | $this->errorMessage .= $errmsg."<br />\r\n"; |
| fbdcc4 | 472 | } |
| T | 473 | } |
| 474 | break; | |
| 475 | case 'ISPOSITIVE': | |
| 476 | if(!is_numeric($field_value) || $field_value <= 0){ | |
| 477 | $errmsg = $validator['errmsg']; | |
| 478 | if(isset($this->wordbook[$errmsg])) { | |
| ef1286 | 479 | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
| fbdcc4 | 480 | } else { |
| ef1286 | 481 | $this->errorMessage .= $errmsg."<br />\r\n"; |
| fbdcc4 | 482 | } |
| T | 483 | } |
| ef1286 | 484 | break; |
| T | 485 | case 'ISIPV4': |
| 486 | $vip=1; | |
| 487 | if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){ | |
| 488 | $groups=explode(".",$field_value); | |
| 489 | foreach($groups as $group){ | |
| 490 | if($group<0 OR $group>255) | |
| 491 | $vip=0; | |
| 492 | } | |
| 493 | }else{$vip=0;} | |
| 494 | if($vip==0) { | |
| 495 | $errmsg = $validator['errmsg']; | |
| 496 | if(isset($this->wordbook[$errmsg])) { | |
| 497 | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; | |
| 498 | } else { | |
| 499 | $this->errorMessage .= $errmsg."<br />\r\n"; | |
| 500 | } | |
| 501 | } | |
| 502 | break; | |
| 503 | case 'ISIP': | |
| 504 | //* Check if its a IPv4 or IPv6 address | |
| 505 | if(function_exists('filter_var')) { | |
| 506 | if(!filter_var($field_value,FILTER_VALIDATE_IP)) { | |
| 507 | $errmsg = $validator['errmsg']; | |
| 508 | if(isset($this->wordbook[$errmsg])) { | |
| 509 | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; | |
| 510 | } else { | |
| 511 | $this->errorMessage .= $errmsg."<br />\r\n"; | |
| 512 | } | |
| 513 | } | |
| 514 | } else { | |
| 515 | //* Check content with regex, if we use php < 5.2 | |
| 516 | $ip_ok = 0; | |
| 517 | if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){ | |
| 518 | $ip_ok = 1; | |
| 519 | } | |
| 520 | if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){ | |
| 521 | $ip_ok = 1; | |
| 522 | } | |
| 523 | if($ip_ok == 0) { | |
| 524 | $errmsg = $validator['errmsg']; | |
| 525 | if(isset($this->wordbook[$errmsg])) { | |
| 526 | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; | |
| 527 | } else { | |
| 528 | $this->errorMessage .= $errmsg."<br />\r\n"; | |
| 529 | } | |
| 530 | } | |
| 531 | } | |
| fbdcc4 | 532 | break; |
| T | 533 | case 'CUSTOM': |
| 534 | // Calls a custom class to validate this record | |
| 535 | if($validator['class'] != '' and $validator['function'] != '') { | |
| 536 | $validator_class = $validator['class']; | |
| 537 | $validator_function = $validator['function']; | |
| 538 | $app->uses($validator_class); | |
| 539 | $this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator); | |
| 540 | } else { | |
| ef1286 | 541 | $this->errorMessage .= "Custom validator class or function is empty<br />\r\n"; |
| fbdcc4 | 542 | } |
| T | 543 | break; |
| 544 | default: | |
| 545 | $this->errorMessage .= "Unknown Validator: ".$validator['type']; | |
| 546 | break; | |
| 547 | } | |
| 548 | ||
| 549 | ||
| 550 | } | |
| 551 | ||
| 552 | return true; | |
| 553 | } | |
| 554 | ||
| 555 | /** | |
| 556 | * Create SQL statement | |
| 557 | * | |
| 558 | * @param record = Datensatz als Array | |
| 559 | * @param action = INSERT oder UPDATE | |
| 560 | * @param primary_id | |
| 561 | * @return record | |
| 562 | */ | |
| 563 | function getSQL($record, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '') { | |
| 564 | ||
| 565 | global $app; | |
| 566 | ||
| 567 | $this->action = $action; | |
| 568 | $this->primary_id = $primary_id; | |
| 569 | ||
| 570 | $record = $this->encode($record,$tab); | |
| 571 | $sql_insert_key = ''; | |
| 572 | $sql_insert_val = ''; | |
| 573 | $sql_update = ''; | |
| 574 | ||
| 575 | if(!is_array($this->formDef)) $app->error("No form definition found."); | |
| 576 | ||
| 577 | // gehe durch alle Felder des Tabs | |
| 578 | if(is_array($record)) { | |
| 579 | foreach($this->formDef['fields'] as $key => $field) { | |
| 580 | // Wenn es kein leeres Passwortfeld ist | |
| 581 | if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) { | |
| 582 | // Erzeuge Insert oder Update Quelltext | |
| 583 | if($action == "INSERT") { | |
| 584 | if($field['formtype'] == 'PASSWORD') { | |
| 585 | $sql_insert_key .= "`$key`, "; | |
| 586 | if($field['encryption'] == 'CRYPT') { | |
| 91e1ba | 587 | $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); |
| T | 588 | $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; |
| 589 | } elseif ($field['encryption'] == 'MYSQL') { | |
| 590 | $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), "; | |
| 591 | } elseif ($field['encryption'] == 'CLEARTEXT') { | |
| 592 | $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; | |
| fbdcc4 | 593 | } else { |
| 91e1ba | 594 | $record[$key] = md5(stripslashes($record[$key])); |
| T | 595 | $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; |
| fbdcc4 | 596 | } |
| T | 597 | } elseif ($field['formtype'] == 'CHECKBOX') { |
| 598 | $sql_insert_key .= "`$key`, "; | |
| 599 | if($record[$key] == '') { | |
| 600 | // if a checkbox is not set, we set it to the unchecked value | |
| 601 | $sql_insert_val .= "'".$field['value'][0]."', "; | |
| 602 | $record[$key] = $field['value'][0]; | |
| 603 | } else { | |
| 604 | $sql_insert_val .= "'".$record[$key]."', "; | |
| 605 | } | |
| 606 | } else { | |
| 607 | $sql_insert_key .= "`$key`, "; | |
| 608 | $sql_insert_val .= "'".$record[$key]."', "; | |
| 609 | } | |
| 610 | } else { | |
| 5764f8 | 611 | |
| fbdcc4 | 612 | if($field['formtype'] == 'PASSWORD') { |
| 5764f8 | 613 | if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') { |
| 499037 | 614 | $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); |
| 5764f8 | 615 | $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; |
| T | 616 | } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { |
| 617 | $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), "; | |
| 618 | } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') { | |
| 619 | $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; | |
| fbdcc4 | 620 | } else { |
| 5764f8 | 621 | $record[$key] = md5(stripslashes($record[$key])); |
| T | 622 | $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; |
| fbdcc4 | 623 | } |
| T | 624 | } elseif ($field['formtype'] == 'CHECKBOX') { |
| 625 | if($record[$key] == '') { | |
| 626 | // if a checkbox is not set, we set it to the unchecked value | |
| 627 | $sql_update .= "`$key` = '".$field['value'][0]."', "; | |
| 628 | $record[$key] = $field['value'][0]; | |
| 629 | } else { | |
| 630 | $sql_update .= "`$key` = '".$record[$key]."', "; | |
| 631 | } | |
| 632 | } else { | |
| 633 | $sql_update .= "`$key` = '".$record[$key]."', "; | |
| 634 | } | |
| 635 | } | |
| 636 | } else { | |
| 637 | // we unset the password filed, if empty to tell the datalog function | |
| 638 | // that the password has not been changed | |
| 639 | unset($record[$key]); | |
| 640 | } | |
| 641 | } | |
| 642 | } | |
| 643 | ||
| 644 | ||
| 645 | ||
| 646 | if(stristr($this->formDef['db_table'],'.')) { | |
| 647 | $escape = ''; | |
| 648 | } else { | |
| 649 | $escape = '`'; | |
| 650 | } | |
| 651 | ||
| 652 | ||
| 653 | if($action == "INSERT") { | |
| 654 | if($this->formDef['auth'] == 'yes') { | |
| 655 | // Setze User und Gruppe | |
| 656 | $sql_insert_key .= "`sys_userid`, "; | |
| 657 | $sql_insert_val .= ($this->formDef["auth_preset"]["userid"] > 0)?"'".$this->formDef["auth_preset"]["userid"]."', ":"'".$this->sys_userid."', "; | |
| 658 | $sql_insert_key .= "`sys_groupid`, "; | |
| 659 | $sql_insert_val .= ($this->formDef["auth_preset"]["groupid"] > 0)?"'".$this->formDef["auth_preset"]["groupid"]."', ":"'".$this->sys_default_group."', "; | |
| 660 | $sql_insert_key .= "`sys_perm_user`, "; | |
| 661 | $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_user"]."', "; | |
| 662 | $sql_insert_key .= "`sys_perm_group`, "; | |
| 663 | $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_group"]."', "; | |
| 664 | $sql_insert_key .= "`sys_perm_other`, "; | |
| 665 | $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_other"]."', "; | |
| 666 | } | |
| 667 | $sql_insert_key = substr($sql_insert_key,0,-2); | |
| 668 | $sql_insert_val = substr($sql_insert_val,0,-2); | |
| 669 | $sql = "INSERT INTO ".$escape.$this->formDef['db_table'].$escape." ($sql_insert_key) VALUES ($sql_insert_val)"; | |
| 670 | } else { | |
| 671 | if($primary_id != 0) { | |
| 672 | $sql_update = substr($sql_update,0,-2); | |
| 673 | $sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; | |
| 674 | if($sql_ext_where != '') $sql .= " and ".$sql_ext_where; | |
| 675 | } else { | |
| 676 | $app->error("Primary ID fehlt!"); | |
| 677 | } | |
| 678 | } | |
| 679 | ||
| 680 | return $sql; | |
| 681 | } | |
| 682 | ||
| 683 | function getDeleteSQL($primary_id) { | |
| 684 | ||
| 685 | if(stristr($this->formDef['db_table'],'.')) { | |
| 686 | $escape = ''; | |
| 687 | } else { | |
| 688 | $escape = '`'; | |
| 689 | } | |
| 690 | ||
| 691 | $sql = "DELETE FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; | |
| 692 | return $sql; | |
| 693 | } | |
| 694 | ||
| 695 | ||
| 696 | function getDataRecord($primary_id) { | |
| 697 | global $app; | |
| 698 | $escape = '`'; | |
| 699 | if(@is_numeric($primary_id)) { | |
| 700 | $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; | |
| 701 | return $app->db->queryOneRecord($sql); | |
| 702 | } elseif (@is_array($primary_id)) { | |
| 703 | $sql_where = ''; | |
| 704 | foreach($primary_id as $key => $val) { | |
| 705 | $key = $app->db->quote($key); | |
| 706 | $val = $app->db->quote($val); | |
| 91e1ba | 707 | if(stristr($val,'%')) { |
| bb0c77 | 708 | $sql_where .= "$key like '$val' AND "; |
| T | 709 | } else { |
| 710 | $sql_where .= "$key = '$val' AND "; | |
| 711 | } | |
| fbdcc4 | 712 | } |
| T | 713 | $sql_where = substr($sql_where,0,-5); |
| 714 | $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where; | |
| 715 | return $app->db->queryAllRecords($sql); | |
| 716 | } else { | |
| 717 | $this->errorMessage = 'The ID must be either an integer or an array.'; | |
| 718 | return array(); | |
| 719 | } | |
| 720 | ||
| 721 | ||
| 722 | } | |
| 723 | ||
| 724 | function ispconfig_sysuser_add($params,$insert_id){ | |
| 03bca9 | 725 | global $conf,$app,$sql1; |
| fbdcc4 | 726 | $username = $app->db->quote($params["username"]); |
| T | 727 | $password = $app->db->quote($params["password"]); |
| dbbaff | 728 | if(!isset($params['modules'])) { |
| 03bca9 | 729 | $modules = $conf['interface_modules_enabled']; |
| dbbaff | 730 | } else { |
| T | 731 | $modules = $app->db->quote($params['modules']); |
| 732 | } | |
| 733 | if(!isset($params['startmodule'])) { | |
| 734 | $startmodule = 'dashboard'; | |
| 735 | } else { | |
| 736 | $startmodule = $app->db->quote($params["startmodule"]); | |
| 737 | if(!preg_match('/'.$startmodule.'/',$modules)) { | |
| 738 | $_modules = explode(',',$modules); | |
| 739 | $startmodule=$_modules[0]; | |
| 740 | } | |
| 741 | } | |
| fbdcc4 | 742 | $usertheme = $app->db->quote($params["usertheme"]); |
| T | 743 | $type = 'user'; |
| 744 | $active = 1; | |
| 745 | $insert_id = intval($insert_id); | |
| 746 | $language = $app->db->quote($params["language"]); | |
| 747 | $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid'); | |
| 748 | $groups = $groupid; | |
| 499037 | 749 | $password = $app->auth->crypt_password(stripslashes($password)); |
| fbdcc4 | 750 | $sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id) |
| 1ca823 | 751 | VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)"; |
| fbdcc4 | 752 | $app->db->query($sql1); |
| T | 753 | } |
| 754 | ||
| 755 | function ispconfig_sysuser_update($params,$client_id){ | |
| 756 | global $app; | |
| 757 | $username = $app->db->quote($params["username"]); | |
| f5d954 | 758 | $clear_password = $app->db->quote($params["password"]); |
| fbdcc4 | 759 | $client_id = intval($client_id); |
| 499037 | 760 | $password = $app->auth->crypt_password(stripslashes($clear_password)); |
| f5d954 | 761 | if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ; |
| T | 762 | $sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id"; |
| fbdcc4 | 763 | $app->db->query($sql); |
| T | 764 | } |
| 765 | ||
| 766 | function ispconfig_sysuser_delete($client_id){ | |
| 767 | global $app; | |
| 768 | $client_id = intval($client_id); | |
| 769 | $sql = "DELETE FROM sys_user WHERE client_id = $client_id"; | |
| 770 | $app->db->query($sql); | |
| f5d954 | 771 | $sql = "DELETE FROM sys_group WHERE client_id = $client_id"; |
| T | 772 | $app->db->query($sql); |
| fbdcc4 | 773 | } |
| T | 774 | |
| 775 | function datalogSave($action,$primary_id, $record_old, $record_new) { | |
| 776 | global $app,$conf; | |
| 7d4fdb | 777 | |
| T | 778 | $app->db->datalogSave($this->formDef['db_table'], $action, $this->formDef['db_table_idx'], $primary_id, $record_old, $record_new); |
| 779 | return true; | |
| 780 | /* | |
| fbdcc4 | 781 | |
| T | 782 | if(stristr($this->formDef['db_table'],'.')) { |
| 783 | $escape = ''; | |
| 784 | } else { | |
| 785 | $escape = '`'; | |
| 786 | } | |
| 787 | ||
| 788 | $diffrec = array(); | |
| 789 | ||
| 790 | if(is_array($record_new) && count($record_new) > 0) { | |
| 791 | foreach($record_new as $key => $val) { | |
| 792 | if($record_old[$key] != $val) { | |
| 793 | // Record has changed | |
| 794 | $diffrec[$key] = array('old' => $record_old[$key], | |
| 795 | 'new' => $val); | |
| 796 | } | |
| 797 | } | |
| 798 | } elseif(is_array($record_old)) { | |
| 799 | foreach($record_old as $key => $val) { | |
| 800 | if($record_new[$key] != $val) { | |
| 801 | // Record has changed | |
| 802 | $diffrec[$key] = array('new' => $record_new[$key], | |
| 803 | 'old' => $val); | |
| 804 | } | |
| 805 | } | |
| 806 | } | |
| 807 | $this->diffrec = $diffrec; | |
| 808 | ||
| 809 | ||
| 810 | // Full diff records for ISPConfig, they have a different format then the simple diffrec | |
| 811 | $diffrec_full = array(); | |
| 812 | ||
| 813 | if(is_array($record_old) && count($record_old) > 0) { | |
| 814 | foreach($record_old as $key => $val) { | |
| 815 | if(isset($record_new[$key]) && $record_new[$key] != $val) { | |
| 816 | // Record has changed | |
| 817 | $diffrec_full['old'][$key] = $val; | |
| 818 | $diffrec_full['new'][$key] = $record_new[$key]; | |
| 819 | } else { | |
| 820 | $diffrec_full['old'][$key] = $val; | |
| 821 | $diffrec_full['new'][$key] = $val; | |
| 822 | } | |
| 823 | } | |
| 824 | } elseif(is_array($record_new)) { | |
| 825 | foreach($record_new as $key => $val) { | |
| 826 | if(isset($record_new[$key]) && $record_old[$key] != $val) { | |
| 827 | // Record has changed | |
| 828 | $diffrec_full['new'][$key] = $val; | |
| 829 | $diffrec_full['old'][$key] = $record_old[$key]; | |
| 830 | } else { | |
| 831 | $diffrec_full['new'][$key] = $val; | |
| 832 | $diffrec_full['old'][$key] = $val; | |
| 833 | } | |
| 834 | } | |
| 835 | } | |
| 836 | ||
| 837 | ||
| 838 | // Insert the server_id, if the record has a server_id | |
| 839 | $server_id = (isset($record_old["server_id"]) && $record_old["server_id"] > 0)?$record_old["server_id"]:0; | |
| 840 | if(isset($record_new["server_id"])) $server_id = $record_new["server_id"]; | |
| 841 | ||
| 842 | if(count($this->diffrec) > 0) { | |
| 843 | $diffstr = $app->db->quote(serialize($diffrec_full)); | |
| 844 | $username = $app->db->quote($this->sys_username); | |
| 845 | $dbidx = $this->formDef['db_table_idx'].":".$primary_id; | |
| 846 | // $action = ($action == 'INSERT')?'i':'u'; | |
| 847 | ||
| 848 | if($action == 'INSERT') $action = 'i'; | |
| 849 | if($action == 'UPDATE') $action = 'u'; | |
| 850 | if($action == 'DELETE') $action = 'd'; | |
| 851 | $sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES ('".$this->formDef['db_table']."','$dbidx','$server_id','$action','".time()."','$username','$diffstr')"; | |
| 852 | $app->db->query($sql); | |
| 853 | } | |
| 854 | ||
| 855 | return true; | |
| 7d4fdb | 856 | */ |
| fbdcc4 | 857 | |
| T | 858 | } |
| 859 | ||
| 860 | } | |
| 861 | ||
| 862 | ?> | |
