| | |
|---|
| | | if(isset($_SESSION['client_login']) && isset($_SESSION['client_sys_userid']) && $_SESSION['client_login'] == 1) { |
|---|
| | | $client_sys_userid = $app->functions->intval($_SESSION['client_sys_userid']); |
|---|
| | | |
|---|
| | | $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_user, client WHERE sys_user.client_id = client.client_id and sys_user.userid = " . $client_sys_userid); |
|---|
| | | $client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_user, client WHERE sys_user.client_id = client.client_id and sys_user.userid = ?", $client_sys_userid); |
|---|
| | | |
|---|
| | | $this->client_id = $client['client_id']; |
|---|
| | | $client_login = true; |
|---|
| | |
|---|
| | | $this->sys_groups = 1; |
|---|
| | | $_SESSION["s"]["user"]["typ"] = 'admin'; |
|---|
| | | } else { |
|---|
| | | //* load system user - try with sysuser and before with userid (workarrond) |
|---|
| | | /* |
|---|
| | | $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE sysuser_id = $client_id"); |
|---|
| | | if(empty($user["userid"])) { |
|---|
| | | $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $client_id"); |
|---|
| | | if(empty($user["userid"])) { |
|---|
| | | $this->errorMessage .= "No sysuser with the ID $client_id found."; |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | }*/ |
|---|
| | | |
|---|
| | | $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $this->client_id"); |
|---|
| | | $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $this->client_id); |
|---|
| | | $this->sys_username = $user['username']; |
|---|
| | | $this->sys_userid = $user['userid']; |
|---|
| | | $this->sys_default_group = $user['default_group']; |
|---|
| | | $this->sys_groups = $user['groups']; |
|---|
| | | // $_SESSION["s"]["user"]["typ"] = $user['typ']; |
|---|
| | | // we have to force admin priveliges for the remoting API as some function calls might fail otherwise. |
|---|
| | | if($client_login == false) $_SESSION["s"]["user"]["typ"] = 'admin'; |
|---|
| | | } |
|---|
| | |
|---|
| | | return parent::getDataRecord($primary_id); |
|---|
| | | } elseif($primary_id == -1) { |
|---|
| | | // Return a array with all records |
|---|
| | | $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape; |
|---|
| | | return $app->db->queryAllRecords($sql); |
|---|
| | | $sql = "SELECT * FROM ??"; |
|---|
| | | return $app->db->queryAllRecords($sql, $this->formDef['db_table']); |
|---|
| | | } else { |
|---|
| | | throw new SoapFault('invalid_id', 'The ID has to be > 0 or -1.'); |
|---|
| | | return array(); |
|---|
| | |
|---|
| | | } |
|---|
| | | $sql_where = substr($sql_where, 0, -5); |
|---|
| | | if($sql_where == '') $sql_where = '1'; |
|---|
| | | $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']); |
|---|
| | | $sql = "SELECT * FROM ?? WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']); |
|---|
| | | if($sql_offset >= 0 && $sql_limit > 0) $sql .= ' LIMIT ' . $sql_offset . ',' . $sql_limit; |
|---|
| | | return $app->db->queryAllRecords($sql); |
|---|
| | | return $app->db->queryAllRecords($sql, $this->formDef['db_table']); |
|---|
| | | } else { |
|---|
| | | $this->errorMessage = 'The ID must be either an integer or an array.'; |
|---|
| | | return array(); |
|---|
| | |
|---|
| | | $groups = $groupid; |
|---|
| | | if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($password)); |
|---|
| | | $sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id) |
|---|
| | | VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)"; |
|---|
| | | $app->db->query($sql1); |
|---|
| | | VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"; |
|---|
| | | $app->db->query($sql1, $username,$password,$modules,$startmodule,$usertheme,$type,$active,$language,$groups,$groupid,$insert_id); |
|---|
| | | } |
|---|
| | | |
|---|
| | | function ispconfig_sysuser_update($params, $client_id){ |
|---|
| | |
|---|
| | | $client_id = $app->functions->intval($client_id); |
|---|
| | | if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($clear_password)); |
|---|
| | | else $password = $clear_password; |
|---|
| | | if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ; |
|---|
| | | $sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id"; |
|---|
| | | $app->db->query($sql); |
|---|
| | | $params = array($username); |
|---|
| | | if ($clear_password) { |
|---|
| | | $pwstring = ", passwort = ?"; |
|---|
| | | $params[] = $password; |
|---|
| | | } else { |
|---|
| | | $pwstring ="" ; |
|---|
| | | } |
|---|
| | | $params[] = $client_id; |
|---|
| | | $sql = "UPDATE sys_user set username = ? $pwstring WHERE client_id = ?"; |
|---|
| | | $app->db->query($sql, true, $params); |
|---|
| | | } |
|---|
| | | |
|---|
| | | function ispconfig_sysuser_delete($client_id){ |
|---|
| | | global $app; |
|---|
| | | $client_id = $app->functions->intval($client_id); |
|---|
| | | $sql = "DELETE FROM sys_user WHERE client_id = $client_id"; |
|---|
| | | $app->db->query($sql); |
|---|
| | | $sql = "DELETE FROM sys_group WHERE client_id = $client_id"; |
|---|
| | | $app->db->query($sql); |
|---|
| | | $sql = "DELETE FROM sys_user WHERE client_id = ?"; |
|---|
| | | $app->db->query($sql, $client_id); |
|---|
| | | $sql = "DELETE FROM sys_group WHERE client_id = ?"; |
|---|
| | | $app->db->query($sql, $client_id); |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
