From 39dd4ecc8b4a2b3b98a7ffe7056ae64240b22d56 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Sun, 11 May 2014 17:39:37 -0400
Subject: [PATCH] - Added functions client_get_emailcontact and client_login_get to remote api. - Add option to _get functions of the remote-api to return all records when primaryID = -1 - Fixed permission problem in _get functions of remote api. - Fixed typo in german dashboard language file.
---
interface/lib/classes/remote.d/client.inc.php | 138 ++++++++++++++++++++++++++++++++++++++++++++++
interface/lib/classes/remoting_lib.inc.php | 13 ++++
interface/web/dashboard/lib/lang/de.lng | 2
interface/web/client/lib/remote.conf.php | 2
4 files changed, 152 insertions(+), 3 deletions(-)
diff --git a/interface/lib/classes/remote.d/client.inc.php b/interface/lib/classes/remote.d/client.inc.php
index e0dcad8..5cafc62 100644
--- a/interface/lib/classes/remote.d/client.inc.php
+++ b/interface/lib/classes/remote.d/client.inc.php
@@ -113,6 +113,27 @@
}
}
+
+ //* Get the contact details to send a email like email address, name, etc.
+ public function client_get_emailcontact($session_id, $client_id) {
+ global $app;
+
+ if(!$this->checkPerm($session_id, 'client_get_emailcontact')) {
+ throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ $client_id = $app->functions->intval($client_id);
+
+ $rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ".$client_id);
+
+ if(is_array($rec)) {
+ return $rec;
+ } else {
+ throw new SoapFault('no_client_found', 'There is no client with this client ID.');
+ return false;
+ }
+ }
public function client_get_groupid($session_id, $client_id)
{
@@ -489,6 +510,123 @@
$result = $app->db->queryAllRecords($sql);
return $result;
}
+
+ public function client_login_get($session_id,$username,$password,$remote_ip = '') {
+ global $app;
+
+ //* Check permissions
+ if(!$this->checkPerm($session_id, 'client_get')) {
+ throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ //* Check username and password
+ if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $username)) {
+ throw new SoapFault('user_regex_error', 'Username contains invalid characters.');
+ return false;
+ }
+ if(!preg_match("/^.{1,64}$/i", $password)) {
+ throw new SoapFault('password_length_error', 'Invalid password length or no password provided.');
+ return false;
+ }
+
+ //* Check failed logins
+ $sql = "SELECT * FROM `attempts_login` WHERE `ip`= '".$app->db->quote($remote_ip)."' AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
+ $alreadyfailed = $app->db->queryOneRecord($sql);
+
+ //* too many failedlogins
+ if($alreadyfailed['times'] > 5) {
+ throw new SoapFault('error_user_too_many_logins', 'Too many failed logins.');
+ return false;
+ }
+
+
+ //*Set variables
+ $returnval == false;
+
+ if(strstr($username,'@')) {
+ // Check against client table
+ $sql = "SELECT * FROM client WHERE email = '".$app->db->quote($username)."'";
+ $user = $app->db->queryOneRecord($sql);
+
+ if($user) {
+ $saved_password = stripslashes($user['password']);
+
+ if(substr($saved_password, 0, 3) == '$1$') {
+ //* The password is crypt-md5 encrypted
+ $salt = '$1$'.substr($saved_password, 3, 8).'$';
+
+ if(crypt(stripslashes($password), $salt) != $saved_password) {
+ $user = false;
+ }
+ } else {
+
+ //* The password is md5 encrypted
+ if(md5($password) != $saved_password) {
+ $user = false;
+ }
+ }
+ }
+
+ if(is_array($user)) {
+ $returnval = array( 'username' => $user['username'],
+ 'type' => 'user',
+ 'client_id' => $user['client_id'],
+ 'language' => $user['language'],
+ 'country' => $user['country']);
+ }
+
+ } else {
+ // Check against sys_user table
+ $sql = "SELECT * FROM sys_user WHERE username = '".$app->db->quote($username)."'";
+ $user = $app->db->queryOneRecord($sql);
+
+ if($user) {
+ $saved_password = stripslashes($user['passwort']);
+
+ if(substr($saved_password, 0, 3) == '$1$') {
+ //* The password is crypt-md5 encrypted
+ $salt = '$1$'.substr($saved_password, 3, 8).'$';
+
+ if(crypt(stripslashes($password), $salt) != $saved_password) {
+ $user = false;
+ }
+ } else {
+
+ //* The password is md5 encrypted
+ if(md5($password) != $saved_password) {
+ $user = false;
+ }
+ }
+ }
+
+ if(is_array($user)) {
+ $returnval = array( 'username' => $user['username'],
+ 'type' => $user['typ'],
+ 'client_id' => $user['client_id'],
+ 'language' => $user['language'],
+ 'country' => 'de');
+ } else {
+ throw new SoapFault('login_failed', 'Login failed.');
+ }
+ }
+
+ //* Log failed login attempts
+ if($user === false) {
+ $time = time();
+ if(!$alreadyfailed['times'] ) {
+ //* user login the first time wrong
+ $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES ('".$app->db->quote($remote_ip)."', 1, NOW())";
+ $app->db->query($sql);
+ } elseif($alreadyfailed['times'] >= 1) {
+ //* update times wrong
+ $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `login_time` >= '".$time."' LIMIT 1";
+ $app->db->query($sql);
+ }
+ }
+
+ return $returnval;
+ }
}
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 5d1b23d..d85612b 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -233,8 +233,19 @@
function getDataRecord($primary_id) {
global $app;
$escape = '`';
+ $this->loadUserProfile();
if(@is_numeric($primary_id)) {
- return parent::getDataRecord($primary_id);
+ if($primary_id > 0) {
+ // Return a single record
+ return parent::getDataRecord($primary_id);
+ } elseif($primary_id == -1) {
+ // Return a array with all records
+ $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape;
+ return $app->db->queryAllRecords($sql);
+ } else {
+ throw new SoapFault('invalid_id', 'The ID has to be > 0 or -1.');
+ return array();
+ }
} elseif (@is_array($primary_id) || @is_object($primary_id)) {
if(@is_object($primary_id)) $primary_id = get_object_vars($primary_id); // do not use cast (array)xxx because it returns private and protected properties!
$sql_offset = 0;
diff --git a/interface/web/client/lib/remote.conf.php b/interface/web/client/lib/remote.conf.php
index 56c7708..fd24dd5 100644
--- a/interface/web/client/lib/remote.conf.php
+++ b/interface/web/client/lib/remote.conf.php
@@ -1,6 +1,6 @@
<?php
-$function_list['client_get_all,client_get,client_add,client_update,client_delete,client_get_sites_by_user,client_get_by_username,client_change_password,client_get_id,client_delete_everything'] = 'Client functions';
+$function_list['client_get_all,client_get,client_add,client_update,client_delete,client_get_sites_by_user,client_get_by_username,client_change_password,client_get_id,client_delete_everything,client_get_emailcontact'] = 'Client functions';
$function_list['domains_domain_get,domains_domain_add,domains_domain_delete,domains_get_all_by_user'] = 'Domaintool functions';
$function_list['quota_get_by_user,mailquota_get_by_user'] = 'Quota functions';
diff --git a/interface/web/dashboard/lib/lang/de.lng b/interface/web/dashboard/lib/lang/de.lng
index debf754..45d6b1e 100644
--- a/interface/web/dashboard/lib/lang/de.lng
+++ b/interface/web/dashboard/lib/lang/de.lng
@@ -1,4 +1,4 @@
<?php
-$wb['welcome_user_txt'] = 'Herzlich Willkommen %s';
+$wb['welcome_user_txt'] = 'Herzlich willkommen %s';
$wb['available_modules_txt'] = 'Verfügbare Module';
?>
--
Gitblit v1.9.1