gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -113,6 +113,27 @@
			}

			}

			//* Get the contact details to send a email like email address, name, etc.
			public function client_get_emailcontact($session_id, $client_id) {
			global $app;

			if(!$this->checkPerm($session_id, 'client_get_emailcontact')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
			}

			$client_id = $app->functions->intval($client_id);

			$rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ".$client_id);

			if(is_array($rec)) {
			return $rec;
			} else {
			throw new SoapFault('no_client_found', 'There is no client with this client ID.');
			return false;
			}
			}

			public function client_get_groupid($session_id, $client_id)
			{
			@@ -137,13 +158,31 @@

			public function client_add($session_id, $reseller_id, $params)
			{
			global $app;

			if (!$this->checkPerm($session_id, 'client_add'))
			{
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
			}
			if(!isset($params['parent_client_id']) \|\| $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
			$affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params);

			if($params['parent_client_id']) {
			// check if this one is reseller
			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));
			if($check['limit_client'] == 0) {
			$this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
			return false;
			}

			if(isset($params['limit_client']) && $params['limit_client'] != 0) {
			$this->server->fault('Invalid reseller', 'Reseller cannot be client of another reseller.');
			return false;
			}
			}

			$affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params);

			return $affected_rows;

			}
			@@ -159,8 +198,27 @@
			}

			$app->uses('remoting_lib');
			$app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php');
			$app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php');
			$old_rec = $app->remoting_lib->getDataRecord($client_id);

			//* merge old record with params, so only new values have to be set in $params
			$params = $app->functions->array_merge($old_rec,$params);

			if(!isset($params['parent_client_id']) \|\| $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;

			if($params['parent_client_id']) {
			// check if this one is reseller
			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));
			if($check['limit_client'] == 0) {
			$this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
			return false;
			}

			if(isset($params['limit_client']) && $params['limit_client'] != 0) {
			$this->server->fault('Invalid reseller', 'Reseller cannot be client of another reseller.');
			return false;
			}
			}

			// we need the previuos templates assigned here
			$this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $client_id);
			@@ -184,8 +242,7 @@
			}


			if(!isset($params['parent_client_id']) \|\| $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
			$affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_update');
			$affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_update');

			$app->remoting_lib->ispconfig_sysuser_update($params, $client_id);

			@@ -489,6 +546,123 @@
			$result = $app->db->queryAllRecords($sql);
			return $result;
			}

			public function client_login_get($session_id,$username,$password,$remote_ip = '') {
			global $app;

			//* Check permissions
			if(!$this->checkPerm($session_id, 'client_get')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
			}

			//* Check username and password
			if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $username)) {
			throw new SoapFault('user_regex_error', 'Username contains invalid characters.');
			return false;
			}
			if(!preg_match("/^.{1,64}$/i", $password)) {
			throw new SoapFault('password_length_error', 'Invalid password length or no password provided.');
			return false;
			}

			//* Check failed logins
			$sql = "SELECT * FROM `attempts_login` WHERE `ip`= '".$app->db->quote($remote_ip)."' AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
			$alreadyfailed = $app->db->queryOneRecord($sql);

			//* too many failedlogins
			if($alreadyfailed['times'] > 5) {
			throw new SoapFault('error_user_too_many_logins', 'Too many failed logins.');
			return false;
			}


			//*Set variables
			$returnval == false;

			if(strstr($username,'@')) {
			// Check against client table
			$sql = "SELECT * FROM client WHERE email = '".$app->db->quote($username)."'";
			$user = $app->db->queryOneRecord($sql);

			if($user) {
			$saved_password = stripslashes($user['password']);

			if(substr($saved_password, 0, 3) == '$1$') {
			//* The password is crypt-md5 encrypted
			$salt = '$1$'.substr($saved_password, 3, 8).'$';

			if(crypt(stripslashes($password), $salt) != $saved_password) {
			$user = false;
			}
			} else {

			//* The password is md5 encrypted
			if(md5($password) != $saved_password) {
			$user = false;
			}
			}
			}

			if(is_array($user)) {
			$returnval = array( 'username' => $user['username'],
			'type' => 'user',
			'client_id' => $user['client_id'],
			'language' => $user['language'],
			'country' => $user['country']);
			}

			} else {
			// Check against sys_user table
			$sql = "SELECT * FROM sys_user WHERE username = '".$app->db->quote($username)."'";
			$user = $app->db->queryOneRecord($sql);

			if($user) {
			$saved_password = stripslashes($user['passwort']);

			if(substr($saved_password, 0, 3) == '$1$') {
			//* The password is crypt-md5 encrypted
			$salt = '$1$'.substr($saved_password, 3, 8).'$';

			if(crypt(stripslashes($password), $salt) != $saved_password) {
			$user = false;
			}
			} else {

			//* The password is md5 encrypted
			if(md5($password) != $saved_password) {
			$user = false;
			}
			}
			}

			if(is_array($user)) {
			$returnval = array( 'username' => $user['username'],
			'type' => $user['typ'],
			'client_id' => $user['client_id'],
			'language' => $user['language'],
			'country' => 'de');
			} else {
			throw new SoapFault('login_failed', 'Login failed.');
			}
			}

			//* Log failed login attempts
			if($user === false) {
			$time = time();
			if(!$alreadyfailed['times'] ) {
			//* user login the first time wrong
			$sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES ('".$app->db->quote($remote_ip)."', 1, NOW())";
			$app->db->query($sql);
			} elseif($alreadyfailed['times'] >= 1) {
			//* update times wrong
			$sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `login_time` >= '".$time."' LIMIT 1";
			$app->db->query($sql);
			}
			}

			return $returnval;
			}

			}