From 28cd07d1a75c4e9dcaecac49efee0091f2fc62fa Mon Sep 17 00:00:00 2001
From: A. Täffner <darkalex@firesplash.de>
Date: Thu, 07 Apr 2016 05:30:49 -0400
Subject: [PATCH] Implemented a checkbox "enable DNSSEC" in DNS-Wizard. This Checkbox can be enabled or disabled by template.
---
interface/lib/classes/remote.d/client.inc.php | 847 ++++++++++++++++++++++++++++++++++---------------------
1 files changed, 522 insertions(+), 325 deletions(-)
diff --git a/interface/lib/classes/remote.d/client.inc.php b/interface/lib/classes/remote.d/client.inc.php
index ae5086b..c9441f5 100644
--- a/interface/lib/classes/remote.d/client.inc.php
+++ b/interface/lib/classes/remote.d/client.inc.php
@@ -39,19 +39,19 @@
*/
class remoting_client extends remoting {
-/*
- *
- *
- *
+ /*
+ *
+ *
+ *
* * Client functions
- *
- *
+ *
+ *
*/
//* Get client details
public function client_get($session_id, $client_id)
- {
+ {
global $app;
-
+
if(!$this->checkPerm($session_id, 'client_get')) {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
@@ -59,304 +59,361 @@
$app->uses('remoting_lib');
$app->remoting_lib->loadFormDef('../client/form/client.tform.php');
$data = $app->remoting_lib->getDataRecord($client_id);
-
- // we need to get the new-style templates for backwards-compatibility - maybe we remove this in a later version
- if(is_array($data) && count($data) > 0) {
- if(isset($data['client_id'])) {
- // this is a single record
- if($data['template_additional'] == '') {
- $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ' . $data['client_id']);
- $tpl_arr = array();
- if($tpls) {
- foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
- }
- $data['template_additional'] = implode('/', $tpl_arr);
- unset($tpl_arr);
- unset($tpls);
- }
- } elseif(isset($data[0]['client_id'])) {
- // multiple client records
- foreach($data as $index => $client) {
- if($client['template_additional'] == '') {
- $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ' . $client['client_id']);
- $tpl_arr = array();
- if($tpls) {
- foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
- }
- $data[$index]['template_additional'] = implode('/', $tpl_arr); // dont use the $client array here - changes would not be returned to soap
- }
- unset($tpl_arr);
- unset($tpls);
- }
- }
- }
-
- return $data;
+
+ // we need to get the new-style templates for backwards-compatibility - maybe we remove this in a later version
+ if(is_array($data) && count($data) > 0) {
+ if(isset($data['client_id'])) {
+ // this is a single record
+ if($data['template_additional'] == '') {
+ $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $data['client_id']);
+ $tpl_arr = array();
+ if($tpls) {
+ foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
+ }
+ $data['template_additional'] = implode('/', $tpl_arr);
+ unset($tpl_arr);
+ unset($tpls);
+ }
+ } elseif(isset($data[0]['client_id'])) {
+ // multiple client records
+ foreach($data as $index => $client) {
+ if($client['template_additional'] == '') {
+ $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $client['client_id']);
+ $tpl_arr = array();
+ if($tpls) {
+ foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
+ }
+ $data[$index]['template_additional'] = implode('/', $tpl_arr); // dont use the $client array here - changes would not be returned to soap
+ }
+ unset($tpl_arr);
+ unset($tpls);
+ }
+ }
+ }
+
+ return $data;
}
-
+
public function client_get_id($session_id, $sys_userid)
- {
+ {
global $app;
if(!$this->checkPerm($session_id, 'client_get_id')) {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
-
+
$sys_userid = $app->functions->intval($sys_userid);
-
- $rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ".$sys_userid);
+
+ $rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ?", $sys_userid);
if(isset($rec['client_id'])) {
return $app->functions->intval($rec['client_id']);
} else {
throw new SoapFault('no_client_found', 'There is no sysuser account for this client ID.');
return false;
}
-
+
}
- public function client_get_groupid($session_id, $client_id)
- {
+ //* Get the contact details to send a email like email address, name, etc.
+ public function client_get_emailcontact($session_id, $client_id) {
global $app;
- if(!$this->checkPerm($session_id, 'client_get_id')) {
+
+ if(!$this->checkPerm($session_id, 'client_get_emailcontact')) {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
$client_id = $app->functions->intval($client_id);
+
+ $rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ?", $client_id);
- $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client_id);
+ if(is_array($rec)) {
+ return $rec;
+ } else {
+ throw new SoapFault('no_client_found', 'There is no client with this client ID.');
+ return false;
+ }
+ }
+
+ public function client_get_groupid($session_id, $client_id)
+ {
+ global $app;
+ if(!$this->checkPerm($session_id, 'client_get_id')) {
+ throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ $client_id = $app->functions->intval($client_id);
+
+ $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
if(isset($rec['groupid'])) {
return $app->functions->intval($rec['groupid']);
} else {
throw new SoapFault('no_group_found', 'There is no group for this client ID.');
return false;
}
-
+
}
-
-
+
+
public function client_add($session_id, $reseller_id, $params)
{
+ global $app;
+
if (!$this->checkPerm($session_id, 'client_add'))
- {
- throw new SoapFault('permission_denied','You do not have the permissions to access this function.');
- return false;
+ {
+ throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+ if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
+
+ if($params['parent_client_id']) {
+ // check if this one is reseller
+ $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
+ if($check['limit_client'] == 0) {
+ $this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
+ return false;
}
- if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
- $affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php',$reseller_id, $params);
- return $affected_rows;
-
+
+ if(isset($params['limit_client']) && $params['limit_client'] != 0) {
+ $this->server->fault('Invalid reseller', 'Reseller cannot be client of another reseller.');
+ return false;
+ }
+ }
+
+ $affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params);
+
+ return $affected_rows;
+
}
-
+
public function client_update($session_id, $client_id, $reseller_id, $params)
{
- global $app;
-
- if (!$this->checkPerm($session_id, 'client_update'))
- {
- throw new SoapFault('permission_denied','You do not have the permissions to access this function.');
- return false;
- }
-
- $app->uses('remoting_lib');
- $app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php');
- $old_rec = $app->remoting_lib->getDataRecord($client_id);
-
- // we need the previuos templates assigned here
- $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $client_id);
- if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
- // check previous type of storing templates
- $tpls = explode('/', $old_rec['template_additional']);
- $this->oldTemplatesAssigned = array();
- foreach($tpls as $item) {
- $item = trim($item);
- if(!$item) continue;
- $this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id);
- }
- unset($tpls);
- }
- if(isset($params['template_additional'])) {
- $app->uses('client_templates');
- $templates = explode('/', $params['template_additional']);
- $params['template_additional'] = '';
- $app->client_templates->update_client_templates($client_id, $templates);
- unset($templates);
- }
+ global $app;
-
- if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
- $affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_update');
-
- $app->remoting_lib->ispconfig_sysuser_update($params,$client_id);
-
- return $affected_rows;
+ if (!$this->checkPerm($session_id, 'client_update'))
+ {
+ throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ $app->uses('remoting_lib');
+ $app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php');
+ $old_rec = $app->remoting_lib->getDataRecord($client_id);
+
+ //* merge old record with params, so only new values have to be set in $params
+ $params = $app->functions->array_merge($old_rec,$params);
+
+ if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
+
+ if($params['parent_client_id']) {
+ // check if this one is reseller
+ $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
+ if($check['limit_client'] == 0) {
+ $this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
+ return false;
+ }
+
+ if(isset($params['limit_client']) && $params['limit_client'] != 0) {
+ $this->server->fault('Invalid reseller', 'Reseller cannot be client of another reseller.');
+ return false;
+ }
+ }
+
+ // we need the previuos templates assigned here
+ $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
+ if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
+ // check previous type of storing templates
+ $tpls = explode('/', $old_rec['template_additional']);
+ $this->oldTemplatesAssigned = array();
+ foreach($tpls as $item) {
+ $item = trim($item);
+ if(!$item) continue;
+ $this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id);
+ }
+ unset($tpls);
+ }
+ if(isset($params['template_additional'])) {
+ $app->uses('client_templates');
+ $templates = explode('/', $params['template_additional']);
+ $params['template_additional'] = '';
+ $app->client_templates->update_client_templates($client_id, $templates);
+ unset($templates);
+ }
+
+
+ $affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_update');
+
+ $app->remoting_lib->ispconfig_sysuser_update($params, $client_id);
+
+ return $affected_rows;
}
-
- public function client_template_additional_get($session_id, $client_id) {
- global $app;
+
+ public function client_template_additional_get($session_id, $client_id) {
+ global $app;
if(!$this->checkPerm($session_id, 'client_get')) {
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
-
- if(@is_numeric($client_id)) {
- $sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ".$client_id;
- return $app->db->queryOneRecord($sql);
- } else {
- $this->server->fault('The ID must be an integer.');
- return array();
- }
- }
-
- private function _set_client_formdata($client_id) {
- global $app;
-
- $this->id = $client_id;
- $this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ' . $client_id);
- $this->oldDataRecord = $this->dataRecord;
-
- $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ' . $client_id);
- if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
- // check previous type of storing templates
- $tpls = explode('/', $this->oldDataRecord['template_additional']);
- $this->oldTemplatesAssigned = array();
- foreach($tpls as $item) {
- $item = trim($item);
- if(!$item) continue;
- $this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id);
- }
- unset($tpls);
- }
- }
-
- public function client_template_additional_add($session_id, $client_id, $template_id) {
- global $app;
-
- if(!$this->checkPerm($session_id, 'client_update')) {
- $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
- return false;
- }
-
- if(@is_numeric($client_id) && @is_numeric($template_id)) {
- // check if client exists
- $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ' . $client_id);
- if(!$check) {
- $this->server->fault('Invalid client');
- return false;
- }
- // check if template exists
- $check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ' . $template_id);
- if(!$check) {
- $this->server->fault('Invalid template');
- return false;
- }
-
- // for the update event we have to cheat a bit
- $this->_set_client_formdata($client_id);
-
- $sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (" . $client_id . ", " . $template_id . ")";
- $app->db->query($sql);
- $insert_id = $app->db->insertID();
-
- $app->plugin->raiseEvent('client:client:on_after_update',$this);
-
- return $insert_id;
- } else {
- $this->server->fault('The IDs must be of type integer.');
- return false;
- }
- }
- public function client_template_additional_delete($session_id, $client_id, $assigned_template_id) {
- global $app;
-
- if(!$this->checkPerm($session_id, 'client_update')) {
- $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
- return false;
+ if(@is_numeric($client_id)) {
+ $sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ?";
+ return $app->db->queryOneRecord($sql, $client_id);
+ } else {
+ $this->server->fault('The ID must be an integer.');
+ return array();
}
-
- if(@is_numeric($client_id) && @is_numeric($template_id)) {
- // check if client exists
- $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ' . $client_id);
- if(!$check) {
- $this->server->fault('Invalid client');
- return false;
- }
- // check if template exists
- $check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $assigned_template_id);
- if(!$check) {
- $this->server->fault('Invalid template');
- return false;
- }
-
- // for the update event we have to cheat a bit
- $this->_set_client_formdata($client_id);
-
- $sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = " . $template_id . " AND `client_id` = " . $client_id;
- $app->db->query($sql);
- $affected_rows = $app->db->affectedRows();
-
- $app->plugin->raiseEvent('client:client:on_after_update',$this);
-
- return $affected_rows;
- } else {
- $this->server->fault('The IDs must be of type integer.');
- return false;
- }
- }
-
- public function client_delete($session_id,$client_id)
- {
- global $app;
-
- if (!$this->checkPerm($session_id, 'client_delete'))
- {
- throw new SoapFault('permission_denied','You do not have the permissions to access this function.');
- return false;
- }
- $affected_rows = $this->deleteQuery('../client/form/client.tform.php',$client_id);
-
- $app->remoting_lib->ispconfig_sysuser_delete($client_id);
-
- return $affected_rows;
}
-
- // -----------------------------------------------------------------------------------------------
-
- public function client_delete_everything($session_id, $client_id)
- {
- global $app, $conf;
-
- if(!$this->checkPerm($session_id, 'client_delete_everything')) {
- throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
- return false;
+
+ private function _set_client_formdata($client_id) {
+ global $app;
+
+ $this->id = $client_id;
+ $this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ?', $client_id);
+ $this->oldDataRecord = $this->dataRecord;
+
+ $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
+ if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
+ // check previous type of storing templates
+ $tpls = explode('/', $this->oldDataRecord['template_additional']);
+ $this->oldTemplatesAssigned = array();
+ foreach($tpls as $item) {
+ $item = trim($item);
+ if(!$item) continue;
+ $this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id);
+ }
+ unset($tpls);
}
-
+ }
+
+ public function client_template_additional_add($session_id, $client_id, $template_id) {
+ global $app;
+
+ if(!$this->checkPerm($session_id, 'client_update')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ if(@is_numeric($client_id) && @is_numeric($template_id)) {
+ // check if client exists
+ $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
+ if(!$check) {
+ $this->server->fault('Invalid client');
+ return false;
+ }
+ // check if template exists
+ $check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ?', $template_id);
+ if(!$check) {
+ $this->server->fault('Invalid template');
+ return false;
+ }
+
+ // for the update event we have to cheat a bit
+ $this->_set_client_formdata($client_id);
+
+ $sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)";
+ $app->db->query($sql, $client_id, $template_id);
+ $insert_id = $app->db->insertID();
+
+ $app->plugin->raiseEvent('client:client:on_after_update', $this);
+
+ return $insert_id;
+ } else {
+ $this->server->fault('The IDs must be of type integer.');
+ return false;
+ }
+ }
+
+ public function client_template_additional_delete($session_id, $client_id, $assigned_template_id) {
+ global $app;
+
+ if(!$this->checkPerm($session_id, 'client_update')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ if(@is_numeric($client_id) && @is_numeric($template_id)) {
+ // check if client exists
+ $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
+ if(!$check) {
+ $this->server->fault('Invalid client');
+ return false;
+ }
+ // check if template exists
+ $check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $assigned_template_id);
+ if(!$check) {
+ $this->server->fault('Invalid template');
+ return false;
+ }
+
+ // for the update event we have to cheat a bit
+ $this->_set_client_formdata($client_id);
+
+ $sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ? AND `client_id` = ?";
+ $app->db->query($sql, $template_id, $client_id);
+ $affected_rows = $app->db->affectedRows();
+
+ $app->plugin->raiseEvent('client:client:on_after_update', $this);
+
+ return $affected_rows;
+ } else {
+ $this->server->fault('The IDs must be of type integer.');
+ return false;
+ }
+ }
+
+ public function client_delete($session_id, $client_id)
+ {
+ global $app;
+
+ if (!$this->checkPerm($session_id, 'client_delete'))
+ {
+ throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+ $affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id);
+
+ $app->remoting_lib->ispconfig_sysuser_delete($client_id);
+
+ return $affected_rows;
+ }
+
+ // -----------------------------------------------------------------------------------------------
+
+ public function client_delete_everything($session_id, $client_id)
+ {
+ global $app, $conf;
+
+ if(!$this->checkPerm($session_id, 'client_delete_everything')) {
+ throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
$client_id = $app->functions->intval($client_id);
- if($client_id > 0) {
+ if($client_id > 0) {
//* remove the group of the client from the resellers group
$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
- $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = $parent_client_id");
- $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = $client_id");
- $app->auth->remove_group_from_user($parent_user['userid'],$client_group['groupid']);
-
+ $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
+ $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
+ $app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);
+
//* delete the group of the client
- $app->db->query("DELETE FROM sys_group WHERE client_id = $client_id");
-
+ $app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
+
//* delete the sys user(s) of the client
- $app->db->query("DELETE FROM sys_user WHERE client_id = $client_id");
-
+ $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
+
//* Delete all records (sub-clients, mail, web, etc....) of this client.
- $tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic';
- $tables_array = explode(',',$tables);
+ $tables = 'cron,client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic,domain';
+ $tables_array = explode(',', $tables);
$client_group_id = $app->functions->intval($client_group['groupid']);
-
+
if($client_group_id > 1) {
foreach($tables_array as $table) {
if($table != '') {
- $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ".$client_group_id);
+ $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ?", $client_group_id);
//* find the primary ID of the table
$table_info = $app->db->tableInfo($table);
$index_field = '';
@@ -371,121 +428,261 @@
$app->db->datalogDelete($table, $index_field, $rec[$index_field]);
//* Delete traffic records that dont have a sys_groupid column
if($table == 'web_domain') {
- $app->db->query("DELETE FROM web_traffic WHERE hostname = '".$app->db->quote($rec['domain'])."'");
+ $app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']);
}
//* Delete mail_traffic records that dont have a sys_groupid
if($table == 'mail_user') {
- $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = '".$app->db->quote($rec['mailuser_id'])."'");
+ $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']);
}
}
}
}
-
+
}
}
}
-
+
}
-
+
if (!$this->checkPerm($session_id, 'client_delete')) {
- throw new SoapFault('permission_denied','You do not have the permissions to access this function.');
+ throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
- $affected_rows = $this->deleteQuery('../client/form/client.tform.php',$client_id);
+ $affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id);
- return $affected_rows;
+ return $affected_rows;
}
+
/**
* Get sys_user information by username
- * @param int session id
- * @param string user's name
- * @return mixed false if error
- * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
+ * @param int session id
+ * @param string user's name
+ * @return mixed false if error
+ * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
*/
+
+
public function client_get_by_username($session_id, $username) {
- global $app;
- if(!$this->checkPerm($session_id, 'client_get_by_username')) {
+ global $app;
+ if(!$this->checkPerm($session_id, 'client_get_by_username')) {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
- }
- $username = $app->db->quote($username);
- $rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = '".$username."'");
- if (isset($rec)) {
+ }
+ $rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $username);
+ if (isset($rec)) {
return $rec;
- } else {
+ } else {
throw new SoapFault('no_client_found', 'There is no user account for this user name.');
return false;
- }
- }
- /**
- * Get All client_id's from database
- * @param int session_id
- * @return Array of all client_id's
- */
- public function client_get_all($session_id) {
- global $app;
- if(!$this->checkPerm($session_id, 'client_get_all')) {
- throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
- return false;
- }
- $result = $app->db->queryAllRecords("SELECT client_id FROM client WHERE 1");
- if(!$result) {
- return false;
- }
- foreach( $result as $record) {
- $rarrary[] = $record['client_id'];
- }
- return $rarrary;
+ }
+ }
+
+ public function client_get_by_customer_no($session_id, $customer_no) {
+ global $app;
+ if(!$this->checkPerm($session_id, 'client_get_by_customer_no')) {
+ throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+ $customer_no = trim($customer_no);
+ if($customer_no == '') {
+ throw new SoapFault('permission_denied', 'There was no customer number specified.');
+ return false;
+ }
+ $customer_no = $app->db->quote($customer_no);
+ $rec = $app->db->queryOneRecord("SELECT * FROM client WHERE customer_no = '".$customer_no."'");
+ if (isset($rec)) {
+ return $rec;
+ } else {
+ throw new SoapFault('no_client_found', 'There is no user account for this customer number.');
+ return false;
+ }
}
- /**
- * Changes client password
- *
- * @param int session id
- * @param int client id
- * @param string new password
- * @return bool true if success
- * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
- *
- */
- public function client_change_password($session_id, $client_id, $new_password) {
- global $app;
-
- if(!$this->checkPerm($session_id, 'client_change_password')) {
+ /**
+ * Get All client_id's from database
+ * @param int session_id
+ * @return Array of all client_id's
+ */
+ public function client_get_all($session_id) {
+ global $app;
+ if(!$this->checkPerm($session_id, 'client_get_all')) {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
- return false;
- }
- $client_id = $app->functions->intval($client_id);
- $client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ".$client_id);
- if($client['client_id'] > 0) {
- $new_password = $app->db->quote($new_password);
- $sql = "UPDATE client SET password = md5('".($new_password)."') WHERE client_id = ".$client_id;
- $app->db->query($sql);
- $sql = "UPDATE sys_user SET passwort = md5('".($new_password)."') WHERE client_id = ".$client_id;
- $app->db->query($sql);
- return true;
- } else {
- throw new SoapFault('no_client_found', 'There is no user account for this client_id');
return false;
- }
- }
+ }
+ $result = $app->db->queryAllRecords("SELECT client_id FROM client WHERE 1");
+ if(!$result) {
+ return false;
+ }
+ foreach( $result as $record) {
+ $rarrary[] = $record['client_id'];
+ }
+ return $rarrary;
+ }
/**
- * Get all client templates
- * @param int session id
- * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
+ * Changes client password
+ *
+ * @param int session id
+ * @param int client id
+ * @param string new password
+ * @return bool true if success
+ *
+ */
+ public function client_change_password($session_id, $client_id, $new_password) {
+ global $app;
+
+ $app->uses('auth');
+
+ if(!$this->checkPerm($session_id, 'client_change_password')) {
+ throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ $client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id);
+ if($client['client_id'] > 0) {
+ $new_password = $app->auth->crypt_password($new_password);
+ $sql = "UPDATE client SET password = ? WHERE client_id = ?";
+ $app->db->query($sql, $new_password, $client_id);
+ $sql = "UPDATE sys_user SET passwort = ? WHERE client_id = ?";
+ $app->db->query($sql, $new_password, $client_id);
+ return true;
+ } else {
+ throw new SoapFault('no_client_found', 'There is no user account for this client_id');
+ return false;
+ }
+ }
+
+ /**
+ * Get all client templates
+ * @param int session id
+ * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
*/
public function client_templates_get_all($session_id) {
global $app;
if(!$this->checkPerm($session_id, 'client_templates_get_all')) {
- throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
- return false;
+ throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
}
- $sql = "SELECT * FROM client_template";
+ $sql = "SELECT * FROM client_template";
$result = $app->db->queryAllRecords($sql);
- return $result;
- }
+ return $result;
+ }
+
+ public function client_login_get($session_id,$username,$password,$remote_ip = '') {
+ global $app;
+
+ //* Check permissions
+ if(!$this->checkPerm($session_id, 'client_get')) {
+ throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+
+ //* Check username and password
+ if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $username)) {
+ throw new SoapFault('user_regex_error', 'Username contains invalid characters.');
+ return false;
+ }
+ if(!preg_match("/^.{1,64}$/i", $password)) {
+ throw new SoapFault('password_length_error', 'Invalid password length or no password provided.');
+ return false;
+ }
+
+ //* Check failed logins
+ $sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
+ $alreadyfailed = $app->db->queryOneRecord($sql, $remote_ip);
+
+ //* too many failedlogins
+ if($alreadyfailed['times'] > 5) {
+ throw new SoapFault('error_user_too_many_logins', 'Too many failed logins.');
+ return false;
+ }
+
+
+ //*Set variables
+ $returnval == false;
+
+ if(strstr($username,'@')) {
+ // Check against client table
+ $sql = "SELECT * FROM client WHERE email = ?";
+ $user = $app->db->queryOneRecord($sql, $username);
+ if($user) {
+ $saved_password = stripslashes($user['password']);
+
+ if(substr($saved_password, 0, 3) == '$1$') {
+ //* The password is crypt-md5 encrypted
+ $salt = '$1$'.substr($saved_password, 3, 8).'$';
+
+ if(crypt(stripslashes($password), $salt) != $saved_password) {
+ $user = false;
+ }
+ } else {
+
+ //* The password is md5 encrypted
+ if(md5($password) != $saved_password) {
+ $user = false;
+ }
+ }
+ }
+
+ if(is_array($user)) {
+ $returnval = array( 'username' => $user['username'],
+ 'type' => 'user',
+ 'client_id' => $user['client_id'],
+ 'language' => $user['language'],
+ 'country' => $user['country']);
+ }
+
+ } else {
+ // Check against sys_user table
+ $sql = "SELECT * FROM sys_user WHERE username = ?";
+ $user = $app->db->queryOneRecord($sql, $username);
+
+ if($user) {
+ $saved_password = stripslashes($user['passwort']);
+
+ if(substr($saved_password, 0, 3) == '$1$') {
+ //* The password is crypt-md5 encrypted
+ $salt = '$1$'.substr($saved_password, 3, 8).'$';
+
+ if(crypt(stripslashes($password), $salt) != $saved_password) {
+ $user = false;
+ }
+ } else {
+
+ //* The password is md5 encrypted
+ if(md5($password) != $saved_password) {
+ $user = false;
+ }
+ }
+ }
+
+ if(is_array($user)) {
+ $returnval = array( 'username' => $user['username'],
+ 'type' => $user['typ'],
+ 'client_id' => $user['client_id'],
+ 'language' => $user['language'],
+ 'country' => 'de');
+ } else {
+ throw new SoapFault('login_failed', 'Login failed.');
+ }
+ }
+
+ //* Log failed login attempts
+ if($user === false) {
+ if(!$alreadyfailed['times'] ) {
+ //* user login the first time wrong
+ $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
+ $app->db->query($sql, $remote_ip);
+ } elseif($alreadyfailed['times'] >= 1) {
+ //* update times wrong
+ $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) ORDER BY `login_time` DESC LIMIT 1";
+ $app->db->query($sql, $remote_ip);
+ }
+ }
+
+ return $returnval;
+ }
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1