From 2bbc4c7761a6d0e97cc8f22bccbea94835fcbc7d Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Fri, 28 Aug 2009 06:55:06 -0400
Subject: [PATCH] Add the website user and group also to the passwd and group files in chroot enviroment.
---
interface/lib/classes/remoting.inc.php | 224 ++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 202 insertions(+), 22 deletions(-)
diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index dc31976..f3263dd 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -1,25 +1,63 @@
<?php
+/*
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ * Neither the name of ISPConfig nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
class remoting {
//* remote session timeout in seconds
private $session_timeout = 600;
- private $app;
+ private $server;
+
+ /*
+ These variables shall stay global.
+ Please do not make them private variables.
+
+ private $app;
private $conf;
- private $server;
+ */
public function __construct()
{
- global $app, $conf, $server;
+ global $server;
$this->server = $server;
+ /*
$this->app = $app;
$this->conf = $conf;
+ */
}
//* remote login function
public function login($username, $password)
{
+ global $app, $conf, $server;
+
if(empty($username)) {
$this->server->fault('login_username_empty', 'The login username is empty');
return false;
@@ -30,11 +68,11 @@
return false;
}
- $username = $this->app->db->quote($username);
- $password = $this->app->db->quote($password);
+ $username = $app->db->quote($username);
+ $password = $app->db->quote($password);
$sql = "SELECT * FROM remote_user WHERE remote_username = '$username' and remote_password = md5('$password')";
- $remote_user = $this->app->db->queryOneRecord($sql);
+ $remote_user = $app->db->queryOneRecord($sql);
if($remote_user['remote_userid'] > 0) {
//* Create a remote user session
srand ((double)microtime()*1000000);
@@ -45,7 +83,7 @@
$sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,tstamp'
.') VALUES ('
." '$remote_session',$remote_userid,'$remote_functions',$tstamp)";
- $this->app->db->query($sql);
+ $app->db->query($sql);
return $remote_session;
} else {
$this->server->fault('login_failed', 'The login failed. Username or password wrong.');
@@ -54,10 +92,11 @@
}
-
//* remote logout function
public function logout($session_id)
{
+ global $app;
+
if(empty($session_id)) {
$this->server->fault('session_id_empty', 'The SessionID is empty.');
return false;
@@ -66,32 +105,171 @@
$session_id = $app->db->quote($session_id);
$sql = "DELETE FROM remote_session WHERE remote_session = '$session_id'";
- $this->app->db->query($sql);
- return ($this->app->db->affectedRows() == 1);
+ $app->db->query($sql);
+ return ($app->db->affectedRows() == 1);
}
- public function mail_domain_add($session_id, $params)
+ //* Get mail domain details
+ public function mail_domain_get($session_id, $domain_id)
+ {
+ if(!$this->checkPerm($session_id, 'mail_domain_get')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+ $app->uses('remoting_lib');
+ $app->remoting_lib->loadFormDef('../mail/form/mail_domain.tform.php');
+ return $app->remoting_lib->getDataRecord($domain_id);
+ }
+
+ //* Add a mail domain
+ public function mail_domain_add($session_id, $client_id, $params)
{
if(!$this->checkPerm($session_id, 'mail_domain_add')) {
$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
-
- //* Form definition file, that is used for this table in the interafce
- $formdef = '../mail/form/mail_domain.tform.php';
-
- //* check the variables against the form definition and build the sql query automatically.
- // I will use a modified version of the tform class for this.
-
+ $domain_id = $this->insertQuery('../mail/form/mail_domain.tform.php',$client_id,$params);
+ return $domain_id;
+ }
+
+ //* Update a mail domain
+ public function mail_domain_update($session_id, $client_id, $domain_id, $params)
+ {
+ if(!$this->checkPerm($session_id, 'mail_domain_update')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+ $affected_rows = $this->updateQuery('../mail/form/mail_domain.tform.php',$client_id,$domain_id,$params);
+ return $affected_rows;
+ }
+
+ //* Delete a mail domain
+ public function mail_domain_delete($session_id, $domain_id)
+ {
+ if(!$this->checkPerm($session_id, 'mail_domain_delete')) {
+ $this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
+ return false;
+ }
+ $affected_rows = $this->updateQuery('../mail/form/mail_domain.tform.php',$domain_id);
+ return $affected_rows;
}
//** private functions -----------------------------------------------------------------------------------
- private function updateQuery($formdef, $params)
- {
+ private function insertQuery($formdef_file, $client_id, $params)
+ {
+ global $app;
+
+ $app->uses('remoting_lib');
+
+ //* Load the form definition
+ $app->remoting_lib->loadFormDef($formdef_file);
+
+ //* load the user profile of the client
+ $app->remoting_lib->loadUserProfile($client_id);
+
+ //* Get the SQL query
+ $sql = $app->remoting_lib->getSQL($params,'INSERT',0);
+ if($app->remoting_lib->errorMessage != '') {
+ $this->server->fault('data_processing_error', $app->remoting_lib->errorMessage);
+ return false;
+ }
+
+ $app->db->query($sql);
+
+ if($app->db->errorMessage != '') {
+ $this->server->fault('database_error', $app->db->errorMessage . ' '.$sql);
+ return false;
+ }
+
+ $insert_id = $app->db->insertID();
+
+ //* Save changes to Datalog
+ if($app->remoting_lib->formDef["db_history"] == 'yes') {
+ $new_rec = $app->remoting_lib->getDataRecord($insert_id);
+ $app->tform->datalogSave('INSERT',$primary_id,array(),$new_rec);
+ }
+
+
+
+
+ return $insert_id;
+ }
+
+
+ private function updateQuery($formdef_file, $client_id, $primary_id, $params)
+ {
+ global $app;
+
+ $app->uses('remoting_lib');
+
+ //* Load the form definition
+ $app->remoting_lib->loadFormDef($formdef_file);
+
+ //* load the user profile of the client
+ $app->remoting_lib->loadUserProfile($client_id);
+
+ //* Get the SQL query
+ $sql = $app->remoting_lib->getSQL($params,'UPDATE',$primary_id);
+ if($app->remoting_lib->errorMessage != '') {
+ $this->server->fault('data_processing_error', $app->remoting_lib->errorMessage);
+ return false;
+ }
+
+ $old_rec = $app->remoting_lib->getDataRecord($primary_id);
+
+ $app->db->query($sql);
+
+ if($app->db->errorMessage != '') {
+ $this->server->fault('database_error', $app->db->errorMessage . ' '.$sql);
+ return false;
+ }
+
+ $affected_rows = $app->db->affectedRows();
+
+ //* Save changes to Datalog
+ if($app->remoting_lib->formDef["db_history"] == 'yes') {
+ $new_rec = $app->remoting_lib->getDataRecord($primary_id);
+ $app->tform->datalogSave('UPDATE',$primary_id,$old_rec,$new_rec);
+ }
+
+
+
+ return $affected_rows;
+ }
+
+ private function deleteQuery($formdef_file, $primary_id)
+ {
+ global $app;
+
+ $app->uses('remoting_lib');
+
+ //* Load the form definition
+ $app->remoting_lib->loadFormDef($formdef_file);
+
+ //* Get the SQL query
+ $sql = $app->remoting_lib->getDeleteSQL($primary_id);
+
+ $app->db->query($sql);
+
+ if($app->db->errorMessage != '') {
+ $this->server->fault('database_error', $app->db->errorMessage . ' '.$sql);
+ return false;
+ }
+
+ $affected_rows = $app->db->affectedRows();
+
+ //* Save changes to Datalog
+ if($app->remoting_lib->formDef["db_history"] == 'yes') {
+ $rec = $app->remoting_lib->getDataRecord($primary_id);
+ $app->tform->datalogSave('DELETE',$primary_id,$rec,array());
+ }
+
+
+ return $affected_rows;
}
@@ -107,16 +285,18 @@
private function getSession($session_id)
{
+ global $app;
+
if(empty($session_id)) {
$this->server->fault('session_id_empty','The SessionID is empty.');
return false;
}
- $session_id = $this->app->db->quote($session_id);
+ $session_id = $app->db->quote($session_id);
$now = time();
$sql = "SELECT * FROM remote_session WHERE remote_session = '$session_id' AND tstamp >= $now";
- $session = $this->app->db->queryOneRecord($sql);
+ $session = $app->db->queryOneRecord($sql);
if($session['remote_userid'] > 0) {
return $session;
} else {
--
Gitblit v1.9.1