From 9867eff66f0d54ad948a0d38db00d352cf4ffc9a Mon Sep 17 00:00:00 2001
From: cfoe <cfoe@ispconfig3>
Date: Wed, 11 Jul 2012 04:06:20 -0400
Subject: [PATCH] added todo of removal of hardcoded html output
---
interface/lib/classes/remoting_lib.inc.php | 370 ++++++++++++++++++++++++++++++++++++++++------------
1 files changed, 285 insertions(+), 85 deletions(-)
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 0908275..784b9c4 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -26,6 +26,12 @@
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+--UPDATED 08.2009--
+Full SOAP support for ISPConfig 3.1.4 b
+Updated by Arkadiusz Roch & Artur Edelman
+Copyright (c) Tri-Plex technology
+
*/
/**
@@ -38,9 +44,9 @@
* Tabellendefinition
*
* Datentypen:
-* - INTEGER (Wandelt Ausdr�cke in Int um)
+* - INTEGER (Wandelt Ausdr�cke in Int um)
* - DOUBLE
-* - CURRENCY (Formatiert Zahlen nach W�hrungsnotation)
+* - CURRENCY (Formatiert Zahlen nach W�hrungsnotation)
* - VARCHAR (kein weiterer Format Check)
* - DATE (Datumsformat, Timestamp Umwandlung)
*
@@ -54,18 +60,14 @@
* - Wert oder Array
*
* SEPARATOR
-* - Trennzeichen f�r multiple Felder
+* - Trennzeichen f�r multiple Felder
*
* Hinweis:
-* Das ID-Feld ist nicht bei den Table Values einzuf�gen.
-*
-* @package form
-* @author Till Brehm
-* @version 1.1
+* Das ID-Feld ist nicht bei den Table Values einzuf�gen.
*/
class remoting_lib {
-
+
/**
* Definition of the database atble (array)
* @var tableDef
@@ -119,7 +121,7 @@
function loadFormDef($file) {
global $app,$conf;
- include_once($file);
+ include($file);
$this->formDef = $form;
unset($this->formDef['tabs']);
@@ -138,36 +140,39 @@
//* Load the user profile
function loadUserProfile($client_id = 0) {
global $app,$conf;
-
+
$client_id = intval($client_id);
-
+
if($client_id == 0) {
- $this->sys_username = 'admin';
- $this->sys_userid = 1;
- $this->sys_default_group = 1;
- $this->sys_groups = 1;
+ $this->sys_username = 'admin';
+ $this->sys_userid = 1;
+ $this->sys_default_group = 1;
+ $this->sys_groups = 1;
+ $_SESSION["s"]["user"]["typ"] = 'admin';
} else {
- //* Load the client data
- $client = $app->db->queryOneRecord("SELECT username FROM client WHERE client_id = $client_id");
- if($client["username"] == '') {
- $this->errorMessage .= 'No client with ID $client_id found.';
- return false;
- }
- //* load system user
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = '".$app->db->quote($client["username"])."'");
+ //* load system user - try with sysuser and before with userid (workarrond)
+ /*
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE sysuser_id = $client_id");
if(empty($user["userid"])) {
- $this->errorMessage .= 'No user with the username '.$client['username'].' found.';
- return false;
- }
- $this->sys_username = $user['username'];
- $this->sys_userid = $user['userid'];
- $this->sys_default_group = $user['default_group'];
- $this->sys_groups = $user['groups'];
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $client_id");
+ if(empty($user["userid"])) {
+ $this->errorMessage .= "No sysuser with the ID $client_id found.";
+ return false;
+ }
+ }*/
+
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $client_id");
+ $this->sys_username = $user['username'];
+ $this->sys_userid = $user['userid'];
+ $this->sys_default_group = $user['default_group'];
+ $this->sys_groups = $user['groups'];
+ // $_SESSION["s"]["user"]["typ"] = $user['typ'];
+ // we have to force admin priveliges for the remoting API as some function calls might fail otherwise.
+ $_SESSION["s"]["user"]["typ"] = 'admin';
}
-
- return true;
-
- }
+
+ return true;
+ }
/**
@@ -189,14 +194,27 @@
$new_record[$key] = stripslashes($record[$key]);
break;
- case 'DATE':
+ case 'DATETSTAMP':
if($record[$key] > 0) {
$new_record[$key] = date($this->dateformat,$record[$key]);
}
break;
+
+ case 'DATE':
+ if($record[$key] != '' && $record[$key] != '0000-00-00') {
+ $tmp = explode('-',$record[$key]);
+ $new_record[$key] = date($this->dateformat,mktime(0, 0, 0, $tmp[1] , $tmp[2], $tmp[0]));
+ }
+ break;
case 'INTEGER':
- $new_record[$key] = intval($record[$key]);
+ //* We use + 0 to force the string to be a number as
+ //* intval return value is too limited on 32bit systems
+ if(intval($record[$key]) == 2147483647) {
+ $new_record[$key] = $record[$key] + 0;
+ } else {
+ $new_record[$key] = intval($record[$key]);
+ }
break;
case 'DOUBLE':
@@ -282,7 +300,7 @@
* @return record
*/
function encode($record) {
-
+ global $app;
if(is_array($record)) {
foreach($this->formDef['fields'] as $key => $field) {
@@ -291,24 +309,42 @@
switch ($field['datatype']) {
case 'VARCHAR':
if(!@is_array($record[$key])) {
- $new_record[$key] = (isset($record[$key]))?addslashes($record[$key]):'';
+ $new_record[$key] = (isset($record[$key]))?$app->db->quote($record[$key]):'';
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
break;
case 'TEXT':
if(!is_array($record[$key])) {
- $new_record[$key] = addslashes($record[$key]);
+ $new_record[$key] = $app->db->quote($record[$key]);
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
break;
- case 'DATE':
+ case 'DATETSTAMP':
if($record[$key] > 0) {
list($tag,$monat,$jahr) = explode('.',$record[$key]);
$new_record[$key] = mktime(0,0,0,$monat,$tag,$jahr);
} else {
$new_record[$key] = 0;
+ }
+ break;
+ case 'DATE':
+ if($record[$key] != '' && $record[$key] != '0000-00-00') {
+ if(function_exists('date_parse_from_format')) {
+ $date_parts = date_parse_from_format($this->dateformat,$record[$key]);
+ //list($tag,$monat,$jahr) = explode('.',$record[$key]);
+ $new_record[$key] = $date_parts['year'].'-'.$date_parts['month'].'-'.$date_parts['day'];
+ //$tmp = strptime($record[$key],$this->dateformat);
+ //$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
+ } else {
+ //$tmp = strptime($record[$key],$this->dateformat);
+ //$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
+ $tmp = strtotime($record[$key]);
+ $new_record[$key] = date('Y-m-d',$tmp);
+ }
+ } else {
+ $new_record[$key] = '0000-00-00';
}
break;
case 'INTEGER':
@@ -317,10 +353,22 @@
//if($key == 'refresh') die($record[$key]);
break;
case 'DOUBLE':
- $new_record[$key] = addslashes($record[$key]);
+ $new_record[$key] = $app->db->quote($record[$key]);
break;
case 'CURRENCY':
$new_record[$key] = str_replace(",",".",$record[$key]);
+ break;
+
+ case 'DATETIME':
+ if (is_array($record[$key]))
+ {
+ $filtered_values = array_map(create_function('$item','return (int)$item;'), $record[$key]);
+ extract($filtered_values, EXTR_PREFIX_ALL, '_dt');
+
+ if ($_dt_day != 0 && $_dt_month != 0 && $_dt_year != 0) {
+ $new_record[$key] = date( 'Y-m-d H:i:s', mktime($_dt_hour, $_dt_minute, $_dt_second, $_dt_month, $_dt_day, $_dt_year) );
+ }
+ }
break;
}
@@ -364,9 +412,9 @@
if(!preg_match($validator['regex'], $field_value)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
- $this->errorMessage .= $errmsg."<br>\r\n";
+ $this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
@@ -376,9 +424,9 @@
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
- $this->errorMessage .= $errmsg."<br>\r\n";
+ $this->errorMessage .= $errmsg."<br />\r\n";
}
}
} else {
@@ -386,9 +434,9 @@
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
- $this->errorMessage .= $errmsg."<br>\r\n";
+ $this->errorMessage .= $errmsg."<br />\r\n";
}
}
}
@@ -397,42 +445,112 @@
if(empty($field_value)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
- $this->errorMessage .= $errmsg."<br>\r\n";
+ $this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
case 'ISEMAIL':
- if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $field_value)) {
+ if(function_exists('filter_var')) {
+ if(!filter_var($field_value, FILTER_VALIDATE_EMAIL)) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
+ } else {
+ if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
- $this->errorMessage .= $errmsg."<br>\r\n";
+ $this->errorMessage .= $errmsg."<br />\r\n";
}
}
+ }
break;
case 'ISINT':
+ if(function_exists('filter_var')) {
+ if($vield_value != '' && filter_var($field_value, FILTER_VALIDATE_INT) === false) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
+ } else {
$tmpval = intval($field_value);
if($tmpval === 0 and !empty($field_value)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
- $this->errorMessage .= $errmsg."<br>\r\n";
+ $this->errorMessage .= $errmsg."<br />\r\n";
}
}
+ }
break;
case 'ISPOSITIVE':
if(!is_numeric($field_value) || $field_value <= 0){
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
- $this->errorMessage .= $this->wordbook[$errmsg]."<br>\r\n";
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
- $this->errorMessage .= $errmsg."<br>\r\n";
+ $this->errorMessage .= $errmsg."<br />\r\n";
}
}
+ break;
+ case 'ISIPV4':
+ $vip=1;
+ if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
+ $groups=explode(".",$field_value);
+ foreach($groups as $group){
+ if($group<0 OR $group>255)
+ $vip=0;
+ }
+ }else{$vip=0;}
+ if($vip==0) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
+ break;
+ case 'ISIP':
+ //* Check if its a IPv4 or IPv6 address
+ if(function_exists('filter_var')) {
+ if(!filter_var($field_value,FILTER_VALIDATE_IP)) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
+ } else {
+ //* Check content with regex, if we use php < 5.2
+ $ip_ok = 0;
+ if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){
+ $ip_ok = 1;
+ }
+ if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
+ $ip_ok = 1;
+ }
+ if($ip_ok == 0) {
+ $errmsg = $validator['errmsg'];
+ if(isset($this->wordbook[$errmsg])) {
+ $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
+ } else {
+ $this->errorMessage .= $errmsg."<br />\r\n";
+ }
+ }
+ }
break;
case 'CUSTOM':
// Calls a custom class to validate this record
@@ -442,7 +560,7 @@
$app->uses($validator_class);
$this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator);
} else {
- $this->errorMessage .= "Custom validator class or function is empty<br>\r\n";
+ $this->errorMessage .= "Custom validator class or function is empty<br />\r\n";
}
break;
default:
@@ -488,17 +606,16 @@
if($field['formtype'] == 'PASSWORD') {
$sql_insert_key .= "`$key`, ";
if($field['encryption'] == 'CRYPT') {
- $salt="$1$";
- for ($n=0;$n<8;$n++) {
- $salt.=chr(mt_rand(64,126));
- }
- $salt.="$";
- // $salt = substr(md5(time()),0,2);
- $record[$key] = crypt($record[$key],$salt);
+ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
+ } elseif ($field['encryption'] == 'MYSQL') {
+ $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), ";
+ } elseif ($field['encryption'] == 'CLEARTEXT') {
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
} else {
- $record[$key] = md5($record[$key]);
+ $record[$key] = md5(stripslashes($record[$key]));
+ $sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
}
- $sql_insert_val .= "'".$record[$key]."', ";
} elseif ($field['formtype'] == 'CHECKBOX') {
$sql_insert_key .= "`$key`, ";
if($record[$key] == '') {
@@ -513,19 +630,19 @@
$sql_insert_val .= "'".$record[$key]."', ";
}
} else {
+
if($field['formtype'] == 'PASSWORD') {
- if($field['encryption'] == 'CRYPT') {
- $salt="$1$";
- for ($n=0;$n<8;$n++) {
- $salt.=chr(mt_rand(64,126));
- }
- $salt.="$";
- // $salt = substr(md5(time()),0,2);
- $record[$key] = crypt($record[$key],$salt);
+ if(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
+ $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
+ } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
+ $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), ";
+ } elseif (isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') {
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
} else {
- $record[$key] = md5($record[$key]);
+ $record[$key] = md5(stripslashes($record[$key]));
+ $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
}
- $sql_update .= "`$key` = '".$record[$key]."', ";
} elseif ($field['formtype'] == 'CHECKBOX') {
if($record[$key] == '') {
// if a checkbox is not set, we set it to the unchecked value
@@ -584,18 +701,105 @@
return $sql;
}
+
+ function getDeleteSQL($primary_id) {
+
+ if(stristr($this->formDef['db_table'],'.')) {
+ $escape = '';
+ } else {
+ $escape = '`';
+ }
+
+ $sql = "DELETE FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
+ return $sql;
+ }
function getDataRecord($primary_id) {
global $app;
$escape = '`';
- $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
- return $app->db->queryOneRecord($sql);
+ if(@is_numeric($primary_id)) {
+ $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
+ return $app->db->queryOneRecord($sql);
+ } elseif (@is_array($primary_id)) {
+ $sql_where = '';
+ foreach($primary_id as $key => $val) {
+ $key = $app->db->quote($key);
+ $val = $app->db->quote($val);
+ if(stristr($val,'%')) {
+ $sql_where .= "$key like '$val' AND ";
+ } else {
+ $sql_where .= "$key = '$val' AND ";
+ }
+ }
+ $sql_where = substr($sql_where,0,-5);
+ $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where;
+ return $app->db->queryAllRecords($sql);
+ } else {
+ $this->errorMessage = 'The ID must be either an integer or an array.';
+ return array();
+ }
+
+
+ }
+
+ function ispconfig_sysuser_add($params,$insert_id){
+ global $conf,$app,$sql1;
+ $username = $app->db->quote($params["username"]);
+ $password = $app->db->quote($params["password"]);
+ if(!isset($params['modules'])) {
+ $modules = $conf['interface_modules_enabled'];
+ } else {
+ $modules = $app->db->quote($params['modules']);
+ }
+ if(!isset($params['startmodule'])) {
+ $startmodule = 'dashboard';
+ } else {
+ $startmodule = $app->db->quote($params["startmodule"]);
+ if(!preg_match('/'.$startmodule.'/',$modules)) {
+ $_modules = explode(',',$modules);
+ $startmodule=$_modules[0];
+ }
+ }
+ $usertheme = $app->db->quote($params["usertheme"]);
+ $type = 'user';
+ $active = 1;
+ $insert_id = intval($insert_id);
+ $language = $app->db->quote($params["language"]);
+ $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
+ $groups = $groupid;
+ $password = $app->auth->crypt_password(stripslashes($password));
+ $sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
+ VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
+ $app->db->query($sql1);
}
+ function ispconfig_sysuser_update($params,$client_id){
+ global $app;
+ $username = $app->db->quote($params["username"]);
+ $clear_password = $app->db->quote($params["password"]);
+ $client_id = intval($client_id);
+ $password = $app->auth->crypt_password(stripslashes($clear_password));
+ if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ;
+ $sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id";
+ $app->db->query($sql);
+ }
+
+ function ispconfig_sysuser_delete($client_id){
+ global $app;
+ $client_id = intval($client_id);
+ $sql = "DELETE FROM sys_user WHERE client_id = $client_id";
+ $app->db->query($sql);
+ $sql = "DELETE FROM sys_group WHERE client_id = $client_id";
+ $app->db->query($sql);
+ }
function datalogSave($action,$primary_id, $record_old, $record_new) {
global $app,$conf;
+
+ $app->db->datalogSave($this->formDef['db_table'], $action, $this->formDef['db_table_idx'], $primary_id, $record_old, $record_new);
+ return true;
+ /*
if(stristr($this->formDef['db_table'],'.')) {
$escape = '';
@@ -652,11 +856,6 @@
}
}
- /*
- echo "<pre>";
- print_r($diffrec_full);
- echo "</pre>";
- */
// Insert the server_id, if the record has a server_id
$server_id = (isset($record_old["server_id"]) && $record_old["server_id"] > 0)?$record_old["server_id"]:0;
@@ -676,9 +875,10 @@
}
return true;
+ */
}
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1