From aec1333faab59d5de487ecee0da059449e9c21fd Mon Sep 17 00:00:00 2001
From: horfic <horfic@ispconfig3>
Date: Mon, 10 Jan 2011 08:29:51 -0500
Subject: [PATCH] *) Changed remote function sites_web_domain_add to allow readonly website to be created *) Forgot to add the entries for mailman in the main.cf of postfix
---
interface/lib/classes/remoting_lib.inc.php | 204 +++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 158 insertions(+), 46 deletions(-)
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 0908275..8754760 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -26,6 +26,12 @@
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+--UPDATED 08.2009--
+Full SOAP support for ISPConfig 3.1.4 b
+Updated by Arkadiusz Roch & Artur Edelman
+Copyright (c) Tri-Plex technology
+
*/
/**
@@ -58,14 +64,10 @@
*
* Hinweis:
* Das ID-Feld ist nicht bei den Table Values einzuf�gen.
-*
-* @package form
-* @author Till Brehm
-* @version 1.1
*/
class remoting_lib {
-
+
/**
* Definition of the database atble (array)
* @var tableDef
@@ -138,36 +140,39 @@
//* Load the user profile
function loadUserProfile($client_id = 0) {
global $app,$conf;
-
+
$client_id = intval($client_id);
-
+
if($client_id == 0) {
- $this->sys_username = 'admin';
- $this->sys_userid = 1;
- $this->sys_default_group = 1;
- $this->sys_groups = 1;
+ $this->sys_username = 'admin';
+ $this->sys_userid = 1;
+ $this->sys_default_group = 1;
+ $this->sys_groups = 1;
+ $_SESSION["s"]["user"]["typ"] = 'admin';
} else {
- //* Load the client data
- $client = $app->db->queryOneRecord("SELECT username FROM client WHERE client_id = $client_id");
- if($client["username"] == '') {
- $this->errorMessage .= 'No client with ID $client_id found.';
- return false;
- }
- //* load system user
- $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = '".$app->db->quote($client["username"])."'");
+ //* load system user - try with sysuser and before with userid (workarrond)
+ /*
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE sysuser_id = $client_id");
if(empty($user["userid"])) {
- $this->errorMessage .= 'No user with the username '.$client['username'].' found.';
- return false;
- }
- $this->sys_username = $user['username'];
- $this->sys_userid = $user['userid'];
- $this->sys_default_group = $user['default_group'];
- $this->sys_groups = $user['groups'];
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $client_id");
+ if(empty($user["userid"])) {
+ $this->errorMessage .= "No sysuser with the ID $client_id found.";
+ return false;
+ }
+ }*/
+
+ $user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $client_id");
+ $this->sys_username = $user['username'];
+ $this->sys_userid = $user['userid'];
+ $this->sys_default_group = $user['default_group'];
+ $this->sys_groups = $user['groups'];
+ // $_SESSION["s"]["user"]["typ"] = $user['typ'];
+ // we have to force admin priveliges for the remoting API as some function calls might fail otherwise.
+ $_SESSION["s"]["user"]["typ"] = 'admin';
}
-
- return true;
-
- }
+
+ return true;
+ }
/**
@@ -189,9 +194,16 @@
$new_record[$key] = stripslashes($record[$key]);
break;
- case 'DATE':
+ case 'DATETSTAMP':
if($record[$key] > 0) {
$new_record[$key] = date($this->dateformat,$record[$key]);
+ }
+ break;
+
+ case 'DATE':
+ if($record[$key] != '' && $record[$key] != '0000-00-00') {
+ $tmp = explode('-',$record[$key]);
+ $new_record[$key] = date($this->dateformat,mktime(0, 0, 0, $tmp[1] , $tmp[2], $tmp[0]));
}
break;
@@ -291,24 +303,34 @@
switch ($field['datatype']) {
case 'VARCHAR':
if(!@is_array($record[$key])) {
- $new_record[$key] = (isset($record[$key]))?addslashes($record[$key]):'';
+ $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):'';
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
break;
case 'TEXT':
if(!is_array($record[$key])) {
- $new_record[$key] = addslashes($record[$key]);
+ $new_record[$key] = mysql_real_escape_string($record[$key]);
} else {
$new_record[$key] = implode($field['separator'],$record[$key]);
}
break;
- case 'DATE':
+ case 'DATETSTAMP':
if($record[$key] > 0) {
list($tag,$monat,$jahr) = explode('.',$record[$key]);
$new_record[$key] = mktime(0,0,0,$monat,$tag,$jahr);
} else {
$new_record[$key] = 0;
+ }
+ break;
+ case 'DATE':
+ if($record[$key] != '' && $record[$key] != '0000-00-00') {
+ list($tag,$monat,$jahr) = explode('.',$record[$key]);
+ $new_record[$key] = $jahr.'-'.$monat.'-'.$tag;
+ //$tmp = strptime($record[$key],$this->dateformat);
+ //$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
+ } else {
+ $new_record[$key] = '0000-00-00';
}
break;
case 'INTEGER':
@@ -317,10 +339,22 @@
//if($key == 'refresh') die($record[$key]);
break;
case 'DOUBLE':
- $new_record[$key] = addslashes($record[$key]);
+ $new_record[$key] = mysql_real_escape_string($record[$key]);
break;
case 'CURRENCY':
$new_record[$key] = str_replace(",",".",$record[$key]);
+ break;
+
+ case 'DATETIME':
+ if (is_array($record[$key]))
+ {
+ $filtered_values = array_map(create_function('$item','return (int)$item;'), $record[$key]);
+ extract($filtered_values, EXTR_PREFIX_ALL, '_dt');
+
+ if ($_dt_day != 0 && $_dt_month != 0 && $_dt_year != 0) {
+ $new_record[$key] = date( 'Y-m-d H:i:s', mktime($_dt_hour, $_dt_minute, $_dt_second, $_dt_month, $_dt_day, $_dt_year) );
+ }
+ }
break;
}
@@ -371,7 +405,7 @@
}
break;
case 'UNIQUE':
- if($this->action == 'NEW') {
+ if($this->action == 'INSERT') {
$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
@@ -489,8 +523,10 @@
$sql_insert_key .= "`$key`, ";
if($field['encryption'] == 'CRYPT') {
$salt="$1$";
+ $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
- $salt.=chr(mt_rand(64,126));
+ //$salt.=chr(mt_rand(64,126));
+ $salt.=$base64_alphabet[mt_rand(0,63)];
}
$salt.="$";
// $salt = substr(md5(time()),0,2);
@@ -516,8 +552,10 @@
if($field['formtype'] == 'PASSWORD') {
if($field['encryption'] == 'CRYPT') {
$salt="$1$";
+ $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
for ($n=0;$n<8;$n++) {
- $salt.=chr(mt_rand(64,126));
+ //$salt.=chr(mt_rand(64,126));
+ $salt.=$base64_alphabet[mt_rand(0,63)];
}
$salt.="$";
// $salt = substr(md5(time()),0,2);
@@ -584,18 +622,96 @@
return $sql;
}
+
+ function getDeleteSQL($primary_id) {
+
+ if(stristr($this->formDef['db_table'],'.')) {
+ $escape = '';
+ } else {
+ $escape = '`';
+ }
+
+ $sql = "DELETE FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
+ return $sql;
+ }
function getDataRecord($primary_id) {
global $app;
$escape = '`';
- $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
- return $app->db->queryOneRecord($sql);
+ if(@is_numeric($primary_id)) {
+ $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
+ return $app->db->queryOneRecord($sql);
+ } elseif (@is_array($primary_id)) {
+ $sql_where = '';
+ foreach($primary_id as $key => $val) {
+ $key = $app->db->quote($key);
+ $val = $app->db->quote($val);
+ $sql_where .= "$key = '$val' AND ";
+ }
+ $sql_where = substr($sql_where,0,-5);
+ $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where;
+ return $app->db->queryAllRecords($sql);
+ } else {
+ $this->errorMessage = 'The ID must be either an integer or an array.';
+ return array();
+ }
+
+
+ }
+
+ function ispconfig_sysuser_add($params,$insert_id){
+ global $app,$sql1;
+ $username = $app->db->quote($params["username"]);
+ $password = $app->db->quote($params["password"]);
+ if(!isset($params['modules'])) {
+ $modules = 'dashboard,mail,sites,dns,tools';
+ } else {
+ $modules = $app->db->quote($params['modules']);
+ }
+ if(!isset($params['startmodule'])) {
+ $startmodule = 'dashboard';
+ } else {
+ $startmodule = $app->db->quote($params["startmodule"]);
+ if(!preg_match('/'.$startmodule.'/',$modules)) {
+ $_modules = explode(',',$modules);
+ $startmodule=$_modules[0];
+ }
+ }
+ $usertheme = $app->db->quote($params["usertheme"]);
+ $type = 'user';
+ $active = 1;
+ $insert_id = intval($insert_id);
+ $language = $app->db->quote($params["language"]);
+ $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
+ $groups = $groupid;
+ $sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
+ VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
+ $app->db->query($sql1);
}
+ function ispconfig_sysuser_update($params,$client_id){
+ global $app;
+ $username = $app->db->quote($params["username"]);
+ $password = $app->db->quote($params["password"]);
+ $client_id = intval($client_id);
+ $sql = "UPDATE sys_user set username = '$username', passwort = md5('$password') WHERE client_id = $client_id";
+ $app->db->query($sql);
+ }
+
+ function ispconfig_sysuser_delete($client_id){
+ global $app;
+ $client_id = intval($client_id);
+ $sql = "DELETE FROM sys_user WHERE client_id = $client_id";
+ $app->db->query($sql);
+ }
function datalogSave($action,$primary_id, $record_old, $record_new) {
global $app,$conf;
+
+ $app->db->datalogSave($this->formDef['db_table'], $action, $this->formDef['db_table_idx'], $primary_id, $record_old, $record_new);
+ return true;
+ /*
if(stristr($this->formDef['db_table'],'.')) {
$escape = '';
@@ -652,11 +768,6 @@
}
}
- /*
- echo "<pre>";
- print_r($diffrec_full);
- echo "</pre>";
- */
// Insert the server_id, if the record has a server_id
$server_id = (isset($record_old["server_id"]) && $record_old["server_id"] > 0)?$record_old["server_id"]:0;
@@ -676,9 +787,10 @@
}
return true;
+ */
}
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1