From f21fd9d563b2e3d0dfa5e53a1807f6235bb74e3a Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 15 Sep 2009 09:30:04 -0400
Subject: [PATCH] Bugfix in remoting library and added several _get functions.

---
 interface/lib/classes/remoting_lib.inc.php |   71 +++++++++++++++++++++++++++++------
 1 files changed, 59 insertions(+), 12 deletions(-)

diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index 0908275..71b09fc 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -26,6 +26,12 @@
 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+--UPDATED 08.2009--
+Full SOAP support for ISPConfig 3.1.4 b
+Updated by Arkadiusz Roch & Artur Edelman
+Copyright (c) Tri-Plex technology
+
 */
 
 /**
@@ -58,14 +64,10 @@
 *
 *        Hinweis:
 *        Das ID-Feld ist nicht bei den Table Values einzuf�gen.
-*
-* @package form
-* @author Till Brehm
-* @version 1.1
 */
 
 class remoting_lib {
-
+	
         /**
         * Definition of the database atble (array)
         * @var tableDef
@@ -291,14 +293,14 @@
                                 switch ($field['datatype']) {
                                 case 'VARCHAR':
                                         if(!@is_array($record[$key])) {
-                                                $new_record[$key] = (isset($record[$key]))?addslashes($record[$key]):'';
+                                                $new_record[$key] = (isset($record[$key]))?mysql_real_escape_string($record[$key]):'';
                                         } else {
                                                 $new_record[$key] = implode($field['separator'],$record[$key]);
                                         }
                                 break;
                                 case 'TEXT':
                                         if(!is_array($record[$key])) {
-                                                $new_record[$key] = addslashes($record[$key]);
+                                                $new_record[$key] = mysql_real_escape_string($record[$key]);
                                         } else {
                                                 $new_record[$key] = implode($field['separator'],$record[$key]);
                                         }
@@ -317,7 +319,7 @@
                                         //if($key == 'refresh') die($record[$key]);
                                 break;
                                 case 'DOUBLE':
-                                        $new_record[$key] = addslashes($record[$key]);
+                                        $new_record[$key] = mysql_real_escape_string($record[$key]);
                                 break;
                                 case 'CURRENCY':
                                         $new_record[$key] = str_replace(",",".",$record[$key]);
@@ -584,15 +586,60 @@
                 
                 return $sql;
         }
+		
+		function getDeleteSQL($primary_id) {
+			
+			if(stristr($this->formDef['db_table'],'.')) {
+				$escape = '';
+			} else {
+				$escape = '`';
+			}
+			
+			$sql = "DELETE FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
+			return $sql;
+		}
 
 
 		function getDataRecord($primary_id) {
 			global $app;
 			$escape = '`';
-			$sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
-            return $app->db->queryOneRecord($sql);
+			if(@is_numeric($primary_id)) {
+				$sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
+            	return $app->db->queryOneRecord($sql);
+			} elseif (@is_array($primary_id)) {
+				$sql_where = '';
+				foreach($primary_id as $key => $val) {
+					$key = $app->db->quote($key);
+					$val = $app->db->quote($val);
+					$sql_where .= "$key = '$val' AND ";
+				}
+				$sql_where = substr($sql_where,0,-5);
+				$sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where;
+            	return $app->db->queryOneRecord($sql);
+			} else {
+				$this->errorMessage = 'The ID must be either an integer or an array.';
+				return array();
+			}
+			
+			
 		}
-		
+
+		function dodaj_usera($params,$insert_id){
+			global $app,$sql1;
+			$username = $params["username"];
+			$password = $params["password"];
+			$modules = 'mail,sites,dns,tools';
+			$startmodule = 'mail';
+			$usertheme = $params["usertheme"];
+			$type = 'user';
+			$active = 1;
+			$language = $params["language"];
+			$groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
+			$groups = $groupid;
+			$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
+			VALUES ('$username',md5('$password'),'$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
+			$app->db->query($sql1);
+		}
 
         function datalogSave($action,$primary_id, $record_old, $record_new) {
                 global $app,$conf;
@@ -681,4 +728,4 @@
 
 }
 
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1