"Fossies" - the Fresh Open Source Software Archive

Member "ispconfig3_install/interface/lib/classes/remote.d/client.inc.php" (8 Jun 2021, 25061 Bytes) of package /linux/privat/ISPConfig-3.2.5.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PHP source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "client.inc.php": 3.2.4_vs_3.2.5.

    1 <?php
    2 
    3 /*
    4 Copyright (c) 2007 - 2013, Till Brehm, projektfarm Gmbh
    5 All rights reserved.
    6 
    7 Redistribution and use in source and binary forms, with or without modification,
    8 are permitted provided that the following conditions are met:
    9 
   10     * Redistributions of source code must retain the above copyright notice,
   11       this list of conditions and the following disclaimer.
   12     * Redistributions in binary form must reproduce the above copyright notice,
   13       this list of conditions and the following disclaimer in the documentation
   14       and/or other materials provided with the distribution.
   15     * Neither the name of ISPConfig nor the names of its contributors
   16       may be used to endorse or promote products derived from this software without
   17       specific prior written permission.
   18 
   19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
   20 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
   21 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   22 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
   23 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
   24 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   25 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
   26 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
   27 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
   28 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   29 
   30 --UPDATED 08.2009--
   31 Full SOAP support for ISPConfig 3.1.4 b
   32 Updated by Arkadiusz Roch & Artur Edelman
   33 Copyright (c) Tri-Plex technology
   34 
   35 --UPDATED 08.2013--
   36 Migrated into new remote classes system
   37 by Marius Cramer <m.cramer@pixcept.de>
   38 
   39 */
   40 
   41 class remoting_client extends remoting {
   42     /*
   43  *
   44  *
   45  *
   46  *   * Client functions
   47  *
   48  *
   49  */
   50     //* Get client details
   51     public function client_get($session_id, $client_id)
   52     {
   53         global $app;
   54 
   55         if(!$this->checkPerm($session_id, 'client_get')) {
   56             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
   57             return false;
   58         }
   59         $app->uses('remoting_lib');
   60         $app->remoting_lib->loadFormDef('../client/form/client.tform.php');
   61         $data = $app->remoting_lib->getDataRecord($client_id);
   62 
   63         // we need to get the new-style templates for backwards-compatibility - maybe we remove this in a later version
   64         if(is_array($data) && count($data) > 0) {
   65             if(isset($data['client_id'])) {
   66                 // this is a single record
   67                 if($data['template_additional'] == '') {
   68                     $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $data['client_id']);
   69                     $tpl_arr = array();
   70                     if($tpls) {
   71                         foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
   72                     }
   73                     $data['template_additional'] = implode('/', $tpl_arr);
   74                     unset($tpl_arr);
   75                     unset($tpls);
   76                 }
   77             } elseif(isset($data[0]['client_id'])) {
   78                 // multiple client records
   79                 foreach($data as $index => $client) {
   80                     if($client['template_additional'] == '') {
   81                         $tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $client['client_id']);
   82                         $tpl_arr = array();
   83                         if($tpls) {
   84                             foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
   85                         }
   86                         $data[$index]['template_additional'] = implode('/', $tpl_arr); // dont use the $client array here - changes would not be returned to soap
   87                     }
   88                     unset($tpl_arr);
   89                     unset($tpls);
   90                 }
   91             }
   92         }
   93 
   94         return $data;
   95     }
   96 
   97     public function client_get_id($session_id, $sys_userid)
   98     {
   99         global $app;
  100         if(!$this->checkPerm($session_id, 'client_get_id')) {
  101             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  102             return false;
  103         }
  104 
  105         $sys_userid = $app->functions->intval($sys_userid);
  106 
  107         $rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ?", $sys_userid);
  108         if(isset($rec['client_id'])) {
  109             return $app->functions->intval($rec['client_id']);
  110         } else {
  111             throw new SoapFault('no_client_found', 'There is no sys_user account with this userid.');
  112             return false;
  113         }
  114 
  115     }
  116     
  117     //* Get the contact details to send a email like email address, name, etc.
  118     public function client_get_emailcontact($session_id, $client_id) {
  119         global $app;
  120         
  121         if(!$this->checkPerm($session_id, 'client_get_emailcontact')) {
  122             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  123             return false;
  124         }
  125         
  126         $client_id = $app->functions->intval($client_id);
  127 
  128         $rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ?", $client_id);
  129         
  130         if(is_array($rec)) {
  131             return $rec;
  132         } else {
  133             throw new SoapFault('no_client_found', 'There is no client with this client ID.');
  134             return false;
  135         }
  136     }
  137 
  138     public function client_get_groupid($session_id, $client_id)
  139     {
  140         global $app;
  141         if(!$this->checkPerm($session_id, 'client_get_id')) {
  142             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  143             return false;
  144         }
  145 
  146         $client_id = $app->functions->intval($client_id);
  147 
  148         $rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
  149         if(isset($rec['groupid'])) {
  150             return $app->functions->intval($rec['groupid']);
  151         } else {
  152             throw new SoapFault('no_group_found', 'There is no group for this client ID.');
  153             return false;
  154         }
  155 
  156     }
  157 
  158 
  159     public function client_add($session_id, $reseller_id, $params)
  160     {
  161         global $app;
  162         
  163         if (!$this->checkPerm($session_id, 'client_add'))
  164         {
  165             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  166             return false;
  167         }
  168         if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
  169 
  170         if($params['parent_client_id']) {
  171             // check if this one is reseller
  172             $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
  173             if($check['limit_client'] == 0) {
  174                 // Selected client is not a reseller. REMOVING PARENT_CLIENT_ID!!!
  175                 $params['parent_client_id'] = 0;
  176             } elseif(isset($params['limit_client']) && $params['limit_client'] != 0) {
  177                 throw new SoapFault('Invalid reseller', 'Reseller cannot be client of another reseller.');
  178                 return false;
  179             }
  180         }
  181 
  182         $affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params);
  183 
  184         return $affected_rows;
  185 
  186     }
  187 
  188     public function client_update($session_id, $client_id, $reseller_id, $params)
  189     {
  190         global $app;
  191 
  192         if (!$this->checkPerm($session_id, 'client_update'))
  193         {
  194             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  195             return false;
  196         }
  197 
  198         $app->uses('remoting_lib');
  199         $app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php');
  200         $old_rec = $app->remoting_lib->getDataRecord($client_id);
  201         
  202         //* merge old record with params, so only new values have to be set in $params
  203         $params = $app->functions->array_merge($old_rec,$params);
  204 
  205         if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
  206 
  207         if($params['parent_client_id']) {
  208             // check if this one is reseller
  209             $check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
  210             if($check['limit_client'] == 0) {
  211                 throw new SoapFault('Invalid reseller', 'Selected client is not a reseller.');
  212                 return false;
  213             }
  214 
  215             if(isset($params['limit_client']) && $params['limit_client'] != 0) {
  216                 throw new SoapFault('Invalid reseller', 'Reseller cannot be client of another reseller.');
  217                 return false;
  218             }
  219         }
  220 
  221         // we need the previuos templates assigned here
  222         $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
  223         if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
  224             // check previous type of storing templates
  225             $tpls = explode('/', $old_rec['template_additional']);
  226             $this->oldTemplatesAssigned = array();
  227             foreach($tpls as $item) {
  228                 $item = trim($item);
  229                 if(!$item) continue;
  230                 $this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id);
  231             }
  232             unset($tpls);
  233         }
  234         if(isset($params['template_additional'])) {
  235             $app->uses('client_templates');
  236             $templates = explode('/', $params['template_additional']);
  237             $params['template_additional'] = '';
  238             $app->client_templates->update_client_templates($client_id, $templates);
  239             unset($templates);
  240         }
  241 
  242 
  243         $affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_update');
  244 
  245         $app->remoting_lib->ispconfig_sysuser_update($params, $client_id);
  246         
  247         // if canceled
  248         if ($params['canceled']) {
  249             $result = $app->functions->func_client_cancel($client_id, $params['canceled']);
  250         }
  251         // if locked
  252         if ($params['locked']) {
  253             $result = $app->functions->func_client_lock($client_id, $params['locked']);
  254         }
  255 
  256         return $affected_rows;
  257     }
  258 
  259     public function client_template_additional_get($session_id, $client_id) {
  260         global $app;
  261 
  262         if(!$this->checkPerm($session_id, 'client_get')) {
  263             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  264             return false;
  265         }
  266 
  267         if(@is_numeric($client_id)) {
  268             $sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ?";
  269             return $app->db->queryAllRecords($sql, $client_id);
  270         } else {
  271             throw new SoapFault('The ID must be an integer.');
  272             return array();
  273         }
  274     }
  275 
  276     private function _set_client_formdata($client_id) {
  277         global $app;
  278 
  279         $this->id = $client_id;
  280         $this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ?', $client_id);
  281         $this->oldDataRecord = $this->dataRecord;
  282 
  283         $this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
  284         if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
  285             // check previous type of storing templates
  286             $tpls = explode('/', $this->oldDataRecord['template_additional']);
  287             $this->oldTemplatesAssigned = array();
  288             foreach($tpls as $item) {
  289                 $item = trim($item);
  290                 if(!$item) continue;
  291                 $this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id);
  292             }
  293             unset($tpls);
  294         }
  295     }
  296 
  297     public function client_template_additional_add($session_id, $client_id, $template_id) {
  298         global $app;
  299 
  300         if(!$this->checkPerm($session_id, 'client_update')) {
  301             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  302             return false;
  303         }
  304 
  305         if(@is_numeric($client_id) && @is_numeric($template_id)) {
  306             // check if client exists
  307             $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
  308             if(!$check) {
  309                 throw new SoapFault('Invalid client');
  310                 return false;
  311             }
  312             // check if template exists
  313             $check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ?', $template_id);
  314             if(!$check) {
  315                 throw new SoapFault('Invalid template');
  316                 return false;
  317             }
  318 
  319             // for the update event we have to cheat a bit
  320             $this->_set_client_formdata($client_id);
  321 
  322             $sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)";
  323             $app->db->query($sql, $client_id, $template_id);
  324             $insert_id = $app->db->insertID();
  325 
  326             $app->plugin->raiseEvent('client:client:on_after_update', $this);
  327 
  328             return $insert_id;
  329         } else {
  330             throw new SoapFault('The IDs must be of type integer.');
  331             return false;
  332         }
  333     }
  334 
  335     public function client_template_additional_delete($session_id, $client_id, $assigned_template_id) {
  336         global $app;
  337 
  338         if(!$this->checkPerm($session_id, 'client_update')) {
  339             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  340             return false;
  341         }
  342 
  343         if(@is_numeric($client_id) && @is_numeric($assigned_template_id)) {
  344             // check if client exists
  345             $check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
  346             if(!$check) {
  347                 throw new SoapFault('Invalid client');
  348                 return false;
  349             }
  350             // check if template exists
  351             $check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `client_id` = ? AND `client_template_id` = ?', $client_id, $assigned_template_id);
  352             if(!$check) {
  353                 throw new SoapFault('Invalid template');
  354                 return false;
  355             }
  356 
  357             // for the update event we have to cheat a bit
  358             $this->_set_client_formdata($client_id);
  359 
  360             $sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ? AND `client_id` = ?";
  361             $app->db->query($sql, $check['assigned_template_id'], $client_id);
  362             $affected_rows = $app->db->affectedRows();
  363 
  364             $app->plugin->raiseEvent('client:client:on_after_update', $this);
  365 
  366             return $affected_rows;
  367         } else {
  368             throw new SoapFault('The IDs must be of type integer.');
  369             return false;
  370         }
  371     }
  372 
  373     public function client_delete($session_id, $client_id)
  374     {
  375         global $app;
  376 
  377         if (!$this->checkPerm($session_id, 'client_delete'))
  378         {
  379             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  380             return false;
  381         }
  382         $affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id);
  383 
  384         $app->remoting_lib->ispconfig_sysuser_delete($client_id);
  385 
  386         return $affected_rows;
  387     }
  388 
  389     // -----------------------------------------------------------------------------------------------
  390 
  391     public function client_delete_everything($session_id, $client_id)
  392     {
  393         global $app, $conf;
  394 
  395         if(!$this->checkPerm($session_id, 'client_delete_everything')) {
  396             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  397             return false;
  398         }
  399 
  400         $client_id = $app->functions->intval($client_id);
  401 
  402         if($client_id > 0) {
  403             //* remove the group of the client from the resellers group
  404             $parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
  405             $parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
  406             $client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
  407             $app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);
  408 
  409             //* delete the group of the client
  410             $app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
  411 
  412             //* delete the sys user(s) of the client
  413             $app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
  414 
  415             //* Delete all records (sub-clients, mail, web, etc....)  of this client.
  416             $tables = 'cron,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic,domain,mail_mailinglist,client';
  417             $tables_array = explode(',', $tables);
  418             $client_group_id = $app->functions->intval($client_group['groupid']);
  419             if($client_group_id > 1) {
  420                 foreach($tables_array as $table) {
  421                     if($table != '') {
  422                         $records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ?", $client_group_id);
  423                         //* find the primary ID of the table
  424                         $table_info = $app->db->tableInfo($table);
  425                         $index_field = '';
  426                         foreach($table_info as $tmp) {
  427                             if($tmp['option'] == 'primary') $index_field = $tmp['name'];
  428                         }
  429                         //* Delete the records
  430                         if($index_field != '') {
  431                             if(is_array($records)) {
  432                                 foreach($records as $rec) {
  433                                     $app->db->datalogDelete($table, $index_field, $rec[$index_field]);
  434                                     //* Delete traffic records that dont have a sys_groupid column
  435                                     if($table == 'web_domain') {
  436                                         $app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']);
  437                                     }
  438                                     //* Delete mail_traffic records that dont have a sys_groupid
  439                                     if($table == 'mail_user') {
  440                                         $app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']);
  441                                     }
  442                                 }
  443                             }
  444                         }
  445 
  446                     }
  447                 }
  448             }
  449 
  450         }
  451         if (!$this->checkPerm($session_id, 'client_delete')) {
  452             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  453             return false;
  454         }
  455         $affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id);
  456 
  457         return $affected_rows;
  458     }
  459 
  460     /**
  461      * Get sys_user information by username
  462      * @param int  session id
  463      * @param string user's name
  464      * @return mixed false if error
  465      * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
  466      */
  467 
  468 
  469     public function client_get_by_username($session_id, $username) {
  470         global $app;
  471         if(!$this->checkPerm($session_id, 'client_get_by_username')) {
  472             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  473             return false;
  474         }
  475         $rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $username);
  476         if (isset($rec)) {
  477             return $rec;
  478         } else {
  479             throw new SoapFault('no_client_found', 'There is no user account for this user name.');
  480             return false;
  481         }
  482     }
  483     
  484     public function client_get_by_customer_no($session_id, $customer_no) {
  485         global $app;
  486         if(!$this->checkPerm($session_id, 'client_get_by_customer_no')) {
  487             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  488             return false;
  489         }
  490         $customer_no = trim($customer_no);
  491         if($customer_no == '') {
  492             throw new SoapFault('permission_denied', 'There was no customer number specified.');
  493             return false;
  494         }
  495         $customer_no = $app->db->quote($customer_no);
  496         $rec = $app->db->queryOneRecord("SELECT * FROM client WHERE customer_no = '".$customer_no."'");
  497         if (isset($rec)) {
  498             return $rec;
  499         } else {
  500             throw new SoapFault('no_client_found', 'There is no user account for this customer number.');
  501             return false;
  502         }
  503     }
  504 
  505     /**
  506      * Get All client_id's from database
  507      * @param int session_id
  508      * @return Array of all client_id's
  509      */
  510     public function client_get_all($session_id) {
  511         global $app;
  512         if(!$this->checkPerm($session_id, 'client_get_all')) {
  513             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  514             return false;
  515         }
  516         $result = $app->db->queryAllRecords("SELECT client_id FROM client WHERE 1");
  517         if(!$result) {
  518             return false;
  519         }
  520         foreach( $result as $record) {
  521             $rarrary[] = $record['client_id'];
  522         }
  523         return $rarrary;
  524     }
  525 
  526     /**
  527      * Changes client password
  528      *
  529      * @param int  session id
  530      * @param int  client id
  531      * @param string new password
  532      * @return bool true if success
  533      *
  534      */
  535     public function client_change_password($session_id, $client_id, $new_password) {
  536         global $app;
  537 
  538         $app->uses('auth');
  539 
  540         if(!$this->checkPerm($session_id, 'client_change_password')) {
  541             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  542             return false;
  543         }
  544 
  545         $client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id);
  546         if($client['client_id'] > 0) {
  547             $new_password = $app->auth->crypt_password($new_password);
  548             $sql = "UPDATE client SET password = ?  WHERE client_id = ?";
  549             $app->db->query($sql, $new_password, $client_id);
  550             $sql = "UPDATE sys_user SET passwort = ?    WHERE client_id = ?";
  551             $app->db->query($sql, $new_password, $client_id);
  552             return true;
  553         } else {
  554             throw new SoapFault('no_client_found', 'There is no user account for this client_id');
  555             return false;
  556         }
  557     }
  558 
  559     /**
  560      *  Get all client templates
  561      * @param  int  session id
  562      * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
  563      */
  564     public function client_templates_get_all($session_id) {
  565         global $app;
  566         if(!$this->checkPerm($session_id, 'client_templates_get_all')) {
  567             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  568             return false;
  569         }
  570         $sql    = "SELECT * FROM client_template";
  571         $result = $app->db->queryAllRecords($sql);
  572         return $result;
  573     }
  574     
  575     public function client_login_get($session_id,$username,$password,$remote_ip = '') {
  576         global $app;
  577         
  578         //* Check permissions
  579         if(!$this->checkPerm($session_id, 'client_get')) {
  580             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  581             return false;
  582         }
  583         
  584         //* Check username and password
  585         if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $username)) {
  586             throw new SoapFault('user_regex_error', 'Username contains invalid characters.');
  587             return false;
  588         }
  589         if(!preg_match("/^.{1,64}$/i", $password)) {
  590             throw new SoapFault('password_length_error', 'Invalid password length or no password provided.');
  591             return false;
  592         }
  593         
  594         //* Check failed logins
  595         $sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND  `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
  596         $alreadyfailed = $app->db->queryOneRecord($sql, $remote_ip);
  597         
  598         //* too many failedlogins
  599         if($alreadyfailed['times'] > 5) {
  600             throw new SoapFault('error_user_too_many_logins', 'Too many failed logins.');
  601             return false;
  602         }
  603         
  604         
  605         //*Set variables
  606         $returnval == false;
  607         
  608         if(strstr($username,'@')) {
  609             // Check against client table
  610             $sql = "SELECT * FROM client WHERE email = ?";
  611             $user = $app->db->queryOneRecord($sql, $username);
  612 
  613             if($user) {
  614                 $saved_password = stripslashes($user['password']);
  615 
  616                 if(preg_match('/^\$[156]\$/', $saved_password)) {
  617                     //* The password is crypt encrypted
  618                     if(crypt(stripslashes($password), $saved_password) !== $saved_password) {
  619                         $user = false;
  620                     }
  621                 } else {
  622 
  623                     //* The password is md5 encrypted
  624                     if(md5($password) != $saved_password) {
  625                         $user = false;
  626                     }
  627                 }
  628             }
  629             
  630             if(is_array($user)) {
  631                 $returnval = array( 'username'  =>  $user['username'],
  632                                     'type'      =>  'user',
  633                                     'client_id' =>  $user['client_id'],
  634                                     'language'  =>  $user['language'],
  635                                     'country'   =>  $user['country']);
  636             }
  637             
  638         } else {
  639             // Check against sys_user table
  640             $sql = "SELECT * FROM sys_user WHERE username = ?";
  641             $user = $app->db->queryOneRecord($sql, $username);
  642 
  643             if($user) {
  644                 $saved_password = stripslashes($user['passwort']);
  645 
  646                 if(preg_match('/^\$[156]\$/', $saved_password)) {
  647                     //* The password is crypt-md5 encrypted
  648                     if(crypt(stripslashes($password), $saved_password) != $saved_password) {
  649                         $user = false;
  650                     }
  651                 } else {
  652 
  653                     //* The password is md5 encrypted
  654                     if(md5($password) != $saved_password) {
  655                         $user = false;
  656                     }
  657                 }
  658             }
  659             
  660             if(is_array($user)) {
  661                 $returnval = array( 'username'  =>  $user['username'],
  662                                     'type'      =>  $user['typ'],
  663                                     'client_id' =>  $user['client_id'],
  664                                     'language'  =>  $user['language'],
  665                                     'country'   =>  'de');
  666             } else {
  667                 throw new SoapFault('login_failed', 'Login failed.');
  668             }
  669         }
  670         
  671         //* Log failed login attempts
  672         if($user === false) {
  673             if(!$alreadyfailed['times'] ) {
  674                 //* user login the first time wrong
  675                 $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
  676                 $app->db->query($sql, $remote_ip);
  677             } elseif($alreadyfailed['times'] >= 1) {
  678                 //* update times wrong
  679                 $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) ORDER BY `login_time` DESC LIMIT 1";
  680                 $app->db->query($sql, $remote_ip);
  681             }
  682         }
  683         
  684         return $returnval;
  685     }
  686     
  687     public function client_get_by_groupid($session_id, $group_id)
  688     {
  689         global $app;
  690         if(!$this->checkPerm($session_id, 'client_get_id')) {
  691             throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
  692             return false;
  693         }
  694 
  695         $group_id = $app->functions->intval($group_id);
  696 
  697         $rec = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $group_id);
  698         if(isset($rec['client_id'])) {
  699             $client_id = $app->functions->intval($rec['client_id']);
  700             return $this->client_get($session_id, $client_id);
  701         } else {
  702             throw new SoapFault('no_group_found', 'There is no client for this group ID.');
  703             return false;
  704         }
  705     }
  706 
  707 }
  708 
  709 ?>