client.inc.php 24.5 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php

/*
Copyright (c) 2007 - 2013, Till Brehm, projektfarm Gmbh
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
      may be used to endorse or promote products derived from this software without
      specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

--UPDATED 08.2009--
Full SOAP support for ISPConfig 3.1.4 b
Updated by Arkadiusz Roch & Artur Edelman
Copyright (c) Tri-Plex technology

--UPDATED 08.2013--
Migrated into new remote classes system
by Marius Cramer <m.cramer@pixcept.de>

*/

class remoting_client extends remoting {
42
43
44
45
	/*
 *
 *
 *
46
 * 	 * Client functions
47
48
 *
 *
49
50
51
 */
	//* Get client details
	public function client_get($session_id, $client_id)
52
	{
53
		global $app;
54

55
56
57
58
59
60
61
		if(!$this->checkPerm($session_id, 'client_get')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$app->uses('remoting_lib');
		$app->remoting_lib->loadFormDef('../client/form/client.tform.php');
		$data = $app->remoting_lib->getDataRecord($client_id);
62
63
64
65
66
67

		// we need to get the new-style templates for backwards-compatibility - maybe we remove this in a later version
		if(is_array($data) && count($data) > 0) {
			if(isset($data['client_id'])) {
				// this is a single record
				if($data['template_additional'] == '') {
68
					$tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $data['client_id']);
69
70
71
72
73
74
75
76
77
78
79
80
					$tpl_arr = array();
					if($tpls) {
						foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
					}
					$data['template_additional'] = implode('/', $tpl_arr);
					unset($tpl_arr);
					unset($tpls);
				}
			} elseif(isset($data[0]['client_id'])) {
				// multiple client records
				foreach($data as $index => $client) {
					if($client['template_additional'] == '') {
81
						$tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $client['client_id']);
82
83
84
85
86
87
88
89
90
91
92
93
94
						$tpl_arr = array();
						if($tpls) {
							foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
						}
						$data[$index]['template_additional'] = implode('/', $tpl_arr); // dont use the $client array here - changes would not be returned to soap
					}
					unset($tpl_arr);
					unset($tpls);
				}
			}
		}

		return $data;
95
	}
96

97
	public function client_get_id($session_id, $sys_userid)
98
	{
99
100
101
102
103
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_id')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
104

105
		$sys_userid = $app->functions->intval($sys_userid);
106

107
		$rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ?", $sys_userid);
108
109
110
		if(isset($rec['client_id'])) {
			return $app->functions->intval($rec['client_id']);
		} else {
111
			throw new SoapFault('no_client_found', 'There is no sys_user account with this userid.');
112
113
			return false;
		}
114

115
	}
116
117
118
119
120
121
122
123
124
125
126
127
	
	//* Get the contact details to send a email like email address, name, etc.
	public function client_get_emailcontact($session_id, $client_id) {
		global $app;
		
		if(!$this->checkPerm($session_id, 'client_get_emailcontact')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		
		$client_id = $app->functions->intval($client_id);

128
		$rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ?", $client_id);
129
130
131
132
133
134
135
136
		
		if(is_array($rec)) {
			return $rec;
		} else {
			throw new SoapFault('no_client_found', 'There is no client with this client ID.');
			return false;
		}
	}
137

138
	public function client_get_groupid($session_id, $client_id)
139
	{
140
141
142
143
144
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_id')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
145

146
		$client_id = $app->functions->intval($client_id);
147

148
		$rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
149
150
151
152
153
154
		if(isset($rec['groupid'])) {
			return $app->functions->intval($rec['groupid']);
		} else {
			throw new SoapFault('no_group_found', 'There is no group for this client ID.');
			return false;
		}
155

156
	}
157
158


159
160
	public function client_add($session_id, $reseller_id, $params)
	{
Marius Cramer's avatar
Marius Cramer committed
161
162
		global $app;
		
163
		if (!$this->checkPerm($session_id, 'client_add'))
164
165
166
167
168
		{
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
Marius Cramer's avatar
Marius Cramer committed
169
170
171

		if($params['parent_client_id']) {
			// check if this one is reseller
172
			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
Marius Cramer's avatar
Marius Cramer committed
173
			if($check['limit_client'] == 0) {
Marius Burkard's avatar
Marius Burkard committed
174
				// Selected client is not a reseller. REMOVING PARENT_CLIENT_ID!!!
175
176
				$params['parent_client_id'] = 0;
			} elseif(isset($params['limit_client']) && $params['limit_client'] != 0) {
177
				throw new SoapFault('Invalid reseller', 'Reseller cannot be client of another reseller.');
Marius Cramer's avatar
Marius Cramer committed
178
179
180
181
182
183
				return false;
			}
		}

		$affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params);

184
185
		return $affected_rows;

186
	}
187

188
189
	public function client_update($session_id, $client_id, $reseller_id, $params)
	{
190
191
192
193
194
195
196
197
198
		global $app;

		if (!$this->checkPerm($session_id, 'client_update'))
		{
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}

		$app->uses('remoting_lib');
Marius Cramer's avatar
Marius Cramer committed
199
		$app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php');
200
		$old_rec = $app->remoting_lib->getDataRecord($client_id);
201
202
203
		
		//* merge old record with params, so only new values have to be set in $params
		$params = $app->functions->array_merge($old_rec,$params);
204

Marius Cramer's avatar
Marius Cramer committed
205
206
207
208
		if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;

		if($params['parent_client_id']) {
			// check if this one is reseller
209
			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
Marius Cramer's avatar
Marius Cramer committed
210
			if($check['limit_client'] == 0) {
211
				throw new SoapFault('Invalid reseller', 'Selected client is not a reseller.');
Marius Cramer's avatar
Marius Cramer committed
212
213
214
215
				return false;
			}

			if(isset($params['limit_client']) && $params['limit_client'] != 0) {
216
				throw new SoapFault('Invalid reseller', 'Reseller cannot be client of another reseller.');
Marius Cramer's avatar
Marius Cramer committed
217
218
219
220
				return false;
			}
		}

221
		// we need the previuos templates assigned here
222
		$this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
223
224
225
226
227
228
229
230
		if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
			// check previous type of storing templates
			$tpls = explode('/', $old_rec['template_additional']);
			$this->oldTemplatesAssigned = array();
			foreach($tpls as $item) {
				$item = trim($item);
				if(!$item) continue;
				$this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id);
231
			}
232
233
234
235
236
237
238
239
240
241
242
			unset($tpls);
		}
		if(isset($params['template_additional'])) {
			$app->uses('client_templates');
			$templates = explode('/', $params['template_additional']);
			$params['template_additional'] = '';
			$app->client_templates->update_client_templates($client_id, $templates);
			unset($templates);
		}


Marius Cramer's avatar
Marius Cramer committed
243
		$affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_update');
244
245

		$app->remoting_lib->ispconfig_sysuser_update($params, $client_id);
246
247
		
		// if canceled
Tommaso Basilici's avatar
Tommaso Basilici committed
248
249
250
251
252
253
        if ($params['canceled']) {
            $result = $app->functions->func_client_cancel($client_id, $params['canceled']);
        }
        // if locked
        if ($params['locked']) {
            $result = $app->functions->func_client_lock($client_id, $params['locked']);
254
		}
255
256

		return $affected_rows;
257
	}
258
259
260

	public function client_template_additional_get($session_id, $client_id) {
		global $app;
261
262

		if(!$this->checkPerm($session_id, 'client_get')) {
263
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
264
265
			return false;
		}
266
267

		if(@is_numeric($client_id)) {
268
			$sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ?";
269
			return $app->db->queryAllRecords($sql, $client_id);
270
		} else {
271
			throw new SoapFault('The ID must be an integer.');
272
273
274
275
276
277
278
279
			return array();
		}
	}

	private function _set_client_formdata($client_id) {
		global $app;

		$this->id = $client_id;
280
		$this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ?', $client_id);
281
282
		$this->oldDataRecord = $this->dataRecord;

283
		$this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
		if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
			// check previous type of storing templates
			$tpls = explode('/', $this->oldDataRecord['template_additional']);
			$this->oldTemplatesAssigned = array();
			foreach($tpls as $item) {
				$item = trim($item);
				if(!$item) continue;
				$this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id);
			}
			unset($tpls);
		}
	}

	public function client_template_additional_add($session_id, $client_id, $template_id) {
		global $app;

300
		if(!$this->checkPerm($session_id, 'client_update')) {
301
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
302
303
			return false;
		}
304
305
306

		if(@is_numeric($client_id) && @is_numeric($template_id)) {
			// check if client exists
307
			$check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
308
			if(!$check) {
309
				throw new SoapFault('Invalid client');
310
311
312
				return false;
			}
			// check if template exists
313
			$check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ?', $template_id);
314
			if(!$check) {
315
				throw new SoapFault('Invalid template');
316
317
318
319
320
321
				return false;
			}

			// for the update event we have to cheat a bit
			$this->_set_client_formdata($client_id);

322
323
			$sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)";
			$app->db->query($sql, $client_id, $template_id);
324
325
326
327
328
329
			$insert_id = $app->db->insertID();

			$app->plugin->raiseEvent('client:client:on_after_update', $this);

			return $insert_id;
		} else {
330
			throw new SoapFault('The IDs must be of type integer.');
331
332
333
334
335
336
337
			return false;
		}
	}

	public function client_template_additional_delete($session_id, $client_id, $assigned_template_id) {
		global $app;

338
		if(!$this->checkPerm($session_id, 'client_update')) {
339
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
340
341
			return false;
		}
342

343
		if(@is_numeric($client_id) && @is_numeric($assigned_template_id)) {
344
			// check if client exists
345
			$check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
346
			if(!$check) {
347
				throw new SoapFault('Invalid client');
348
349
350
				return false;
			}
			// check if template exists
351
			$check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `client_id` = ? AND `client_template_id` = ?', $client_id, $assigned_template_id);
352
			if(!$check) {
353
				throw new SoapFault('Invalid template');
354
				return false;
355
			}
356
357
358
359

			// for the update event we have to cheat a bit
			$this->_set_client_formdata($client_id);

360
			$sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ? AND `client_id` = ?";
361
			$app->db->query($sql, $check['assigned_template_id'], $client_id);
362
363
364
365
			$affected_rows = $app->db->affectedRows();

			$app->plugin->raiseEvent('client:client:on_after_update', $this);

366
			return $affected_rows;
367
		} else {
368
			throw new SoapFault('The IDs must be of type integer.');
369
370
			return false;
		}
371
	}
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388

	public function client_delete($session_id, $client_id)
	{
		global $app;

		if (!$this->checkPerm($session_id, 'client_delete'))
		{
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id);

		$app->remoting_lib->ispconfig_sysuser_delete($client_id);

		return $affected_rows;
	}

389
	// -----------------------------------------------------------------------------------------------
390

391
	public function client_delete_everything($session_id, $client_id)
392
393
394
	{
		global $app, $conf;

395
		if(!$this->checkPerm($session_id, 'client_delete_everything')) {
396
397
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
398
		}
399

400
401
		$client_id = $app->functions->intval($client_id);

402
		if($client_id > 0) {
403
404
			//* remove the group of the client from the resellers group
			$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
405
406
			$parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
			$client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
407
408
			$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);

409
			//* delete the group of the client
410
			$app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
411

412
			//* delete the sys user(s) of the client
413
			$app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
414

415
			//* Delete all records (sub-clients, mail, web, etc....)  of this client.
416
			$tables = 'cron,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic,domain,mail_mailinglist,client';
417
			$tables_array = explode(',', $tables);
418
419
420
421
			$client_group_id = $app->functions->intval($client_group['groupid']);
			if($client_group_id > 1) {
				foreach($tables_array as $table) {
					if($table != '') {
422
						$records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ?", $client_group_id);
423
424
425
426
427
428
429
430
431
432
433
434
435
						//* find the primary ID of the table
						$table_info = $app->db->tableInfo($table);
						$index_field = '';
						foreach($table_info as $tmp) {
							if($tmp['option'] == 'primary') $index_field = $tmp['name'];
						}
						//* Delete the records
						if($index_field != '') {
							if(is_array($records)) {
								foreach($records as $rec) {
									$app->db->datalogDelete($table, $index_field, $rec[$index_field]);
									//* Delete traffic records that dont have a sys_groupid column
									if($table == 'web_domain') {
436
										$app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']);
437
438
439
									}
									//* Delete mail_traffic records that dont have a sys_groupid
									if($table == 'mail_user') {
440
										$app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']);
441
442
443
444
									}
								}
							}
						}
445

446
447
448
					}
				}
			}
449

450
451
		}
		if (!$this->checkPerm($session_id, 'client_delete')) {
452
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
453
454
			return false;
		}
455
		$affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id);
456

457
		return $affected_rows;
458
	}
459

460
461
	/**
	 * Get sys_user information by username
462
463
464
465
	 * @param int  session id
	 * @param string user's name
	 * @return mixed false if error
	 * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
466
	 */
467
468


469
	public function client_get_by_username($session_id, $username) {
470
471
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_by_username')) {
472
473
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
474
		}
475
		$rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $username);
476
		if (isset($rec)) {
477
			return $rec;
478
		} else {
479
480
			throw new SoapFault('no_client_found', 'There is no user account for this user name.');
			return false;
481
482
		}
	}
Marius Cramer's avatar
Marius Cramer committed
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
	
	public function client_get_by_customer_no($session_id, $customer_no) {
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_by_customer_no')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$customer_no = trim($customer_no);
		if($customer_no == '') {
			throw new SoapFault('permission_denied', 'There was no customer number specified.');
			return false;
		}
		$customer_no = $app->db->quote($customer_no);
		$rec = $app->db->queryOneRecord("SELECT * FROM client WHERE customer_no = '".$customer_no."'");
		if (isset($rec)) {
			return $rec;
		} else {
			throw new SoapFault('no_client_found', 'There is no user account for this customer number.');
			return false;
		}
	}
504
505
506
507
508
509

	/**
	 * Get All client_id's from database
	 * @param int session_id
	 * @return Array of all client_id's
	 */
510
	public function client_get_all($session_id) {
511
512
513
514
515
516
517
518
519
520
521
522
523
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_all')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$result = $app->db->queryAllRecords("SELECT client_id FROM client WHERE 1");
		if(!$result) {
			return false;
		}
		foreach( $result as $record) {
			$rarrary[] = $record['client_id'];
		}
		return $rarrary;
524
525
	}

526
527
528
529
530
531
532
533
534
535
536
537
	/**
	 * Changes client password
	 *
	 * @param int  session id
	 * @param int  client id
	 * @param string new password
	 * @return bool true if success
	 *
	 */
	public function client_change_password($session_id, $client_id, $new_password) {
		global $app;

538
539
		$app->uses('auth');

540
		if(!$this->checkPerm($session_id, 'client_change_password')) {
541
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
542
543
			return false;
		}
544

545
		$client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id);
546
		if($client['client_id'] > 0) {
547
548
			$new_password = $app->auth->crypt_password($new_password);
			$sql = "UPDATE client SET password = ? 	WHERE client_id = ?";
549
			$app->db->query($sql, $new_password, $client_id);
550
			$sql = "UPDATE sys_user SET passwort = ? 	WHERE client_id = ?";
551
			$app->db->query($sql, $new_password, $client_id);
552
553
			return true;
		} else {
554
555
			throw new SoapFault('no_client_found', 'There is no user account for this client_id');
			return false;
556
557
		}
	}
558
559

	/**
560
561
562
	 *  Get all client templates
	 * @param  int  session id
	 * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
563
564
565
566
	 */
	public function client_templates_get_all($session_id) {
		global $app;
		if(!$this->checkPerm($session_id, 'client_templates_get_all')) {
567
568
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
569
		}
570
		$sql    = "SELECT * FROM client_template";
571
		$result = $app->db->queryAllRecords($sql);
572
573
		return $result;
	}
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
	
	public function client_login_get($session_id,$username,$password,$remote_ip = '') {
		global $app;
		
		//* Check permissions
		if(!$this->checkPerm($session_id, 'client_get')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		
		//* Check username and password
		if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $username)) {
			throw new SoapFault('user_regex_error', 'Username contains invalid characters.');
			return false;
		}
		if(!preg_match("/^.{1,64}$/i", $password)) {
			throw new SoapFault('password_length_error', 'Invalid password length or no password provided.');
			return false;
		}
		
		//* Check failed logins
595
596
		$sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND  `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
		$alreadyfailed = $app->db->queryOneRecord($sql, $remote_ip);
597
598
599
600
601
602
603
604
605
606
607
608
609
		
		//* too many failedlogins
		if($alreadyfailed['times'] > 5) {
			throw new SoapFault('error_user_too_many_logins', 'Too many failed logins.');
			return false;
		}
		
		
		//*Set variables
		$returnval == false;
		
		if(strstr($username,'@')) {
			// Check against client table
610
611
			$sql = "SELECT * FROM client WHERE email = ?";
			$user = $app->db->queryOneRecord($sql, $username);
612
613
614
615

			if($user) {
				$saved_password = stripslashes($user['password']);

616
617
618
				if(preg_match('/^\$[156]\$/', $saved_password)) {
					//* The password is crypt encrypted
					if(crypt(stripslashes($password), $saved_password) !== $saved_password) {
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
						$user = false;
					}
				} else {

					//* The password is md5 encrypted
					if(md5($password) != $saved_password) {
						$user = false;
					}
				}
			}
			
			if(is_array($user)) {
				$returnval = array(	'username' 	=> 	$user['username'],
									'type'		=>	'user',
									'client_id'	=>	$user['client_id'],
									'language'	=>	$user['language'],
									'country'	=>	$user['country']);
			}
			
		} else {
			// Check against sys_user table
640
641
			$sql = "SELECT * FROM sys_user WHERE username = ?";
			$user = $app->db->queryOneRecord($sql, $username);
642
643
644
645

			if($user) {
				$saved_password = stripslashes($user['passwort']);

646
				if(preg_match('/^\$[156]\$/', $saved_password)) {
647
					//* The password is crypt-md5 encrypted
648
					if(crypt(stripslashes($password), $saved_password) != $saved_password) {
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
						$user = false;
					}
				} else {

					//* The password is md5 encrypted
					if(md5($password) != $saved_password) {
						$user = false;
					}
				}
			}
			
			if(is_array($user)) {
				$returnval = array(	'username' 	=> 	$user['username'],
									'type'		=>	$user['typ'],
									'client_id'	=>	$user['client_id'],
									'language'	=>	$user['language'],
									'country'	=>	'de');
			} else {
				throw new SoapFault('login_failed', 'Login failed.');
			}
		}
		
		//* Log failed login attempts
		if($user === false) {
			if(!$alreadyfailed['times'] ) {
				//* user login the first time wrong
675
676
				$sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
				$app->db->query($sql, $remote_ip);
677
678
			} elseif($alreadyfailed['times'] >= 1) {
				//* update times wrong
679
680
				$sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) ORDER BY `login_time` DESC LIMIT 1";
				$app->db->query($sql, $remote_ip);
681
682
683
684
685
			}
		}
		
		return $returnval;
	}
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
	
	public function client_get_by_groupid($session_id, $group_id)
	{
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_id')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}

		$group_id = $app->functions->intval($group_id);

		$rec = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $group_id);
		if(isset($rec['client_id'])) {
			$client_id = $app->functions->intval($rec['client_id']);
			return $this->client_get($session_id, $client_id);
		} else {
			throw new SoapFault('no_group_found', 'There is no client for this group ID.');
			return false;
		}
	}

707
708
}

709
?>