client.inc.php 24.3 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
<?php

/*
Copyright (c) 2007 - 2013, Till Brehm, projektfarm Gmbh
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
      may be used to endorse or promote products derived from this software without
      specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

--UPDATED 08.2009--
Full SOAP support for ISPConfig 3.1.4 b
Updated by Arkadiusz Roch & Artur Edelman
Copyright (c) Tri-Plex technology

--UPDATED 08.2013--
Migrated into new remote classes system
by Marius Cramer <m.cramer@pixcept.de>

*/

class remoting_client extends remoting {
42 43 44 45
	/*
 *
 *
 *
46
 * 	 * Client functions
47 48
 *
 *
49 50 51
 */
	//* Get client details
	public function client_get($session_id, $client_id)
52
	{
53
		global $app;
54

55 56 57 58 59 60 61
		if(!$this->checkPerm($session_id, 'client_get')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$app->uses('remoting_lib');
		$app->remoting_lib->loadFormDef('../client/form/client.tform.php');
		$data = $app->remoting_lib->getDataRecord($client_id);
62 63 64 65 66 67

		// we need to get the new-style templates for backwards-compatibility - maybe we remove this in a later version
		if(is_array($data) && count($data) > 0) {
			if(isset($data['client_id'])) {
				// this is a single record
				if($data['template_additional'] == '') {
68
					$tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $data['client_id']);
69 70 71 72 73 74 75 76 77 78 79 80
					$tpl_arr = array();
					if($tpls) {
						foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
					}
					$data['template_additional'] = implode('/', $tpl_arr);
					unset($tpl_arr);
					unset($tpls);
				}
			} elseif(isset($data[0]['client_id'])) {
				// multiple client records
				foreach($data as $index => $client) {
					if($client['template_additional'] == '') {
81
						$tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $client['client_id']);
82 83 84 85 86 87 88 89 90 91 92 93 94
						$tpl_arr = array();
						if($tpls) {
							foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
						}
						$data[$index]['template_additional'] = implode('/', $tpl_arr); // dont use the $client array here - changes would not be returned to soap
					}
					unset($tpl_arr);
					unset($tpls);
				}
			}
		}

		return $data;
95
	}
96

97
	public function client_get_id($session_id, $sys_userid)
98
	{
99 100 101 102 103
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_id')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
104

105
		$sys_userid = $app->functions->intval($sys_userid);
106

107
		$rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ?", $sys_userid);
108 109 110 111 112 113
		if(isset($rec['client_id'])) {
			return $app->functions->intval($rec['client_id']);
		} else {
			throw new SoapFault('no_client_found', 'There is no sysuser account for this client ID.');
			return false;
		}
114

115
	}
116 117 118 119 120 121 122 123 124 125 126 127
	
	//* Get the contact details to send a email like email address, name, etc.
	public function client_get_emailcontact($session_id, $client_id) {
		global $app;
		
		if(!$this->checkPerm($session_id, 'client_get_emailcontact')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		
		$client_id = $app->functions->intval($client_id);

128
		$rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ?", $client_id);
129 130 131 132 133 134 135 136
		
		if(is_array($rec)) {
			return $rec;
		} else {
			throw new SoapFault('no_client_found', 'There is no client with this client ID.');
			return false;
		}
	}
137

138
	public function client_get_groupid($session_id, $client_id)
139
	{
140 141 142 143 144
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_id')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
145

146
		$client_id = $app->functions->intval($client_id);
147

148
		$rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
149 150 151 152 153 154
		if(isset($rec['groupid'])) {
			return $app->functions->intval($rec['groupid']);
		} else {
			throw new SoapFault('no_group_found', 'There is no group for this client ID.');
			return false;
		}
155

156
	}
157 158


159 160
	public function client_add($session_id, $reseller_id, $params)
	{
Marius Cramer's avatar
Marius Cramer committed
161 162
		global $app;
		
163
		if (!$this->checkPerm($session_id, 'client_add'))
164 165 166 167 168
		{
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
Marius Cramer's avatar
Marius Cramer committed
169 170 171

		if($params['parent_client_id']) {
			// check if this one is reseller
172
			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
Marius Cramer's avatar
Marius Cramer committed
173
			if($check['limit_client'] == 0) {
Marius Burkard's avatar
Marius Burkard committed
174
				// Selected client is not a reseller. REMOVING PARENT_CLIENT_ID!!!
175 176
				$params['parent_client_id'] = 0;
			} elseif(isset($params['limit_client']) && $params['limit_client'] != 0) {
177
				throw new SoapFault('Invalid reseller', 'Reseller cannot be client of another reseller.');
Marius Cramer's avatar
Marius Cramer committed
178 179 180 181 182 183
				return false;
			}
		}

		$affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params);

184 185
		return $affected_rows;

186
	}
187

188 189
	public function client_update($session_id, $client_id, $reseller_id, $params)
	{
190 191 192 193 194 195 196 197 198
		global $app;

		if (!$this->checkPerm($session_id, 'client_update'))
		{
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}

		$app->uses('remoting_lib');
Marius Cramer's avatar
Marius Cramer committed
199
		$app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php');
200
		$old_rec = $app->remoting_lib->getDataRecord($client_id);
201 202 203
		
		//* merge old record with params, so only new values have to be set in $params
		$params = $app->functions->array_merge($old_rec,$params);
204

Marius Cramer's avatar
Marius Cramer committed
205 206 207 208
		if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;

		if($params['parent_client_id']) {
			// check if this one is reseller
209
			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
Marius Cramer's avatar
Marius Cramer committed
210
			if($check['limit_client'] == 0) {
211
				throw new SoapFault('Invalid reseller', 'Selected client is not a reseller.');
Marius Cramer's avatar
Marius Cramer committed
212 213 214 215
				return false;
			}

			if(isset($params['limit_client']) && $params['limit_client'] != 0) {
216
				throw new SoapFault('Invalid reseller', 'Reseller cannot be client of another reseller.');
Marius Cramer's avatar
Marius Cramer committed
217 218 219 220
				return false;
			}
		}

221
		// we need the previuos templates assigned here
222
		$this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
223 224 225 226 227 228 229 230
		if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
			// check previous type of storing templates
			$tpls = explode('/', $old_rec['template_additional']);
			$this->oldTemplatesAssigned = array();
			foreach($tpls as $item) {
				$item = trim($item);
				if(!$item) continue;
				$this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id);
231
			}
232 233 234 235 236 237 238 239 240 241 242
			unset($tpls);
		}
		if(isset($params['template_additional'])) {
			$app->uses('client_templates');
			$templates = explode('/', $params['template_additional']);
			$params['template_additional'] = '';
			$app->client_templates->update_client_templates($client_id, $templates);
			unset($templates);
		}


Marius Cramer's avatar
Marius Cramer committed
243
		$affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_update');
244 245 246 247

		$app->remoting_lib->ispconfig_sysuser_update($params, $client_id);

		return $affected_rows;
248
	}
249 250 251

	public function client_template_additional_get($session_id, $client_id) {
		global $app;
252 253

		if(!$this->checkPerm($session_id, 'client_get')) {
254
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
255 256
			return false;
		}
257 258

		if(@is_numeric($client_id)) {
259 260
			$sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ?";
			return $app->db->queryOneRecord($sql, $client_id);
261
		} else {
262
			throw new SoapFault('The ID must be an integer.');
263 264 265 266 267 268 269 270
			return array();
		}
	}

	private function _set_client_formdata($client_id) {
		global $app;

		$this->id = $client_id;
271
		$this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ?', $client_id);
272 273
		$this->oldDataRecord = $this->dataRecord;

274
		$this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290
		if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
			// check previous type of storing templates
			$tpls = explode('/', $this->oldDataRecord['template_additional']);
			$this->oldTemplatesAssigned = array();
			foreach($tpls as $item) {
				$item = trim($item);
				if(!$item) continue;
				$this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id);
			}
			unset($tpls);
		}
	}

	public function client_template_additional_add($session_id, $client_id, $template_id) {
		global $app;

291
		if(!$this->checkPerm($session_id, 'client_update')) {
292
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
293 294
			return false;
		}
295 296 297

		if(@is_numeric($client_id) && @is_numeric($template_id)) {
			// check if client exists
298
			$check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
299
			if(!$check) {
300
				throw new SoapFault('Invalid client');
301 302 303
				return false;
			}
			// check if template exists
304
			$check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ?', $template_id);
305
			if(!$check) {
306
				throw new SoapFault('Invalid template');
307 308 309 310 311 312
				return false;
			}

			// for the update event we have to cheat a bit
			$this->_set_client_formdata($client_id);

313 314
			$sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)";
			$app->db->query($sql, $client_id, $template_id);
315 316 317 318 319 320
			$insert_id = $app->db->insertID();

			$app->plugin->raiseEvent('client:client:on_after_update', $this);

			return $insert_id;
		} else {
321
			throw new SoapFault('The IDs must be of type integer.');
322 323 324 325 326 327 328
			return false;
		}
	}

	public function client_template_additional_delete($session_id, $client_id, $assigned_template_id) {
		global $app;

329
		if(!$this->checkPerm($session_id, 'client_update')) {
330
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
331 332
			return false;
		}
333

334
		if(@is_numeric($client_id) && @is_numeric($assigned_template_id)) {
335
			// check if client exists
336
			$check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
337
			if(!$check) {
338
				throw new SoapFault('Invalid client');
339 340 341
				return false;
			}
			// check if template exists
342
			$check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `client_id` = ? AND `client_template_id` = ?', $client_id, $assigned_template_id);
343
			if(!$check) {
344
				throw new SoapFault('Invalid template');
345
				return false;
346
			}
347 348 349 350

			// for the update event we have to cheat a bit
			$this->_set_client_formdata($client_id);

351
			$sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ? AND `client_id` = ?";
352
			$app->db->query($sql, $check['assigned_template_id'], $client_id);
353 354 355 356
			$affected_rows = $app->db->affectedRows();

			$app->plugin->raiseEvent('client:client:on_after_update', $this);

357
			return $affected_rows;
358
		} else {
359
			throw new SoapFault('The IDs must be of type integer.');
360 361
			return false;
		}
362
	}
363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379

	public function client_delete($session_id, $client_id)
	{
		global $app;

		if (!$this->checkPerm($session_id, 'client_delete'))
		{
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id);

		$app->remoting_lib->ispconfig_sysuser_delete($client_id);

		return $affected_rows;
	}

380
	// -----------------------------------------------------------------------------------------------
381

382
	public function client_delete_everything($session_id, $client_id)
383 384 385
	{
		global $app, $conf;

386
		if(!$this->checkPerm($session_id, 'client_delete_everything')) {
387 388
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
389
		}
390

391 392
		$client_id = $app->functions->intval($client_id);

393
		if($client_id > 0) {
394 395
			//* remove the group of the client from the resellers group
			$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
396 397
			$parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
			$client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
398 399
			$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);

400
			//* delete the group of the client
401
			$app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
402

403
			//* delete the sys user(s) of the client
404
			$app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
405

406
			//* Delete all records (sub-clients, mail, web, etc....)  of this client.
407
			$tables = 'cron,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic,domain,mail_mailinglist,client';
408
			$tables_array = explode(',', $tables);
409 410 411 412
			$client_group_id = $app->functions->intval($client_group['groupid']);
			if($client_group_id > 1) {
				foreach($tables_array as $table) {
					if($table != '') {
413
						$records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ?", $client_group_id);
414 415 416 417 418 419 420 421 422 423 424 425 426
						//* find the primary ID of the table
						$table_info = $app->db->tableInfo($table);
						$index_field = '';
						foreach($table_info as $tmp) {
							if($tmp['option'] == 'primary') $index_field = $tmp['name'];
						}
						//* Delete the records
						if($index_field != '') {
							if(is_array($records)) {
								foreach($records as $rec) {
									$app->db->datalogDelete($table, $index_field, $rec[$index_field]);
									//* Delete traffic records that dont have a sys_groupid column
									if($table == 'web_domain') {
427
										$app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']);
428 429 430
									}
									//* Delete mail_traffic records that dont have a sys_groupid
									if($table == 'mail_user') {
431
										$app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']);
432 433 434 435
									}
								}
							}
						}
436

437 438 439
					}
				}
			}
440

441 442
		}
		if (!$this->checkPerm($session_id, 'client_delete')) {
443
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
444 445
			return false;
		}
446
		$affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id);
447

448
		return $affected_rows;
449
	}
450

451 452
	/**
	 * Get sys_user information by username
453 454 455 456
	 * @param int  session id
	 * @param string user's name
	 * @return mixed false if error
	 * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
457
	 */
458 459


460
	public function client_get_by_username($session_id, $username) {
461 462
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_by_username')) {
463 464
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
465
		}
466
		$rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $username);
467
		if (isset($rec)) {
468
			return $rec;
469
		} else {
470 471
			throw new SoapFault('no_client_found', 'There is no user account for this user name.');
			return false;
472 473
		}
	}
Marius Cramer's avatar
Marius Cramer committed
474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494
	
	public function client_get_by_customer_no($session_id, $customer_no) {
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_by_customer_no')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$customer_no = trim($customer_no);
		if($customer_no == '') {
			throw new SoapFault('permission_denied', 'There was no customer number specified.');
			return false;
		}
		$customer_no = $app->db->quote($customer_no);
		$rec = $app->db->queryOneRecord("SELECT * FROM client WHERE customer_no = '".$customer_no."'");
		if (isset($rec)) {
			return $rec;
		} else {
			throw new SoapFault('no_client_found', 'There is no user account for this customer number.');
			return false;
		}
	}
495 496 497 498 499 500

	/**
	 * Get All client_id's from database
	 * @param int session_id
	 * @return Array of all client_id's
	 */
501
	public function client_get_all($session_id) {
502 503 504 505 506 507 508 509 510 511 512 513 514
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_all')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$result = $app->db->queryAllRecords("SELECT client_id FROM client WHERE 1");
		if(!$result) {
			return false;
		}
		foreach( $result as $record) {
			$rarrary[] = $record['client_id'];
		}
		return $rarrary;
515 516
	}

517 518 519 520 521 522 523 524 525 526 527 528
	/**
	 * Changes client password
	 *
	 * @param int  session id
	 * @param int  client id
	 * @param string new password
	 * @return bool true if success
	 *
	 */
	public function client_change_password($session_id, $client_id, $new_password) {
		global $app;

529 530
		$app->uses('auth');

531
		if(!$this->checkPerm($session_id, 'client_change_password')) {
532
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
533 534
			return false;
		}
535

536
		$client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id);
537
		if($client['client_id'] > 0) {
538 539
			$new_password = $app->auth->crypt_password($new_password);
			$sql = "UPDATE client SET password = ? 	WHERE client_id = ?";
540
			$app->db->query($sql, $new_password, $client_id);
541
			$sql = "UPDATE sys_user SET passwort = ? 	WHERE client_id = ?";
542
			$app->db->query($sql, $new_password, $client_id);
543 544
			return true;
		} else {
545 546
			throw new SoapFault('no_client_found', 'There is no user account for this client_id');
			return false;
547 548
		}
	}
549 550

	/**
551 552 553
	 *  Get all client templates
	 * @param  int  session id
	 * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
554 555 556 557
	 */
	public function client_templates_get_all($session_id) {
		global $app;
		if(!$this->checkPerm($session_id, 'client_templates_get_all')) {
558 559
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
560
		}
561
		$sql    = "SELECT * FROM client_template";
562
		$result = $app->db->queryAllRecords($sql);
563 564
		return $result;
	}
565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585
	
	public function client_login_get($session_id,$username,$password,$remote_ip = '') {
		global $app;
		
		//* Check permissions
		if(!$this->checkPerm($session_id, 'client_get')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		
		//* Check username and password
		if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $username)) {
			throw new SoapFault('user_regex_error', 'Username contains invalid characters.');
			return false;
		}
		if(!preg_match("/^.{1,64}$/i", $password)) {
			throw new SoapFault('password_length_error', 'Invalid password length or no password provided.');
			return false;
		}
		
		//* Check failed logins
586 587
		$sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND  `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
		$alreadyfailed = $app->db->queryOneRecord($sql, $remote_ip);
588 589 590 591 592 593 594 595 596 597 598 599 600
		
		//* too many failedlogins
		if($alreadyfailed['times'] > 5) {
			throw new SoapFault('error_user_too_many_logins', 'Too many failed logins.');
			return false;
		}
		
		
		//*Set variables
		$returnval == false;
		
		if(strstr($username,'@')) {
			// Check against client table
601 602
			$sql = "SELECT * FROM client WHERE email = ?";
			$user = $app->db->queryOneRecord($sql, $username);
603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632

			if($user) {
				$saved_password = stripslashes($user['password']);

				if(substr($saved_password, 0, 3) == '$1$') {
					//* The password is crypt-md5 encrypted
					$salt = '$1$'.substr($saved_password, 3, 8).'$';

					if(crypt(stripslashes($password), $salt) != $saved_password) {
						$user = false;
					}
				} else {

					//* The password is md5 encrypted
					if(md5($password) != $saved_password) {
						$user = false;
					}
				}
			}
			
			if(is_array($user)) {
				$returnval = array(	'username' 	=> 	$user['username'],
									'type'		=>	'user',
									'client_id'	=>	$user['client_id'],
									'language'	=>	$user['language'],
									'country'	=>	$user['country']);
			}
			
		} else {
			// Check against sys_user table
633 634
			$sql = "SELECT * FROM sys_user WHERE username = ?";
			$user = $app->db->queryOneRecord($sql, $username);
635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669

			if($user) {
				$saved_password = stripslashes($user['passwort']);

				if(substr($saved_password, 0, 3) == '$1$') {
					//* The password is crypt-md5 encrypted
					$salt = '$1$'.substr($saved_password, 3, 8).'$';

					if(crypt(stripslashes($password), $salt) != $saved_password) {
						$user = false;
					}
				} else {

					//* The password is md5 encrypted
					if(md5($password) != $saved_password) {
						$user = false;
					}
				}
			}
			
			if(is_array($user)) {
				$returnval = array(	'username' 	=> 	$user['username'],
									'type'		=>	$user['typ'],
									'client_id'	=>	$user['client_id'],
									'language'	=>	$user['language'],
									'country'	=>	'de');
			} else {
				throw new SoapFault('login_failed', 'Login failed.');
			}
		}
		
		//* Log failed login attempts
		if($user === false) {
			if(!$alreadyfailed['times'] ) {
				//* user login the first time wrong
670 671
				$sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
				$app->db->query($sql, $remote_ip);
672 673
			} elseif($alreadyfailed['times'] >= 1) {
				//* update times wrong
674 675
				$sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) ORDER BY `login_time` DESC LIMIT 1";
				$app->db->query($sql, $remote_ip);
676 677 678 679 680
			}
		}
		
		return $returnval;
	}
681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701
	
	public function client_get_by_groupid($session_id, $group_id)
	{
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_id')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}

		$group_id = $app->functions->intval($group_id);

		$rec = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $group_id);
		if(isset($rec['client_id'])) {
			$client_id = $app->functions->intval($rec['client_id']);
			return $this->client_get($session_id, $client_id);
		} else {
			throw new SoapFault('no_group_found', 'There is no client for this group ID.');
			return false;
		}
	}

702 703
}

704
?>