client.inc.php 23.5 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php

/*
Copyright (c) 2007 - 2013, Till Brehm, projektfarm Gmbh
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
      may be used to endorse or promote products derived from this software without
      specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

--UPDATED 08.2009--
Full SOAP support for ISPConfig 3.1.4 b
Updated by Arkadiusz Roch & Artur Edelman
Copyright (c) Tri-Plex technology

--UPDATED 08.2013--
Migrated into new remote classes system
by Marius Cramer <m.cramer@pixcept.de>

*/

class remoting_client extends remoting {
42
43
44
45
	/*
 *
 *
 *
46
 * 	 * Client functions
47
48
 *
 *
49
50
51
 */
	//* Get client details
	public function client_get($session_id, $client_id)
52
	{
53
		global $app;
54

55
56
57
58
59
60
61
		if(!$this->checkPerm($session_id, 'client_get')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$app->uses('remoting_lib');
		$app->remoting_lib->loadFormDef('../client/form/client.tform.php');
		$data = $app->remoting_lib->getDataRecord($client_id);
62
63
64
65
66
67

		// we need to get the new-style templates for backwards-compatibility - maybe we remove this in a later version
		if(is_array($data) && count($data) > 0) {
			if(isset($data['client_id'])) {
				// this is a single record
				if($data['template_additional'] == '') {
68
					$tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $data['client_id']);
69
70
71
72
73
74
75
76
77
78
79
80
					$tpl_arr = array();
					if($tpls) {
						foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
					}
					$data['template_additional'] = implode('/', $tpl_arr);
					unset($tpl_arr);
					unset($tpls);
				}
			} elseif(isset($data[0]['client_id'])) {
				// multiple client records
				foreach($data as $index => $client) {
					if($client['template_additional'] == '') {
81
						$tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $client['client_id']);
82
83
84
85
86
87
88
89
90
91
92
93
94
						$tpl_arr = array();
						if($tpls) {
							foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
						}
						$data[$index]['template_additional'] = implode('/', $tpl_arr); // dont use the $client array here - changes would not be returned to soap
					}
					unset($tpl_arr);
					unset($tpls);
				}
			}
		}

		return $data;
95
	}
96

97
	public function client_get_id($session_id, $sys_userid)
98
	{
99
100
101
102
103
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_id')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
104

105
		$sys_userid = $app->functions->intval($sys_userid);
106

107
		$rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ?", $sys_userid);
108
109
110
111
112
113
		if(isset($rec['client_id'])) {
			return $app->functions->intval($rec['client_id']);
		} else {
			throw new SoapFault('no_client_found', 'There is no sysuser account for this client ID.');
			return false;
		}
114

115
	}
116
117
118
119
120
121
122
123
124
125
126
127
	
	//* Get the contact details to send a email like email address, name, etc.
	public function client_get_emailcontact($session_id, $client_id) {
		global $app;
		
		if(!$this->checkPerm($session_id, 'client_get_emailcontact')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		
		$client_id = $app->functions->intval($client_id);

128
		$rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ?", $client_id);
129
130
131
132
133
134
135
136
		
		if(is_array($rec)) {
			return $rec;
		} else {
			throw new SoapFault('no_client_found', 'There is no client with this client ID.');
			return false;
		}
	}
137

138
	public function client_get_groupid($session_id, $client_id)
139
	{
140
141
142
143
144
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_id')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
145

146
		$client_id = $app->functions->intval($client_id);
147

148
		$rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
149
150
151
152
153
154
		if(isset($rec['groupid'])) {
			return $app->functions->intval($rec['groupid']);
		} else {
			throw new SoapFault('no_group_found', 'There is no group for this client ID.');
			return false;
		}
155

156
	}
157
158


159
160
	public function client_add($session_id, $reseller_id, $params)
	{
Marius Cramer's avatar
Marius Cramer committed
161
162
		global $app;
		
163
		if (!$this->checkPerm($session_id, 'client_add'))
164
165
166
167
168
		{
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
Marius Cramer's avatar
Marius Cramer committed
169
170
171

		if($params['parent_client_id']) {
			// check if this one is reseller
172
			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
Marius Cramer's avatar
Marius Cramer committed
173
			if($check['limit_client'] == 0) {
Marius Burkard's avatar
Marius Burkard committed
174
				// Selected client is not a reseller. REMOVING PARENT_CLIENT_ID!!!
175
176
				$params['parent_client_id'] = 0;
			} elseif(isset($params['limit_client']) && $params['limit_client'] != 0) {
177
				throw new SoapFault('Invalid reseller', 'Reseller cannot be client of another reseller.');
Marius Cramer's avatar
Marius Cramer committed
178
179
180
181
182
183
				return false;
			}
		}

		$affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params);

184
185
		return $affected_rows;

186
	}
187

188
189
	public function client_update($session_id, $client_id, $reseller_id, $params)
	{
190
191
192
193
194
195
196
197
198
		global $app;

		if (!$this->checkPerm($session_id, 'client_update'))
		{
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}

		$app->uses('remoting_lib');
Marius Cramer's avatar
Marius Cramer committed
199
		$app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php');
200
		$old_rec = $app->remoting_lib->getDataRecord($client_id);
201
202
203
		
		//* merge old record with params, so only new values have to be set in $params
		$params = $app->functions->array_merge($old_rec,$params);
204

Marius Cramer's avatar
Marius Cramer committed
205
206
207
208
		if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;

		if($params['parent_client_id']) {
			// check if this one is reseller
209
			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
Marius Cramer's avatar
Marius Cramer committed
210
			if($check['limit_client'] == 0) {
211
				throw new SoapFault('Invalid reseller', 'Selected client is not a reseller.');
Marius Cramer's avatar
Marius Cramer committed
212
213
214
215
				return false;
			}

			if(isset($params['limit_client']) && $params['limit_client'] != 0) {
216
				throw new SoapFault('Invalid reseller', 'Reseller cannot be client of another reseller.');
Marius Cramer's avatar
Marius Cramer committed
217
218
219
220
				return false;
			}
		}

221
		// we need the previuos templates assigned here
222
		$this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
223
224
225
226
227
228
229
230
		if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
			// check previous type of storing templates
			$tpls = explode('/', $old_rec['template_additional']);
			$this->oldTemplatesAssigned = array();
			foreach($tpls as $item) {
				$item = trim($item);
				if(!$item) continue;
				$this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id);
231
			}
232
233
234
235
236
237
238
239
240
241
242
			unset($tpls);
		}
		if(isset($params['template_additional'])) {
			$app->uses('client_templates');
			$templates = explode('/', $params['template_additional']);
			$params['template_additional'] = '';
			$app->client_templates->update_client_templates($client_id, $templates);
			unset($templates);
		}


Marius Cramer's avatar
Marius Cramer committed
243
		$affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_update');
244
245
246
247

		$app->remoting_lib->ispconfig_sysuser_update($params, $client_id);

		return $affected_rows;
248
	}
249
250
251

	public function client_template_additional_get($session_id, $client_id) {
		global $app;
252
253

		if(!$this->checkPerm($session_id, 'client_get')) {
254
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
255
256
			return false;
		}
257
258

		if(@is_numeric($client_id)) {
259
260
			$sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ?";
			return $app->db->queryOneRecord($sql, $client_id);
261
		} else {
262
			throw new SoapFault('The ID must be an integer.');
263
264
265
266
267
268
269
270
			return array();
		}
	}

	private function _set_client_formdata($client_id) {
		global $app;

		$this->id = $client_id;
271
		$this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ?', $client_id);
272
273
		$this->oldDataRecord = $this->dataRecord;

274
		$this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
		if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
			// check previous type of storing templates
			$tpls = explode('/', $this->oldDataRecord['template_additional']);
			$this->oldTemplatesAssigned = array();
			foreach($tpls as $item) {
				$item = trim($item);
				if(!$item) continue;
				$this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id);
			}
			unset($tpls);
		}
	}

	public function client_template_additional_add($session_id, $client_id, $template_id) {
		global $app;

291
		if(!$this->checkPerm($session_id, 'client_update')) {
292
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
293
294
			return false;
		}
295
296
297

		if(@is_numeric($client_id) && @is_numeric($template_id)) {
			// check if client exists
298
			$check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
299
			if(!$check) {
300
				throw new SoapFault('Invalid client');
301
302
303
				return false;
			}
			// check if template exists
304
			$check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ?', $template_id);
305
			if(!$check) {
306
				throw new SoapFault('Invalid template');
307
308
309
310
311
312
				return false;
			}

			// for the update event we have to cheat a bit
			$this->_set_client_formdata($client_id);

313
314
			$sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)";
			$app->db->query($sql, $client_id, $template_id);
315
316
317
318
319
320
			$insert_id = $app->db->insertID();

			$app->plugin->raiseEvent('client:client:on_after_update', $this);

			return $insert_id;
		} else {
321
			throw new SoapFault('The IDs must be of type integer.');
322
323
324
325
326
327
328
			return false;
		}
	}

	public function client_template_additional_delete($session_id, $client_id, $assigned_template_id) {
		global $app;

329
		if(!$this->checkPerm($session_id, 'client_update')) {
330
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
331
332
			return false;
		}
333
334
335

		if(@is_numeric($client_id) && @is_numeric($template_id)) {
			// check if client exists
336
			$check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
337
			if(!$check) {
338
				throw new SoapFault('Invalid client');
339
340
341
				return false;
			}
			// check if template exists
342
			$check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $assigned_template_id);
343
			if(!$check) {
344
				throw new SoapFault('Invalid template');
345
				return false;
346
			}
347
348
349
350

			// for the update event we have to cheat a bit
			$this->_set_client_formdata($client_id);

351
352
			$sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ? AND `client_id` = ?";
			$app->db->query($sql, $template_id, $client_id);
353
354
355
356
			$affected_rows = $app->db->affectedRows();

			$app->plugin->raiseEvent('client:client:on_after_update', $this);

357
			return $affected_rows;
358
		} else {
359
			throw new SoapFault('The IDs must be of type integer.');
360
361
			return false;
		}
362
	}
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379

	public function client_delete($session_id, $client_id)
	{
		global $app;

		if (!$this->checkPerm($session_id, 'client_delete'))
		{
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id);

		$app->remoting_lib->ispconfig_sysuser_delete($client_id);

		return $affected_rows;
	}

380
	// -----------------------------------------------------------------------------------------------
381

382
	public function client_delete_everything($session_id, $client_id)
383
384
385
	{
		global $app, $conf;

386
		if(!$this->checkPerm($session_id, 'client_delete_everything')) {
387
388
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
389
		}
390

391
392
		$client_id = $app->functions->intval($client_id);

393
		if($client_id > 0) {
394
395
			//* remove the group of the client from the resellers group
			$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
396
397
			$parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
			$client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
398
399
			$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);

400
			//* delete the group of the client
401
			$app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
402

403
			//* delete the sys user(s) of the client
404
			$app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
405

406
			//* Delete all records (sub-clients, mail, web, etc....)  of this client.
407
			$tables = 'cron,client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic,domain';
408
			$tables_array = explode(',', $tables);
409
			$client_group_id = $app->functions->intval($client_group['groupid']);
410

411
412
413
			if($client_group_id > 1) {
				foreach($tables_array as $table) {
					if($table != '') {
414
						$records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ?", $client_group_id);
415
416
417
418
419
420
421
422
423
424
425
426
427
428
						//* find the primary ID of the table
						$table_info = $app->db->tableInfo($table);
						$index_field = '';
						foreach($table_info as $tmp) {
							if($tmp['option'] == 'primary') $index_field = $tmp['name'];
						}

						//* Delete the records
						if($index_field != '') {
							if(is_array($records)) {
								foreach($records as $rec) {
									$app->db->datalogDelete($table, $index_field, $rec[$index_field]);
									//* Delete traffic records that dont have a sys_groupid column
									if($table == 'web_domain') {
429
										$app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']);
430
431
432
									}
									//* Delete mail_traffic records that dont have a sys_groupid
									if($table == 'mail_user') {
433
										$app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']);
434
435
436
437
									}
								}
							}
						}
438

439
440
441
					}
				}
			}
442

443
		}
444

445
		if (!$this->checkPerm($session_id, 'client_delete')) {
446
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
447
448
			return false;
		}
449
		$affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id);
450

451
		return $affected_rows;
452
	}
453

454
455
	/**
	 * Get sys_user information by username
456
457
458
459
	 * @param int  session id
	 * @param string user's name
	 * @return mixed false if error
	 * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
460
	 */
461
462


463
	public function client_get_by_username($session_id, $username) {
464
465
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_by_username')) {
466
467
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
468
		}
469
		$rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $username);
470
		if (isset($rec)) {
471
			return $rec;
472
		} else {
473
474
			throw new SoapFault('no_client_found', 'There is no user account for this user name.');
			return false;
475
476
		}
	}
Marius Cramer's avatar
Marius Cramer committed
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
	
	public function client_get_by_customer_no($session_id, $customer_no) {
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_by_customer_no')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$customer_no = trim($customer_no);
		if($customer_no == '') {
			throw new SoapFault('permission_denied', 'There was no customer number specified.');
			return false;
		}
		$customer_no = $app->db->quote($customer_no);
		$rec = $app->db->queryOneRecord("SELECT * FROM client WHERE customer_no = '".$customer_no."'");
		if (isset($rec)) {
			return $rec;
		} else {
			throw new SoapFault('no_client_found', 'There is no user account for this customer number.');
			return false;
		}
	}
498
499
500
501
502
503

	/**
	 * Get All client_id's from database
	 * @param int session_id
	 * @return Array of all client_id's
	 */
504
	public function client_get_all($session_id) {
505
506
507
508
509
510
511
512
513
514
515
516
517
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_all')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$result = $app->db->queryAllRecords("SELECT client_id FROM client WHERE 1");
		if(!$result) {
			return false;
		}
		foreach( $result as $record) {
			$rarrary[] = $record['client_id'];
		}
		return $rarrary;
518
519
	}

520
521
522
523
524
525
526
527
528
529
530
531
	/**
	 * Changes client password
	 *
	 * @param int  session id
	 * @param int  client id
	 * @param string new password
	 * @return bool true if success
	 *
	 */
	public function client_change_password($session_id, $client_id, $new_password) {
		global $app;

532
533
		$app->uses('auth');

534
		if(!$this->checkPerm($session_id, 'client_change_password')) {
535
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
536
537
			return false;
		}
538

539
		$client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id);
540
		if($client['client_id'] > 0) {
541
542
			$new_password = $app->auth->crypt_password($new_password);
			$sql = "UPDATE client SET password = ? 	WHERE client_id = ?";
543
			$app->db->query($sql, $new_password, $client_id);
544
			$sql = "UPDATE sys_user SET passwort = ? 	WHERE client_id = ?";
545
			$app->db->query($sql, $new_password, $client_id);
546
547
			return true;
		} else {
548
549
			throw new SoapFault('no_client_found', 'There is no user account for this client_id');
			return false;
550
551
		}
	}
552
553

	/**
554
555
556
	 *  Get all client templates
	 * @param  int  session id
	 * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
557
558
559
560
	 */
	public function client_templates_get_all($session_id) {
		global $app;
		if(!$this->checkPerm($session_id, 'client_templates_get_all')) {
561
562
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
563
		}
564
		$sql    = "SELECT * FROM client_template";
565
		$result = $app->db->queryAllRecords($sql);
566
567
		return $result;
	}
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
	
	public function client_login_get($session_id,$username,$password,$remote_ip = '') {
		global $app;
		
		//* Check permissions
		if(!$this->checkPerm($session_id, 'client_get')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		
		//* Check username and password
		if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $username)) {
			throw new SoapFault('user_regex_error', 'Username contains invalid characters.');
			return false;
		}
		if(!preg_match("/^.{1,64}$/i", $password)) {
			throw new SoapFault('password_length_error', 'Invalid password length or no password provided.');
			return false;
		}
		
		//* Check failed logins
589
590
		$sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND  `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
		$alreadyfailed = $app->db->queryOneRecord($sql, $remote_ip);
591
592
593
594
595
596
597
598
599
600
601
602
603
		
		//* too many failedlogins
		if($alreadyfailed['times'] > 5) {
			throw new SoapFault('error_user_too_many_logins', 'Too many failed logins.');
			return false;
		}
		
		
		//*Set variables
		$returnval == false;
		
		if(strstr($username,'@')) {
			// Check against client table
604
605
			$sql = "SELECT * FROM client WHERE email = ?";
			$user = $app->db->queryOneRecord($sql, $username);
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635

			if($user) {
				$saved_password = stripslashes($user['password']);

				if(substr($saved_password, 0, 3) == '$1$') {
					//* The password is crypt-md5 encrypted
					$salt = '$1$'.substr($saved_password, 3, 8).'$';

					if(crypt(stripslashes($password), $salt) != $saved_password) {
						$user = false;
					}
				} else {

					//* The password is md5 encrypted
					if(md5($password) != $saved_password) {
						$user = false;
					}
				}
			}
			
			if(is_array($user)) {
				$returnval = array(	'username' 	=> 	$user['username'],
									'type'		=>	'user',
									'client_id'	=>	$user['client_id'],
									'language'	=>	$user['language'],
									'country'	=>	$user['country']);
			}
			
		} else {
			// Check against sys_user table
636
637
			$sql = "SELECT * FROM sys_user WHERE username = ?";
			$user = $app->db->queryOneRecord($sql, $username);
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672

			if($user) {
				$saved_password = stripslashes($user['passwort']);

				if(substr($saved_password, 0, 3) == '$1$') {
					//* The password is crypt-md5 encrypted
					$salt = '$1$'.substr($saved_password, 3, 8).'$';

					if(crypt(stripslashes($password), $salt) != $saved_password) {
						$user = false;
					}
				} else {

					//* The password is md5 encrypted
					if(md5($password) != $saved_password) {
						$user = false;
					}
				}
			}
			
			if(is_array($user)) {
				$returnval = array(	'username' 	=> 	$user['username'],
									'type'		=>	$user['typ'],
									'client_id'	=>	$user['client_id'],
									'language'	=>	$user['language'],
									'country'	=>	'de');
			} else {
				throw new SoapFault('login_failed', 'Login failed.');
			}
		}
		
		//* Log failed login attempts
		if($user === false) {
			if(!$alreadyfailed['times'] ) {
				//* user login the first time wrong
673
674
				$sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
				$app->db->query($sql, $remote_ip);
675
676
			} elseif($alreadyfailed['times'] >= 1) {
				//* update times wrong
677
678
				$sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) ORDER BY `login_time` DESC LIMIT 1";
				$app->db->query($sql, $remote_ip);
679
680
681
682
683
			}
		}
		
		return $returnval;
	}
684
685
}

686
?>