client_add does not check that reseller is actually reseller
Snippet from api sample: client_add($this->session_id, $reseller, $params);
Say I have one client client1 with id=1, this is not a reseller. I then call client_add($this->session_id, 1, $params); and new client will have client1 as a reseller. client1 will also be added to the new group of new client. The limits of client1 will be enforced to limits of new client. I believe second parameter should be checked so that the user is actually a reseller and not just plain user.