remoting.inc.php 20.5 KB
Newer Older
latham's avatar
latham committed
1 2 3
<?php

/*
4
Copyright (c) 2007 - 2011, Till Brehm, projektfarm Gmbh
latham's avatar
latham committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
      may be used to endorse or promote products derived from this software without
      specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

--UPDATED 08.2009--
Full SOAP support for ISPConfig 3.1.4 b
Updated by Arkadiusz Roch & Artur Edelman
Copyright (c) Tri-Plex technology

*/

class remoting {
38

latham's avatar
latham committed
39
	//* remote session timeout in seconds
40
	private $session_timeout = 1800;
41

latham's avatar
latham committed
42 43 44
	public $oldDataRecord;
	public $dataRecord;
	public $id;
45 46 47

	private $_methods = array();

latham's avatar
latham committed
48
	/*
49
	These variables shall stay global.
latham's avatar
latham committed
50
	Please do not make them private variables.
51

latham's avatar
latham committed
52 53 54 55
	private $app;
    private $conf;
    */

56 57 58 59 60 61
	public function __construct($methods = array())
	{
		global $app;
		$app->uses('remoting_lib');

		$this->_methods = $methods;
62

63
		/*
latham's avatar
latham committed
64 65 66
        $this->app = $app;
        $this->conf = $conf;
		*/
67 68 69
	}

	//* remote login function
70
	public function login($username, $password, $client_login = false)
71
	{
72
		global $app, $conf;
73

alexalouit's avatar
alexalouit committed
74 75
		$error = array();

76 77 78 79
		// Maintenance mode
		$app->uses('ini_parser,getconf');
		$server_config_array = $app->getconf->get_global_config('misc');
		if($server_config_array['maintenance_mode'] == 'y'){
80 81 82 83 84
			$error = array('faultcode' => 'maintenance_mode', 'faultstring' => 'This ISPConfig installation is currently under maintenance. We should be back shortly. Thank you for your patience.');
		} else {
			if(empty($username)) {
				$error = array('faultcode' => 'login_username_empty', 'faultstring' => 'The login username is empty.');
			}
85

86 87 88
			if(empty($password)) {
				$error = array('faultcode' => 'login_password_empty', 'faultstring' => 'The login password is empty.');
			}
89

90 91 92
			//* Delete old remoting sessions
			$sql = "DELETE FROM remote_session WHERE tstamp < UNIX_TIMESTAMP()";
			$app->db->query($sql);
93

94 95 96
			$ip = md5($_SERVER['REMOTE_ADDR']);
			$sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND  `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
			$alreadyfailed = $app->db->queryOneRecord($sql, $ip);
97

98 99 100
			if($alreadyfailed['times'] > 5) {
				$error = array('faultcode' => 'error_user_too_many_logins', 'faultstring' => 'Too many failed logins.');
			}
alexalouit's avatar
alexalouit committed
101
		}
102

alexalouit's avatar
alexalouit committed
103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121
		if (empty($error)) {
			if($client_login == true) {
				$sql = "SELECT * FROM sys_user WHERE USERNAME = ?";
				$user = $app->db->queryOneRecord($sql, $username);
				if($user) {
					$saved_password = stripslashes($user['passwort']);

					if(substr($saved_password, 0, 3) == '$1$') {
						//* The password is crypt-md5 encrypted
						$salt = '$1$'.substr($saved_password, 3, 8).'$';

						if(crypt(stripslashes($password), $salt) != $saved_password) {
							$error = array('faultcode' => 'client_login_failed', 'faultstring' => 'The login failed. Username or password wrong.');
						}
					} else {
						//* The password is md5 encrypted
						if(md5($password) != $saved_password) {
							$error = array('faultcode' => 'client_login_failed', 'faultstring' => 'The login failed. Username or password wrong.');
						}
122 123
					}
				} else {
alexalouit's avatar
alexalouit committed
124 125 126 127
					$error = array('faultcode' => 'client_login_failed', 'faultstring' => 'The login failed. Username or password wrong.');
				}
				if($user['active'] != 1) {
					$error = array('faultcode' => 'client_login_failed', 'faultstring' => 'The login failed. User is blocked.');
128 129
				}

alexalouit's avatar
alexalouit committed
130 131 132 133 134
				// now we need the client data
				$client = $app->db->queryOneRecord("SELECT client.can_use_api FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $user['default_group']);
				if(!$client || $client['can_use_api'] != 'y') {
					$error = array('faultcode' => 'client_login_failed', 'faultstring' => 'The login failed. Client may not use api.');
				}
135
			} else {
alexalouit's avatar
alexalouit committed
136 137 138
				$sql = "SELECT * FROM remote_user WHERE remote_username = ? and remote_password = md5(?)";
				$remote_user = $app->db->queryOneRecord($sql, $username, $password);
				if($remote_user['remote_userid'] > 0) {
139 140 141 142 143 144
					$allowed_ips = explode(',',$remote_user['remote_ips']);
					foreach($allowed_ips as $i => $allowed) { 
						if(!filter_var($allowed, FILTER_VALIDATE_IP)) { 
							// get the ip for a hostname
							unset($allowed_ips[$i]);
							$temp=dns_get_record($allowed, DNS_A+DNS_AAAA);
Florian Schaal's avatar
Florian Schaal committed
145 146 147 148 149 150
							if(is_array($temp) && !empty($temp)) {
								foreach($temp as $t) {
									if(isset($t['ip'])) $allowed_ips[] = $t['ip'];
									if(isset($t['ipv6'])) $allowed_ips[] = $t['ipv6'];
								}
								unset($temp);
151
							}
152 153
						}
					}
154 155 156 157 158 159 160 161 162 163 164 165 166 167 168
					$allowed_ips[] = '127.0.0.1';
					$allowed_ips[] = '::1';
					$allowed_ips=array_unique($allowed_ips);
					$ip = $_SERVER['REMOTE_ADDR'];
					$remote_allowed = @($ip == '::1' || $ip == '127.0.0.1')?true:false;
					if(!$remote_allowed && $remote_user['remote_access'] == 'y') {
						if(trim($remote_user['remote_ips']) == '') {
							$remote_allowed=true;
						} else {
							$ip = inet_pton($_SERVER['REMOTE_ADDR']);
							foreach($allowed_ips as $allowed) {
								if($ip == inet_pton(trim($allowed))) {
									$remote_allowed=true;
									break;
								}
169 170 171
							}
						}
					}
172 173 174 175 176
					if(!$remote_allowed) {
						$error = array('faultcode' => 'login_failed', 'faultstring' => 'The login is not allowed from '.$_SERVER['REMOTE_ADDR']);
					}
				} else {
					$error = array('faultcode' => 'client_login_failed', 'faultstring' => 'The login failed. Username or password wrong.');
177
				}
178 179 180
			}
			
			if(empty($error) && isset($remote_user['remote_userid'])) {
alexalouit's avatar
alexalouit committed
181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208
					//* Create a remote user session
					//srand ((double)microtime()*1000000);
					$remote_session = md5(mt_rand().uniqid('ispco'));
					$remote_userid = $remote_user['remote_userid'];
					$remote_functions = $remote_user['remote_functions'];
					$tstamp = time() + $this->session_timeout;
					$sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,tstamp'
						.') VALUES (?, ?, ?, ?)';
					$app->db->query($sql, $remote_session,$remote_userid,$remote_functions,$tstamp);
				}
			}

			if (! empty($error)) {
				if(! $alreadyfailed['times']) {
					//* user login the first time wrong
					$sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
					$app->db->query($sql, $ip);
				} elseif($alreadyfailed['times'] >= 1) {
					//* update times wrong
					$sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` < NOW() ORDER BY `login_time` DESC LIMIT 1";
					$app->db->query($sql, $ip);
				}

				$authlog = 'Failed login for user \''. $username .'\' from '. $_SERVER['REMOTE_ADDR'] .' at '. date('Y-m-d H:i:s') . ' (api)';
				$authlog_handle = fopen($conf['ispconfig_log_dir'].'/auth.log', 'a');
				fwrite($authlog_handle, $authlog ."\n");
				fclose($authlog_handle);

209
				throw new ISPConfigRemoteException($error['faultcode'], $error['faultstring']);
210
				return false;
alexalouit's avatar
alexalouit committed
211 212 213 214 215 216 217 218 219
			} else {
				// User login right, so attempts can be deleted
				$sql = "DELETE FROM `attempts_login` WHERE `ip`=?";
				$app->db->query($sql, $ip);

				$authlog = 'Successful login for user \''. $username .'\' from '. $_SERVER['REMOTE_ADDR'] .' at '. date('Y-m-d H:i:s') . ' (api)';
				$authlog_handle = fopen($conf['ispconfig_log_dir'].'/auth.log', 'a');
				fwrite($authlog_handle, $authlog ."\n");
				fclose($authlog_handle);
220
			}
alexalouit's avatar
alexalouit committed
221 222 223

		if (isset($remote_session)) {
			return $remote_session;
224 225
		}

latham's avatar
latham committed
226
	}
227

latham's avatar
latham committed
228 229
	//* remote logout function
	public function logout($session_id)
230
	{
latham's avatar
latham committed
231
		global $app;
232

latham's avatar
latham committed
233
		if(empty($session_id)) {
234
			throw new ISPConfigRemoteException('session_id_empty', 'The SessionID is empty.');
latham's avatar
latham committed
235 236
			return false;
		}
237

238 239
		$sql = "DELETE FROM remote_session WHERE remote_session = ?";
		if($app->db->query($sql, $session_id) != false) {
240 241 242 243
			return true;
		} else {
			return false;
		}
latham's avatar
latham committed
244
	}
245

246
	//** protected functions -----------------------------------------------------------------------------------
247

248
	protected function klientadd($formdef_file, $reseller_id, $params)
249
	{
latham's avatar
latham committed
250
		global $app;
251

252 253
		//* Load the form definition
		$app->remoting_lib->loadFormDef($formdef_file);
254

255 256
		//* load the user profile of the client
		$app->remoting_lib->loadUserProfile($reseller_id);
257

258
		//* Get the SQL query
259 260
		$sql = $app->remoting_lib->getSQL($params, 'INSERT', 0);

261
		//* Check if no system user with that username exists
262
		$username = $params["username"];
263
		$tmp = $app->db->queryOneRecord("SELECT count(userid) as number FROM sys_user WHERE username = ?", $username);
264
		if($tmp['number'] > 0) $app->remoting_lib->errorMessage .= "Duplicate username<br />";
265

266 267
		//* Stop on error while preparing the sql query
		if($app->remoting_lib->errorMessage != '') {
268
			throw new ISPConfigRemoteException('data_processing_error', $app->remoting_lib->errorMessage);
latham's avatar
latham committed
269 270
			return false;
		}
271

272 273
		//* Execute the SQL query
		$app->db->query($sql);
274
		if($app->db->errorMessage != '') {
275
			throw new ISPConfigRemoteException('database_error', $app->db->errorMessage . ' '.$sql);
276 277
			return false;
		}
278 279 280 281
		if ( isset($params['_primary_id'] ))
			$insert_id = $params['_primary_id'];
		else
			$insert_id = $app->db->insertID();
282 283


284 285
		//* Stop on error while executing the sql query
		if($app->remoting_lib->errorMessage != '') {
286
			throw new ISPConfigRemoteException('data_processing_error', $app->remoting_lib->errorMessage);
287 288
			return false;
		}
289

290 291
		$this->id = $insert_id;
		$this->dataRecord = $params;
292 293 294

		$app->plugin->raiseEvent('client:' . (isset($params['limit_client']) && $params['limit_client'] > 0 ? 'reseller' : 'client') . ':on_after_insert', $this);

295 296
		/*
		if($app->db->errorMessage != '') {
297
			throw new ISPConfigRemoteException('database_error', $app->db->errorMessage . ' '.$sql);
298 299
			return false;
		}
300
		*/
301 302

		/* copied from the client_edit php */
303 304
		$app->uses('functions');
		$app->functions->generate_ssh_key($this->id, $username);
305 306 307



308 309 310 311
		//$app->uses('tform');
		//* Save changes to Datalog
		if($app->remoting_lib->formDef["db_history"] == 'yes') {
			$new_rec = $app->remoting_lib->getDataRecord($insert_id);
312 313
			$app->remoting_lib->datalogSave('INSERT', $primary_id, array(), $new_rec);
			$app->remoting_lib->ispconfig_sysuser_add($params, $insert_id);
314

315
			if($reseller_id) {
316 317
				$client_group = $app->db->queryOneRecord("SELECT * FROM sys_group WHERE client_id = ?", $insert_id);
				$reseller_user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = ?", $reseller_id);
318
				$app->auth->add_group_to_user($reseller_user['userid'], $client_group['groupid']);
319
				$app->db->query("UPDATE client SET parent_client_id = ? WHERE client_id = ?", $reseller_id, $insert_id);
320
			}
321

322 323
		}
		return $insert_id;
324 325
	}

326 327 328 329 330 331
	protected function insertQuery($formdef_file, $client_id, $params, $event_identifier = '')
	{
		$sql = $this->insertQueryPrepare($formdef_file, $client_id, $params);
		if($sql !== false) return $this->insertQueryExecute($sql, $params, $event_identifier);
		else return false;
	}
332 333

	protected function insertQueryPrepare($formdef_file, $client_id, $params)
334
	{
335
		global $app;
336

337
		$app->uses('remoting_lib');
338

339 340
		//* load the user profile of the client
		$app->remoting_lib->loadUserProfile($client_id);
341

342 343
		//* Load the form definition
		$app->remoting_lib->loadFormDef($formdef_file);
344

345
		//* Get the SQL query
346
		$sql = $app->remoting_lib->getSQL($params, 'INSERT', 0);
347
		if($app->remoting_lib->errorMessage != '') {
348
			throw new ISPConfigRemoteException('data_processing_error', $app->remoting_lib->errorMessage);
349 350
			return false;
		}
351
		$app->log('Executed insertQueryPrepare', LOGLEVEL_DEBUG);
352
		return $sql;
353
	}
354 355 356

	protected function insertQueryExecute($sql, $params, $event_identifier = '')
	{
357
		global $app;
358

359
		$app->uses('remoting_lib');
360

361
		$app->db->query($sql);
362

363
		if($app->db->errorMessage != '') {
364
			throw new ISPConfigRemoteException('database_error', $app->db->errorMessage . ' '.$sql);
365 366
			return false;
		}
367

368 369 370 371
		if ( isset($params['_primary_id'] ))
			$insert_id = $params['_primary_id'];
		else
			$insert_id = $app->db->insertID();
372

373 374 375 376
		// set a few values for compatibility with tform actions, mostly used by plugins
		$this->id = $insert_id;
		$this->dataRecord = $params;
		$app->log('Executed insertQueryExecute, raising events now if any: ' . $event_identifier, LOGLEVEL_DEBUG);
377 378
		if($event_identifier != '') $app->plugin->raiseEvent($event_identifier, $this);

379 380 381 382
		//$app->uses('tform');
		//* Save changes to Datalog
		if($app->remoting_lib->formDef["db_history"] == 'yes') {
			$new_rec = $app->remoting_lib->getDataRecord($insert_id);
383 384
			$app->remoting_lib->datalogSave('INSERT', $primary_id, array(), $new_rec);
		}
385
		return $insert_id;
386
	}
387

388
	protected function updateQuery($formdef_file, $client_id, $primary_id, $params, $event_identifier = '')
389
	{
latham's avatar
latham committed
390
		global $app;
391

392
		$sql = $this->updateQueryPrepare($formdef_file, $client_id, $primary_id, $params);
393 394
		if($sql !== false) return $this->updateQueryExecute($sql, $primary_id, $params, $event_identifier);
		else return false;
latham's avatar
latham committed
395
	}
396

397
	protected function updateQueryPrepare($formdef_file, $client_id, $primary_id, $params)
398
	{
399
		global $app;
400

401
		$app->uses('remoting_lib');
402

403 404
		//* load the user profile of the client
		$app->remoting_lib->loadUserProfile($client_id);
405

406 407
		//* Load the form definition
		$app->remoting_lib->loadFormDef($formdef_file);
408 409
		
		//* get old record and merge with params, so only new values have to be set in $params
410
               $old_rec = $app->remoting_lib->getDataRecord($primary_id, $client_id);
411 412 413 414 415 416 417 418
		
		foreach ($app->remoting_lib->formDef['fields'] as $fieldName => $fieldConf)
        {
            if ($fieldConf['formtype'] === 'PASSWORD' && empty($params[$fieldName])) {
                unset($old_rec[$fieldName]);
            }
        }
		
419
		$params = $app->functions->array_merge($old_rec,$params);
420

421
		//* Get the SQL query
422
		$sql = $app->remoting_lib->getSQL($params, 'UPDATE', $primary_id);
Marius Cramer's avatar
Marius Cramer committed
423
		
424
		// throw new ISPConfigRemoteException('debug', $sql);
425
		if($app->remoting_lib->errorMessage != '') {
426
			throw new ISPConfigRemoteException('data_processing_error', $app->remoting_lib->errorMessage);
427 428
			return false;
		}
429 430

		return $sql;
431
	}
latham's avatar
latham committed
432

433
	protected function updateQueryExecute($sql, $primary_id, $params, $event_identifier = '')
434
	{
435
		global $app;
436

437
		$app->uses('remoting_lib');
438

439
		$old_rec = $app->remoting_lib->getDataRecord($primary_id);
440

441 442 443 444
		// set a few values for compatibility with tform actions, mostly used by plugins
		$this->oldDataRecord = $old_rec;
		$this->id = $primary_id;
		$this->dataRecord = $params;
445

446
		$app->db->query($sql);
447

448
		if($app->db->errorMessage != '') {
449
			throw new ISPConfigRemoteException('database_error', $app->db->errorMessage . ' '.$sql);
450 451
			return false;
		}
452

453 454
		$affected_rows = $app->db->affectedRows();
		$app->log('Executed updateQueryExecute, raising events now if any: ' . $event_identifier, LOGLEVEL_DEBUG);
455 456 457

		if($event_identifier != '') $app->plugin->raiseEvent($event_identifier, $this);

458 459 460
		//* Save changes to Datalog
		if($app->remoting_lib->formDef["db_history"] == 'yes') {
			$new_rec = $app->remoting_lib->getDataRecord($primary_id);
461
			$app->remoting_lib->datalogSave('UPDATE', $primary_id, $old_rec, $new_rec);
latham's avatar
latham committed
462
		}
463

latham's avatar
latham committed
464 465 466
		return $affected_rows;
	}

467
	protected function deleteQuery($formdef_file, $primary_id, $event_identifier = '')
468
	{
latham's avatar
latham committed
469
		global $app;
470

latham's avatar
latham committed
471
		$app->uses('remoting_lib');
472

473 474
		//* load the user profile of the client
		$app->remoting_lib->loadUserProfile(0);
475

476 477
		//* Load the form definition
		$app->remoting_lib->loadFormDef($formdef_file);
478

479
		$old_rec = $app->remoting_lib->getDataRecord($primary_id);
480

481 482 483 484 485 486
		// set a few values for compatibility with tform actions, mostly used by plugins
		$this->oldDataRecord = $old_rec;
		$this->id = $primary_id;
		$this->dataRecord = $old_rec;
		$app->log('Executed deleteQuery, raising events now if any: ' . $event_identifier, LOGLEVEL_DEBUG);
		//$this->dataRecord = $params;
487

488 489 490 491 492
		//* Get the SQL query
		$sql = $app->remoting_lib->getDeleteSQL($primary_id);
		$app->db->errorMessage = '';
		$app->db->query($sql);
		$affected_rows = $app->db->affectedRows();
493

494
		if($app->db->errorMessage != '') {
495
			throw new ISPConfigRemoteException('database_error', $app->db->errorMessage . ' '.$sql);
latham's avatar
latham committed
496 497
			return false;
		}
498

499
		if($event_identifier != '') {
500
			$app->plugin->raiseEvent($event_identifier, $this);
latham's avatar
latham committed
501
		}
502

503 504
		//* Save changes to Datalog
		if($app->remoting_lib->formDef["db_history"] == 'yes') {
505
			$app->remoting_lib->datalogSave('DELETE', $primary_id, $old_rec, array());
latham's avatar
latham committed
506
		}
507 508


509
		return $affected_rows;
latham's avatar
latham committed
510
	}
511 512


513
	protected function checkPerm($session_id, $function_name)
514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532
	{
		global $app;
		$dobre=array();
		$session = $this->getSession($session_id);
		if(!$session){
			return false;
		}

		$_SESSION['client_login'] = $session['client_login'];
		if($session['client_login'] == 1) {
			// permissions are checked at an other place
			$_SESSION['client_sys_userid'] = $session['remote_userid'];
			$app->remoting_lib->loadUserProfile(); // load the profile - we ALWAYS need this on client logins!
			return true;
		} else {
			$_SESSION['client_sys_userid'] = 0;
		}

		$dobre= str_replace(';', ',', $session['remote_functions']);
533 534
		$check = in_array($function_name, explode(',', $dobre) );
		if(!$check) {
535
			$app->log("REMOTE-LIB DENY: ".$session_id ." /". $function_name, LOGLEVEL_WARN);
latham's avatar
latham committed
536
		}
537
		return $check;
latham's avatar
latham committed
538
	}
539 540


541
	protected function getSession($session_id)
542
	{
latham's avatar
latham committed
543
		global $app;
544

545
		if(empty($session_id)) {
546
			throw new ISPConfigRemoteException('session_id_empty', 'The SessionID is empty.');
latham's avatar
latham committed
547 548
			return false;
		}
549

550
		$sql = "SELECT * FROM remote_session WHERE remote_session = ? AND tstamp >= UNIX_TIMESTAMP()";
551
		$session = $app->db->queryOneRecord($sql, $session_id);
552 553
		if($session['remote_userid'] > 0) {
			return $session;
latham's avatar
latham committed
554
		} else {
555
			throw new ISPConfigRemoteException('session_does_not_exist', 'The Session is expired or does not exist.');
latham's avatar
latham committed
556 557 558
			return false;
		}
	}
559

560
	public function server_get($session_id, $server_id = null, $section ='') {
561 562
		global $app;
		if(!$this->checkPerm($session_id, 'server_get')) {
563
			throw new ISPConfigRemoteException('permission_denied', 'You do not have the permissions to access this function.');
564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582
			return false;
		}
		if (!empty($session_id)) {
			if(!empty($server_id)) {
				$app->uses('remoting_lib , getconf');
				$section_config =  $app->getconf->get_server_config($server_id, $section);
				return $section_config;
			} else {
				$servers = array();
				$sql = "SELECT server_id FROM server WHERE 1";
				$all = $app->db->queryAllRecords($sql);
				foreach($all as $s) {
					$servers[$s['server_id']] = $app->getconf->get_server_config($s['server_id'], $section);
				}
				unset($all);
				unset($s);
				return $servers;
			}
		} else {
583 584
			return false;
		}
585 586 587 588 589 590 591 592 593 594 595 596
	}
	
	/**
	    Gets a list of all servers
	    @param int session_id
	    @param int server_name
	    @author Marius Cramer <m.cramer@pixcept.de> 2014
    */
	public function server_get_all($session_id)
    {
        global $app;
		if(!$this->checkPerm($session_id, 'server_get')) {
597
        	throw new ISPConfigRemoteException('permission_denied', 'You do not have the permissions to access this function.');
598 599 600 601 602 603
            return false;
		}
		if (!empty($session_id)) {
			$sql = "SELECT server_id, server_name FROM server WHERE 1";
			$servers = $app->db->queryAllRecords($sql);
			return $servers;
604 605 606 607 608
		} else {
			return false;
		}
	}

609
	/**
610 611 612 613 614 615 616 617 618 619
	 * Get a list of functions
	 * @param  int  session id
	 * @return mixed array of the available functions
	 * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
	 */


	public function get_function_list($session_id)
	{
		if(!$this->checkPerm($session_id, 'get_function_list')) {
620
			throw new ISPConfigRemoteException('permission_denied', 'You do not have the permissions to access this function.');
621
			return false;
622 623 624 625
		}
		return $this->_methods;
	}

latham's avatar
latham committed
626
}
627

alexalouit's avatar
alexalouit committed
628
?>