remoting.inc.php 5.44 KB
Newer Older
1 2 3 4 5 6 7
<?php

class remoting {
	
	//* remote session timeout in seconds
	private $session_timeout = 600;
	
tbrehm's avatar
tbrehm committed
8 9 10 11 12 13 14
	private $server;
	
	/*
	These variables shall stay global. 
	Please do not make them private variables.
    
	private $app;
15
    private $conf;
tbrehm's avatar
tbrehm committed
16
    */
17 18 19

    public function __construct()
    {
tbrehm's avatar
tbrehm committed
20
        global $server;
21
        $this->server = $server;
tbrehm's avatar
tbrehm committed
22
		/*
23 24
        $this->app = $app;
        $this->conf = $conf;
tbrehm's avatar
tbrehm committed
25
		*/
26 27
    }

28
	//* remote login function
pedro_morgan's avatar
pedro_morgan committed
29 30
	public function login($username, $password)
    {
tbrehm's avatar
tbrehm committed
31 32
		global $app, $conf, $server;
		
33
		if(empty($username)) {
34
			$this->server->fault('login_username_empty', 'The login username is empty');
35 36 37 38
			return false;
		}
		
		if(empty($password)) {
39
			$this->server->fault('login_password_empty', 'The login password is empty');
40 41 42
			return false;
		}
		
tbrehm's avatar
tbrehm committed
43 44
		$username = $app->db->quote($username);
		$password = $app->db->quote($password);
45 46
		
		$sql = "SELECT * FROM remote_user WHERE remote_username = '$username' and remote_password = md5('$password')";
tbrehm's avatar
tbrehm committed
47
		$remote_user = $app->db->queryOneRecord($sql);
48 49 50 51 52 53 54
		if($remote_user['remote_userid'] > 0) {
			//* Create a remote user session
			srand ((double)microtime()*1000000);
			$remote_session = md5(rand());
			$remote_userid = $remote_user['remote_userid'];
			$remote_functions = $remote_user['remote_functions'];
			$tstamp = time() + $this->session_timeout;
55 56 57
			$sql = 'INSERT INTO remote_session (remote_session,remote_userid,remote_functions,tstamp'
                   .') VALUES ('
                   ." '$remote_session',$remote_userid,'$remote_functions',$tstamp)";
tbrehm's avatar
tbrehm committed
58
			$app->db->query($sql);
59 60
			return $remote_session;
		} else {
61
			$this->server->fault('login_failed', 'The login failed. Username or password wrong.');
62 63 64 65 66 67
			return false;
		}
		
	}
	
	//* remote logout function
pedro_morgan's avatar
pedro_morgan committed
68
	public function logout($session_id)
69
    {		
tbrehm's avatar
tbrehm committed
70 71
		global $app;
		
72
		if(empty($session_id)) {
73
			$this->server->fault('session_id_empty', 'The SessionID is empty.');
74 75 76
			return false;
		}
		
tbrehm's avatar
tbrehm committed
77
		$session_id = $app->db->quote($session_id);
78 79
		
		$sql = "DELETE FROM remote_session WHERE remote_session = '$session_id'";
tbrehm's avatar
tbrehm committed
80 81
		$app->db->query($sql);
        return ($app->db->affectedRows() == 1);
82 83
	}
	
tbrehm's avatar
tbrehm committed
84 85
	
	public function mail_domain_add($session_id, $client_id, $params)
pedro_morgan's avatar
pedro_morgan committed
86 87
    {
		if(!$this->checkPerm($session_id, 'mail_domain_add')) {
88
			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
89 90
			return false;
		}
tbrehm's avatar
tbrehm committed
91 92 93 94 95 96 97 98 99 100 101 102
		$domain_id = $this->insertQuery('../mail/form/mail_domain.tform.php',$client_id,$params);
		return $domain_id;
	}
	
	public function mail_domain_update($session_id, $client_id, $domain_id, $params)
    {
		if(!$this->checkPerm($session_id, 'mail_domain_update')) {
			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$domain_id = $this->updateQuery('../mail/form/mail_domain.tform.php',$client_id,$domain_id,$params);
		return $domain_id;
103 104 105 106
	}
	
	
	
pedro_morgan's avatar
pedro_morgan committed
107
	//** private functions -----------------------------------------------------------------------------------
108
	
tbrehm's avatar
tbrehm committed
109
	private function updateQuery($formdef_file, $client_id, $primary_id, $params)
pedro_morgan's avatar
pedro_morgan committed
110
    {
tbrehm's avatar
tbrehm committed
111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142
		global $app;
		
		$app->uses('remoting_lib');
		
		//* Load the form definition
		$app->remoting_lib->loadFormDef($formdef_file);
		
		//* load the user profile of the client
		$app->remoting_lib->loadUserProfile($client_id);
		
		//* Get the SQL query
		$sql = $app->remoting_lib->getSQL($params,'UPDATE',$primary_id);
		if($app->remoting_lib->errorMessage != '') {
			$this->server->fault('data_processing_error', $app->remoting_lib->errorMessage);
			return false;
		}
		
		$app->db->query($sql);
		
		if($app->db->errorMessage != '') {
			$this->server->fault('database_error', $app->db->errorMessage . ' '.$sql);
			return false;
		}
		
		$affected_rows = $app->db->affectedRows();
		
		//* TODO: Save changes to Datalog
		
		
		
		return $affected_rows;
	}
143
	
tbrehm's avatar
tbrehm committed
144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177
	private function insertQuery($formdef_file, $client_id, $params)
    {
		global $app;
		
		$app->uses('remoting_lib');
		
		//* Load the form definition
		$app->remoting_lib->loadFormDef($formdef_file);
		
		//* load the user profile of the client
		$app->remoting_lib->loadUserProfile($client_id);
		
		//* Get the SQL query
		$sql = $app->remoting_lib->getSQL($params,'INSERT',0);
		if($app->remoting_lib->errorMessage != '') {
			$this->server->fault('data_processing_error', $app->remoting_lib->errorMessage);
			return false;
		}
		
		$app->db->query($sql);
		
		if($app->db->errorMessage != '') {
			$this->server->fault('database_error', $app->db->errorMessage . ' '.$sql);
			return false;
		}
		
		$insert_id = $app->db->insertID();
		
		//* TODO: Save changes to Datalog
		
		
		
		
		return $insert_id
178 179 180
	}
	
	
pedro_morgan's avatar
pedro_morgan committed
181 182
	private function checkPerm($session_id, $function_name)
    {
183
		$session = $this->getSession($session_id);
pedro_morgan's avatar
pedro_morgan committed
184 185 186 187
        if(!$session){
            return false;
        }
		return in_array($function_name, explode(',', $session['remote_functions']) );
188 189 190
	}
	
	
pedro_morgan's avatar
pedro_morgan committed
191
	private function getSession($session_id)
192
    {	
tbrehm's avatar
tbrehm committed
193 194
		global $app;
		
195
		if(empty($session_id)) {
196
			$this->server->fault('session_id_empty','The SessionID is empty.');
197 198 199
			return false;
		}
		
tbrehm's avatar
tbrehm committed
200
		$session_id = $app->db->quote($session_id);
201 202 203
		
		$now = time();
		$sql = "SELECT * FROM remote_session WHERE remote_session = '$session_id' AND tstamp >= $now";
tbrehm's avatar
tbrehm committed
204
		$session = $app->db->queryOneRecord($sql);
205 206 207
		if($session['remote_userid'] > 0) {
			return $session;
		} else {
208
			$this->server->fault('session_does_not_exist','The Session is expired or does not exist.');
209 210 211 212 213 214
			return false;
		}
	}
}

?>