client.inc.php 24.2 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php

/*
Copyright (c) 2007 - 2013, Till Brehm, projektfarm Gmbh
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
      may be used to endorse or promote products derived from this software without
      specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

--UPDATED 08.2009--
Full SOAP support for ISPConfig 3.1.4 b
Updated by Arkadiusz Roch & Artur Edelman
Copyright (c) Tri-Plex technology

--UPDATED 08.2013--
Migrated into new remote classes system
by Marius Cramer <m.cramer@pixcept.de>

*/

class remoting_client extends remoting {
42
43
44
45
	/*
 *
 *
 *
46
 * 	 * Client functions
47
48
 *
 *
49
50
51
 */
	//* Get client details
	public function client_get($session_id, $client_id)
52
	{
53
		global $app;
54

55
56
57
58
59
60
61
		if(!$this->checkPerm($session_id, 'client_get')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$app->uses('remoting_lib');
		$app->remoting_lib->loadFormDef('../client/form/client.tform.php');
		$data = $app->remoting_lib->getDataRecord($client_id);
62
63
64
65
66
67

		// we need to get the new-style templates for backwards-compatibility - maybe we remove this in a later version
		if(is_array($data) && count($data) > 0) {
			if(isset($data['client_id'])) {
				// this is a single record
				if($data['template_additional'] == '') {
68
					$tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $data['client_id']);
69
70
71
72
73
74
75
76
77
78
79
80
					$tpl_arr = array();
					if($tpls) {
						foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
					}
					$data['template_additional'] = implode('/', $tpl_arr);
					unset($tpl_arr);
					unset($tpls);
				}
			} elseif(isset($data[0]['client_id'])) {
				// multiple client records
				foreach($data as $index => $client) {
					if($client['template_additional'] == '') {
81
						$tpls = $app->db->queryAllRecords('SELECT CONCAT(`assigned_template_id`, \':\', `client_template_id`) as `item` FROM `client_template_assigned` WHERE `client_id` = ?', $client['client_id']);
82
83
84
85
86
87
88
89
90
91
92
93
94
						$tpl_arr = array();
						if($tpls) {
							foreach($tpls as $tpl) $tpl_arr[] = $tpl['item'];
						}
						$data[$index]['template_additional'] = implode('/', $tpl_arr); // dont use the $client array here - changes would not be returned to soap
					}
					unset($tpl_arr);
					unset($tpls);
				}
			}
		}

		return $data;
95
	}
96

97
	public function client_get_id($session_id, $sys_userid)
98
	{
99
100
101
102
103
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_id')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
104

105
		$sys_userid = $app->functions->intval($sys_userid);
106

107
		$rec = $app->db->queryOneRecord("SELECT client_id FROM sys_user WHERE userid = ?", $sys_userid);
108
109
110
111
112
113
		if(isset($rec['client_id'])) {
			return $app->functions->intval($rec['client_id']);
		} else {
			throw new SoapFault('no_client_found', 'There is no sysuser account for this client ID.');
			return false;
		}
114

115
	}
116
117
118
119
120
121
122
123
124
125
126
127
	
	//* Get the contact details to send a email like email address, name, etc.
	public function client_get_emailcontact($session_id, $client_id) {
		global $app;
		
		if(!$this->checkPerm($session_id, 'client_get_emailcontact')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		
		$client_id = $app->functions->intval($client_id);

128
		$rec = $app->db->queryOneRecord("SELECT company_name,contact_name,gender,email,language FROM client WHERE client_id = ?", $client_id);
129
130
131
132
133
134
135
136
		
		if(is_array($rec)) {
			return $rec;
		} else {
			throw new SoapFault('no_client_found', 'There is no client with this client ID.');
			return false;
		}
	}
137

138
	public function client_get_groupid($session_id, $client_id)
139
	{
140
141
142
143
144
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_id')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
145

146
		$client_id = $app->functions->intval($client_id);
147

148
		$rec = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
149
150
151
152
153
154
		if(isset($rec['groupid'])) {
			return $app->functions->intval($rec['groupid']);
		} else {
			throw new SoapFault('no_group_found', 'There is no group for this client ID.');
			return false;
		}
155

156
	}
157
158


159
160
	public function client_add($session_id, $reseller_id, $params)
	{
Marius Cramer's avatar
Marius Cramer committed
161
162
		global $app;
		
163
		if (!$this->checkPerm($session_id, 'client_add'))
164
165
166
167
168
		{
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;
Marius Cramer's avatar
Marius Cramer committed
169
170
171

		if($params['parent_client_id']) {
			// check if this one is reseller
172
			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
Marius Cramer's avatar
Marius Cramer committed
173
			if($check['limit_client'] == 0) {
Marius Burkard's avatar
Marius Burkard committed
174
				// Selected client is not a reseller. REMOVING PARENT_CLIENT_ID!!!
175
176
				$params['parent_client_id'] = 0;
			} elseif(isset($params['limit_client']) && $params['limit_client'] != 0) {
177
				throw new SoapFault('Invalid reseller', 'Reseller cannot be client of another reseller.');
Marius Cramer's avatar
Marius Cramer committed
178
179
180
181
182
183
				return false;
			}
		}

		$affected_rows = $this->klientadd('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $params);

184
185
		return $affected_rows;

186
	}
187

188
189
	public function client_update($session_id, $client_id, $reseller_id, $params)
	{
190
191
192
193
194
195
196
197
198
		global $app;

		if (!$this->checkPerm($session_id, 'client_update'))
		{
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}

		$app->uses('remoting_lib');
Marius Cramer's avatar
Marius Cramer committed
199
		$app->remoting_lib->loadFormDef('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php');
200
		$old_rec = $app->remoting_lib->getDataRecord($client_id);
201
202
203
		
		//* merge old record with params, so only new values have to be set in $params
		$params = $app->functions->array_merge($old_rec,$params);
204

Marius Cramer's avatar
Marius Cramer committed
205
206
207
208
		if(!isset($params['parent_client_id']) || $params['parent_client_id'] == 0) $params['parent_client_id'] = $reseller_id;

		if($params['parent_client_id']) {
			// check if this one is reseller
209
			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ?', intval($params['parent_client_id']));
Marius Cramer's avatar
Marius Cramer committed
210
			if($check['limit_client'] == 0) {
211
				throw new SoapFault('Invalid reseller', 'Selected client is not a reseller.');
Marius Cramer's avatar
Marius Cramer committed
212
213
214
215
				return false;
			}

			if(isset($params['limit_client']) && $params['limit_client'] != 0) {
216
				throw new SoapFault('Invalid reseller', 'Reseller cannot be client of another reseller.');
Marius Cramer's avatar
Marius Cramer committed
217
218
219
220
				return false;
			}
		}

221
		// we need the previuos templates assigned here
222
		$this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
223
224
225
226
227
228
229
230
		if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
			// check previous type of storing templates
			$tpls = explode('/', $old_rec['template_additional']);
			$this->oldTemplatesAssigned = array();
			foreach($tpls as $item) {
				$item = trim($item);
				if(!$item) continue;
				$this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id);
231
			}
232
233
234
235
236
237
238
239
240
241
242
			unset($tpls);
		}
		if(isset($params['template_additional'])) {
			$app->uses('client_templates');
			$templates = explode('/', $params['template_additional']);
			$params['template_additional'] = '';
			$app->client_templates->update_client_templates($client_id, $templates);
			unset($templates);
		}


Marius Cramer's avatar
Marius Cramer committed
243
		$affected_rows = $this->updateQuery('../client/form/' . (isset($params['limit_client']) && $params['limit_client'] != 0 ? 'reseller' : 'client') . '.tform.php', $reseller_id, $client_id, $params, 'client:' . ($reseller_id ? 'reseller' : 'client') . ':on_after_update');
244
245
246
247

		$app->remoting_lib->ispconfig_sysuser_update($params, $client_id);

		return $affected_rows;
248
	}
249
250
251

	public function client_template_additional_get($session_id, $client_id) {
		global $app;
252
253

		if(!$this->checkPerm($session_id, 'client_get')) {
254
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
255
256
			return false;
		}
257
258

		if(@is_numeric($client_id)) {
259
260
			$sql = "SELECT * FROM `client_template_assigned` WHERE `client_id` = ?";
			return $app->db->queryOneRecord($sql, $client_id);
261
		} else {
262
			throw new SoapFault('The ID must be an integer.');
263
264
265
266
267
268
269
270
			return array();
		}
	}

	private function _set_client_formdata($client_id) {
		global $app;

		$this->id = $client_id;
271
		$this->dataRecord = $app->db->queryOneRecord('SELECT * FROM `client` WHERE `client_id` = ?', $client_id);
272
273
		$this->oldDataRecord = $this->dataRecord;

274
		$this->oldTemplatesAssigned = $app->db->queryAllRecords('SELECT * FROM `client_template_assigned` WHERE `client_id` = ?', $client_id);
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
		if(!is_array($this->oldTemplatesAssigned) || count($this->oldTemplatesAssigned) < 1) {
			// check previous type of storing templates
			$tpls = explode('/', $this->oldDataRecord['template_additional']);
			$this->oldTemplatesAssigned = array();
			foreach($tpls as $item) {
				$item = trim($item);
				if(!$item) continue;
				$this->oldTemplatesAssigned[] = array('assigned_template_id' => 0, 'client_template_id' => $item, 'client_id' => $client_id);
			}
			unset($tpls);
		}
	}

	public function client_template_additional_add($session_id, $client_id, $template_id) {
		global $app;

291
		if(!$this->checkPerm($session_id, 'client_update')) {
292
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
293
294
			return false;
		}
295
296
297

		if(@is_numeric($client_id) && @is_numeric($template_id)) {
			// check if client exists
298
			$check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
299
			if(!$check) {
300
				throw new SoapFault('Invalid client');
301
302
303
				return false;
			}
			// check if template exists
304
			$check = $app->db->queryOneRecord('SELECT `template_id` FROM `client_template` WHERE `template_id` = ?', $template_id);
305
			if(!$check) {
306
				throw new SoapFault('Invalid template');
307
308
309
310
311
312
				return false;
			}

			// for the update event we have to cheat a bit
			$this->_set_client_formdata($client_id);

313
314
			$sql = "INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)";
			$app->db->query($sql, $client_id, $template_id);
315
316
317
318
319
320
			$insert_id = $app->db->insertID();

			$app->plugin->raiseEvent('client:client:on_after_update', $this);

			return $insert_id;
		} else {
321
			throw new SoapFault('The IDs must be of type integer.');
322
323
324
325
326
327
328
			return false;
		}
	}

	public function client_template_additional_delete($session_id, $client_id, $assigned_template_id) {
		global $app;

329
		if(!$this->checkPerm($session_id, 'client_update')) {
330
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
331
332
			return false;
		}
333

334
		if(@is_numeric($client_id) && @is_numeric($assigned_template_id)) {
335
			// check if client exists
336
			$check = $app->db->queryOneRecord('SELECT `client_id` FROM `client` WHERE `client_id` = ?', $client_id);
337
			if(!$check) {
338
				throw new SoapFault('Invalid client');
339
340
341
				return false;
			}
			// check if template exists
342
			$check = $app->db->queryOneRecord('SELECT `assigned_template_id` FROM `client_template_assigned` WHERE `client_id` = ? AND `client_template_id` = ?', $client_id, $assigned_template_id);
343
			if(!$check) {
344
				throw new SoapFault('Invalid template');
345
				return false;
346
			}
347
348
349
350

			// for the update event we have to cheat a bit
			$this->_set_client_formdata($client_id);

351
			$sql = "DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ? AND `client_id` = ?";
352
			$app->db->query($sql, $check['assigned_template_id'], $client_id);
353
354
355
356
			$affected_rows = $app->db->affectedRows();

			$app->plugin->raiseEvent('client:client:on_after_update', $this);

357
			return $affected_rows;
358
		} else {
359
			throw new SoapFault('The IDs must be of type integer.');
360
361
			return false;
		}
362
	}
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379

	public function client_delete($session_id, $client_id)
	{
		global $app;

		if (!$this->checkPerm($session_id, 'client_delete'))
		{
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id);

		$app->remoting_lib->ispconfig_sysuser_delete($client_id);

		return $affected_rows;
	}

380
	// -----------------------------------------------------------------------------------------------
381

382
	public function client_delete_everything($session_id, $client_id)
383
384
385
	{
		global $app, $conf;

386
		if(!$this->checkPerm($session_id, 'client_delete_everything')) {
387
388
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
389
		}
390

391
392
		$client_id = $app->functions->intval($client_id);

393
		if($client_id > 0) {
394
395
			//* remove the group of the client from the resellers group
			$parent_client_id = $app->functions->intval($this->dataRecord['parent_client_id']);
396
397
			$parent_user = $app->db->queryOneRecord("SELECT userid FROM sys_user WHERE client_id = ?", $parent_client_id);
			$client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
398
399
			$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);

400
			//* delete the group of the client
401
			$app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
402

403
			//* delete the sys user(s) of the client
404
			$app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
405

406
			//* Delete all records (sub-clients, mail, web, etc....)  of this client.
407
			$tables = 'cron,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic,domain,mail_mailinglist,client';
408
			$tables_array = explode(',', $tables);
409
410
411
412
			$client_group_id = $app->functions->intval($client_group['groupid']);
			if($client_group_id > 1) {
				foreach($tables_array as $table) {
					if($table != '') {
413
						$records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ?", $client_group_id);
414
415
416
417
418
419
420
421
422
423
424
425
426
						//* find the primary ID of the table
						$table_info = $app->db->tableInfo($table);
						$index_field = '';
						foreach($table_info as $tmp) {
							if($tmp['option'] == 'primary') $index_field = $tmp['name'];
						}
						//* Delete the records
						if($index_field != '') {
							if(is_array($records)) {
								foreach($records as $rec) {
									$app->db->datalogDelete($table, $index_field, $rec[$index_field]);
									//* Delete traffic records that dont have a sys_groupid column
									if($table == 'web_domain') {
427
										$app->db->query("DELETE FROM web_traffic WHERE hostname = ?", $rec['domain']);
428
429
430
									}
									//* Delete mail_traffic records that dont have a sys_groupid
									if($table == 'mail_user') {
431
										$app->db->query("DELETE FROM mail_traffic WHERE mailuser_id = ?", $rec['mailuser_id']);
432
433
434
435
									}
								}
							}
						}
436

437
438
439
					}
				}
			}
440

441
442
		}
		if (!$this->checkPerm($session_id, 'client_delete')) {
443
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
444
445
			return false;
		}
446
		$affected_rows = $this->deleteQuery('../client/form/client.tform.php', $client_id);
447

448
		return $affected_rows;
449
	}
450

451
452
	/**
	 * Get sys_user information by username
453
454
455
456
	 * @param int  session id
	 * @param string user's name
	 * @return mixed false if error
	 * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
457
	 */
458
459


460
	public function client_get_by_username($session_id, $username) {
461
462
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_by_username')) {
463
464
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
465
		}
466
		$rec = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE username = ?", $username);
467
		if (isset($rec)) {
468
			return $rec;
469
		} else {
470
471
			throw new SoapFault('no_client_found', 'There is no user account for this user name.');
			return false;
472
473
		}
	}
Marius Cramer's avatar
Marius Cramer committed
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
	
	public function client_get_by_customer_no($session_id, $customer_no) {
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_by_customer_no')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$customer_no = trim($customer_no);
		if($customer_no == '') {
			throw new SoapFault('permission_denied', 'There was no customer number specified.');
			return false;
		}
		$customer_no = $app->db->quote($customer_no);
		$rec = $app->db->queryOneRecord("SELECT * FROM client WHERE customer_no = '".$customer_no."'");
		if (isset($rec)) {
			return $rec;
		} else {
			throw new SoapFault('no_client_found', 'There is no user account for this customer number.');
			return false;
		}
	}
495
496
497
498
499
500

	/**
	 * Get All client_id's from database
	 * @param int session_id
	 * @return Array of all client_id's
	 */
501
	public function client_get_all($session_id) {
502
503
504
505
506
507
508
509
510
511
512
513
514
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_all')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		$result = $app->db->queryAllRecords("SELECT client_id FROM client WHERE 1");
		if(!$result) {
			return false;
		}
		foreach( $result as $record) {
			$rarrary[] = $record['client_id'];
		}
		return $rarrary;
515
516
	}

517
518
519
520
521
522
523
524
525
526
527
528
	/**
	 * Changes client password
	 *
	 * @param int  session id
	 * @param int  client id
	 * @param string new password
	 * @return bool true if success
	 *
	 */
	public function client_change_password($session_id, $client_id, $new_password) {
		global $app;

529
530
		$app->uses('auth');

531
		if(!$this->checkPerm($session_id, 'client_change_password')) {
532
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
533
534
			return false;
		}
535

536
		$client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id);
537
		if($client['client_id'] > 0) {
538
539
			$new_password = $app->auth->crypt_password($new_password);
			$sql = "UPDATE client SET password = ? 	WHERE client_id = ?";
540
			$app->db->query($sql, $new_password, $client_id);
541
			$sql = "UPDATE sys_user SET passwort = ? 	WHERE client_id = ?";
542
			$app->db->query($sql, $new_password, $client_id);
543
544
			return true;
		} else {
545
546
			throw new SoapFault('no_client_found', 'There is no user account for this client_id');
			return false;
547
548
		}
	}
549
550

	/**
551
552
553
	 *  Get all client templates
	 * @param  int  session id
	 * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
554
555
556
557
	 */
	public function client_templates_get_all($session_id) {
		global $app;
		if(!$this->checkPerm($session_id, 'client_templates_get_all')) {
558
559
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
560
		}
561
		$sql    = "SELECT * FROM client_template";
562
		$result = $app->db->queryAllRecords($sql);
563
564
		return $result;
	}
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
	
	public function client_login_get($session_id,$username,$password,$remote_ip = '') {
		global $app;
		
		//* Check permissions
		if(!$this->checkPerm($session_id, 'client_get')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}
		
		//* Check username and password
		if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $username)) {
			throw new SoapFault('user_regex_error', 'Username contains invalid characters.');
			return false;
		}
		if(!preg_match("/^.{1,64}$/i", $password)) {
			throw new SoapFault('password_length_error', 'Invalid password length or no password provided.');
			return false;
		}
		
		//* Check failed logins
586
587
		$sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND  `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
		$alreadyfailed = $app->db->queryOneRecord($sql, $remote_ip);
588
589
590
591
592
593
594
595
596
597
598
599
600
		
		//* too many failedlogins
		if($alreadyfailed['times'] > 5) {
			throw new SoapFault('error_user_too_many_logins', 'Too many failed logins.');
			return false;
		}
		
		
		//*Set variables
		$returnval == false;
		
		if(strstr($username,'@')) {
			// Check against client table
601
602
			$sql = "SELECT * FROM client WHERE email = ?";
			$user = $app->db->queryOneRecord($sql, $username);
603
604
605
606

			if($user) {
				$saved_password = stripslashes($user['password']);

607
608
609
				if(preg_match('/^\$[156]\$/', $saved_password)) {
					//* The password is crypt encrypted
					if(crypt(stripslashes($password), $saved_password) !== $saved_password) {
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
						$user = false;
					}
				} else {

					//* The password is md5 encrypted
					if(md5($password) != $saved_password) {
						$user = false;
					}
				}
			}
			
			if(is_array($user)) {
				$returnval = array(	'username' 	=> 	$user['username'],
									'type'		=>	'user',
									'client_id'	=>	$user['client_id'],
									'language'	=>	$user['language'],
									'country'	=>	$user['country']);
			}
			
		} else {
			// Check against sys_user table
631
632
			$sql = "SELECT * FROM sys_user WHERE username = ?";
			$user = $app->db->queryOneRecord($sql, $username);
633
634
635
636

			if($user) {
				$saved_password = stripslashes($user['passwort']);

637
				if(preg_match('/^\$[156]\$/', $saved_password)) {
638
					//* The password is crypt-md5 encrypted
639
					if(crypt(stripslashes($password), $saved_password) != $saved_password) {
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
						$user = false;
					}
				} else {

					//* The password is md5 encrypted
					if(md5($password) != $saved_password) {
						$user = false;
					}
				}
			}
			
			if(is_array($user)) {
				$returnval = array(	'username' 	=> 	$user['username'],
									'type'		=>	$user['typ'],
									'client_id'	=>	$user['client_id'],
									'language'	=>	$user['language'],
									'country'	=>	'de');
			} else {
				throw new SoapFault('login_failed', 'Login failed.');
			}
		}
		
		//* Log failed login attempts
		if($user === false) {
			if(!$alreadyfailed['times'] ) {
				//* user login the first time wrong
666
667
				$sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
				$app->db->query($sql, $remote_ip);
668
669
			} elseif($alreadyfailed['times'] >= 1) {
				//* update times wrong
670
671
				$sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) ORDER BY `login_time` DESC LIMIT 1";
				$app->db->query($sql, $remote_ip);
672
673
674
675
676
			}
		}
		
		return $returnval;
	}
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
	
	public function client_get_by_groupid($session_id, $group_id)
	{
		global $app;
		if(!$this->checkPerm($session_id, 'client_get_id')) {
			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
			return false;
		}

		$group_id = $app->functions->intval($group_id);

		$rec = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $group_id);
		if(isset($rec['client_id'])) {
			$client_id = $app->functions->intval($rec['client_id']);
			return $this->client_get($session_id, $client_id);
		} else {
			throw new SoapFault('no_group_found', 'There is no client for this group ID.');
			return false;
		}
	}

698
699
}

700
?>