remoting_lib.inc.php 43.1 KB
Newer Older
tbrehm's avatar
tbrehm committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<?php

/*
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
      may be used to endorse or promote products derived from this software without
      specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

--UPDATED 08.2009--
Full SOAP support for ISPConfig 3.1.4 b
Updated by Arkadiusz Roch & Artur Edelman
Copyright (c) Tri-Plex technology

*/

/**
* Formularbehandlung
*
40
* Functions to validate, display and save form values
tbrehm's avatar
tbrehm committed
41
*
42
*        Database table field definitions
tbrehm's avatar
tbrehm committed
43
*
44
45
*        Datatypes:
*        - INTEGER (Converts data to int automatically)
tbrehm's avatar
tbrehm committed
46
*        - DOUBLE
47
48
49
*        - CURRENCY (Formats digits in currency notation)
*        - VARCHAR (No format check)
*        - DATE (Date format, converts from and to UNIX timestamps automatically)
tbrehm's avatar
tbrehm committed
50
51
*
*        Formtype:
52
53
54
55
*        - TEXT (Normal text field)
*        - PASSWORD (password field, the content will not be displayed again to the user)
*        - SELECT (Option fiield)
*        - MULTIPLE (Allows selection of multiple values)
tbrehm's avatar
tbrehm committed
56
57
*
*        VALUE:
58
*        - Value or array
tbrehm's avatar
tbrehm committed
59
60
*
*        SEPARATOR
61
62
63
*        - separator char used for fileds with multiple values
*
*        Hint: The auto increment (ID) filed of the table has not be be definied separately.
tbrehm's avatar
tbrehm committed
64
65
66
67
68
69
*
*/

class remoting_lib {
	
        /**
70
        * Definition of the database table (array)
tbrehm's avatar
tbrehm committed
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
        * @var tableDef
        */
        private $tableDef;

        /**
        * Private
        * @var action
        */
        private $action;

        /**
        * Table name (String)
        * @var table_name
        */
        private $table_name;

        /**
        * Debug Variable
        * @var debug
        */
        private $debug = 0;

        /**
        * name of the primary field of the database table (string)
        * @var table_index
        */
        var $table_index;

        /**
        * contains the error messages
        * @var errorMessage
        */
        var $errorMessage = '';

        var $dateformat = "d.m.Y";
    	var $formDef = array();
        var $wordbook;
        var $module;
        var $primary_id;
		var $diffrec = array();
		
		var $sys_username;
		var $sys_userid;
		var $sys_default_group;
		var $sys_groups;
116
		var $client_id;
117
		var $dataRecord;
tbrehm's avatar
tbrehm committed
118
119
120
121
122
123

		
		//* Load the form definition from file.
    	function loadFormDef($file) {
			global $app,$conf;
            
124
			include($file);
tbrehm's avatar
tbrehm committed
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
				
			$this->formDef = $form;
			unset($this->formDef['tabs']);
                
			//* Copy all fields from all tabs into one form definition
			foreach($form['tabs'] as $tab) {
				foreach($tab['fields'] as $key => $value) {
					$this->formDef['fields'][$key] = $value;
				}
			}
			unset($form);
				
            return true;
        }
		
		//* Load the user profile
141
		function loadUserProfile($client_id_param = 0) {
tbrehm's avatar
tbrehm committed
142
143
			global $app,$conf;

144
			$this->client_id = $app->functions->intval($client_id_param);
145
            
146
			if($this->client_id == 0) {
tbrehm's avatar
tbrehm committed
147
148
149
150
				$this->sys_username         = 'admin';
				$this->sys_userid            = 1;
				$this->sys_default_group     = 1;
				$this->sys_groups            = 1;
151
				$_SESSION["s"]["user"]["typ"] = 'admin';
tbrehm's avatar
tbrehm committed
152
			} else {
153
				//* load system user - try with sysuser and before with userid (workarrond)
154
				/*
tbrehm's avatar
tbrehm committed
155
156
				$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE sysuser_id = $client_id");
				if(empty($user["userid"])) {
157
158
159
160
161
						$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $client_id");		
						if(empty($user["userid"])) {
								$this->errorMessage .= "No sysuser with the ID $client_id found.";
								return false;
						}
162
163
				}*/
				
164
				$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $this->client_id");
tbrehm's avatar
tbrehm committed
165
166
167
168
				$this->sys_username         = $user['username'];
				$this->sys_userid            = $user['userid'];
				$this->sys_default_group     = $user['default_group'];
				$this->sys_groups             = $user['groups'];
169
170
171
				// $_SESSION["s"]["user"]["typ"] = $user['typ'];
				// we have to force admin priveliges for the remoting API as some function calls might fail otherwise.
				$_SESSION["s"]["user"]["typ"] = 'admin';
tbrehm's avatar
tbrehm committed
172
173
174
			}

		return true;
175
	    }  
tbrehm's avatar
tbrehm committed
176
177
178


        /**
179
180
        * Converts the data in the array to human readable format
        * Datatype conversion e.g. to show the data in lists
tbrehm's avatar
tbrehm committed
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
        *
        * @param record
        * @return record
        */
        function decode($record) {
                $new_record = '';
				if(is_array($record)) {
                        foreach($this->formDef['fields'] as $key => $field) {
                                switch ($field['datatype']) {
                                case 'VARCHAR':
                                        $new_record[$key] = stripslashes($record[$key]);
                                break;

                                case 'TEXT':
                                        $new_record[$key] = stripslashes($record[$key]);
                                break;

198
                                case 'DATETSTAMP':
tbrehm's avatar
tbrehm committed
199
200
201
202
                                        if($record[$key] > 0) {
                                                $new_record[$key] = date($this->dateformat,$record[$key]);
                                        }
                                break;
203
204
205
206
207
208
209
								
								case 'DATE':
                                        if($record[$key] != '' && $record[$key] != '0000-00-00') {
												$tmp = explode('-',$record[$key]);
                                                $new_record[$key] = date($this->dateformat,mktime(0, 0, 0, $tmp[1]  , $tmp[2], $tmp[0]));
                                        }
                                break;
tbrehm's avatar
tbrehm committed
210
211

                                case 'INTEGER':
212
                                        $new_record[$key] = $app->functions->intval($record[$key]);
tbrehm's avatar
tbrehm committed
213
214
215
216
217
218
219
                                break;

                                case 'DOUBLE':
                                        $new_record[$key] = $record[$key];
                                break;

                                case 'CURRENCY':
220
                                        $new_record[$key] = $app->functions->currency_format($record[$key]);
tbrehm's avatar
tbrehm committed
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
                                break;

                                default:
                                        $new_record[$key] = stripslashes($record[$key]);
                                }
                        }

                }
				
        return $new_record;
        }

        /**
        * Get the key => value array of a form filled from a datasource definitiom
        *
        * @param field = array with field definition
        * @param record = Dataset as array
        * @return key => value array for the value field of a form
        */

        function getDatasourceData($field, $record) {
                global $app;

                $values = array();

                if($field["datasource"]["type"] == 'SQL') {

                        // Preparing SQL string. We will replace some
                        // common placeholders
                        $querystring = $field["datasource"]["querystring"];
                        $querystring = str_replace("{USERID}",$this->sys_userid,$querystring);
                        $querystring = str_replace("{GROUPID}",$this->sys_default_group,$querystring);
                        $querystring = str_replace("{GROUPS}",$this->sys_groups,$querystring);
                        $table_idx = $this->formDef['db_table_idx'];
						
						$tmp_recordid = (isset($record[$table_idx]))?$record[$table_idx]:0;
                        $querystring = str_replace("{RECORDID}",$tmp_recordid,$querystring);
						unset($tmp_recordid);
						
                        $querystring = str_replace("{AUTHSQL}",$this->getAuthSQL('r'),$querystring);
261
						
tbrehm's avatar
tbrehm committed
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
                        // Getting the records
                        $tmp_records = $app->db->queryAllRecords($querystring);
                        if($app->db->errorMessage != '') die($app->db->errorMessage);
                        if(is_array($tmp_records)) {
                                $key_field = $field["datasource"]["keyfield"];
                                $value_field = $field["datasource"]["valuefield"];
                                foreach($tmp_records as $tmp_rec) {
                                        $tmp_id = $tmp_rec[$key_field];
                                        $values[$tmp_id] = $tmp_rec[$value_field];
                                }
                        }
                }

                if($field["datasource"]["type"] == 'CUSTOM') {
                        // Calls a custom class to validate this record
                        if($field["datasource"]['class'] != '' and $field["datasource"]['function'] != '') {
                                $datasource_class = $field["datasource"]['class'];
                                $datasource_function = $field["datasource"]['function'];
                                $app->uses($datasource_class);
                                $values = $app->$datasource_class->$datasource_function($field, $record);
                        } else {
283
                                $this->errorMessage .= "Custom datasource class or function is empty<br />\r\n";
tbrehm's avatar
tbrehm committed
284
285
286
287
288
289
290
291
                        }
                }

                return $values;

        }

        /**
292
293
294
        /**
        * Rewrite the record data to be stored in the database
        * and check values with regular expressions.
tbrehm's avatar
tbrehm committed
295
296
297
298
        *
        * @param record = Datensatz als Array
        * @return record
        */
299
        function encode($record,$dbencode = true) {
300
		global $app;
tbrehm's avatar
tbrehm committed
301
302
303
                if(is_array($record)) {
                        foreach($this->formDef['fields'] as $key => $field) {

304
305
306
307
308
309
310
311
312
								//* Apply filter to record value
                                if(isset($field['filters']) && is_array($field['filters'])) {
									$record[$key] = $this->filterField($key, (isset($record[$key]))?$record[$key]:'', $field['filters'], 'SAVE');
								}
								
								//* Validate record value
								if(isset($field['validators']) && is_array($field['validators'])) {
									$this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']);
								}
tbrehm's avatar
tbrehm committed
313
314
315
316

                                switch ($field['datatype']) {
                                case 'VARCHAR':
                                        if(!@is_array($record[$key])) {
317
												$new_record[$key] = (isset($record[$key]))?$record[$key]:'';
tbrehm's avatar
tbrehm committed
318
319
320
321
322
323
                                        } else {
                                                $new_record[$key] = implode($field['separator'],$record[$key]);
                                        }
                                break;
                                case 'TEXT':
                                        if(!is_array($record[$key])) {
324
                                                $new_record[$key] = $record[$key];
tbrehm's avatar
tbrehm committed
325
326
327
328
                                        } else {
                                                $new_record[$key] = implode($field['separator'],$record[$key]);
                                        }
                                break;
329
                                case 'DATETSTAMP':
tbrehm's avatar
tbrehm committed
330
331
332
333
334
335
                                        if($record[$key] > 0) {
                                                list($tag,$monat,$jahr) = explode('.',$record[$key]);
                                                $new_record[$key] = mktime(0,0,0,$monat,$tag,$jahr);
                                        } else {
											$new_record[$key] = 0;
										}
336
337
338
                                break;
								case 'DATE':
                                        if($record[$key] != '' && $record[$key] != '0000-00-00') {
339
340
341
342
343
344
345
346
347
348
349
350
												if(function_exists('date_parse_from_format')) {
													$date_parts = date_parse_from_format($this->dateformat,$record[$key]);
													//list($tag,$monat,$jahr) = explode('.',$record[$key]);
													$new_record[$key] = $date_parts['year'].'-'.$date_parts['month'].'-'.$date_parts['day'];
													//$tmp = strptime($record[$key],$this->dateformat);
													//$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
												} else {
													//$tmp = strptime($record[$key],$this->dateformat);
													//$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
													$tmp = strtotime($record[$key]);
													$new_record[$key] = date('Y-m-d',$tmp);
												}
351
352
353
                                        } else {
											$new_record[$key] = '0000-00-00';
										}
tbrehm's avatar
tbrehm committed
354
355
                                break;
                                case 'INTEGER':
356
                                        $new_record[$key] = (isset($record[$key]))?$app->functions->intval($record[$key]):0;
tbrehm's avatar
tbrehm committed
357
358
359
360
                                        //if($new_record[$key] != $record[$key]) $new_record[$key] = $field['default'];
                                        //if($key == 'refresh') die($record[$key]);
                                break;
                                case 'DOUBLE':
361
                                        $new_record[$key] = $record[$key];
tbrehm's avatar
tbrehm committed
362
363
364
365
                                break;
                                case 'CURRENCY':
                                        $new_record[$key] = str_replace(",",".",$record[$key]);
                                break;
366
367
368
369
370
371
372
373
374
375
376
377
                                
                                case 'DATETIME':
                                		if (is_array($record[$key]))
                                		{
	                                		$filtered_values = array_map(create_function('$item','return (int)$item;'), $record[$key]);
                                			extract($filtered_values, EXTR_PREFIX_ALL, '_dt');
                                			
                                			if ($_dt_day != 0 && $_dt_month != 0 && $_dt_year != 0) {
	                                			$new_record[$key] = date( 'Y-m-d H:i:s', mktime($_dt_hour, $_dt_minute, $_dt_second, $_dt_month, $_dt_day, $_dt_year) );
	                                		}
                                		}
                                break;
tbrehm's avatar
tbrehm committed
378
379
380
381
382
383
384
385
386
387
388
                                }

                                // The use of the field value is deprecated, use validators instead
                                if(isset($field['regex']) && $field['regex'] != '') {
                                        // Enable that "." matches also newlines
                                        $field['regex'] .= 's';
                                        if(!preg_match($field['regex'], $record[$key])) {
                                                $errmsg = $field['errmsg'];
                                                $this->errorMessage .= $errmsg."\r\n";
                                        }
                                }
389
390
391
								
								//* Add slashes to all records, when we encode data which shall be inserted into mysql.
								if($dbencode == true) $new_record[$key] = $app->db->quote($new_record[$key]);
tbrehm's avatar
tbrehm committed
392
393
                        }
                }
394
                if(isset($record['_ispconfig_pw_crypted'])) $new_record['_ispconfig_pw_crypted'] = $record['_ispconfig_pw_crypted']; // this one is not in form definitions!
tbrehm's avatar
tbrehm committed
395
396
                return $new_record;
        }
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
		
		/**
        * process the filters for a given field.
        *
        * @param field_name = Name of the field
        * @param field_value = value of the field
        * @param filters = Array of filters
		* @param filter_event = 'SAVE'or 'SHOW'
        * @return record
        */

        function filterField($field_name, $field_value, $filters, $filter_event) {

			global $app;
			$returnval = $field_value;
				
			//* Loop trough all filters
			foreach($filters as $filter) {
				if($filter['event'] == $filter_event) {
					switch ($filter['type']) {
						case 'TOLOWER':
							$returnval = strtolower($field_value);
						break;
						case 'TOUPPER':
							$returnval = strtoupper($field_value);
						break;
						case 'IDNTOASCII':
424
							$returnval = $app->functions->idn_encode($field_value);
425
426
						break;
						case 'IDNTOUTF8':
427
							$returnval = $app->functions->idn_decode($field_value);
428
429
430
431
432
433
434
435
436
437
						break;
						default:
							$this->errorMessage .= "Unknown Filter: ".$filter['type'];
						break;
					}
				}
			}

			return $returnval;
        }
tbrehm's avatar
tbrehm committed
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462

        /**
        * process the validators for a given field.
        *
        * @param field_name = Name of the field
        * @param field_value = value of the field
        * @param validatoors = Array of validators
        * @return record
        */

        function validateField($field_name, $field_value, $validators) {

                global $app;
				
				$escape = '`';
				
                // loop trough the validators
                foreach($validators as $validator) {

                        switch ($validator['type']) {
                                case 'REGEX':
                                        $validator['regex'] .= 's';
                                        if(!preg_match($validator['regex'], $field_value)) {
                                                $errmsg = $validator['errmsg'];
                                                if(isset($this->wordbook[$errmsg])) {
463
                                                	$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
tbrehm's avatar
tbrehm committed
464
												} else {
465
													$this->errorMessage .= $errmsg."<br />\r\n";
tbrehm's avatar
tbrehm committed
466
467
468
469
												}
                                        }
                                break;
                                case 'UNIQUE':
470
                                        if($this->action == 'NEW') {
tbrehm's avatar
tbrehm committed
471
472
473
474
                                                $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");
                                                if($num_rec["number"] > 0) {
                                                        $errmsg = $validator['errmsg'];
														if(isset($this->wordbook[$errmsg])) {
475
                                                        	$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
tbrehm's avatar
tbrehm committed
476
														} else {
477
															$this->errorMessage .= $errmsg."<br />\r\n";
tbrehm's avatar
tbrehm committed
478
479
480
481
482
483
484
														}
                                                }
                                        } else {
                                                $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id);
                                                if($num_rec["number"] > 0) {
                                                        $errmsg = $validator['errmsg'];
                                                        if(isset($this->wordbook[$errmsg])) {
485
                                                        	$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
tbrehm's avatar
tbrehm committed
486
														} else {
487
															$this->errorMessage .= $errmsg."<br />\r\n";
tbrehm's avatar
tbrehm committed
488
489
490
491
492
493
494
495
														}
                                                }
                                        }
                                break;
                                case 'NOTEMPTY':
                                        if(empty($field_value)) {
                                                $errmsg = $validator['errmsg'];
                                                if(isset($this->wordbook[$errmsg])) {
496
                                                    $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
tbrehm's avatar
tbrehm committed
497
												} else {
498
													$this->errorMessage .= $errmsg."<br />\r\n";
tbrehm's avatar
tbrehm committed
499
500
501
502
												}
                                        }
                                break;
                                case 'ISEMAIL':
503
                                    if(function_exists('filter_var')) {
504
										if(filter_var($field_value, FILTER_VALIDATE_EMAIL) === false) {
505
506
507
508
509
510
511
512
513
											$errmsg = $validator['errmsg'];
                                            if(isset($this->wordbook[$errmsg])) {
                                                $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
											} else {
												$this->errorMessage .= $errmsg."<br />\r\n";
											}
                                        }
									} else {
										if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
tbrehm's avatar
tbrehm committed
514
515
                                                $errmsg = $validator['errmsg'];
                                                if(isset($this->wordbook[$errmsg])) {
516
                                                    $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
tbrehm's avatar
tbrehm committed
517
												} else {
518
													$this->errorMessage .= $errmsg."<br />\r\n";
tbrehm's avatar
tbrehm committed
519
520
												}
                                        }
521
									}
tbrehm's avatar
tbrehm committed
522
523
                                break;
                                case 'ISINT':
524
									if(function_exists('filter_var')) {
525
										if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT) === false) {
526
											$errmsg = $validator['errmsg'];
527
											if(isset($this->wordbook[$errmsg])) {
528
529
530
531
532
533
                                                $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
											} else {
												$this->errorMessage .= $errmsg."<br />\r\n";
											}
                                        }
									} else {
534
                                        $tmpval = $app->functions->intval($field_value);
tbrehm's avatar
tbrehm committed
535
536
537
                                        if($tmpval === 0 and !empty($field_value)) {
                                                $errmsg = $validator['errmsg'];
                                                if(isset($this->wordbook[$errmsg])) {
538
                                                    $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
tbrehm's avatar
tbrehm committed
539
												} else {
540
													$this->errorMessage .= $errmsg."<br />\r\n";
tbrehm's avatar
tbrehm committed
541
542
												}
                                        }
543
									}
tbrehm's avatar
tbrehm committed
544
545
546
547
548
                                break;
                                case 'ISPOSITIVE':
                                        if(!is_numeric($field_value) || $field_value <= 0){
                                          $errmsg = $validator['errmsg'];
                                          if(isset($this->wordbook[$errmsg])) {
549
                                             $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
tbrehm's avatar
tbrehm committed
550
										  } else {
551
											 $this->errorMessage .= $errmsg."<br />\r\n";
tbrehm's avatar
tbrehm committed
552
553
										  }
                                        }
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
                                break;
								case 'ISIPV4':
								$vip=1;
								if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
								$groups=explode(".",$field_value);
								foreach($groups as $group){
									if($group<0 OR $group>255)
									$vip=0;
								}
								}else{$vip=0;}
                                        if($vip==0) {
										$errmsg = $validator['errmsg'];
                                          if(isset($this->wordbook[$errmsg])) {
                                             $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
										  } else {
											 $this->errorMessage .= $errmsg."<br />\r\n";
										  }
										}
                                break;
								case 'ISIP':
								//* Check if its a IPv4 or IPv6 address
								if(function_exists('filter_var')) {
									if(!filter_var($field_value,FILTER_VALIDATE_IP)) {
										$errmsg = $validator['errmsg'];
										if(isset($this->wordbook[$errmsg])) {
											$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
										} else {
											$this->errorMessage .= $errmsg."<br />\r\n";
										}
									}
								} else {
									//* Check content with regex, if we use php < 5.2
									$ip_ok = 0;
									if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){
										$ip_ok = 1;
									}
									if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
										$ip_ok = 1;
									}
									if($ip_ok == 0) {
										$errmsg = $validator['errmsg'];
										if(isset($this->wordbook[$errmsg])) {
											$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
										} else {
											$this->errorMessage .= $errmsg."<br />\r\n";
										}
									}
								}
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
                                break;
								case 'RANGE':
                                        //* Checks if the value is within the given range or above / below a value
										//* Range examples: < 10 = ":10", between 2 and 10 = "2:10", above 5 = "5:".
										$range_parts = explode(':',trim($validator['range']));
										$ok = true;
                                        if($range_parts[0] != '' && $field_value < $range_parts[0]) {
											$ok = false;
										}
										if($range_parts[1] != '' && $field_value > $range_parts[1]) {
											$ok = false;
										}
										if($ok != true) {
											$errmsg = $validator['errmsg'];
											if(isset($this->wordbook[$errmsg])) {
												$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
											} else {
												$this->errorMessage .= $errmsg."<br />\r\n";
											}
                                        }
										unset($range_parts);
tbrehm's avatar
tbrehm committed
623
624
625
626
627
628
629
630
631
                                break;
                                case 'CUSTOM':
                                        // Calls a custom class to validate this record
                                        if($validator['class'] != '' and $validator['function'] != '') {
                                                $validator_class = $validator['class'];
                                                $validator_function = $validator['function'];
                                                $app->uses($validator_class);
                                                $this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator);
                                        } else {
632
                                                $this->errorMessage .= "Custom validator class or function is empty<br />\r\n";
tbrehm's avatar
tbrehm committed
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
                                        }
                                break;
								default:
									$this->errorMessage .= "Unknown Validator: ".$validator['type'];
								break;
                        }


                }

                return true;
        }

        /**
        * Create SQL statement
        *
        * @param record = Datensatz als Array
        * @param action = INSERT oder UPDATE
        * @param primary_id
        * @return record
        */
        function getSQL($record, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '') {

                global $app;

                $this->action = $action;
                $this->primary_id = $primary_id;
660
				$this->dataRecord = $record;
tbrehm's avatar
tbrehm committed
661

662
                $record = $this->encode($record,true);
tbrehm's avatar
tbrehm committed
663
664
665
666
                $sql_insert_key = '';
                $sql_insert_val = '';
                $sql_update = '';

667
                if(!is_array($this->formDef)) $app->error("Form definition not found.");
tbrehm's avatar
tbrehm committed
668

669
                // go trough all fields of the tab
tbrehm's avatar
tbrehm committed
670
671
672
673
674
675
676
677
                if(is_array($record)) {
                foreach($this->formDef['fields'] as $key => $field) {
                                // Wenn es kein leeres Passwortfeld ist
                                if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) {
                                        // Erzeuge Insert oder Update Quelltext
                                        if($action == "INSERT") {
                                                if($field['formtype'] == 'PASSWORD') {
                                                        $sql_insert_key .= "`$key`, ";
678
679
680
														if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
                                                        } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
681
682
																$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
683
														} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
684
685
686
																$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
																$record[$key] = $tmp['crypted'];
																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
tbrehm's avatar
tbrehm committed
687
                                                        } else {
688
689
                                                                $record[$key] = md5(stripslashes($record[$key]));
																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
tbrehm's avatar
tbrehm committed
690
                                                        }
691
														
tbrehm's avatar
tbrehm committed
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
                                                } elseif ($field['formtype'] == 'CHECKBOX') {
                                                        $sql_insert_key .= "`$key`, ";
														if($record[$key] == '') {
															// if a checkbox is not set, we set it to the unchecked value
															$sql_insert_val .= "'".$field['value'][0]."', ";
															$record[$key] = $field['value'][0];
														} else {
															$sql_insert_val .= "'".$record[$key]."', ";
														}
                                                } else {
                                                        $sql_insert_key .= "`$key`, ";
                                                        $sql_insert_val .= "'".$record[$key]."', ";
                                                }
                                        } else {
                                                if($field['formtype'] == 'PASSWORD') {
707
708
709
														if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
                                                        } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
710
                                                                $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
711
712
																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
														} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
713
714
715
																$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
																$record[$key] = $tmp['crypted'];
																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
716
														} else {
717
718
                                                                $record[$key] = md5(stripslashes($record[$key]));
																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
tbrehm's avatar
tbrehm committed
719
                                                        }
720
                                                        
tbrehm's avatar
tbrehm committed
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
                                                } elseif ($field['formtype'] == 'CHECKBOX') {
														if($record[$key] == '') {
															// if a checkbox is not set, we set it to the unchecked value
															$sql_update .= "`$key` = '".$field['value'][0]."', ";
															$record[$key] = $field['value'][0];
														} else {
															$sql_update .= "`$key` = '".$record[$key]."', ";
														}
                                                } else {
                                                        $sql_update .= "`$key` = '".$record[$key]."', ";
                                                }
                                        }
                                } else {
									// we unset the password filed, if empty to tell the datalog function 
									// that the password has not been changed
								    unset($record[$key]);
								}
                        }
        }


742
                // Add backticks for incomplete table names
tbrehm's avatar
tbrehm committed
743
744
745
746
747
748
749
750
751
                if(stristr($this->formDef['db_table'],'.')) {
                        $escape = '';
                } else {
                        $escape = '`';
                }


                if($action == "INSERT") {
                        if($this->formDef['auth'] == 'yes') {
752
                                // Set user and group
tbrehm's avatar
tbrehm committed
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
                                $sql_insert_key .= "`sys_userid`, ";
                                $sql_insert_val .= ($this->formDef["auth_preset"]["userid"] > 0)?"'".$this->formDef["auth_preset"]["userid"]."', ":"'".$this->sys_userid."', ";
                                $sql_insert_key .= "`sys_groupid`, ";
                                $sql_insert_val .= ($this->formDef["auth_preset"]["groupid"] > 0)?"'".$this->formDef["auth_preset"]["groupid"]."', ":"'".$this->sys_default_group."', ";
                                $sql_insert_key .= "`sys_perm_user`, ";
                                $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_user"]."', ";
                                $sql_insert_key .= "`sys_perm_group`, ";
                                $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_group"]."', ";
                                $sql_insert_key .= "`sys_perm_other`, ";
                                $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_other"]."', ";
                        }
                        $sql_insert_key = substr($sql_insert_key,0,-2);
                        $sql_insert_val = substr($sql_insert_val,0,-2);
                        $sql = "INSERT INTO ".$escape.$this->formDef['db_table'].$escape." ($sql_insert_key) VALUES ($sql_insert_val)";
                } else {
                        if($primary_id != 0) {
769
770
771
772
773
774
                                // update client permissions only if client_id > 0
								if($this->formDef['auth'] == 'yes' && $this->client_id > 0) {
									$sql_update .= '`sys_userid` = '.$this->sys_userid.', ';
									$sql_update .= '`sys_groupid` = '.$this->sys_default_group.', ';
								}
								$sql_update = substr($sql_update,0,-2);
tbrehm's avatar
tbrehm committed
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
                                $sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
                                if($sql_ext_where != '') $sql .= " and ".$sql_ext_where;
                        } else {
                                $app->error("Primary ID fehlt!");
                        }
                }
                
                return $sql;
        }
		
		function getDeleteSQL($primary_id) {
			
			if(stristr($this->formDef['db_table'],'.')) {
				$escape = '';
			} else {
				$escape = '`';
			}
			
			$sql = "DELETE FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
			return $sql;
		}


		function getDataRecord($primary_id) {
			global $app;
			$escape = '`';
			if(@is_numeric($primary_id)) {
				$sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
            	return $app->db->queryOneRecord($sql);
			} elseif (@is_array($primary_id)) {
				$sql_where = '';
				foreach($primary_id as $key => $val) {
					$key = $app->db->quote($key);
					$val = $app->db->quote($val);
809
810
811
812
813
					if(stristr($val,'%')) {
						$sql_where .= "$key like '$val' AND ";
					} else {
						$sql_where .= "$key = '$val' AND ";
					}
tbrehm's avatar
tbrehm committed
814
815
816
817
818
819
820
821
822
823
824
825
826
				}
				$sql_where = substr($sql_where,0,-5);
				$sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where;
				return $app->db->queryAllRecords($sql);
			} else {
				$this->errorMessage = 'The ID must be either an integer or an array.';
				return array();
			}
			
			
		}

		function ispconfig_sysuser_add($params,$insert_id){
827
			global $conf,$app,$sql1;
tbrehm's avatar
tbrehm committed
828
829
			$username = $app->db->quote($params["username"]);
			$password = $app->db->quote($params["password"]);
830
			if(!isset($params['modules'])) {
831
				$modules = $conf['interface_modules_enabled'];
832
833
834
			} else {
				$modules = $app->db->quote($params['modules']);
			}
835
836
837
838
			if(isset($params['limit_client']) && $params['limit_client'] > 0) {
				$modules .= ',client';
			}
			
839
840
841
842
843
844
845
846
847
			if(!isset($params['startmodule'])) {			
				$startmodule = 'dashboard';
			} else {						
				$startmodule = $app->db->quote($params["startmodule"]);
				if(!preg_match('/'.$startmodule.'/',$modules)) {
					$_modules = explode(',',$modules);
					$startmodule=$_modules[0];
				}
			}
tbrehm's avatar
tbrehm committed
848
849
850
			$usertheme = $app->db->quote($params["usertheme"]);
			$type = 'user';
			$active = 1;
851
			$insert_id = $app->functions->intval($insert_id);
tbrehm's avatar
tbrehm committed
852
853
854
			$language = $app->db->quote($params["language"]);
			$groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
			$groups = $groupid;
855
			if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($password));
tbrehm's avatar
tbrehm committed
856
			$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
857
			VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
tbrehm's avatar
tbrehm committed
858
859
860
861
862
863
			$app->db->query($sql1);
		}
		
		function ispconfig_sysuser_update($params,$client_id){
			global $app;
			$username = $app->db->quote($params["username"]);
864
			$clear_password = $app->db->quote($params["password"]);
865
			$client_id = $app->functions->intval($client_id);
866
867
			if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($clear_password));
            else $password = $clear_password;
868
869
			if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ;
			$sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id";
tbrehm's avatar
tbrehm committed
870
871
872
873
874
			$app->db->query($sql);
		}
		
		function ispconfig_sysuser_delete($client_id){
			global $app;
875
			$client_id = $app->functions->intval($client_id);
tbrehm's avatar
tbrehm committed
876
877
			$sql = "DELETE FROM sys_user WHERE client_id = $client_id";
			$app->db->query($sql);
878
879
			$sql = "DELETE FROM sys_group WHERE client_id = $client_id";
			$app->db->query($sql);
tbrehm's avatar
tbrehm committed
880
881
882
883
		}

        function datalogSave($action,$primary_id, $record_old, $record_new) {
                global $app,$conf;
884
885
886
				
				$app->db->datalogSave($this->formDef['db_table'], $action, $this->formDef['db_table_idx'], $primary_id, $record_old, $record_new);
				return true;
887
				
888
				/*
889
                // Add backticks for incomplete table names.
tbrehm's avatar
tbrehm committed
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
                if(stristr($this->formDef['db_table'],'.')) {
                        $escape = '';
                } else {
                        $escape = '`';
                }

                $diffrec = array();
				
                if(is_array($record_new) && count($record_new) > 0) {
                        foreach($record_new as $key => $val) {
                                if($record_old[$key] != $val) {
										// Record has changed
                                        $diffrec[$key] = array('old' => $record_old[$key],
                                                               'new' => $val);
                                }
                        }
                } elseif(is_array($record_old)) {
                        foreach($record_old as $key => $val) {
                                if($record_new[$key] != $val) {
										// Record has changed
                                        $diffrec[$key] = array('new' => $record_new[$key],
                                                               'old' => $val);
                                }
                        }
                }
				$this->diffrec = $diffrec;
				
				
				// Full diff records for ISPConfig, they have a different format then the simple diffrec
				$diffrec_full = array();

                if(is_array($record_old) && count($record_old) > 0) {
                        foreach($record_old as $key => $val) {
                                if(isset($record_new[$key]) && $record_new[$key] != $val) {
                                    // Record has changed
									$diffrec_full['old'][$key] = $val;
									$diffrec_full['new'][$key] = $record_new[$key];
                                } else {
									$diffrec_full['old'][$key] = $val;
									$diffrec_full['new'][$key] = $val;
								}
                        }
                } elseif(is_array($record_new)) {
                        foreach($record_new as $key => $val) {
                                if(isset($record_new[$key]) && $record_old[$key] != $val) {
                                    // Record has changed
									$diffrec_full['new'][$key] = $val;
									$diffrec_full['old'][$key] = $record_old[$key];
                                } else {
									$diffrec_full['new'][$key] = $val;
									$diffrec_full['old'][$key] = $val;
								}
                        }
                }
				
				
				// Insert the server_id, if the record has a server_id
				$server_id = (isset($record_old["server_id"]) && $record_old["server_id"] > 0)?$record_old["server_id"]:0;
				if(isset($record_new["server_id"])) $server_id = $record_new["server_id"];

                if(count($this->diffrec) > 0) {
						$diffstr = $app->db->quote(serialize($diffrec_full));
                        $username = $app->db->quote($this->sys_username);
                        $dbidx = $this->formDef['db_table_idx'].":".$primary_id;
                        // $action = ($action == 'INSERT')?'i':'u';
						
						if($action == 'INSERT') $action = 'i';
						if($action == 'UPDATE') $action = 'u';
						if($action == 'DELETE') $action = 'd';
                        $sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES ('".$this->formDef['db_table']."','$dbidx','$server_id','$action','".time()."','$username','$diffstr')";
						$app->db->query($sql);
                }

                return true;
964
				*/
tbrehm's avatar
tbrehm committed
965
966
967
968
969
970

        }

}

?>