remoting_lib.inc.php 44.3 KB
Newer Older
tbrehm's avatar
tbrehm committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<?php

/*
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
      may be used to endorse or promote products derived from this software without
      specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

--UPDATED 08.2009--
Full SOAP support for ISPConfig 3.1.4 b
Updated by Arkadiusz Roch & Artur Edelman
Copyright (c) Tri-Plex technology

*/

/**
* Formularbehandlung
*
40
* Functions to validate, display and save form values
tbrehm's avatar
tbrehm committed
41
*
42
*        Database table field definitions
tbrehm's avatar
tbrehm committed
43
*
44
45
*        Datatypes:
*        - INTEGER (Converts data to int automatically)
tbrehm's avatar
tbrehm committed
46
*        - DOUBLE
47
48
49
*        - CURRENCY (Formats digits in currency notation)
*        - VARCHAR (No format check)
*        - DATE (Date format, converts from and to UNIX timestamps automatically)
tbrehm's avatar
tbrehm committed
50
51
*
*        Formtype:
52
53
54
55
*        - TEXT (Normal text field)
*        - PASSWORD (password field, the content will not be displayed again to the user)
*        - SELECT (Option fiield)
*        - MULTIPLE (Allows selection of multiple values)
tbrehm's avatar
tbrehm committed
56
57
*
*        VALUE:
58
*        - Value or array
tbrehm's avatar
tbrehm committed
59
60
*
*        SEPARATOR
61
62
63
*        - separator char used for fileds with multiple values
*
*        Hint: The auto increment (ID) filed of the table has not be be definied separately.
tbrehm's avatar
tbrehm committed
64
65
66
67
68
69
*
*/

class remoting_lib {
	
        /**
70
        * Definition of the database table (array)
tbrehm's avatar
tbrehm committed
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
        * @var tableDef
        */
        private $tableDef;

        /**
        * Private
        * @var action
        */
        private $action;

        /**
        * Table name (String)
        * @var table_name
        */
        private $table_name;

        /**
        * Debug Variable
        * @var debug
        */
        private $debug = 0;

        /**
        * name of the primary field of the database table (string)
        * @var table_index
        */
        var $table_index;

        /**
        * contains the error messages
        * @var errorMessage
        */
        var $errorMessage = '';

        var $dateformat = "d.m.Y";
    	var $formDef = array();
        var $wordbook;
        var $module;
        var $primary_id;
		var $diffrec = array();
		
		var $sys_username;
		var $sys_userid;
		var $sys_default_group;
		var $sys_groups;
116
		var $client_id;
117
		var $dataRecord;
tbrehm's avatar
tbrehm committed
118
119
120
121
122
123

		
		//* Load the form definition from file.
    	function loadFormDef($file) {
			global $app,$conf;
            
124
			include($file);
tbrehm's avatar
tbrehm committed
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
				
			$this->formDef = $form;
			unset($this->formDef['tabs']);
                
			//* Copy all fields from all tabs into one form definition
			foreach($form['tabs'] as $tab) {
				foreach($tab['fields'] as $key => $value) {
					$this->formDef['fields'][$key] = $value;
				}
			}
			unset($form);
				
            return true;
        }
		
		//* Load the user profile
141
		function loadUserProfile($client_id_param = 0) {
tbrehm's avatar
tbrehm committed
142
143
			global $app,$conf;

144
			$this->client_id = $app->functions->intval($client_id_param);
145
            
146
			if($this->client_id == 0) {
tbrehm's avatar
tbrehm committed
147
148
149
150
				$this->sys_username         = 'admin';
				$this->sys_userid            = 1;
				$this->sys_default_group     = 1;
				$this->sys_groups            = 1;
151
				$_SESSION["s"]["user"]["typ"] = 'admin';
tbrehm's avatar
tbrehm committed
152
			} else {
153
				//* load system user - try with sysuser and before with userid (workarrond)
154
				/*
tbrehm's avatar
tbrehm committed
155
156
				$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE sysuser_id = $client_id");
				if(empty($user["userid"])) {
157
158
159
160
161
						$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $client_id");		
						if(empty($user["userid"])) {
								$this->errorMessage .= "No sysuser with the ID $client_id found.";
								return false;
						}
162
163
				}*/
				
164
				$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE client_id = $this->client_id");
tbrehm's avatar
tbrehm committed
165
166
167
168
				$this->sys_username         = $user['username'];
				$this->sys_userid            = $user['userid'];
				$this->sys_default_group     = $user['default_group'];
				$this->sys_groups             = $user['groups'];
169
170
171
				// $_SESSION["s"]["user"]["typ"] = $user['typ'];
				// we have to force admin priveliges for the remoting API as some function calls might fail otherwise.
				$_SESSION["s"]["user"]["typ"] = 'admin';
tbrehm's avatar
tbrehm committed
172
173
174
			}

		return true;
175
	    }  
tbrehm's avatar
tbrehm committed
176
177
178


        /**
179
180
        * Converts the data in the array to human readable format
        * Datatype conversion e.g. to show the data in lists
tbrehm's avatar
tbrehm committed
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
        *
        * @param record
        * @return record
        */
        function decode($record) {
                $new_record = '';
				if(is_array($record)) {
                        foreach($this->formDef['fields'] as $key => $field) {
                                switch ($field['datatype']) {
                                case 'VARCHAR':
                                        $new_record[$key] = stripslashes($record[$key]);
                                break;

                                case 'TEXT':
                                        $new_record[$key] = stripslashes($record[$key]);
                                break;

198
                                case 'DATETSTAMP':
tbrehm's avatar
tbrehm committed
199
200
201
202
                                        if($record[$key] > 0) {
                                                $new_record[$key] = date($this->dateformat,$record[$key]);
                                        }
                                break;
203
204
205
206
207
208
209
								
								case 'DATE':
                                        if($record[$key] != '' && $record[$key] != '0000-00-00') {
												$tmp = explode('-',$record[$key]);
                                                $new_record[$key] = date($this->dateformat,mktime(0, 0, 0, $tmp[1]  , $tmp[2], $tmp[0]));
                                        }
                                break;
tbrehm's avatar
tbrehm committed
210
211

                                case 'INTEGER':
212
                                        $new_record[$key] = $app->functions->intval($record[$key]);
tbrehm's avatar
tbrehm committed
213
214
215
216
217
218
219
                                break;

                                case 'DOUBLE':
                                        $new_record[$key] = $record[$key];
                                break;

                                case 'CURRENCY':
220
                                        $new_record[$key] = $app->functions->currency_format($record[$key]);
tbrehm's avatar
tbrehm committed
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
                                break;

                                default:
                                        $new_record[$key] = stripslashes($record[$key]);
                                }
                        }

                }
				
        return $new_record;
        }

        /**
        * Get the key => value array of a form filled from a datasource definitiom
        *
        * @param field = array with field definition
        * @param record = Dataset as array
        * @return key => value array for the value field of a form
        */

        function getDatasourceData($field, $record) {
                global $app;

                $values = array();

                if($field["datasource"]["type"] == 'SQL') {

                        // Preparing SQL string. We will replace some
                        // common placeholders
                        $querystring = $field["datasource"]["querystring"];
                        $querystring = str_replace("{USERID}",$this->sys_userid,$querystring);
                        $querystring = str_replace("{GROUPID}",$this->sys_default_group,$querystring);
                        $querystring = str_replace("{GROUPS}",$this->sys_groups,$querystring);
                        $table_idx = $this->formDef['db_table_idx'];
						
						$tmp_recordid = (isset($record[$table_idx]))?$record[$table_idx]:0;
                        $querystring = str_replace("{RECORDID}",$tmp_recordid,$querystring);
						unset($tmp_recordid);
						
                        $querystring = str_replace("{AUTHSQL}",$this->getAuthSQL('r'),$querystring);
261
						
tbrehm's avatar
tbrehm committed
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
                        // Getting the records
                        $tmp_records = $app->db->queryAllRecords($querystring);
                        if($app->db->errorMessage != '') die($app->db->errorMessage);
                        if(is_array($tmp_records)) {
                                $key_field = $field["datasource"]["keyfield"];
                                $value_field = $field["datasource"]["valuefield"];
                                foreach($tmp_records as $tmp_rec) {
                                        $tmp_id = $tmp_rec[$key_field];
                                        $values[$tmp_id] = $tmp_rec[$value_field];
                                }
                        }
                }

                if($field["datasource"]["type"] == 'CUSTOM') {
                        // Calls a custom class to validate this record
                        if($field["datasource"]['class'] != '' and $field["datasource"]['function'] != '') {
                                $datasource_class = $field["datasource"]['class'];
                                $datasource_function = $field["datasource"]['function'];
                                $app->uses($datasource_class);
                                $values = $app->$datasource_class->$datasource_function($field, $record);
                        } else {
283
                                $this->errorMessage .= "Custom datasource class or function is empty<br />\r\n";
tbrehm's avatar
tbrehm committed
284
285
286
287
288
289
290
291
                        }
                }

                return $values;

        }

        /**
292
293
294
        /**
        * Rewrite the record data to be stored in the database
        * and check values with regular expressions.
tbrehm's avatar
tbrehm committed
295
296
297
298
        *
        * @param record = Datensatz als Array
        * @return record
        */
299
        function encode($record,$dbencode = true) {
300
		global $app;
tbrehm's avatar
tbrehm committed
301
302
303
                if(is_array($record)) {
                        foreach($this->formDef['fields'] as $key => $field) {

304
305
306
307
308
309
310
311
312
								//* Apply filter to record value
                                if(isset($field['filters']) && is_array($field['filters'])) {
									$record[$key] = $this->filterField($key, (isset($record[$key]))?$record[$key]:'', $field['filters'], 'SAVE');
								}
								
								//* Validate record value
								if(isset($field['validators']) && is_array($field['validators'])) {
									$this->validateField($key, (isset($record[$key]))?$record[$key]:'', $field['validators']);
								}
tbrehm's avatar
tbrehm committed
313
314
315
316

                                switch ($field['datatype']) {
                                case 'VARCHAR':
                                        if(!@is_array($record[$key])) {
317
												$new_record[$key] = (isset($record[$key]))?$record[$key]:'';
tbrehm's avatar
tbrehm committed
318
319
320
321
322
323
                                        } else {
                                                $new_record[$key] = implode($field['separator'],$record[$key]);
                                        }
                                break;
                                case 'TEXT':
                                        if(!is_array($record[$key])) {
324
                                                $new_record[$key] = $record[$key];
tbrehm's avatar
tbrehm committed
325
326
327
328
                                        } else {
                                                $new_record[$key] = implode($field['separator'],$record[$key]);
                                        }
                                break;
329
                                case 'DATETSTAMP':
tbrehm's avatar
tbrehm committed
330
331
332
333
334
335
                                        if($record[$key] > 0) {
                                                list($tag,$monat,$jahr) = explode('.',$record[$key]);
                                                $new_record[$key] = mktime(0,0,0,$monat,$tag,$jahr);
                                        } else {
											$new_record[$key] = 0;
										}
336
337
338
                                break;
								case 'DATE':
                                        if($record[$key] != '' && $record[$key] != '0000-00-00') {
339
340
341
342
343
344
345
346
347
348
349
350
												if(function_exists('date_parse_from_format')) {
													$date_parts = date_parse_from_format($this->dateformat,$record[$key]);
													//list($tag,$monat,$jahr) = explode('.',$record[$key]);
													$new_record[$key] = $date_parts['year'].'-'.$date_parts['month'].'-'.$date_parts['day'];
													//$tmp = strptime($record[$key],$this->dateformat);
													//$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
												} else {
													//$tmp = strptime($record[$key],$this->dateformat);
													//$new_record[$key] = ($tmp['tm_year']+1900).'-'.($tmp['tm_mon']+1).'-'.$tmp['tm_mday'];
													$tmp = strtotime($record[$key]);
													$new_record[$key] = date('Y-m-d',$tmp);
												}
351
352
353
                                        } else {
											$new_record[$key] = '0000-00-00';
										}
tbrehm's avatar
tbrehm committed
354
355
                                break;
                                case 'INTEGER':
356
                                        $new_record[$key] = (isset($record[$key]))?$app->functions->intval($record[$key]):0;
tbrehm's avatar
tbrehm committed
357
358
359
360
                                        //if($new_record[$key] != $record[$key]) $new_record[$key] = $field['default'];
                                        //if($key == 'refresh') die($record[$key]);
                                break;
                                case 'DOUBLE':
361
                                        $new_record[$key] = $record[$key];
tbrehm's avatar
tbrehm committed
362
363
364
365
                                break;
                                case 'CURRENCY':
                                        $new_record[$key] = str_replace(",",".",$record[$key]);
                                break;
366
367
368
369
370
371
372
373
374
375
376
377
                                
                                case 'DATETIME':
                                		if (is_array($record[$key]))
                                		{
	                                		$filtered_values = array_map(create_function('$item','return (int)$item;'), $record[$key]);
                                			extract($filtered_values, EXTR_PREFIX_ALL, '_dt');
                                			
                                			if ($_dt_day != 0 && $_dt_month != 0 && $_dt_year != 0) {
	                                			$new_record[$key] = date( 'Y-m-d H:i:s', mktime($_dt_hour, $_dt_minute, $_dt_second, $_dt_month, $_dt_day, $_dt_year) );
	                                		}
                                		}
                                break;
tbrehm's avatar
tbrehm committed
378
379
380
381
382
383
384
385
386
387
388
                                }

                                // The use of the field value is deprecated, use validators instead
                                if(isset($field['regex']) && $field['regex'] != '') {
                                        // Enable that "." matches also newlines
                                        $field['regex'] .= 's';
                                        if(!preg_match($field['regex'], $record[$key])) {
                                                $errmsg = $field['errmsg'];
                                                $this->errorMessage .= $errmsg."\r\n";
                                        }
                                }
389
390
391
								
								//* Add slashes to all records, when we encode data which shall be inserted into mysql.
								if($dbencode == true) $new_record[$key] = $app->db->quote($new_record[$key]);
tbrehm's avatar
tbrehm committed
392
393
                        }
                }
394
                if(isset($record['_ispconfig_pw_crypted'])) $new_record['_ispconfig_pw_crypted'] = $record['_ispconfig_pw_crypted']; // this one is not in form definitions!
tbrehm's avatar
tbrehm committed
395
396
                return $new_record;
        }
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
		
		/**
        * process the filters for a given field.
        *
        * @param field_name = Name of the field
        * @param field_value = value of the field
        * @param filters = Array of filters
		* @param filter_event = 'SAVE'or 'SHOW'
        * @return record
        */

        function filterField($field_name, $field_value, $filters, $filter_event) {

			global $app;
			$returnval = $field_value;
				
			//* Loop trough all filters
			foreach($filters as $filter) {
				if($filter['event'] == $filter_event) {
					switch ($filter['type']) {
						case 'TOLOWER':
							$returnval = strtolower($field_value);
						break;
						case 'TOUPPER':
							$returnval = strtoupper($field_value);
						break;
						case 'IDNTOASCII':
424
							$returnval = $app->functions->idn_encode($field_value);
425
426
						break;
						case 'IDNTOUTF8':
427
							$returnval = $app->functions->idn_decode($field_value);
428
429
430
431
432
433
434
435
436
437
						break;
						default:
							$this->errorMessage .= "Unknown Filter: ".$filter['type'];
						break;
					}
				}
			}

			return $returnval;
        }
tbrehm's avatar
tbrehm committed
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462

        /**
        * process the validators for a given field.
        *
        * @param field_name = Name of the field
        * @param field_value = value of the field
        * @param validatoors = Array of validators
        * @return record
        */

        function validateField($field_name, $field_value, $validators) {

                global $app;
				
				$escape = '`';
				
                // loop trough the validators
                foreach($validators as $validator) {

                        switch ($validator['type']) {
                                case 'REGEX':
                                        $validator['regex'] .= 's';
                                        if(!preg_match($validator['regex'], $field_value)) {
                                                $errmsg = $validator['errmsg'];
                                                if(isset($this->wordbook[$errmsg])) {
463
                                                	$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
tbrehm's avatar
tbrehm committed
464
												} else {
465
													$this->errorMessage .= $errmsg."<br />\r\n";
tbrehm's avatar
tbrehm committed
466
467
468
469
												}
                                        }
                                break;
                                case 'UNIQUE':
470
471
472
										if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
										if($validator['allowempty'] == 'n' || ($validator['allowempty'] == 'y' && $field_value != '')){
											if($this->action == 'NEW') {
tbrehm's avatar
tbrehm committed
473
474
475
476
                                                $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'");
                                                if($num_rec["number"] > 0) {
                                                        $errmsg = $validator['errmsg'];
														if(isset($this->wordbook[$errmsg])) {
477
                                                        	$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
tbrehm's avatar
tbrehm committed
478
														} else {
479
															$this->errorMessage .= $errmsg."<br />\r\n";
tbrehm's avatar
tbrehm committed
480
481
														}
                                                }
482
											} else {
tbrehm's avatar
tbrehm committed
483
484
485
486
                                                $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id);
                                                if($num_rec["number"] > 0) {
                                                        $errmsg = $validator['errmsg'];
                                                        if(isset($this->wordbook[$errmsg])) {
487
                                                        	$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
tbrehm's avatar
tbrehm committed
488
														} else {
489
															$this->errorMessage .= $errmsg."<br />\r\n";
tbrehm's avatar
tbrehm committed
490
491
														}
                                                }
492
493
											}
										}
tbrehm's avatar
tbrehm committed
494
495
496
497
498
                                break;
                                case 'NOTEMPTY':
                                        if(empty($field_value)) {
                                                $errmsg = $validator['errmsg'];
                                                if(isset($this->wordbook[$errmsg])) {
499
                                                    $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
tbrehm's avatar
tbrehm committed
500
												} else {
501
													$this->errorMessage .= $errmsg."<br />\r\n";
tbrehm's avatar
tbrehm committed
502
503
504
505
												}
                                        }
                                break;
                                case 'ISEMAIL':
506
                                    if(function_exists('filter_var')) {
507
										if(filter_var($field_value, FILTER_VALIDATE_EMAIL) === false) {
508
509
510
511
512
513
514
515
516
											$errmsg = $validator['errmsg'];
                                            if(isset($this->wordbook[$errmsg])) {
                                                $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
											} else {
												$this->errorMessage .= $errmsg."<br />\r\n";
											}
                                        }
									} else {
										if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
tbrehm's avatar
tbrehm committed
517
518
                                                $errmsg = $validator['errmsg'];
                                                if(isset($this->wordbook[$errmsg])) {
519
                                                    $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
tbrehm's avatar
tbrehm committed
520
												} else {
521
													$this->errorMessage .= $errmsg."<br />\r\n";
tbrehm's avatar
tbrehm committed
522
523
												}
                                        }
524
									}
tbrehm's avatar
tbrehm committed
525
526
                                break;
                                case 'ISINT':
527
									if(function_exists('filter_var')) {
528
										if($field_value != '' && filter_var($field_value, FILTER_VALIDATE_INT) === false) {
529
											$errmsg = $validator['errmsg'];
530
											if(isset($this->wordbook[$errmsg])) {
531
532
533
534
535
536
                                                $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
											} else {
												$this->errorMessage .= $errmsg."<br />\r\n";
											}
                                        }
									} else {
537
                                        $tmpval = $app->functions->intval($field_value);
tbrehm's avatar
tbrehm committed
538
539
540
                                        if($tmpval === 0 and !empty($field_value)) {
                                                $errmsg = $validator['errmsg'];
                                                if(isset($this->wordbook[$errmsg])) {
541
                                                    $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
tbrehm's avatar
tbrehm committed
542
												} else {
543
													$this->errorMessage .= $errmsg."<br />\r\n";
tbrehm's avatar
tbrehm committed
544
545
												}
                                        }
546
									}
tbrehm's avatar
tbrehm committed
547
548
549
550
551
                                break;
                                case 'ISPOSITIVE':
                                        if(!is_numeric($field_value) || $field_value <= 0){
                                          $errmsg = $validator['errmsg'];
                                          if(isset($this->wordbook[$errmsg])) {
552
                                             $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
tbrehm's avatar
tbrehm committed
553
										  } else {
554
											 $this->errorMessage .= $errmsg."<br />\r\n";
tbrehm's avatar
tbrehm committed
555
556
										  }
                                        }
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
                                break;
								case 'ISIPV4':
								$vip=1;
								if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
								$groups=explode(".",$field_value);
								foreach($groups as $group){
									if($group<0 OR $group>255)
									$vip=0;
								}
								}else{$vip=0;}
                                        if($vip==0) {
										$errmsg = $validator['errmsg'];
                                          if(isset($this->wordbook[$errmsg])) {
                                             $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
										  } else {
											 $this->errorMessage .= $errmsg."<br />\r\n";
										  }
										}
                                break;
								case 'ISIP':
577
578
579
								if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
								if($validator['allowempty'] == 'y' && $field_value == '') {
									//* Do nothing
580
								} else {
581
582
583
584
585
586
								//* Check if its a IPv4 or IPv6 address
									if(isset($validator['separator']) && $validator['separator'] != '') {
										//* When the field may contain several IP addresses, split them by the char defined as separator
										$field_value_array = explode($validator['separator'],$field_value);
									} else {
										$field_value_array[] = $field_value;
587
									}
588
589
590
591
592
593
594
595
596
597
									foreach($field_value_array as $field_value) {
										if(function_exists('filter_var')) {
											if(!filter_var($field_value,FILTER_VALIDATE_IP)) {
												$errmsg = $validator['errmsg'];
												if(isset($this->wordbook[$errmsg])) {
													$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
												} else {
													$this->errorMessage .= $errmsg."<br />\r\n";
												}
											}
598
										} else {
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
											//* Check content with regex, if we use php < 5.2
											$ip_ok = 0;
											if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){
												$ip_ok = 1;
											}
											if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
												$ip_ok = 1;
											}
											if($ip_ok == 0) {
												$errmsg = $validator['errmsg'];
												if(isset($this->wordbook[$errmsg])) {
													$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
												} else {
													$this->errorMessage .= $errmsg."<br />\r\n";
												}
											}
615
616
617
										}
									}
								}
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
                                break;
								case 'RANGE':
                                        //* Checks if the value is within the given range or above / below a value
										//* Range examples: < 10 = ":10", between 2 and 10 = "2:10", above 5 = "5:".
										$range_parts = explode(':',trim($validator['range']));
										$ok = true;
                                        if($range_parts[0] != '' && $field_value < $range_parts[0]) {
											$ok = false;
										}
										if($range_parts[1] != '' && $field_value > $range_parts[1]) {
											$ok = false;
										}
										if($ok != true) {
											$errmsg = $validator['errmsg'];
											if(isset($this->wordbook[$errmsg])) {
												$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
											} else {
												$this->errorMessage .= $errmsg."<br />\r\n";
											}
                                        }
										unset($range_parts);
tbrehm's avatar
tbrehm committed
639
640
641
642
643
644
645
646
647
                                break;
                                case 'CUSTOM':
                                        // Calls a custom class to validate this record
                                        if($validator['class'] != '' and $validator['function'] != '') {
                                                $validator_class = $validator['class'];
                                                $validator_function = $validator['function'];
                                                $app->uses($validator_class);
                                                $this->errorMessage .= $app->$validator_class->$validator_function($field_name, $field_value, $validator);
                                        } else {
648
                                                $this->errorMessage .= "Custom validator class or function is empty<br />\r\n";
tbrehm's avatar
tbrehm committed
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
                                        }
                                break;
								default:
									$this->errorMessage .= "Unknown Validator: ".$validator['type'];
								break;
                        }


                }

                return true;
        }

        /**
        * Create SQL statement
        *
        * @param record = Datensatz als Array
        * @param action = INSERT oder UPDATE
        * @param primary_id
        * @return record
        */
        function getSQL($record, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '') {

                global $app;

                $this->action = $action;
                $this->primary_id = $primary_id;
676
				$this->dataRecord = $record;
tbrehm's avatar
tbrehm committed
677

678
                $record = $this->encode($record,true);
tbrehm's avatar
tbrehm committed
679
680
681
682
                $sql_insert_key = '';
                $sql_insert_val = '';
                $sql_update = '';

683
                if(!is_array($this->formDef)) $app->error("Form definition not found.");
tbrehm's avatar
tbrehm committed
684

685
                // go trough all fields of the tab
tbrehm's avatar
tbrehm committed
686
687
688
689
690
691
692
693
                if(is_array($record)) {
                foreach($this->formDef['fields'] as $key => $field) {
                                // Wenn es kein leeres Passwortfeld ist
                                if (!($field['formtype'] == 'PASSWORD' and $record[$key] == '')) {
                                        // Erzeuge Insert oder Update Quelltext
                                        if($action == "INSERT") {
                                                if($field['formtype'] == 'PASSWORD') {
                                                        $sql_insert_key .= "`$key`, ";
694
695
696
														if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
                                                        } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
697
698
																$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
699
														} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
700
701
702
																$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
																$record[$key] = $tmp['crypted'];
																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
tbrehm's avatar
tbrehm committed
703
                                                        } else {
704
705
                                                                $record[$key] = md5(stripslashes($record[$key]));
																$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
tbrehm's avatar
tbrehm committed
706
                                                        }
707
														
tbrehm's avatar
tbrehm committed
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
                                                } elseif ($field['formtype'] == 'CHECKBOX') {
                                                        $sql_insert_key .= "`$key`, ";
														if($record[$key] == '') {
															// if a checkbox is not set, we set it to the unchecked value
															$sql_insert_val .= "'".$field['value'][0]."', ";
															$record[$key] = $field['value'][0];
														} else {
															$sql_insert_val .= "'".$record[$key]."', ";
														}
                                                } else {
                                                        $sql_insert_key .= "`$key`, ";
                                                        $sql_insert_val .= "'".$record[$key]."', ";
                                                }
                                        } else {
                                                if($field['formtype'] == 'PASSWORD') {
723
724
725
														if ((isset($field['encryption']) && $field['encryption'] == 'CLEARTEXT') || (isset($record['_ispconfig_pw_crypted']) && $record['_ispconfig_pw_crypted'] == 1)) {
																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
                                                        } elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPT') {
726
                                                                $record[$key] = $app->auth->crypt_password(stripslashes($record[$key]));
727
728
																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
														} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
729
730
731
																$tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`");
																$record[$key] = $tmp['crypted'];
																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
732
														} else {
733
734
                                                                $record[$key] = md5(stripslashes($record[$key]));
																$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
tbrehm's avatar
tbrehm committed
735
                                                        }
736
                                                        
tbrehm's avatar
tbrehm committed
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
                                                } elseif ($field['formtype'] == 'CHECKBOX') {
														if($record[$key] == '') {
															// if a checkbox is not set, we set it to the unchecked value
															$sql_update .= "`$key` = '".$field['value'][0]."', ";
															$record[$key] = $field['value'][0];
														} else {
															$sql_update .= "`$key` = '".$record[$key]."', ";
														}
                                                } else {
                                                        $sql_update .= "`$key` = '".$record[$key]."', ";
                                                }
                                        }
                                } else {
									// we unset the password filed, if empty to tell the datalog function 
									// that the password has not been changed
								    unset($record[$key]);
								}
                        }
        }


758
                // Add backticks for incomplete table names
tbrehm's avatar
tbrehm committed
759
760
761
762
763
764
765
766
767
                if(stristr($this->formDef['db_table'],'.')) {
                        $escape = '';
                } else {
                        $escape = '`';
                }


                if($action == "INSERT") {
                        if($this->formDef['auth'] == 'yes') {
768
                                // Set user and group
tbrehm's avatar
tbrehm committed
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
                                $sql_insert_key .= "`sys_userid`, ";
                                $sql_insert_val .= ($this->formDef["auth_preset"]["userid"] > 0)?"'".$this->formDef["auth_preset"]["userid"]."', ":"'".$this->sys_userid."', ";
                                $sql_insert_key .= "`sys_groupid`, ";
                                $sql_insert_val .= ($this->formDef["auth_preset"]["groupid"] > 0)?"'".$this->formDef["auth_preset"]["groupid"]."', ":"'".$this->sys_default_group."', ";
                                $sql_insert_key .= "`sys_perm_user`, ";
                                $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_user"]."', ";
                                $sql_insert_key .= "`sys_perm_group`, ";
                                $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_group"]."', ";
                                $sql_insert_key .= "`sys_perm_other`, ";
                                $sql_insert_val .= "'".$this->formDef["auth_preset"]["perm_other"]."', ";
                        }
                        $sql_insert_key = substr($sql_insert_key,0,-2);
                        $sql_insert_val = substr($sql_insert_val,0,-2);
                        $sql = "INSERT INTO ".$escape.$this->formDef['db_table'].$escape." ($sql_insert_key) VALUES ($sql_insert_val)";
                } else {
                        if($primary_id != 0) {
785
786
787
788
789
790
                                // update client permissions only if client_id > 0
								if($this->formDef['auth'] == 'yes' && $this->client_id > 0) {
									$sql_update .= '`sys_userid` = '.$this->sys_userid.', ';
									$sql_update .= '`sys_groupid` = '.$this->sys_default_group.', ';
								}
								$sql_update = substr($sql_update,0,-2);
tbrehm's avatar
tbrehm committed
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
                                $sql = "UPDATE ".$escape.$this->formDef['db_table'].$escape." SET ".$sql_update." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
                                if($sql_ext_where != '') $sql .= " and ".$sql_ext_where;
                        } else {
                                $app->error("Primary ID fehlt!");
                        }
                }
                
                return $sql;
        }
		
		function getDeleteSQL($primary_id) {
			
			if(stristr($this->formDef['db_table'],'.')) {
				$escape = '';
			} else {
				$escape = '`';
			}
			
			$sql = "DELETE FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
			return $sql;
		}


		function getDataRecord($primary_id) {
			global $app;
			$escape = '`';
			if(@is_numeric($primary_id)) {
				$sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id;
            	return $app->db->queryOneRecord($sql);
			} elseif (@is_array($primary_id)) {
821
822
823
				$sql_offset = 0;
                $sql_limit = 0;
                $sql_where = '';
tbrehm's avatar
tbrehm committed
824
825
826
				foreach($primary_id as $key => $val) {
					$key = $app->db->quote($key);
					$val = $app->db->quote($val);
827
828
829
                    if($key == '#OFFSET#') $sql_offset = $app->functions->intval($val);
                    elseif($key == '#LIMIT#') $sql_limit = $app->functions->intval($val);
					elseif(stristr($val,'%')) {
830
831
832
833
						$sql_where .= "$key like '$val' AND ";
					} else {
						$sql_where .= "$key = '$val' AND ";
					}
tbrehm's avatar
tbrehm committed
834
835
				}
				$sql_where = substr($sql_where,0,-5);
836
                if($sql_where == '') $sql_where = '1';
tbrehm's avatar
tbrehm committed
837
				$sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where;
838
                if($sql_offset >= 0 && $sql_limit > 0) $sql .= ' LIMIT ' . $sql_offset . ',' . $sql_limit;
tbrehm's avatar
tbrehm committed
839
840
841
842
843
844
845
846
847
848
				return $app->db->queryAllRecords($sql);
			} else {
				$this->errorMessage = 'The ID must be either an integer or an array.';
				return array();
			}
			
			
		}

		function ispconfig_sysuser_add($params,$insert_id){
849
			global $conf,$app,$sql1;
tbrehm's avatar
tbrehm committed
850
851
			$username = $app->db->quote($params["username"]);
			$password = $app->db->quote($params["password"]);
852
			if(!isset($params['modules'])) {
853
				$modules = $conf['interface_modules_enabled'];
854
855
856
			} else {
				$modules = $app->db->quote($params['modules']);
			}
857
858
859
860
			if(isset($params['limit_client']) && $params['limit_client'] > 0) {
				$modules .= ',client';
			}
			
861
862
863
864
865
866
867
868
869
			if(!isset($params['startmodule'])) {			
				$startmodule = 'dashboard';
			} else {						
				$startmodule = $app->db->quote($params["startmodule"]);
				if(!preg_match('/'.$startmodule.'/',$modules)) {
					$_modules = explode(',',$modules);
					$startmodule=$_modules[0];
				}
			}
tbrehm's avatar
tbrehm committed
870
871
872
			$usertheme = $app->db->quote($params["usertheme"]);
			$type = 'user';
			$active = 1;
873
			$insert_id = $app->functions->intval($insert_id);
tbrehm's avatar
tbrehm committed
874
875
876
			$language = $app->db->quote($params["language"]);
			$groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
			$groups = $groupid;
877
			if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($password));
tbrehm's avatar
tbrehm committed
878
			$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
879
			VALUES ('$username','$password','$modules','$startmodule','$usertheme','$type','$active','$language',$groups,$groupid,$insert_id)";
tbrehm's avatar
tbrehm committed
880
881
882
883
884
885
			$app->db->query($sql1);
		}
		
		function ispconfig_sysuser_update($params,$client_id){
			global $app;
			$username = $app->db->quote($params["username"]);
886
			$clear_password = $app->db->quote($params["password"]);
887
			$client_id = $app->functions->intval($client_id);
888
889
			if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($clear_password));
            else $password = $clear_password;
890
891
			if ($clear_password) $pwstring = ", passwort = '$password'"; else $pwstring ="" ;
			$sql = "UPDATE sys_user set username = '$username' $pwstring WHERE client_id = $client_id";
tbrehm's avatar
tbrehm committed
892
893
894
895
896
			$app->db->query($sql);
		}
		
		function ispconfig_sysuser_delete($client_id){
			global $app;
897
			$client_id = $app->functions->intval($client_id);
tbrehm's avatar
tbrehm committed
898
899
			$sql = "DELETE FROM sys_user WHERE client_id = $client_id";
			$app->db->query($sql);
900
901
			$sql = "DELETE FROM sys_group WHERE client_id = $client_id";
			$app->db->query($sql);
tbrehm's avatar
tbrehm committed
902
903
904
905
		}

        function datalogSave($action,$primary_id, $record_old, $record_new) {
                global $app,$conf;
906
907
908
				
				$app->db->datalogSave($this->formDef['db_table'], $action, $this->formDef['db_table_idx'], $primary_id, $record_old, $record_new);
				return true;
909
				
910
				/*
911
                // Add backticks for incomplete table names.
tbrehm's avatar
tbrehm committed
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
                if(stristr($this->formDef['db_table'],'.')) {
                        $escape = '';
                } else {
                        $escape = '`';
                }

                $diffrec = array();
				
                if(is_array($record_new) && count($record_new) > 0) {
                        foreach($record_new as $key => $val) {
                                if($record_old[$key] != $val) {
										// Record has changed
                                        $diffrec[$key] = array('old' => $record_old[$key],
                                                               'new' => $val);
                                }
                        }
                } elseif(is_array($record_old)) {
                        foreach($record_old as $key => $val) {
                                if($record_new[$key] != $val) {
										// Record has changed
                                        $diffrec[$key] = array('new' => $record_new[$key],
                                                               'old' => $val);
                                }
                        }
                }
				$this->diffrec = $diffrec;
				
				
				// Full diff records for ISPConfig, they have a different format then the simple diffrec
				$diffrec_full = array();

                if(is_array($record_old) && count($record_old) > 0) {
                        foreach($record_old as $key => $val) {
                                if(isset($record_new[$key]) && $record_new[$key] != $val) {
                                    // Record has changed
									$diffrec_full['old'][$key] = $val;
									$diffrec_full['new'][$key] = $record_new[$key];
                                } else {
									$diffrec_full['old'][$key] = $val;
									$diffrec_full['new'][$key] = $val;
								}
                        }
                } elseif(is_array($record_new)) {
                        foreach($record_new as $key => $val) {
                                if(isset($record_new[$key]) && $record_old[$key] != $val) {
                                    // Record has changed
									$diffrec_full['new'][$key] = $val;
									$diffrec_full['old'][$key] = $record_old[$key];
                                } else {
									$diffrec_full['new'][$key] = $val;
									$diffrec_full['old'][$key] = $val;
								}
                        }
                }
				
				
				// Insert the server_id, if the record has a server_id
				$server_id = (isset($record_old["server_id"]) && $record_old["server_id"] > 0)?$record_old["server_id"]:0;
				if(isset($record_new["server_id"])) $server_id = $record_new["server_id"];

                if(count($this->diffrec) > 0) {
						$diffstr = $app->db->quote(serialize($diffrec_full));
                        $username = $app->db->quote($this->sys_username);
                        $dbidx = $this->formDef['db_table_idx'].":".$primary_id;
                        // $action = ($action == 'INSERT')?'i':'u';
						
						if($action == 'INSERT') $action = 'i';
						if($action == 'UPDATE') $action = 'u';
						if($action == 'DELETE') $action = 'd';
                        $sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES ('".$this->formDef['db_table']."','$dbidx','$server_id','$action','".time()."','$username','$diffstr')";
						$app->db->query($sql);
                }

                return true;
986
				*/
tbrehm's avatar
tbrehm committed
987
988
989
990
991
992

        }

}

?>