set update-check-urls to api-version; started working on Customers-ApiCommand

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

admin_autoupdate.php

@@ -21,7 +21,7 @@ define('AREA', 'admin');
 require './lib/init.php';
 
 // define update-uri
-define('UPDATE_URI', "https://version.froxlor.org/Froxlor/legacy/" . $version);
+define('UPDATE_URI', "https://version.froxlor.org/Froxlor/api/" . $version);
 define('RELEASE_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip");
 define('CHECKSUM_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip.sha256");
 

admin_index.php

@@ -85,7 +85,7 @@ if ($page == 'overview') {
 	if ((isset($_GET['lookfornewversion']) && $_GET['lookfornewversion'] == 'yes')
 		|| (isset($lookfornewversion) && $lookfornewversion == 'yes')
 	) {
-		$update_check_uri = 'http://version.froxlor.org/Froxlor/legacy/' . $version;
+		$update_check_uri = 'http://version.froxlor.org/Froxlor/api/' . $version;
 		$latestversion = HttpClient::urlGet($update_check_uri);
 		$latestversion = explode('|', $latestversion);
 

lib/classes/api/commands/class.Customers.php

@@ -0,0 +1,98 @@
+<?php
+
+class Customers extends ApiCommand
+{
+
+	public function list()
+	{
+		if ($this->isAdmin()) {
+			$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] list customers");
+			$result_stmt = Database::prepare("
+			SELECT `c`.*, `a`.`loginname` AS `adminname`
+			FROM `" . TABLE_PANEL_CUSTOMERS . "` `c`, `" . TABLE_PANEL_ADMINS . "` `a`
+			WHERE " . ($this->getUserDetail('customers_see_all') ? '' : " `c`.`adminid` = :adminid AND ") . "
+			`c`.`adminid` = `a`.`adminid`
+			");
+			$params = array();
+			if ($this->getUserDetail('customers_see_all') == '0') {
+				$params = array(
+					'adminid' => $this->getUserDetail('adminid')
+				);
+			}
+			Database::pexecute($result_stmt, $params, true, true);
+			$result = array();
+			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+				$result[] = $row;
+			}
+			return $this->response(200, "successfull", array(
+				'count' => count($result),
+				'list' => $result
+			));
+		}
+		throw new Exception("Not allowed to execute given command.", 403);
+	}
+
+	public function get()
+	{
+		if ($this->isAdmin()) {
+			$id = $this->getParam('id');
+			$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] get customer #" . $id);
+			$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "`
+			WHERE `customerid` = :id" . ($this->getUserDetail('customers_see_all') ? '' : " AND `adminid` = :adminid"));
+			$params = array(
+				'id' => $id
+			);
+			if ($this->getUserDetail('customers_see_all') == '0') {
+				$params['adminid'] = $this->getUserDetail('adminid');
+			}
+			$result = Database::pexecute_first($result_stmt, $params, true, true);
+			if ($result) {
+				return $this->response(200, "successfull", $result);
+			}
+			throw new Exception("Customer with id #" . $id . " could not be found");
+		}
+		throw new Exception("Not allowed to execute given command.", 403);
+	}
+
+	public function add()
+	{
+		if ($this->isAdmin()) {
+			$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] added customer '" . $loginname . "'");
+			return $this->response(200, "successfull", $ins_data);
+		}
+		throw new Exception("Not allowed to execute given command.", 403);
+	}
+
+	public function update()
+	{
+		if ($this->isAdmin()) {
+			$id = $this->getParam('id');
+			
+			$json_result = Customers::getLocal($this->getUserData(), array(
+				'id' => $id
+			))->get();
+			$result = json_decode($json_result, true)['data'];
+			
+			$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] changed customer '" . $result['loginname'] . "'");
+			return $this->response(200, "successfull", $upd_data);
+		}
+		throw new Exception("Not allowed to execute given command.", 403);
+	}
+
+	public function delete()
+	{
+		if ($this->isAdmin()) {
+			$id = $this->getParam('id');
+			
+			$json_result = Customers::getLocal($this->getUserData(), array(
+				'id' => $id
+			))->get();
+			$result = json_decode($json_result, true)['data'];
+
+			$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] deleted customer '" . $result['loginname'] . "'");
+			return $this->response(200, "successfull", $result);
+		}
+		throw new Exception("Not allowed to execute given command.", 403);
+	}
+}

lib/classes/api/commands/class.IpsAndPorts.php

@@ -10,7 +10,7 @@ class IpsAndPorts extends ApiCommand
 			$result_stmt = Database::prepare("
 				SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC
 			");
-			Database::pexecute($result_stmt);
+			Database::pexecute($result_stmt, null, true, true);
 			$result = array();
 			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 				$result[] = $row;
@@ -174,12 +174,10 @@ class IpsAndPorts extends ApiCommand
 		if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
 			$id = $this->getParam('id');
 			
-			$result_stmt = Database::prepare("
-				SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = :id
-			");
-			$result = Database::pexecute_first($result_stmt, array(
+			$json_result = IpsAndPorts::getLocal($this->getUserData(), array(
 				'id' => $id
-			), true, true);
+			))->get();
+			$result = json_decode($json_result, true)['data'];
 			
 			$ip = validate_ip2($this->getParam('ip', $result['ip']), false, 'invalidip', false, false, false, true);
 			$port = validate($this->getParam('port', $result['port']), 'port', '/^(([1-9])|([1-9][0-9])|([1-9][0-9][0-9])|([1-9][0-9][0-9][0-9])|([1-5][0-9][0-9][0-9][0-9])|(6[0-4][0-9][0-9][0-9])|(65[0-4][0-9][0-9])|(655[0-2][0-9])|(6553[0-5]))$/Di', array(