Hi! I have handle for URL handleDeleteFTP($ftp_user_id). This function call sites_ftp_user_delete from ISPConfig. But there is problem with security, because one of GET parameters is ftp_user_id and everyone (if they are logged) can change this id and send it. How can I check owner of this record which want to delete? ISPConfig remote API is still little bit magic for me... Second problem. I use this function for login: $result = $this->client->client_get($this->session_id, array('username' => $username)); Everything is OK, but I need to know roles of users. $result contains no information for identify users by role. I need to know if user is in role admin or not... Thanks for some clue.