[1745] | 1 | <?php |
---|
| 2 | // +-----------------------------------------------------------------------+ |
---|
| 3 | // | PhpWebGallery - a PHP based picture gallery | |
---|
| 4 | // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | |
---|
[1760] | 5 | // | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net | |
---|
[1745] | 6 | // +-----------------------------------------------------------------------+ |
---|
| 7 | // | branch : BSF (Best So Far) |
---|
| 8 | // | file : $RCSfile$ |
---|
| 9 | // | last update : $Date: 2007-02-08 21:20:40 +0000 (Thu, 08 Feb 2007) $ |
---|
| 10 | // | last modifier : $Author: vdigital $ |
---|
| 11 | // | revision : $Revision: 1791 $ |
---|
| 12 | // +-----------------------------------------------------------------------+ |
---|
| 13 | // | This program is free software; you can redistribute it and/or modify | |
---|
| 14 | // | it under the terms of the GNU General Public License as published by | |
---|
| 15 | // | the Free Software Foundation | |
---|
| 16 | // | | |
---|
| 17 | // | This program is distributed in the hope that it will be useful, but | |
---|
| 18 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
| 19 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
| 20 | // | General Public License for more details. | |
---|
| 21 | // | | |
---|
| 22 | // | You should have received a copy of the GNU General Public License | |
---|
| 23 | // | along with this program; if not, write to the Free Software | |
---|
| 24 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
| 25 | // | USA. | |
---|
| 26 | // +-----------------------------------------------------------------------+ |
---|
| 27 | |
---|
| 28 | // Next evolution... |
---|
| 29 | // Out of parameter WS management |
---|
| 30 | // The remainer objective is to check |
---|
| 31 | // - Does Web Service working properly? |
---|
| 32 | // - Does any access return something really? |
---|
| 33 | // Give a way to check to the webmaster... |
---|
[1758] | 34 | // These questions are one of module name explanations (checker). |
---|
[1745] | 35 | |
---|
| 36 | if((!defined("PHPWG_ROOT_PATH")) or (!$conf['allow_web_services'])) |
---|
| 37 | { |
---|
| 38 | die('Hacking attempt!'); |
---|
| 39 | } |
---|
| 40 | include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); |
---|
[1781] | 41 | include_once(PHPWG_ROOT_PATH.'include/ws_functions.inc.php'); |
---|
[1745] | 42 | |
---|
[1758] | 43 | /** |
---|
[1781] | 44 | * official_req returns the managed requests list in array format |
---|
| 45 | * FIXME A New list need to be build for ws_checker.php |
---|
| 46 | * returns array of authrorized request/methods |
---|
| 47 | * */ |
---|
| 48 | function official_req() |
---|
| 49 | { |
---|
| 50 | $official = array( /* Requests are limited to */ |
---|
| 51 | 'categories.' /* all categories. methods */ |
---|
| 52 | , 'categories.getImages' /* <= see */ |
---|
| 53 | , 'categories.getList' /* <= see */ |
---|
| 54 | , 'images.' /* all images. methods */ |
---|
| 55 | , 'images.getInfo' /* <= see */ |
---|
| 56 | , 'tags.' /* all tags. methods */ |
---|
| 57 | , 'tags.getImages' /* <= see */ |
---|
| 58 | , 'tags.getList' /* <= see */ |
---|
| 59 | ); |
---|
| 60 | if (function_exists('local_req')) { |
---|
| 61 | $local = local_req(); |
---|
| 62 | return array_merge( $official, $local ); |
---|
| 63 | } |
---|
| 64 | return $official; |
---|
| 65 | } |
---|
[1758] | 66 | |
---|
[1781] | 67 | /** |
---|
| 68 | * check_target($string) verifies and corrects syntax of target parameter |
---|
| 69 | * example : check_target(cat/23,24,24,24,25,27) returns cat/23-25,27 |
---|
| 70 | * */ |
---|
| 71 | function check_target($list) |
---|
| 72 | { |
---|
| 73 | if ( $list !== '' ) |
---|
| 74 | { |
---|
| 75 | $type = explode('/',$list); // Find type list |
---|
| 76 | if ( !in_array($type[0],array('list','cat','tag') ) ) |
---|
| 77 | { |
---|
| 78 | $type[0] = 'list'; // Assume an id list |
---|
| 79 | } |
---|
| 80 | $ids = explode( ',',$type[1] ); |
---|
| 81 | $list = $type[0] . '/'; |
---|
| 82 | |
---|
| 83 | // 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6, |
---|
| 84 | |
---|
| 85 | $result = expand_id_list( $ids ); |
---|
| 86 | |
---|
| 87 | // 1,2,3,4,5,6,9,10,11,12,13,21,22, |
---|
| 88 | // I would like |
---|
| 89 | // 1-6,9-13,21-22 |
---|
| 90 | $serial[] = $result[0]; // To be shifted |
---|
| 91 | foreach ($result as $k => $id) |
---|
| 92 | { |
---|
| 93 | $next_less_1 = (isset($result[$k + 1]))? $result[$k + 1] - 1:-1; |
---|
| 94 | if ( $id == $next_less_1 and end($serial)=='-' ) |
---|
| 95 | { // nothing to do |
---|
| 96 | } |
---|
| 97 | elseif ( $id == $next_less_1 ) |
---|
| 98 | { |
---|
| 99 | $serial[]=$id; |
---|
| 100 | $serial[]='-'; |
---|
| 101 | } |
---|
| 102 | else |
---|
| 103 | { |
---|
| 104 | $serial[]=$id; // end serie or non serie |
---|
| 105 | } |
---|
| 106 | } |
---|
| 107 | $null = array_shift($serial); // remove first value |
---|
| 108 | $list .= array_shift($serial); // add the real first one |
---|
| 109 | $separ = ','; |
---|
| 110 | foreach ($serial as $id) |
---|
| 111 | { |
---|
| 112 | $list .= ($id=='-') ? '' : $separ . $id; |
---|
| 113 | $separ = ($id=='-') ? '-':','; // add comma except if hyphen |
---|
| 114 | } |
---|
| 115 | } |
---|
| 116 | return $list; |
---|
| 117 | } |
---|
| 118 | |
---|
[1745] | 119 | // +-----------------------------------------------------------------------+ |
---|
| 120 | // | Check Access and exit when user status is not ok | |
---|
| 121 | // +-----------------------------------------------------------------------+ |
---|
| 122 | check_status(ACCESS_ADMINISTRATOR); |
---|
| 123 | |
---|
| 124 | // accepted queries |
---|
| 125 | $req_type_list = official_req(); |
---|
| 126 | |
---|
| 127 | //--------------------------------------------------------- update informations |
---|
| 128 | |
---|
| 129 | // Is a new access required? |
---|
| 130 | |
---|
| 131 | if (isset($_POST['wsa_submit'])) |
---|
| 132 | { |
---|
| 133 | // Check $_post (Some values are commented - maybe a future use) |
---|
| 134 | $add_partner = htmlspecialchars( $_POST['add_partner'], ENT_QUOTES); |
---|
[1760] | 135 | $add_target = check_target( $_POST['add_target']) ; |
---|
[1745] | 136 | $add_end = ( is_numeric($_POST['add_end']) ) ? $_POST['add_end']:0; |
---|
[1760] | 137 | $add_request = htmlspecialchars( $_POST['add_request'], ENT_QUOTES); |
---|
[1745] | 138 | $add_limit = ( is_numeric($_POST['add_limit']) ) ? $_POST['add_limit']:1; |
---|
| 139 | $add_comment = htmlspecialchars( $_POST['add_comment'], ENT_QUOTES); |
---|
| 140 | if ( strlen($add_partner) < 8 ) |
---|
[1758] | 141 | { // TODO What? Complete with some MD5... |
---|
[1745] | 142 | } |
---|
| 143 | $query = ' |
---|
| 144 | INSERT INTO '.WEB_SERVICES_ACCESS_TABLE.' |
---|
[1791] | 145 | ( `name` , `access` , `start` , `end` , `request` , `limit` , `comment` ) |
---|
[1745] | 146 | VALUES (' . " |
---|
[1760] | 147 | '$add_partner', '$add_target', |
---|
| 148 | NOW(), |
---|
[1745] | 149 | ADDDATE( NOW(), INTERVAL $add_end DAY), |
---|
[1791] | 150 | '$add_request', '$add_limit', '$add_comment' );"; |
---|
[1745] | 151 | |
---|
| 152 | pwg_query($query); |
---|
| 153 | |
---|
| 154 | $template->assign_block_vars( |
---|
| 155 | 'update_result', |
---|
| 156 | array( |
---|
| 157 | 'UPD_ELEMENT'=> $lang['ws_adding_legend'].$lang['ws_success_upd'], |
---|
| 158 | ) |
---|
| 159 | ); |
---|
| 160 | } |
---|
| 161 | |
---|
| 162 | // Next, Update selected access |
---|
| 163 | if (isset($_POST['wsu_submit'])) |
---|
| 164 | { |
---|
| 165 | $upd_end = ( is_numeric($_POST['upd_end']) ) ? $_POST['upd_end']:0; |
---|
| 166 | $settxt = ' end = ADDDATE(NOW(), INTERVAL '. $upd_end .' DAY)'; |
---|
| 167 | |
---|
| 168 | if ((isset($_POST['selection'])) and (trim($settxt) != '')) |
---|
| 169 | { |
---|
| 170 | $uid = (int) $_POST['selection']; |
---|
| 171 | $query = ' |
---|
| 172 | UPDATE '.WEB_SERVICES_ACCESS_TABLE.' |
---|
| 173 | SET '.$settxt.' |
---|
| 174 | WHERE id = '.$uid.'; '; |
---|
| 175 | pwg_query($query); |
---|
| 176 | $template->assign_block_vars( |
---|
| 177 | 'update_result', |
---|
| 178 | array( |
---|
| 179 | 'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_success_upd'], |
---|
| 180 | ) |
---|
| 181 | ); |
---|
| 182 | } else { |
---|
| 183 | $template->assign_block_vars( |
---|
| 184 | 'update_result', |
---|
| 185 | array( |
---|
| 186 | 'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_failed_upd'], |
---|
| 187 | ) |
---|
| 188 | ); |
---|
| 189 | } |
---|
| 190 | } |
---|
| 191 | // Next, Delete selected access |
---|
| 192 | |
---|
| 193 | if (isset($_POST['wsX_submit'])) |
---|
| 194 | { |
---|
| 195 | if ((isset($_POST['delete_confirmation'])) |
---|
| 196 | and (isset($_POST['selection']))) |
---|
| 197 | { |
---|
| 198 | $uid = (int) $_POST['selection']; |
---|
| 199 | $query = 'DELETE FROM '.WEB_SERVICES_ACCESS_TABLE.' |
---|
| 200 | WHERE id = '.$uid.'; '; |
---|
| 201 | pwg_query($query); |
---|
| 202 | $template->assign_block_vars( |
---|
| 203 | 'update_result', |
---|
| 204 | array( |
---|
| 205 | 'UPD_ELEMENT'=> $lang['ws_delete_legend'].$lang['ws_success_upd'], |
---|
| 206 | ) |
---|
| 207 | ); |
---|
| 208 | } else { |
---|
| 209 | $template->assign_block_vars( |
---|
| 210 | 'update_result', |
---|
| 211 | array( |
---|
| 212 | 'UPD_ELEMENT'=> $lang['Not selected / Not confirmed'] |
---|
| 213 | .$lang['ws_failed_upd'], |
---|
| 214 | ) |
---|
| 215 | ); |
---|
| 216 | } |
---|
| 217 | } |
---|
| 218 | |
---|
| 219 | |
---|
| 220 | |
---|
| 221 | $template->assign_vars( |
---|
| 222 | array( |
---|
| 223 | 'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=web_service', |
---|
| 224 | ) |
---|
| 225 | ); |
---|
| 226 | |
---|
| 227 | // Build where |
---|
| 228 | $where = ''; |
---|
| 229 | $order = ' ORDER BY `id` DESC' ; |
---|
| 230 | |
---|
| 231 | $query = ' |
---|
| 232 | SELECT * |
---|
| 233 | FROM '.WEB_SERVICES_ACCESS_TABLE.' |
---|
| 234 | WHERE 1=1 ' |
---|
| 235 | .$where. |
---|
| 236 | ' ' |
---|
| 237 | .$order. |
---|
| 238 | ';'; |
---|
| 239 | $result = pwg_query($query); |
---|
| 240 | $acc_list = mysql_num_rows($result); |
---|
| 241 | $result = pwg_query($query); |
---|
| 242 | // +-----------------------------------------------------------------------+ |
---|
| 243 | // | template init | |
---|
| 244 | // +-----------------------------------------------------------------------+ |
---|
| 245 | |
---|
| 246 | $template->set_filenames( |
---|
| 247 | array( |
---|
| 248 | 'ws_checker' => 'admin/ws_checker.tpl' |
---|
| 249 | ) |
---|
| 250 | ); |
---|
| 251 | |
---|
| 252 | $selected = 'selected="selected"'; |
---|
| 253 | $num=0; |
---|
| 254 | if ( $acc_list > 0 ) |
---|
| 255 | { |
---|
| 256 | $template->assign_block_vars( |
---|
| 257 | 'acc_list', array() ); |
---|
| 258 | } |
---|
| 259 | |
---|
| 260 | // Access List |
---|
| 261 | while ($row = mysql_fetch_array($result)) |
---|
| 262 | { |
---|
| 263 | $num++; |
---|
| 264 | $template->assign_block_vars( |
---|
| 265 | 'acc_list.access', |
---|
| 266 | array( |
---|
| 267 | 'CLASS' => ($num % 2 == 1) ? 'row1' : 'row2', |
---|
| 268 | 'ID' => $row['id'], |
---|
| 269 | 'NAME' => |
---|
| 270 | (is_adviser()) ? '*********' : $row['name'], |
---|
[1760] | 271 | 'TARGET' => $row['access'], |
---|
[1745] | 272 | 'END' => $row['end'], |
---|
[1760] | 273 | 'REQUEST' => $row['request'], |
---|
[1745] | 274 | 'LIMIT' => $row['limit'], |
---|
| 275 | 'COMMENT' => $row['comment'], |
---|
| 276 | 'SELECTED' => '', |
---|
| 277 | ) |
---|
| 278 | ); |
---|
| 279 | } |
---|
| 280 | |
---|
| 281 | $template->assign_block_vars( |
---|
| 282 | 'add_request', |
---|
| 283 | array( |
---|
| 284 | 'VALUE'=> '', |
---|
| 285 | 'CONTENT' => '', |
---|
| 286 | 'SELECTED' => $selected, |
---|
| 287 | ) |
---|
| 288 | ); |
---|
| 289 | foreach ($req_type_list as $value) { |
---|
| 290 | |
---|
| 291 | $template->assign_block_vars( |
---|
| 292 | 'add_request', |
---|
| 293 | array( |
---|
| 294 | 'VALUE'=> $value, |
---|
[1760] | 295 | 'CONTENT' => $value, |
---|
[1745] | 296 | 'SELECTED' => '', |
---|
| 297 | ) |
---|
| 298 | ); |
---|
| 299 | } |
---|
| 300 | |
---|
| 301 | foreach ($conf['ws_allowed_limit'] as $value) { |
---|
| 302 | $template->assign_block_vars( |
---|
| 303 | 'add_limit', |
---|
| 304 | array( |
---|
| 305 | 'VALUE'=> $value, |
---|
| 306 | 'CONTENT' => $value, |
---|
| 307 | 'SELECTED' => ($conf['ws_allowed_limit'][0] == $value) ? $selected:'', |
---|
| 308 | ) |
---|
| 309 | ); |
---|
| 310 | } |
---|
| 311 | |
---|
| 312 | // Postponed Start Date |
---|
| 313 | // By default 0, 1, 2, 3, 5, 7, 14 or 30 days |
---|
| 314 | foreach ($conf['ws_postponed_start'] as $value) { |
---|
| 315 | $template->assign_block_vars( |
---|
| 316 | 'add_start', |
---|
| 317 | array( |
---|
| 318 | 'VALUE'=> $value, |
---|
| 319 | 'CONTENT' => $value, |
---|
| 320 | 'SELECTED' => ($conf['ws_postponed_start'][0] == $value) ? $selected:'', |
---|
| 321 | ) |
---|
| 322 | ); |
---|
| 323 | } |
---|
| 324 | |
---|
| 325 | // Durations (Allowed Web Services Period) |
---|
| 326 | // By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) or 15, 10, 7, 5, 1, 0 day(s) |
---|
| 327 | foreach ($conf['ws_durations'] as $value) { |
---|
| 328 | $template->assign_block_vars( |
---|
| 329 | 'add_end', |
---|
| 330 | array( |
---|
| 331 | 'VALUE'=> $value, |
---|
| 332 | 'CONTENT' => $value, |
---|
| 333 | 'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'', |
---|
| 334 | ) |
---|
| 335 | ); |
---|
| 336 | if ( $acc_list > 0 ) |
---|
| 337 | { |
---|
| 338 | $template->assign_block_vars( |
---|
| 339 | 'acc_list.upd_end', |
---|
| 340 | array( |
---|
| 341 | 'VALUE'=> $value, |
---|
| 342 | 'CONTENT' => $value, |
---|
| 343 | 'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'', |
---|
| 344 | ) |
---|
| 345 | ); |
---|
| 346 | } |
---|
| 347 | } |
---|
| 348 | |
---|
| 349 | //----------------------------------------------------------- sending html code |
---|
| 350 | |
---|
| 351 | $template->assign_var_from_handle('ADMIN_CONTENT', 'ws_checker'); |
---|
| 352 | ?> |
---|