[1745] | 1 | <?php |
---|
| 2 | // +-----------------------------------------------------------------------+ |
---|
[2297] | 3 | // | Piwigo - a PHP based picture gallery | |
---|
| 4 | // +-----------------------------------------------------------------------+ |
---|
| 5 | // | Copyright(C) 2008 Piwigo Team http://piwigo.org | |
---|
| 6 | // | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | |
---|
| 7 | // | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | |
---|
| 8 | // +-----------------------------------------------------------------------+ |
---|
| 9 | // | This program is free software; you can redistribute it and/or modify | |
---|
| 10 | // | it under the terms of the GNU General Public License as published by | |
---|
| 11 | // | the Free Software Foundation | |
---|
| 12 | // | | |
---|
| 13 | // | This program is distributed in the hope that it will be useful, but | |
---|
| 14 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
| 15 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
| 16 | // | General Public License for more details. | |
---|
| 17 | // | | |
---|
| 18 | // | You should have received a copy of the GNU General Public License | |
---|
| 19 | // | along with this program; if not, write to the Free Software | |
---|
| 20 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
| 21 | // | USA. | |
---|
| 22 | // +-----------------------------------------------------------------------+ |
---|
[1745] | 23 | |
---|
| 24 | // Next evolution... |
---|
| 25 | // Out of parameter WS management |
---|
| 26 | // The remainer objective is to check |
---|
| 27 | // - Does Web Service working properly? |
---|
| 28 | // - Does any access return something really? |
---|
| 29 | // Give a way to check to the webmaster... |
---|
[1758] | 30 | // These questions are one of module name explanations (checker). |
---|
[1745] | 31 | |
---|
| 32 | if((!defined("PHPWG_ROOT_PATH")) or (!$conf['allow_web_services'])) |
---|
| 33 | { |
---|
| 34 | die('Hacking attempt!'); |
---|
| 35 | } |
---|
| 36 | include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); |
---|
[1781] | 37 | include_once(PHPWG_ROOT_PATH.'include/ws_functions.inc.php'); |
---|
[1745] | 38 | |
---|
[1758] | 39 | /** |
---|
[1781] | 40 | * official_req returns the managed requests list in array format |
---|
| 41 | * FIXME A New list need to be build for ws_checker.php |
---|
| 42 | * returns array of authrorized request/methods |
---|
| 43 | * */ |
---|
| 44 | function official_req() |
---|
| 45 | { |
---|
| 46 | $official = array( /* Requests are limited to */ |
---|
| 47 | 'categories.' /* all categories. methods */ |
---|
[1853] | 48 | , 'categories.getImages' |
---|
| 49 | , 'categories.getList' |
---|
[1781] | 50 | , 'images.' /* all images. methods */ |
---|
[1853] | 51 | , 'images.getInfo' |
---|
| 52 | , 'images.addComment' |
---|
| 53 | , 'images.search' |
---|
[1781] | 54 | , 'tags.' /* all tags. methods */ |
---|
[1853] | 55 | , 'tags.getImages' |
---|
| 56 | , 'tags.getList' |
---|
[1781] | 57 | ); |
---|
| 58 | if (function_exists('local_req')) { |
---|
| 59 | $local = local_req(); |
---|
| 60 | return array_merge( $official, $local ); |
---|
| 61 | } |
---|
| 62 | return $official; |
---|
| 63 | } |
---|
[1758] | 64 | |
---|
[1781] | 65 | /** |
---|
| 66 | * check_target($string) verifies and corrects syntax of target parameter |
---|
| 67 | * example : check_target(cat/23,24,24,24,25,27) returns cat/23-25,27 |
---|
| 68 | * */ |
---|
| 69 | function check_target($list) |
---|
| 70 | { |
---|
| 71 | if ( $list !== '' ) |
---|
| 72 | { |
---|
| 73 | $type = explode('/',$list); // Find type list |
---|
| 74 | if ( !in_array($type[0],array('list','cat','tag') ) ) |
---|
| 75 | { |
---|
| 76 | $type[0] = 'list'; // Assume an id list |
---|
| 77 | } |
---|
| 78 | $ids = explode( ',',$type[1] ); |
---|
| 79 | $list = $type[0] . '/'; |
---|
| 80 | |
---|
| 81 | // 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6, |
---|
| 82 | |
---|
| 83 | $result = expand_id_list( $ids ); |
---|
| 84 | |
---|
| 85 | // 1,2,3,4,5,6,9,10,11,12,13,21,22, |
---|
| 86 | // I would like |
---|
| 87 | // 1-6,9-13,21-22 |
---|
| 88 | $serial[] = $result[0]; // To be shifted |
---|
| 89 | foreach ($result as $k => $id) |
---|
| 90 | { |
---|
| 91 | $next_less_1 = (isset($result[$k + 1]))? $result[$k + 1] - 1:-1; |
---|
| 92 | if ( $id == $next_less_1 and end($serial)=='-' ) |
---|
| 93 | { // nothing to do |
---|
| 94 | } |
---|
| 95 | elseif ( $id == $next_less_1 ) |
---|
| 96 | { |
---|
| 97 | $serial[]=$id; |
---|
| 98 | $serial[]='-'; |
---|
| 99 | } |
---|
| 100 | else |
---|
| 101 | { |
---|
| 102 | $serial[]=$id; // end serie or non serie |
---|
| 103 | } |
---|
| 104 | } |
---|
| 105 | $null = array_shift($serial); // remove first value |
---|
| 106 | $list .= array_shift($serial); // add the real first one |
---|
| 107 | $separ = ','; |
---|
| 108 | foreach ($serial as $id) |
---|
| 109 | { |
---|
| 110 | $list .= ($id=='-') ? '' : $separ . $id; |
---|
| 111 | $separ = ($id=='-') ? '-':','; // add comma except if hyphen |
---|
| 112 | } |
---|
| 113 | } |
---|
| 114 | return $list; |
---|
| 115 | } |
---|
| 116 | |
---|
[1745] | 117 | // +-----------------------------------------------------------------------+ |
---|
| 118 | // | Check Access and exit when user status is not ok | |
---|
| 119 | // +-----------------------------------------------------------------------+ |
---|
| 120 | check_status(ACCESS_ADMINISTRATOR); |
---|
| 121 | |
---|
| 122 | // accepted queries |
---|
| 123 | $req_type_list = official_req(); |
---|
| 124 | |
---|
| 125 | //--------------------------------------------------------- update informations |
---|
[1853] | 126 | $chk_partner = ''; |
---|
[1745] | 127 | // Is a new access required? |
---|
| 128 | |
---|
| 129 | if (isset($_POST['wsa_submit'])) |
---|
| 130 | { |
---|
| 131 | // Check $_post (Some values are commented - maybe a future use) |
---|
| 132 | $add_partner = htmlspecialchars( $_POST['add_partner'], ENT_QUOTES); |
---|
[1760] | 133 | $add_target = check_target( $_POST['add_target']) ; |
---|
[1745] | 134 | $add_end = ( is_numeric($_POST['add_end']) ) ? $_POST['add_end']:0; |
---|
[1760] | 135 | $add_request = htmlspecialchars( $_POST['add_request'], ENT_QUOTES); |
---|
[1745] | 136 | $add_limit = ( is_numeric($_POST['add_limit']) ) ? $_POST['add_limit']:1; |
---|
| 137 | $add_comment = htmlspecialchars( $_POST['add_comment'], ENT_QUOTES); |
---|
| 138 | if ( strlen($add_partner) < 8 ) |
---|
[1758] | 139 | { // TODO What? Complete with some MD5... |
---|
[1745] | 140 | } |
---|
| 141 | $query = ' |
---|
| 142 | INSERT INTO '.WEB_SERVICES_ACCESS_TABLE.' |
---|
[1791] | 143 | ( `name` , `access` , `start` , `end` , `request` , `limit` , `comment` ) |
---|
[1745] | 144 | VALUES (' . " |
---|
[1760] | 145 | '$add_partner', '$add_target', |
---|
| 146 | NOW(), |
---|
[1745] | 147 | ADDDATE( NOW(), INTERVAL $add_end DAY), |
---|
[1791] | 148 | '$add_request', '$add_limit', '$add_comment' );"; |
---|
[1745] | 149 | |
---|
| 150 | pwg_query($query); |
---|
[1853] | 151 | $chk_partner = $add_partner; |
---|
[1745] | 152 | |
---|
[2260] | 153 | $template->append( |
---|
| 154 | 'update_results', |
---|
| 155 | l10n('ws_adding_legend').l10n('ws_success_upd') |
---|
[1745] | 156 | ); |
---|
| 157 | } |
---|
| 158 | |
---|
| 159 | // Next, Update selected access |
---|
| 160 | if (isset($_POST['wsu_submit'])) |
---|
| 161 | { |
---|
| 162 | $upd_end = ( is_numeric($_POST['upd_end']) ) ? $_POST['upd_end']:0; |
---|
| 163 | $settxt = ' end = ADDDATE(NOW(), INTERVAL '. $upd_end .' DAY)'; |
---|
| 164 | |
---|
| 165 | if ((isset($_POST['selection'])) and (trim($settxt) != '')) |
---|
| 166 | { |
---|
| 167 | $uid = (int) $_POST['selection']; |
---|
| 168 | $query = ' |
---|
| 169 | UPDATE '.WEB_SERVICES_ACCESS_TABLE.' |
---|
| 170 | SET '.$settxt.' |
---|
| 171 | WHERE id = '.$uid.'; '; |
---|
| 172 | pwg_query($query); |
---|
[2260] | 173 | $template->append( |
---|
| 174 | 'update_results', |
---|
| 175 | l10n('ws_update_legend').l10n('ws_success_upd') |
---|
[1745] | 176 | ); |
---|
| 177 | } else { |
---|
[2260] | 178 | $template->append( |
---|
| 179 | 'update_results', |
---|
| 180 | l10n('ws_update_legend').l10n('ws_failed_upd') |
---|
[1745] | 181 | ); |
---|
| 182 | } |
---|
| 183 | } |
---|
| 184 | // Next, Delete selected access |
---|
| 185 | |
---|
| 186 | if (isset($_POST['wsX_submit'])) |
---|
| 187 | { |
---|
| 188 | if ((isset($_POST['delete_confirmation'])) |
---|
| 189 | and (isset($_POST['selection']))) |
---|
| 190 | { |
---|
| 191 | $uid = (int) $_POST['selection']; |
---|
| 192 | $query = 'DELETE FROM '.WEB_SERVICES_ACCESS_TABLE.' |
---|
| 193 | WHERE id = '.$uid.'; '; |
---|
| 194 | pwg_query($query); |
---|
[2260] | 195 | $template->append( |
---|
| 196 | 'update_results', |
---|
| 197 | l10n('ws_delete_legend').l10n('ws_success_upd') |
---|
[1745] | 198 | ); |
---|
| 199 | } else { |
---|
[2260] | 200 | $template->append( |
---|
| 201 | 'update_results', |
---|
| 202 | l10n('Not selected / Not confirmed').l10n('ws_failed_upd') |
---|
[1745] | 203 | ); |
---|
| 204 | } |
---|
| 205 | } |
---|
| 206 | |
---|
| 207 | |
---|
| 208 | |
---|
[2288] | 209 | $template->assign( |
---|
[1745] | 210 | array( |
---|
[2288] | 211 | 'U_HELP' => get_root_url().'popuphelp.php?page=web_service', |
---|
[1745] | 212 | ) |
---|
| 213 | ); |
---|
| 214 | |
---|
| 215 | // Build where |
---|
| 216 | $where = ''; |
---|
| 217 | $order = ' ORDER BY `id` DESC' ; |
---|
| 218 | |
---|
| 219 | $query = ' |
---|
| 220 | SELECT * |
---|
| 221 | FROM '.WEB_SERVICES_ACCESS_TABLE.' |
---|
| 222 | WHERE 1=1 ' |
---|
| 223 | .$where. |
---|
| 224 | ' ' |
---|
| 225 | .$order. |
---|
| 226 | ';'; |
---|
| 227 | $result = pwg_query($query); |
---|
| 228 | $acc_list = mysql_num_rows($result); |
---|
| 229 | $result = pwg_query($query); |
---|
| 230 | // +-----------------------------------------------------------------------+ |
---|
| 231 | // | template init | |
---|
| 232 | // +-----------------------------------------------------------------------+ |
---|
| 233 | |
---|
| 234 | $template->set_filenames( |
---|
| 235 | array( |
---|
| 236 | 'ws_checker' => 'admin/ws_checker.tpl' |
---|
| 237 | ) |
---|
| 238 | ); |
---|
| 239 | |
---|
| 240 | |
---|
| 241 | // Access List |
---|
| 242 | while ($row = mysql_fetch_array($result)) |
---|
| 243 | { |
---|
[1853] | 244 | $chk_partner = ( $chk_partner == '' ) ? $row['name'] : $chk_partner; |
---|
[2260] | 245 | $template->append( |
---|
| 246 | 'access_list', |
---|
[1745] | 247 | array( |
---|
| 248 | 'ID' => $row['id'], |
---|
| 249 | 'NAME' => |
---|
| 250 | (is_adviser()) ? '*********' : $row['name'], |
---|
[1760] | 251 | 'TARGET' => $row['access'], |
---|
[1745] | 252 | 'END' => $row['end'], |
---|
[1760] | 253 | 'REQUEST' => $row['request'], |
---|
[1745] | 254 | 'LIMIT' => $row['limit'], |
---|
| 255 | 'COMMENT' => $row['comment'], |
---|
| 256 | ) |
---|
| 257 | ); |
---|
| 258 | } |
---|
| 259 | |
---|
[2260] | 260 | $template->assign('add_requests', $req_type_list); |
---|
[1745] | 261 | |
---|
[2260] | 262 | $template->assign('add_limits', $conf['ws_allowed_limit'] ); |
---|
[1745] | 263 | |
---|
| 264 | // Postponed Start Date |
---|
| 265 | // By default 0, 1, 2, 3, 5, 7, 14 or 30 days |
---|
[2260] | 266 | /*foreach ($conf['ws_postponed_start'] as $value) { |
---|
[1745] | 267 | $template->assign_block_vars( |
---|
| 268 | 'add_start', |
---|
| 269 | array( |
---|
| 270 | 'VALUE'=> $value, |
---|
| 271 | 'CONTENT' => $value, |
---|
| 272 | 'SELECTED' => ($conf['ws_postponed_start'][0] == $value) ? $selected:'', |
---|
| 273 | ) |
---|
| 274 | ); |
---|
[2260] | 275 | }*/ |
---|
[1745] | 276 | |
---|
| 277 | // Durations (Allowed Web Services Period) |
---|
| 278 | // By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) or 15, 10, 7, 5, 1, 0 day(s) |
---|
[2260] | 279 | $template->assign('add_ends', $conf['ws_durations']); |
---|
| 280 | |
---|
[1853] | 281 | if ( $chk_partner !== '' ) |
---|
| 282 | { |
---|
[2260] | 283 | if (function_exists('curl_init')) |
---|
| 284 | { |
---|
| 285 | $request = get_absolute_root_url().'ws.php?method=pwg.getVersion&format=rest&' |
---|
| 286 | . "partner=$chk_partner" ; |
---|
| 287 | $session = curl_init($request); |
---|
| 288 | curl_setopt ($session, CURLOPT_POST, true); |
---|
| 289 | curl_setopt($session, CURLOPT_HEADER, true); |
---|
| 290 | curl_setopt($session, CURLOPT_RETURNTRANSFER, true); |
---|
| 291 | $response = curl_exec($session); |
---|
| 292 | curl_close($session); |
---|
| 293 | $status_code = array(); |
---|
| 294 | preg_match('/\d\d\d/', $response, $status_code); |
---|
| 295 | switch( $status_code[0] ) { |
---|
| 296 | case 200: |
---|
| 297 | $ws_status = l10n('Web Services under control'); |
---|
| 298 | break; |
---|
| 299 | case 503: |
---|
| 300 | $ws_status = 'PhpWebGallery Web Services failed and returned an ' |
---|
| 301 | . 'HTTP status of 503. Service is unavailable. An internal ' |
---|
| 302 | . 'problem prevented us from returning data to you.'; |
---|
| 303 | break; |
---|
| 304 | case 403: |
---|
| 305 | $ws_status = 'PhpWebGallery Web Services failed and returned an ' |
---|
| 306 | . 'HTTP status of 403. Access is forbidden. You do not have ' |
---|
| 307 | . 'permission to access this resource, or are over ' |
---|
| 308 | . 'your rate limit.'; |
---|
| 309 | break; |
---|
| 310 | case 400: |
---|
| 311 | // You may want to fall through here and read the specific XML error |
---|
| 312 | $ws_status = 'PhpWebGallery Web Services failed and returned an ' |
---|
| 313 | . 'HTTP status of 400. Bad request. The parameters passed ' |
---|
| 314 | . 'to the service did not match as expected. The exact ' |
---|
| 315 | . 'error is returned in the XML response.'; |
---|
| 316 | break; |
---|
| 317 | default: |
---|
| 318 | $ws_status = 'PhpWebGallery Web Services returned an unexpected HTTP ' |
---|
| 319 | . 'status of:' . $status_code[0]; |
---|
| 320 | } |
---|
[1853] | 321 | } |
---|
[2260] | 322 | else |
---|
| 323 | { |
---|
| 324 | $ws_status = 'Cannot check - curl not installed'; |
---|
| 325 | } |
---|
| 326 | $template->assign( 'WS_STATUS', $ws_status ); |
---|
[1853] | 327 | } |
---|
[1745] | 328 | |
---|
| 329 | //----------------------------------------------------------- sending html code |
---|
| 330 | |
---|
| 331 | $template->assign_var_from_handle('ADMIN_CONTENT', 'ws_checker'); |
---|
[1824] | 332 | |
---|
| 333 | include_once(PHPWG_ROOT_PATH.'include/ws_core.inc.php'); |
---|
[1745] | 334 | ?> |
---|