Changeset 2516 for trunk/include
- Timestamp:
- Sep 11, 2008, 3:20:25 AM (16 years ago)
- Location:
- trunk/include
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/config_default.inc.php
r2451 r2516 618 618 // Maximum number of images to be returned foreach call to the web service 619 619 $conf['ws_max_images_per_page'] = 500; 620 621 // On Access control false / Admim Web Service need Php cURL extension622 // Controls are done on public basis or623 // if connected on member authorization basis624 $conf['ws_access_control'] = false;625 626 // Additionnal controls are made based on Web Service Access Table627 // Max returned rows number ( > 0 )628 $conf['ws_allowed_limit'] = array(1,2,3,5,10,25);629 630 // By default can be delayed by 0, 1, 2, 3, 5, 7, 14 or 30 days631 // 0 it's Now(), don't remove that one632 $conf['ws_postponed_start'] = array(0,1,2,3,5,7,14,30); /* In days */633 634 // By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s)635 // or 15, 10, 7, 5, 1, 0 day(s)636 // 0 it's temporary closed (Useful for one access)637 $conf['ws_durations'] = array(3650,1825,730,365,182,91,30,15,10,7,5,1,0);638 620 639 621 // +-----------------------------------------------------------------------+ -
trunk/include/constants.php
r2343 r2516 105 105 if (!defined('PLUGINS_TABLE')) 106 106 define('PLUGINS_TABLE', $prefixeTable.'plugins'); 107 if (!defined('WEB_SERVICES_ACCESS_TABLE'))108 define('WEB_SERVICES_ACCESS_TABLE', $prefixeTable.'ws_access');109 107 if (!defined('OLD_PERMALINKS_TABLE')) 110 108 define('OLD_PERMALINKS_TABLE', $prefixeTable.'old_permalinks'); -
trunk/include/ws_functions.inc.php
r2511 r2516 43 43 } 44 44 45 if ( !$conf['ws_access_control'] )46 {47 return $res; // No controls are requested48 }49 $query = '50 SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."51 WHERE `name` = '$calling_partner_id'52 AND NOW() <= end; ";53 $result = pwg_query($query);54 $row = mysql_fetch_assoc($result);55 if ( empty($row) )56 {57 return new PwgError(403, 'Partner id does not exist or is expired');58 }59 if ( !empty($row['request'])60 and strpos($methodName, $row['request'])==false61 and strpos($methodName, 'session')==false62 and strpos($methodName, 'getVersion')==false )63 { // session and getVersion are allowed to diagnose any failure reason64 return new PwgError(403, 'Method not allowed');65 }66 67 45 return $res; 68 }69 70 /**71 * ws_addControls72 * returns additionnal controls if requested73 * usable for 99% of Web Service methods74 *75 * - Args76 * $methodName: is the requested method77 * $partner: is the key78 * $tbl_name: is the alias_name in the query (sometimes called correlation name)79 * null if !getting picture informations80 * - Logic81 * Access_control is not active: Return82 * Key is incorrect: Return 0 = 1 (False condition for MySQL)83 * One of Params doesn't match with type of request: return 0 = 1 again84 * Access list(id/cat/tag) is converted in expended image-id list85 * image-id list: converted to an in-where-clause86 *87 * The additionnal in-where-clause is return88 */89 function ws_addControls( $methodName, &$params, $tbl_name )90 {91 global $conf, $calling_partner_id;92 if ( !$conf['ws_access_control'] or !isset($calling_partner_id) )93 {94 return '1=1'; // No controls are requested95 }96 97 // Is it an active Partner?98 $query = '99 SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE."100 WHERE `name` = '$calling_partner_id'101 AND NOW() <= end; ";102 $result = pwg_query($query);103 if ( mysql_num_rows( $result ) == 0 )104 {105 return '0=1'; // Unknown partner or Obsolate agreement106 }107 108 $row = mysql_fetch_array($result);109 110 // Overide general object limit111 $params['per_page'] = $row['limit'];112 113 // Target restrict114 // 3 cases: list, cat or tag115 // Behind / we could found img-ids, cat-ids or tag-ids116 $target = $row['access'];117 if ( $target == '')118 {119 return '1=1'; // No controls are requested120 }121 list($type, $str_ids) = explode('/',$target); // Find type list122 123 // (array) 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6,124 $arr_ids = expand_id_list( explode( ',',$str_ids ) );125 $addings = implode(',', $arr_ids);126 // (string) 1,2,3,4,5,6,9,10,11,12,13,21,22,127 if ( $type == 'list')128 {129 return $tbl_name . 'id IN ( ' . $addings . ' ) ';130 }131 132 if ( $type == 'cat' )133 {134 $addings = implode(',', get_image_ids_for_cats($arr_ids));135 return $tbl_name . 'id IN ( ' . $addings . ' ) ';136 }137 138 if ( $type == 'tag' )139 {140 $addings = implode(',', get_image_ids_for_tags($arr_ids, 'OR'));141 return $tbl_name . 'id IN ( ' . $addings . ' ) ';142 }143 // Unmanaged new type?144 return ' 0 = 1 '; // ???145 46 } 146 47 … … 372 273 ), null, true 373 274 ); 374 $where_clauses[] = ws_addControls( 'categories.getImages', $params, 'i.' );375 275 376 276 $order_by = ws_std_image_sql_order($params, 'i.'); … … 610 510 array('visible_images' => 'id'), 611 511 ' AND' 612 ).' AND '. 613 ws_addControls( 'images.getInfo', $params, '' ).' 614 LIMIT 1;'; 512 ).' 513 LIMIT 1'; 615 514 616 515 $image_row = mysql_fetch_assoc(pwg_query($query)); … … 1184 1083 ); 1185 1084 $where_clauses[] = 'id IN ('.implode(',',$image_ids).')'; 1186 $where_clauses[] = ws_addControls( 'tags.getImages', $params, 'i.' );1187 1085 1188 1086 $order_by = ws_std_image_sql_order($params); … … 1267 1165 } 1268 1166 1269 1270 /**1271 * expand_id_list($ids) convert a human list expression to a full ordered list1272 * example : expand_id_list( array(5,2-3,2) ) returns array( 2, 3, 5)1273 * */1274 function expand_id_list($ids)1275 {1276 $tid = array();1277 foreach ( $ids as $id )1278 {1279 if ( is_numeric($id) )1280 {1281 $tid[] = (int) $id;1282 }1283 else1284 {1285 $range = explode( '-', $id );1286 if ( is_numeric($range[0]) and is_numeric($range[1]) )1287 {1288 $from = min($range[0],$range[1]);1289 $to = max($range[0],$range[1]);1290 for ($i = $from; $i <= $to; $i++)1291 {1292 $tid[] = (int) $i;1293 }1294 }1295 }1296 }1297 $result = array_unique ($tid); // remove duplicates...1298 sort ($result);1299 return $result;1300 }1301 1302 1303 /**1304 * converts a cat-ids array in image-ids array1305 * FIXME Function which should already exist somewhere else1306 * */1307 function get_image_ids_for_cats($cat_ids)1308 {1309 $cat_list = implode(',', $cat_ids);1310 $ret_ids = array();1311 $query = '1312 SELECT DISTINCT image_id1313 FROM '.IMAGE_CATEGORY_TABLE.'1314 WHERE category_id in ('.$cat_list.')1315 ;';1316 return array_from_query($query, 'image_id');1317 }1318 1319 1167 ?>
Note: See TracChangeset
for help on using the changeset viewer.