1 | <?php |
---|
2 | // +-----------------------------------------------------------------------+ |
---|
3 | // | PhpWebGallery - a PHP based picture gallery | |
---|
4 | // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | |
---|
5 | // | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net | |
---|
6 | // +-----------------------------------------------------------------------+ |
---|
7 | // | branch : BSF (Best So Far) |
---|
8 | // | file : $RCSfile$ |
---|
9 | // | last update : $Date: 2006-12-15 23:16:37 +0200 (ven., 15 dec. 2006) $ |
---|
10 | // | last modifier : $Author: vdigital $ |
---|
11 | // | revision : $Revision: 1658 $ |
---|
12 | // +-----------------------------------------------------------------------+ |
---|
13 | // | This program is free software; you can redistribute it and/or modify | |
---|
14 | // | it under the terms of the GNU General Public License as published by | |
---|
15 | // | the Free Software Foundation | |
---|
16 | // | | |
---|
17 | // | This program is distributed in the hope that it will be useful, but | |
---|
18 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
19 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
20 | // | General Public License for more details. | |
---|
21 | // | | |
---|
22 | // | You should have received a copy of the GNU General Public License | |
---|
23 | // | along with this program; if not, write to the Free Software | |
---|
24 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
25 | // | USA. | |
---|
26 | // +-----------------------------------------------------------------------+ |
---|
27 | |
---|
28 | // +-----------------------------------------------------------------------+ |
---|
29 | // | functions | |
---|
30 | // +-----------------------------------------------------------------------+ |
---|
31 | |
---|
32 | // Function to migrate be useful for ws |
---|
33 | function official_req() |
---|
34 | { |
---|
35 | return array( |
---|
36 | 'random' /* Random order */ |
---|
37 | , 'list' /* list on MBt & z0rglub request */ |
---|
38 | , 'maxviewed' /* hit > 0 and hit desc order */ |
---|
39 | , 'recent' /* recent = Date_available desc order */ |
---|
40 | , 'highrated' /* avg_rate > 0 and desc order */ |
---|
41 | , 'oldest' /* Date_available asc order */ |
---|
42 | , 'lessviewed' /* hit asc order */ |
---|
43 | , 'lowrated' /* avg_rate asc order */ |
---|
44 | , 'undescribed' /* description missing */ |
---|
45 | , 'unnamed' /* new name missing */ |
---|
46 | , 'portraits' /* width < height (portrait oriented) */ |
---|
47 | , 'landscapes' /* width > height (landscape oriented) */ |
---|
48 | , 'squares' /* width ~ height (square form) */ |
---|
49 | ); |
---|
50 | } |
---|
51 | |
---|
52 | function expand_id_list($ids) |
---|
53 | { |
---|
54 | $tid = array(); |
---|
55 | foreach ( $ids as $id ) |
---|
56 | { |
---|
57 | if ( is_numeric($id) ) |
---|
58 | { |
---|
59 | $tid[] = (int) $id; |
---|
60 | } |
---|
61 | else |
---|
62 | { |
---|
63 | $range = explode( '-', $id ); |
---|
64 | if ( is_numeric($range[0]) and is_numeric($range[1]) ) |
---|
65 | { |
---|
66 | $from = min($range[0],$range[1]); |
---|
67 | $to = max($range[0],$range[1]); |
---|
68 | for ($i = $from; $i <= $to; $i++) |
---|
69 | { |
---|
70 | $tid[] = (int) $i; |
---|
71 | } |
---|
72 | } |
---|
73 | } |
---|
74 | } |
---|
75 | $result = array_unique ($tid); // remove duplicates... |
---|
76 | sort ($result); |
---|
77 | return $result; |
---|
78 | } |
---|
79 | |
---|
80 | function check_target($list) |
---|
81 | { |
---|
82 | if ( $list !== '' ) |
---|
83 | { |
---|
84 | $type = explode('/',$list); // Find type list |
---|
85 | if ( !in_array($type[0],array('list','cat','tag') ) ) |
---|
86 | { |
---|
87 | $type[0] = 'list'; // Assume an id list |
---|
88 | } |
---|
89 | $ids = explode( ',',$type[1] ); |
---|
90 | $list = $type[0] . '/'; |
---|
91 | |
---|
92 | // 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6, |
---|
93 | |
---|
94 | $result = expand_id_list( $ids ); |
---|
95 | |
---|
96 | // 1,2,3,4,5,6,9,10,11,12,13,21,22, |
---|
97 | // I would like |
---|
98 | // 1-6,9-13,21-22 |
---|
99 | $serial[] = $result[0]; // To be shifted |
---|
100 | foreach ($result as $k => $id) |
---|
101 | { |
---|
102 | $next_less_1 = (isset($result[$k + 1]))? $result[$k + 1] - 1:-1; |
---|
103 | if ( $id == $next_less_1 and end($serial)=='-' ) |
---|
104 | { // nothing to do |
---|
105 | } |
---|
106 | elseif ( $id == $next_less_1 ) |
---|
107 | { |
---|
108 | $serial[]=$id; |
---|
109 | $serial[]='-'; |
---|
110 | } |
---|
111 | else |
---|
112 | { |
---|
113 | $serial[]=$id; // end serie or non serie |
---|
114 | } |
---|
115 | } |
---|
116 | $null = array_shift($serial); // remove first value |
---|
117 | $list .= array_shift($serial); // add the real first one |
---|
118 | $separ = ','; |
---|
119 | foreach ($serial as $id) |
---|
120 | { |
---|
121 | $list .= ($id=='-') ? '' : $separ . $id; |
---|
122 | $separ = ($id=='-') ? '-':','; // add comma except if hyphen |
---|
123 | } |
---|
124 | } |
---|
125 | return $list; |
---|
126 | } |
---|
127 | |
---|
128 | // Next evolution... |
---|
129 | // Out of parameter WS management |
---|
130 | // The remainer objective is to check |
---|
131 | // - Does Web Service working properly? |
---|
132 | // - Does any access return something really? |
---|
133 | // Give a way to check to the webmaster... |
---|
134 | // These questions are one of module name explainations (checker). |
---|
135 | |
---|
136 | if((!defined("PHPWG_ROOT_PATH")) or (!$conf['allow_web_services'])) |
---|
137 | { |
---|
138 | die('Hacking attempt!'); |
---|
139 | } |
---|
140 | include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); |
---|
141 | |
---|
142 | // +-----------------------------------------------------------------------+ |
---|
143 | // | Check Access and exit when user status is not ok | |
---|
144 | // +-----------------------------------------------------------------------+ |
---|
145 | check_status(ACCESS_ADMINISTRATOR); |
---|
146 | |
---|
147 | |
---|
148 | // accepted queries |
---|
149 | $req_type_list = official_req(); |
---|
150 | |
---|
151 | //--------------------------------------------------------- update informations |
---|
152 | |
---|
153 | // Is status temporary changed? |
---|
154 | if (isset($_POST['wss_submit'])) |
---|
155 | { |
---|
156 | $ws_status = get_boolean( $_POST['ws_status'] ); // Requested status |
---|
157 | $ws_update = $lang['ws_success_upd']; // Normal update |
---|
158 | if ($conf['allow_web_services'] == false and $ws_status == true ) |
---|
159 | { /* Set true is disallowed */ |
---|
160 | $ws_status = false; |
---|
161 | $ws_update = $lang['ws_disallowed']; |
---|
162 | } |
---|
163 | if ( $ws_status !== true and $ws_status !== false ) |
---|
164 | { /* Avoiding SQL injection by no change */ |
---|
165 | $ws_status = $conf['ws_status']; |
---|
166 | } |
---|
167 | if ($conf['ws_status'] == $ws_status) |
---|
168 | { |
---|
169 | $ws_update = $lang['ws_disallowed']; |
---|
170 | } |
---|
171 | else |
---|
172 | { |
---|
173 | $query = ' |
---|
174 | UPDATE '.CONFIG_TABLE.' SET |
---|
175 | value = \''.boolean_to_string($ws_status).'\' |
---|
176 | WHERE param = \'ws_status\' |
---|
177 | AND value <> \''.boolean_to_string($ws_status).'\' |
---|
178 | ;'; |
---|
179 | pwg_query($query); |
---|
180 | $conf['ws_status'] = $ws_status; |
---|
181 | } |
---|
182 | $template->assign_block_vars( |
---|
183 | 'update_result', |
---|
184 | array( |
---|
185 | 'UPD_ELEMENT'=> $lang['ws_set_status'].': '.$ws_update, |
---|
186 | ) |
---|
187 | ); |
---|
188 | } |
---|
189 | |
---|
190 | // Next, is a new access required? |
---|
191 | |
---|
192 | if (isset($_POST['wsa_submit'])) |
---|
193 | { |
---|
194 | // Check $_post |
---|
195 | $add_partner = htmlspecialchars( $_POST['add_partner'], ENT_QUOTES); |
---|
196 | $add_access = check_target( $_POST['add_access']) ; |
---|
197 | $add_start = ( is_numeric($_POST['add_start']) ) ? $_POST['add_start']:0; |
---|
198 | $add_end = ( is_numeric($_POST['add_end']) ) ? $_POST['add_end']:0; |
---|
199 | $add_request = ( ctype_alpha($_POST['add_request']) ) ? |
---|
200 | $_POST['add_request']:''; |
---|
201 | $add_high = ( $_POST['add_high'] == 'true' ) ? 'true':'false'; |
---|
202 | $add_normal = ( $_POST['add_normal'] == 'true' ) ? 'true':'false'; |
---|
203 | $add_limit = ( is_numeric($_POST['add_limit']) ) ? $_POST['add_limit']:1; |
---|
204 | $add_comment = htmlspecialchars( $_POST['add_comment'], ENT_QUOTES); |
---|
205 | if ( strlen($add_partner) < 8 ) |
---|
206 | { |
---|
207 | } |
---|
208 | $query = ' |
---|
209 | INSERT INTO '.WEB_SERVICES_ACCESS_TABLE.' |
---|
210 | ( `name` , `access` , `start` , `end` , `request` , |
---|
211 | `high` , `normal` , `limit` , `comment` ) |
---|
212 | VALUES (' . " |
---|
213 | '$add_partner', '$add_access', |
---|
214 | ADDDATE( NOW(), INTERVAL $add_start DAY), |
---|
215 | ADDDATE( NOW(), INTERVAL $add_end DAY), |
---|
216 | '$add_request', '$add_high', '$add_normal', '$add_limit', '$add_comment' );"; |
---|
217 | |
---|
218 | pwg_query($query); |
---|
219 | |
---|
220 | $template->assign_block_vars( |
---|
221 | 'update_result', |
---|
222 | array( |
---|
223 | 'UPD_ELEMENT'=> $lang['ws_adding_legend'].$lang['ws_success_upd'], |
---|
224 | ) |
---|
225 | ); |
---|
226 | } |
---|
227 | |
---|
228 | // Next, Update selected access |
---|
229 | if (isset($_POST['wsu_submit'])) |
---|
230 | { |
---|
231 | $upd_end = ( is_numeric($_POST['upd_end']) ) ? $_POST['upd_end']:0; |
---|
232 | $settxt = ' end = ADDDATE(NOW(), INTERVAL '. $upd_end .' DAY)'; |
---|
233 | |
---|
234 | if ((isset($_POST['selection'])) and (trim($settxt) != '')) |
---|
235 | { |
---|
236 | $uid = (int) $_POST['selection']; |
---|
237 | $query = ' |
---|
238 | UPDATE '.WEB_SERVICES_ACCESS_TABLE.' |
---|
239 | SET '.$settxt.' |
---|
240 | WHERE id = '.$uid.'; '; |
---|
241 | pwg_query($query); |
---|
242 | $template->assign_block_vars( |
---|
243 | 'update_result', |
---|
244 | array( |
---|
245 | 'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_success_upd'], |
---|
246 | ) |
---|
247 | ); |
---|
248 | } else { |
---|
249 | $template->assign_block_vars( |
---|
250 | 'update_result', |
---|
251 | array( |
---|
252 | 'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_failed_upd'], |
---|
253 | ) |
---|
254 | ); |
---|
255 | } |
---|
256 | } |
---|
257 | // Next, Delete selected access |
---|
258 | |
---|
259 | if (isset($_POST['wsX_submit'])) |
---|
260 | { |
---|
261 | if ((isset($_POST['delete_confirmation'])) |
---|
262 | and (isset($_POST['selection']))) |
---|
263 | { |
---|
264 | $uid = (int) $_POST['selection']; |
---|
265 | $query = 'DELETE FROM '.WEB_SERVICES_ACCESS_TABLE.' |
---|
266 | WHERE id = '.$uid.'; '; |
---|
267 | pwg_query($query); |
---|
268 | $template->assign_block_vars( |
---|
269 | 'update_result', |
---|
270 | array( |
---|
271 | 'UPD_ELEMENT'=> $lang['ws_delete_legend'].$lang['ws_success_upd'], |
---|
272 | ) |
---|
273 | ); |
---|
274 | } else { |
---|
275 | $template->assign_block_vars( |
---|
276 | 'update_result', |
---|
277 | array( |
---|
278 | 'UPD_ELEMENT'=> $lang['Not selected / Not confirmed'] |
---|
279 | .$lang['ws_failed_upd'], |
---|
280 | ) |
---|
281 | ); |
---|
282 | } |
---|
283 | } |
---|
284 | |
---|
285 | |
---|
286 | $ws_status = $conf['ws_status']; |
---|
287 | $template->assign_vars( |
---|
288 | array( |
---|
289 | 'L_CURRENT_STATUS' => ( $ws_status == true ) ? |
---|
290 | $lang['ws_enable']:$lang['ws_disable'], |
---|
291 | 'STATUS_YES' => ( $ws_status == true ) ? '':'checked', |
---|
292 | 'STATUS_NO' => ( $ws_status == true ) ? 'checked':'', |
---|
293 | 'DEFLT_HIGH_YES' => '', |
---|
294 | 'DEFLT_HIGH_NO' => 'checked', |
---|
295 | 'DEFLT_NORMAL_YES' => '', |
---|
296 | 'DEFLT_NORMAL_NO' => 'checked', |
---|
297 | 'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=web_service', |
---|
298 | ) |
---|
299 | ); |
---|
300 | |
---|
301 | // Build where |
---|
302 | $where = ''; |
---|
303 | $order = ' ORDER BY `id` DESC' ; |
---|
304 | |
---|
305 | $query = ' |
---|
306 | SELECT * |
---|
307 | FROM '.WEB_SERVICES_ACCESS_TABLE.' |
---|
308 | WHERE 1=1 ' |
---|
309 | .$where. |
---|
310 | ' ' |
---|
311 | .$order. |
---|
312 | ';'; |
---|
313 | $result = pwg_query($query); |
---|
314 | $acc_list = mysql_num_rows($result); |
---|
315 | $result = pwg_query($query); |
---|
316 | // +-----------------------------------------------------------------------+ |
---|
317 | // | template init | |
---|
318 | // +-----------------------------------------------------------------------+ |
---|
319 | |
---|
320 | $template->set_filenames( |
---|
321 | array( |
---|
322 | 'ws_checker' => 'admin/ws_checker.tpl' |
---|
323 | ) |
---|
324 | ); |
---|
325 | |
---|
326 | $checked = 'checked="checked"'; |
---|
327 | $selected = 'selected="selected"'; |
---|
328 | $num=0; |
---|
329 | if ( $acc_list > 0 ) |
---|
330 | { |
---|
331 | $template->assign_block_vars( |
---|
332 | 'acc_list', array() ); |
---|
333 | } |
---|
334 | |
---|
335 | // Access List |
---|
336 | while ($row = mysql_fetch_array($result)) |
---|
337 | { |
---|
338 | $num++; |
---|
339 | $template->assign_block_vars( |
---|
340 | 'acc_list.access', |
---|
341 | array( |
---|
342 | 'CLASS' => ($num % 2 == 1) ? 'row1' : 'row2', |
---|
343 | 'ID' => $row['id'], |
---|
344 | 'NAME' => |
---|
345 | (is_adviser()) ? '*********' : $row['name'], |
---|
346 | 'ACCESS' => $row['access'], |
---|
347 | 'START' => $row['start'], |
---|
348 | 'END' => $row['end'], |
---|
349 | 'FORCE' => $row['request'], |
---|
350 | 'HIGH' => $row['high'], |
---|
351 | 'NORMAL' => $row['normal'], |
---|
352 | 'LIMIT' => $row['limit'], |
---|
353 | 'COMMENT' => $row['comment'], |
---|
354 | 'SELECTED' => '', |
---|
355 | ) |
---|
356 | ); |
---|
357 | } |
---|
358 | |
---|
359 | $template->assign_block_vars( |
---|
360 | 'add_request', |
---|
361 | array( |
---|
362 | 'VALUE'=> '', |
---|
363 | 'CONTENT' => '', |
---|
364 | 'SELECTED' => $selected, |
---|
365 | ) |
---|
366 | ); |
---|
367 | foreach ($req_type_list as $value) { |
---|
368 | |
---|
369 | $template->assign_block_vars( |
---|
370 | 'add_request', |
---|
371 | array( |
---|
372 | 'VALUE'=> $value, |
---|
373 | 'CONTENT' => $lang['ws_'.$value], |
---|
374 | 'SELECTED' => '', |
---|
375 | ) |
---|
376 | ); |
---|
377 | } |
---|
378 | |
---|
379 | $columns = array ( |
---|
380 | 'ID' => 'id', |
---|
381 | 'ws_KeyName' => 'name', |
---|
382 | 'ws_Access' => 'ws_access', |
---|
383 | 'ws_Start' => 'ws_start', |
---|
384 | 'ws_End' => 'ws_end', |
---|
385 | 'ws_Request' => 'ws_request', |
---|
386 | 'ws_High' => 'ws_high', |
---|
387 | 'ws_Normal' => 'ws_normal', |
---|
388 | 'ws_Limit' => 'ws_limit', |
---|
389 | 'ws_Comment' => 'ws_comment', |
---|
390 | ); |
---|
391 | |
---|
392 | foreach ($conf['ws_allowed_limit'] as $value) { |
---|
393 | $template->assign_block_vars( |
---|
394 | 'add_limit', |
---|
395 | array( |
---|
396 | 'VALUE'=> $value, |
---|
397 | 'CONTENT' => $value, |
---|
398 | 'SELECTED' => ($conf['ws_allowed_limit'][0] == $value) ? $selected:'', |
---|
399 | ) |
---|
400 | ); |
---|
401 | } |
---|
402 | |
---|
403 | // Postponed Start Date |
---|
404 | // By default 0, 1, 2, 3, 5, 7, 14 or 30 days |
---|
405 | foreach ($conf['ws_postponed_start'] as $value) { |
---|
406 | $template->assign_block_vars( |
---|
407 | 'add_start', |
---|
408 | array( |
---|
409 | 'VALUE'=> $value, |
---|
410 | 'CONTENT' => $value, |
---|
411 | 'SELECTED' => ($conf['ws_postponed_start'][0] == $value) ? $selected:'', |
---|
412 | ) |
---|
413 | ); |
---|
414 | } |
---|
415 | |
---|
416 | // Durations (Allowed Web Services Period) |
---|
417 | // By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) or 15, 10, 7, 5, 1, 0 day(s) |
---|
418 | foreach ($conf['ws_durations'] as $value) { |
---|
419 | $template->assign_block_vars( |
---|
420 | 'add_end', |
---|
421 | array( |
---|
422 | 'VALUE'=> $value, |
---|
423 | 'CONTENT' => $value, |
---|
424 | 'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'', |
---|
425 | ) |
---|
426 | ); |
---|
427 | if ( $acc_list > 0 ) |
---|
428 | { |
---|
429 | $template->assign_block_vars( |
---|
430 | 'acc_list.upd_end', |
---|
431 | array( |
---|
432 | 'VALUE'=> $value, |
---|
433 | 'CONTENT' => $value, |
---|
434 | 'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'', |
---|
435 | ) |
---|
436 | ); |
---|
437 | } |
---|
438 | } |
---|
439 | |
---|
440 | //----------------------------------------------------------- sending html code |
---|
441 | |
---|
442 | $template->assign_var_from_handle('ADMIN_CONTENT', 'ws_checker'); |
---|
443 | ?> |
---|