<?php
// +-----------------------------------------------------------------------+
// | Piwigo - a PHP based picture gallery                                  |
// +-----------------------------------------------------------------------+
// | Copyright(C) 2008      Piwigo Team                  http://piwigo.org |
// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify  |
// | it under the terms of the GNU General Public License as published by  |
// | the Free Software Foundation                                          |
// |                                                                       |
// | This program is distributed in the hope that it will be useful, but   |
// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
// | General Public License for more details.                              |
// |                                                                       |
// | You should have received a copy of the GNU General Public License     |
// | along with this program; if not, write to the Free Software           |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA.                                                                  |
// +-----------------------------------------------------------------------+

// Next evolution... 
// Out of parameter WS management
// The remainer objective is to check 
//  -  Does Web Service working properly?
//  -  Does any access return something really?
//     Give a way to check to the webmaster...
// These questions are one of module name explanations (checker).

if((!defined("PHPWG_ROOT_PATH")) or (!$conf['allow_web_services']))
{
  die('Hacking attempt!');
}
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
include_once(PHPWG_ROOT_PATH.'include/ws_functions.inc.php');

/**
 * official_req returns the managed requests list in array format
 * FIXME A New list need to be build for ws_checker.php
 * returns array of authrorized request/methods
 * */
function official_req()
{
  $official = array(                  /* Requests are limited to             */
      'categories.'                          /* all categories. methods */
    , 'categories.getImages'
    , 'categories.getList'
    , 'images.'                              /* all images. methods */
    , 'images.getInfo'
    , 'images.addComment'
    , 'images.search'
    , 'tags.'                                /* all tags. methods */
    , 'tags.getImages'
    , 'tags.getList'
  );
  if (function_exists('local_req')) {
     $local = local_req();
     return array_merge( $official, $local );
  }
  return $official;
}

/**
 * check_target($string) verifies and corrects syntax of target parameter
 * example : check_target(cat/23,24,24,24,25,27) returns cat/23-25,27
 * */
function check_target($list)
{
  if ( $list !== '' )
  {
    $type = explode('/',$list); // Find type list
    if ( !in_array($type[0],array('list','cat','tag') ) )
    {
      $type[0] = 'list'; // Assume an id list
    }
    $ids = explode( ',',$type[1] );
    $list = $type[0] . '/';

    // 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6,

    $result = expand_id_list( $ids );

    // 1,2,3,4,5,6,9,10,11,12,13,21,22,
    // I would like
    // 1-6,9-13,21-22
    $serial[] = $result[0]; // To be shifted
    foreach ($result as $k => $id)
    {
      $next_less_1 = (isset($result[$k + 1]))? $result[$k + 1] - 1:-1;
      if ( $id == $next_less_1 and end($serial)=='-' )
      { // nothing to do
      }
      elseif ( $id == $next_less_1 )
      {
        $serial[]=$id;
        $serial[]='-';
      }
      else
      {
        $serial[]=$id;  // end serie or non serie
      }
    }
    $null = array_shift($serial); // remove first value
    $list .= array_shift($serial); // add the real first one
    $separ = ',';
    foreach ($serial as $id)
    {
      $list .= ($id=='-') ? '' : $separ . $id;
      $separ = ($id=='-') ? '-':','; // add comma except if hyphen
    }
  }
  return $list;
}

// +-----------------------------------------------------------------------+
// | Check Access and exit when user status is not ok                      |
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);

// accepted queries
$req_type_list = official_req();

//--------------------------------------------------------- update informations
$chk_partner = '';
// Is a new access required?

if (isset($_POST['wsa_submit']))
{
// Check $_post (Some values are commented - maybe a future use)
$add_partner = htmlspecialchars( $_POST['add_partner'], ENT_QUOTES);
$add_target = check_target( $_POST['add_target']) ;
$add_end = ( is_numeric($_POST['add_end']) ) ? $_POST['add_end']:0;
$add_request = htmlspecialchars( $_POST['add_request'], ENT_QUOTES);
$add_limit = ( is_numeric($_POST['add_limit']) ) ? $_POST['add_limit']:1; 
$add_comment = htmlspecialchars( $_POST['add_comment'], ENT_QUOTES);
if ( strlen($add_partner) < 8 )
{ // TODO What? Complete with some MD5...
}
  $query = '
INSERT INTO '.WEB_SERVICES_ACCESS_TABLE.' 
( `name` , `access` , `start` , `end` , `request` , `limit` , `comment` )
VALUES (' . "
  '$add_partner', '$add_target',
  NOW(), 
  ADDDATE( NOW(), INTERVAL $add_end DAY),
  '$add_request', '$add_limit', '$add_comment' );";

  pwg_query($query);
  $chk_partner = $add_partner;
  
  $template->append(
    'update_results',
    l10n('ws_adding_legend').l10n('ws_success_upd')
  );
}

// Next, Update selected access
if (isset($_POST['wsu_submit']))
{
  $upd_end = ( is_numeric($_POST['upd_end']) ) ? $_POST['upd_end']:0;
  $settxt = ' end = ADDDATE(NOW(), INTERVAL '. $upd_end .' DAY)';

  if ((isset($_POST['selection'])) and (trim($settxt) != ''))
  {
    $uid = (int) $_POST['selection'];
    $query = '
    UPDATE '.WEB_SERVICES_ACCESS_TABLE.' 
    SET '.$settxt.'
    WHERE id = '.$uid.'; ';
    pwg_query($query);
    $template->append(
      'update_results',
      l10n('ws_update_legend').l10n('ws_success_upd')
    );
  } else {
    $template->append(
      'update_results',
      l10n('ws_update_legend').l10n('ws_failed_upd')
    );
  }
}
// Next, Delete selected access

if (isset($_POST['wsX_submit']))
{
  if ((isset($_POST['delete_confirmation']))
   and (isset($_POST['selection'])))
  {
    $uid = (int) $_POST['selection'];
    $query = 'DELETE FROM '.WEB_SERVICES_ACCESS_TABLE.'
               WHERE id = '.$uid.'; ';
    pwg_query($query);
    $template->append(
      'update_results',
      l10n('ws_delete_legend').l10n('ws_success_upd')
    );
  } else {
    $template->append(
      'update_results',
      l10n('Not selected / Not confirmed').l10n('ws_failed_upd')
    );
  } 
}


$template->assign(
  array(
    'U_HELP' => get_root_url().'popuphelp.php?page=web_service',    
    )
  );

// Build where
$where = '';
$order = ' ORDER BY `id` DESC' ;

$query = '
SELECT *
  FROM '.WEB_SERVICES_ACCESS_TABLE.'
WHERE 1=1  '
.$where.
' '
.$order.
';';
$result = pwg_query($query);
$acc_list = mysql_num_rows($result);
$result = pwg_query($query);
// +-----------------------------------------------------------------------+
// |                             template init                             |
// +-----------------------------------------------------------------------+

$template->set_filenames(
  array(
    'ws_checker' => 'admin/ws_checker.tpl'
    )
  );


// Access List
while ($row = mysql_fetch_array($result))
{
  $chk_partner = ( $chk_partner == '' ) ? $row['name'] : $chk_partner;
  $template->append(
    'access_list',
     array(
       'ID'               => $row['id'],
       'NAME'             => 
         (is_adviser()) ? '*********' : $row['name'],       
       'TARGET'           => $row['access'],
       'END'              => $row['end'],
       'REQUEST'          => $row['request'],
       'LIMIT'            => $row['limit'],
       'COMMENT'          => $row['comment'],
     )
  );
}

$template->assign('add_requests', $req_type_list);

$template->assign('add_limits', $conf['ws_allowed_limit'] );

// Postponed Start Date 
// By default 0, 1, 2, 3, 5, 7, 14 or 30 days
/*foreach ($conf['ws_postponed_start'] as $value) {
  $template->assign_block_vars(
    'add_start',
     array(
       'VALUE'=> $value,
       'CONTENT' => $value,
       'SELECTED' => ($conf['ws_postponed_start'][0] == $value) ? $selected:'',
     )
  );
}*/

// Durations (Allowed Web Services Period)
// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) or 15, 10, 7, 5, 1, 0 day(s)
$template->assign('add_ends', $conf['ws_durations']);

if ( $chk_partner !== '' )
{
  if (function_exists('curl_init'))
  {
    $request = get_absolute_root_url().'ws.php?method=pwg.getVersion&format=rest&'
             . "partner=$chk_partner" ;
    $session = curl_init($request);
    curl_setopt ($session, CURLOPT_POST, true);
    curl_setopt($session, CURLOPT_HEADER, true);
    curl_setopt($session, CURLOPT_RETURNTRANSFER, true);
    $response = curl_exec($session);
    curl_close($session);
    $status_code = array();
    preg_match('/\d\d\d/', $response, $status_code);
    switch( $status_code[0] ) {
      case 200:
        $ws_status = l10n('Web Services under control');
        break;
      case 503:
        $ws_status = 'Piwigo Web Services failed and returned an '
                   . 'HTTP status of 503. Service is unavailable. An internal '
                   . 'problem prevented us from returning data to you.';
        break;
      case 403:
        $ws_status = 'Piwigo Web Services failed and returned an '
                   . 'HTTP status of 403. Access is forbidden. You do not have '
                   . 'permission to access this resource, or are over '
                   . 'your rate limit.';
        break;
      case 400:
        // You may want to fall through here and read the specific XML error
        $ws_status = 'Piwigo Web Services failed and returned an '
                   . 'HTTP status of 400. Bad request. The parameters passed '
                   . 'to the service did not match as expected. The exact '
                   . 'error is returned in the XML response.';
        break;
      default:
        $ws_status = 'Piwigo Web Services returned an unexpected HTTP '
                   . 'status of:' . $status_code[0];
    }
  }
  else
  {
    $ws_status = 'Cannot check - curl not installed';
  }
  $template->assign( 'WS_STATUS', $ws_status );
}

//----------------------------------------------------------- sending html code

$template->assign_var_from_handle('ADMIN_CONTENT', 'ws_checker');

include_once(PHPWG_ROOT_PATH.'include/ws_core.inc.php');
?>