diff options
-rw-r--r-- | admin/ws_checker.php | 631 | ||||
-rw-r--r-- | language/en_UK.iso-8859-1/admin.lang.php | 1 | ||||
-rw-r--r-- | language/fr_FR.iso-8859-1/admin.lang.php | 1 | ||||
-rw-r--r-- | template/yoga/admin/ws_checker.tpl | 52 | ||||
-rw-r--r-- | web_service.php | 641 |
5 files changed, 300 insertions, 1026 deletions
diff --git a/admin/ws_checker.php b/admin/ws_checker.php index 3c83d1735..a434573ba 100644 --- a/admin/ws_checker.php +++ b/admin/ws_checker.php @@ -1,343 +1,288 @@ -<?php
-// +-----------------------------------------------------------------------+
-// | PhpWebGallery - a PHP based picture gallery |
-// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
-// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
-// +-----------------------------------------------------------------------+
-// | branch : BSF (Best So Far)
-// | file : $RCSfile$
-// | last update : $Date: 2006-12-15 23:16:37 +0200 (ven., 15 dec. 2006) $
-// | last modifier : $Author: vdigital $
-// | revision : $Revision: 1658 $
-// +-----------------------------------------------------------------------+
-// | This program is free software; you can redistribute it and/or modify |
-// | it under the terms of the GNU General Public License as published by |
-// | the Free Software Foundation |
-// | |
-// | This program is distributed in the hope that it will be useful, but |
-// | WITHOUT ANY WARRANTY; without even the implied warranty of |
-// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
-// | General Public License for more details. |
-// | |
-// | You should have received a copy of the GNU General Public License |
-// | along with this program; if not, write to the Free Software |
-// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
-// | USA. |
-// +-----------------------------------------------------------------------+
-
-// Next evolution...
-// Out of parameter WS management
-// The remainer objective is to check
-// - Does Web Service working properly?
-// - Does any access return something really?
-// Give a way to check to the webmaster...
-// These questions are one of module name explainations (checker).
-
-if((!defined("PHPWG_ROOT_PATH")) or (!$conf['allow_web_services']))
-{
- die('Hacking attempt!');
-}
-include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
-
-// +-----------------------------------------------------------------------+
-// | Check Access and exit when user status is not ok |
-// +-----------------------------------------------------------------------+
-check_status(ACCESS_ADMINISTRATOR);
-
-
-// accepted queries
-$req_type_list = official_req();
-
-//--------------------------------------------------------- update informations
-
-// Is status temporary changed?
-if (isset($_POST['wss_submit']))
-{
- $ws_status = get_boolean( $_POST['ws_status'] ); // Requested status
- $ws_update = $lang['ws_success_upd']; // Normal update
- if ($conf['allow_web_services'] == false and $ws_status == true )
- { /* Set true is disallowed */
- $ws_status = false;
- $ws_update = $lang['ws_disallowed'];
- }
- if ( $ws_status !== true and $ws_status !== false )
- { /* Avoiding SQL injection by no change */
- $ws_status = $conf['ws_status'];
- }
- if ($conf['ws_status'] == $ws_status)
- {
- $ws_update = $lang['ws_disallowed'];
- }
- else
- {
- $query = '
-UPDATE '.CONFIG_TABLE.' SET
- value = \''.boolean_to_string($ws_status).'\'
-WHERE param = \'ws_status\'
- AND value <> \''.boolean_to_string($ws_status).'\'
-;';
- pwg_query($query);
- $conf['ws_status'] = $ws_status;
- }
- $template->assign_block_vars(
- 'update_result',
- array(
- 'UPD_ELEMENT'=> $lang['ws_set_status'].': '.$ws_update,
- )
- );
-}
-
-// Next, is a new access required?
-
-if (isset($_POST['wsa_submit']))
-{
-// Check $_post
-$add_partner = htmlspecialchars( $_POST['add_partner'], ENT_QUOTES);
-$add_access = check_target( $_POST['add_access']) ;
-$add_start = ( is_numeric($_POST['add_start']) ) ? $_POST['add_start']:0;
-$add_end = ( is_numeric($_POST['add_end']) ) ? $_POST['add_end']:0;
-$add_request = ( ctype_alpha($_POST['add_request']) ) ?
- $_POST['add_request']:'';
-$add_high = ( $_POST['add_high'] == 'true' ) ? 'true':'false';
-$add_normal = ( $_POST['add_normal'] == 'true' ) ? 'true':'false';
-$add_limit = ( is_numeric($_POST['add_limit']) ) ? $_POST['add_limit']:1;
-$add_comment = htmlspecialchars( $_POST['add_comment'], ENT_QUOTES);
-if ( strlen($add_partner) < 8 )
-{
-}
- $query = '
-INSERT INTO '.WEB_SERVICES_ACCESS_TABLE.'
-( `name` , `access` , `start` , `end` , `request` ,
- `high` , `normal` , `limit` , `comment` )
-VALUES (' . "
- '$add_partner', '$add_access',
- ADDDATE( NOW(), INTERVAL $add_start DAY),
- ADDDATE( NOW(), INTERVAL $add_end DAY),
- '$add_request', '$add_high', '$add_normal', '$add_limit', '$add_comment' );";
-
- pwg_query($query);
-
- $template->assign_block_vars(
- 'update_result',
- array(
- 'UPD_ELEMENT'=> $lang['ws_adding_legend'].$lang['ws_success_upd'],
- )
- );
-}
-
-// Next, Update selected access
-if (isset($_POST['wsu_submit']))
-{
- $upd_end = ( is_numeric($_POST['upd_end']) ) ? $_POST['upd_end']:0;
- $settxt = ' end = ADDDATE(NOW(), INTERVAL '. $upd_end .' DAY)';
-
- if ((isset($_POST['selection'])) and (trim($settxt) != ''))
- {
- $uid = (int) $_POST['selection'];
- $query = '
- UPDATE '.WEB_SERVICES_ACCESS_TABLE.'
- SET '.$settxt.'
- WHERE id = '.$uid.'; ';
- pwg_query($query);
- $template->assign_block_vars(
- 'update_result',
- array(
- 'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_success_upd'],
- )
- );
- } else {
- $template->assign_block_vars(
- 'update_result',
- array(
- 'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_failed_upd'],
- )
- );
- }
-}
-// Next, Delete selected access
-
-if (isset($_POST['wsX_submit']))
-{
- if ((isset($_POST['delete_confirmation']))
- and (isset($_POST['selection'])))
- {
- $uid = (int) $_POST['selection'];
- $query = 'DELETE FROM '.WEB_SERVICES_ACCESS_TABLE.'
- WHERE id = '.$uid.'; ';
- pwg_query($query);
- $template->assign_block_vars(
- 'update_result',
- array(
- 'UPD_ELEMENT'=> $lang['ws_delete_legend'].$lang['ws_success_upd'],
- )
- );
- } else {
- $template->assign_block_vars(
- 'update_result',
- array(
- 'UPD_ELEMENT'=> $lang['Not selected / Not confirmed']
- .$lang['ws_failed_upd'],
- )
- );
- }
-}
-
-
-$ws_status = $conf['ws_status'];
-$template->assign_vars(
- array(
- 'L_CURRENT_STATUS' => ( $ws_status == true ) ?
- $lang['ws_enable']:$lang['ws_disable'],
- 'STATUS_YES' => ( $ws_status == true ) ? '':'checked',
- 'STATUS_NO' => ( $ws_status == true ) ? 'checked':'',
- 'DEFLT_HIGH_YES' => '',
- 'DEFLT_HIGH_NO' => 'checked',
- 'DEFLT_NORMAL_YES' => '',
- 'DEFLT_NORMAL_NO' => 'checked',
- 'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=web_service',
- )
- );
-
-// Build where
-$where = '';
-$order = ' ORDER BY `id` DESC' ;
-
-$query = '
-SELECT *
- FROM '.WEB_SERVICES_ACCESS_TABLE.'
-WHERE 1=1 '
-.$where.
-' '
-.$order.
-';';
-$result = pwg_query($query);
-$acc_list = mysql_num_rows($result);
-$result = pwg_query($query);
-// +-----------------------------------------------------------------------+
-// | template init |
-// +-----------------------------------------------------------------------+
-
-$template->set_filenames(
- array(
- 'ws_checker' => 'admin/ws_checker.tpl'
- )
- );
-
-$checked = 'checked="checked"';
-$selected = 'selected="selected"';
-$num=0;
-if ( $acc_list > 0 )
-{
- $template->assign_block_vars(
- 'acc_list', array() );
-}
-
-// Access List
-while ($row = mysql_fetch_array($result))
-{
- $num++;
- $template->assign_block_vars(
- 'acc_list.access',
- array(
- 'CLASS' => ($num % 2 == 1) ? 'row1' : 'row2',
- 'ID' => $row['id'],
- 'NAME' =>
- (is_adviser()) ? '*********' : $row['name'],
- 'ACCESS' => $row['access'],
- 'START' => $row['start'],
- 'END' => $row['end'],
- 'FORCE' => $row['request'],
- 'HIGH' => $row['high'],
- 'NORMAL' => $row['normal'],
- 'LIMIT' => $row['limit'],
- 'COMMENT' => $row['comment'],
- 'SELECTED' => '',
- )
- );
-}
-
-$template->assign_block_vars(
- 'add_request',
- array(
- 'VALUE'=> '',
- 'CONTENT' => '',
- 'SELECTED' => $selected,
- )
-);
-foreach ($req_type_list as $value) {
-
- $template->assign_block_vars(
- 'add_request',
- array(
- 'VALUE'=> $value,
- 'CONTENT' => $lang['ws_'.$value],
- 'SELECTED' => '',
- )
- );
-}
-
-$columns = array (
- 'ID' => 'id',
- 'ws_KeyName' => 'name',
- 'ws_Access' => 'ws_access',
- 'ws_Start' => 'ws_start',
- 'ws_End' => 'ws_end',
- 'ws_Request' => 'ws_request',
- 'ws_High' => 'ws_high',
- 'ws_Normal' => 'ws_normal',
- 'ws_Limit' => 'ws_limit',
- 'ws_Comment' => 'ws_comment',
-);
-
-foreach ($conf['ws_allowed_limit'] as $value) {
- $template->assign_block_vars(
- 'add_limit',
- array(
- 'VALUE'=> $value,
- 'CONTENT' => $value,
- 'SELECTED' => ($conf['ws_allowed_limit'][0] == $value) ? $selected:'',
- )
- );
-}
-
-// Postponed Start Date
-// By default 0, 1, 2, 3, 5, 7, 14 or 30 days
-foreach ($conf['ws_postponed_start'] as $value) {
- $template->assign_block_vars(
- 'add_start',
- array(
- 'VALUE'=> $value,
- 'CONTENT' => $value,
- 'SELECTED' => ($conf['ws_postponed_start'][0] == $value) ? $selected:'',
- )
- );
-}
-
-// Durations (Allowed Web Services Period)
-// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) or 15, 10, 7, 5, 1, 0 day(s)
-foreach ($conf['ws_durations'] as $value) {
- $template->assign_block_vars(
- 'add_end',
- array(
- 'VALUE'=> $value,
- 'CONTENT' => $value,
- 'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'',
- )
- );
- if ( $acc_list > 0 )
- {
- $template->assign_block_vars(
- 'acc_list.upd_end',
- array(
- 'VALUE'=> $value,
- 'CONTENT' => $value,
- 'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'',
- )
- );
- }
-}
-
-//----------------------------------------------------------- sending html code
-
-$template->assign_var_from_handle('ADMIN_CONTENT', 'ws_checker');
-?>
+<?php +// +-----------------------------------------------------------------------+ +// | PhpWebGallery - a PHP based picture gallery | +// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | +// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net | +// +-----------------------------------------------------------------------+ +// | branch : BSF (Best So Far) +// | file : $RCSfile$ +// | last update : $Date$ +// | last modifier : $Author$ +// | revision : $Revision$ +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +// Next evolution... +// Out of parameter WS management +// The remainer objective is to check +// - Does Web Service working properly? +// - Does any access return something really? +// Give a way to check to the webmaster... +// These questions are one of module name explainations (checker). + +if((!defined("PHPWG_ROOT_PATH")) or (!$conf['allow_web_services'])) +{ + die('Hacking attempt!'); +} +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); + + +// accepted queries +$req_type_list = official_req(); + +//--------------------------------------------------------- update informations + +// Is a new access required? + +if (isset($_POST['wsa_submit'])) +{ +// Check $_post (Some values are commented - maybe a future use) +$add_partner = htmlspecialchars( $_POST['add_partner'], ENT_QUOTES); +$add_access = check_target( $_POST['add_access']) ; +$add_start = 0; // ( is_numeric($_POST['add_start']) ) ? $_POST['add_start']:0; +$add_end = ( is_numeric($_POST['add_end']) ) ? $_POST['add_end']:0; +$add_request = ( ctype_alpha($_POST['add_request']) ) ? + $_POST['add_request']:''; +$add_high = 'true'; // ( $_POST['add_high'] == 'true' ) ? 'true':'false'; +$add_normal = 'true'; // ( $_POST['add_normal'] == 'true' ) ? 'true':'false'; +$add_limit = ( is_numeric($_POST['add_limit']) ) ? $_POST['add_limit']:1; +$add_comment = htmlspecialchars( $_POST['add_comment'], ENT_QUOTES); +if ( strlen($add_partner) < 8 ) +{ +} + $query = ' +INSERT INTO '.WEB_SERVICES_ACCESS_TABLE.' +( `name` , `access` , `start` , `end` , `request` , + `high` , `normal` , `limit` , `comment` ) +VALUES (' . " + '$add_partner', '$add_access', + ADDDATE( NOW(), INTERVAL $add_start DAY), + ADDDATE( NOW(), INTERVAL $add_end DAY), + '$add_request', '$add_high', '$add_normal', '$add_limit', '$add_comment' );"; + + pwg_query($query); + + $template->assign_block_vars( + 'update_result', + array( + 'UPD_ELEMENT'=> $lang['ws_adding_legend'].$lang['ws_success_upd'], + ) + ); +} + +// Next, Update selected access +if (isset($_POST['wsu_submit'])) +{ + $upd_end = ( is_numeric($_POST['upd_end']) ) ? $_POST['upd_end']:0; + $settxt = ' end = ADDDATE(NOW(), INTERVAL '. $upd_end .' DAY)'; + + if ((isset($_POST['selection'])) and (trim($settxt) != '')) + { + $uid = (int) $_POST['selection']; + $query = ' + UPDATE '.WEB_SERVICES_ACCESS_TABLE.' + SET '.$settxt.' + WHERE id = '.$uid.'; '; + pwg_query($query); + $template->assign_block_vars( + 'update_result', + array( + 'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_success_upd'], + ) + ); + } else { + $template->assign_block_vars( + 'update_result', + array( + 'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_failed_upd'], + ) + ); + } +} +// Next, Delete selected access + +if (isset($_POST['wsX_submit'])) +{ + if ((isset($_POST['delete_confirmation'])) + and (isset($_POST['selection']))) + { + $uid = (int) $_POST['selection']; + $query = 'DELETE FROM '.WEB_SERVICES_ACCESS_TABLE.' + WHERE id = '.$uid.'; '; + pwg_query($query); + $template->assign_block_vars( + 'update_result', + array( + 'UPD_ELEMENT'=> $lang['ws_delete_legend'].$lang['ws_success_upd'], + ) + ); + } else { + $template->assign_block_vars( + 'update_result', + array( + 'UPD_ELEMENT'=> $lang['Not selected / Not confirmed'] + .$lang['ws_failed_upd'], + ) + ); + } +} + + + +$template->assign_vars( + array( + 'DEFLT_HIGH_YES' => '', + 'DEFLT_HIGH_NO' => 'checked', + 'DEFLT_NORMAL_YES' => '', + 'DEFLT_NORMAL_NO' => 'checked', + 'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=web_service', + ) + ); + +// Build where +$where = ''; +$order = ' ORDER BY `id` DESC' ; + +$query = ' +SELECT * + FROM '.WEB_SERVICES_ACCESS_TABLE.' +WHERE 1=1 ' +.$where. +' ' +.$order. +';'; +$result = pwg_query($query); +$acc_list = mysql_num_rows($result); +$result = pwg_query($query); +// +-----------------------------------------------------------------------+ +// | template init | +// +-----------------------------------------------------------------------+ + +$template->set_filenames( + array( + 'ws_checker' => 'admin/ws_checker.tpl' + ) + ); + +$selected = 'selected="selected"'; +$num=0; +if ( $acc_list > 0 ) +{ + $template->assign_block_vars( + 'acc_list', array() ); +} + +// Access List +while ($row = mysql_fetch_array($result)) +{ + $num++; + $template->assign_block_vars( + 'acc_list.access', + array( + 'CLASS' => ($num % 2 == 1) ? 'row1' : 'row2', + 'ID' => $row['id'], + 'NAME' => + (is_adviser()) ? '*********' : $row['name'], + 'ACCESS' => $row['access'], + 'START' => $row['start'], + 'END' => $row['end'], + 'FORCE' => $row['request'], + 'HIGH' => $row['high'], + 'NORMAL' => $row['normal'], + 'LIMIT' => $row['limit'], + 'COMMENT' => $row['comment'], + 'SELECTED' => '', + ) + ); +} + +$template->assign_block_vars( + 'add_request', + array( + 'VALUE'=> '', + 'CONTENT' => '', + 'SELECTED' => $selected, + ) +); +foreach ($req_type_list as $value) { + + $template->assign_block_vars( + 'add_request', + array( + 'VALUE'=> $value, + 'CONTENT' => $lang['ws_'.$value], + 'SELECTED' => '', + ) + ); +} + +foreach ($conf['ws_allowed_limit'] as $value) { + $template->assign_block_vars( + 'add_limit', + array( + 'VALUE'=> $value, + 'CONTENT' => $value, + 'SELECTED' => ($conf['ws_allowed_limit'][0] == $value) ? $selected:'', + ) + ); +} + +// Postponed Start Date +// By default 0, 1, 2, 3, 5, 7, 14 or 30 days +foreach ($conf['ws_postponed_start'] as $value) { + $template->assign_block_vars( + 'add_start', + array( + 'VALUE'=> $value, + 'CONTENT' => $value, + 'SELECTED' => ($conf['ws_postponed_start'][0] == $value) ? $selected:'', + ) + ); +} + +// Durations (Allowed Web Services Period) +// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) or 15, 10, 7, 5, 1, 0 day(s) +foreach ($conf['ws_durations'] as $value) { + $template->assign_block_vars( + 'add_end', + array( + 'VALUE'=> $value, + 'CONTENT' => $value, + 'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'', + ) + ); + if ( $acc_list > 0 ) + { + $template->assign_block_vars( + 'acc_list.upd_end', + array( + 'VALUE'=> $value, + 'CONTENT' => $value, + 'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'', + ) + ); + } +} + +//----------------------------------------------------------- sending html code + +$template->assign_var_from_handle('ADMIN_CONTENT', 'ws_checker'); +?> diff --git a/language/en_UK.iso-8859-1/admin.lang.php b/language/en_UK.iso-8859-1/admin.lang.php index 8825f1a2f..cfef25076 100644 --- a/language/en_UK.iso-8859-1/admin.lang.php +++ b/language/en_UK.iso-8859-1/admin.lang.php @@ -499,7 +499,6 @@ $lang['Elements_not_linked'] = 'Not linked elements'; $lang['web_services'] = 'Web services '; $lang['title_wscheck'] = ' Access management '; $lang['ws_set_status'] = ' Environment '; -$lang['ws_status'] = ' Status '; $lang['ws_enable'] = ' Enable '; $lang['ws_disable'] = ' Disable '; $lang['ws set to'] = ' Environment temporary set '; diff --git a/language/fr_FR.iso-8859-1/admin.lang.php b/language/fr_FR.iso-8859-1/admin.lang.php index 8d5bc1072..6cac43b70 100644 --- a/language/fr_FR.iso-8859-1/admin.lang.php +++ b/language/fr_FR.iso-8859-1/admin.lang.php @@ -498,7 +498,6 @@ $lang['Elements_not_linked'] = 'Eléments non liés'; $lang['web_services'] = 'Services Web '; $lang['title_wscheck'] = ' Gestion des accès '; $lang['ws_set_status'] = ' Environnement '; -$lang['ws_status'] = ' Statut '; $lang['ws_enable'] = ' Actif '; $lang['ws_disable'] = ' Inactif '; $lang['ws set to'] = ' Modifier temporairement l\'environnement en '; diff --git a/template/yoga/admin/ws_checker.tpl b/template/yoga/admin/ws_checker.tpl index 8bc336d85..e3b187622 100644 --- a/template/yoga/admin/ws_checker.tpl +++ b/template/yoga/admin/ws_checker.tpl @@ -13,37 +13,6 @@ </ul>
<!-- END update_result -->
-
-<!-- Set Web Services : Open/Disable -->
-<form method="post" name="ws_status" action="{F_STATUS_ACTION}">
- <!-- Current status -->
- <fieldset>
- <legend>{lang:ws_set_status} : <strong>{L_CURRENT_STATUS}</strong></legend>
- <table>
- <tr>
- <td width="70%">
- {lang:ws set to}
- <label><input type="radio" name="ws_status" value="true"
- {STATUS_YES} /> {lang:ws_enable}
- </label>
- <label><input type="radio" name="ws_status" value="false"
- {STATUS_NO} /> {lang:ws_disable}
- </label>
- </td>
- <td width="4%">
-
- </td>
- <td>
- <input type="submit" value="{lang:submit}"
- style="width: 10em; padding-top: 3px;"
- name="wss_submit" {TAG_INPUT_ENABLED} />
- </td>
- </tr>
- </table>
- </fieldset>
-</form>
-
-
<!-- Add Access -->
<form method="post" name="adding_access" action="{F_STATUS_ACTION}">
<!-- Current Default -->
@@ -114,6 +83,7 @@ </tr>
<!-- Open service is postponed by n days -->
+ <!-- In comment currently
<tr>
<td>
<label for="add_start">{lang:Postponed availability in days}</label>
@@ -129,7 +99,7 @@ <!-- END add_start -->
</select>
</td>
- </tr>
+ </tr> -->
<!-- Opened service only for n days -->
<tr>
@@ -150,6 +120,7 @@ </tr>
<!-- High resolution information will be returned -->
+ <!-- In comment currently
<tr>
<td>
<label for="add_High">{lang:ws_High}</label>
@@ -165,9 +136,10 @@ value="false" {DEFLT_HIGH_NO} /> {lang:no}
</label>
</td>
- </tr>
+ </tr> -->
<!-- Normal size information will be returned -->
+ <!-- In comment currently
<tr>
<td>
<label for="add_Normal">{lang:ws_Normal}</label>
@@ -183,7 +155,7 @@ value="false" {DEFLT_NORMAL_NO} /> {lang:no}
</label>
</td>
- </tr>
+ </tr> -->
<!-- Idendify your partner (name / website / phone) as you want -->
<tr>
@@ -228,11 +200,11 @@ <th> </th>
<th>{lang:ws_KeyName}</th>
<th>{lang:ws_Access}</th>
- <th>{lang:ws_Start}</th>
+ <!-- <th>{lang:ws_Start}</th> -->
<th>{lang:ws_End}</th>
<th>{lang:ws_Request}</th>
- <th>{lang:ws_High}</th>
- <th>{lang:ws_Normal}</th>
+ <!-- <th>{lang:ws_High}</th> -->
+ <!-- <th>{lang:ws_Normal}</th> -->
<th>{lang:ws_Limit}</th>
<th>{lang:ws_Comment}</th>
</tr>
@@ -244,11 +216,11 @@ </td>
<td><label for="selection-{acc_list.access.ID}">{acc_list.access.NAME}</label></td>
<td>{acc_list.access.ACCESS}</td>
- <td>{acc_list.access.START}</td>
+ <!-- <td>{acc_list.access.START}</td> -->
<td>{acc_list.access.END}</td>
<td>{acc_list.access.FORCE}</td>
- <td>{acc_list.access.HIGH}</td>
- <td>{acc_list.access.NORMAL}</td>
+ <!-- <td>{acc_list.access.HIGH}</td> -->
+ <!-- <td>{acc_list.access.NORMAL}</td> -->
<td>{acc_list.access.LIMIT}</td>
<td>{acc_list.access.COMMENT}</td>
</tr>
diff --git a/web_service.php b/web_service.php deleted file mode 100644 index f4568e2a1..000000000 --- a/web_service.php +++ /dev/null @@ -1,641 +0,0 @@ -<?php
-// +-----------------------------------------------------------------------+
-// | PhpWebGallery - a PHP based picture gallery |
-// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
-// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
-// +-----------------------------------------------------------------------+
-// | branch : BSF (Best So Far)
-// | file : $RCSfile$
-// | last update : $Date: 2006-12-15 23:16:37 +0200 (ven., 15 dec. 2006) $
-// | last modifier : $Author: vdigital $
-// | revision : $Revision: 1658 $
-// +-----------------------------------------------------------------------+
-// | This program is free software; you can redistribute it and/or modify |
-// | it under the terms of the GNU General Public License as published by |
-// | the Free Software Foundation |
-// | |
-// | This program is distributed in the hope that it will be useful, but |
-// | WITHOUT ANY WARRANTY; without even the implied warranty of |
-// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
-// | General Public License for more details. |
-// | |
-// | You should have received a copy of the GNU General Public License |
-// | along with this program; if not, write to the Free Software |
-// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
-// | USA. |
-// +-----------------------------------------------------------------------+
-define('PHPWG_ROOT_PATH','./');
-include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
-
-if ( !$conf['allow_web_services'] )
-{
- die('Hacking attempt!');
-}
-
-// Full call syntax sample:
-//-----------------------------------------------------------------------------
-// web_service.php?key=123456789012
-// &pos=5&acc=cat/23,25-32&req=landscape&lim=5&tpl=myxml
-
-// &pos=is position defined by caller to substring, see key below, (default 0)
-// key=substr(md5(partner_id),&pos,12)
-// &acc=cat/23,25-35 or list/1-125,136,141-162 or tag/27,45,54-55
-// (the specified access list will be respected
-// ONLY if access is not specified in web_services access table)
-// req=any request (except if limited to a specific one in ws access table)
-// lim=number (returned picture count and limited it self by ws access table)
-
-// the tpl file must exist in ./template/"default template"/xml/
-// tpl=myxml (xml/myxml.tpl will be used, by default: xml/default.tpl)
-
-// All are facultative EXCEPT key
-//
-
-// Check call process (Keyed call)
-//
-
-if (!isset($_GET['key']))
-{
- die('Hacking attempt!');
-}
-if ( strlen($_GET['key']) < 12 )
-{
- die('Invalid key (Length issue)!');
-}
-
-// Is service active (Temporary it could be inactive / Online parameter)
-//
-$query = '
-SELECT value FROM '.CONFIG_TABLE.'
-WHERE param = \'ws_status\'
-;';
-$active = mysql_fetch_array(pwg_query($query));
-if ( $active['value']=='false' )
-{
- die('Web service is temporary inactive');
-}
-
-// Look for partner_key
-//
-$key = $_GET['key'];
-$key = ( strlen($key) > 20 ) ? substr($key,0,20) : $key;
-$len = strlen($key);
-$hash = 0;
-if (isset($_GET['pos']))
-{
- $hash = (!is_numeric($_GET['pos'])) ? 0 : $_GET['pos'];
- $hash = (int) $hash;
- $hash = $hash % 12;
-}
-$query = '
-SELECT `id`, `name`, `access`, `start`, `end`, `request`,
- `high`, `normal`, `limit`, `comment`
- FROM '.WEB_SERVICES_ACCESS_TABLE.'
-;';
-
-$result = pwg_query($query);
-
-while ($row = mysql_fetch_array($result))
-{
- if ( substr( md5($row['name']),$hash,$len) == $key )
- {
- $len = 0;
- $def = $row;
- continue;
- }
-}
-if ( $len > 0 )
-{
- die('Invalid key!');
-}
-
-// $def = Web service already defined partner access
-
-//
-// Now, the partner will get a reply in time
-//
-$stat_id = 'Web Service';
-if (isset($_SERVER["HTTP_REFERER"]) and
- !eregi($_SERVER["HTTP_HOST"],$_SERVER["HTTP_REFERER"]))
-{
- $stats_id = substr($_SERVER["HTTP_REFERER"],7);
- $pos = strpos($stats_id,'/');
- $stats_id = ( $pos>0 ) ? substr($stats_id,0,$pos) : $stats_id;
-}
-
-// Check keywords
-// Key and pos are correct
-// &acc=cat/23,25-32&req=landscape&lim=5&tpl=myxml
-
-// Requested id list and authorized id list
-// Both may empty
-// Both can be build on differents basis cat/tag/list
-// Both have to be convert in id list format
-$req_access ='';
-if (isset($_GET['pos']))
-{
- $req_access = check_target($_GET['acc']);
-}
-// on one hand $req_access, requested ids
-$req_type = explode('/',$req_access);
-$req_ids = explode( ',',$req_type[1] );
-$req_list = expand_id_list( $req_ids );
-if ($req_type[0]=='cat')
-{
- $req_list = convert_catlist($req_list);
-}
-if ($req_type[0]=='tag')
-{
- $req_list = get_image_ids_for_tags($req_list);
-}
-// echo $def['name'].'<br />';
-// on the other hand $def['access'], authorized default ids
-$def_type = explode('/',$def['access']);
-$def_ids = explode( ',',$def_type[1] );
-$def_list = expand_id_list( $def_ids );
-if ($def_type[0]=='cat')
-{
- $def_list = convert_catlist($def_list);
-}
-if ($def_type[0]=='tag')
-{
- $def_list = get_image_ids_for_tags($def_list);
-}
-
-// could be no necessary, a surplus but we are obliged to
-// Filter on forbidden_categories (default can have change from creation time)
-$list = implode(',',$def_list);
-
-$ret_ids = array();
-$query = '
-SELECT DISTINCT image_id
- FROM '.IMAGE_CATEGORY_TABLE.'
-WHERE
-'.get_sql_condition_FandF
- (
- array
- (
- 'forbidden_categories' => 'category_id',
- 'visible_categories' => 'category_id',
- 'visible_images' => 'image_id'
- ),
- '', true
- ).'
- AND image_id IN ('.$list.')
-;';
-$result = pwg_query($query);
-while ($row = mysql_fetch_array($result))
-{
- $ret_ids[] = $row['image_id'];
-}
-$def_ids = $ret_ids;
-
-// Notice: Filtering on forbidden_categories (from requested id list)
-// is completely superfluous (see few lines below).
-$req_ids = $req_list;
-
-// if no requested ids then is the complete default
-if (count($req_ids)==0)
-{
- $req_ids = $def_ids;
-}
-
-// Removing requested ids not in authorized access list
-// if requested ids they must be in the complete default and only those
-// will be assumed. (Including forbidden... )
-$final = array();
-foreach ( $req_ids as $req_id )
-{
- if ( in_array($req_id, $def_ids) )
- {
- $final[] = $req_id;
- }
-}
-
-$final = array_unique ($final);
-sort ($final);
-
-// 77f1180bd215a0edf66939
-// web_service.php?key=77f1180bd215&pos=3&acc=list/41,73,142,178,190,204,235-238&req=recent&lim=1&tpl=myxml
-
-$request = (isset($_GET['req']))? $_GET['req']:$def['request'];
-// if type of request is different from the authorized type then force it
-if ( $def['request'] !== '' and $request !== $def['request'] )
-
-{
- $request = $def['request'];
-}
-// if it is not an official request then force it
-// (remark that default request can no longer exist
-// (later an Upgrade, or a remove) so...
-$official = official_req();
-if ( !in_array($request, $official ) )
-{
- $request = $official[0]; // default request is the first one
-}
-// limit belong default (remember $def['limit'] is always set)
-$limit = (isset($_GET['limit']))? $_GET['limit']:$def['limit'];
-$limit = (is_numeric($limit))? $limit:$def['limit'];
-$limit = ( $limit < $def['limit'] ) ? $limit:$def['limit'];
-
-// XML template
-$tplfile = (isset($_GET['tpl']))? $_GET['tpl']:'default';
-// FIXME additional controls are maybe needed on $tplfile
-
-
-trigger_action('loc_begin_'.$request);
-$template->set_filenames(array( $tplfile => 'XML/'. $tplfile .'.tpl'));
-
-// Generate the request
-include(PHPWG_ROOT_PATH. 'services/' .$request. '.php');
-
-
-// +-----------------------------------------------------------------------+
-// | XML/xhtml code display |
-// +-----------------------------------------------------------------------+
-header('Content-Type: text/xml; charset=UTF-8');
-//header('Content-Type: text/html; charset='.$lang_info['charset']);
-$template->parse($tplfile);
-
-// echo '<strong>Trace temporaire<strong><br />';
-// echo '$final:<br />' . var_dump($final);
-//
-die('');
-// FIXME// FIXME// FIXME// FIXME// FIXME// FIXME// FIXME// FIXME
-
-//------------------------------------------------------------ log informations
-pwg_log($request, $stats_id, $tplfile); // or something like that
-
-
-
-
-
-
-// Check requested XML template
-//
-
-// Generate query
-//
-
-// Generate XML
-//
-
-// Log it
-//
-
-
-
-// Old code below
-
-//------------ Main security strategy ---------------------
-$partner_id = 'default';
-// Security considerations: HTTP_REFERER and FOPEN
-// 1 - FOPEN doesn't update current HTTP_REFERER
-// 2 - HTTP_REFERER may be hidden/altered for lot of reasons.
-// 3 - By this process, you can log HTTP_REFERER of your partner (not yours).
-// 4 - Logging HTTP_REFERER needs declarative procedures in some countries.
-// 5 - Following those links can be considered as risky.
-// 6 - You can turn off, referer logging by $conf['ws-refback'] = false;
-// 7 - In the other hand, your partner may give his key to another web site.
-// Above all, this information is just an indication.
-// $conf['ws-refback'] : Default value is false.
-
-if (isset($_SERVER["HTTP_REFERER"]) and
- !eregi($_SERVER["HTTP_HOST"],$_SERVER["HTTP_REFERER"]))
-{
- $partner_id = substr($_SERVER["HTTP_REFERER"],7);
- $pos = strpos($partner_id,'/');
- $partner_id = ( $pos>0 ) ? substr($partner_id,0,$pos) : $partner_id;
-}
-// $partner_id = Is used to check prohibited REFER site (but not only)
-// example: www.prohibited-access.be
-
-if ( isset($conf['ws-refback']) and $conf['ws-refback'])
-{
- $log_id = $partner_id;
-}
-else
-{
- $log_id = ''; // Would be set in time by process end
-}
-// $log_id = History log information
-// examples: forum.phpwebgallery.net
-// phpwebgallery.net
-// demo.phpwebgallery.net
-
-//
-$partner_id = strtolower($partner_id);
-// Prohibited REFER: $partner_id is compared (strtolower).
-//
-//----------------------------- Is a prohibited refer?
-if ( $partner_id !== 'default' )
-{
- // Is Referer a prohibited site?
- // Compare requestor site to web service key table
- // Found and limit = 0 => die
- foreach ( $conf['ws_keys'] as $key => $vkey )
- {
- if ( strtolower($vkey['id']) == $partner_id and $vkey['limit'] == 0 )
- {
- pwg_log( 'WS Prohibited', 'Req.:'.$type, 'From: ws_keys['.$key.']' );
- die($lang['access_forbiden']);
- }
- }
-}
-//----------------------------- Which access he will use?
-$access = check_ws_access( $conf['ws_keys'] );
-// given key arg is compared asis (Take care of upper/lower case).
-
-parse_str($access['force'], $force);
-// $force contains all forced arguments
-// get requested arguments and apply limits
-$force['limit'] = ( isset($access['limit']) ) ? $access['limit'] :
- $conf['ws_limit'] ;
-$arg = force_arg_ws_limit( $force, $conf['ws_limit'] );
-// $arg contains all retain query arguments
-
-// Warning about $arg !!! Warning !!! Warning !!! Warning !!! Warning !!!
-// specially to MOD developpers :
-// FOR SECURITY REASON NEVER USE extract() AGAINST $arg
-// ( $arg is like $_GET )
-
-if ( is_numeric(isset($arg['cat'])) )
-{
- $arg['cat']=floor($arg['cat']);
-}
-else
-{
- unset($arg['cat']);
-}
-// AND category_id is concatenated if requested or forced
-$cat_criterion = '';
-if ( isset($arg['cat']) and ($arg['cat']) > 0 )
-{
- $cat_criterion = ' AND ic.`category_id` ='.$arg['cat'].' ';
-}
-//-------------------------------------------- SQL Query statement building
-// Has to be tested against a LARGE configuration
-// for performance consideration
-// and maybe rewrite in some cases.
-
-// All below has to be check to respect code writing rule convention
-
-
-
-$query='
- SELECT DISTINCT (i.`id`),
- i.`path` , i.`file` , i.`date_available` ,
- i.`date_creation`, i.`tn_ext` , i.`name` ,
- i.`filesize` , i.`storage_category_id` , i.`average_rate`,
- i.`comment` , i.`author` , i.`hit` ,i.`width` ,
- i.`height`
- FROM `'.IMAGES_TABLE.'` AS i
- INNER JOIN `'.IMAGE_CATEGORY_TABLE.'`
- AS ic ON i.`id` = ic.`image_id`
- INNER JOIN `'.CATEGORIES_TABLE.'`
- AS c ON c.`id` = ic.`category_id`
- WHERE c.`status` = \'public\'
- AND i.`width` > 0
- AND i.`height` > 0
- AND i.`representative_ext` IS NULL
- '.$cat_criterion.'
- '.get_sql_condition_FandF
- (
- array
- (
- 'forbidden_categories' => 'c.id',
- 'visible_categories' => 'c.id',
- 'visible_images' => 'i.id'
- ),
- 'AND'
- );
-
-// AND c.`agreed_ws` = \'true\' (Obsolete specification replaced by force)
-
-$list = ( isset($arg['list']) ) ? $arg['list'] : '';
-$type = $arg['type'];
-switch($type)
-{
- case ($type === 'random' or $type === 'listcat'): /* Random order */
- $query .= ' ORDER BY RAND() DESC ';
- break;
- case ($type === 'list'): /* list on MBt & z0rglub request */
- $query .= ' AND i.`id` IN ('.$list.') ';
- break;
- case $type === 'maxviewed': /* hit > 0 and hit desc order */
- $query .= ' AND i.`hit` > 0
- ORDER BY i.`hit` DESC, RAND() DESC ';
- break;
- case $type === 'recent': /* recent = Date_available desc order */
- $query .= ' ORDER BY i.`date_available` DESC, RAND() DESC ';
- break;
- case $type === 'highrated': /* avg_rate > 0 and desc order */
-// French Joke : Cette requete s'appelle officieusement l' "ail_gratte"
- $query .= ' AND i.`average_rate` > 0
- ORDER BY i.`average_rate` DESC, RAND() DESC ';
- break;
- case $type === 'oldest': /* Date_available asc order */
- $query .= ' ORDER BY i.`date_available` ASC, RAND() DESC ';
- break;
- case $type === 'lessviewed': /* hit asc order */
-// French Joke : Cette requete s'appelle officieusement la "lessive"
- $query .= ' ORDER BY i.`hit` ASC, RAND() DESC ';
- break;
- case $type === 'lowrated': /* avg_rate asc order */
- $query .= ' AND i.`average_rate` IS NOT NULL
- ORDER BY i.`average_rate` ASC, RAND() DESC ';
- break;
- case $type === 'undescribed': /* description missing */
-// US/UK Joke : This request is unofficially named 'indiscribable' horror
- $query .= ' AND i.`comment` IS NULL
- ORDER BY RAND() DESC ';
- break;
- case $type === 'unnamed': /* new name missing */
- $query .= ' AND i.`comment` IS NULL
- ORDER BY RAND() DESC ';
- break;
- case $type === 'portraits': /* width < height (portrait oriented) */
- $query .= ' AND `width` < (`height` * 0.95)
- ORDER BY RAND() DESC ';
- break;
- case $type === 'landscapes': /* width > height (landscape oriented) */
- $query .= ' AND `width` > (`height` * 1.05)
- ORDER BY RAND() DESC ';
- break;
- case $type === 'squares': /* width ~ height (square form) */
- $query .= ' AND `width` BETWEEN (`height` * 0.95)
- AND (`height` * 1.05)
- ORDER BY RAND() DESC ';
- break;
- default: /* Just say: Goodbye !!! */
- die($lang['access_forbiden']);
-} /* End switch */
-$query .= ' LIMIT 0 , '.$arg['limit'].';';
-$result = pwg_query( $query );
-$attributes = array( 'width', 'height', 'author', 'date_creation',
- 'date_available', 'hit', 'filesize');
-$xml = '<items> ';
-$hr_nbr = 0; $ns_nbr = 0; $tn_nbr = 0;
-if ( $log_id == '')
-{
- foreach ( $conf['ws_keys'] as $key => $vkey )
- {
- if ( $vkey['id'] == $access['id'] )
- {
- $log_id = 'R:#'.$key;
- break;
- }
- }
-}
-while ( $row = mysql_fetch_array( $result ) )
-{
- $tn_nbr++;
- $item = '<item ';
- $path = strtolower(strtok($_SERVER['SERVER_PROTOCOL'],
- '/')).'://'.$_SERVER['HTTP_HOST'].substr($_SERVER['PHP_SELF'],0,-16).
- substr($row['path'],1);
- if ( isset($access['pwg_n']) and $access['pwg_n'] )
- {
- $ns_nbr++;
- $item .= ' src="'.$path.'"';
- }
- else
- {
- unset($attributes['width']);
- unset($attributes['height']);
- unset($attributes['filesize']);
- }
- foreach ( $attributes as $attribute )
- {
- if ( isset($row{$attribute}) )
- {
- $item.= ' '.$attribute.'="'.$row{$attribute}.'"';
- }
- }
- if ( isset($row['comment']) )
- {
- $item .= ' description="'.$row['comment'].'"';
- }
- $tnsrc = get_thumbnail_src( $path, $row['tn_ext'] );
- $item .= ' tnsrc="'.$tnsrc.'"';
- $tnsize = @getimagesize($tnsrc);
- $item .= ' tnwidth="'.$tnsize[0].'"';
- $item .= ' tnheight="'.$tnsize[1].'"';
- if ( isset($access['pwg_h']) and $access['pwg_h'] )
- {
- $high = dirname( $path ).'/pwg_high/'.$row['file'];
- $hrsize = @getimagesize($high);
- if ( $hrsize[0] > 0 )
- {
- $hr_nbr++;
- $item .= ' hrsrc="'.$high.'"';
- $item .= ' hrwidth="'.$hrsize[0].'"';
- $item .= ' hrheight="'.$hrsize[1].'"';
- }
- }
- $xml .= $item.' />';
- //-------------------------------------- picture ----- log informations
-// request_type ( R:#id_requester ), real_category_id [ request_number ], image_file_name );
- pwg_log( $type.'('.$log_id.')', $row['storage_category_id'].'['.$tn_nbr.']', $row['file'] );
-}
-$xml .= ' </items>';
-echo $xml; // Send XML
-//---------------------------------------- service ----- log informations
-$size = 'tn('.$tn_nbr.')'; // thumbnails
-if ( $ns_nbr > 0 )
-{
- $size = '('.$ns_nbr.')'; // pictures
-}
-if ( $hr_nbr > 0 )
-{
- $size = 'HR('.$hr_nbr.'/'.$tn_nbr.')'; // high res.
-}
-
-//pwg_log( 'Web service', 'Req.:'.$type, 'From:'.$log_id );
-
-
-
-
-
-
- /*-- Web Service function
- Which access is correct for this resquest?
- Compare requestor key to web service key table
- If 'defined' => use that one
- If not => use default access
- If no 'defined' default => exit
- 'defined' : Obviously check period and not only defined access
-
- Return corresponding access (= an entry from web service key table)
- --*/
-function check_ws_access( $ws_keys )
-{
- $partnr = ( isset($_GET['key']) ) ? $_GET['key'] : 'default';
-
- foreach ( $ws_keys as $key => $access )
- {
- if ( $access['id'] == $partnr )
- {
- break;
- }
- }
- if ( $access['id'] !== $partnr ) // Not found? =default.
- {
- $access = $ws_keys[0];
- if ( $access['id'] !== 'default' ) // Check if it's really default
- { // definition
- die($lang['access_forbiden']); // No default access
- }
- }
- // Checking Dates...
- // Take care of that: my partner can be out of dates
- // but via default... Answer is NO.
- // With out of date period, a partner can be seen as prohibited partner
- // if you want to authorise him/her change $conf['ws_keys']
-
- // Tests are done with server local time...
- if (isset($access['end']) and date('Y-m-d H:i:s')>$access['end'])
- { //-- Access ended?
- die($lang['access_forbiden']); //-- BTW prohibited
- }
- if (isset($access['start']) and date('Y-m-d H:i:s')<$access['start'])
- { //-- Access started?
- die($lang['access_forbiden']);
- }
- return $access;
-}
-
- /*-- Web Sevice function
- Force global arguments to ensure access restriction
- ( access defined in web service key table )
- Considering the default limit as well and prohibited site case
-
- Return overided request ( overided $_GET )
- --*/
-function force_arg_ws_limit( $use, $default )
-{
- if ( $use['limit'] < 1 )
- { //-- Access deny
- die($lang['access_forbiden']);
- }
- $arg = $_GET; // what is required?
- if (!isset($arg['limit']))
- {
- $arg['limit']=$use['limit'];
- }
- if (!is_numeric($arg['limit']))
- {
- $arg['limit']=$use['limit'];
- }
- // ----------- use force arg if they are some
- foreach ( $use as $kuse => $vuse )
- {
- if ( $kuse !== 'limit' )
- {
- $arg[$kuse] = $vuse;
- }
- }
- $arg['limit'] = floor(min($arg['limit'], $use['limit']));
- return $arg;
-}
-?>
|