diff options
| -rw-r--r-- | admin.php | 4 | ||||
| -rw-r--r-- | admin/include/functions_upgrade.php | 5 | ||||
| -rw-r--r-- | admin/template/yoga/admin.tpl | 3 | ||||
| -rw-r--r-- | admin/template/yoga/admin/ws_checker.tpl | 215 | ||||
| -rw-r--r-- | admin/template/yoga/theme/admin/themeconf.inc.php | 1 | ||||
| -rw-r--r-- | admin/ws_checker.php | 334 | ||||
| -rw-r--r-- | include/config_default.inc.php | 18 | ||||
| -rw-r--r-- | include/constants.php | 2 | ||||
| -rw-r--r-- | include/ws_functions.inc.php | 156 | ||||
| -rw-r--r-- | install/db/75-database.php | 46 | ||||
| -rw-r--r-- | install/upgrade_1.6.2.php | 3 | ||||
| -rw-r--r-- | language/en_UK/admin.lang.php | 30 | ||||
| -rw-r--r-- | language/es_ES/admin.lang.php | 35 | ||||
| -rw-r--r-- | language/fr_FR/admin.lang.php | 30 | ||||
| -rw-r--r-- | language/it_IT/admin.lang.php | 30 | ||||
| -rw-r--r-- | language/nl_NL/admin.lang.php | 35 | ||||
| -rw-r--r-- | ws.php | 7 |
17 files changed, 53 insertions, 901 deletions
@@ -96,10 +96,6 @@ $template->assign( 'U_ADMIN'=> PHPWG_ROOT_PATH.'admin.php' ) ); -if ($conf['ws_access_control']) // Do we need to display ws_checker -{ - $template->assign('U_WS_CHECKER', $link_start.'ws_checker' ); -} //---------------------------------------------------------------- plugin menus $plugin_menu_links = trigger_event('get_admin_plugin_menu_links', array() ); diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php index 7e9a93aef..06bba375a 100644 --- a/admin/include/functions_upgrade.php +++ b/admin/include/functions_upgrade.php @@ -71,14 +71,13 @@ function prepare_conf_upgrade() define('TAGS_TABLE', $prefixeTable.'tags'); define('IMAGE_TAG_TABLE', $prefixeTable.'image_tag'); define('PLUGINS_TABLE', $prefixeTable.'plugins'); - define('WEB_SERVICES_ACCESS_TABLE', $prefixeTable.'ws_access'); define('OLD_PERMALINKS_TABLE', $prefixeTable.'old_permalinks'); } // Create empty local files to avoid log errors -function create_empty_local_files() +function create_empty_local_files() { - $files = + $files = array ( PHPWG_ROOT_PATH . 'template-common/local-layout.css', PHPWG_ROOT_PATH . 'template/yoga/local-layout.css' diff --git a/admin/template/yoga/admin.tpl b/admin/template/yoga/admin.tpl index 7aae91c39..7aba18541 100644 --- a/admin/template/yoga/admin.tpl +++ b/admin/template/yoga/admin.tpl @@ -84,9 +84,6 @@ jQuery().ready(function(){ldelim} <li><a href="{$U_HISTORY_STAT}">{'History'|@translate}</a></li> <li><a href="{$U_MAINTENANCE}">{'Maintenance'|@translate}</a></li> <li><a href="{$U_ADVANCED_FEATURE}">{'Advanced_features'|@translate}</a></li> - {if isset($U_WS_CHECKER) } - <li><a href="{$U_WS_CHECKER}">{'web_services'|@translate}</a></li> - {/if} <li> {'Plugins'|@translate} <ul {* TODO conditional class="scroll" *}> diff --git a/admin/template/yoga/admin/ws_checker.tpl b/admin/template/yoga/admin/ws_checker.tpl deleted file mode 100644 index 51782da15..000000000 --- a/admin/template/yoga/admin/ws_checker.tpl +++ /dev/null @@ -1,215 +0,0 @@ -{* $Id$ *} - -<div class="titrePage"> - <h2>{'title_wscheck'|@translate} - {'web_services'|@translate}</h2> -</div> - -{if !empty($update_results)} -<ul> - {foreach from=$update_results item=result} - <li>$result</li> - {/foreach} -</ul> -{/if} - -{* Add Access *} -<form method="post" name="adding_access" action="{$F_STATUS_ACTION}"> - <!-- Current Default --> - <fieldset> - <legend>{'ws_adding_legend'|@translate}</legend> - <table> - {* Access key *} - <tr> - <td> - <label for="KeyName">{'Confidential partner key'|@translate} </label> - </td> - <td> - <input type="text" maxlength="35" size="35" name="add_partner" - id="add_partner" value="{$F_ADD_PARTNER}" - title="{'Basis of access key calculation'|@translate}" /> - </td> - </tr> - - {* Target (cat/ids, tag/ids, or list/ids ids=id,id-id,...) *} - <tr> - <td> - <label for="Access">{'Target'|@translate}</label> - </td> - <td> - <input type="text" maxlength="128" size="35" name="add_target" - id="add_target" value="{$F_ADD_ACCESS}" - title="{'Facultative and restrictive option'|@translate}" /> - <i><small> ({'Access: see help text for more'|@translate}) - </small></i> - </td> - </tr> - - {* Restricted access to specific request *} - <tr> - <td> - <label for="add_request">{'Restrict access to'|@translate}</label> - </td> - <td> - <select name="add_request" id="add_request" style="width: 18em" - onfocus="this.className='focus';" - onblur="this.className='nofocus';"> - <option value=""></option> - {html_options values=$add_requests output=$add_requests} - </select> - <i><small> ({'ws_Methods'|@translate})</small></i> - </td> - </tr> - - {* Limit number of images information to be return *} - <tr> - <td> - <label for="add_limit">{'Returned images limit'|@translate}</label> - </td> - <td> - <select name="add_limit" id="add_limit" style="width: 10em" - onfocus="this.className='focus';" - onblur="this.className='nofocus';"> - {html_options values=$add_limits output=$add_limits} - </select> - </td> - </tr> - - {* Open service is postponed by n days *} - {* In comment currently - <tr> - <td> - <label for="add_start">{'Postponed availability in days'|@translate}</label> - </td> - <td> - <select name="add_start" id="add_start" style="width: 10em" - onfocus="this.className='focus';" - onblur="this.className='nofocus';"> - <!-- BEGIN add_start --> - <option value="{add_start.VALUE}" - {add_start.SELECTED}>{add_start.CONTENT} - </option> - <!-- END add_start --> - </select> - </td> - </tr> - *} - - {* Opened service only for n days *} - <tr> - <td> - <label for="add_end">{'Duration in days'|@translate}</label> - </td> - <td> - <select name="add_end" id="add_end" style="width: 10em" - onfocus="this.className='focus';" - onblur="this.className='nofocus';"> - {html_options values=$add_ends output=$add_ends} - </select> - </td> - </tr> - - {* Idendify your partner (name / website / phone) as you want *} - <tr> - <td> - <label for="add_Comment">{'ws_Comment'|@translate}</label> - <br /> - </td> - <td> - <textarea name="add_comment" id="add_comment" - rows="4" cols="80">{'Comment to identify your partner clearly'|@translate}</textarea> - </td> - </tr> - - {* Add submit button *} - <tr> - <td> - </td> - <td> - <input class="submit" type="submit" name="wsa_submit" style="width: 10em; padding-top: 3px;" - value="{'Submit'|@translate}" {$TAG_INPUT_ENABLED} - title="{'Add this access definition'|@translate}" /> - </td> - </tr> - </table> - </fieldset> -</form> - -{if !empty($access_list)} -<!-- Access list --> -<form method="post" name="preferences" action="{$F_STATUS_ACTION}"> - <input type="hidden" name="partner_prev" value="{$F_PREV_PARTNER}"> - <input type="hidden" name="request_prev" value="{$F_PREV_REQUEST}"> - <input type="hidden" name="high_prev" value="{$F_PREV_HIGH}"> - <input type="hidden" name="normal_prev" value="{$F_PREV_NORMAL}"> - <input type="hidden" name="order_prev" value="{$F_PREV_ORDER}"> - <input type="hidden" name="dir5n_prev" value="{$F_PREV_DIR5N}"> - <!-- Delete / Update Selected --> - <fieldset> - <legend>{'ws_update_legend'|@translate}</legend> - <table class="table2"> - <tr class="throw"> - <th> </th> - <th>{'ws_KeyName'|@translate}</th> - <th>{'ws_Access'|@translate}</th> - <th>{'ws_End'|@translate}</th> - <th>{'ws_Request'|@translate}</th> - <th>{'ws_Limit'|@translate}</th> - <th>{'ws_Comment'|@translate}</th> - </tr> - {foreach from=$access_list item=access name=access_loop} - <tr class="{if $smarty.foreach.access_loop.index is odd}row1{else}row2{/if}"> - <td> - <input type="radio" name="selection" - value="{$access.ID}" id="selection-{$access.ID}"> - </td> - <td><label for="selection-{$access.ID}">{$access.NAME}</label></td> - <td>{$access.TARGET}</td> - <td>{$access.END}</td> - <td>{$access.REQUEST}</td> - <td>{$access.LIMIT}</td> - <td>{$access.COMMENT}</td> - </tr> - {/foreach} - </table> - - <table> - <tr> - <td> - {'ws_delete_legend'|@translate} - </td> - <td> - <input type="radio" name="delete_confirmation" - value="true"> - <input class="submit" type="submit" name="wsX_submit" style="width: 10em; padding-top: 3px;" - value="{'Delete'|@translate}" {$TAG_INPUT_ENABLED}> - </td> - </tr> - </table> - <hr> - <table> - <tr> - <td> - <span class="property"> - <label for="upd_end">{'Modify End from Now +'|@translate} </label> - </span> - <select name="upd_end" id="upd_end" style="width: 10em" - onfocus="this.className='focus';" - onblur="this.className='nofocus';"> - {html_options values=$add_ends output=$add_ends} - </select> - <input class="submit" type="submit" name="wsu_submit" style="width: 10em; padding-top: 3px;" - value="{'Submit'|@translate}" {$TAG_INPUT_ENABLED}> - </td> - <td> - <i><small> ({'Web Services availability duration in days'|@translate})</small></i> - </td> - </tr> - </table> - - </fieldset> -</form> -{/if} - -{if isset($WS_STATUS)} - <h3>{$WS_STATUS}</h3> -{/if} diff --git a/admin/template/yoga/theme/admin/themeconf.inc.php b/admin/template/yoga/theme/admin/themeconf.inc.php index 61c090ebf..41e07b449 100644 --- a/admin/template/yoga/theme/admin/themeconf.inc.php +++ b/admin/template/yoga/theme/admin/themeconf.inc.php @@ -39,7 +39,6 @@ function selected_admin_menu() case 'history': case 'maintenance': case 'advanced_feature': - case 'ws_checker': case 'plugins_list': case 'plugin': return 5; diff --git a/admin/ws_checker.php b/admin/ws_checker.php deleted file mode 100644 index 7da8fac10..000000000 --- a/admin/ws_checker.php +++ /dev/null @@ -1,334 +0,0 @@ -<?php -// +-----------------------------------------------------------------------+ -// | Piwigo - a PHP based picture gallery | -// +-----------------------------------------------------------------------+ -// | Copyright(C) 2008 Piwigo Team http://piwigo.org | -// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | -// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | -// +-----------------------------------------------------------------------+ -// | This program is free software; you can redistribute it and/or modify | -// | it under the terms of the GNU General Public License as published by | -// | the Free Software Foundation | -// | | -// | This program is distributed in the hope that it will be useful, but | -// | WITHOUT ANY WARRANTY; without even the implied warranty of | -// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | -// | General Public License for more details. | -// | | -// | You should have received a copy of the GNU General Public License | -// | along with this program; if not, write to the Free Software | -// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | -// | USA. | -// +-----------------------------------------------------------------------+ - -// Next evolution... -// Out of parameter WS management -// The remainer objective is to check -// - Does Web Service working properly? -// - Does any access return something really? -// Give a way to check to the webmaster... -// These questions are one of module name explanations (checker). - -if((!defined("PHPWG_ROOT_PATH")) or (!$conf['allow_web_services'])) -{ - die('Hacking attempt!'); -} -include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); -include_once(PHPWG_ROOT_PATH.'include/ws_functions.inc.php'); - -/** - * official_req returns the managed requests list in array format - * FIXME A New list need to be build for ws_checker.php - * returns array of authrorized request/methods - * */ -function official_req() -{ - $official = array( /* Requests are limited to */ - 'categories.' /* all categories. methods */ - , 'categories.getImages' - , 'categories.getList' - , 'images.' /* all images. methods */ - , 'images.getInfo' - , 'images.addComment' - , 'images.search' - , 'tags.' /* all tags. methods */ - , 'tags.getImages' - , 'tags.getList' - ); - if (function_exists('local_req')) { - $local = local_req(); - return array_merge( $official, $local ); - } - return $official; -} - -/** - * check_target($string) verifies and corrects syntax of target parameter - * example : check_target(cat/23,24,24,24,25,27) returns cat/23-25,27 - * */ -function check_target($list) -{ - if ( $list !== '' ) - { - $type = explode('/',$list); // Find type list - if ( !in_array($type[0],array('list','cat','tag') ) ) - { - $type[0] = 'list'; // Assume an id list - } - $ids = explode( ',',$type[1] ); - $list = $type[0] . '/'; - - // 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6, - - $result = expand_id_list( $ids ); - - // 1,2,3,4,5,6,9,10,11,12,13,21,22, - // I would like - // 1-6,9-13,21-22 - $serial[] = $result[0]; // To be shifted - foreach ($result as $k => $id) - { - $next_less_1 = (isset($result[$k + 1]))? $result[$k + 1] - 1:-1; - if ( $id == $next_less_1 and end($serial)=='-' ) - { // nothing to do - } - elseif ( $id == $next_less_1 ) - { - $serial[]=$id; - $serial[]='-'; - } - else - { - $serial[]=$id; // end serie or non serie - } - } - $null = array_shift($serial); // remove first value - $list .= array_shift($serial); // add the real first one - $separ = ','; - foreach ($serial as $id) - { - $list .= ($id=='-') ? '' : $separ . $id; - $separ = ($id=='-') ? '-':','; // add comma except if hyphen - } - } - return $list; -} - -// +-----------------------------------------------------------------------+ -// | Check Access and exit when user status is not ok | -// +-----------------------------------------------------------------------+ -check_status(ACCESS_ADMINISTRATOR); - -// accepted queries -$req_type_list = official_req(); - -//--------------------------------------------------------- update informations -$chk_partner = ''; -// Is a new access required? - -if (isset($_POST['wsa_submit'])) -{ -// Check $_post (Some values are commented - maybe a future use) -$add_partner = htmlspecialchars( $_POST['add_partner'], ENT_QUOTES); -$add_target = check_target( $_POST['add_target']) ; -$add_end = ( is_numeric($_POST['add_end']) ) ? $_POST['add_end']:0; -$add_request = htmlspecialchars( $_POST['add_request'], ENT_QUOTES); -$add_limit = ( is_numeric($_POST['add_limit']) ) ? $_POST['add_limit']:1; -$add_comment = htmlspecialchars( $_POST['add_comment'], ENT_QUOTES); -if ( strlen($add_partner) < 8 ) -{ // TODO What? Complete with some MD5... -} - $query = ' -INSERT INTO '.WEB_SERVICES_ACCESS_TABLE.' -( `name` , `access` , `start` , `end` , `request` , `limit` , `comment` ) -VALUES (' . " - '$add_partner', '$add_target', - NOW(), - ADDDATE( NOW(), INTERVAL $add_end DAY), - '$add_request', '$add_limit', '$add_comment' );"; - - pwg_query($query); - $chk_partner = $add_partner; - - $template->append( - 'update_results', - l10n('ws_adding_legend').l10n('ws_success_upd') - ); -} - -// Next, Update selected access -if (isset($_POST['wsu_submit'])) -{ - $upd_end = ( is_numeric($_POST['upd_end']) ) ? $_POST['upd_end']:0; - $settxt = ' end = ADDDATE(NOW(), INTERVAL '. $upd_end .' DAY)'; - - if ((isset($_POST['selection'])) and (trim($settxt) != '')) - { - $uid = (int) $_POST['selection']; - $query = ' - UPDATE '.WEB_SERVICES_ACCESS_TABLE.' - SET '.$settxt.' - WHERE id = '.$uid.'; '; - pwg_query($query); - $template->append( - 'update_results', - l10n('ws_update_legend').l10n('ws_success_upd') - ); - } else { - $template->append( - 'update_results', - l10n('ws_update_legend').l10n('ws_failed_upd') - ); - } -} -// Next, Delete selected access - -if (isset($_POST['wsX_submit'])) -{ - if ((isset($_POST['delete_confirmation'])) - and (isset($_POST['selection']))) - { - $uid = (int) $_POST['selection']; - $query = 'DELETE FROM '.WEB_SERVICES_ACCESS_TABLE.' - WHERE id = '.$uid.'; '; - pwg_query($query); - $template->append( - 'update_results', - l10n('ws_delete_legend').l10n('ws_success_upd') - ); - } else { - $template->append( - 'update_results', - l10n('Not selected / Not confirmed').l10n('ws_failed_upd') - ); - } -} - - - -$template->assign( - array( - 'U_HELP' => get_root_url().'popuphelp.php?page=web_service', - ) - ); - -// Build where -$where = ''; -$order = ' ORDER BY `id` DESC' ; - -$query = ' -SELECT * - FROM '.WEB_SERVICES_ACCESS_TABLE.' -WHERE 1=1 ' -.$where. -' ' -.$order. -';'; -$result = pwg_query($query); -$acc_list = mysql_num_rows($result); -$result = pwg_query($query); -// +-----------------------------------------------------------------------+ -// | template init | -// +-----------------------------------------------------------------------+ - -$template->set_filenames( - array( - 'ws_checker' => 'admin/ws_checker.tpl' - ) - ); - - -// Access List -while ($row = mysql_fetch_array($result)) -{ - $chk_partner = ( $chk_partner == '' ) ? $row['name'] : $chk_partner; - $template->append( - 'access_list', - array( - 'ID' => $row['id'], - 'NAME' => - (is_adviser()) ? '*********' : $row['name'], - 'TARGET' => $row['access'], - 'END' => $row['end'], - 'REQUEST' => $row['request'], - 'LIMIT' => $row['limit'], - 'COMMENT' => $row['comment'], - ) - ); -} - -$template->assign('add_requests', $req_type_list); - -$template->assign('add_limits', $conf['ws_allowed_limit'] ); - -// Postponed Start Date -// By default 0, 1, 2, 3, 5, 7, 14 or 30 days -/*foreach ($conf['ws_postponed_start'] as $value) { - $template->assign_block_vars( - 'add_start', - array( - 'VALUE'=> $value, - 'CONTENT' => $value, - 'SELECTED' => ($conf['ws_postponed_start'][0] == $value) ? $selected:'', - ) - ); -}*/ - -// Durations (Allowed Web Services Period) -// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) or 15, 10, 7, 5, 1, 0 day(s) -$template->assign('add_ends', $conf['ws_durations']); - -if ( $chk_partner !== '' ) -{ - if (function_exists('curl_init')) - { - $request = get_absolute_root_url().'ws.php?method=pwg.getVersion&format=rest&' - . "partner=$chk_partner" ; - $session = curl_init($request); - curl_setopt ($session, CURLOPT_POST, true); - curl_setopt($session, CURLOPT_HEADER, true); - curl_setopt($session, CURLOPT_RETURNTRANSFER, true); - $response = curl_exec($session); - curl_close($session); - $status_code = array(); - preg_match('/\d\d\d/', $response, $status_code); - switch( $status_code[0] ) { - case 200: - $ws_status = l10n('Web Services under control'); - break; - case 503: - $ws_status = 'Piwigo Web Services failed and returned an ' - . 'HTTP status of 503. Service is unavailable. An internal ' - . 'problem prevented us from returning data to you.'; - break; - case 403: - $ws_status = 'Piwigo Web Services failed and returned an ' - . 'HTTP status of 403. Access is forbidden. You do not have ' - . 'permission to access this resource, or are over ' - . 'your rate limit.'; - break; - case 400: - // You may want to fall through here and read the specific XML error - $ws_status = 'Piwigo Web Services failed and returned an ' - . 'HTTP status of 400. Bad request. The parameters passed ' - . 'to the service did not match as expected. The exact ' - . 'error is returned in the XML response.'; - break; - default: - $ws_status = 'Piwigo Web Services returned an unexpected HTTP ' - . 'status of:' . $status_code[0]; - } - } - else - { - $ws_status = 'Cannot check - curl not installed'; - } - $template->assign( 'WS_STATUS', $ws_status ); -} - -//----------------------------------------------------------- sending html code - -$template->assign_var_from_handle('ADMIN_CONTENT', 'ws_checker'); - -include_once(PHPWG_ROOT_PATH.'include/ws_core.inc.php'); -?> diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 019220b29..838cc20b0 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -618,24 +618,6 @@ $conf['allow_web_services'] = true; // Maximum number of images to be returned foreach call to the web service $conf['ws_max_images_per_page'] = 500; -// On Access control false / Admim Web Service need Php cURL extension -// Controls are done on public basis or -// if connected on member authorization basis -$conf['ws_access_control'] = false; - -// Additionnal controls are made based on Web Service Access Table -// Max returned rows number ( > 0 ) -$conf['ws_allowed_limit'] = array(1,2,3,5,10,25); - -// By default can be delayed by 0, 1, 2, 3, 5, 7, 14 or 30 days -// 0 it's Now(), don't remove that one -$conf['ws_postponed_start'] = array(0,1,2,3,5,7,14,30); /* In days */ - -// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) -// or 15, 10, 7, 5, 1, 0 day(s) -// 0 it's temporary closed (Useful for one access) -$conf['ws_durations'] = array(3650,1825,730,365,182,91,30,15,10,7,5,1,0); - // +-----------------------------------------------------------------------+ // | Filter | // +-----------------------------------------------------------------------+ diff --git a/include/constants.php b/include/constants.php index 42854a9d4..4966c8b59 100644 --- a/include/constants.php +++ b/include/constants.php @@ -104,8 +104,6 @@ if (!defined('IMAGE_TAG_TABLE')) define('IMAGE_TAG_TABLE', $prefixeTable.'image_tag'); if (!defined('PLUGINS_TABLE')) define('PLUGINS_TABLE', $prefixeTable.'plugins'); -if (!defined('WEB_SERVICES_ACCESS_TABLE')) - define('WEB_SERVICES_ACCESS_TABLE', $prefixeTable.'ws_access'); if (!defined('OLD_PERMALINKS_TABLE')) define('OLD_PERMALINKS_TABLE', $prefixeTable.'old_permalinks'); diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index 0a0b7189d..e305016e3 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -42,109 +42,10 @@ function ws_isInvokeAllowed($res, $methodName, $params) return new PwgError(401, 'Access denied'); } - if ( !$conf['ws_access_control'] ) - { - return $res; // No controls are requested - } - $query = ' -SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE." - WHERE `name` = '$calling_partner_id' - AND NOW() <= end; "; - $result = pwg_query($query); - $row = mysql_fetch_assoc($result); - if ( empty($row) ) - { - return new PwgError(403, 'Partner id does not exist or is expired'); - } - if ( !empty($row['request']) - and strpos($methodName, $row['request'])==false - and strpos($methodName, 'session')==false - and strpos($methodName, 'getVersion')==false ) - { // session and getVersion are allowed to diagnose any failure reason - return new PwgError(403, 'Method not allowed'); - } - return $res; } /** - * ws_addControls - * returns additionnal controls if requested - * usable for 99% of Web Service methods - * - * - Args - * $methodName: is the requested method - * $partner: is the key - * $tbl_name: is the alias_name in the query (sometimes called correlation name) - * null if !getting picture informations - * - Logic - * Access_control is not active: Return - * Key is incorrect: Return 0 = 1 (False condition for MySQL) - * One of Params doesn't match with type of request: return 0 = 1 again - * Access list(id/cat/tag) is converted in expended image-id list - * image-id list: converted to an in-where-clause - * - * The additionnal in-where-clause is return - */ -function ws_addControls( $methodName, &$params, $tbl_name ) -{ - global $conf, $calling_partner_id; - if ( !$conf['ws_access_control'] or !isset($calling_partner_id) ) - { - return '1=1'; // No controls are requested - } - -// Is it an active Partner? - $query = ' -SELECT * FROM '.WEB_SERVICES_ACCESS_TABLE." - WHERE `name` = '$calling_partner_id' - AND NOW() <= end; "; -$result = pwg_query($query); - if ( mysql_num_rows( $result ) == 0 ) - { - return '0=1'; // Unknown partner or Obsolate agreement - } - - $row = mysql_fetch_array($result); - -// Overide general object limit - $params['per_page'] = $row['limit']; - -// Target restrict -// 3 cases: list, cat or tag -// Behind / we could found img-ids, cat-ids or tag-ids - $target = $row['access']; - if ( $target == '') - { - return '1=1'; // No controls are requested - } - list($type, $str_ids) = explode('/',$target); // Find type list - -// (array) 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6, - $arr_ids = expand_id_list( explode( ',',$str_ids ) ); - $addings = implode(',', $arr_ids); -// (string) 1,2,3,4,5,6,9,10,11,12,13,21,22, - if ( $type == 'list') - { - return $tbl_name . 'id IN ( ' . $addings . ' ) '; - } - - if ( $type == 'cat' ) - { - $addings = implode(',', get_image_ids_for_cats($arr_ids)); - return $tbl_name . 'id IN ( ' . $addings . ' ) '; - } - - if ( $type == 'tag' ) - { - $addings = implode(',', get_image_ids_for_tags($arr_ids, 'OR')); - return $tbl_name . 'id IN ( ' . $addings . ' ) '; - } - // Unmanaged new type? - return ' 0 = 1 '; // ??? -} - -/** * returns a "standard" (for our web service) array of sql where clauses that * filters the images (images table only) */ @@ -371,7 +272,6 @@ SELECT id, name, permalink, image_order 'visible_images' => 'i.id' ), null, true ); - $where_clauses[] = ws_addControls( 'categories.getImages', $params, 'i.' ); $order_by = ws_std_image_sql_order($params, 'i.'); if ( empty($order_by) @@ -609,9 +509,8 @@ SELECT * FROM '.IMAGES_TABLE.' get_sql_condition_FandF( array('visible_images' => 'id'), ' AND' - ).' AND '. - ws_addControls( 'images.getInfo', $params, '' ).' -LIMIT 1;'; + ).' +LIMIT 1'; $image_row = mysql_fetch_assoc(pwg_query($query)); if ($image_row==null) @@ -1183,7 +1082,6 @@ SELECT image_id, GROUP_CONCAT(tag_id) tag_ids '', true ); $where_clauses[] = 'id IN ('.implode(',',$image_ids).')'; - $where_clauses[] = ws_addControls( 'tags.getImages', $params, 'i.' ); $order_by = ws_std_image_sql_order($params); if (empty($order_by)) @@ -1266,54 +1164,4 @@ LIMIT '.$params['per_page']*$params['page'].','.$params['per_page']; ); } - -/** - * expand_id_list($ids) convert a human list expression to a full ordered list - * example : expand_id_list( array(5,2-3,2) ) returns array( 2, 3, 5) - * */ -function expand_id_list($ids) -{ - $tid = array(); - foreach ( $ids as $id ) - { - if ( is_numeric($id) ) - { - $tid[] = (int) $id; - } - else - { - $range = explode( '-', $id ); - if ( is_numeric($range[0]) and is_numeric($range[1]) ) - { - $from = min($range[0],$range[1]); - $to = max($range[0],$range[1]); - for ($i = $from; $i <= $to; $i++) - { - $tid[] = (int) $i; - } - } - } - } - $result = array_unique ($tid); // remove duplicates... - sort ($result); - return $result; -} - - -/** - * converts a cat-ids array in image-ids array - * FIXME Function which should already exist somewhere else - * */ -function get_image_ids_for_cats($cat_ids) -{ - $cat_list = implode(',', $cat_ids); - $ret_ids = array(); - $query = ' - SELECT DISTINCT image_id - FROM '.IMAGE_CATEGORY_TABLE.' - WHERE category_id in ('.$cat_list.') - ;'; - return array_from_query($query, 'image_id'); -} - ?> diff --git a/install/db/75-database.php b/install/db/75-database.php new file mode 100644 index 000000000..4557fb1b8 --- /dev/null +++ b/install/db/75-database.php @@ -0,0 +1,46 @@ +<?php +// +-----------------------------------------------------------------------+ +// | Piwigo - a PHP based picture gallery | +// +-----------------------------------------------------------------------+ +// | Copyright(C) 2008 Piwigo Team http://piwigo.org | +// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | +// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +if (!defined('PHPWG_ROOT_PATH')) +{ + die('Hacking attempt!'); +} + +$upgrade_description = 'Add blk_menubar config'; + +// +-----------------------------------------------------------------------+ +// | Upgrade content | +// +-----------------------------------------------------------------------+ + +$query = 'DROP TABLE IF EXISTS '.$prefixeTable.'ws_access'; +pwg_query($query); + +$upgrade_description = $query; + +echo +"\n" +.'"'.$upgrade_description.'"'.' ended' +."\n" +; + +?> diff --git a/install/upgrade_1.6.2.php b/install/upgrade_1.6.2.php index af5789b1c..9f4a72d5d 100644 --- a/install/upgrade_1.6.2.php +++ b/install/upgrade_1.6.2.php @@ -169,6 +169,7 @@ CREATE TABLE `".PREFIX_TABLE."user_cache_categories` ( ) TYPE=MyISAM ;", +/* TABLE DROPPED BEFORE Butterfly/Piwigo release - see later DROP IF EXISTS " CREATE TABLE `".PREFIX_TABLE."ws_access` ( `id` smallint(5) unsigned NOT NULL auto_increment, @@ -182,7 +183,7 @@ CREATE TABLE `".PREFIX_TABLE."ws_access` ( PRIMARY KEY (`id`), UNIQUE KEY `ws_access_ui1` (`name`) ) TYPE=MyISAM COMMENT='Access for Web Services' -;", +;",*/ " INSERT INTO ".PREFIX_TABLE."config diff --git a/language/en_UK/admin.lang.php b/language/en_UK/admin.lang.php index f41f95ea6..06b8da97d 100644 --- a/language/en_UK/admin.lang.php +++ b/language/en_UK/admin.lang.php @@ -465,36 +465,6 @@ $lang['is_default_group'] = 'default'; $lang['toggle_is_default_group'] = 'Toggle \'default group\' property'; $lang['Advanced_features'] = 'Advanced features'; $lang['Elements_not_linked'] = 'Not linked elements'; -$lang['web_services'] = 'Web services '; -$lang['title_wscheck'] = ' Access management '; -$lang['ws_failed_upd'] = ' -> <strong>Uncompleted demand</strong> '; -$lang['ws_success_upd'] = ' -> Successfully completed '; -$lang['ws_adding_legend'] = ' Add a new partner access to Web Services '; -$lang['ws_update_legend'] = ' Revoke / Update selected partner access '; -$lang['ws_delete_legend'] = ' Revoke selected partner access '; -$lang['ws_Methods'] = ' Methods '; -$lang['ws_KeyName'] = ' Partner '; -$lang['ws_Access'] = ' Access '; -$lang['ws_Start'] = ' Start '; -$lang['ws_End'] = ' End '; -$lang['ws_Request'] = ' Request '; -$lang['ws_Limit'] = ' Limit '; -$lang['ws_Comment'] = ' Comment '; -$lang['Modify End from Now +'] = 'Modify End from Now + '; -$lang['Delete'] = ' Remove '; -$lang['Confidential partner key'] = 'Confidential partner key'; -$lang['Basis of access key calculation'] = 'Basis of access key calculation'; -$lang['Target'] = 'Target'; -$lang['Access: see help text for more'] = 'Access: see help text for more'; -$lang['Facultative and restrictive option'] = 'Facultative and restrictive option'; -$lang['Postponed availability in days'] = 'Postponed availability in days'; -$lang['Duration in days'] = 'Duration in days'; -$lang['Restrict access to'] = 'Restrict access to'; -$lang['Returned images limit'] = 'Returned images limit'; -$lang['Comment to identify your partner clearly'] = 'Comment to identify your partner clearly'; -$lang['Add this access definition'] = 'Add this access definition'; -$lang['Web Services availability duration in days'] = 'Web Services availability duration in days'; -$lang['Web Services under control'] = 'Piwigo Web Services are fully operationals and all requests are under control.'; $lang['special_admin_menu'] = 'Specials'; $lang['Duplicates'] = 'Files with same name in more than one physical category'; diff --git a/language/es_ES/admin.lang.php b/language/es_ES/admin.lang.php index f1b12eeff..16e37c3c4 100644 --- a/language/es_ES/admin.lang.php +++ b/language/es_ES/admin.lang.php @@ -338,7 +338,6 @@ $lang['permissions'] = 'Permisos'; $lang['private'] = 'intimidad'; $lang['properties'] = 'Propiedades'; $lang['public'] = 'público'; -$lang['purge history'] = 'purgar la reseña histórica'; $lang['purge never used notification feeds'] = 'Purgar los flujos jamás utilizados de notificación'; $lang['purge sessions'] = 'Purgar las sesiones'; $lang['randomly represented'] = 'Representando al azar'; @@ -466,41 +465,7 @@ $lang['is_default_group'] = 'por defecto'; $lang['toggle_is_default_group'] = 'Invertir la propiedad \'grupo por defecto\''; $lang['Advanced_features'] = 'Funciones avanzadas'; $lang['Elements_not_linked'] = 'Elementos no atados'; -$lang['web_services'] = 'Servicios Web '; -$lang['title_wscheck'] = ' Gestión de los accesos '; -$lang['ws_failed_upd'] = ' -> <strong>Operación no realizada</strong> '; -$lang['ws_success_upd'] = ' -> Acción realizada correctamente '; -$lang['ws_adding_legend'] = ' Añadido de un acceso compañero a los Servicios Web '; -$lang['ws_update_legend'] = ' Suprimir / Modificar el acceso del compañero seleccionado '; -$lang['ws_delete_legend'] = ' Suprimir definitivamente el acceso del compañero seleccionado '; -$lang['ws_Methods'] = ' Métodos '; -$lang['ws_KeyName'] = ' Compañero '; -$lang['ws_Access'] = ' Accesso '; -$lang['ws_Start'] = ' Principio '; -$lang['ws_End'] = ' Fin '; -$lang['ws_Request'] = 'Demanda'; -$lang['ws_Limit'] = ' Límite '; -$lang['ws_Comment'] = ' Comentario '; -$lang['Modify End from Now +'] = 'Modificar el Fin por este instante + '; -$lang['Delete'] = ' Retirada '; -$lang['Confidential partner key'] = 'Llave confidencial'; -$lang['Basis of access key calculation'] = 'Base de cálculo de la llave'; -$lang['Target'] = 'Blanco'; -$lang['Access: see help text for more'] = 'Acceso : ver la ayuda en línea'; -$lang['Facultative and restrictive option'] = 'Opción facultativa y restrictiva'; -$lang['Postponed availability in days'] = 'Saldo de disponibilidad en días'; -$lang['Duration in days'] = 'Durada en días'; -$lang['Restrict access to'] = 'Acceso restringindo a'; -$lang['Returned images limit'] = 'Límite de transmision'; -$lang['Comment to identify your partner clearly'] = 'Comentario que le permite identificar a su compañero fácilmente'; -$lang['Add this access definition']= 'Añadir esta definición de acceso'; -$lang['Web Services availability duration in days'] = 'Duración de abertura de los Servicios Web en días'; -$lang['Web Services under control'] = 'Los Servicios Web de Piwigo totalmente son operativos y todas las demandas son controladas.'; $lang['special_admin_menu'] = 'Clases de matemáticas superiores'; -$lang['note_check_exif'] = '%s debe ser puesto a "false" en su fichero config_local.inc.php porque el extejo no es sostenido.'; -$lang['note_check_more_info'] = 'Vaya sobre %s or %s para más informaciones.'; -$lang['note_check_more_info_forum'] = 'el foro'; -$lang['note_check_more_info_wiki'] = 'el wiki'; $lang['Duplicates'] = 'Ficheros que llevan el mismo nombre en varias categorías físicas'; $lang['Export data'] = 'Exportar los datos'; diff --git a/language/fr_FR/admin.lang.php b/language/fr_FR/admin.lang.php index 1f0bdc72c..d6b053a79 100644 --- a/language/fr_FR/admin.lang.php +++ b/language/fr_FR/admin.lang.php @@ -465,36 +465,6 @@ $lang['is_default_group'] = 'par défaut'; $lang['toggle_is_default_group'] = 'Inverser la propriété \'groupe par défaut\''; $lang['Advanced_features'] = 'Fonctions avancées'; $lang['Elements_not_linked'] = 'Eléments non liés'; -$lang['web_services'] = 'Services Web '; -$lang['title_wscheck'] = ' Gestion des accès '; -$lang['ws_failed_upd'] = ' -> <strong>Opération non réalisée</strong> '; -$lang['ws_success_upd'] = ' -> Action réalisée correctement '; -$lang['ws_adding_legend'] = ' Ajout d\'un accès partenaire aux Services Web '; -$lang['ws_update_legend'] = ' Supprimer / Modifier l\'accès du partenaire sélectionné '; -$lang['ws_delete_legend'] = ' Supprimer définitivement l\'accès du partenaire sélectionné '; -$lang['ws_Methods'] = ' Méthodes '; -$lang['ws_KeyName'] = ' Partenaire '; -$lang['ws_Access'] = ' Access '; -$lang['ws_Start'] = ' Début '; -$lang['ws_End'] = ' Fin '; -$lang['ws_Request'] = 'Requête'; -$lang['ws_Limit'] = ' Limite '; -$lang['ws_Comment'] = ' Commentaire '; -$lang['Modify End from Now +'] = 'Modifier la Fin par cet instant + '; -$lang['Delete'] = ' Retrait '; -$lang['Confidential partner key'] = 'Clé confidentielle'; -$lang['Basis of access key calculation'] = 'Base de calcul de la clé'; -$lang['Target'] = 'Cible'; -$lang['Access: see help text for more'] = 'Accès: voir l\'aide en ligne'; -$lang['Facultative and restrictive option'] = 'Option facultative et restrictive'; -$lang['Postponed availability in days'] = 'Report de disponibilité en jours'; -$lang['Duration in days'] = 'Durée en jours'; -$lang['Restrict access to'] = 'Accès restreint à'; -$lang['Returned images limit'] = 'Limite de transmision'; -$lang['Comment to identify your partner clearly'] = 'Commentaire vous permettant d\'identifier votre partenaire facilement'; -$lang['Add this access definition']= 'Ajouter cette définition d\'accès'; -$lang['Web Services availability duration in days'] = 'Durée d\'ouverture des Services Web en jours'; -$lang['Web Services under control'] = 'Les Services Web de Piwigo sont totalement operationnels et toutes les requêtes sont contrôlées.'; $lang['special_admin_menu'] = 'Spéciales'; $lang['Duplicates'] = 'Fichiers portant le même nom dans plusieurs catégories physiques'; diff --git a/language/it_IT/admin.lang.php b/language/it_IT/admin.lang.php index 071359ef4..bd93eb831 100644 --- a/language/it_IT/admin.lang.php +++ b/language/it_IT/admin.lang.php @@ -465,36 +465,6 @@ $lang['is_default_group'] = 'di default'; $lang['toggle_is_default_group'] = 'Invertire la proprietà "gruppo di default"';
$lang['Advanced_features'] = 'Funzioni avanzate';
$lang['Elements_not_linked'] = 'Elementi sciolti';
-$lang['web_services'] = 'Servizzi Web ';
-$lang['title_wscheck'] = ' Gestione degli accessi ';
-$lang['ws_failed_upd'] = ' -> <strong>Operazione non efettuata</strong> ';
-$lang['ws_success_upd'] = ' -> Operazione realizzata correttamente ';
-$lang['ws_adding_legend'] = ' Aggiungere un nuovo accesso partner ai Servizi Web ';
-$lang['ws_update_legend'] = ' Cancellare / Modificare l\'accesso del partner selezionato ';
-$lang['ws_delete_legend'] = ' Cancellare definitivamente l\'accesso del partner selezionato ';
-$lang['ws_Methods'] = ' Methods ';
-$lang['ws_KeyName'] = ' Partner ';
-$lang['ws_Access'] = ' Access ';
-$lang['ws_Start'] = ' Inizzio ';
-$lang['ws_End'] = ' Fine ';
-$lang['ws_Request'] = ' Selezione ';
-$lang['ws_Limit'] = ' Limite ';
-$lang['ws_Comment'] = ' Commento ';
-$lang['Modify End from Now +'] = 'Modificare la Fine da quest\'instante + ';
-$lang['Delete'] = ' Togliere ';
-$lang['Confidential partner key'] = 'Chiave confidentiale';
-$lang['Basis of access key calculation'] = 'Base di calcolo della chiave';
-$lang['Target'] = 'Target';
-$lang['Access: see help text for more'] = 'Accesso: vedere aiuto on line';
-$lang['Facultative and restrictive option'] = 'Opzione facoltativa e restrittiva';
-$lang['Postponed availability in days'] = 'Disponibilità posposta in giorni';
-$lang['Duration in days'] = 'Durata in giorni';
-$lang['Restrict access to'] = 'Accesso limitato a';
-$lang['Returned images limit'] = 'Limite di trasferimento';
-$lang['Comment to identify your partner clearly'] = 'Commento che vi permetterà di identificare il vostro partner facilmente';
-$lang['Add this access definition']= 'Aggiungere questa definizione d\'accesso';
-$lang['Web Services availability duration in days'] = 'Durata d\'appertura dei Servizzi Web in giorni';
-$lang['Web Services under control'] = 'I Servizzi Web di Piwigo sono totalmente operativi e tutte le selezioni sono controllate.';
$lang['special_admin_menu'] = 'Speciale';
$lang['Duplicates'] = 'File con stesso nome in più di una categoria fisica';
diff --git a/language/nl_NL/admin.lang.php b/language/nl_NL/admin.lang.php index f276ee170..0bb9a65ec 100644 --- a/language/nl_NL/admin.lang.php +++ b/language/nl_NL/admin.lang.php @@ -338,7 +338,6 @@ $lang['permissions'] = 'Rechten'; $lang['private'] = 'private'; $lang['properties'] = 'Eigenschappen'; $lang['public'] = 'publiek'; -$lang['purge history'] = 'verwijder geschiedenis'; $lang['purge never used notification feeds'] = 'verwijder nimmer gebruikte meldingen'; $lang['purge sessions'] = 'verwijder sessies'; $lang['randomly represented'] = 'willekeurig represented'; @@ -466,41 +465,7 @@ $lang['is_default_group'] = 'standaard'; $lang['toggle_is_default_group'] = 'Aanpassen \'standaard groep\' eigenschap'; $lang['Advanced_features'] = 'Geavanceerde functies'; $lang['Elements_not_linked'] = 'Niet gelinkte elementen'; -$lang['web_services'] = 'Web services '; -$lang['title_wscheck'] = ' Toegangsbeheer'; -$lang['ws_failed_upd'] = ' -> <strong>Niet voltooide eis</strong> '; -$lang['ws_success_upd'] = ' -> Succesvol afgerond '; -$lang['ws_adding_legend'] = ' Voeg een nieuwe partner toegang toe aan Web Services '; -$lang['ws_update_legend'] = ' Ongedaan maken / bijwerken geselecteerde partner toegangaccess '; -$lang['ws_delete_legend'] = ' Maak geselecteerde partner toegang ongedaan'; -$lang['ws_Methods'] = ' Methode '; -$lang['ws_KeyName'] = ' Partner '; -$lang['ws_Access'] = ' Toegang '; -$lang['ws_Start'] = ' Start '; -$lang['ws_End'] = ' Eind '; -$lang['ws_Request'] = ' Vraag '; -$lang['ws_Limit'] = ' Limiet '; -$lang['ws_Comment'] = ' Commentaar '; -$lang['Modify End from Now +'] = 'Verander eind vanaf hier + '; -$lang['Delete'] = ' Verwijderen '; -$lang['Confidential partner key'] = 'Vertrouwelijke partner sleutel'; -$lang['Basis of access key calculation'] = 'Basis van de toegangssleutel berekening'; -$lang['Target'] = 'Doel'; -$lang['Access: see help text for more'] = 'Toegang: Zie help tekst voor meer info'; -$lang['Facultative and restrictive option'] = 'Facultatieve en restrictieve optie '; -$lang['Postponed availability in days'] = 'Uitgestelde beschikbaarheid in dagen'; -$lang['Duration in days'] = 'Duur in dagen'; -$lang['Restrict access to'] = 'Beperk toegang tot'; -$lang['Returned images limit'] = 'Teruggekeerde beeldengrens'; -$lang['Comment to identify your partner clearly'] = 'Commentaar om je partner te identificeren'; -$lang['Add this access definition'] = 'Toevoegen toegangs defenitie'; -$lang['Web Services availability duration in days'] = 'Web Services beschikbaar in aantal dagen'; -$lang['Web Services under control'] = 'Piwigo Web Services zijn volledig operationeel en alle verzoeken worden uitgevoerd.'; $lang['special_admin_menu'] = 'Speciaal'; -$lang['note_check_exif'] = '%s moet ingesteld zijn op false in je config_local.inc.php omdat exif niet ondersteund wordt.'; -$lang['note_check_more_info'] = 'Ga naar %s of %s voor meer informatie.'; -$lang['note_check_more_info_forum'] = 'het forum'; -$lang['note_check_more_info_wiki'] = 'de wiki'; $lang['Duplicates'] = 'Bestanden met de zelfde naam in meer dan één physieke categorie'; $lang['Export data'] = 'Exporteer data'; @@ -128,7 +128,7 @@ function ws_addDefaultMethods( $arr ) ), 'Returns elements for the corresponding query search.' ); - + $service->addMethod( 'pwg.images.setPrivacyLevel', 'ws_images_setPrivacyLevel', @@ -192,14 +192,9 @@ add_event_handler('ws_add_methods', 'ws_addDefaultMethods'); add_event_handler('ws_invoke_allowed', 'ws_isInvokeAllowed', EVENT_HANDLER_PRIORITY_NEUTRAL, 3); -$calling_partner_id = ''; $requestFormat = null; $responseFormat = null; -if ( isset($_GET['partner']) ) -{ - $calling_partner_id = $_GET['partner']; -} if ( isset($_GET['format']) ) { $responseFormat = $_GET['format']; |