diff options
Diffstat (limited to 'BSF/admin/ws_checker.php')
-rw-r--r-- | BSF/admin/ws_checker.php | 334 |
1 files changed, 334 insertions, 0 deletions
diff --git a/BSF/admin/ws_checker.php b/BSF/admin/ws_checker.php new file mode 100644 index 000000000..7da8fac10 --- /dev/null +++ b/BSF/admin/ws_checker.php @@ -0,0 +1,334 @@ +<?php +// +-----------------------------------------------------------------------+ +// | Piwigo - a PHP based picture gallery | +// +-----------------------------------------------------------------------+ +// | Copyright(C) 2008 Piwigo Team http://piwigo.org | +// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | +// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +// Next evolution... +// Out of parameter WS management +// The remainer objective is to check +// - Does Web Service working properly? +// - Does any access return something really? +// Give a way to check to the webmaster... +// These questions are one of module name explanations (checker). + +if((!defined("PHPWG_ROOT_PATH")) or (!$conf['allow_web_services'])) +{ + die('Hacking attempt!'); +} +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); +include_once(PHPWG_ROOT_PATH.'include/ws_functions.inc.php'); + +/** + * official_req returns the managed requests list in array format + * FIXME A New list need to be build for ws_checker.php + * returns array of authrorized request/methods + * */ +function official_req() +{ + $official = array( /* Requests are limited to */ + 'categories.' /* all categories. methods */ + , 'categories.getImages' + , 'categories.getList' + , 'images.' /* all images. methods */ + , 'images.getInfo' + , 'images.addComment' + , 'images.search' + , 'tags.' /* all tags. methods */ + , 'tags.getImages' + , 'tags.getList' + ); + if (function_exists('local_req')) { + $local = local_req(); + return array_merge( $official, $local ); + } + return $official; +} + +/** + * check_target($string) verifies and corrects syntax of target parameter + * example : check_target(cat/23,24,24,24,25,27) returns cat/23-25,27 + * */ +function check_target($list) +{ + if ( $list !== '' ) + { + $type = explode('/',$list); // Find type list + if ( !in_array($type[0],array('list','cat','tag') ) ) + { + $type[0] = 'list'; // Assume an id list + } + $ids = explode( ',',$type[1] ); + $list = $type[0] . '/'; + + // 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6, + + $result = expand_id_list( $ids ); + + // 1,2,3,4,5,6,9,10,11,12,13,21,22, + // I would like + // 1-6,9-13,21-22 + $serial[] = $result[0]; // To be shifted + foreach ($result as $k => $id) + { + $next_less_1 = (isset($result[$k + 1]))? $result[$k + 1] - 1:-1; + if ( $id == $next_less_1 and end($serial)=='-' ) + { // nothing to do + } + elseif ( $id == $next_less_1 ) + { + $serial[]=$id; + $serial[]='-'; + } + else + { + $serial[]=$id; // end serie or non serie + } + } + $null = array_shift($serial); // remove first value + $list .= array_shift($serial); // add the real first one + $separ = ','; + foreach ($serial as $id) + { + $list .= ($id=='-') ? '' : $separ . $id; + $separ = ($id=='-') ? '-':','; // add comma except if hyphen + } + } + return $list; +} + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); + +// accepted queries +$req_type_list = official_req(); + +//--------------------------------------------------------- update informations +$chk_partner = ''; +// Is a new access required? + +if (isset($_POST['wsa_submit'])) +{ +// Check $_post (Some values are commented - maybe a future use) +$add_partner = htmlspecialchars( $_POST['add_partner'], ENT_QUOTES); +$add_target = check_target( $_POST['add_target']) ; +$add_end = ( is_numeric($_POST['add_end']) ) ? $_POST['add_end']:0; +$add_request = htmlspecialchars( $_POST['add_request'], ENT_QUOTES); +$add_limit = ( is_numeric($_POST['add_limit']) ) ? $_POST['add_limit']:1; +$add_comment = htmlspecialchars( $_POST['add_comment'], ENT_QUOTES); +if ( strlen($add_partner) < 8 ) +{ // TODO What? Complete with some MD5... +} + $query = ' +INSERT INTO '.WEB_SERVICES_ACCESS_TABLE.' +( `name` , `access` , `start` , `end` , `request` , `limit` , `comment` ) +VALUES (' . " + '$add_partner', '$add_target', + NOW(), + ADDDATE( NOW(), INTERVAL $add_end DAY), + '$add_request', '$add_limit', '$add_comment' );"; + + pwg_query($query); + $chk_partner = $add_partner; + + $template->append( + 'update_results', + l10n('ws_adding_legend').l10n('ws_success_upd') + ); +} + +// Next, Update selected access +if (isset($_POST['wsu_submit'])) +{ + $upd_end = ( is_numeric($_POST['upd_end']) ) ? $_POST['upd_end']:0; + $settxt = ' end = ADDDATE(NOW(), INTERVAL '. $upd_end .' DAY)'; + + if ((isset($_POST['selection'])) and (trim($settxt) != '')) + { + $uid = (int) $_POST['selection']; + $query = ' + UPDATE '.WEB_SERVICES_ACCESS_TABLE.' + SET '.$settxt.' + WHERE id = '.$uid.'; '; + pwg_query($query); + $template->append( + 'update_results', + l10n('ws_update_legend').l10n('ws_success_upd') + ); + } else { + $template->append( + 'update_results', + l10n('ws_update_legend').l10n('ws_failed_upd') + ); + } +} +// Next, Delete selected access + +if (isset($_POST['wsX_submit'])) +{ + if ((isset($_POST['delete_confirmation'])) + and (isset($_POST['selection']))) + { + $uid = (int) $_POST['selection']; + $query = 'DELETE FROM '.WEB_SERVICES_ACCESS_TABLE.' + WHERE id = '.$uid.'; '; + pwg_query($query); + $template->append( + 'update_results', + l10n('ws_delete_legend').l10n('ws_success_upd') + ); + } else { + $template->append( + 'update_results', + l10n('Not selected / Not confirmed').l10n('ws_failed_upd') + ); + } +} + + + +$template->assign( + array( + 'U_HELP' => get_root_url().'popuphelp.php?page=web_service', + ) + ); + +// Build where +$where = ''; +$order = ' ORDER BY `id` DESC' ; + +$query = ' +SELECT * + FROM '.WEB_SERVICES_ACCESS_TABLE.' +WHERE 1=1 ' +.$where. +' ' +.$order. +';'; +$result = pwg_query($query); +$acc_list = mysql_num_rows($result); +$result = pwg_query($query); +// +-----------------------------------------------------------------------+ +// | template init | +// +-----------------------------------------------------------------------+ + +$template->set_filenames( + array( + 'ws_checker' => 'admin/ws_checker.tpl' + ) + ); + + +// Access List +while ($row = mysql_fetch_array($result)) +{ + $chk_partner = ( $chk_partner == '' ) ? $row['name'] : $chk_partner; + $template->append( + 'access_list', + array( + 'ID' => $row['id'], + 'NAME' => + (is_adviser()) ? '*********' : $row['name'], + 'TARGET' => $row['access'], + 'END' => $row['end'], + 'REQUEST' => $row['request'], + 'LIMIT' => $row['limit'], + 'COMMENT' => $row['comment'], + ) + ); +} + +$template->assign('add_requests', $req_type_list); + +$template->assign('add_limits', $conf['ws_allowed_limit'] ); + +// Postponed Start Date +// By default 0, 1, 2, 3, 5, 7, 14 or 30 days +/*foreach ($conf['ws_postponed_start'] as $value) { + $template->assign_block_vars( + 'add_start', + array( + 'VALUE'=> $value, + 'CONTENT' => $value, + 'SELECTED' => ($conf['ws_postponed_start'][0] == $value) ? $selected:'', + ) + ); +}*/ + +// Durations (Allowed Web Services Period) +// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) or 15, 10, 7, 5, 1, 0 day(s) +$template->assign('add_ends', $conf['ws_durations']); + +if ( $chk_partner !== '' ) +{ + if (function_exists('curl_init')) + { + $request = get_absolute_root_url().'ws.php?method=pwg.getVersion&format=rest&' + . "partner=$chk_partner" ; + $session = curl_init($request); + curl_setopt ($session, CURLOPT_POST, true); + curl_setopt($session, CURLOPT_HEADER, true); + curl_setopt($session, CURLOPT_RETURNTRANSFER, true); + $response = curl_exec($session); + curl_close($session); + $status_code = array(); + preg_match('/\d\d\d/', $response, $status_code); + switch( $status_code[0] ) { + case 200: + $ws_status = l10n('Web Services under control'); + break; + case 503: + $ws_status = 'Piwigo Web Services failed and returned an ' + . 'HTTP status of 503. Service is unavailable. An internal ' + . 'problem prevented us from returning data to you.'; + break; + case 403: + $ws_status = 'Piwigo Web Services failed and returned an ' + . 'HTTP status of 403. Access is forbidden. You do not have ' + . 'permission to access this resource, or are over ' + . 'your rate limit.'; + break; + case 400: + // You may want to fall through here and read the specific XML error + $ws_status = 'Piwigo Web Services failed and returned an ' + . 'HTTP status of 400. Bad request. The parameters passed ' + . 'to the service did not match as expected. The exact ' + . 'error is returned in the XML response.'; + break; + default: + $ws_status = 'Piwigo Web Services returned an unexpected HTTP ' + . 'status of:' . $status_code[0]; + } + } + else + { + $ws_status = 'Cannot check - curl not installed'; + } + $template->assign( 'WS_STATUS', $ws_status ); +} + +//----------------------------------------------------------- sending html code + +$template->assign_var_from_handle('ADMIN_CONTENT', 'ws_checker'); + +include_once(PHPWG_ROOT_PATH.'include/ws_core.inc.php'); +?> |