aboutsummaryrefslogtreecommitdiffstats
path: root/BSF/admin/ws_checker.php
diff options
context:
space:
mode:
Diffstat (limited to 'BSF/admin/ws_checker.php')
-rw-r--r--BSF/admin/ws_checker.php334
1 files changed, 334 insertions, 0 deletions
diff --git a/BSF/admin/ws_checker.php b/BSF/admin/ws_checker.php
new file mode 100644
index 000000000..7da8fac10
--- /dev/null
+++ b/BSF/admin/ws_checker.php
@@ -0,0 +1,334 @@
+<?php
+// +-----------------------------------------------------------------------+
+// | Piwigo - a PHP based picture gallery |
+// +-----------------------------------------------------------------------+
+// | Copyright(C) 2008 Piwigo Team http://piwigo.org |
+// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net |
+// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick |
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify |
+// | it under the terms of the GNU General Public License as published by |
+// | the Free Software Foundation |
+// | |
+// | This program is distributed in the hope that it will be useful, but |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
+// | General Public License for more details. |
+// | |
+// | You should have received a copy of the GNU General Public License |
+// | along with this program; if not, write to the Free Software |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA. |
+// +-----------------------------------------------------------------------+
+
+// Next evolution...
+// Out of parameter WS management
+// The remainer objective is to check
+// - Does Web Service working properly?
+// - Does any access return something really?
+// Give a way to check to the webmaster...
+// These questions are one of module name explanations (checker).
+
+if((!defined("PHPWG_ROOT_PATH")) or (!$conf['allow_web_services']))
+{
+ die('Hacking attempt!');
+}
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+include_once(PHPWG_ROOT_PATH.'include/ws_functions.inc.php');
+
+/**
+ * official_req returns the managed requests list in array format
+ * FIXME A New list need to be build for ws_checker.php
+ * returns array of authrorized request/methods
+ * */
+function official_req()
+{
+ $official = array( /* Requests are limited to */
+ 'categories.' /* all categories. methods */
+ , 'categories.getImages'
+ , 'categories.getList'
+ , 'images.' /* all images. methods */
+ , 'images.getInfo'
+ , 'images.addComment'
+ , 'images.search'
+ , 'tags.' /* all tags. methods */
+ , 'tags.getImages'
+ , 'tags.getList'
+ );
+ if (function_exists('local_req')) {
+ $local = local_req();
+ return array_merge( $official, $local );
+ }
+ return $official;
+}
+
+/**
+ * check_target($string) verifies and corrects syntax of target parameter
+ * example : check_target(cat/23,24,24,24,25,27) returns cat/23-25,27
+ * */
+function check_target($list)
+{
+ if ( $list !== '' )
+ {
+ $type = explode('/',$list); // Find type list
+ if ( !in_array($type[0],array('list','cat','tag') ) )
+ {
+ $type[0] = 'list'; // Assume an id list
+ }
+ $ids = explode( ',',$type[1] );
+ $list = $type[0] . '/';
+
+ // 1,2,21,3,22,4,5,9-12,6,11,12,13,2,4,6,
+
+ $result = expand_id_list( $ids );
+
+ // 1,2,3,4,5,6,9,10,11,12,13,21,22,
+ // I would like
+ // 1-6,9-13,21-22
+ $serial[] = $result[0]; // To be shifted
+ foreach ($result as $k => $id)
+ {
+ $next_less_1 = (isset($result[$k + 1]))? $result[$k + 1] - 1:-1;
+ if ( $id == $next_less_1 and end($serial)=='-' )
+ { // nothing to do
+ }
+ elseif ( $id == $next_less_1 )
+ {
+ $serial[]=$id;
+ $serial[]='-';
+ }
+ else
+ {
+ $serial[]=$id; // end serie or non serie
+ }
+ }
+ $null = array_shift($serial); // remove first value
+ $list .= array_shift($serial); // add the real first one
+ $separ = ',';
+ foreach ($serial as $id)
+ {
+ $list .= ($id=='-') ? '' : $separ . $id;
+ $separ = ($id=='-') ? '-':','; // add comma except if hyphen
+ }
+ }
+ return $list;
+}
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
+
+// accepted queries
+$req_type_list = official_req();
+
+//--------------------------------------------------------- update informations
+$chk_partner = '';
+// Is a new access required?
+
+if (isset($_POST['wsa_submit']))
+{
+// Check $_post (Some values are commented - maybe a future use)
+$add_partner = htmlspecialchars( $_POST['add_partner'], ENT_QUOTES);
+$add_target = check_target( $_POST['add_target']) ;
+$add_end = ( is_numeric($_POST['add_end']) ) ? $_POST['add_end']:0;
+$add_request = htmlspecialchars( $_POST['add_request'], ENT_QUOTES);
+$add_limit = ( is_numeric($_POST['add_limit']) ) ? $_POST['add_limit']:1;
+$add_comment = htmlspecialchars( $_POST['add_comment'], ENT_QUOTES);
+if ( strlen($add_partner) < 8 )
+{ // TODO What? Complete with some MD5...
+}
+ $query = '
+INSERT INTO '.WEB_SERVICES_ACCESS_TABLE.'
+( `name` , `access` , `start` , `end` , `request` , `limit` , `comment` )
+VALUES (' . "
+ '$add_partner', '$add_target',
+ NOW(),
+ ADDDATE( NOW(), INTERVAL $add_end DAY),
+ '$add_request', '$add_limit', '$add_comment' );";
+
+ pwg_query($query);
+ $chk_partner = $add_partner;
+
+ $template->append(
+ 'update_results',
+ l10n('ws_adding_legend').l10n('ws_success_upd')
+ );
+}
+
+// Next, Update selected access
+if (isset($_POST['wsu_submit']))
+{
+ $upd_end = ( is_numeric($_POST['upd_end']) ) ? $_POST['upd_end']:0;
+ $settxt = ' end = ADDDATE(NOW(), INTERVAL '. $upd_end .' DAY)';
+
+ if ((isset($_POST['selection'])) and (trim($settxt) != ''))
+ {
+ $uid = (int) $_POST['selection'];
+ $query = '
+ UPDATE '.WEB_SERVICES_ACCESS_TABLE.'
+ SET '.$settxt.'
+ WHERE id = '.$uid.'; ';
+ pwg_query($query);
+ $template->append(
+ 'update_results',
+ l10n('ws_update_legend').l10n('ws_success_upd')
+ );
+ } else {
+ $template->append(
+ 'update_results',
+ l10n('ws_update_legend').l10n('ws_failed_upd')
+ );
+ }
+}
+// Next, Delete selected access
+
+if (isset($_POST['wsX_submit']))
+{
+ if ((isset($_POST['delete_confirmation']))
+ and (isset($_POST['selection'])))
+ {
+ $uid = (int) $_POST['selection'];
+ $query = 'DELETE FROM '.WEB_SERVICES_ACCESS_TABLE.'
+ WHERE id = '.$uid.'; ';
+ pwg_query($query);
+ $template->append(
+ 'update_results',
+ l10n('ws_delete_legend').l10n('ws_success_upd')
+ );
+ } else {
+ $template->append(
+ 'update_results',
+ l10n('Not selected / Not confirmed').l10n('ws_failed_upd')
+ );
+ }
+}
+
+
+
+$template->assign(
+ array(
+ 'U_HELP' => get_root_url().'popuphelp.php?page=web_service',
+ )
+ );
+
+// Build where
+$where = '';
+$order = ' ORDER BY `id` DESC' ;
+
+$query = '
+SELECT *
+ FROM '.WEB_SERVICES_ACCESS_TABLE.'
+WHERE 1=1 '
+.$where.
+' '
+.$order.
+';';
+$result = pwg_query($query);
+$acc_list = mysql_num_rows($result);
+$result = pwg_query($query);
+// +-----------------------------------------------------------------------+
+// | template init |
+// +-----------------------------------------------------------------------+
+
+$template->set_filenames(
+ array(
+ 'ws_checker' => 'admin/ws_checker.tpl'
+ )
+ );
+
+
+// Access List
+while ($row = mysql_fetch_array($result))
+{
+ $chk_partner = ( $chk_partner == '' ) ? $row['name'] : $chk_partner;
+ $template->append(
+ 'access_list',
+ array(
+ 'ID' => $row['id'],
+ 'NAME' =>
+ (is_adviser()) ? '*********' : $row['name'],
+ 'TARGET' => $row['access'],
+ 'END' => $row['end'],
+ 'REQUEST' => $row['request'],
+ 'LIMIT' => $row['limit'],
+ 'COMMENT' => $row['comment'],
+ )
+ );
+}
+
+$template->assign('add_requests', $req_type_list);
+
+$template->assign('add_limits', $conf['ws_allowed_limit'] );
+
+// Postponed Start Date
+// By default 0, 1, 2, 3, 5, 7, 14 or 30 days
+/*foreach ($conf['ws_postponed_start'] as $value) {
+ $template->assign_block_vars(
+ 'add_start',
+ array(
+ 'VALUE'=> $value,
+ 'CONTENT' => $value,
+ 'SELECTED' => ($conf['ws_postponed_start'][0] == $value) ? $selected:'',
+ )
+ );
+}*/
+
+// Durations (Allowed Web Services Period)
+// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) or 15, 10, 7, 5, 1, 0 day(s)
+$template->assign('add_ends', $conf['ws_durations']);
+
+if ( $chk_partner !== '' )
+{
+ if (function_exists('curl_init'))
+ {
+ $request = get_absolute_root_url().'ws.php?method=pwg.getVersion&format=rest&'
+ . "partner=$chk_partner" ;
+ $session = curl_init($request);
+ curl_setopt ($session, CURLOPT_POST, true);
+ curl_setopt($session, CURLOPT_HEADER, true);
+ curl_setopt($session, CURLOPT_RETURNTRANSFER, true);
+ $response = curl_exec($session);
+ curl_close($session);
+ $status_code = array();
+ preg_match('/\d\d\d/', $response, $status_code);
+ switch( $status_code[0] ) {
+ case 200:
+ $ws_status = l10n('Web Services under control');
+ break;
+ case 503:
+ $ws_status = 'Piwigo Web Services failed and returned an '
+ . 'HTTP status of 503. Service is unavailable. An internal '
+ . 'problem prevented us from returning data to you.';
+ break;
+ case 403:
+ $ws_status = 'Piwigo Web Services failed and returned an '
+ . 'HTTP status of 403. Access is forbidden. You do not have '
+ . 'permission to access this resource, or are over '
+ . 'your rate limit.';
+ break;
+ case 400:
+ // You may want to fall through here and read the specific XML error
+ $ws_status = 'Piwigo Web Services failed and returned an '
+ . 'HTTP status of 400. Bad request. The parameters passed '
+ . 'to the service did not match as expected. The exact '
+ . 'error is returned in the XML response.';
+ break;
+ default:
+ $ws_status = 'Piwigo Web Services returned an unexpected HTTP '
+ . 'status of:' . $status_code[0];
+ }
+ }
+ else
+ {
+ $ws_status = 'Cannot check - curl not installed';
+ }
+ $template->assign( 'WS_STATUS', $ws_status );
+}
+
+//----------------------------------------------------------- sending html code
+
+$template->assign_var_from_handle('ADMIN_CONTENT', 'ws_checker');
+
+include_once(PHPWG_ROOT_PATH.'include/ws_core.inc.php');
+?>