From 9d451f6aa18f7eb0673a37be8fdb98a82955cdb2 Mon Sep 17 00:00:00 2001 From: vdigital Date: Tue, 23 Jan 2007 20:38:04 +0000 Subject: ws_status is now removed from config table. It will be replaced by ws_access_control managed in config file. git-svn-id: http://piwigo.org/svn/trunk@1745 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin/ws_checker.php | 631 ++++++++++++++---------------- language/en_UK.iso-8859-1/admin.lang.php | 1 - language/fr_FR.iso-8859-1/admin.lang.php | 1 - template/yoga/admin/ws_checker.tpl | 52 +-- web_service.php | 641 ------------------------------- 5 files changed, 300 insertions(+), 1026 deletions(-) delete mode 100644 web_service.php diff --git a/admin/ws_checker.php b/admin/ws_checker.php index 3c83d1735..a434573ba 100644 --- a/admin/ws_checker.php +++ b/admin/ws_checker.php @@ -1,343 +1,288 @@ - \''.boolean_to_string($ws_status).'\' -;'; - pwg_query($query); - $conf['ws_status'] = $ws_status; - } - $template->assign_block_vars( - 'update_result', - array( - 'UPD_ELEMENT'=> $lang['ws_set_status'].': '.$ws_update, - ) - ); -} - -// Next, is a new access required? - -if (isset($_POST['wsa_submit'])) -{ -// Check $_post -$add_partner = htmlspecialchars( $_POST['add_partner'], ENT_QUOTES); -$add_access = check_target( $_POST['add_access']) ; -$add_start = ( is_numeric($_POST['add_start']) ) ? $_POST['add_start']:0; -$add_end = ( is_numeric($_POST['add_end']) ) ? $_POST['add_end']:0; -$add_request = ( ctype_alpha($_POST['add_request']) ) ? - $_POST['add_request']:''; -$add_high = ( $_POST['add_high'] == 'true' ) ? 'true':'false'; -$add_normal = ( $_POST['add_normal'] == 'true' ) ? 'true':'false'; -$add_limit = ( is_numeric($_POST['add_limit']) ) ? $_POST['add_limit']:1; -$add_comment = htmlspecialchars( $_POST['add_comment'], ENT_QUOTES); -if ( strlen($add_partner) < 8 ) -{ -} - $query = ' -INSERT INTO '.WEB_SERVICES_ACCESS_TABLE.' -( `name` , `access` , `start` , `end` , `request` , - `high` , `normal` , `limit` , `comment` ) -VALUES (' . " - '$add_partner', '$add_access', - ADDDATE( NOW(), INTERVAL $add_start DAY), - ADDDATE( NOW(), INTERVAL $add_end DAY), - '$add_request', '$add_high', '$add_normal', '$add_limit', '$add_comment' );"; - - pwg_query($query); - - $template->assign_block_vars( - 'update_result', - array( - 'UPD_ELEMENT'=> $lang['ws_adding_legend'].$lang['ws_success_upd'], - ) - ); -} - -// Next, Update selected access -if (isset($_POST['wsu_submit'])) -{ - $upd_end = ( is_numeric($_POST['upd_end']) ) ? $_POST['upd_end']:0; - $settxt = ' end = ADDDATE(NOW(), INTERVAL '. $upd_end .' DAY)'; - - if ((isset($_POST['selection'])) and (trim($settxt) != '')) - { - $uid = (int) $_POST['selection']; - $query = ' - UPDATE '.WEB_SERVICES_ACCESS_TABLE.' - SET '.$settxt.' - WHERE id = '.$uid.'; '; - pwg_query($query); - $template->assign_block_vars( - 'update_result', - array( - 'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_success_upd'], - ) - ); - } else { - $template->assign_block_vars( - 'update_result', - array( - 'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_failed_upd'], - ) - ); - } -} -// Next, Delete selected access - -if (isset($_POST['wsX_submit'])) -{ - if ((isset($_POST['delete_confirmation'])) - and (isset($_POST['selection']))) - { - $uid = (int) $_POST['selection']; - $query = 'DELETE FROM '.WEB_SERVICES_ACCESS_TABLE.' - WHERE id = '.$uid.'; '; - pwg_query($query); - $template->assign_block_vars( - 'update_result', - array( - 'UPD_ELEMENT'=> $lang['ws_delete_legend'].$lang['ws_success_upd'], - ) - ); - } else { - $template->assign_block_vars( - 'update_result', - array( - 'UPD_ELEMENT'=> $lang['Not selected / Not confirmed'] - .$lang['ws_failed_upd'], - ) - ); - } -} - - -$ws_status = $conf['ws_status']; -$template->assign_vars( - array( - 'L_CURRENT_STATUS' => ( $ws_status == true ) ? - $lang['ws_enable']:$lang['ws_disable'], - 'STATUS_YES' => ( $ws_status == true ) ? '':'checked', - 'STATUS_NO' => ( $ws_status == true ) ? 'checked':'', - 'DEFLT_HIGH_YES' => '', - 'DEFLT_HIGH_NO' => 'checked', - 'DEFLT_NORMAL_YES' => '', - 'DEFLT_NORMAL_NO' => 'checked', - 'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=web_service', - ) - ); - -// Build where -$where = ''; -$order = ' ORDER BY `id` DESC' ; - -$query = ' -SELECT * - FROM '.WEB_SERVICES_ACCESS_TABLE.' -WHERE 1=1 ' -.$where. -' ' -.$order. -';'; -$result = pwg_query($query); -$acc_list = mysql_num_rows($result); -$result = pwg_query($query); -// +-----------------------------------------------------------------------+ -// | template init | -// +-----------------------------------------------------------------------+ - -$template->set_filenames( - array( - 'ws_checker' => 'admin/ws_checker.tpl' - ) - ); - -$checked = 'checked="checked"'; -$selected = 'selected="selected"'; -$num=0; -if ( $acc_list > 0 ) -{ - $template->assign_block_vars( - 'acc_list', array() ); -} - -// Access List -while ($row = mysql_fetch_array($result)) -{ - $num++; - $template->assign_block_vars( - 'acc_list.access', - array( - 'CLASS' => ($num % 2 == 1) ? 'row1' : 'row2', - 'ID' => $row['id'], - 'NAME' => - (is_adviser()) ? '*********' : $row['name'], - 'ACCESS' => $row['access'], - 'START' => $row['start'], - 'END' => $row['end'], - 'FORCE' => $row['request'], - 'HIGH' => $row['high'], - 'NORMAL' => $row['normal'], - 'LIMIT' => $row['limit'], - 'COMMENT' => $row['comment'], - 'SELECTED' => '', - ) - ); -} - -$template->assign_block_vars( - 'add_request', - array( - 'VALUE'=> '', - 'CONTENT' => '', - 'SELECTED' => $selected, - ) -); -foreach ($req_type_list as $value) { - - $template->assign_block_vars( - 'add_request', - array( - 'VALUE'=> $value, - 'CONTENT' => $lang['ws_'.$value], - 'SELECTED' => '', - ) - ); -} - -$columns = array ( - 'ID' => 'id', - 'ws_KeyName' => 'name', - 'ws_Access' => 'ws_access', - 'ws_Start' => 'ws_start', - 'ws_End' => 'ws_end', - 'ws_Request' => 'ws_request', - 'ws_High' => 'ws_high', - 'ws_Normal' => 'ws_normal', - 'ws_Limit' => 'ws_limit', - 'ws_Comment' => 'ws_comment', -); - -foreach ($conf['ws_allowed_limit'] as $value) { - $template->assign_block_vars( - 'add_limit', - array( - 'VALUE'=> $value, - 'CONTENT' => $value, - 'SELECTED' => ($conf['ws_allowed_limit'][0] == $value) ? $selected:'', - ) - ); -} - -// Postponed Start Date -// By default 0, 1, 2, 3, 5, 7, 14 or 30 days -foreach ($conf['ws_postponed_start'] as $value) { - $template->assign_block_vars( - 'add_start', - array( - 'VALUE'=> $value, - 'CONTENT' => $value, - 'SELECTED' => ($conf['ws_postponed_start'][0] == $value) ? $selected:'', - ) - ); -} - -// Durations (Allowed Web Services Period) -// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) or 15, 10, 7, 5, 1, 0 day(s) -foreach ($conf['ws_durations'] as $value) { - $template->assign_block_vars( - 'add_end', - array( - 'VALUE'=> $value, - 'CONTENT' => $value, - 'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'', - ) - ); - if ( $acc_list > 0 ) - { - $template->assign_block_vars( - 'acc_list.upd_end', - array( - 'VALUE'=> $value, - 'CONTENT' => $value, - 'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'', - ) - ); - } -} - -//----------------------------------------------------------- sending html code - -$template->assign_var_from_handle('ADMIN_CONTENT', 'ws_checker'); -?> +assign_block_vars( + 'update_result', + array( + 'UPD_ELEMENT'=> $lang['ws_adding_legend'].$lang['ws_success_upd'], + ) + ); +} + +// Next, Update selected access +if (isset($_POST['wsu_submit'])) +{ + $upd_end = ( is_numeric($_POST['upd_end']) ) ? $_POST['upd_end']:0; + $settxt = ' end = ADDDATE(NOW(), INTERVAL '. $upd_end .' DAY)'; + + if ((isset($_POST['selection'])) and (trim($settxt) != '')) + { + $uid = (int) $_POST['selection']; + $query = ' + UPDATE '.WEB_SERVICES_ACCESS_TABLE.' + SET '.$settxt.' + WHERE id = '.$uid.'; '; + pwg_query($query); + $template->assign_block_vars( + 'update_result', + array( + 'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_success_upd'], + ) + ); + } else { + $template->assign_block_vars( + 'update_result', + array( + 'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_failed_upd'], + ) + ); + } +} +// Next, Delete selected access + +if (isset($_POST['wsX_submit'])) +{ + if ((isset($_POST['delete_confirmation'])) + and (isset($_POST['selection']))) + { + $uid = (int) $_POST['selection']; + $query = 'DELETE FROM '.WEB_SERVICES_ACCESS_TABLE.' + WHERE id = '.$uid.'; '; + pwg_query($query); + $template->assign_block_vars( + 'update_result', + array( + 'UPD_ELEMENT'=> $lang['ws_delete_legend'].$lang['ws_success_upd'], + ) + ); + } else { + $template->assign_block_vars( + 'update_result', + array( + 'UPD_ELEMENT'=> $lang['Not selected / Not confirmed'] + .$lang['ws_failed_upd'], + ) + ); + } +} + + + +$template->assign_vars( + array( + 'DEFLT_HIGH_YES' => '', + 'DEFLT_HIGH_NO' => 'checked', + 'DEFLT_NORMAL_YES' => '', + 'DEFLT_NORMAL_NO' => 'checked', + 'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=web_service', + ) + ); + +// Build where +$where = ''; +$order = ' ORDER BY `id` DESC' ; + +$query = ' +SELECT * + FROM '.WEB_SERVICES_ACCESS_TABLE.' +WHERE 1=1 ' +.$where. +' ' +.$order. +';'; +$result = pwg_query($query); +$acc_list = mysql_num_rows($result); +$result = pwg_query($query); +// +-----------------------------------------------------------------------+ +// | template init | +// +-----------------------------------------------------------------------+ + +$template->set_filenames( + array( + 'ws_checker' => 'admin/ws_checker.tpl' + ) + ); + +$selected = 'selected="selected"'; +$num=0; +if ( $acc_list > 0 ) +{ + $template->assign_block_vars( + 'acc_list', array() ); +} + +// Access List +while ($row = mysql_fetch_array($result)) +{ + $num++; + $template->assign_block_vars( + 'acc_list.access', + array( + 'CLASS' => ($num % 2 == 1) ? 'row1' : 'row2', + 'ID' => $row['id'], + 'NAME' => + (is_adviser()) ? '*********' : $row['name'], + 'ACCESS' => $row['access'], + 'START' => $row['start'], + 'END' => $row['end'], + 'FORCE' => $row['request'], + 'HIGH' => $row['high'], + 'NORMAL' => $row['normal'], + 'LIMIT' => $row['limit'], + 'COMMENT' => $row['comment'], + 'SELECTED' => '', + ) + ); +} + +$template->assign_block_vars( + 'add_request', + array( + 'VALUE'=> '', + 'CONTENT' => '', + 'SELECTED' => $selected, + ) +); +foreach ($req_type_list as $value) { + + $template->assign_block_vars( + 'add_request', + array( + 'VALUE'=> $value, + 'CONTENT' => $lang['ws_'.$value], + 'SELECTED' => '', + ) + ); +} + +foreach ($conf['ws_allowed_limit'] as $value) { + $template->assign_block_vars( + 'add_limit', + array( + 'VALUE'=> $value, + 'CONTENT' => $value, + 'SELECTED' => ($conf['ws_allowed_limit'][0] == $value) ? $selected:'', + ) + ); +} + +// Postponed Start Date +// By default 0, 1, 2, 3, 5, 7, 14 or 30 days +foreach ($conf['ws_postponed_start'] as $value) { + $template->assign_block_vars( + 'add_start', + array( + 'VALUE'=> $value, + 'CONTENT' => $value, + 'SELECTED' => ($conf['ws_postponed_start'][0] == $value) ? $selected:'', + ) + ); +} + +// Durations (Allowed Web Services Period) +// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) or 15, 10, 7, 5, 1, 0 day(s) +foreach ($conf['ws_durations'] as $value) { + $template->assign_block_vars( + 'add_end', + array( + 'VALUE'=> $value, + 'CONTENT' => $value, + 'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'', + ) + ); + if ( $acc_list > 0 ) + { + $template->assign_block_vars( + 'acc_list.upd_end', + array( + 'VALUE'=> $value, + 'CONTENT' => $value, + 'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'', + ) + ); + } +} + +//----------------------------------------------------------- sending html code + +$template->assign_var_from_handle('ADMIN_CONTENT', 'ws_checker'); +?> diff --git a/language/en_UK.iso-8859-1/admin.lang.php b/language/en_UK.iso-8859-1/admin.lang.php index 8825f1a2f..cfef25076 100644 --- a/language/en_UK.iso-8859-1/admin.lang.php +++ b/language/en_UK.iso-8859-1/admin.lang.php @@ -499,7 +499,6 @@ $lang['Elements_not_linked'] = 'Not linked elements'; $lang['web_services'] = 'Web services '; $lang['title_wscheck'] = ' Access management '; $lang['ws_set_status'] = ' Environment '; -$lang['ws_status'] = ' Status '; $lang['ws_enable'] = ' Enable '; $lang['ws_disable'] = ' Disable '; $lang['ws set to'] = ' Environment temporary set '; diff --git a/language/fr_FR.iso-8859-1/admin.lang.php b/language/fr_FR.iso-8859-1/admin.lang.php index 8d5bc1072..6cac43b70 100644 --- a/language/fr_FR.iso-8859-1/admin.lang.php +++ b/language/fr_FR.iso-8859-1/admin.lang.php @@ -498,7 +498,6 @@ $lang['Elements_not_linked'] = 'El $lang['web_services'] = 'Services Web '; $lang['title_wscheck'] = ' Gestion des accès '; $lang['ws_set_status'] = ' Environnement '; -$lang['ws_status'] = ' Statut '; $lang['ws_enable'] = ' Actif '; $lang['ws_disable'] = ' Inactif '; $lang['ws set to'] = ' Modifier temporairement l\'environnement en '; diff --git a/template/yoga/admin/ws_checker.tpl b/template/yoga/admin/ws_checker.tpl index 8bc336d85..e3b187622 100644 --- a/template/yoga/admin/ws_checker.tpl +++ b/template/yoga/admin/ws_checker.tpl @@ -13,37 +13,6 @@ - - -
- -
- {lang:ws_set_status} : {L_CURRENT_STATUS} - - - - - - -
- {lang:ws set to}       -       - - -   - - -
-
-
- -
@@ -114,6 +83,7 @@ + - + --> @@ -150,6 +120,7 @@ + + @@ -228,11 +200,11 @@   {lang:ws_KeyName} {lang:ws_Access} - {lang:ws_Start} + {lang:ws_End} {lang:ws_Request} - {lang:ws_High} - {lang:ws_Normal} + + {lang:ws_Limit} {lang:ws_Comment} @@ -244,11 +216,11 @@ {acc_list.access.ACCESS} - {acc_list.access.START} + {acc_list.access.END} {acc_list.access.FORCE} - {acc_list.access.HIGH} - {acc_list.access.NORMAL} + + {acc_list.access.LIMIT} {acc_list.access.COMMENT} diff --git a/web_service.php b/web_service.php deleted file mode 100644 index f4568e2a1..000000000 --- a/web_service.php +++ /dev/null @@ -1,641 +0,0 @@ - 20 ) ? substr($key,0,20) : $key; -$len = strlen($key); -$hash = 0; -if (isset($_GET['pos'])) -{ - $hash = (!is_numeric($_GET['pos'])) ? 0 : $_GET['pos']; - $hash = (int) $hash; - $hash = $hash % 12; -} -$query = ' -SELECT `id`, `name`, `access`, `start`, `end`, `request`, - `high`, `normal`, `limit`, `comment` - FROM '.WEB_SERVICES_ACCESS_TABLE.' -;'; - -$result = pwg_query($query); - -while ($row = mysql_fetch_array($result)) -{ - if ( substr( md5($row['name']),$hash,$len) == $key ) - { - $len = 0; - $def = $row; - continue; - } -} -if ( $len > 0 ) -{ - die('Invalid key!'); -} - -// $def = Web service already defined partner access - -// -// Now, the partner will get a reply in time -// -$stat_id = 'Web Service'; -if (isset($_SERVER["HTTP_REFERER"]) and - !eregi($_SERVER["HTTP_HOST"],$_SERVER["HTTP_REFERER"])) -{ - $stats_id = substr($_SERVER["HTTP_REFERER"],7); - $pos = strpos($stats_id,'/'); - $stats_id = ( $pos>0 ) ? substr($stats_id,0,$pos) : $stats_id; -} - -// Check keywords -// Key and pos are correct -// &acc=cat/23,25-32&req=landscape&lim=5&tpl=myxml - -// Requested id list and authorized id list -// Both may empty -// Both can be build on differents basis cat/tag/list -// Both have to be convert in id list format -$req_access =''; -if (isset($_GET['pos'])) -{ - $req_access = check_target($_GET['acc']); -} -// on one hand $req_access, requested ids -$req_type = explode('/',$req_access); -$req_ids = explode( ',',$req_type[1] ); -$req_list = expand_id_list( $req_ids ); -if ($req_type[0]=='cat') -{ - $req_list = convert_catlist($req_list); -} -if ($req_type[0]=='tag') -{ - $req_list = get_image_ids_for_tags($req_list); -} -// echo $def['name'].'
'; -// on the other hand $def['access'], authorized default ids -$def_type = explode('/',$def['access']); -$def_ids = explode( ',',$def_type[1] ); -$def_list = expand_id_list( $def_ids ); -if ($def_type[0]=='cat') -{ - $def_list = convert_catlist($def_list); -} -if ($def_type[0]=='tag') -{ - $def_list = get_image_ids_for_tags($def_list); -} - -// could be no necessary, a surplus but we are obliged to -// Filter on forbidden_categories (default can have change from creation time) -$list = implode(',',$def_list); - -$ret_ids = array(); -$query = ' -SELECT DISTINCT image_id - FROM '.IMAGE_CATEGORY_TABLE.' -WHERE -'.get_sql_condition_FandF - ( - array - ( - 'forbidden_categories' => 'category_id', - 'visible_categories' => 'category_id', - 'visible_images' => 'image_id' - ), - '', true - ).' - AND image_id IN ('.$list.') -;'; -$result = pwg_query($query); -while ($row = mysql_fetch_array($result)) -{ - $ret_ids[] = $row['image_id']; -} -$def_ids = $ret_ids; - -// Notice: Filtering on forbidden_categories (from requested id list) -// is completely superfluous (see few lines below). -$req_ids = $req_list; - -// if no requested ids then is the complete default -if (count($req_ids)==0) -{ - $req_ids = $def_ids; -} - -// Removing requested ids not in authorized access list -// if requested ids they must be in the complete default and only those -// will be assumed. (Including forbidden... ) -$final = array(); -foreach ( $req_ids as $req_id ) -{ - if ( in_array($req_id, $def_ids) ) - { - $final[] = $req_id; - } -} - -$final = array_unique ($final); -sort ($final); - -// 77f1180bd215a0edf66939 -// web_service.php?key=77f1180bd215&pos=3&acc=list/41,73,142,178,190,204,235-238&req=recent&lim=1&tpl=myxml - -$request = (isset($_GET['req']))? $_GET['req']:$def['request']; -// if type of request is different from the authorized type then force it -if ( $def['request'] !== '' and $request !== $def['request'] ) - -{ - $request = $def['request']; -} -// if it is not an official request then force it -// (remark that default request can no longer exist -// (later an Upgrade, or a remove) so... -$official = official_req(); -if ( !in_array($request, $official ) ) -{ - $request = $official[0]; // default request is the first one -} -// limit belong default (remember $def['limit'] is always set) -$limit = (isset($_GET['limit']))? $_GET['limit']:$def['limit']; -$limit = (is_numeric($limit))? $limit:$def['limit']; -$limit = ( $limit < $def['limit'] ) ? $limit:$def['limit']; - -// XML template -$tplfile = (isset($_GET['tpl']))? $_GET['tpl']:'default'; -// FIXME additional controls are maybe needed on $tplfile - - -trigger_action('loc_begin_'.$request); -$template->set_filenames(array( $tplfile => 'XML/'. $tplfile .'.tpl')); - -// Generate the request -include(PHPWG_ROOT_PATH. 'services/' .$request. '.php'); - - -// +-----------------------------------------------------------------------+ -// | XML/xhtml code display | -// +-----------------------------------------------------------------------+ -header('Content-Type: text/xml; charset=UTF-8'); -//header('Content-Type: text/html; charset='.$lang_info['charset']); -$template->parse($tplfile); - -// echo 'Trace temporaire
'; -// echo '$final:
' . var_dump($final); -// -die(''); -// FIXME// FIXME// FIXME// FIXME// FIXME// FIXME// FIXME// FIXME - -//------------------------------------------------------------ log informations -pwg_log($request, $stats_id, $tplfile); // or something like that - - - - - - -// Check requested XML template -// - -// Generate query -// - -// Generate XML -// - -// Log it -// - - - -// Old code below - -//------------ Main security strategy --------------------- -$partner_id = 'default'; -// Security considerations: HTTP_REFERER and FOPEN -// 1 - FOPEN doesn't update current HTTP_REFERER -// 2 - HTTP_REFERER may be hidden/altered for lot of reasons. -// 3 - By this process, you can log HTTP_REFERER of your partner (not yours). -// 4 - Logging HTTP_REFERER needs declarative procedures in some countries. -// 5 - Following those links can be considered as risky. -// 6 - You can turn off, referer logging by $conf['ws-refback'] = false; -// 7 - In the other hand, your partner may give his key to another web site. -// Above all, this information is just an indication. -// $conf['ws-refback'] : Default value is false. - -if (isset($_SERVER["HTTP_REFERER"]) and - !eregi($_SERVER["HTTP_HOST"],$_SERVER["HTTP_REFERER"])) -{ - $partner_id = substr($_SERVER["HTTP_REFERER"],7); - $pos = strpos($partner_id,'/'); - $partner_id = ( $pos>0 ) ? substr($partner_id,0,$pos) : $partner_id; -} -// $partner_id = Is used to check prohibited REFER site (but not only) -// example: www.prohibited-access.be - -if ( isset($conf['ws-refback']) and $conf['ws-refback']) -{ - $log_id = $partner_id; -} -else -{ - $log_id = ''; // Would be set in time by process end -} -// $log_id = History log information -// examples: forum.phpwebgallery.net -// phpwebgallery.net -// demo.phpwebgallery.net - -// -$partner_id = strtolower($partner_id); -// Prohibited REFER: $partner_id is compared (strtolower). -// -//----------------------------- Is a prohibited refer? -if ( $partner_id !== 'default' ) -{ - // Is Referer a prohibited site? - // Compare requestor site to web service key table - // Found and limit = 0 => die - foreach ( $conf['ws_keys'] as $key => $vkey ) - { - if ( strtolower($vkey['id']) == $partner_id and $vkey['limit'] == 0 ) - { - pwg_log( 'WS Prohibited', 'Req.:'.$type, 'From: ws_keys['.$key.']' ); - die($lang['access_forbiden']); - } - } -} -//----------------------------- Which access he will use? -$access = check_ws_access( $conf['ws_keys'] ); -// given key arg is compared asis (Take care of upper/lower case). - -parse_str($access['force'], $force); -// $force contains all forced arguments -// get requested arguments and apply limits -$force['limit'] = ( isset($access['limit']) ) ? $access['limit'] : - $conf['ws_limit'] ; -$arg = force_arg_ws_limit( $force, $conf['ws_limit'] ); -// $arg contains all retain query arguments - -// Warning about $arg !!! Warning !!! Warning !!! Warning !!! Warning !!! -// specially to MOD developpers : -// FOR SECURITY REASON NEVER USE extract() AGAINST $arg -// ( $arg is like $_GET ) - -if ( is_numeric(isset($arg['cat'])) ) -{ - $arg['cat']=floor($arg['cat']); -} -else -{ - unset($arg['cat']); -} -// AND category_id is concatenated if requested or forced -$cat_criterion = ''; -if ( isset($arg['cat']) and ($arg['cat']) > 0 ) -{ - $cat_criterion = ' AND ic.`category_id` ='.$arg['cat'].' '; -} -//-------------------------------------------- SQL Query statement building -// Has to be tested against a LARGE configuration -// for performance consideration -// and maybe rewrite in some cases. - -// All below has to be check to respect code writing rule convention - - - -$query=' - SELECT DISTINCT (i.`id`), - i.`path` , i.`file` , i.`date_available` , - i.`date_creation`, i.`tn_ext` , i.`name` , - i.`filesize` , i.`storage_category_id` , i.`average_rate`, - i.`comment` , i.`author` , i.`hit` ,i.`width` , - i.`height` - FROM `'.IMAGES_TABLE.'` AS i - INNER JOIN `'.IMAGE_CATEGORY_TABLE.'` - AS ic ON i.`id` = ic.`image_id` - INNER JOIN `'.CATEGORIES_TABLE.'` - AS c ON c.`id` = ic.`category_id` - WHERE c.`status` = \'public\' - AND i.`width` > 0 - AND i.`height` > 0 - AND i.`representative_ext` IS NULL - '.$cat_criterion.' - '.get_sql_condition_FandF - ( - array - ( - 'forbidden_categories' => 'c.id', - 'visible_categories' => 'c.id', - 'visible_images' => 'i.id' - ), - 'AND' - ); - -// AND c.`agreed_ws` = \'true\' (Obsolete specification replaced by force) - -$list = ( isset($arg['list']) ) ? $arg['list'] : ''; -$type = $arg['type']; -switch($type) -{ - case ($type === 'random' or $type === 'listcat'): /* Random order */ - $query .= ' ORDER BY RAND() DESC '; - break; - case ($type === 'list'): /* list on MBt & z0rglub request */ - $query .= ' AND i.`id` IN ('.$list.') '; - break; - case $type === 'maxviewed': /* hit > 0 and hit desc order */ - $query .= ' AND i.`hit` > 0 - ORDER BY i.`hit` DESC, RAND() DESC '; - break; - case $type === 'recent': /* recent = Date_available desc order */ - $query .= ' ORDER BY i.`date_available` DESC, RAND() DESC '; - break; - case $type === 'highrated': /* avg_rate > 0 and desc order */ -// French Joke : Cette requete s'appelle officieusement l' "ail_gratte" - $query .= ' AND i.`average_rate` > 0 - ORDER BY i.`average_rate` DESC, RAND() DESC '; - break; - case $type === 'oldest': /* Date_available asc order */ - $query .= ' ORDER BY i.`date_available` ASC, RAND() DESC '; - break; - case $type === 'lessviewed': /* hit asc order */ -// French Joke : Cette requete s'appelle officieusement la "lessive" - $query .= ' ORDER BY i.`hit` ASC, RAND() DESC '; - break; - case $type === 'lowrated': /* avg_rate asc order */ - $query .= ' AND i.`average_rate` IS NOT NULL - ORDER BY i.`average_rate` ASC, RAND() DESC '; - break; - case $type === 'undescribed': /* description missing */ -// US/UK Joke : This request is unofficially named 'indiscribable' horror - $query .= ' AND i.`comment` IS NULL - ORDER BY RAND() DESC '; - break; - case $type === 'unnamed': /* new name missing */ - $query .= ' AND i.`comment` IS NULL - ORDER BY RAND() DESC '; - break; - case $type === 'portraits': /* width < height (portrait oriented) */ - $query .= ' AND `width` < (`height` * 0.95) - ORDER BY RAND() DESC '; - break; - case $type === 'landscapes': /* width > height (landscape oriented) */ - $query .= ' AND `width` > (`height` * 1.05) - ORDER BY RAND() DESC '; - break; - case $type === 'squares': /* width ~ height (square form) */ - $query .= ' AND `width` BETWEEN (`height` * 0.95) - AND (`height` * 1.05) - ORDER BY RAND() DESC '; - break; - default: /* Just say: Goodbye !!! */ - die($lang['access_forbiden']); -} /* End switch */ -$query .= ' LIMIT 0 , '.$arg['limit'].';'; -$result = pwg_query( $query ); -$attributes = array( 'width', 'height', 'author', 'date_creation', - 'date_available', 'hit', 'filesize'); -$xml = ' '; -$hr_nbr = 0; $ns_nbr = 0; $tn_nbr = 0; -if ( $log_id == '') -{ - foreach ( $conf['ws_keys'] as $key => $vkey ) - { - if ( $vkey['id'] == $access['id'] ) - { - $log_id = 'R:#'.$key; - break; - } - } -} -while ( $row = mysql_fetch_array( $result ) ) -{ - $tn_nbr++; - $item = ' 0 ) - { - $hr_nbr++; - $item .= ' hrsrc="'.$high.'"'; - $item .= ' hrwidth="'.$hrsize[0].'"'; - $item .= ' hrheight="'.$hrsize[1].'"'; - } - } - $xml .= $item.' />'; - //-------------------------------------- picture ----- log informations -// request_type ( R:#id_requester ), real_category_id [ request_number ], image_file_name ); - pwg_log( $type.'('.$log_id.')', $row['storage_category_id'].'['.$tn_nbr.']', $row['file'] ); -} -$xml .= ' '; -echo $xml; // Send XML -//---------------------------------------- service ----- log informations -$size = 'tn('.$tn_nbr.')'; // thumbnails -if ( $ns_nbr > 0 ) -{ - $size = '('.$ns_nbr.')'; // pictures -} -if ( $hr_nbr > 0 ) -{ - $size = 'HR('.$hr_nbr.'/'.$tn_nbr.')'; // high res. -} - -//pwg_log( 'Web service', 'Req.:'.$type, 'From:'.$log_id ); - - - - - - - /*-- Web Service function - Which access is correct for this resquest? - Compare requestor key to web service key table - If 'defined' => use that one - If not => use default access - If no 'defined' default => exit - 'defined' : Obviously check period and not only defined access - - Return corresponding access (= an entry from web service key table) - --*/ -function check_ws_access( $ws_keys ) -{ - $partnr = ( isset($_GET['key']) ) ? $_GET['key'] : 'default'; - - foreach ( $ws_keys as $key => $access ) - { - if ( $access['id'] == $partnr ) - { - break; - } - } - if ( $access['id'] !== $partnr ) // Not found? =default. - { - $access = $ws_keys[0]; - if ( $access['id'] !== 'default' ) // Check if it's really default - { // definition - die($lang['access_forbiden']); // No default access - } - } - // Checking Dates... - // Take care of that: my partner can be out of dates - // but via default... Answer is NO. - // With out of date period, a partner can be seen as prohibited partner - // if you want to authorise him/her change $conf['ws_keys'] - - // Tests are done with server local time... - if (isset($access['end']) and date('Y-m-d H:i:s')>$access['end']) - { //-- Access ended? - die($lang['access_forbiden']); //-- BTW prohibited - } - if (isset($access['start']) and date('Y-m-d H:i:s')<$access['start']) - { //-- Access started? - die($lang['access_forbiden']); - } - return $access; -} - - /*-- Web Sevice function - Force global arguments to ensure access restriction - ( access defined in web service key table ) - Considering the default limit as well and prohibited site case - - Return overided request ( overided $_GET ) - --*/ -function force_arg_ws_limit( $use, $default ) -{ - if ( $use['limit'] < 1 ) - { //-- Access deny - die($lang['access_forbiden']); - } - $arg = $_GET; // what is required? - if (!isset($arg['limit'])) - { - $arg['limit']=$use['limit']; - } - if (!is_numeric($arg['limit'])) - { - $arg['limit']=$use['limit']; - } - // ----------- use force arg if they are some - foreach ( $use as $kuse => $vuse ) - { - if ( $kuse !== 'limit' ) - { - $arg[$kuse] = $vuse; - } - } - $arg['limit'] = floor(min($arg['limit'], $use['limit'])); - return $arg; -} -?> -- cgit v1.2.3