From 9d451f6aa18f7eb0673a37be8fdb98a82955cdb2 Mon Sep 17 00:00:00 2001
From: vdigital <vdigital@piwigo.org>
Date: Tue, 23 Jan 2007 20:38:04 +0000
Subject: ws_status is now removed from config table. It will be replaced by
 ws_access_control managed in config file.

git-svn-id: http://piwigo.org/svn/trunk@1745 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/ws_checker.php | 631 +++++++++++++++++++++++----------------------------
 1 file changed, 288 insertions(+), 343 deletions(-)

(limited to 'admin/ws_checker.php')

diff --git a/admin/ws_checker.php b/admin/ws_checker.php
index 3c83d1735..a434573ba 100644
--- a/admin/ws_checker.php
+++ b/admin/ws_checker.php
@@ -1,343 +1,288 @@
-<?php
-// +-----------------------------------------------------------------------+
-// | PhpWebGallery - a PHP based picture gallery                           |
-// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
-// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
-// +-----------------------------------------------------------------------+
-// | branch        : BSF (Best So Far)
-// | file          : $RCSfile$
-// | last update   : $Date: 2006-12-15 23:16:37 +0200 (ven., 15 dec. 2006) $
-// | last modifier : $Author: vdigital $
-// | revision      : $Revision: 1658 $
-// +-----------------------------------------------------------------------+
-// | This program is free software; you can redistribute it and/or modify  |
-// | it under the terms of the GNU General Public License as published by  |
-// | the Free Software Foundation                                          |
-// |                                                                       |
-// | This program is distributed in the hope that it will be useful, but   |
-// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
-// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
-// | General Public License for more details.                              |
-// |                                                                       |
-// | You should have received a copy of the GNU General Public License     |
-// | along with this program; if not, write to the Free Software           |
-// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
-// | USA.                                                                  |
-// +-----------------------------------------------------------------------+
-
-// Next evolution... 
-// Out of parameter WS management
-// The remainer objective is to check 
-//  -  Does Web Service working properly?
-//  -  Does any access return something really?
-//     Give a way to check to the webmaster...
-// These questions are one of module name explainations (checker).
-
-if((!defined("PHPWG_ROOT_PATH")) or (!$conf['allow_web_services']))
-{
-  die('Hacking attempt!');
-}
-include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
-
-// +-----------------------------------------------------------------------+
-// | Check Access and exit when user status is not ok                      |
-// +-----------------------------------------------------------------------+
-check_status(ACCESS_ADMINISTRATOR);
-
-
-// accepted queries
-$req_type_list = official_req();
-
-//--------------------------------------------------------- update informations
-
-// Is status temporary changed?
-if (isset($_POST['wss_submit']))
-{
-  $ws_status = get_boolean( $_POST['ws_status'] );      // Requested status
-  $ws_update = $lang['ws_success_upd'];  // Normal update
-  if ($conf['allow_web_services'] == false and $ws_status == true )
-  { /* Set true is disallowed */
-    $ws_status = false;
-    $ws_update = $lang['ws_disallowed'];
-  }
-  if ( $ws_status !== true and $ws_status !== false )
-  { /* Avoiding SQL injection by no change */
-    $ws_status = $conf['ws_status'];
-  }
-  if ($conf['ws_status'] == $ws_status)
-  {
-    $ws_update = $lang['ws_disallowed'];
-  }
-  else
-  {
-    $query = '
-UPDATE '.CONFIG_TABLE.' SET
- value = \''.boolean_to_string($ws_status).'\'
-WHERE param = \'ws_status\' 
- AND value <> \''.boolean_to_string($ws_status).'\' 
-;';
-    pwg_query($query);
-    $conf['ws_status'] = $ws_status;
-  }
-  $template->assign_block_vars(
-    'update_result',
-    array(
-      'UPD_ELEMENT'=> $lang['ws_set_status'].': '.$ws_update,
-      )
-  );
-}
-
-// Next, is a new access required?
-
-if (isset($_POST['wsa_submit']))
-{
-// Check $_post
-$add_partner = htmlspecialchars( $_POST['add_partner'], ENT_QUOTES);
-$add_access = check_target( $_POST['add_access']) ;
-$add_start = ( is_numeric($_POST['add_start']) ) ? $_POST['add_start']:0; 
-$add_end = ( is_numeric($_POST['add_end']) ) ? $_POST['add_end']:0;
-$add_request = ( ctype_alpha($_POST['add_request']) ) ?
-  $_POST['add_request']:'';
-$add_high = ( $_POST['add_high'] == 'true' ) ? 'true':'false';
-$add_normal = ( $_POST['add_normal'] == 'true' ) ? 'true':'false';
-$add_limit = ( is_numeric($_POST['add_limit']) ) ? $_POST['add_limit']:1; 
-$add_comment = htmlspecialchars( $_POST['add_comment'], ENT_QUOTES);
-if ( strlen($add_partner) < 8 )
-{
-}
-  $query = '
-INSERT INTO '.WEB_SERVICES_ACCESS_TABLE.' 
-( `name` , `access` , `start` , `end` , `request` , 
-  `high` , `normal` , `limit` , `comment` ) 
-VALUES (' . "
-  '$add_partner', '$add_access',
-  ADDDATE( NOW(), INTERVAL $add_start DAY),
-  ADDDATE( NOW(), INTERVAL $add_end DAY),
-  '$add_request', '$add_high', '$add_normal', '$add_limit', '$add_comment' );";
-
-  pwg_query($query);
-  
-  $template->assign_block_vars(
-    'update_result',
-    array(
-      'UPD_ELEMENT'=> $lang['ws_adding_legend'].$lang['ws_success_upd'],
-      )
-  );
-}
-
-// Next, Update selected access
-if (isset($_POST['wsu_submit']))
-{
-  $upd_end = ( is_numeric($_POST['upd_end']) ) ? $_POST['upd_end']:0;
-  $settxt = ' end = ADDDATE(NOW(), INTERVAL '. $upd_end .' DAY)';
-
-  if ((isset($_POST['selection'])) and (trim($settxt) != ''))
-  {
-    $uid = (int) $_POST['selection'];
-    $query = '
-    UPDATE '.WEB_SERVICES_ACCESS_TABLE.' 
-    SET '.$settxt.'
-    WHERE id = '.$uid.'; ';
-    pwg_query($query);
-    $template->assign_block_vars(
-      'update_result',
-      array(
-        'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_success_upd'],
-        )
-    );
-  } else {
-    $template->assign_block_vars(
-      'update_result',
-      array(
-        'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_failed_upd'],
-        )
-    );
-  }
-}
-// Next, Delete selected access
-
-if (isset($_POST['wsX_submit']))
-{
-  if ((isset($_POST['delete_confirmation']))
-   and (isset($_POST['selection'])))
-  {
-    $uid = (int) $_POST['selection'];
-    $query = 'DELETE FROM '.WEB_SERVICES_ACCESS_TABLE.'
-               WHERE id = '.$uid.'; ';
-    pwg_query($query);
-    $template->assign_block_vars(
-      'update_result',
-      array(
-        'UPD_ELEMENT'=> $lang['ws_delete_legend'].$lang['ws_success_upd'],
-        )
-    );
-  } else {
-    $template->assign_block_vars(
-      'update_result',
-      array(
-        'UPD_ELEMENT'=> $lang['Not selected / Not confirmed']
-        .$lang['ws_failed_upd'],
-        )
-    );
-  } 
-}
-
-
-$ws_status = $conf['ws_status'];
-$template->assign_vars(
-  array(
-    'L_CURRENT_STATUS' => ( $ws_status == true ) ? 
-       $lang['ws_enable']:$lang['ws_disable'],
-    'STATUS_YES' => ( $ws_status == true ) ? '':'checked', 
-    'STATUS_NO' => ( $ws_status == true ) ? 'checked':'', 
-    'DEFLT_HIGH_YES' => '',
-    'DEFLT_HIGH_NO' => 'checked',
-    'DEFLT_NORMAL_YES' => '',
-    'DEFLT_NORMAL_NO' => 'checked',
-    'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=web_service',    
-    )
-  );
-
-// Build where
-$where = '';
-$order = ' ORDER BY `id` DESC' ;
-
-$query = '
-SELECT *
-  FROM '.WEB_SERVICES_ACCESS_TABLE.'
-WHERE 1=1  '
-.$where.
-' '
-.$order.
-';';
-$result = pwg_query($query);
-$acc_list = mysql_num_rows($result);
-$result = pwg_query($query);
-// +-----------------------------------------------------------------------+
-// |                             template init                             |
-// +-----------------------------------------------------------------------+
-
-$template->set_filenames(
-  array(
-    'ws_checker' => 'admin/ws_checker.tpl'
-    )
-  );
-
-$checked = 'checked="checked"';
-$selected = 'selected="selected"';
-$num=0;
-if ( $acc_list > 0 )
-{
-  $template->assign_block_vars(
-    'acc_list', array() );
-}
-
-// Access List
-while ($row = mysql_fetch_array($result))
-{
-  $num++;
-  $template->assign_block_vars(
-    'acc_list.access',
-     array(
-       'CLASS' => ($num % 2 == 1) ? 'row1' : 'row2',
-       'ID'               => $row['id'],
-       'NAME'             => 
-         (is_adviser()) ? '*********' : $row['name'],       
-       'ACCESS'           => $row['access'],
-       'START'            => $row['start'],
-       'END'              => $row['end'],
-       'FORCE'            => $row['request'],
-       'HIGH'             => $row['high'],
-       'NORMAL'           => $row['normal'],
-       'LIMIT'            => $row['limit'],
-       'COMMENT'          => $row['comment'],
-       'SELECTED'         => '',
-     )
-  );
-}
-
-$template->assign_block_vars(
-  'add_request',
-   array(
-     'VALUE'=> '',
-     'CONTENT' => '',
-     'SELECTED' => $selected,
-   )
-);
-foreach ($req_type_list as $value) {
-
-  $template->assign_block_vars(
-    'add_request',
-     array(
-       'VALUE'=> $value,
-       'CONTENT' => $lang['ws_'.$value],
-       'SELECTED' => '',
-     )
-  );
-}
-
-$columns = array (
-       'ID'               => 'id',
-       'ws_KeyName'       => 'name', 
-       'ws_Access'        => 'ws_access',
-       'ws_Start'         => 'ws_start',
-       'ws_End'           => 'ws_end',
-       'ws_Request'       => 'ws_request',
-       'ws_High'          => 'ws_high',
-       'ws_Normal'        => 'ws_normal',
-       'ws_Limit'         => 'ws_limit',
-       'ws_Comment'       => 'ws_comment',
-);
-
-foreach ($conf['ws_allowed_limit'] as $value) {
-  $template->assign_block_vars(
-    'add_limit',
-     array(
-       'VALUE'=> $value,
-       'CONTENT' => $value,
-       'SELECTED' => ($conf['ws_allowed_limit'][0] == $value) ? $selected:'',
-     )
-  );
-}
-
-// Postponed Start Date 
-// By default 0, 1, 2, 3, 5, 7, 14 or 30 days
-foreach ($conf['ws_postponed_start'] as $value) {
-  $template->assign_block_vars(
-    'add_start',
-     array(
-       'VALUE'=> $value,
-       'CONTENT' => $value,
-       'SELECTED' => ($conf['ws_postponed_start'][0] == $value) ? $selected:'',
-     )
-  );
-}
-
-// Durations (Allowed Web Services Period)
-// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) or 15, 10, 7, 5, 1, 0 day(s)
-foreach ($conf['ws_durations'] as $value) {
-  $template->assign_block_vars(
-    'add_end',
-     array(
-       'VALUE'=> $value,
-       'CONTENT' => $value,
-       'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'',
-     )
-  );
-  if ( $acc_list > 0 )
-  {
-    $template->assign_block_vars(
-      'acc_list.upd_end',
-       array(
-         'VALUE'=> $value,
-         'CONTENT' => $value,
-         'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'',
-       )
-    );
-  }
-}
-
-//----------------------------------------------------------- sending html code
-
-$template->assign_var_from_handle('ADMIN_CONTENT', 'ws_checker');
-?>
+<?php
+// +-----------------------------------------------------------------------+
+// | PhpWebGallery - a PHP based picture gallery                           |
+// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
+// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
+// +-----------------------------------------------------------------------+
+// | branch        : BSF (Best So Far)
+// | file          : $RCSfile$
+// | last update   : $Date$
+// | last modifier : $Author$
+// | revision      : $Revision$
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify  |
+// | it under the terms of the GNU General Public License as published by  |
+// | the Free Software Foundation                                          |
+// |                                                                       |
+// | This program is distributed in the hope that it will be useful, but   |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
+// | General Public License for more details.                              |
+// |                                                                       |
+// | You should have received a copy of the GNU General Public License     |
+// | along with this program; if not, write to the Free Software           |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA.                                                                  |
+// +-----------------------------------------------------------------------+
+
+// Next evolution... 
+// Out of parameter WS management
+// The remainer objective is to check 
+//  -  Does Web Service working properly?
+//  -  Does any access return something really?
+//     Give a way to check to the webmaster...
+// These questions are one of module name explainations (checker).
+
+if((!defined("PHPWG_ROOT_PATH")) or (!$conf['allow_web_services']))
+{
+  die('Hacking attempt!');
+}
+include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+
+// +-----------------------------------------------------------------------+
+// | Check Access and exit when user status is not ok                      |
+// +-----------------------------------------------------------------------+
+check_status(ACCESS_ADMINISTRATOR);
+
+
+// accepted queries
+$req_type_list = official_req();
+
+//--------------------------------------------------------- update informations
+
+// Is a new access required?
+
+if (isset($_POST['wsa_submit']))
+{
+// Check $_post (Some values are commented - maybe a future use)
+$add_partner = htmlspecialchars( $_POST['add_partner'], ENT_QUOTES);
+$add_access = check_target( $_POST['add_access']) ;
+$add_start = 0; // ( is_numeric($_POST['add_start']) ) ? $_POST['add_start']:0; 
+$add_end = ( is_numeric($_POST['add_end']) ) ? $_POST['add_end']:0;
+$add_request = ( ctype_alpha($_POST['add_request']) ) ?
+  $_POST['add_request']:'';
+$add_high = 'true'; // ( $_POST['add_high'] == 'true' ) ? 'true':'false';
+$add_normal = 'true'; // ( $_POST['add_normal'] == 'true' ) ? 'true':'false';
+$add_limit = ( is_numeric($_POST['add_limit']) ) ? $_POST['add_limit']:1; 
+$add_comment = htmlspecialchars( $_POST['add_comment'], ENT_QUOTES);
+if ( strlen($add_partner) < 8 )
+{
+}
+  $query = '
+INSERT INTO '.WEB_SERVICES_ACCESS_TABLE.' 
+( `name` , `access` , `start` , `end` , `request` , 
+  `high` , `normal` , `limit` , `comment` ) 
+VALUES (' . "
+  '$add_partner', '$add_access',
+  ADDDATE( NOW(), INTERVAL $add_start DAY),
+  ADDDATE( NOW(), INTERVAL $add_end DAY),
+  '$add_request', '$add_high', '$add_normal', '$add_limit', '$add_comment' );";
+
+  pwg_query($query);
+  
+  $template->assign_block_vars(
+    'update_result',
+    array(
+      'UPD_ELEMENT'=> $lang['ws_adding_legend'].$lang['ws_success_upd'],
+      )
+  );
+}
+
+// Next, Update selected access
+if (isset($_POST['wsu_submit']))
+{
+  $upd_end = ( is_numeric($_POST['upd_end']) ) ? $_POST['upd_end']:0;
+  $settxt = ' end = ADDDATE(NOW(), INTERVAL '. $upd_end .' DAY)';
+
+  if ((isset($_POST['selection'])) and (trim($settxt) != ''))
+  {
+    $uid = (int) $_POST['selection'];
+    $query = '
+    UPDATE '.WEB_SERVICES_ACCESS_TABLE.' 
+    SET '.$settxt.'
+    WHERE id = '.$uid.'; ';
+    pwg_query($query);
+    $template->assign_block_vars(
+      'update_result',
+      array(
+        'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_success_upd'],
+        )
+    );
+  } else {
+    $template->assign_block_vars(
+      'update_result',
+      array(
+        'UPD_ELEMENT'=> $lang['ws_update_legend'].$lang['ws_failed_upd'],
+        )
+    );
+  }
+}
+// Next, Delete selected access
+
+if (isset($_POST['wsX_submit']))
+{
+  if ((isset($_POST['delete_confirmation']))
+   and (isset($_POST['selection'])))
+  {
+    $uid = (int) $_POST['selection'];
+    $query = 'DELETE FROM '.WEB_SERVICES_ACCESS_TABLE.'
+               WHERE id = '.$uid.'; ';
+    pwg_query($query);
+    $template->assign_block_vars(
+      'update_result',
+      array(
+        'UPD_ELEMENT'=> $lang['ws_delete_legend'].$lang['ws_success_upd'],
+        )
+    );
+  } else {
+    $template->assign_block_vars(
+      'update_result',
+      array(
+        'UPD_ELEMENT'=> $lang['Not selected / Not confirmed']
+        .$lang['ws_failed_upd'],
+        )
+    );
+  } 
+}
+
+
+
+$template->assign_vars(
+  array(
+    'DEFLT_HIGH_YES' => '',
+    'DEFLT_HIGH_NO' => 'checked',
+    'DEFLT_NORMAL_YES' => '',
+    'DEFLT_NORMAL_NO' => 'checked',
+    'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=web_service',    
+    )
+  );
+
+// Build where
+$where = '';
+$order = ' ORDER BY `id` DESC' ;
+
+$query = '
+SELECT *
+  FROM '.WEB_SERVICES_ACCESS_TABLE.'
+WHERE 1=1  '
+.$where.
+' '
+.$order.
+';';
+$result = pwg_query($query);
+$acc_list = mysql_num_rows($result);
+$result = pwg_query($query);
+// +-----------------------------------------------------------------------+
+// |                             template init                             |
+// +-----------------------------------------------------------------------+
+
+$template->set_filenames(
+  array(
+    'ws_checker' => 'admin/ws_checker.tpl'
+    )
+  );
+
+$selected = 'selected="selected"';
+$num=0;
+if ( $acc_list > 0 )
+{
+  $template->assign_block_vars(
+    'acc_list', array() );
+}
+
+// Access List
+while ($row = mysql_fetch_array($result))
+{
+  $num++;
+  $template->assign_block_vars(
+    'acc_list.access',
+     array(
+       'CLASS' => ($num % 2 == 1) ? 'row1' : 'row2',
+       'ID'               => $row['id'],
+       'NAME'             => 
+         (is_adviser()) ? '*********' : $row['name'],       
+       'ACCESS'           => $row['access'],
+       'START'            => $row['start'],
+       'END'              => $row['end'],
+       'FORCE'            => $row['request'],
+       'HIGH'             => $row['high'],
+       'NORMAL'           => $row['normal'],
+       'LIMIT'            => $row['limit'],
+       'COMMENT'          => $row['comment'],
+       'SELECTED'         => '',
+     )
+  );
+}
+
+$template->assign_block_vars(
+  'add_request',
+   array(
+     'VALUE'=> '',
+     'CONTENT' => '',
+     'SELECTED' => $selected,
+   )
+);
+foreach ($req_type_list as $value) {
+
+  $template->assign_block_vars(
+    'add_request',
+     array(
+       'VALUE'=> $value,
+       'CONTENT' => $lang['ws_'.$value],
+       'SELECTED' => '',
+     )
+  );
+}
+
+foreach ($conf['ws_allowed_limit'] as $value) {
+  $template->assign_block_vars(
+    'add_limit',
+     array(
+       'VALUE'=> $value,
+       'CONTENT' => $value,
+       'SELECTED' => ($conf['ws_allowed_limit'][0] == $value) ? $selected:'',
+     )
+  );
+}
+
+// Postponed Start Date 
+// By default 0, 1, 2, 3, 5, 7, 14 or 30 days
+foreach ($conf['ws_postponed_start'] as $value) {
+  $template->assign_block_vars(
+    'add_start',
+     array(
+       'VALUE'=> $value,
+       'CONTENT' => $value,
+       'SELECTED' => ($conf['ws_postponed_start'][0] == $value) ? $selected:'',
+     )
+  );
+}
+
+// Durations (Allowed Web Services Period)
+// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) or 15, 10, 7, 5, 1, 0 day(s)
+foreach ($conf['ws_durations'] as $value) {
+  $template->assign_block_vars(
+    'add_end',
+     array(
+       'VALUE'=> $value,
+       'CONTENT' => $value,
+       'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'',
+     )
+  );
+  if ( $acc_list > 0 )
+  {
+    $template->assign_block_vars(
+      'acc_list.upd_end',
+       array(
+         'VALUE'=> $value,
+         'CONTENT' => $value,
+         'SELECTED' => ($conf['ws_durations'][3] == $value) ? $selected:'',
+       )
+    );
+  }
+}
+
+//----------------------------------------------------------- sending html code
+
+$template->assign_var_from_handle('ADMIN_CONTENT', 'ws_checker');
+?>
-- 
cgit v1.2.3