From 134f86e8d5c414409631b25b8c6f0ee45fbd8631 Mon Sep 17 00:00:00 2001 From: David Walter Seikel Date: Thu, 3 Nov 2016 21:44:39 +1000 Subject: Initial update to OpenSim 0.8.2.1 source code. --- web/offline.php | 51 - web/offline_mysql.php | 112 - web/parser.php | 317 --- web/phpxmlrpclib/compat/array_key_exists.php | 55 - web/phpxmlrpclib/compat/is_a.php | 47 - web/phpxmlrpclib/compat/is_callable.php | 53 - web/phpxmlrpclib/compat/is_scalar.php | 38 - web/phpxmlrpclib/compat/var_export.php | 105 - web/phpxmlrpclib/compat/version_compare.php | 179 -- web/phpxmlrpclib/xmlrpc.inc | 3718 -------------------------- web/phpxmlrpclib/xmlrpc_wrappers.inc | 944 ------- web/phpxmlrpclib/xmlrpcs.inc | 1198 --------- web/profile.php | 691 ----- web/query.php | 593 ---- web/register.php | 61 - web/xmlrpc.php | 1755 ------------ 16 files changed, 9917 deletions(-) delete mode 100644 web/offline.php delete mode 100644 web/offline_mysql.php delete mode 100644 web/parser.php delete mode 100644 web/phpxmlrpclib/compat/array_key_exists.php delete mode 100644 web/phpxmlrpclib/compat/is_a.php delete mode 100644 web/phpxmlrpclib/compat/is_callable.php delete mode 100644 web/phpxmlrpclib/compat/is_scalar.php delete mode 100644 web/phpxmlrpclib/compat/var_export.php delete mode 100644 web/phpxmlrpclib/compat/version_compare.php delete mode 100644 web/phpxmlrpclib/xmlrpc.inc delete mode 100644 web/phpxmlrpclib/xmlrpc_wrappers.inc delete mode 100644 web/phpxmlrpclib/xmlrpcs.inc delete mode 100644 web/profile.php delete mode 100644 web/query.php delete mode 100644 web/register.php delete mode 100644 web/xmlrpc.php (limited to 'web') diff --git a/web/offline.php b/web/offline.php deleted file mode 100644 index f4b26c6..0000000 --- a/web/offline.php +++ /dev/null @@ -1,51 +0,0 @@ -"); - if ($start != -1) - { - $start+=2; - $msg = substr($msg, $start); - $parts = split("[<>]", $msg); - $to_agent = $parts[12]; - $DbLink->query("insert into ".C_OFFLINE_IM_TBL." (uuid, message) values ('" . - mysql_escape_string($to_agent) . "', '" . - mysql_escape_string($msg) . "')"); - echo "true"; - } - else - { - echo "false"; - } - exit; -} -if ($method == "/RetrieveMessages/") -{ - $parms = $HTTP_RAW_POST_DATA; - $parts = split("[<>]", $parms); - $agent_id = $parts[6]; - $DbLink->query("select message from ".C_OFFLINE_IM_TBL." where uuid='" . - mysql_escape_string($agent_id) . "'"); - echo ""; - while(list($message) = $DbLink->next_record()) - { - echo $message; - } - echo ""; - $DbLink->query("delete from ".C_OFFLINE_IM_TBL." where uuid='" . - mysql_escape_string($agent_id) . "'"); - exit; -} -?> diff --git a/web/offline_mysql.php b/web/offline_mysql.php deleted file mode 100644 index fe0eb3e..0000000 --- a/web/offline_mysql.php +++ /dev/null @@ -1,112 +0,0 @@ -Database error: $msg
\n"); - echo("MySQL error: $this->Errno ($this->Error)
\n"); - die("Session halted."); - } - - function connect() - { - if($this->Link_ID == 0) - { - $this->Link_ID = mysql_connect($this->Host, $this->User, $this->Password); - if (!$this->Link_ID) - { - $this->halt("Link_ID == false, connect failed"); - } - $SelectResult = mysql_select_db($this->Database, $this->Link_ID); - if(!$SelectResult) - { - $this->Errno = mysql_errno($this->Link_ID); - $this->Error = mysql_error($this->Link_ID); - $this->halt("cannot select database ".$this->Database.""); - } - } - } - - function escape($String) - { - return mysql_escape_string($String); - } - - function query($Query_String) - { - $this->connect(); - $this->Query_ID = mysql_query($Query_String,$this->Link_ID); - $this->Row = 0; - $this->Errno = mysql_errno(); - $this->Error = mysql_error(); - if (!$this->Query_ID) - { - $this->halt("Invalid SQL: ".$Query_String); - } - return $this->Query_ID; - } - - function next_record() - { - $this->Record = @mysql_fetch_array($this->Query_ID); - $this->Row += 1; - $this->Errno = mysql_errno(); - $this->Error = mysql_error(); - $stat = is_array($this->Record); - if (!$stat) - { - @mysql_free_result($this->Query_ID); - $this->Query_ID = 0; - } - return $this->Record; - } - - function num_rows() - { - return mysql_num_rows($this->Query_ID); - } - - function affected_rows() - { - return mysql_affected_rows($this->Link_ID); - } - - function optimize($tbl_name) - { - $this->connect(); - $this->Query_ID = @mysql_query("OPTIMIZE TABLE $tbl_name",$this->Link_ID); - } - - function clean_results() - { - if($this->Query_ID != 0) mysql_freeresult($this->Query_ID); - } - - function close() - { - if($this->Link_ID != 0) mysql_close($this->Link_ID); - } -} -?> diff --git a/web/parser.php b/web/parser.php deleted file mode 100644 index 4783148..0000000 --- a/web/parser.php +++ /dev/null @@ -1,317 +0,0 @@ -resolveExternals = false; - - //Don't try and parse if XML is invalid or we got an HTML 404 error. - if ($objDOM->loadXML($xml) == False) - return; - - // - // Get the region data to update - // - $regiondata = $objDOM->getElementsByTagName("regiondata"); - - //If returned length is 0, collector method may have returned an error - if ($regiondata->length == 0) - return; - - $regiondata = $regiondata->item(0); - - // - // Update nextcheck so this host entry won't be checked again until after - // the DataSnapshot module has generated a new set of data to be parsed. - // - $expire = $regiondata->getElementsByTagName("expire")->item(0)->nodeValue; - $next = $now + $expire; - - $updater = mysql_query("UPDATE hostsregister SET nextcheck = $next " . - "WHERE host = '" . mysql_real_escape_string($hostname) . "' AND " . - "port = '" . mysql_real_escape_string($port) . "'"); - - // - // Get the region data to be saved in the database - // - $regionlist = $regiondata->getElementsByTagName("region"); - - foreach ($regionlist as $region) - { - $regioncategory = $region->getAttributeNode("category")->nodeValue; - - // - // Start reading the Region info - // - $info = $region->getElementsByTagName("info")->item(0); - - $regionuuid = $info->getElementsByTagName("uuid")->item(0)->nodeValue; - - $regionname = $info->getElementsByTagName("name")->item(0)->nodeValue; - - $regionhandle = $info->getElementsByTagName("handle")->item(0)->nodeValue; - - $url = $info->getElementsByTagName("url")->item(0)->nodeValue; - - // - // First, check if we already have a region that is the same - // - $check = mysql_query("SELECT * FROM osregions WHERE regionuuid = '" . - mysql_real_escape_string($regionuuid) . "'"); - - if (mysql_num_rows($check) > 0) - { - mysql_query("DELETE FROM osregions WHERE regionuuid = '" . - mysql_real_escape_string($regionuuid) . "'"); - mysql_query("DELETE FROM parcels WHERE regionuuid = '" . - mysql_real_escape_string($regionuuid) . "'"); - mysql_query("DELETE FROM allparcels WHERE regionUUID = '" . - mysql_real_escape_string($regionuuid) . "'"); - mysql_query("DELETE FROM parcelsales WHERE regionUUID = '" . - mysql_real_escape_string($regionuuid) . "'"); - mysql_query("DELETE FROM objects WHERE regionuuid = '" . - mysql_real_escape_string($regionuuid) . "'"); - } - - $data = $region->getElementsByTagName("data")->item(0); - $estate = $data->getElementsByTagName("estate")->item(0); - - $username = $estate->getElementsByTagName("name")->item(0)->nodeValue; - $useruuid = $estate->getElementsByTagName("uuid")->item(0)->nodeValue; - - $estateid = $estate->getElementsByTagName("id")->item(0)->nodeValue; - - // - // Second, add the new info to the database - // - $sql = "INSERT INTO osregions VALUES('" . - mysql_real_escape_string($regionname) . "','" . - mysql_real_escape_string($regionuuid) . "','" . - mysql_real_escape_string($regionhandle) . "','" . - mysql_real_escape_string($url) . "','" . - mysql_real_escape_string($username) ."','" . - mysql_real_escape_string($useruuid) ."')"; - - mysql_query($sql); - - // - // Start reading the parcel info - // - $parcel = $data->getElementsByTagName("parcel"); - - foreach ($parcel as $value) - { - $parcelname = $value->getElementsByTagName("name")->item(0)->nodeValue; - - $parceluuid = $value->getElementsByTagName("uuid")->item(0)->nodeValue; - - $infouuid = $value->getElementsByTagName("infouuid")->item(0)->nodeValue; - - $parcellanding = $value->getElementsByTagName("location")->item(0)->nodeValue; - - $parceldescription = $value->getElementsByTagName("description")->item(0)->nodeValue; - - $parcelarea = $value->getElementsByTagName("area")->item(0)->nodeValue; - - $parcelcategory = $value->getAttributeNode("category")->nodeValue; - - $parcelsaleprice = $value->getAttributeNode("salesprice")->nodeValue; - - $dwell = $value->getElementsByTagName("dwell")->item(0)->nodeValue; - - $owner = $value->getElementsByTagName("owner")->item(0); - - $owneruuid = $owner->getElementsByTagName("uuid")->item(0)->nodeValue; - - // Adding support for groups - - $group = $value->getElementsByTagName("group")->item(0); - - if ($group != "") - { - $groupuuid = $group->getElementsByTagName("groupuuid")->item(0)->nodeValue; - } - else - { - $groupuuid = "00000000-0000-0000-0000-000000000000"; - } - - // - // Check bits on Public, Build, Script - // - $parcelforsale = $value->getAttributeNode("forsale")->nodeValue; - $parceldirectory = $value->getAttributeNode("showinsearch")->nodeValue; - $parcelbuild = $value->getAttributeNode("build")->nodeValue; - $parcelscript = $value->getAttributeNode("scripts")->nodeValue; - $parcelpublic = $value->getAttributeNode("public")->nodeValue; - - // - // Save - // - $sql = "INSERT INTO allparcels VALUES('" . - mysql_real_escape_string($regionuuid) . "','" . - mysql_real_escape_string($parcelname) . "','" . - mysql_real_escape_string($owneruuid) . "','" . - mysql_real_escape_string($groupuuid) . "','" . - mysql_real_escape_string($parcellanding) . "','" . - mysql_real_escape_string($parceluuid) . "','" . - mysql_real_escape_string($infouuid) . "','" . - mysql_real_escape_string($parcelarea) . "' )"; - - mysql_query($sql); - - if ($parceldirectory == "true") - { - $sql = "INSERT INTO parcels VALUES('" . - mysql_real_escape_string($regionuuid) . "','" . - mysql_real_escape_string($parcelname) . "','" . - mysql_real_escape_string($parceluuid) . "','" . - mysql_real_escape_string($parcellanding) . "','" . - mysql_real_escape_string($parceldescription) . "','" . - mysql_real_escape_string($parcelcategory) . "','" . - mysql_real_escape_string($parcelbuild) . "','" . - mysql_real_escape_string($parcelscript) . "','" . - mysql_real_escape_string($parcelpublic) . "','". - mysql_real_escape_string($dwell) . "','" . - mysql_real_escape_string($infouuid) . "','" . - mysql_real_escape_string($regioncategory) . "')"; - - mysql_query($sql); - } - - if ($parcelforsale == "true") - { - $sql = "INSERT INTO parcelsales VALUES('" . - mysql_real_escape_string($regionuuid) . "','" . - mysql_real_escape_string($parcelname) . "','" . - mysql_real_escape_string($parceluuid) . "','" . - mysql_real_escape_string($parcelarea) . "','" . - mysql_real_escape_string($parcelsaleprice) . "','" . - mysql_real_escape_string($parcellanding) . "','" . - mysql_real_escape_string($infouuid) . "', '" . - mysql_real_escape_string($dwell) . "', '" . - mysql_real_escape_string($estateid) . "', '" . - mysql_real_escape_string($regioncategory) . "')"; - - mysql_query($sql); - } - } - - // - // Handle objects - // - $objects = $data->getElementsByTagName("object"); - - foreach ($objects as $value) - { - $uuid = $value->getElementsByTagName("uuid")->item(0)->nodeValue; - - $regionuuid = $value->getElementsByTagName("regionuuid")->item(0)->nodeValue; - - $parceluuid = $value->getElementsByTagName("parceluuid")->item(0)->nodeValue; - - $location = $value->getElementsByTagName("location")->item(0)->nodeValue; - - $title = $value->getElementsByTagName("title")->item(0)->nodeValue; - - $description = $value->getElementsByTagName("description")->item(0)->nodeValue; - - $flags = $value->getElementsByTagName("flags")->item(0)->nodeValue; - - mysql_query("INSERT INTO objects VALUES('" . - mysql_real_escape_string($uuid) . "','" . - mysql_real_escape_string($parceluuid) . "','" . - mysql_real_escape_string($location) . "','" . - mysql_real_escape_string($title) . "','" . - mysql_real_escape_string($description) . "','" . - mysql_real_escape_string($regionuuid) . "')"); - } - } -} - -$sql = "SELECT host, port FROM hostsregister " . - "WHERE nextcheck < $now AND checked = 0 LIMIT 0,10"; - -$jobsearch = mysql_query($sql); - -// -// If the sql query returns no rows, all entries in the hostsregister -// table have been checked. Reset the checked flag and re-run the -// query to select the next set of hosts to be checked. -// -if (mysql_num_rows($jobsearch) == 0) -{ - mysql_query("UPDATE hostsregister SET checked = 0"); - $jobsearch = mysql_query($sql); -} - -while ($jobs = mysql_fetch_row($jobsearch)) - CheckHost($jobs[0], $jobs[1]); -?> diff --git a/web/phpxmlrpclib/compat/array_key_exists.php b/web/phpxmlrpclib/compat/array_key_exists.php deleted file mode 100644 index 4a93ce4..0000000 --- a/web/phpxmlrpclib/compat/array_key_exists.php +++ /dev/null @@ -1,55 +0,0 @@ - | -// +----------------------------------------------------------------------+ -// -// $Id: array_key_exists.php 2 2009-03-16 20:22:51Z ggiunta $ - - -/** - * Replace array_key_exists() - * - * @category PHP - * @package PHP_Compat - * @link http://php.net/function.array_key_exists - * @author Aidan Lister - * @version $Revision: 1.1 $ - * @since PHP 4.1.0 - * @require PHP 4.0.0 (user_error) - */ -if (!function_exists('array_key_exists')) { - function array_key_exists($key, $search) - { - if (!is_scalar($key)) { - user_error('array_key_exists() The first argument should be either a string or an integer', - E_USER_WARNING); - return false; - } - - if (is_object($search)) { - $search = get_object_vars($search); - } - - if (!is_array($search)) { - user_error('array_key_exists() The second argument should be either an array or an object', - E_USER_WARNING); - return false; - } - - return in_array($key, array_keys($search)); - } -} - -?> \ No newline at end of file diff --git a/web/phpxmlrpclib/compat/is_a.php b/web/phpxmlrpclib/compat/is_a.php deleted file mode 100644 index 2c5c129..0000000 --- a/web/phpxmlrpclib/compat/is_a.php +++ /dev/null @@ -1,47 +0,0 @@ - | -// +----------------------------------------------------------------------+ -// -// $Id: is_a.php 2 2009-03-16 20:22:51Z ggiunta $ - - -/** - * Replace function is_a() - * - * @category PHP - * @package PHP_Compat - * @link http://php.net/function.is_a - * @author Aidan Lister - * @version $Revision: 1.2 $ - * @since PHP 4.2.0 - * @require PHP 4.0.0 (user_error) (is_subclass_of) - */ -if (!function_exists('is_a')) { - function is_a($object, $class) - { - if (!is_object($object)) { - return false; - } - - if (get_class($object) == strtolower($class)) { - return true; - } else { - return is_subclass_of($object, $class); - } - } -} - -?> \ No newline at end of file diff --git a/web/phpxmlrpclib/compat/is_callable.php b/web/phpxmlrpclib/compat/is_callable.php deleted file mode 100644 index 419697a..0000000 --- a/web/phpxmlrpclib/compat/is_callable.php +++ /dev/null @@ -1,53 +0,0 @@ - - * @version $Id: is_callable.php 2 2009-03-16 20:22:51Z ggiunta $ - * @since PHP 4.0.6 - * @require PHP 4.0.0 (true, false, etc...) - * @todo add the 3rd parameter syntax... - */ -if (!function_exists('is_callable')) { - function is_callable($var, $syntax_only=false) - { - if ($syntax_only) - { - /* from The Manual: - * If the syntax_only argument is TRUE the function only verifies - * that var might be a function or method. It will only reject simple - * variables that are not strings, or an array that does not have a - * valid structure to be used as a callback. The valid ones are - * supposed to have only 2 entries, the first of which is an object - * or a string, and the second a string - */ - return (is_string($var) || (is_array($var) && count($var) == 2 && is_string(end($var)) && (is_string(reset($var)) || is_object(reset($var))))); - } - else - { - if (is_string($var)) - { - return function_exists($var); - } - else if (is_array($var) && count($var) == 2 && is_string($method = end($var))) - { - $obj = reset($var); - if (is_string($obj)) - { - $methods = get_class_methods($obj); - return (bool)(is_array($methods) && in_array(strtolower($method), $methods)); - } - else if (is_object($obj)) - { - return method_exists($obj, $method); - } - } - return false; - } - } -} - -?> \ No newline at end of file diff --git a/web/phpxmlrpclib/compat/is_scalar.php b/web/phpxmlrpclib/compat/is_scalar.php deleted file mode 100644 index dd87730..0000000 --- a/web/phpxmlrpclib/compat/is_scalar.php +++ /dev/null @@ -1,38 +0,0 @@ - \ No newline at end of file diff --git a/web/phpxmlrpclib/compat/var_export.php b/web/phpxmlrpclib/compat/var_export.php deleted file mode 100644 index 7273a1e..0000000 --- a/web/phpxmlrpclib/compat/var_export.php +++ /dev/null @@ -1,105 +0,0 @@ - | -// +----------------------------------------------------------------------+ -// -// $Id: var_export.php 2 2009-03-16 20:22:51Z ggiunta $ - - -/** - * Replace var_export() - * - * @category PHP - * @package PHP_Compat - * @link http://php.net/function.var_export - * @author Aidan Lister - * @version $Revision: 1.2 $ - * @since PHP 4.2.0 - * @require PHP 4.0.0 (user_error) - */ -if (!function_exists('var_export')) { - function var_export($array, $return = false, $lvl=0) - { - // Common output variables - $indent = ' '; - $doublearrow = ' => '; - $lineend = ",\n"; - $stringdelim = '\''; - - // Check the export isn't a simple string / int - if (is_string($array)) { - $out = $stringdelim . str_replace('\'', '\\\'', str_replace('\\', '\\\\', $array)) . $stringdelim; - } elseif (is_int($array) || is_float($array)) { - $out = (string)$array; - } elseif (is_bool($array)) { - $out = $array ? 'true' : 'false'; - } elseif (is_null($array)) { - $out = 'NULL'; - } elseif (is_resource($array)) { - $out = 'resource'; - } else { - // Begin the array export - // Start the string - $out = "array (\n"; - - // Loop through each value in array - foreach ($array as $key => $value) { - // If the key is a string, delimit it - if (is_string($key)) { - $key = str_replace('\'', '\\\'', str_replace('\\', '\\\\', $key)); - $key = $stringdelim . $key . $stringdelim; - } - - $val = var_export($value, true, $lvl+1); - // Delimit value - /*if (is_array($value)) { - // We have an array, so do some recursion - // Do some basic recursion while increasing the indent - $recur_array = explode($newline, var_export($value, true)); - $temp_array = array(); - foreach ($recur_array as $recur_line) { - $temp_array[] = $indent . $recur_line; - } - $recur_array = implode($newline, $temp_array); - $value = $newline . $recur_array; - } elseif (is_null($value)) { - $value = 'NULL'; - } else { - $value = str_replace($find, $replace, $value); - $value = $stringdelim . $value . $stringdelim; - }*/ - - // Piece together the line - for ($i = 0; $i < $lvl; $i++) - $out .= $indent; - $out .= $key . $doublearrow . $val . $lineend; - } - - // End our string - for ($i = 0; $i < $lvl; $i++) - $out .= $indent; - $out .= ")"; - } - - // Decide method of output - if ($return === true) { - return $out; - } else { - echo $out; - return; - } - } -} -?> \ No newline at end of file diff --git a/web/phpxmlrpclib/compat/version_compare.php b/web/phpxmlrpclib/compat/version_compare.php deleted file mode 100644 index a1211ea..0000000 --- a/web/phpxmlrpclib/compat/version_compare.php +++ /dev/null @@ -1,179 +0,0 @@ - | -// | Aidan Lister | -// +----------------------------------------------------------------------+ -// -// $Id: version_compare.php 2 2009-03-16 20:22:51Z ggiunta $ - - -/** - * Replace version_compare() - * - * @category PHP - * @package PHP_Compat - * @link http://php.net/function.version_compare - * @author Philippe Jausions - * @author Aidan Lister - * @version $Revision: 1.1 $ - * @since PHP 4.1.0 - * @require PHP 4.0.0 (user_error) - */ -if (!function_exists('version_compare')) { - function version_compare($version1, $version2, $operator = '<') - { - // Check input - if (!is_scalar($version1)) { - user_error('version_compare() expects parameter 1 to be string, ' . - gettype($version1) . ' given', E_USER_WARNING); - return; - } - - if (!is_scalar($version2)) { - user_error('version_compare() expects parameter 2 to be string, ' . - gettype($version2) . ' given', E_USER_WARNING); - return; - } - - if (!is_scalar($operator)) { - user_error('version_compare() expects parameter 3 to be string, ' . - gettype($operator) . ' given', E_USER_WARNING); - return; - } - - // Standardise versions - $v1 = explode('.', - str_replace('..', '.', - preg_replace('/([^0-9\.]+)/', '.$1.', - str_replace(array('-', '_', '+'), '.', - trim($version1))))); - - $v2 = explode('.', - str_replace('..', '.', - preg_replace('/([^0-9\.]+)/', '.$1.', - str_replace(array('-', '_', '+'), '.', - trim($version2))))); - - // Replace empty entries at the start of the array - while (empty($v1[0]) && array_shift($v1)) {} - while (empty($v2[0]) && array_shift($v2)) {} - - // Release state order - // '#' stands for any number - $versions = array( - 'dev' => 0, - 'alpha' => 1, - 'a' => 1, - 'beta' => 2, - 'b' => 2, - 'RC' => 3, - '#' => 4, - 'p' => 5, - 'pl' => 5); - - // Loop through each segment in the version string - $compare = 0; - for ($i = 0, $x = min(count($v1), count($v2)); $i < $x; $i++) { - if ($v1[$i] == $v2[$i]) { - continue; - } - $i1 = $v1[$i]; - $i2 = $v2[$i]; - if (is_numeric($i1) && is_numeric($i2)) { - $compare = ($i1 < $i2) ? -1 : 1; - break; - } - // We use the position of '#' in the versions list - // for numbers... (so take care of # in original string) - if ($i1 == '#') { - $i1 = ''; - } elseif (is_numeric($i1)) { - $i1 = '#'; - } - if ($i2 == '#') { - $i2 = ''; - } elseif (is_numeric($i2)) { - $i2 = '#'; - } - if (isset($versions[$i1]) && isset($versions[$i2])) { - $compare = ($versions[$i1] < $versions[$i2]) ? -1 : 1; - } elseif (isset($versions[$i1])) { - $compare = 1; - } elseif (isset($versions[$i2])) { - $compare = -1; - } else { - $compare = 0; - } - - break; - } - - // If previous loop didn't find anything, compare the "extra" segments - if ($compare == 0) { - if (count($v2) > count($v1)) { - if (isset($versions[$v2[$i]])) { - $compare = ($versions[$v2[$i]] < 4) ? 1 : -1; - } else { - $compare = -1; - } - } elseif (count($v2) < count($v1)) { - if (isset($versions[$v1[$i]])) { - $compare = ($versions[$v1[$i]] < 4) ? -1 : 1; - } else { - $compare = 1; - } - } - } - - // Compare the versions - if (func_num_args() > 2) { - switch ($operator) { - case '>': - case 'gt': - return (bool) ($compare > 0); - break; - case '>=': - case 'ge': - return (bool) ($compare >= 0); - break; - case '<=': - case 'le': - return (bool) ($compare <= 0); - break; - case '==': - case '=': - case 'eq': - return (bool) ($compare == 0); - break; - case '<>': - case '!=': - case 'ne': - return (bool) ($compare != 0); - break; - case '': - case '<': - case 'lt': - return (bool) ($compare < 0); - break; - default: - return; - } - } - - return $compare; - } -} - -?> \ No newline at end of file diff --git a/web/phpxmlrpclib/xmlrpc.inc b/web/phpxmlrpclib/xmlrpc.inc deleted file mode 100644 index a050d35..0000000 --- a/web/phpxmlrpclib/xmlrpc.inc +++ /dev/null @@ -1,3718 +0,0 @@ - -// $Id: xmlrpc.inc,v 1.174 2009/03/16 19:36:38 ggiunta Exp $ - -// Copyright (c) 1999,2000,2002 Edd Dumbill. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// -// * Neither the name of the "XML-RPC for PHP" nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. - - if(!function_exists('xml_parser_create')) - { - // For PHP 4 onward, XML functionality is always compiled-in on windows: - // no more need to dl-open it. It might have been compiled out on *nix... - if(strtoupper(substr(PHP_OS, 0, 3) != 'WIN')) - { - dl('xml.so'); - } - } - - // Try to be backward compat with php < 4.2 (are we not being nice ?) - $phpversion = phpversion(); - if($phpversion[0] == '4' && $phpversion[2] < 2) - { - // give an opportunity to user to specify where to include other files from - if(!defined('PHP_XMLRPC_COMPAT_DIR')) - { - define('PHP_XMLRPC_COMPAT_DIR',dirname(__FILE__).'/compat/'); - } - if($phpversion[2] == '0') - { - if($phpversion[4] < 6) - { - include(PHP_XMLRPC_COMPAT_DIR.'is_callable.php'); - } - include(PHP_XMLRPC_COMPAT_DIR.'is_scalar.php'); - include(PHP_XMLRPC_COMPAT_DIR.'array_key_exists.php'); - include(PHP_XMLRPC_COMPAT_DIR.'version_compare.php'); - } - include(PHP_XMLRPC_COMPAT_DIR.'var_export.php'); - include(PHP_XMLRPC_COMPAT_DIR.'is_a.php'); - } - - // G. Giunta 2005/01/29: declare global these variables, - // so that xmlrpc.inc will work even if included from within a function - // Milosch: 2005/08/07 - explicitly request these via $GLOBALS where used. - $GLOBALS['xmlrpcI4']='i4'; - $GLOBALS['xmlrpcInt']='int'; - $GLOBALS['xmlrpcBoolean']='boolean'; - $GLOBALS['xmlrpcDouble']='double'; - $GLOBALS['xmlrpcString']='string'; - $GLOBALS['xmlrpcDateTime']='dateTime.iso8601'; - $GLOBALS['xmlrpcBase64']='base64'; - $GLOBALS['xmlrpcArray']='array'; - $GLOBALS['xmlrpcStruct']='struct'; - $GLOBALS['xmlrpcValue']='undefined'; - - $GLOBALS['xmlrpcTypes']=array( - $GLOBALS['xmlrpcI4'] => 1, - $GLOBALS['xmlrpcInt'] => 1, - $GLOBALS['xmlrpcBoolean'] => 1, - $GLOBALS['xmlrpcString'] => 1, - $GLOBALS['xmlrpcDouble'] => 1, - $GLOBALS['xmlrpcDateTime'] => 1, - $GLOBALS['xmlrpcBase64'] => 1, - $GLOBALS['xmlrpcArray'] => 2, - $GLOBALS['xmlrpcStruct'] => 3 - ); - - $GLOBALS['xmlrpc_valid_parents'] = array( - 'VALUE' => array('MEMBER', 'DATA', 'PARAM', 'FAULT'), - 'BOOLEAN' => array('VALUE'), - 'I4' => array('VALUE'), - 'INT' => array('VALUE'), - 'STRING' => array('VALUE'), - 'DOUBLE' => array('VALUE'), - 'DATETIME.ISO8601' => array('VALUE'), - 'BASE64' => array('VALUE'), - 'MEMBER' => array('STRUCT'), - 'NAME' => array('MEMBER'), - 'DATA' => array('ARRAY'), - 'ARRAY' => array('VALUE'), - 'STRUCT' => array('VALUE'), - 'PARAM' => array('PARAMS'), - 'METHODNAME' => array('METHODCALL'), - 'PARAMS' => array('METHODCALL', 'METHODRESPONSE'), - 'FAULT' => array('METHODRESPONSE'), - 'NIL' => array('VALUE') // only used when extension activated - ); - - // define extra types for supporting NULL (useful for json or ) - $GLOBALS['xmlrpcNull']='null'; - $GLOBALS['xmlrpcTypes']['null']=1; - - // Not in use anymore since 2.0. Shall we remove it? - /// @deprecated - $GLOBALS['xmlEntities']=array( - 'amp' => '&', - 'quot' => '"', - 'lt' => '<', - 'gt' => '>', - 'apos' => "'" - ); - - // tables used for transcoding different charsets into us-ascii xml - - $GLOBALS['xml_iso88591_Entities']=array(); - $GLOBALS['xml_iso88591_Entities']['in'] = array(); - $GLOBALS['xml_iso88591_Entities']['out'] = array(); - for ($i = 0; $i < 32; $i++) - { - $GLOBALS['xml_iso88591_Entities']['in'][] = chr($i); - $GLOBALS['xml_iso88591_Entities']['out'][] = '&#'.$i.';'; - } - for ($i = 160; $i < 256; $i++) - { - $GLOBALS['xml_iso88591_Entities']['in'][] = chr($i); - $GLOBALS['xml_iso88591_Entities']['out'][] = '&#'.$i.';'; - } - - /// @todo add to iso table the characters from cp_1252 range, i.e. 128 to 159? - /// These will NOT be present in true ISO-8859-1, but will save the unwary - /// windows user from sending junk (though no luck when reciving them...) - /* - $GLOBALS['xml_cp1252_Entities']=array(); - for ($i = 128; $i < 160; $i++) - { - $GLOBALS['xml_cp1252_Entities']['in'][] = chr($i); - } - $GLOBALS['xml_cp1252_Entities']['out'] = array( - '€', '?', '‚', 'ƒ', - '„', '…', '†', '‡', - 'ˆ', '‰', 'Š', '‹', - 'Œ', '?', 'Ž', '?', - '?', '‘', '’', '“', - '”', '•', '–', '—', - '˜', '™', 'š', '›', - 'œ', '?', 'ž', 'Ÿ' - ); - */ - - $GLOBALS['xmlrpcerr'] = array( - 'unknown_method'=>1, - 'invalid_return'=>2, - 'incorrect_params'=>3, - 'introspect_unknown'=>4, - 'http_error'=>5, - 'no_data'=>6, - 'no_ssl'=>7, - 'curl_fail'=>8, - 'invalid_request'=>15, - 'no_curl'=>16, - 'server_error'=>17, - 'multicall_error'=>18, - 'multicall_notstruct'=>9, - 'multicall_nomethod'=>10, - 'multicall_notstring'=>11, - 'multicall_recursion'=>12, - 'multicall_noparams'=>13, - 'multicall_notarray'=>14, - - 'cannot_decompress'=>103, - 'decompress_fail'=>104, - 'dechunk_fail'=>105, - 'server_cannot_decompress'=>106, - 'server_decompress_fail'=>107 - ); - - $GLOBALS['xmlrpcstr'] = array( - 'unknown_method'=>'Unknown method', - 'invalid_return'=>'Invalid return payload: enable debugging to examine incoming payload', - 'incorrect_params'=>'Incorrect parameters passed to method', - 'introspect_unknown'=>"Can't introspect: method unknown", - 'http_error'=>"Didn't receive 200 OK from remote server.", - 'no_data'=>'No data received from server.', - 'no_ssl'=>'No SSL support compiled in.', - 'curl_fail'=>'CURL error', - 'invalid_request'=>'Invalid request payload', - 'no_curl'=>'No CURL support compiled in.', - 'server_error'=>'Internal server error', - 'multicall_error'=>'Received from server invalid multicall response', - 'multicall_notstruct'=>'system.multicall expected struct', - 'multicall_nomethod'=>'missing methodName', - 'multicall_notstring'=>'methodName is not a string', - 'multicall_recursion'=>'recursive system.multicall forbidden', - 'multicall_noparams'=>'missing params', - 'multicall_notarray'=>'params is not an array', - - 'cannot_decompress'=>'Received from server compressed HTTP and cannot decompress', - 'decompress_fail'=>'Received from server invalid compressed HTTP', - 'dechunk_fail'=>'Received from server invalid chunked HTTP', - 'server_cannot_decompress'=>'Received from client compressed HTTP request and cannot decompress', - 'server_decompress_fail'=>'Received from client invalid compressed HTTP request' - ); - - // The charset encoding used by the server for received messages and - // by the client for received responses when received charset cannot be determined - // or is not supported - $GLOBALS['xmlrpc_defencoding']='UTF-8'; - - // The encoding used internally by PHP. - // String values received as xml will be converted to this, and php strings will be converted to xml - // as if having been coded with this - $GLOBALS['xmlrpc_internalencoding']='ISO-8859-1'; - - $GLOBALS['xmlrpcName']='XML-RPC for PHP'; - $GLOBALS['xmlrpcVersion']='2.2.2'; - - // let user errors start at 800 - $GLOBALS['xmlrpcerruser']=800; - // let XML parse errors start at 100 - $GLOBALS['xmlrpcerrxml']=100; - - // formulate backslashes for escaping regexp - // Not in use anymore since 2.0. Shall we remove it? - /// @deprecated - $GLOBALS['xmlrpc_backslash']=chr(92).chr(92); - - // set to TRUE to enable correct decoding of values - $GLOBALS['xmlrpc_null_extension']=false; - - // used to store state during parsing - // quick explanation of components: - // ac - used to accumulate values - // isf - used to indicate a parsing fault (2) or xmlrpcresp fault (1) - // isf_reason - used for storing xmlrpcresp fault string - // lv - used to indicate "looking for a value": implements - // the logic to allow values with no types to be strings - // params - used to store parameters in method calls - // method - used to store method name - // stack - array with genealogy of xml elements names: - // used to validate nesting of xmlrpc elements - $GLOBALS['_xh']=null; - - /** - * Convert a string to the correct XML representation in a target charset - * To help correct communication of non-ascii chars inside strings, regardless - * of the charset used when sending requests, parsing them, sending responses - * and parsing responses, an option is to convert all non-ascii chars present in the message - * into their equivalent 'charset entity'. Charset entities enumerated this way - * are independent of the charset encoding used to transmit them, and all XML - * parsers are bound to understand them. - * Note that in the std case we are not sending a charset encoding mime type - * along with http headers, so we are bound by RFC 3023 to emit strict us-ascii. - * - * @todo do a bit of basic benchmarking (strtr vs. str_replace) - * @todo make usage of iconv() or recode_string() or mb_string() where available - */ - function xmlrpc_encode_entitites($data, $src_encoding='', $dest_encoding='') - { - if ($src_encoding == '') - { - // lame, but we know no better... - $src_encoding = $GLOBALS['xmlrpc_internalencoding']; - } - - switch(strtoupper($src_encoding.'_'.$dest_encoding)) - { - case 'ISO-8859-1_': - case 'ISO-8859-1_US-ASCII': - $escaped_data = str_replace(array('&', '"', "'", '<', '>'), array('&', '"', ''', '<', '>'), $data); - $escaped_data = str_replace($GLOBALS['xml_iso88591_Entities']['in'], $GLOBALS['xml_iso88591_Entities']['out'], $escaped_data); - break; - case 'ISO-8859-1_UTF-8': - $escaped_data = str_replace(array('&', '"', "'", '<', '>'), array('&', '"', ''', '<', '>'), $data); - $escaped_data = utf8_encode($escaped_data); - break; - case 'ISO-8859-1_ISO-8859-1': - case 'US-ASCII_US-ASCII': - case 'US-ASCII_UTF-8': - case 'US-ASCII_': - case 'US-ASCII_ISO-8859-1': - case 'UTF-8_UTF-8': - //case 'CP1252_CP1252': - $escaped_data = str_replace(array('&', '"', "'", '<', '>'), array('&', '"', ''', '<', '>'), $data); - break; - case 'UTF-8_': - case 'UTF-8_US-ASCII': - case 'UTF-8_ISO-8859-1': - // NB: this will choke on invalid UTF-8, going most likely beyond EOF - $escaped_data = ''; - // be kind to users creating string xmlrpcvals out of different php types - $data = (string) $data; - $ns = strlen ($data); - for ($nn = 0; $nn < $ns; $nn++) - { - $ch = $data[$nn]; - $ii = ord($ch); - //1 7 0bbbbbbb (127) - if ($ii < 128) - { - /// @todo shall we replace this with a (supposedly) faster str_replace? - switch($ii){ - case 34: - $escaped_data .= '"'; - break; - case 38: - $escaped_data .= '&'; - break; - case 39: - $escaped_data .= '''; - break; - case 60: - $escaped_data .= '<'; - break; - case 62: - $escaped_data .= '>'; - break; - default: - $escaped_data .= $ch; - } // switch - } - //2 11 110bbbbb 10bbbbbb (2047) - else if ($ii>>5 == 6) - { - $b1 = ($ii & 31); - $ii = ord($data[$nn+1]); - $b2 = ($ii & 63); - $ii = ($b1 * 64) + $b2; - $ent = sprintf ('&#%d;', $ii); - $escaped_data .= $ent; - $nn += 1; - } - //3 16 1110bbbb 10bbbbbb 10bbbbbb - else if ($ii>>4 == 14) - { - $b1 = ($ii & 15); - $ii = ord($data[$nn+1]); - $b2 = ($ii & 63); - $ii = ord($data[$nn+2]); - $b3 = ($ii & 63); - $ii = ((($b1 * 64) + $b2) * 64) + $b3; - $ent = sprintf ('&#%d;', $ii); - $escaped_data .= $ent; - $nn += 2; - } - //4 21 11110bbb 10bbbbbb 10bbbbbb 10bbbbbb - else if ($ii>>3 == 30) - { - $b1 = ($ii & 7); - $ii = ord($data[$nn+1]); - $b2 = ($ii & 63); - $ii = ord($data[$nn+2]); - $b3 = ($ii & 63); - $ii = ord($data[$nn+3]); - $b4 = ($ii & 63); - $ii = ((((($b1 * 64) + $b2) * 64) + $b3) * 64) + $b4; - $ent = sprintf ('&#%d;', $ii); - $escaped_data .= $ent; - $nn += 3; - } - } - break; -/* - case 'CP1252_': - case 'CP1252_US-ASCII': - $escaped_data = str_replace(array('&', '"', "'", '<', '>'), array('&', '"', ''', '<', '>'), $data); - $escaped_data = str_replace($GLOBALS['xml_iso88591_Entities']['in'], $GLOBALS['xml_iso88591_Entities']['out'], $escaped_data); - $escaped_data = str_replace($GLOBALS['xml_cp1252_Entities']['in'], $GLOBALS['xml_cp1252_Entities']['out'], $escaped_data); - break; - case 'CP1252_UTF-8': - $escaped_data = str_replace(array('&', '"', "'", '<', '>'), array('&', '"', ''', '<', '>'), $data); - /// @todo we could use real UTF8 chars here instead of xml entities... (note that utf_8 encode all allone will NOT convert them) - $escaped_data = str_replace($GLOBALS['xml_cp1252_Entities']['in'], $GLOBALS['xml_cp1252_Entities']['out'], $escaped_data); - $escaped_data = utf8_encode($escaped_data); - break; - case 'CP1252_ISO-8859-1': - $escaped_data = str_replace(array('&', '"', "'", '<', '>'), array('&', '"', ''', '<', '>'), $data); - // we might as well replave all funky chars with a '?' here, but we are kind and leave it to the receiving application layer to decide what to do with these weird entities... - $escaped_data = str_replace($GLOBALS['xml_cp1252_Entities']['in'], $GLOBALS['xml_cp1252_Entities']['out'], $escaped_data); - break; -*/ - default: - $escaped_data = ''; - error_log("Converting from $src_encoding to $dest_encoding: not supported..."); - } - return $escaped_data; - } - - /// xml parser handler function for opening element tags - function xmlrpc_se($parser, $name, $attrs, $accept_single_vals=false) - { - // if invalid xmlrpc already detected, skip all processing - if ($GLOBALS['_xh']['isf'] < 2) - { - // check for correct element nesting - // top level element can only be of 2 types - /// @todo optimization creep: save this check into a bool variable, instead of using count() every time: - /// there is only a single top level element in xml anyway - if (count($GLOBALS['_xh']['stack']) == 0) - { - if ($name != 'METHODRESPONSE' && $name != 'METHODCALL' && ( - $name != 'VALUE' && !$accept_single_vals)) - { - $GLOBALS['_xh']['isf'] = 2; - $GLOBALS['_xh']['isf_reason'] = 'missing top level xmlrpc element'; - return; - } - else - { - $GLOBALS['_xh']['rt'] = strtolower($name); - } - } - else - { - // not top level element: see if parent is OK - $parent = end($GLOBALS['_xh']['stack']); - if (!array_key_exists($name, $GLOBALS['xmlrpc_valid_parents']) || !in_array($parent, $GLOBALS['xmlrpc_valid_parents'][$name])) - { - $GLOBALS['_xh']['isf'] = 2; - $GLOBALS['_xh']['isf_reason'] = "xmlrpc element $name cannot be child of $parent"; - return; - } - } - - switch($name) - { - // optimize for speed switch cases: most common cases first - case 'VALUE': - /// @todo we could check for 2 VALUE elements inside a MEMBER or PARAM element - $GLOBALS['_xh']['vt']='value'; // indicator: no value found yet - $GLOBALS['_xh']['ac']=''; - $GLOBALS['_xh']['lv']=1; - $GLOBALS['_xh']['php_class']=null; - break; - case 'I4': - case 'INT': - case 'STRING': - case 'BOOLEAN': - case 'DOUBLE': - case 'DATETIME.ISO8601': - case 'BASE64': - if ($GLOBALS['_xh']['vt']!='value') - { - //two data elements inside a value: an error occurred! - $GLOBALS['_xh']['isf'] = 2; - $GLOBALS['_xh']['isf_reason'] = "$name element following a {$GLOBALS['_xh']['vt']} element inside a single value"; - return; - } - $GLOBALS['_xh']['ac']=''; // reset the accumulator - break; - case 'STRUCT': - case 'ARRAY': - if ($GLOBALS['_xh']['vt']!='value') - { - //two data elements inside a value: an error occurred! - $GLOBALS['_xh']['isf'] = 2; - $GLOBALS['_xh']['isf_reason'] = "$name element following a {$GLOBALS['_xh']['vt']} element inside a single value"; - return; - } - // create an empty array to hold child values, and push it onto appropriate stack - $cur_val = array(); - $cur_val['values'] = array(); - $cur_val['type'] = $name; - // check for out-of-band information to rebuild php objs - // and in case it is found, save it - if (@isset($attrs['PHP_CLASS'])) - { - $cur_val['php_class'] = $attrs['PHP_CLASS']; - } - $GLOBALS['_xh']['valuestack'][] = $cur_val; - $GLOBALS['_xh']['vt']='data'; // be prepared for a data element next - break; - case 'DATA': - if ($GLOBALS['_xh']['vt']!='data') - { - //two data elements inside a value: an error occurred! - $GLOBALS['_xh']['isf'] = 2; - $GLOBALS['_xh']['isf_reason'] = "found two data elements inside an array element"; - return; - } - case 'METHODCALL': - case 'METHODRESPONSE': - case 'PARAMS': - // valid elements that add little to processing - break; - case 'METHODNAME': - case 'NAME': - /// @todo we could check for 2 NAME elements inside a MEMBER element - $GLOBALS['_xh']['ac']=''; - break; - case 'FAULT': - $GLOBALS['_xh']['isf']=1; - break; - case 'MEMBER': - $GLOBALS['_xh']['valuestack'][count($GLOBALS['_xh']['valuestack'])-1]['name']=''; // set member name to null, in case we do not find in the xml later on - //$GLOBALS['_xh']['ac']=''; - // Drop trough intentionally - case 'PARAM': - // clear value type, so we can check later if no value has been passed for this param/member - $GLOBALS['_xh']['vt']=null; - break; - case 'NIL': - if ($GLOBALS['xmlrpc_null_extension']) - { - if ($GLOBALS['_xh']['vt']!='value') - { - //two data elements inside a value: an error occurred! - $GLOBALS['_xh']['isf'] = 2; - $GLOBALS['_xh']['isf_reason'] = "$name element following a {$GLOBALS['_xh']['vt']} element inside a single value"; - return; - } - $GLOBALS['_xh']['ac']=''; // reset the accumulator - break; - } - // we do not support the extension, so - // drop through intentionally - default: - /// INVALID ELEMENT: RAISE ISF so that it is later recognized!!! - $GLOBALS['_xh']['isf'] = 2; - $GLOBALS['_xh']['isf_reason'] = "found not-xmlrpc xml element $name"; - break; - } - - // Save current element name to stack, to validate nesting - $GLOBALS['_xh']['stack'][] = $name; - - /// @todo optimization creep: move this inside the big switch() above - if($name!='VALUE') - { - $GLOBALS['_xh']['lv']=0; - } - } - } - - /// Used in decoding xml chunks that might represent single xmlrpc values - function xmlrpc_se_any($parser, $name, $attrs) - { - xmlrpc_se($parser, $name, $attrs, true); - } - - /// xml parser handler function for close element tags - function xmlrpc_ee($parser, $name, $rebuild_xmlrpcvals = true) - { - if ($GLOBALS['_xh']['isf'] < 2) - { - // push this element name from stack - // NB: if XML validates, correct opening/closing is guaranteed and - // we do not have to check for $name == $curr_elem. - // we also checked for proper nesting at start of elements... - $curr_elem = array_pop($GLOBALS['_xh']['stack']); - - switch($name) - { - case 'VALUE': - // This if() detects if no scalar was inside - if ($GLOBALS['_xh']['vt']=='value') - { - $GLOBALS['_xh']['value']=$GLOBALS['_xh']['ac']; - $GLOBALS['_xh']['vt']=$GLOBALS['xmlrpcString']; - } - - if ($rebuild_xmlrpcvals) - { - // build the xmlrpc val out of the data received, and substitute it - $temp = new xmlrpcval($GLOBALS['_xh']['value'], $GLOBALS['_xh']['vt']); - // in case we got info about underlying php class, save it - // in the object we're rebuilding - if (isset($GLOBALS['_xh']['php_class'])) - $temp->_php_class = $GLOBALS['_xh']['php_class']; - // check if we are inside an array or struct: - // if value just built is inside an array, let's move it into array on the stack - $vscount = count($GLOBALS['_xh']['valuestack']); - if ($vscount && $GLOBALS['_xh']['valuestack'][$vscount-1]['type']=='ARRAY') - { - $GLOBALS['_xh']['valuestack'][$vscount-1]['values'][] = $temp; - } - else - { - $GLOBALS['_xh']['value'] = $temp; - } - } - else - { - /// @todo this needs to treat correctly php-serialized objects, - /// since std deserializing is done by php_xmlrpc_decode, - /// which we will not be calling... - if (isset($GLOBALS['_xh']['php_class'])) - { - } - - // check if we are inside an array or struct: - // if value just built is inside an array, let's move it into array on the stack - $vscount = count($GLOBALS['_xh']['valuestack']); - if ($vscount && $GLOBALS['_xh']['valuestack'][$vscount-1]['type']=='ARRAY') - { - $GLOBALS['_xh']['valuestack'][$vscount-1]['values'][] = $GLOBALS['_xh']['value']; - } - } - break; - case 'BOOLEAN': - case 'I4': - case 'INT': - case 'STRING': - case 'DOUBLE': - case 'DATETIME.ISO8601': - case 'BASE64': - $GLOBALS['_xh']['vt']=strtolower($name); - /// @todo: optimization creep - remove the if/elseif cycle below - /// since the case() in which we are already did that - if ($name=='STRING') - { - $GLOBALS['_xh']['value']=$GLOBALS['_xh']['ac']; - } - elseif ($name=='DATETIME.ISO8601') - { - if (!preg_match('/^[0-9]{8}T[0-9]{2}:[0-9]{2}:[0-9]{2}$/', $GLOBALS['_xh']['ac'])) - { - error_log('XML-RPC: invalid value received in DATETIME: '.$GLOBALS['_xh']['ac']); - } - $GLOBALS['_xh']['vt']=$GLOBALS['xmlrpcDateTime']; - $GLOBALS['_xh']['value']=$GLOBALS['_xh']['ac']; - } - elseif ($name=='BASE64') - { - /// @todo check for failure of base64 decoding / catch warnings - $GLOBALS['_xh']['value']=base64_decode($GLOBALS['_xh']['ac']); - } - elseif ($name=='BOOLEAN') - { - // special case here: we translate boolean 1 or 0 into PHP - // constants true or false. - // Strings 'true' and 'false' are accepted, even though the - // spec never mentions them (see eg. Blogger api docs) - // NB: this simple checks helps a lot sanitizing input, ie no - // security problems around here - if ($GLOBALS['_xh']['ac']=='1' || strcasecmp($GLOBALS['_xh']['ac'], 'true') == 0) - { - $GLOBALS['_xh']['value']=true; - } - else - { - // log if receiveing something strange, even though we set the value to false anyway - if ($GLOBALS['_xh']['ac']!='0' && strcasecmp($GLOBALS['_xh']['ac'], 'false') != 0) - error_log('XML-RPC: invalid value received in BOOLEAN: '.$GLOBALS['_xh']['ac']); - $GLOBALS['_xh']['value']=false; - } - } - elseif ($name=='DOUBLE') - { - // we have a DOUBLE - // we must check that only 0123456789-. are characters here - // NOTE: regexp could be much stricter than this... - if (!preg_match('/^[+-eE0123456789 \t.]+$/', $GLOBALS['_xh']['ac'])) - { - /// @todo: find a better way of throwing an error than this! - error_log('XML-RPC: non numeric value received in DOUBLE: '.$GLOBALS['_xh']['ac']); - $GLOBALS['_xh']['value']='ERROR_NON_NUMERIC_FOUND'; - } - else - { - // it's ok, add it on - $GLOBALS['_xh']['value']=(double)$GLOBALS['_xh']['ac']; - } - } - else - { - // we have an I4/INT - // we must check that only 0123456789- are characters here - if (!preg_match('/^[+-]?[0123456789 \t]+$/', $GLOBALS['_xh']['ac'])) - { - /// @todo find a better way of throwing an error than this! - error_log('XML-RPC: non numeric value received in INT: '.$GLOBALS['_xh']['ac']); - $GLOBALS['_xh']['value']='ERROR_NON_NUMERIC_FOUND'; - } - else - { - // it's ok, add it on - $GLOBALS['_xh']['value']=(int)$GLOBALS['_xh']['ac']; - } - } - //$GLOBALS['_xh']['ac']=''; // is this necessary? - $GLOBALS['_xh']['lv']=3; // indicate we've found a value - break; - case 'NAME': - $GLOBALS['_xh']['valuestack'][count($GLOBALS['_xh']['valuestack'])-1]['name'] = $GLOBALS['_xh']['ac']; - break; - case 'MEMBER': - //$GLOBALS['_xh']['ac']=''; // is this necessary? - // add to array in the stack the last element built, - // unless no VALUE was found - if ($GLOBALS['_xh']['vt']) - { - $vscount = count($GLOBALS['_xh']['valuestack']); - $GLOBALS['_xh']['valuestack'][$vscount-1]['values'][$GLOBALS['_xh']['valuestack'][$vscount-1]['name']] = $GLOBALS['_xh']['value']; - } else - error_log('XML-RPC: missing VALUE inside STRUCT in received xml'); - break; - case 'DATA': - //$GLOBALS['_xh']['ac']=''; // is this necessary? - $GLOBALS['_xh']['vt']=null; // reset this to check for 2 data elements in a row - even if they're empty - break; - case 'STRUCT': - case 'ARRAY': - // fetch out of stack array of values, and promote it to current value - $curr_val = array_pop($GLOBALS['_xh']['valuestack']); - $GLOBALS['_xh']['value'] = $curr_val['values']; - $GLOBALS['_xh']['vt']=strtolower($name); - if (isset($curr_val['php_class'])) - { - $GLOBALS['_xh']['php_class'] = $curr_val['php_class']; - } - break; - case 'PARAM': - // add to array of params the current value, - // unless no VALUE was found - if ($GLOBALS['_xh']['vt']) - { - $GLOBALS['_xh']['params'][]=$GLOBALS['_xh']['value']; - $GLOBALS['_xh']['pt'][]=$GLOBALS['_xh']['vt']; - } - else - error_log('XML-RPC: missing VALUE inside PARAM in received xml'); - break; - case 'METHODNAME': - $GLOBALS['_xh']['method']=preg_replace('/^[\n\r\t ]+/', '', $GLOBALS['_xh']['ac']); - break; - case 'NIL': - if ($GLOBALS['xmlrpc_null_extension']) - { - $GLOBALS['_xh']['vt']='null'; - $GLOBALS['_xh']['value']=null; - $GLOBALS['_xh']['lv']=3; - break; - } - // drop through intentionally if nil extension not enabled - case 'PARAMS': - case 'FAULT': - case 'METHODCALL': - case 'METHORESPONSE': - break; - default: - // End of INVALID ELEMENT! - // shall we add an assert here for unreachable code??? - break; - } - } - } - - /// Used in decoding xmlrpc requests/responses without rebuilding xmlrpc values - function xmlrpc_ee_fast($parser, $name) - { - xmlrpc_ee($parser, $name, false); - } - - /// xml parser handler function for character data - function xmlrpc_cd($parser, $data) - { - // skip processing if xml fault already detected - if ($GLOBALS['_xh']['isf'] < 2) - { - // "lookforvalue==3" means that we've found an entire value - // and should discard any further character data - if($GLOBALS['_xh']['lv']!=3) - { - // G. Giunta 2006-08-23: useless change of 'lv' from 1 to 2 - //if($GLOBALS['_xh']['lv']==1) - //{ - // if we've found text and we're just in a then - // say we've found a value - //$GLOBALS['_xh']['lv']=2; - //} - // we always initialize the accumulator before starting parsing, anyway... - //if(!@isset($GLOBALS['_xh']['ac'])) - //{ - // $GLOBALS['_xh']['ac'] = ''; - //} - $GLOBALS['_xh']['ac'].=$data; - } - } - } - - /// xml parser handler function for 'other stuff', ie. not char data or - /// element start/end tag. In fact it only gets called on unknown entities... - function xmlrpc_dh($parser, $data) - { - // skip processing if xml fault already detected - if ($GLOBALS['_xh']['isf'] < 2) - { - if(substr($data, 0, 1) == '&' && substr($data, -1, 1) == ';') - { - // G. Giunta 2006-08-25: useless change of 'lv' from 1 to 2 - //if($GLOBALS['_xh']['lv']==1) - //{ - // $GLOBALS['_xh']['lv']=2; - //} - $GLOBALS['_xh']['ac'].=$data; - } - } - return true; - } - - class xmlrpc_client - { - var $path; - var $server; - var $port=0; - var $method='http'; - var $errno; - var $errstr; - var $debug=0; - var $username=''; - var $password=''; - var $authtype=1; - var $cert=''; - var $certpass=''; - var $cacert=''; - var $cacertdir=''; - var $key=''; - var $keypass=''; - var $verifypeer=true; - var $verifyhost=1; - var $no_multicall=false; - var $proxy=''; - var $proxyport=0; - var $proxy_user=''; - var $proxy_pass=''; - var $proxy_authtype=1; - var $cookies=array(); - /** - * List of http compression methods accepted by the client for responses. - * NB: PHP supports deflate, gzip compressions out of the box if compiled w. zlib - * - * NNB: you can set it to any non-empty array for HTTP11 and HTTPS, since - * in those cases it will be up to CURL to decide the compression methods - * it supports. You might check for the presence of 'zlib' in the output of - * curl_version() to determine wheter compression is supported or not - */ - var $accepted_compression = array(); - /** - * Name of compression scheme to be used for sending requests. - * Either null, gzip or deflate - */ - var $request_compression = ''; - /** - * CURL handle: used for keep-alive connections (PHP 4.3.8 up, see: - * http://curl.haxx.se/docs/faq.html#7.3) - */ - var $xmlrpc_curl_handle = null; - /// Wheter to use persistent connections for http 1.1 and https - var $keepalive = false; - /// Charset encodings that can be decoded without problems by the client - var $accepted_charset_encodings = array(); - /// Charset encoding to be used in serializing request. NULL = use ASCII - var $request_charset_encoding = ''; - /** - * Decides the content of xmlrpcresp objects returned by calls to send() - * valid strings are 'xmlrpcvals', 'phpvals' or 'xml' - */ - var $return_type = 'xmlrpcvals'; - - /** - * @param string $path either the complete server URL or the PATH part of the xmlrc server URL, e.g. /xmlrpc/server.php - * @param string $server the server name / ip address - * @param integer $port the port the server is listening on, defaults to 80 or 443 depending on protocol used - * @param string $method the http protocol variant: defaults to 'http', 'https' and 'http11' can be used if CURL is installed - */ - function xmlrpc_client($path, $server='', $port='', $method='') - { - // allow user to specify all params in $path - if($server == '' and $port == '' and $method == '') - { - $parts = parse_url($path); - $server = $parts['host']; - $path = isset($parts['path']) ? $parts['path'] : ''; - if(isset($parts['query'])) - { - $path .= '?'.$parts['query']; - } - if(isset($parts['fragment'])) - { - $path .= '#'.$parts['fragment']; - } - if(isset($parts['port'])) - { - $port = $parts['port']; - } - if(isset($parts['scheme'])) - { - $method = $parts['scheme']; - } - if(isset($parts['user'])) - { - $this->username = $parts['user']; - } - if(isset($parts['pass'])) - { - $this->password = $parts['pass']; - } - } - if($path == '' || $path[0] != '/') - { - $this->path='/'.$path; - } - else - { - $this->path=$path; - } - $this->server=$server; - if($port != '') - { - $this->port=$port; - } - if($method != '') - { - $this->method=$method; - } - - // if ZLIB is enabled, let the client by default accept compressed responses - if(function_exists('gzinflate') || ( - function_exists('curl_init') && (($info = curl_version()) && - ((is_string($info) && strpos($info, 'zlib') !== null) || isset($info['libz_version']))) - )) - { - $this->accepted_compression = array('gzip', 'deflate'); - } - - // keepalives: enabled by default ONLY for PHP >= 4.3.8 - // (see http://curl.haxx.se/docs/faq.html#7.3) - if(version_compare(phpversion(), '4.3.8') >= 0) - { - $this->keepalive = true; - } - - // by default the xml parser can support these 3 charset encodings - $this->accepted_charset_encodings = array('UTF-8', 'ISO-8859-1', 'US-ASCII'); - } - - /** - * Enables/disables the echoing to screen of the xmlrpc responses received - * @param integer $debug values 0, 1 and 2 are supported (2 = echo sent msg too, before received response) - * @access public - */ - function setDebug($in) - { - $this->debug=$in; - } - - /** - * Add some http BASIC AUTH credentials, used by the client to authenticate - * @param string $u username - * @param string $p password - * @param integer $t auth type. See curl_setopt man page for supported auth types. Defaults to CURLAUTH_BASIC (basic auth) - * @access public - */ - function setCredentials($u, $p, $t=1) - { - $this->username=$u; - $this->password=$p; - $this->authtype=$t; - } - - /** - * Add a client-side https certificate - * @param string $cert - * @param string $certpass - * @access public - */ - function setCertificate($cert, $certpass) - { - $this->cert = $cert; - $this->certpass = $certpass; - } - - /** - * Add a CA certificate to verify server with (see man page about - * CURLOPT_CAINFO for more details - * @param string $cacert certificate file name (or dir holding certificates) - * @param bool $is_dir set to true to indicate cacert is a dir. defaults to false - * @access public - */ - function setCaCertificate($cacert, $is_dir=false) - { - if ($is_dir) - { - $this->cacertdir = $cacert; - } - else - { - $this->cacert = $cacert; - } - } - - /** - * Set attributes for SSL communication: private SSL key - * NB: does not work in older php/curl installs - * Thanks to Daniel Convissor - * @param string $key The name of a file containing a private SSL key - * @param string $keypass The secret password needed to use the private SSL key - * @access public - */ - function setKey($key, $keypass) - { - $this->key = $key; - $this->keypass = $keypass; - } - - /** - * Set attributes for SSL communication: verify server certificate - * @param bool $i enable/disable verification of peer certificate - * @access public - */ - function setSSLVerifyPeer($i) - { - $this->verifypeer = $i; - } - - /** - * Set attributes for SSL communication: verify match of server cert w. hostname - * @param int $i - * @access public - */ - function setSSLVerifyHost($i) - { - $this->verifyhost = $i; - } - - /** - * Set proxy info - * @param string $proxyhost - * @param string $proxyport Defaults to 8080 for HTTP and 443 for HTTPS - * @param string $proxyusername Leave blank if proxy has public access - * @param string $proxypassword Leave blank if proxy has public access - * @param int $proxyauthtype set to constant CURLAUTH_NTLM to use NTLM auth with proxy - * @access public - */ - function setProxy($proxyhost, $proxyport, $proxyusername = '', $proxypassword = '', $proxyauthtype = 1) - { - $this->proxy = $proxyhost; - $this->proxyport = $proxyport; - $this->proxy_user = $proxyusername; - $this->proxy_pass = $proxypassword; - $this->proxy_authtype = $proxyauthtype; - } - - /** - * Enables/disables reception of compressed xmlrpc responses. - * Note that enabling reception of compressed responses merely adds some standard - * http headers to xmlrpc requests. It is up to the xmlrpc server to return - * compressed responses when receiving such requests. - * @param string $compmethod either 'gzip', 'deflate', 'any' or '' - * @access public - */ - function setAcceptedCompression($compmethod) - { - if ($compmethod == 'any') - $this->accepted_compression = array('gzip', 'deflate'); - else - $this->accepted_compression = array($compmethod); - } - - /** - * Enables/disables http compression of xmlrpc request. - * Take care when sending compressed requests: servers might not support them - * (and automatic fallback to uncompressed requests is not yet implemented) - * @param string $compmethod either 'gzip', 'deflate' or '' - * @access public - */ - function setRequestCompression($compmethod) - { - $this->request_compression = $compmethod; - } - - /** - * Adds a cookie to list of cookies that will be sent to server. - * NB: setting any param but name and value will turn the cookie into a 'version 1' cookie: - * do not do it unless you know what you are doing - * @param string $name - * @param string $value - * @param string $path - * @param string $domain - * @param int $port - * @access public - * - * @todo check correctness of urlencoding cookie value (copied from php way of doing it...) - */ - function setCookie($name, $value='', $path='', $domain='', $port=null) - { - $this->cookies[$name]['value'] = urlencode($value); - if ($path || $domain || $port) - { - $this->cookies[$name]['path'] = $path; - $this->cookies[$name]['domain'] = $domain; - $this->cookies[$name]['port'] = $port; - $this->cookies[$name]['version'] = 1; - } - else - { - $this->cookies[$name]['version'] = 0; - } - } - - /** - * Send an xmlrpc request - * @param mixed $msg The message object, or an array of messages for using multicall, or the complete xml representation of a request - * @param integer $timeout Connection timeout, in seconds, If unspecified, a platform specific timeout will apply - * @param string $method if left unspecified, the http protocol chosen during creation of the object will be used - * @return xmlrpcresp - * @access public - */ - function& send($msg, $timeout=0, $method='') - { - // if user deos not specify http protocol, use native method of this client - // (i.e. method set during call to constructor) - if($method == '') - { - $method = $this->method; - } - - if(is_array($msg)) - { - // $msg is an array of xmlrpcmsg's - $r = $this->multicall($msg, $timeout, $method); - return $r; - } - elseif(is_string($msg)) - { - $n = new xmlrpcmsg(''); - $n->payload = $msg; - $msg = $n; - } - - // where msg is an xmlrpcmsg - $msg->debug=$this->debug; - - if($method == 'https') - { - $r =& $this->sendPayloadHTTPS( - $msg, - $this->server, - $this->port, - $timeout, - $this->username, - $this->password, - $this->authtype, - $this->cert, - $this->certpass, - $this->cacert, - $this->cacertdir, - $this->proxy, - $this->proxyport, - $this->proxy_user, - $this->proxy_pass, - $this->proxy_authtype, - $this->keepalive, - $this->key, - $this->keypass - ); - } - elseif($method == 'http11') - { - $r =& $this->sendPayloadCURL( - $msg, - $this->server, - $this->port, - $timeout, - $this->username, - $this->password, - $this->authtype, - null, - null, - null, - null, - $this->proxy, - $this->proxyport, - $this->proxy_user, - $this->proxy_pass, - $this->proxy_authtype, - 'http', - $this->keepalive - ); - } - else - { - $r =& $this->sendPayloadHTTP10( - $msg, - $this->server, - $this->port, - $timeout, - $this->username, - $this->password, - $this->authtype, - $this->proxy, - $this->proxyport, - $this->proxy_user, - $this->proxy_pass, - $this->proxy_authtype - ); - } - - return $r; - } - - /** - * @access private - */ - function &sendPayloadHTTP10($msg, $server, $port, $timeout=0, - $username='', $password='', $authtype=1, $proxyhost='', - $proxyport=0, $proxyusername='', $proxypassword='', $proxyauthtype=1) - { - if($port==0) - { - $port=80; - } - - // Only create the payload if it was not created previously - if(empty($msg->payload)) - { - $msg->createPayload($this->request_charset_encoding); - } - - $payload = $msg->payload; - // Deflate request body and set appropriate request headers - if(function_exists('gzdeflate') && ($this->request_compression == 'gzip' || $this->request_compression == 'deflate')) - { - if($this->request_compression == 'gzip') - { - $a = @gzencode($payload); - if($a) - { - $payload = $a; - $encoding_hdr = "Content-Encoding: gzip\r\n"; - } - } - else - { - $a = @gzcompress($payload); - if($a) - { - $payload = $a; - $encoding_hdr = "Content-Encoding: deflate\r\n"; - } - } - } - else - { - $encoding_hdr = ''; - } - - // thanks to Grant Rauscher for this - $credentials=''; - if($username!='') - { - $credentials='Authorization: Basic ' . base64_encode($username . ':' . $password) . "\r\n"; - if ($authtype != 1) - { - error_log('XML-RPC: xmlrpc_client::send: warning. Only Basic auth is supported with HTTP 1.0'); - } - } - - $accepted_encoding = ''; - if(is_array($this->accepted_compression) && count($this->accepted_compression)) - { - $accepted_encoding = 'Accept-Encoding: ' . implode(', ', $this->accepted_compression) . "\r\n"; - } - - $proxy_credentials = ''; - if($proxyhost) - { - if($proxyport == 0) - { - $proxyport = 8080; - } - $connectserver = $proxyhost; - $connectport = $proxyport; - $uri = 'http://'.$server.':'.$port.$this->path; - if($proxyusername != '') - { - if ($proxyauthtype != 1) - { - error_log('XML-RPC: xmlrpc_client::send: warning. Only Basic auth to proxy is supported with HTTP 1.0'); - } - $proxy_credentials = 'Proxy-Authorization: Basic ' . base64_encode($proxyusername.':'.$proxypassword) . "\r\n"; - } - } - else - { - $connectserver = $server; - $connectport = $port; - $uri = $this->path; - } - - // Cookie generation, as per rfc2965 (version 1 cookies) or - // netscape's rules (version 0 cookies) - $cookieheader=''; - if (count($this->cookies)) - { - $version = ''; - foreach ($this->cookies as $name => $cookie) - { - if ($cookie['version']) - { - $version = ' $Version="' . $cookie['version'] . '";'; - $cookieheader .= ' ' . $name . '="' . $cookie['value'] . '";'; - if ($cookie['path']) - $cookieheader .= ' $Path="' . $cookie['path'] . '";'; - if ($cookie['domain']) - $cookieheader .= ' $Domain="' . $cookie['domain'] . '";'; - if ($cookie['port']) - $cookieheader .= ' $Port="' . $cookie['port'] . '";'; - } - else - { - $cookieheader .= ' ' . $name . '=' . $cookie['value'] . ";"; - } - } - $cookieheader = 'Cookie:' . $version . substr($cookieheader, 0, -1) . "\r\n"; - } - - $op= 'POST ' . $uri. " HTTP/1.0\r\n" . - 'User-Agent: ' . $GLOBALS['xmlrpcName'] . ' ' . $GLOBALS['xmlrpcVersion'] . "\r\n" . - 'Host: '. $server . ':' . $port . "\r\n" . - $credentials . - $proxy_credentials . - $accepted_encoding . - $encoding_hdr . - 'Accept-Charset: ' . implode(',', $this->accepted_charset_encodings) . "\r\n" . - $cookieheader . - 'Content-Type: ' . $msg->content_type . "\r\nContent-Length: " . - strlen($payload) . "\r\n\r\n" . - $payload; - - if($this->debug > 1) - { - print "
\n---SENDING---\n" . htmlentities($op) . "\n---END---\n
"; - // let the client see this now in case http times out... - flush(); - } - - if($timeout>0) - { - $fp=@fsockopen($connectserver, $connectport, $this->errno, $this->errstr, $timeout); - } - else - { - $fp=@fsockopen($connectserver, $connectport, $this->errno, $this->errstr); - } - if($fp) - { - if($timeout>0 && function_exists('stream_set_timeout')) - { - stream_set_timeout($fp, $timeout); - } - } - else - { - $this->errstr='Connect error: '.$this->errstr; - $r= new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['http_error'], $this->errstr . ' (' . $this->errno . ')'); - return $r; - } - - if(!fputs($fp, $op, strlen($op))) - { - fclose($fp); - $this->errstr='Write error'; - $r= new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['http_error'], $this->errstr); - return $r; - } - else - { - // reset errno and errstr on succesful socket connection - $this->errstr = ''; - } - // G. Giunta 2005/10/24: close socket before parsing. - // should yeld slightly better execution times, and make easier recursive calls (e.g. to follow http redirects) - $ipd=''; - do - { - // shall we check for $data === FALSE? - // as per the manual, it signals an error - $ipd.=fread($fp, 32768); - } while(!feof($fp)); - fclose($fp); - $r =& $msg->parseResponse($ipd, false, $this->return_type); - return $r; - - } - - /** - * @access private - */ - function &sendPayloadHTTPS($msg, $server, $port, $timeout=0, $username='', - $password='', $authtype=1, $cert='',$certpass='', $cacert='', $cacertdir='', - $proxyhost='', $proxyport=0, $proxyusername='', $proxypassword='', $proxyauthtype=1, - $keepalive=false, $key='', $keypass='') - { - $r =& $this->sendPayloadCURL($msg, $server, $port, $timeout, $username, - $password, $authtype, $cert, $certpass, $cacert, $cacertdir, $proxyhost, $proxyport, - $proxyusername, $proxypassword, $proxyauthtype, 'https', $keepalive, $key, $keypass); - return $r; - } - - /** - * Contributed by Justin Miller - * Requires curl to be built into PHP - * NB: CURL versions before 7.11.10 cannot use proxy to talk to https servers! - * @access private - */ - function &sendPayloadCURL($msg, $server, $port, $timeout=0, $username='', - $password='', $authtype=1, $cert='', $certpass='', $cacert='', $cacertdir='', - $proxyhost='', $proxyport=0, $proxyusername='', $proxypassword='', $proxyauthtype=1, $method='https', - $keepalive=false, $key='', $keypass='') - { - if(!function_exists('curl_init')) - { - $this->errstr='CURL unavailable on this install'; - $r= new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['no_curl'], $GLOBALS['xmlrpcstr']['no_curl']); - return $r; - } - if($method == 'https') - { - if(($info = curl_version()) && - ((is_string($info) && strpos($info, 'OpenSSL') === null) || (is_array($info) && !isset($info['ssl_version'])))) - { - $this->errstr='SSL unavailable on this install'; - $r= new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['no_ssl'], $GLOBALS['xmlrpcstr']['no_ssl']); - return $r; - } - } - - if($port == 0) - { - if($method == 'http') - { - $port = 80; - } - else - { - $port = 443; - } - } - - // Only create the payload if it was not created previously - if(empty($msg->payload)) - { - $msg->createPayload($this->request_charset_encoding); - } - - // Deflate request body and set appropriate request headers - $payload = $msg->payload; - if(function_exists('gzdeflate') && ($this->request_compression == 'gzip' || $this->request_compression == 'deflate')) - { - if($this->request_compression == 'gzip') - { - $a = @gzencode($payload); - if($a) - { - $payload = $a; - $encoding_hdr = 'Content-Encoding: gzip'; - } - } - else - { - $a = @gzcompress($payload); - if($a) - { - $payload = $a; - $encoding_hdr = 'Content-Encoding: deflate'; - } - } - } - else - { - $encoding_hdr = ''; - } - - if($this->debug > 1) - { - print "
\n---SENDING---\n" . htmlentities($payload) . "\n---END---\n
"; - // let the client see this now in case http times out... - flush(); - } - - if(!$keepalive || !$this->xmlrpc_curl_handle) - { - $curl = curl_init($method . '://' . $server . ':' . $port . $this->path); - if($keepalive) - { - $this->xmlrpc_curl_handle = $curl; - } - } - else - { - $curl = $this->xmlrpc_curl_handle; - } - - // results into variable - curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); - - if($this->debug) - { - curl_setopt($curl, CURLOPT_VERBOSE, 1); - } - curl_setopt($curl, CURLOPT_USERAGENT, $GLOBALS['xmlrpcName'].' '.$GLOBALS['xmlrpcVersion']); - // required for XMLRPC: post the data - curl_setopt($curl, CURLOPT_POST, 1); - // the data - curl_setopt($curl, CURLOPT_POSTFIELDS, $payload); - - // return the header too - curl_setopt($curl, CURLOPT_HEADER, 1); - - // will only work with PHP >= 5.0 - // NB: if we set an empty string, CURL will add http header indicating - // ALL methods it is supporting. This is possibly a better option than - // letting the user tell what curl can / cannot do... - if(is_array($this->accepted_compression) && count($this->accepted_compression)) - { - //curl_setopt($curl, CURLOPT_ENCODING, implode(',', $this->accepted_compression)); - // empty string means 'any supported by CURL' (shall we catch errors in case CURLOPT_SSLKEY undefined ?) - if (count($this->accepted_compression) == 1) - { - curl_setopt($curl, CURLOPT_ENCODING, $this->accepted_compression[0]); - } - else - curl_setopt($curl, CURLOPT_ENCODING, ''); - } - // extra headers - $headers = array('Content-Type: ' . $msg->content_type , 'Accept-Charset: ' . implode(',', $this->accepted_charset_encodings)); - // if no keepalive is wanted, let the server know it in advance - if(!$keepalive) - { - $headers[] = 'Connection: close'; - } - // request compression header - if($encoding_hdr) - { - $headers[] = $encoding_hdr; - } - - curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); - // timeout is borked - if($timeout) - { - curl_setopt($curl, CURLOPT_TIMEOUT, $timeout == 1 ? 1 : $timeout - 1); - } - - if($username && $password) - { - curl_setopt($curl, CURLOPT_USERPWD, $username.':'.$password); - if (defined('CURLOPT_HTTPAUTH')) - { - curl_setopt($curl, CURLOPT_HTTPAUTH, $authtype); - } - else if ($authtype != 1) - { - error_log('XML-RPC: xmlrpc_client::send: warning. Only Basic auth is supported by the current PHP/curl install'); - } - } - - if($method == 'https') - { - // set cert file - if($cert) - { - curl_setopt($curl, CURLOPT_SSLCERT, $cert); - } - // set cert password - if($certpass) - { - curl_setopt($curl, CURLOPT_SSLCERTPASSWD, $certpass); - } - // whether to verify remote host's cert - curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, $this->verifypeer); - // set ca certificates file/dir - if($cacert) - { - curl_setopt($curl, CURLOPT_CAINFO, $cacert); - } - if($cacertdir) - { - curl_setopt($curl, CURLOPT_CAPATH, $cacertdir); - } - // set key file (shall we catch errors in case CURLOPT_SSLKEY undefined ?) - if($key) - { - curl_setopt($curl, CURLOPT_SSLKEY, $key); - } - // set key password (shall we catch errors in case CURLOPT_SSLKEY undefined ?) - if($keypass) - { - curl_setopt($curl, CURLOPT_SSLKEYPASSWD, $keypass); - } - // whether to verify cert's common name (CN); 0 for no, 1 to verify that it exists, and 2 to verify that it matches the hostname used - curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, $this->verifyhost); - } - - // proxy info - if($proxyhost) - { - if($proxyport == 0) - { - $proxyport = 8080; // NB: even for HTTPS, local connection is on port 8080 - } - curl_setopt($curl, CURLOPT_PROXY, $proxyhost.':'.$proxyport); - //curl_setopt($curl, CURLOPT_PROXYPORT,$proxyport); - if($proxyusername) - { - curl_setopt($curl, CURLOPT_PROXYUSERPWD, $proxyusername.':'.$proxypassword); - if (defined('CURLOPT_PROXYAUTH')) - { - curl_setopt($curl, CURLOPT_PROXYAUTH, $proxyauthtype); - } - else if ($proxyauthtype != 1) - { - error_log('XML-RPC: xmlrpc_client::send: warning. Only Basic auth to proxy is supported by the current PHP/curl install'); - } - } - } - - // NB: should we build cookie http headers by hand rather than let CURL do it? - // the following code does not honour 'expires', 'path' and 'domain' cookie attributes - // set to client obj the the user... - if (count($this->cookies)) - { - $cookieheader = ''; - foreach ($this->cookies as $name => $cookie) - { - $cookieheader .= $name . '=' . $cookie['value'] . '; '; - } - curl_setopt($curl, CURLOPT_COOKIE, substr($cookieheader, 0, -2)); - } - - $result = curl_exec($curl); - - if ($this->debug > 1) - { - print "
\n---CURL INFO---\n";
-				foreach(curl_getinfo($curl) as $name => $val)
-					 print $name . ': ' . htmlentities($val). "\n";
-				print "---END---\n
"; - } - - if(!$result) /// @todo we should use a better check here - what if we get back '' or '0'? - { - $this->errstr='no response'; - $resp= new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['curl_fail'], $GLOBALS['xmlrpcstr']['curl_fail']. ': '. curl_error($curl)); - curl_close($curl); - if($keepalive) - { - $this->xmlrpc_curl_handle = null; - } - } - else - { - if(!$keepalive) - { - curl_close($curl); - } - $resp =& $msg->parseResponse($result, true, $this->return_type); - } - return $resp; - } - - /** - * Send an array of request messages and return an array of responses. - * Unless $this->no_multicall has been set to true, it will try first - * to use one single xmlrpc call to server method system.multicall, and - * revert to sending many successive calls in case of failure. - * This failure is also stored in $this->no_multicall for subsequent calls. - * Unfortunately, there is no server error code universally used to denote - * the fact that multicall is unsupported, so there is no way to reliably - * distinguish between that and a temporary failure. - * If you are sure that server supports multicall and do not want to - * fallback to using many single calls, set the fourth parameter to FALSE. - * - * NB: trying to shoehorn extra functionality into existing syntax has resulted - * in pretty much convoluted code... - * - * @param array $msgs an array of xmlrpcmsg objects - * @param integer $timeout connection timeout (in seconds) - * @param string $method the http protocol variant to be used - * @param boolean fallback When true, upon receiveing an error during multicall, multiple single calls will be attempted - * @return array - * @access public - */ - function multicall($msgs, $timeout=0, $method='', $fallback=true) - { - if ($method == '') - { - $method = $this->method; - } - if(!$this->no_multicall) - { - $results = $this->_try_multicall($msgs, $timeout, $method); - if(is_array($results)) - { - // System.multicall succeeded - return $results; - } - else - { - // either system.multicall is unsupported by server, - // or call failed for some other reason. - if ($fallback) - { - // Don't try it next time... - $this->no_multicall = true; - } - else - { - if (is_a($results, 'xmlrpcresp')) - { - $result = $results; - } - else - { - $result = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['multicall_error'], $GLOBALS['xmlrpcstr']['multicall_error']); - } - } - } - } - else - { - // override fallback, in case careless user tries to do two - // opposite things at the same time - $fallback = true; - } - - $results = array(); - if ($fallback) - { - // system.multicall is (probably) unsupported by server: - // emulate multicall via multiple requests - foreach($msgs as $msg) - { - $results[] =& $this->send($msg, $timeout, $method); - } - } - else - { - // user does NOT want to fallback on many single calls: - // since we should always return an array of responses, - // return an array with the same error repeated n times - foreach($msgs as $msg) - { - $results[] = $result; - } - } - return $results; - } - - /** - * Attempt to boxcar $msgs via system.multicall. - * Returns either an array of xmlrpcreponses, an xmlrpc error response - * or false (when received response does not respect valid multicall syntax) - * @access private - */ - function _try_multicall($msgs, $timeout, $method) - { - // Construct multicall message - $calls = array(); - foreach($msgs as $msg) - { - $call['methodName'] = new xmlrpcval($msg->method(),'string'); - $numParams = $msg->getNumParams(); - $params = array(); - for($i = 0; $i < $numParams; $i++) - { - $params[$i] = $msg->getParam($i); - } - $call['params'] = new xmlrpcval($params, 'array'); - $calls[] = new xmlrpcval($call, 'struct'); - } - $multicall = new xmlrpcmsg('system.multicall'); - $multicall->addParam(new xmlrpcval($calls, 'array')); - - // Attempt RPC call - $result =& $this->send($multicall, $timeout, $method); - - if($result->faultCode() != 0) - { - // call to system.multicall failed - return $result; - } - - // Unpack responses. - $rets = $result->value(); - - if ($this->return_type == 'xml') - { - return $rets; - } - else if ($this->return_type == 'phpvals') - { - ///@todo test this code branch... - $rets = $result->value(); - if(!is_array($rets)) - { - return false; // bad return type from system.multicall - } - $numRets = count($rets); - if($numRets != count($msgs)) - { - return false; // wrong number of return values. - } - - $response = array(); - for($i = 0; $i < $numRets; $i++) - { - $val = $rets[$i]; - if (!is_array($val)) { - return false; - } - switch(count($val)) - { - case 1: - if(!isset($val[0])) - { - return false; // Bad value - } - // Normal return value - $response[$i] = new xmlrpcresp($val[0], 0, '', 'phpvals'); - break; - case 2: - /// @todo remove usage of @: it is apparently quite slow - $code = @$val['faultCode']; - if(!is_int($code)) - { - return false; - } - $str = @$val['faultString']; - if(!is_string($str)) - { - return false; - } - $response[$i] = new xmlrpcresp(0, $code, $str); - break; - default: - return false; - } - } - return $response; - } - else // return type == 'xmlrpcvals' - { - $rets = $result->value(); - if($rets->kindOf() != 'array') - { - return false; // bad return type from system.multicall - } - $numRets = $rets->arraysize(); - if($numRets != count($msgs)) - { - return false; // wrong number of return values. - } - - $response = array(); - for($i = 0; $i < $numRets; $i++) - { - $val = $rets->arraymem($i); - switch($val->kindOf()) - { - case 'array': - if($val->arraysize() != 1) - { - return false; // Bad value - } - // Normal return value - $response[$i] = new xmlrpcresp($val->arraymem(0)); - break; - case 'struct': - $code = $val->structmem('faultCode'); - if($code->kindOf() != 'scalar' || $code->scalartyp() != 'int') - { - return false; - } - $str = $val->structmem('faultString'); - if($str->kindOf() != 'scalar' || $str->scalartyp() != 'string') - { - return false; - } - $response[$i] = new xmlrpcresp(0, $code->scalarval(), $str->scalarval()); - break; - default: - return false; - } - } - return $response; - } - } - } // end class xmlrpc_client - - class xmlrpcresp - { - var $val = 0; - var $valtyp; - var $errno = 0; - var $errstr = ''; - var $payload; - var $hdrs = array(); - var $_cookies = array(); - var $content_type = 'text/xml'; - var $raw_data = ''; - - /** - * @param mixed $val either an xmlrpcval obj, a php value or the xml serialization of an xmlrpcval (a string) - * @param integer $fcode set it to anything but 0 to create an error response - * @param string $fstr the error string, in case of an error response - * @param string $valtyp either 'xmlrpcvals', 'phpvals' or 'xml' - * - * @todo add check that $val / $fcode / $fstr is of correct type??? - * NB: as of now we do not do it, since it might be either an xmlrpcval or a plain - * php val, or a complete xml chunk, depending on usage of xmlrpc_client::send() inside which creator is called... - */ - function xmlrpcresp($val, $fcode = 0, $fstr = '', $valtyp='') - { - if($fcode != 0) - { - // error response - $this->errno = $fcode; - $this->errstr = $fstr; - //$this->errstr = htmlspecialchars($fstr); // XXX: encoding probably shouldn't be done here; fix later. - } - else - { - // successful response - $this->val = $val; - if ($valtyp == '') - { - // user did not declare type of response value: try to guess it - if (is_object($this->val) && is_a($this->val, 'xmlrpcval')) - { - $this->valtyp = 'xmlrpcvals'; - } - else if (is_string($this->val)) - { - $this->valtyp = 'xml'; - - } - else - { - $this->valtyp = 'phpvals'; - } - } - else - { - // user declares type of resp value: believe him - $this->valtyp = $valtyp; - } - } - } - - /** - * Returns the error code of the response. - * @return integer the error code of this response (0 for not-error responses) - * @access public - */ - function faultCode() - { - return $this->errno; - } - - /** - * Returns the error code of the response. - * @return string the error string of this response ('' for not-error responses) - * @access public - */ - function faultString() - { - return $this->errstr; - } - - /** - * Returns the value received by the server. - * @return mixed the xmlrpcval object returned by the server. Might be an xml string or php value if the response has been created by specially configured xmlrpc_client objects - * @access public - */ - function value() - { - return $this->val; - } - - /** - * Returns an array with the cookies received from the server. - * Array has the form: $cookiename => array ('value' => $val, $attr1 => $val1, $attr2 = $val2, ...) - * with attributes being e.g. 'expires', 'path', domain'. - * NB: cookies sent as 'expired' by the server (i.e. with an expiry date in the past) - * are still present in the array. It is up to the user-defined code to decide - * how to use the received cookies, and wheter they have to be sent back with the next - * request to the server (using xmlrpc_client::setCookie) or not - * @return array array of cookies received from the server - * @access public - */ - function cookies() - { - return $this->_cookies; - } - - /** - * Returns xml representation of the response. XML prologue not included - * @param string $charset_encoding the charset to be used for serialization. if null, US-ASCII is assumed - * @return string the xml representation of the response - * @access public - */ - function serialize($charset_encoding='') - { - if ($charset_encoding != '') - $this->content_type = 'text/xml; charset=' . $charset_encoding; - else - $this->content_type = 'text/xml'; - $result = "\n"; - if($this->errno) - { - // G. Giunta 2005/2/13: let non-ASCII response messages be tolerated by clients - // by xml-encoding non ascii chars - $result .= "\n" . -"\nfaultCode\n" . $this->errno . -"\n\n\nfaultString\n" . -xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $charset_encoding) . "\n\n" . -"\n\n"; - } - else - { - if(!is_object($this->val) || !is_a($this->val, 'xmlrpcval')) - { - if (is_string($this->val) && $this->valtyp == 'xml') - { - $result .= "\n\n" . - $this->val . - "\n"; - } - else - { - /// @todo try to build something serializable? - die('cannot serialize xmlrpcresp objects whose content is native php values'); - } - } - else - { - $result .= "\n\n" . - $this->val->serialize($charset_encoding) . - "\n"; - } - } - $result .= "\n"; - $this->payload = $result; - return $result; - } - } - - class xmlrpcmsg - { - var $payload; - var $methodname; - var $params=array(); - var $debug=0; - var $content_type = 'text/xml'; - - /** - * @param string $meth the name of the method to invoke - * @param array $pars array of parameters to be paased to the method (xmlrpcval objects) - */ - function xmlrpcmsg($meth, $pars=0) - { - $this->methodname=$meth; - if(is_array($pars) && count($pars)>0) - { - for($i=0; $iaddParam($pars[$i]); - } - } - } - - /** - * @access private - */ - function xml_header($charset_encoding='') - { - if ($charset_encoding != '') - { - return "\n\n"; - } - else - { - return "\n\n"; - } - } - - /** - * @access private - */ - function xml_footer() - { - return ''; - } - - /** - * @access private - */ - function kindOf() - { - return 'msg'; - } - - /** - * @access private - */ - function createPayload($charset_encoding='') - { - if ($charset_encoding != '') - $this->content_type = 'text/xml; charset=' . $charset_encoding; - else - $this->content_type = 'text/xml'; - $this->payload=$this->xml_header($charset_encoding); - $this->payload.='' . $this->methodname . "\n"; - $this->payload.="\n"; - for($i=0; $iparams); $i++) - { - $p=$this->params[$i]; - $this->payload.="\n" . $p->serialize($charset_encoding) . - "\n"; - } - $this->payload.="\n"; - $this->payload.=$this->xml_footer(); - } - - /** - * Gets/sets the xmlrpc method to be invoked - * @param string $meth the method to be set (leave empty not to set it) - * @return string the method that will be invoked - * @access public - */ - function method($meth='') - { - if($meth!='') - { - $this->methodname=$meth; - } - return $this->methodname; - } - - /** - * Returns xml representation of the message. XML prologue included - * @return string the xml representation of the message, xml prologue included - * @access public - */ - function serialize($charset_encoding='') - { - $this->createPayload($charset_encoding); - return $this->payload; - } - - /** - * Add a parameter to the list of parameters to be used upon method invocation - * @param xmlrpcval $par - * @return boolean false on failure - * @access public - */ - function addParam($par) - { - // add check: do not add to self params which are not xmlrpcvals - if(is_object($par) && is_a($par, 'xmlrpcval')) - { - $this->params[]=$par; - return true; - } - else - { - return false; - } - } - - /** - * Returns the nth parameter in the message. The index zero-based. - * @param integer $i the index of the parameter to fetch (zero based) - * @return xmlrpcval the i-th parameter - * @access public - */ - function getParam($i) { return $this->params[$i]; } - - /** - * Returns the number of parameters in the messge. - * @return integer the number of parameters currently set - * @access public - */ - function getNumParams() { return count($this->params); } - - /** - * Given an open file handle, read all data available and parse it as axmlrpc response. - * NB: the file handle is not closed by this function. - * NNB: might have trouble in rare cases to work on network streams, as we - * check for a read of 0 bytes instead of feof($fp). - * But since checking for feof(null) returns false, we would risk an - * infinite loop in that case, because we cannot trust the caller - * to give us a valid pointer to an open file... - * @access public - * @return xmlrpcresp - * @todo add 2nd & 3rd param to be passed to ParseResponse() ??? - */ - function &parseResponseFile($fp) - { - $ipd=''; - while($data=fread($fp, 32768)) - { - $ipd.=$data; - } - //fclose($fp); - $r =& $this->parseResponse($ipd); - return $r; - } - - /** - * Parses HTTP headers and separates them from data. - * @access private - */ - function &parseResponseHeaders(&$data, $headers_processed=false) - { - // Support "web-proxy-tunelling" connections for https through proxies - if(preg_match('/^HTTP\/1\.[0-1] 200 Connection established/', $data)) - { - // Look for CR/LF or simple LF as line separator, - // (even though it is not valid http) - $pos = strpos($data,"\r\n\r\n"); - if($pos || is_int($pos)) - { - $bd = $pos+4; - } - else - { - $pos = strpos($data,"\n\n"); - if($pos || is_int($pos)) - { - $bd = $pos+2; - } - else - { - // No separation between response headers and body: fault? - $bd = 0; - } - } - if ($bd) - { - // this filters out all http headers from proxy. - // maybe we could take them into account, too? - $data = substr($data, $bd); - } - else - { - error_log('XML-RPC: xmlrpcmsg::parseResponse: HTTPS via proxy error, tunnel connection possibly failed'); - $r= new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['http_error'], $GLOBALS['xmlrpcstr']['http_error']. ' (HTTPS via proxy error, tunnel connection possibly failed)'); - return $r; - } - } - - // Strip HTTP 1.1 100 Continue header if present - while(preg_match('/^HTTP\/1\.1 1[0-9]{2} /', $data)) - { - $pos = strpos($data, 'HTTP', 12); - // server sent a Continue header without any (valid) content following... - // give the client a chance to know it - if(!$pos && !is_int($pos)) // works fine in php 3, 4 and 5 - { - break; - } - $data = substr($data, $pos); - } - if(!preg_match('/^HTTP\/[0-9.]+ 200 /', $data)) - { - $errstr= substr($data, 0, strpos($data, "\n")-1); - error_log('XML-RPC: xmlrpcmsg::parseResponse: HTTP error, got response: ' .$errstr); - $r= new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['http_error'], $GLOBALS['xmlrpcstr']['http_error']. ' (' . $errstr . ')'); - return $r; - } - - $GLOBALS['_xh']['headers'] = array(); - $GLOBALS['_xh']['cookies'] = array(); - - // be tolerant to usage of \n instead of \r\n to separate headers and data - // (even though it is not valid http) - $pos = strpos($data,"\r\n\r\n"); - if($pos || is_int($pos)) - { - $bd = $pos+4; - } - else - { - $pos = strpos($data,"\n\n"); - if($pos || is_int($pos)) - { - $bd = $pos+2; - } - else - { - // No separation between response headers and body: fault? - // we could take some action here instead of going on... - $bd = 0; - } - } - // be tolerant to line endings, and extra empty lines - $ar = split("\r?\n", trim(substr($data, 0, $pos))); - while(list(,$line) = @each($ar)) - { - // take care of multi-line headers and cookies - $arr = explode(':',$line,2); - if(count($arr) > 1) - { - $header_name = strtolower(trim($arr[0])); - /// @todo some other headers (the ones that allow a CSV list of values) - /// do allow many values to be passed using multiple header lines. - /// We should add content to $GLOBALS['_xh']['headers'][$header_name] - /// instead of replacing it for those... - if ($header_name == 'set-cookie' || $header_name == 'set-cookie2') - { - if ($header_name == 'set-cookie2') - { - // version 2 cookies: - // there could be many cookies on one line, comma separated - $cookies = explode(',', $arr[1]); - } - else - { - $cookies = array($arr[1]); - } - foreach ($cookies as $cookie) - { - // glue together all received cookies, using a comma to separate them - // (same as php does with getallheaders()) - if (isset($GLOBALS['_xh']['headers'][$header_name])) - $GLOBALS['_xh']['headers'][$header_name] .= ', ' . trim($cookie); - else - $GLOBALS['_xh']['headers'][$header_name] = trim($cookie); - // parse cookie attributes, in case user wants to correctly honour them - // feature creep: only allow rfc-compliant cookie attributes? - // @todo support for server sending multiple time cookie with same name, but using different PATHs - $cookie = explode(';', $cookie); - foreach ($cookie as $pos => $val) - { - $val = explode('=', $val, 2); - $tag = trim($val[0]); - $val = trim(@$val[1]); - /// @todo with version 1 cookies, we should strip leading and trailing " chars - if ($pos == 0) - { - $cookiename = $tag; - $GLOBALS['_xh']['cookies'][$tag] = array(); - $GLOBALS['_xh']['cookies'][$cookiename]['value'] = urldecode($val); - } - else - { - if ($tag != 'value') - { - $GLOBALS['_xh']['cookies'][$cookiename][$tag] = $val; - } - } - } - } - } - else - { - $GLOBALS['_xh']['headers'][$header_name] = trim($arr[1]); - } - } - elseif(isset($header_name)) - { - /// @todo version1 cookies might span multiple lines, thus breaking the parsing above - $GLOBALS['_xh']['headers'][$header_name] .= ' ' . trim($line); - } - } - - $data = substr($data, $bd); - - if($this->debug && count($GLOBALS['_xh']['headers'])) - { - print '
';
-					foreach($GLOBALS['_xh']['headers'] as $header => $value)
-					{
-						print htmlentities("HEADER: $header: $value\n");
-					}
-					foreach($GLOBALS['_xh']['cookies'] as $header => $value)
-					{
-						print htmlentities("COOKIE: $header={$value['value']}\n");
-					}
-					print "
\n"; - } - - // if CURL was used for the call, http headers have been processed, - // and dechunking + reinflating have been carried out - if(!$headers_processed) - { - // Decode chunked encoding sent by http 1.1 servers - if(isset($GLOBALS['_xh']['headers']['transfer-encoding']) && $GLOBALS['_xh']['headers']['transfer-encoding'] == 'chunked') - { - if(!$data = decode_chunked($data)) - { - error_log('XML-RPC: xmlrpcmsg::parseResponse: errors occurred when trying to rebuild the chunked data received from server'); - $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['dechunk_fail'], $GLOBALS['xmlrpcstr']['dechunk_fail']); - return $r; - } - } - - // Decode gzip-compressed stuff - // code shamelessly inspired from nusoap library by Dietrich Ayala - if(isset($GLOBALS['_xh']['headers']['content-encoding'])) - { - $GLOBALS['_xh']['headers']['content-encoding'] = str_replace('x-', '', $GLOBALS['_xh']['headers']['content-encoding']); - if($GLOBALS['_xh']['headers']['content-encoding'] == 'deflate' || $GLOBALS['_xh']['headers']['content-encoding'] == 'gzip') - { - // if decoding works, use it. else assume data wasn't gzencoded - if(function_exists('gzinflate')) - { - if($GLOBALS['_xh']['headers']['content-encoding'] == 'deflate' && $degzdata = @gzuncompress($data)) - { - $data = $degzdata; - if($this->debug) - print "
---INFLATED RESPONSE---[".strlen($data)." chars]---\n" . htmlentities($data) . "\n---END---
"; - } - elseif($GLOBALS['_xh']['headers']['content-encoding'] == 'gzip' && $degzdata = @gzinflate(substr($data, 10))) - { - $data = $degzdata; - if($this->debug) - print "
---INFLATED RESPONSE---[".strlen($data)." chars]---\n" . htmlentities($data) . "\n---END---
"; - } - else - { - error_log('XML-RPC: xmlrpcmsg::parseResponse: errors occurred when trying to decode the deflated data received from server'); - $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['decompress_fail'], $GLOBALS['xmlrpcstr']['decompress_fail']); - return $r; - } - } - else - { - error_log('XML-RPC: xmlrpcmsg::parseResponse: the server sent deflated data. Your php install must have the Zlib extension compiled in to support this.'); - $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['cannot_decompress'], $GLOBALS['xmlrpcstr']['cannot_decompress']); - return $r; - } - } - } - } // end of 'if needed, de-chunk, re-inflate response' - - // real stupid hack to avoid PHP 4 complaining about returning NULL by ref - $r = null; - $r =& $r; - return $r; - } - - /** - * Parse the xmlrpc response contained in the string $data and return an xmlrpcresp object. - * @param string $data the xmlrpc response, eventually including http headers - * @param bool $headers_processed when true prevents parsing HTTP headers for interpretation of content-encoding and consequent decoding - * @param string $return_type decides return type, i.e. content of response->value(). Either 'xmlrpcvals', 'xml' or 'phpvals' - * @return xmlrpcresp - * @access public - */ - function &parseResponse($data='', $headers_processed=false, $return_type='xmlrpcvals') - { - if($this->debug) - { - //by maHo, replaced htmlspecialchars with htmlentities - print "
---GOT---\n" . htmlentities($data) . "\n---END---\n
"; - } - - if($data == '') - { - error_log('XML-RPC: xmlrpcmsg::parseResponse: no response received from server.'); - $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['no_data'], $GLOBALS['xmlrpcstr']['no_data']); - return $r; - } - - $GLOBALS['_xh']=array(); - - $raw_data = $data; - // parse the HTTP headers of the response, if present, and separate them from data - if(substr($data, 0, 4) == 'HTTP') - { - $r =& $this->parseResponseHeaders($data, $headers_processed); - if ($r) - { - // failed processing of HTTP response headers - // save into response obj the full payload received, for debugging - $r->raw_data = $data; - return $r; - } - } - else - { - $GLOBALS['_xh']['headers'] = array(); - $GLOBALS['_xh']['cookies'] = array(); - } - - if($this->debug) - { - $start = strpos($data, '', $start); - $comments = substr($data, $start, $end-$start); - print "
---SERVER DEBUG INFO (DECODED) ---\n\t".htmlentities(str_replace("\n", "\n\t", base64_decode($comments)))."\n---END---\n
"; - } - } - - // be tolerant of extra whitespace in response body - $data = trim($data); - - /// @todo return an error msg if $data=='' ? - - // be tolerant of junk after methodResponse (e.g. javascript ads automatically inserted by free hosts) - // idea from Luca Mariano originally in PEARified version of the lib - $bd = false; - // Poor man's version of strrpos for php 4... - $pos = strpos($data, ''); - while($pos || is_int($pos)) - { - $bd = $pos+17; - $pos = strpos($data, '', $bd); - } - if($bd) - { - $data = substr($data, 0, $bd); - } - - // if user wants back raw xml, give it to him - if ($return_type == 'xml') - { - $r = new xmlrpcresp($data, 0, '', 'xml'); - $r->hdrs = $GLOBALS['_xh']['headers']; - $r->_cookies = $GLOBALS['_xh']['cookies']; - $r->raw_data = $raw_data; - return $r; - } - - // try to 'guestimate' the character encoding of the received response - $resp_encoding = guess_encoding(@$GLOBALS['_xh']['headers']['content-type'], $data); - - $GLOBALS['_xh']['ac']=''; - //$GLOBALS['_xh']['qt']=''; //unused... - $GLOBALS['_xh']['stack'] = array(); - $GLOBALS['_xh']['valuestack'] = array(); - $GLOBALS['_xh']['isf']=0; // 0 = OK, 1 for xmlrpc fault responses, 2 = invalid xmlrpc - $GLOBALS['_xh']['isf_reason']=''; - $GLOBALS['_xh']['rt']=''; // 'methodcall or 'methodresponse' - - // if response charset encoding is not known / supported, try to use - // the default encoding and parse the xml anyway, but log a warning... - if (!in_array($resp_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) - // the following code might be better for mb_string enabled installs, but - // makes the lib about 200% slower... - //if (!is_valid_charset($resp_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) - { - error_log('XML-RPC: xmlrpcmsg::parseResponse: invalid charset encoding of received response: '.$resp_encoding); - $resp_encoding = $GLOBALS['xmlrpc_defencoding']; - } - $parser = xml_parser_create($resp_encoding); - xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, true); - // G. Giunta 2005/02/13: PHP internally uses ISO-8859-1, so we have to tell - // the xml parser to give us back data in the expected charset. - // What if internal encoding is not in one of the 3 allowed? - // we use the broadest one, ie. utf8 - // This allows to send data which is native in various charset, - // by extending xmlrpc_encode_entitites() and setting xmlrpc_internalencoding - if (!in_array($GLOBALS['xmlrpc_internalencoding'], array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) - { - xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, 'UTF-8'); - } - else - { - xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $GLOBALS['xmlrpc_internalencoding']); - } - - if ($return_type == 'phpvals') - { - xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee_fast'); - } - else - { - xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee'); - } - - xml_set_character_data_handler($parser, 'xmlrpc_cd'); - xml_set_default_handler($parser, 'xmlrpc_dh'); - - // first error check: xml not well formed - if(!xml_parse($parser, $data, count($data))) - { - // thanks to Peter Kocks - if((xml_get_current_line_number($parser)) == 1) - { - $errstr = 'XML error at line 1, check URL'; - } - else - { - $errstr = sprintf('XML error: %s at line %d, column %d', - xml_error_string(xml_get_error_code($parser)), - xml_get_current_line_number($parser), xml_get_current_column_number($parser)); - } - error_log($errstr); - $r= new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['invalid_return'], $GLOBALS['xmlrpcstr']['invalid_return'].' ('.$errstr.')'); - xml_parser_free($parser); - if($this->debug) - { - print $errstr; - } - $r->hdrs = $GLOBALS['_xh']['headers']; - $r->_cookies = $GLOBALS['_xh']['cookies']; - $r->raw_data = $raw_data; - return $r; - } - xml_parser_free($parser); - // second error check: xml well formed but not xml-rpc compliant - if ($GLOBALS['_xh']['isf'] > 1) - { - if ($this->debug) - { - /// @todo echo something for user? - } - - $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['invalid_return'], - $GLOBALS['xmlrpcstr']['invalid_return'] . ' ' . $GLOBALS['_xh']['isf_reason']); - } - // third error check: parsing of the response has somehow gone boink. - // NB: shall we omit this check, since we trust the parsing code? - elseif ($return_type == 'xmlrpcvals' && !is_object($GLOBALS['_xh']['value'])) - { - // something odd has happened - // and it's time to generate a client side error - // indicating something odd went on - $r= new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['invalid_return'], - $GLOBALS['xmlrpcstr']['invalid_return']); - } - else - { - if ($this->debug) - { - print "
---PARSED---\n";
-					// somehow htmlentities chokes on var_export, and some full html string...
-					//print htmlentitites(var_export($GLOBALS['_xh']['value'], true));
-					print htmlspecialchars(var_export($GLOBALS['_xh']['value'], true));
-					print "\n---END---
"; - } - - // note that using =& will raise an error if $GLOBALS['_xh']['st'] does not generate an object. - $v =& $GLOBALS['_xh']['value']; - - if($GLOBALS['_xh']['isf']) - { - /// @todo we should test here if server sent an int and a string, - /// and/or coerce them into such... - if ($return_type == 'xmlrpcvals') - { - $errno_v = $v->structmem('faultCode'); - $errstr_v = $v->structmem('faultString'); - $errno = $errno_v->scalarval(); - $errstr = $errstr_v->scalarval(); - } - else - { - $errno = $v['faultCode']; - $errstr = $v['faultString']; - } - - if($errno == 0) - { - // FAULT returned, errno needs to reflect that - $errno = -1; - } - - $r = new xmlrpcresp(0, $errno, $errstr); - } - else - { - $r= new xmlrpcresp($v, 0, '', $return_type); - } - } - - $r->hdrs = $GLOBALS['_xh']['headers']; - $r->_cookies = $GLOBALS['_xh']['cookies']; - $r->raw_data = $raw_data; - return $r; - } - } - - class xmlrpcval - { - var $me=array(); - var $mytype=0; - var $_php_class=null; - - /** - * @param mixed $val - * @param string $type any valid xmlrpc type name (lowercase). If null, 'string' is assumed - */ - function xmlrpcval($val=-1, $type='') - { - /// @todo: optimization creep - do not call addXX, do it all inline. - /// downside: booleans will not be coerced anymore - if($val!==-1 || $type!='') - { - // optimization creep: inlined all work done by constructor - switch($type) - { - case '': - $this->mytype=1; - $this->me['string']=$val; - break; - case 'i4': - case 'int': - case 'double': - case 'string': - case 'boolean': - case 'dateTime.iso8601': - case 'base64': - case 'null': - $this->mytype=1; - $this->me[$type]=$val; - break; - case 'array': - $this->mytype=2; - $this->me['array']=$val; - break; - case 'struct': - $this->mytype=3; - $this->me['struct']=$val; - break; - default: - error_log("XML-RPC: xmlrpcval::xmlrpcval: not a known type ($type)"); - } - /*if($type=='') - { - $type='string'; - } - if($GLOBALS['xmlrpcTypes'][$type]==1) - { - $this->addScalar($val,$type); - } - elseif($GLOBALS['xmlrpcTypes'][$type]==2) - { - $this->addArray($val); - } - elseif($GLOBALS['xmlrpcTypes'][$type]==3) - { - $this->addStruct($val); - }*/ - } - } - - /** - * Add a single php value to an (unitialized) xmlrpcval - * @param mixed $val - * @param string $type - * @return int 1 or 0 on failure - */ - function addScalar($val, $type='string') - { - $typeof=@$GLOBALS['xmlrpcTypes'][$type]; - if($typeof!=1) - { - error_log("XML-RPC: xmlrpcval::addScalar: not a scalar type ($type)"); - return 0; - } - - // coerce booleans into correct values - // NB: we should iether do it for datetimes, integers and doubles, too, - // or just plain remove this check, implemnted on booleans only... - if($type==$GLOBALS['xmlrpcBoolean']) - { - if(strcasecmp($val,'true')==0 || $val==1 || ($val==true && strcasecmp($val,'false'))) - { - $val=true; - } - else - { - $val=false; - } - } - - switch($this->mytype) - { - case 1: - error_log('XML-RPC: xmlrpcval::addScalar: scalar xmlrpcval can have only one value'); - return 0; - case 3: - error_log('XML-RPC: xmlrpcval::addScalar: cannot add anonymous scalar to struct xmlrpcval'); - return 0; - case 2: - // we're adding a scalar value to an array here - //$ar=$this->me['array']; - //$ar[]= new xmlrpcval($val, $type); - //$this->me['array']=$ar; - // Faster (?) avoid all the costly array-copy-by-val done here... - $this->me['array'][]= new xmlrpcval($val, $type); - return 1; - default: - // a scalar, so set the value and remember we're scalar - $this->me[$type]=$val; - $this->mytype=$typeof; - return 1; - } - } - - /** - * Add an array of xmlrpcval objects to an xmlrpcval - * @param array $vals - * @return int 1 or 0 on failure - * @access public - * - * @todo add some checking for $vals to be an array of xmlrpcvals? - */ - function addArray($vals) - { - if($this->mytype==0) - { - $this->mytype=$GLOBALS['xmlrpcTypes']['array']; - $this->me['array']=$vals; - return 1; - } - elseif($this->mytype==2) - { - // we're adding to an array here - $this->me['array'] = array_merge($this->me['array'], $vals); - return 1; - } - else - { - error_log('XML-RPC: xmlrpcval::addArray: already initialized as a [' . $this->kindOf() . ']'); - return 0; - } - } - - /** - * Add an array of named xmlrpcval objects to an xmlrpcval - * @param array $vals - * @return int 1 or 0 on failure - * @access public - * - * @todo add some checking for $vals to be an array? - */ - function addStruct($vals) - { - if($this->mytype==0) - { - $this->mytype=$GLOBALS['xmlrpcTypes']['struct']; - $this->me['struct']=$vals; - return 1; - } - elseif($this->mytype==3) - { - // we're adding to a struct here - $this->me['struct'] = array_merge($this->me['struct'], $vals); - return 1; - } - else - { - error_log('XML-RPC: xmlrpcval::addStruct: already initialized as a [' . $this->kindOf() . ']'); - return 0; - } - } - - // poor man's version of print_r ??? - // DEPRECATED! - function dump($ar) - { - foreach($ar as $key => $val) - { - echo "$key => $val
"; - if($key == 'array') - { - while(list($key2, $val2) = each($val)) - { - echo "-- $key2 => $val2
"; - } - } - } - } - - /** - * Returns a string containing "struct", "array" or "scalar" describing the base type of the value - * @return string - * @access public - */ - function kindOf() - { - switch($this->mytype) - { - case 3: - return 'struct'; - break; - case 2: - return 'array'; - break; - case 1: - return 'scalar'; - break; - default: - return 'undef'; - } - } - - /** - * @access private - */ - function serializedata($typ, $val, $charset_encoding='') - { - $rs=''; - switch(@$GLOBALS['xmlrpcTypes'][$typ]) - { - case 1: - switch($typ) - { - case $GLOBALS['xmlrpcBase64']: - $rs.="<${typ}>" . base64_encode($val) . ""; - break; - case $GLOBALS['xmlrpcBoolean']: - $rs.="<${typ}>" . ($val ? '1' : '0') . ""; - break; - case $GLOBALS['xmlrpcString']: - // G. Giunta 2005/2/13: do NOT use htmlentities, since - // it will produce named html entities, which are invalid xml - $rs.="<${typ}>" . xmlrpc_encode_entitites($val, $GLOBALS['xmlrpc_internalencoding'], $charset_encoding). ""; - break; - case $GLOBALS['xmlrpcInt']: - case $GLOBALS['xmlrpcI4']: - $rs.="<${typ}>".(int)$val.""; - break; - case $GLOBALS['xmlrpcDouble']: - // avoid using standard conversion of float to string because it is locale-dependent, - // and also because the xmlrpc spec forbids exponential notation - // sprintf('%F') would be most likely ok but it is only available since PHP 4.3.10 and PHP 5.0.3. - // The code below tries its best at keeping max precision while avoiding exp notation, - // but there is of course no limit in the number of decimal places to be used... - $rs.="<${typ}>".preg_replace('/\\.?0+$/','',number_format((double)$val, 128, '.', '')).""; - break; - case $GLOBALS['xmlrpcNull']: - $rs.=""; - break; - default: - // no standard type value should arrive here, but provide a possibility - // for xmlrpcvals of unknown type... - $rs.="<${typ}>${val}"; - } - break; - case 3: - // struct - if ($this->_php_class) - { - $rs.='\n"; - } - else - { - $rs.="\n"; - } - foreach($val as $key2 => $val2) - { - $rs.=''.xmlrpc_encode_entitites($key2, $GLOBALS['xmlrpc_internalencoding'], $charset_encoding)."\n"; - //$rs.=$this->serializeval($val2); - $rs.=$val2->serialize($charset_encoding); - $rs.="\n"; - } - $rs.=''; - break; - case 2: - // array - $rs.="\n\n"; - for($i=0; $iserializeval($val[$i]); - $rs.=$val[$i]->serialize($charset_encoding); - } - $rs.="\n"; - break; - default: - break; - } - return $rs; - } - - /** - * Returns xml representation of the value. XML prologue not included - * @param string $charset_encoding the charset to be used for serialization. if null, US-ASCII is assumed - * @return string - * @access public - */ - function serialize($charset_encoding='') - { - // add check? slower, but helps to avoid recursion in serializing broken xmlrpcvals... - //if (is_object($o) && (get_class($o) == 'xmlrpcval' || is_subclass_of($o, 'xmlrpcval'))) - //{ - reset($this->me); - list($typ, $val) = each($this->me); - return '' . $this->serializedata($typ, $val, $charset_encoding) . "\n"; - //} - } - - // DEPRECATED - function serializeval($o) - { - // add check? slower, but helps to avoid recursion in serializing broken xmlrpcvals... - //if (is_object($o) && (get_class($o) == 'xmlrpcval' || is_subclass_of($o, 'xmlrpcval'))) - //{ - $ar=$o->me; - reset($ar); - list($typ, $val) = each($ar); - return '' . $this->serializedata($typ, $val) . "\n"; - //} - } - - /** - * Checks wheter a struct member with a given name is present. - * Works only on xmlrpcvals of type struct. - * @param string $m the name of the struct member to be looked up - * @return boolean - * @access public - */ - function structmemexists($m) - { - return array_key_exists($m, $this->me['struct']); - } - - /** - * Returns the value of a given struct member (an xmlrpcval object in itself). - * Will raise a php warning if struct member of given name does not exist - * @param string $m the name of the struct member to be looked up - * @return xmlrpcval - * @access public - */ - function structmem($m) - { - return $this->me['struct'][$m]; - } - - /** - * Reset internal pointer for xmlrpcvals of type struct. - * @access public - */ - function structreset() - { - reset($this->me['struct']); - } - - /** - * Return next member element for xmlrpcvals of type struct. - * @return xmlrpcval - * @access public - */ - function structeach() - { - return each($this->me['struct']); - } - - // DEPRECATED! this code looks like it is very fragile and has not been fixed - // for a long long time. Shall we remove it for 2.0? - function getval() - { - // UNSTABLE - reset($this->me); - list($a,$b)=each($this->me); - // contributed by I Sofer, 2001-03-24 - // add support for nested arrays to scalarval - // i've created a new method here, so as to - // preserve back compatibility - - if(is_array($b)) - { - @reset($b); - while(list($id,$cont) = @each($b)) - { - $b[$id] = $cont->scalarval(); - } - } - - // add support for structures directly encoding php objects - if(is_object($b)) - { - $t = get_object_vars($b); - @reset($t); - while(list($id,$cont) = @each($t)) - { - $t[$id] = $cont->scalarval(); - } - @reset($t); - while(list($id,$cont) = @each($t)) - { - @$b->$id = $cont; - } - } - // end contrib - return $b; - } - - /** - * Returns the value of a scalar xmlrpcval - * @return mixed - * @access public - */ - function scalarval() - { - reset($this->me); - list(,$b)=each($this->me); - return $b; - } - - /** - * Returns the type of the xmlrpcval. - * For integers, 'int' is always returned in place of 'i4' - * @return string - * @access public - */ - function scalartyp() - { - reset($this->me); - list($a,)=each($this->me); - if($a==$GLOBALS['xmlrpcI4']) - { - $a=$GLOBALS['xmlrpcInt']; - } - return $a; - } - - /** - * Returns the m-th member of an xmlrpcval of struct type - * @param integer $m the index of the value to be retrieved (zero based) - * @return xmlrpcval - * @access public - */ - function arraymem($m) - { - return $this->me['array'][$m]; - } - - /** - * Returns the number of members in an xmlrpcval of array type - * @return integer - * @access public - */ - function arraysize() - { - return count($this->me['array']); - } - - /** - * Returns the number of members in an xmlrpcval of struct type - * @return integer - * @access public - */ - function structsize() - { - return count($this->me['struct']); - } - } - - - // date helpers - - /** - * Given a timestamp, return the corresponding ISO8601 encoded string. - * - * Really, timezones ought to be supported - * but the XML-RPC spec says: - * - * "Don't assume a timezone. It should be specified by the server in its - * documentation what assumptions it makes about timezones." - * - * These routines always assume localtime unless - * $utc is set to 1, in which case UTC is assumed - * and an adjustment for locale is made when encoding - * - * @param int $timet (timestamp) - * @param int $utc (0 or 1) - * @return string - */ - function iso8601_encode($timet, $utc=0) - { - if(!$utc) - { - $t=strftime("%Y%m%dT%H:%M:%S", $timet); - } - else - { - if(function_exists('gmstrftime')) - { - // gmstrftime doesn't exist in some versions - // of PHP - $t=gmstrftime("%Y%m%dT%H:%M:%S", $timet); - } - else - { - $t=strftime("%Y%m%dT%H:%M:%S", $timet-date('Z')); - } - } - return $t; - } - - /** - * Given an ISO8601 date string, return a timet in the localtime, or UTC - * @param string $idate - * @param int $utc either 0 or 1 - * @return int (datetime) - */ - function iso8601_decode($idate, $utc=0) - { - $t=0; - if(preg_match('/([0-9]{4})([0-9]{2})([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})/', $idate, $regs)) - { - if($utc) - { - $t=gmmktime($regs[4], $regs[5], $regs[6], $regs[2], $regs[3], $regs[1]); - } - else - { - $t=mktime($regs[4], $regs[5], $regs[6], $regs[2], $regs[3], $regs[1]); - } - } - return $t; - } - - /** - * Takes an xmlrpc value in PHP xmlrpcval object format and translates it into native PHP types. - * - * Works with xmlrpc message objects as input, too. - * - * Given proper options parameter, can rebuild generic php object instances - * (provided those have been encoded to xmlrpc format using a corresponding - * option in php_xmlrpc_encode()) - * PLEASE NOTE that rebuilding php objects involves calling their constructor function. - * This means that the remote communication end can decide which php code will - * get executed on your server, leaving the door possibly open to 'php-injection' - * style of attacks (provided you have some classes defined on your server that - * might wreak havoc if instances are built outside an appropriate context). - * Make sure you trust the remote server/client before eanbling this! - * - * @author Dan Libby (dan@libby.com) - * - * @param xmlrpcval $xmlrpc_val - * @param array $options if 'decode_php_objs' is set in the options array, xmlrpc structs can be decoded into php objects - * @return mixed - */ - function php_xmlrpc_decode($xmlrpc_val, $options=array()) - { - switch($xmlrpc_val->kindOf()) - { - case 'scalar': - if (in_array('extension_api', $options)) - { - reset($xmlrpc_val->me); - list($typ,$val) = each($xmlrpc_val->me); - switch ($typ) - { - case 'dateTime.iso8601': - $xmlrpc_val->scalar = $val; - $xmlrpc_val->xmlrpc_type = 'datetime'; - $xmlrpc_val->timestamp = iso8601_decode($val); - return $xmlrpc_val; - case 'base64': - $xmlrpc_val->scalar = $val; - $xmlrpc_val->type = $typ; - return $xmlrpc_val; - default: - return $xmlrpc_val->scalarval(); - } - } - return $xmlrpc_val->scalarval(); - case 'array': - $size = $xmlrpc_val->arraysize(); - $arr = array(); - for($i = 0; $i < $size; $i++) - { - $arr[] = php_xmlrpc_decode($xmlrpc_val->arraymem($i), $options); - } - return $arr; - case 'struct': - $xmlrpc_val->structreset(); - // If user said so, try to rebuild php objects for specific struct vals. - /// @todo should we raise a warning for class not found? - // shall we check for proper subclass of xmlrpcval instead of - // presence of _php_class to detect what we can do? - if (in_array('decode_php_objs', $options) && $xmlrpc_val->_php_class != '' - && class_exists($xmlrpc_val->_php_class)) - { - $obj = @new $xmlrpc_val->_php_class; - while(list($key,$value)=$xmlrpc_val->structeach()) - { - $obj->$key = php_xmlrpc_decode($value, $options); - } - return $obj; - } - else - { - $arr = array(); - while(list($key,$value)=$xmlrpc_val->structeach()) - { - $arr[$key] = php_xmlrpc_decode($value, $options); - } - return $arr; - } - case 'msg': - $paramcount = $xmlrpc_val->getNumParams(); - $arr = array(); - for($i = 0; $i < $paramcount; $i++) - { - $arr[] = php_xmlrpc_decode($xmlrpc_val->getParam($i)); - } - return $arr; - } - } - - // This constant left here only for historical reasons... - // it was used to decide if we have to define xmlrpc_encode on our own, but - // we do not do it anymore - if(function_exists('xmlrpc_decode')) - { - define('XMLRPC_EPI_ENABLED','1'); - } - else - { - define('XMLRPC_EPI_ENABLED','0'); - } - - /** - * Takes native php types and encodes them into xmlrpc PHP object format. - * It will not re-encode xmlrpcval objects. - * - * Feature creep -- could support more types via optional type argument - * (string => datetime support has been added, ??? => base64 not yet) - * - * If given a proper options parameter, php object instances will be encoded - * into 'special' xmlrpc values, that can later be decoded into php objects - * by calling php_xmlrpc_decode() with a corresponding option - * - * @author Dan Libby (dan@libby.com) - * - * @param mixed $php_val the value to be converted into an xmlrpcval object - * @param array $options can include 'encode_php_objs', 'auto_dates', 'null_extension' or 'extension_api' - * @return xmlrpcval - */ - function &php_xmlrpc_encode($php_val, $options=array()) - { - $type = gettype($php_val); - switch($type) - { - case 'string': - if (in_array('auto_dates', $options) && preg_match('/^[0-9]{8}T[0-9]{2}:[0-9]{2}:[0-9]{2}$/', $php_val)) - $xmlrpc_val = new xmlrpcval($php_val, $GLOBALS['xmlrpcDateTime']); - else - $xmlrpc_val = new xmlrpcval($php_val, $GLOBALS['xmlrpcString']); - break; - case 'integer': - $xmlrpc_val = new xmlrpcval($php_val, $GLOBALS['xmlrpcInt']); - break; - case 'double': - $xmlrpc_val = new xmlrpcval($php_val, $GLOBALS['xmlrpcDouble']); - break; - // - // Add support for encoding/decoding of booleans, since they are supported in PHP - case 'boolean': - $xmlrpc_val = new xmlrpcval($php_val, $GLOBALS['xmlrpcBoolean']); - break; - // - case 'array': - // PHP arrays can be encoded to either xmlrpc structs or arrays, - // depending on wheter they are hashes or plain 0..n integer indexed - // A shorter one-liner would be - // $tmp = array_diff(array_keys($php_val), range(0, count($php_val)-1)); - // but execution time skyrockets! - $j = 0; - $arr = array(); - $ko = false; - foreach($php_val as $key => $val) - { - $arr[$key] =& php_xmlrpc_encode($val, $options); - if(!$ko && $key !== $j) - { - $ko = true; - } - $j++; - } - if($ko) - { - $xmlrpc_val = new xmlrpcval($arr, $GLOBALS['xmlrpcStruct']); - } - else - { - $xmlrpc_val = new xmlrpcval($arr, $GLOBALS['xmlrpcArray']); - } - break; - case 'object': - if(is_a($php_val, 'xmlrpcval')) - { - $xmlrpc_val = $php_val; - } - else - { - $arr = array(); - while(list($k,$v) = each($php_val)) - { - $arr[$k] = php_xmlrpc_encode($v, $options); - } - $xmlrpc_val = new xmlrpcval($arr, $GLOBALS['xmlrpcStruct']); - if (in_array('encode_php_objs', $options)) - { - // let's save original class name into xmlrpcval: - // might be useful later on... - $xmlrpc_val->_php_class = get_class($php_val); - } - } - break; - case 'NULL': - if (in_array('extension_api', $options)) - { - $xmlrpc_val = new xmlrpcval('', $GLOBALS['xmlrpcString']); - } - if (in_array('null_extension', $options)) - { - $xmlrpc_val = new xmlrpcval('', $GLOBALS['xmlrpcNull']); - } - else - { - $xmlrpc_val = new xmlrpcval(); - } - break; - case 'resource': - if (in_array('extension_api', $options)) - { - $xmlrpc_val = new xmlrpcval((int)$php_val, $GLOBALS['xmlrpcInt']); - } - else - { - $xmlrpc_val = new xmlrpcval(); - } - // catch "user function", "unknown type" - default: - // giancarlo pinerolo - // it has to return - // an empty object in case, not a boolean. - $xmlrpc_val = new xmlrpcval(); - break; - } - return $xmlrpc_val; - } - - /** - * Convert the xml representation of a method response, method request or single - * xmlrpc value into the appropriate object (a.k.a. deserialize) - * @param string $xml_val - * @param array $options - * @return mixed false on error, or an instance of either xmlrpcval, xmlrpcmsg or xmlrpcresp - */ - function php_xmlrpc_decode_xml($xml_val, $options=array()) - { - $GLOBALS['_xh'] = array(); - $GLOBALS['_xh']['ac'] = ''; - $GLOBALS['_xh']['stack'] = array(); - $GLOBALS['_xh']['valuestack'] = array(); - $GLOBALS['_xh']['params'] = array(); - $GLOBALS['_xh']['pt'] = array(); - $GLOBALS['_xh']['isf'] = 0; - $GLOBALS['_xh']['isf_reason'] = ''; - $GLOBALS['_xh']['method'] = false; - $GLOBALS['_xh']['rt'] = ''; - /// @todo 'guestimate' encoding - $parser = xml_parser_create(); - xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, true); - // What if internal encoding is not in one of the 3 allowed? - // we use the broadest one, ie. utf8! - if (!in_array($GLOBALS['xmlrpc_internalencoding'], array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) - { - xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, 'UTF-8'); - } - else - { - xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $GLOBALS['xmlrpc_internalencoding']); - } - xml_set_element_handler($parser, 'xmlrpc_se_any', 'xmlrpc_ee'); - xml_set_character_data_handler($parser, 'xmlrpc_cd'); - xml_set_default_handler($parser, 'xmlrpc_dh'); - if(!xml_parse($parser, $xml_val, 1)) - { - $errstr = sprintf('XML error: %s at line %d, column %d', - xml_error_string(xml_get_error_code($parser)), - xml_get_current_line_number($parser), xml_get_current_column_number($parser)); - error_log($errstr); - xml_parser_free($parser); - return false; - } - xml_parser_free($parser); - if ($GLOBALS['_xh']['isf'] > 1) // test that $GLOBALS['_xh']['value'] is an obj, too??? - { - error_log($GLOBALS['_xh']['isf_reason']); - return false; - } - switch ($GLOBALS['_xh']['rt']) - { - case 'methodresponse': - $v =& $GLOBALS['_xh']['value']; - if ($GLOBALS['_xh']['isf'] == 1) - { - $vc = $v->structmem('faultCode'); - $vs = $v->structmem('faultString'); - $r = new xmlrpcresp(0, $vc->scalarval(), $vs->scalarval()); - } - else - { - $r = new xmlrpcresp($v); - } - return $r; - case 'methodcall': - $m = new xmlrpcmsg($GLOBALS['_xh']['method']); - for($i=0; $i < count($GLOBALS['_xh']['params']); $i++) - { - $m->addParam($GLOBALS['_xh']['params'][$i]); - } - return $m; - case 'value': - return $GLOBALS['_xh']['value']; - default: - return false; - } - } - - /** - * decode a string that is encoded w/ "chunked" transfer encoding - * as defined in rfc2068 par. 19.4.6 - * code shamelessly stolen from nusoap library by Dietrich Ayala - * - * @param string $buffer the string to be decoded - * @return string - */ - function decode_chunked($buffer) - { - // length := 0 - $length = 0; - $new = ''; - - // read chunk-size, chunk-extension (if any) and crlf - // get the position of the linebreak - $chunkend = strpos($buffer,"\r\n") + 2; - $temp = substr($buffer,0,$chunkend); - $chunk_size = hexdec( trim($temp) ); - $chunkstart = $chunkend; - while($chunk_size > 0) - { - $chunkend = strpos($buffer, "\r\n", $chunkstart + $chunk_size); - - // just in case we got a broken connection - if($chunkend == false) - { - $chunk = substr($buffer,$chunkstart); - // append chunk-data to entity-body - $new .= $chunk; - $length += strlen($chunk); - break; - } - - // read chunk-data and crlf - $chunk = substr($buffer,$chunkstart,$chunkend-$chunkstart); - // append chunk-data to entity-body - $new .= $chunk; - // length := length + chunk-size - $length += strlen($chunk); - // read chunk-size and crlf - $chunkstart = $chunkend + 2; - - $chunkend = strpos($buffer,"\r\n",$chunkstart)+2; - if($chunkend == false) - { - break; //just in case we got a broken connection - } - $temp = substr($buffer,$chunkstart,$chunkend-$chunkstart); - $chunk_size = hexdec( trim($temp) ); - $chunkstart = $chunkend; - } - return $new; - } - - /** - * xml charset encoding guessing helper function. - * Tries to determine the charset encoding of an XML chunk received over HTTP. - * NB: according to the spec (RFC 3023), if text/xml content-type is received over HTTP without a content-type, - * we SHOULD assume it is strictly US-ASCII. But we try to be more tolerant of unconforming (legacy?) clients/servers, - * which will be most probably using UTF-8 anyway... - * - * @param string $httpheaders the http Content-type header - * @param string $xmlchunk xml content buffer - * @param string $encoding_prefs comma separated list of character encodings to be used as default (when mb extension is enabled) - * - * @todo explore usage of mb_http_input(): does it detect http headers + post data? if so, use it instead of hand-detection!!! - */ - function guess_encoding($httpheader='', $xmlchunk='', $encoding_prefs=null) - { - // discussion: see http://www.yale.edu/pclt/encoding/ - // 1 - test if encoding is specified in HTTP HEADERS - - //Details: - // LWS: (\13\10)?( |\t)+ - // token: (any char but excluded stuff)+ - // quoted string: " (any char but double quotes and cointrol chars)* " - // header: Content-type = ...; charset=value(; ...)* - // where value is of type token, no LWS allowed between 'charset' and value - // Note: we do not check for invalid chars in VALUE: - // this had better be done using pure ereg as below - // Note 2: we might be removing whitespace/tabs that ought to be left in if - // the received charset is a quoted string. But nobody uses such charset names... - - /// @todo this test will pass if ANY header has charset specification, not only Content-Type. Fix it? - $matches = array(); - if(preg_match('/;\s*charset\s*=([^;]+)/i', $httpheader, $matches)) - { - return strtoupper(trim($matches[1], " \t\"")); - } - - // 2 - scan the first bytes of the data for a UTF-16 (or other) BOM pattern - // (source: http://www.w3.org/TR/2000/REC-xml-20001006) - // NOTE: actually, according to the spec, even if we find the BOM and determine - // an encoding, we should check if there is an encoding specified - // in the xml declaration, and verify if they match. - /// @todo implement check as described above? - /// @todo implement check for first bytes of string even without a BOM? (It sure looks harder than for cases WITH a BOM) - if(preg_match('/^(\x00\x00\xFE\xFF|\xFF\xFE\x00\x00|\x00\x00\xFF\xFE|\xFE\xFF\x00\x00)/', $xmlchunk)) - { - return 'UCS-4'; - } - elseif(preg_match('/^(\xFE\xFF|\xFF\xFE)/', $xmlchunk)) - { - return 'UTF-16'; - } - elseif(preg_match('/^(\xEF\xBB\xBF)/', $xmlchunk)) - { - return 'UTF-8'; - } - - // 3 - test if encoding is specified in the xml declaration - // Details: - // SPACE: (#x20 | #x9 | #xD | #xA)+ === [ \x9\xD\xA]+ - // EQ: SPACE?=SPACE? === [ \x9\xD\xA]*=[ \x9\xD\xA]* - if (preg_match('/^<\?xml\s+version\s*=\s*'. "((?:\"[a-zA-Z0-9_.:-]+\")|(?:'[a-zA-Z0-9_.:-]+'))". - '\s+encoding\s*=\s*' . "((?:\"[A-Za-z][A-Za-z0-9._-]*\")|(?:'[A-Za-z][A-Za-z0-9._-]*'))/", - $xmlchunk, $matches)) - { - return strtoupper(substr($matches[2], 1, -1)); - } - - // 4 - if mbstring is available, let it do the guesswork - // NB: we favour finding an encoding that is compatible with what we can process - if(extension_loaded('mbstring')) - { - if($encoding_prefs) - { - $enc = mb_detect_encoding($xmlchunk, $encoding_prefs); - } - else - { - $enc = mb_detect_encoding($xmlchunk); - } - // NB: mb_detect likes to call it ascii, xml parser likes to call it US_ASCII... - // IANA also likes better US-ASCII, so go with it - if($enc == 'ASCII') - { - $enc = 'US-'.$enc; - } - return $enc; - } - else - { - // no encoding specified: as per HTTP1.1 assume it is iso-8859-1? - // Both RFC 2616 (HTTP 1.1) and 1945 (HTTP 1.0) clearly state that for text/xxx content types - // this should be the standard. And we should be getting text/xml as request and response. - // BUT we have to be backward compatible with the lib, which always used UTF-8 as default... - return $GLOBALS['xmlrpc_defencoding']; - } - } - - /** - * Checks if a given charset encoding is present in a list of encodings or - * if it is a valid subset of any encoding in the list - * @param string $encoding charset to be tested - * @param mixed $validlist comma separated list of valid charsets (or array of charsets) - */ - function is_valid_charset($encoding, $validlist) - { - $charset_supersets = array( - 'US-ASCII' => array ('ISO-8859-1', 'ISO-8859-2', 'ISO-8859-3', 'ISO-8859-4', - 'ISO-8859-5', 'ISO-8859-6', 'ISO-8859-7', 'ISO-8859-8', - 'ISO-8859-9', 'ISO-8859-10', 'ISO-8859-11', 'ISO-8859-12', - 'ISO-8859-13', 'ISO-8859-14', 'ISO-8859-15', 'UTF-8', - 'EUC-JP', 'EUC-', 'EUC-KR', 'EUC-CN') - ); - if (is_string($validlist)) - $validlist = explode(',', $validlist); - if (@in_array(strtoupper($encoding), $validlist)) - return true; - else - { - if (array_key_exists($encoding, $charset_supersets)) - foreach ($validlist as $allowed) - if (in_array($allowed, $charset_supersets[$encoding])) - return true; - return false; - } - } - -?> \ No newline at end of file diff --git a/web/phpxmlrpclib/xmlrpc_wrappers.inc b/web/phpxmlrpclib/xmlrpc_wrappers.inc deleted file mode 100644 index cb0c6e8..0000000 --- a/web/phpxmlrpclib/xmlrpc_wrappers.inc +++ /dev/null @@ -1,944 +0,0 @@ -' . $funcname[1]; - } - $exists = method_exists($funcname[0], $funcname[1]); - } - else - { - $plainfuncname = $funcname; - $exists = function_exists($funcname); - } - - if(!$exists) - { - error_log('XML-RPC: function to be wrapped is not defined: '.$plainfuncname); - return false; - } - else - { - // determine name of new php function - if($newfuncname == '') - { - if(is_array($funcname)) - { - if(is_string($funcname[0])) - $xmlrpcfuncname = "{$prefix}_".implode('_', $funcname); - else - $xmlrpcfuncname = "{$prefix}_".get_class($funcname[0]) . '_' . $funcname[1]; - } - else - { - $xmlrpcfuncname = "{$prefix}_$funcname"; - } - } - else - { - $xmlrpcfuncname = $newfuncname; - } - while($buildit && function_exists($xmlrpcfuncname)) - { - $xmlrpcfuncname .= 'x'; - } - - // start to introspect PHP code - if(is_array($funcname)) - { - $func =& new ReflectionMethod($funcname[0], $funcname[1]); - if($func->isPrivate()) - { - error_log('XML-RPC: method to be wrapped is private: '.$plainfuncname); - return false; - } - if($func->isProtected()) - { - error_log('XML-RPC: method to be wrapped is protected: '.$plainfuncname); - return false; - } - if($func->isConstructor()) - { - error_log('XML-RPC: method to be wrapped is the constructor: '.$plainfuncname); - return false; - } - if($func->isDestructor()) - { - error_log('XML-RPC: method to be wrapped is the destructor: '.$plainfuncname); - return false; - } - if($func->isAbstract()) - { - error_log('XML-RPC: method to be wrapped is abstract: '.$plainfuncname); - return false; - } - /// @todo add more checks for static vs. nonstatic? - } - else - { - $func =& new ReflectionFunction($funcname); - } - if($func->isInternal()) - { - // Note: from PHP 5.1.0 onward, we will possibly be able to use invokeargs - // instead of getparameters to fully reflect internal php functions ? - error_log('XML-RPC: function to be wrapped is internal: '.$plainfuncname); - return false; - } - - // retrieve parameter names, types and description from javadoc comments - - // function description - $desc = ''; - // type of return val: by default 'any' - $returns = $GLOBALS['xmlrpcValue']; - // desc of return val - $returnsDocs = ''; - // type + name of function parameters - $paramDocs = array(); - - $docs = $func->getDocComment(); - if($docs != '') - { - $docs = explode("\n", $docs); - $i = 0; - foreach($docs as $doc) - { - $doc = trim($doc, " \r\t/*"); - if(strlen($doc) && strpos($doc, '@') !== 0 && !$i) - { - if($desc) - { - $desc .= "\n"; - } - $desc .= $doc; - } - elseif(strpos($doc, '@param') === 0) - { - // syntax: @param type [$name] desc - if(preg_match('/@param\s+(\S+)(\s+\$\S+)?\s+(.+)/', $doc, $matches)) - { - if(strpos($matches[1], '|')) - { - //$paramDocs[$i]['type'] = explode('|', $matches[1]); - $paramDocs[$i]['type'] = 'mixed'; - } - else - { - $paramDocs[$i]['type'] = $matches[1]; - } - $paramDocs[$i]['name'] = trim($matches[2]); - $paramDocs[$i]['doc'] = $matches[3]; - } - $i++; - } - elseif(strpos($doc, '@return') === 0) - { - // syntax: @return type desc - //$returns = preg_split('/\s+/', $doc); - if(preg_match('/@return\s+(\S+)\s+(.+)/', $doc, $matches)) - { - $returns = php_2_xmlrpc_type($matches[1]); - if(isset($matches[2])) - { - $returnsDocs = $matches[2]; - } - } - } - } - } - - // execute introspection of actual function prototype - $params = array(); - $i = 0; - foreach($func->getParameters() as $paramobj) - { - $params[$i] = array(); - $params[$i]['name'] = '$'.$paramobj->getName(); - $params[$i]['isoptional'] = $paramobj->isOptional(); - $i++; - } - - - // start building of PHP code to be eval'd - $innercode = ''; - $i = 0; - $parsvariations = array(); - $pars = array(); - $pnum = count($params); - foreach($params as $param) - { - if (isset($paramDocs[$i]['name']) && $paramDocs[$i]['name'] && strtolower($paramDocs[$i]['name']) != strtolower($param['name'])) - { - // param name from phpdoc info does not match param definition! - $paramDocs[$i]['type'] = 'mixed'; - } - - if($param['isoptional']) - { - // this particular parameter is optional. save as valid previous list of parameters - $innercode .= "if (\$paramcount > $i) {\n"; - $parsvariations[] = $pars; - } - $innercode .= "\$p$i = \$msg->getParam($i);\n"; - if ($decode_php_objects) - { - $innercode .= "if (\$p{$i}->kindOf() == 'scalar') \$p$i = \$p{$i}->scalarval(); else \$p$i = php_{$prefix}_decode(\$p$i, array('decode_php_objs'));\n"; - } - else - { - $innercode .= "if (\$p{$i}->kindOf() == 'scalar') \$p$i = \$p{$i}->scalarval(); else \$p$i = php_{$prefix}_decode(\$p$i);\n"; - } - - $pars[] = "\$p$i"; - $i++; - if($param['isoptional']) - { - $innercode .= "}\n"; - } - if($i == $pnum) - { - // last allowed parameters combination - $parsvariations[] = $pars; - } - } - - $sigs = array(); - $psigs = array(); - if(count($parsvariations) == 0) - { - // only known good synopsis = no parameters - $parsvariations[] = array(); - $minpars = 0; - } - else - { - $minpars = count($parsvariations[0]); - } - - if($minpars) - { - // add to code the check for min params number - // NB: this check needs to be done BEFORE decoding param values - $innercode = "\$paramcount = \$msg->getNumParams();\n" . - "if (\$paramcount < $minpars) return new {$prefix}resp(0, {$GLOBALS['xmlrpcerr']['incorrect_params']}, '{$GLOBALS['xmlrpcstr']['incorrect_params']}');\n" . $innercode; - } - else - { - $innercode = "\$paramcount = \$msg->getNumParams();\n" . $innercode; - } - - $innercode .= "\$np = false;\n"; - // since there are no closures in php, if we are given an object instance, - // we store a pointer to it in a global var... - if ( is_array($funcname) && is_object($funcname[0]) ) - { - $GLOBALS['xmlrpcWPFObjHolder'][$xmlrpcfuncname] =& $funcname[0]; - $innercode .= "\$obj =& \$GLOBALS['xmlrpcWPFObjHolder']['$xmlrpcfuncname'];\n"; - $realfuncname = '$obj->'.$funcname[1]; - } - else - { - $realfuncname = $plainfuncname; - } - foreach($parsvariations as $pars) - { - $innercode .= "if (\$paramcount == " . count($pars) . ") \$retval = {$catch_warnings}$realfuncname(" . implode(',', $pars) . "); else\n"; - // build a 'generic' signature (only use an appropriate return type) - $sig = array($returns); - $psig = array($returnsDocs); - for($i=0; $i < count($pars); $i++) - { - if (isset($paramDocs[$i]['type'])) - { - $sig[] = php_2_xmlrpc_type($paramDocs[$i]['type']); - } - else - { - $sig[] = $GLOBALS['xmlrpcValue']; - } - $psig[] = isset($paramDocs[$i]['doc']) ? $paramDocs[$i]['doc'] : ''; - } - $sigs[] = $sig; - $psigs[] = $psig; - } - $innercode .= "\$np = true;\n"; - $innercode .= "if (\$np) return new {$prefix}resp(0, {$GLOBALS['xmlrpcerr']['incorrect_params']}, '{$GLOBALS['xmlrpcstr']['incorrect_params']}'); else {\n"; - //$innercode .= "if (\$_xmlrpcs_error_occurred) return new xmlrpcresp(0, $GLOBALS['xmlrpcerr']user, \$_xmlrpcs_error_occurred); else\n"; - $innercode .= "if (is_a(\$retval, '{$prefix}resp')) return \$retval; else\n"; - if($returns == $GLOBALS['xmlrpcDateTime'] || $returns == $GLOBALS['xmlrpcBase64']) - { - $innercode .= "return new {$prefix}resp(new {$prefix}val(\$retval, '$returns'));"; - } - else - { - if ($encode_php_objects) - $innercode .= "return new {$prefix}resp(php_{$prefix}_encode(\$retval, array('encode_php_objs')));\n"; - else - $innercode .= "return new {$prefix}resp(php_{$prefix}_encode(\$retval));\n"; - } - // shall we exclude functions returning by ref? - // if($func->returnsReference()) - // return false; - $code = "function $xmlrpcfuncname(\$msg) {\n" . $innercode . "}\n}"; - //print_r($code); - if ($buildit) - { - $allOK = 0; - eval($code.'$allOK=1;'); - // alternative - //$xmlrpcfuncname = create_function('$m', $innercode); - - if(!$allOK) - { - error_log('XML-RPC: could not create function '.$xmlrpcfuncname.' to wrap php function '.$plainfuncname); - return false; - } - } - - /// @todo examine if $paramDocs matches $parsvariations and build array for - /// usage as method signature, plus put together a nice string for docs - - $ret = array('function' => $xmlrpcfuncname, 'signature' => $sigs, 'docstring' => $desc, 'signature_docs' => $psigs, 'source' => $code); - return $ret; - } - } - - /** - * Given a user-defined PHP class or php object, map its methods onto a list of - * PHP 'wrapper' functions that can be exposed as xmlrpc methods from an xmlrpc_server - * object and called from remote clients (as well as their corresponding signature info). - * - * @param mixed $classname the name of the class whose methods are to be exposed as xmlrpc methods, or an object instance of that class - * @param array $extra_options see the docs for wrap_php_method for more options - * string method_type 'static', 'nonstatic', 'all' and 'auto' (default); the latter will switch between static and non-static depending on wheter $classname is a class name or object instance - * @return array or false on failure - * - * @todo get_class_methods will return both static and non-static methods. - * we have to differentiate the action, depending on wheter we recived a class name or object - */ - function wrap_php_class($classname, $extra_options=array()) - { - $methodfilter = isset($extra_options['method_filter']) ? $extra_options['method_filter'] : ''; - $methodtype = isset($extra_options['method_type']) ? $extra_options['method_type'] : 'auto'; - - if(version_compare(phpversion(), '5.0.3') == -1) - { - // up to php 5.0.3 some useful reflection methods were missing - error_log('XML-RPC: cannot not wrap php functions unless running php version bigger than 5.0.3'); - return false; - } - - $result = array(); - $mlist = get_class_methods($classname); - foreach($mlist as $mname) - { - if ($methodfilter == '' || preg_match($methodfilter, $mname)) - { - // echo $mlist."\n"; - $func =& new ReflectionMethod($classname, $mname); - if(!$func->isPrivate() && !$func->isProtected() && !$func->isConstructor() && !$func->isDestructor() && !$func->isAbstract()) - { - if(($func->isStatic && ($methodtype == 'all' || $methodtype == 'static' || ($methodtype == 'auto' && is_string($classname)))) || - (!$func->isStatic && ($methodtype == 'all' || $methodtype == 'nonstatic' || ($methodtype == 'auto' && is_object($classname))))) - { - $methodwrap = wrap_php_function(array($classname, $mname), '', $extra_options); - if ( $methodwrap ) - { - $result[$methodwrap['function']] = $methodwrap['function']; - } - } - } - } - } - return $result; - } - - /** - * Given an xmlrpc client and a method name, register a php wrapper function - * that will call it and return results using native php types for both - * params and results. The generated php function will return an xmlrpcresp - * oject for failed xmlrpc calls - * - * Known limitations: - * - server must support system.methodsignature for the wanted xmlrpc method - * - for methods that expose many signatures, only one can be picked (we - * could in priciple check if signatures differ only by number of params - * and not by type, but it would be more complication than we can spare time) - * - nested xmlrpc params: the caller of the generated php function has to - * encode on its own the params passed to the php function if these are structs - * or arrays whose (sub)members include values of type datetime or base64 - * - * Notes: the connection properties of the given client will be copied - * and reused for the connection used during the call to the generated - * php function. - * Calling the generated php function 'might' be slow: a new xmlrpc client - * is created on every invocation and an xmlrpc-connection opened+closed. - * An extra 'debug' param is appended to param list of xmlrpc method, useful - * for debugging purposes. - * - * @param xmlrpc_client $client an xmlrpc client set up correctly to communicate with target server - * @param string $methodname the xmlrpc method to be mapped to a php function - * @param array $extra_options array of options that specify conversion details. valid ptions include - * integer signum the index of the method signature to use in mapping (if method exposes many sigs) - * integer timeout timeout (in secs) to be used when executing function/calling remote method - * string protocol 'http' (default), 'http11' or 'https' - * string new_function_name the name of php function to create. If unsepcified, lib will pick an appropriate name - * string return_source if true return php code w. function definition instead fo function name - * bool encode_php_objs let php objects be sent to server using the 'improved' xmlrpc notation, so server can deserialize them as php objects - * bool decode_php_objs --- WARNING !!! possible security hazard. only use it with trusted servers --- - * mixed return_on_fault a php value to be returned when the xmlrpc call fails/returns a fault response (by default the xmlrpcresp object is returned in this case). If a string is used, '%faultCode%' and '%faultString%' tokens will be substituted with actual error values - * bool debug set it to 1 or 2 to see debug results of querying server for method synopsis - * @return string the name of the generated php function (or false) - OR AN ARRAY... - */ - function wrap_xmlrpc_method($client, $methodname, $extra_options=0, $timeout=0, $protocol='', $newfuncname='') - { - // mind numbing: let caller use sane calling convention (as per javadoc, 3 params), - // OR the 2.0 calling convention (no options) - we really love backward compat, don't we? - if (!is_array($extra_options)) - { - $signum = $extra_options; - $extra_options = array(); - } - else - { - $signum = isset($extra_options['signum']) ? (int)$extra_options['signum'] : 0; - $timeout = isset($extra_options['timeout']) ? (int)$extra_options['timeout'] : 0; - $protocol = isset($extra_options['protocol']) ? $extra_options['protocol'] : ''; - $newfuncname = isset($extra_options['new_function_name']) ? $extra_options['new_function_name'] : ''; - } - //$encode_php_objects = in_array('encode_php_objects', $extra_options); - //$verbatim_client_copy = in_array('simple_client_copy', $extra_options) ? 1 : - // in_array('build_class_code', $extra_options) ? 2 : 0; - - $encode_php_objects = isset($extra_options['encode_php_objs']) ? (bool)$extra_options['encode_php_objs'] : false; - $decode_php_objects = isset($extra_options['decode_php_objs']) ? (bool)$extra_options['decode_php_objs'] : false; - $simple_client_copy = isset($extra_options['simple_client_copy']) ? (int)($extra_options['simple_client_copy']) : 0; - $buildit = isset($extra_options['return_source']) ? !($extra_options['return_source']) : true; - $prefix = isset($extra_options['prefix']) ? $extra_options['prefix'] : 'xmlrpc'; - if (isset($extra_options['return_on_fault'])) - { - $decode_fault = true; - $fault_response = $extra_options['return_on_fault']; - } - else - { - $decode_fault = false; - $fault_response = ''; - } - $debug = isset($extra_options['debug']) ? ($extra_options['debug']) : 0; - - $msgclass = $prefix.'msg'; - $valclass = $prefix.'val'; - $decodefunc = 'php_'.$prefix.'_decode'; - - $msg =& new $msgclass('system.methodSignature'); - $msg->addparam(new $valclass($methodname)); - $client->setDebug($debug); - $response =& $client->send($msg, $timeout, $protocol); - if($response->faultCode()) - { - error_log('XML-RPC: could not retrieve method signature from remote server for method '.$methodname); - return false; - } - else - { - $msig = $response->value(); - if ($client->return_type != 'phpvals') - { - $msig = $decodefunc($msig); - } - if(!is_array($msig) || count($msig) <= $signum) - { - error_log('XML-RPC: could not retrieve method signature nr.'.$signum.' from remote server for method '.$methodname); - return false; - } - else - { - // pick a suitable name for the new function, avoiding collisions - if($newfuncname != '') - { - $xmlrpcfuncname = $newfuncname; - } - else - { - // take care to insure that methodname is translated to valid - // php function name - $xmlrpcfuncname = $prefix.'_'.preg_replace(array('/\./', '/[^a-zA-Z0-9_\x7f-\xff]/'), - array('_', ''), $methodname); - } - while($buildit && function_exists($xmlrpcfuncname)) - { - $xmlrpcfuncname .= 'x'; - } - - $msig = $msig[$signum]; - $mdesc = ''; - // if in 'offline' mode, get method description too. - // in online mode, favour speed of operation - if(!$buildit) - { - $msg =& new $msgclass('system.methodHelp'); - $msg->addparam(new $valclass($methodname)); - $response =& $client->send($msg, $timeout, $protocol); - if (!$response->faultCode()) - { - $mdesc = $response->value(); - if ($client->return_type != 'phpvals') - { - $mdesc = $mdesc->scalarval(); - } - } - } - - $results = build_remote_method_wrapper_code($client, $methodname, - $xmlrpcfuncname, $msig, $mdesc, $timeout, $protocol, $simple_client_copy, - $prefix, $decode_php_objects, $encode_php_objects, $decode_fault, - $fault_response); - - //print_r($code); - if ($buildit) - { - $allOK = 0; - eval($results['source'].'$allOK=1;'); - // alternative - //$xmlrpcfuncname = create_function('$m', $innercode); - if($allOK) - { - return $xmlrpcfuncname; - } - else - { - error_log('XML-RPC: could not create function '.$xmlrpcfuncname.' to wrap remote method '.$methodname); - return false; - } - } - else - { - $results['function'] = $xmlrpcfuncname; - return $results; - } - } - } - } - - /** - * Similar to wrap_xmlrpc_method, but will generate a php class that wraps - * all xmlrpc methods exposed by the remote server as own methods. - * For more details see wrap_xmlrpc_method. - * @param xmlrpc_client $client the client obj all set to query the desired server - * @param array $extra_options list of options for wrapped code - * @return mixed false on error, the name of the created class if all ok or an array with code, class name and comments (if the appropriatevoption is set in extra_options) - */ - function wrap_xmlrpc_server($client, $extra_options=array()) - { - $methodfilter = isset($extra_options['method_filter']) ? $extra_options['method_filter'] : ''; - //$signum = isset($extra_options['signum']) ? (int)$extra_options['signum'] : 0; - $timeout = isset($extra_options['timeout']) ? (int)$extra_options['timeout'] : 0; - $protocol = isset($extra_options['protocol']) ? $extra_options['protocol'] : ''; - $newclassname = isset($extra_options['new_class_name']) ? $extra_options['new_class_name'] : ''; - $encode_php_objects = isset($extra_options['encode_php_objs']) ? (bool)$extra_options['encode_php_objs'] : false; - $decode_php_objects = isset($extra_options['decode_php_objs']) ? (bool)$extra_options['decode_php_objs'] : false; - $verbatim_client_copy = isset($extra_options['simple_client_copy']) ? !($extra_options['simple_client_copy']) : true; - $buildit = isset($extra_options['return_source']) ? !($extra_options['return_source']) : true; - $prefix = isset($extra_options['prefix']) ? $extra_options['prefix'] : 'xmlrpc'; - - $msgclass = $prefix.'msg'; - //$valclass = $prefix.'val'; - $decodefunc = 'php_'.$prefix.'_decode'; - - $msg =& new $msgclass('system.listMethods'); - $response =& $client->send($msg, $timeout, $protocol); - if($response->faultCode()) - { - error_log('XML-RPC: could not retrieve method list from remote server'); - return false; - } - else - { - $mlist = $response->value(); - if ($client->return_type != 'phpvals') - { - $mlist = $decodefunc($mlist); - } - if(!is_array($mlist) || !count($mlist)) - { - error_log('XML-RPC: could not retrieve meaningful method list from remote server'); - return false; - } - else - { - // pick a suitable name for the new function, avoiding collisions - if($newclassname != '') - { - $xmlrpcclassname = $newclassname; - } - else - { - $xmlrpcclassname = $prefix.'_'.preg_replace(array('/\./', '/[^a-zA-Z0-9_\x7f-\xff]/'), - array('_', ''), $client->server).'_client'; - } - while($buildit && class_exists($xmlrpcclassname)) - { - $xmlrpcclassname .= 'x'; - } - - /// @todo add function setdebug() to new class, to enable/disable debugging - $source = "class $xmlrpcclassname\n{\nvar \$client;\n\n"; - $source .= "function $xmlrpcclassname()\n{\n"; - $source .= build_client_wrapper_code($client, $verbatim_client_copy, $prefix); - $source .= "\$this->client =& \$client;\n}\n\n"; - $opts = array('simple_client_copy' => 2, 'return_source' => true, - 'timeout' => $timeout, 'protocol' => $protocol, - 'encode_php_objs' => $encode_php_objects, 'prefix' => $prefix, - 'decode_php_objs' => $decode_php_objects - ); - /// @todo build javadoc for class definition, too - foreach($mlist as $mname) - { - if ($methodfilter == '' || preg_match($methodfilter, $mname)) - { - $opts['new_function_name'] = preg_replace(array('/\./', '/[^a-zA-Z0-9_\x7f-\xff]/'), - array('_', ''), $mname); - $methodwrap = wrap_xmlrpc_method($client, $mname, $opts); - if ($methodwrap) - { - if (!$buildit) - { - $source .= $methodwrap['docstring']; - } - $source .= $methodwrap['source']."\n"; - } - else - { - error_log('XML-RPC: will not create class method to wrap remote method '.$mname); - } - } - } - $source .= "}\n"; - if ($buildit) - { - $allOK = 0; - eval($source.'$allOK=1;'); - // alternative - //$xmlrpcfuncname = create_function('$m', $innercode); - if($allOK) - { - return $xmlrpcclassname; - } - else - { - error_log('XML-RPC: could not create class '.$xmlrpcclassname.' to wrap remote server '.$client->server); - return false; - } - } - else - { - return array('class' => $xmlrpcclassname, 'code' => $source, 'docstring' => ''); - } - } - } - } - - /** - * Given the necessary info, build php code that creates a new function to - * invoke a remote xmlrpc method. - * Take care that no full checking of input parameters is done to ensure that - * valid php code is emitted. - * Note: real spaghetti code follows... - * @access private - */ - function build_remote_method_wrapper_code($client, $methodname, $xmlrpcfuncname, - $msig, $mdesc='', $timeout=0, $protocol='', $client_copy_mode=0, $prefix='xmlrpc', - $decode_php_objects=false, $encode_php_objects=false, $decode_fault=false, - $fault_response='') - { - $code = "function $xmlrpcfuncname ("; - if ($client_copy_mode < 2) - { - // client copy mode 0 or 1 == partial / full client copy in emitted code - $innercode = build_client_wrapper_code($client, $client_copy_mode, $prefix); - $innercode .= "\$client->setDebug(\$debug);\n"; - $this_ = ''; - } - else - { - // client copy mode 2 == no client copy in emitted code - $innercode = ''; - $this_ = 'this->'; - } - $innercode .= "\$msg =& new {$prefix}msg('$methodname');\n"; - - if ($mdesc != '') - { - // take care that PHP comment is not terminated unwillingly by method description - $mdesc = "/**\n* ".str_replace('*/', '* /', $mdesc)."\n"; - } - else - { - $mdesc = "/**\nFunction $xmlrpcfuncname\n"; - } - - // param parsing - $plist = array(); - $pcount = count($msig); - for($i = 1; $i < $pcount; $i++) - { - $plist[] = "\$p$i"; - $ptype = $msig[$i]; - if($ptype == 'i4' || $ptype == 'int' || $ptype == 'boolean' || $ptype == 'double' || - $ptype == 'string' || $ptype == 'dateTime.iso8601' || $ptype == 'base64' || $ptype == 'null') - { - // only build directly xmlrpcvals when type is known and scalar - $innercode .= "\$p$i =& new {$prefix}val(\$p$i, '$ptype');\n"; - } - else - { - if ($encode_php_objects) - { - $innercode .= "\$p$i =& php_{$prefix}_encode(\$p$i, array('encode_php_objs'));\n"; - } - else - { - $innercode .= "\$p$i =& php_{$prefix}_encode(\$p$i);\n"; - } - } - $innercode .= "\$msg->addparam(\$p$i);\n"; - $mdesc .= '* @param '.xmlrpc_2_php_type($ptype)." \$p$i\n"; - } - if ($client_copy_mode < 2) - { - $plist[] = '$debug=0'; - $mdesc .= "* @param int \$debug when 1 (or 2) will enable debugging of the underlying {$prefix} call (defaults to 0)\n"; - } - $plist = implode(', ', $plist); - $mdesc .= '* @return '.xmlrpc_2_php_type($msig[0])." (or an {$prefix}resp obj instance if call fails)\n*/\n"; - - $innercode .= "\$res =& \${$this_}client->send(\$msg, $timeout, '$protocol');\n"; - if ($decode_fault) - { - if (is_string($fault_response) && ((strpos($fault_response, '%faultCode%') !== false) || (strpos($fault_response, '%faultString%') !== false))) - { - $respcode = "str_replace(array('%faultCode%', '%faultString%'), array(\$res->faultCode(), \$res->faultString()), '".str_replace("'", "''", $fault_response)."')"; - } - else - { - $respcode = var_export($fault_response, true); - } - } - else - { - $respcode = '$res'; - } - if ($decode_php_objects) - { - $innercode .= "if (\$res->faultcode()) return $respcode; else return php_{$prefix}_decode(\$res->value(), array('decode_php_objs'));"; - } - else - { - $innercode .= "if (\$res->faultcode()) return $respcode; else return php_{$prefix}_decode(\$res->value());"; - } - - $code = $code . $plist. ") {\n" . $innercode . "\n}\n"; - - return array('source' => $code, 'docstring' => $mdesc); - } - - /** - * Given necessary info, generate php code that will rebuild a client object - * Take care that no full checking of input parameters is done to ensure that - * valid php code is emitted. - * @access private - */ - function build_client_wrapper_code($client, $verbatim_client_copy, $prefix='xmlrpc') - { - $code = "\$client =& new {$prefix}_client('".str_replace("'", "\'", $client->path). - "', '" . str_replace("'", "\'", $client->server) . "', $client->port);\n"; - - // copy all client fields to the client that will be generated runtime - // (this provides for future expansion or subclassing of client obj) - if ($verbatim_client_copy) - { - foreach($client as $fld => $val) - { - if($fld != 'debug' && $fld != 'return_type') - { - $val = var_export($val, true); - $code .= "\$client->$fld = $val;\n"; - } - } - } - // only make sure that client always returns the correct data type - $code .= "\$client->return_type = '{$prefix}vals';\n"; - //$code .= "\$client->setDebug(\$debug);\n"; - return $code; - } -?> \ No newline at end of file diff --git a/web/phpxmlrpclib/xmlrpcs.inc b/web/phpxmlrpclib/xmlrpcs.inc deleted file mode 100644 index 7b47ca0..0000000 --- a/web/phpxmlrpclib/xmlrpcs.inc +++ /dev/null @@ -1,1198 +0,0 @@ - -// $Id: xmlrpcs.inc,v 1.71 2008/10/29 23:41:28 ggiunta Exp $ - -// Copyright (c) 1999,2000,2002 Edd Dumbill. -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following -// disclaimer in the documentation and/or other materials provided -// with the distribution. -// -// * Neither the name of the "XML-RPC for PHP" nor the names of its -// contributors may be used to endorse or promote products derived -// from this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -// OF THE POSSIBILITY OF SUCH DAMAGE. - - // XML RPC Server class - // requires: xmlrpc.inc - - $GLOBALS['xmlrpcs_capabilities'] = array( - // xmlrpc spec: always supported - 'xmlrpc' => new xmlrpcval(array( - 'specUrl' => new xmlrpcval('http://www.xmlrpc.com/spec', 'string'), - 'specVersion' => new xmlrpcval(1, 'int') - ), 'struct'), - // if we support system.xxx functions, we always support multicall, too... - // Note that, as of 2006/09/17, the following URL does not respond anymore - 'system.multicall' => new xmlrpcval(array( - 'specUrl' => new xmlrpcval('http://www.xmlrpc.com/discuss/msgReader$1208', 'string'), - 'specVersion' => new xmlrpcval(1, 'int') - ), 'struct'), - // introspection: version 2! we support 'mixed', too - 'introspection' => new xmlrpcval(array( - 'specUrl' => new xmlrpcval('http://phpxmlrpc.sourceforge.net/doc-2/ch10.html', 'string'), - 'specVersion' => new xmlrpcval(2, 'int') - ), 'struct') - ); - - /* Functions that implement system.XXX methods of xmlrpc servers */ - $_xmlrpcs_getCapabilities_sig=array(array($GLOBALS['xmlrpcStruct'])); - $_xmlrpcs_getCapabilities_doc='This method lists all the capabilites that the XML-RPC server has: the (more or less standard) extensions to the xmlrpc spec that it adheres to'; - $_xmlrpcs_getCapabilities_sdoc=array(array('list of capabilities, described as structs with a version number and url for the spec')); - function _xmlrpcs_getCapabilities($server, $m=null) - { - $outAr = $GLOBALS['xmlrpcs_capabilities']; - // NIL extension - if ($GLOBALS['xmlrpc_null_extension']) { - $outAr['nil'] = new xmlrpcval(array( - 'specUrl' => new xmlrpcval('http://www.ontosys.com/xml-rpc/extensions.php', 'string'), - 'specVersion' => new xmlrpcval(1, 'int') - ), 'struct'); - } - return new xmlrpcresp(new xmlrpcval($outAr, 'struct')); - } - - // listMethods: signature was either a string, or nothing. - // The useless string variant has been removed - $_xmlrpcs_listMethods_sig=array(array($GLOBALS['xmlrpcArray'])); - $_xmlrpcs_listMethods_doc='This method lists all the methods that the XML-RPC server knows how to dispatch'; - $_xmlrpcs_listMethods_sdoc=array(array('list of method names')); - function _xmlrpcs_listMethods($server, $m=null) // if called in plain php values mode, second param is missing - { - - $outAr=array(); - foreach($server->dmap as $key => $val) - { - $outAr[]= new xmlrpcval($key, 'string'); - } - if($server->allow_system_funcs) - { - foreach($GLOBALS['_xmlrpcs_dmap'] as $key => $val) - { - $outAr[]= new xmlrpcval($key, 'string'); - } - } - return new xmlrpcresp(new xmlrpcval($outAr, 'array')); - } - - $_xmlrpcs_methodSignature_sig=array(array($GLOBALS['xmlrpcArray'], $GLOBALS['xmlrpcString'])); - $_xmlrpcs_methodSignature_doc='Returns an array of known signatures (an array of arrays) for the method name passed. If no signatures are known, returns a none-array (test for type != array to detect missing signature)'; - $_xmlrpcs_methodSignature_sdoc=array(array('list of known signatures, each sig being an array of xmlrpc type names', 'name of method to be described')); - function _xmlrpcs_methodSignature($server, $m) - { - // let accept as parameter both an xmlrpcval or string - if (is_object($m)) - { - $methName=$m->getParam(0); - $methName=$methName->scalarval(); - } - else - { - $methName=$m; - } - if(strpos($methName, "system.") === 0) - { - $dmap=$GLOBALS['_xmlrpcs_dmap']; $sysCall=1; - } - else - { - $dmap=$server->dmap; $sysCall=0; - } - if(isset($dmap[$methName])) - { - if(isset($dmap[$methName]['signature'])) - { - $sigs=array(); - foreach($dmap[$methName]['signature'] as $inSig) - { - $cursig=array(); - foreach($inSig as $sig) - { - $cursig[]= new xmlrpcval($sig, 'string'); - } - $sigs[]= new xmlrpcval($cursig, 'array'); - } - $r= new xmlrpcresp(new xmlrpcval($sigs, 'array')); - } - else - { - // NB: according to the official docs, we should be returning a - // "none-array" here, which means not-an-array - $r= new xmlrpcresp(new xmlrpcval('undef', 'string')); - } - } - else - { - $r= new xmlrpcresp(0,$GLOBALS['xmlrpcerr']['introspect_unknown'], $GLOBALS['xmlrpcstr']['introspect_unknown']); - } - return $r; - } - - $_xmlrpcs_methodHelp_sig=array(array($GLOBALS['xmlrpcString'], $GLOBALS['xmlrpcString'])); - $_xmlrpcs_methodHelp_doc='Returns help text if defined for the method passed, otherwise returns an empty string'; - $_xmlrpcs_methodHelp_sdoc=array(array('method description', 'name of the method to be described')); - function _xmlrpcs_methodHelp($server, $m) - { - // let accept as parameter both an xmlrpcval or string - if (is_object($m)) - { - $methName=$m->getParam(0); - $methName=$methName->scalarval(); - } - else - { - $methName=$m; - } - if(strpos($methName, "system.") === 0) - { - $dmap=$GLOBALS['_xmlrpcs_dmap']; $sysCall=1; - } - else - { - $dmap=$server->dmap; $sysCall=0; - } - if(isset($dmap[$methName])) - { - if(isset($dmap[$methName]['docstring'])) - { - $r= new xmlrpcresp(new xmlrpcval($dmap[$methName]['docstring']), 'string'); - } - else - { - $r= new xmlrpcresp(new xmlrpcval('', 'string')); - } - } - else - { - $r=new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['introspect_unknown'], $GLOBALS['xmlrpcstr']['introspect_unknown']); - } - return $r; - } - - $_xmlrpcs_multicall_sig = array(array($GLOBALS['xmlrpcArray'], $GLOBALS['xmlrpcArray'])); - $_xmlrpcs_multicall_doc = 'Boxcar multiple RPC calls in one request. See http://www.xmlrpc.com/discuss/msgReader$1208 for details'; - $_xmlrpcs_multicall_sdoc = array(array('list of response structs, where each struct has the usual members', 'list of calls, with each call being represented as a struct, with members "methodname" and "params"')); - function _xmlrpcs_multicall_error($err) - { - if(is_string($err)) - { - $str = $GLOBALS['xmlrpcstr']["multicall_${err}"]; - $code = $GLOBALS['xmlrpcerr']["multicall_${err}"]; - } - else - { - $code = $err->faultCode(); - $str = $err->faultString(); - } - $struct = array(); - $struct['faultCode'] = new xmlrpcval($code, 'int'); - $struct['faultString'] = new xmlrpcval($str, 'string'); - return new xmlrpcval($struct, 'struct'); - } - - function _xmlrpcs_multicall_do_call($server, $call) - { - if($call->kindOf() != 'struct') - { - return _xmlrpcs_multicall_error('notstruct'); - } - $methName = @$call->structmem('methodName'); - if(!$methName) - { - return _xmlrpcs_multicall_error('nomethod'); - } - if($methName->kindOf() != 'scalar' || $methName->scalartyp() != 'string') - { - return _xmlrpcs_multicall_error('notstring'); - } - if($methName->scalarval() == 'system.multicall') - { - return _xmlrpcs_multicall_error('recursion'); - } - - $params = @$call->structmem('params'); - if(!$params) - { - return _xmlrpcs_multicall_error('noparams'); - } - if($params->kindOf() != 'array') - { - return _xmlrpcs_multicall_error('notarray'); - } - $numParams = $params->arraysize(); - - $msg = new xmlrpcmsg($methName->scalarval()); - for($i = 0; $i < $numParams; $i++) - { - if(!$msg->addParam($params->arraymem($i))) - { - $i++; - return _xmlrpcs_multicall_error(new xmlrpcresp(0, - $GLOBALS['xmlrpcerr']['incorrect_params'], - $GLOBALS['xmlrpcstr']['incorrect_params'] . ": probable xml error in param " . $i)); - } - } - - $result = $server->execute($msg); - - if($result->faultCode() != 0) - { - return _xmlrpcs_multicall_error($result); // Method returned fault. - } - - return new xmlrpcval(array($result->value()), 'array'); - } - - function _xmlrpcs_multicall_do_call_phpvals($server, $call) - { - if(!is_array($call)) - { - return _xmlrpcs_multicall_error('notstruct'); - } - if(!array_key_exists('methodName', $call)) - { - return _xmlrpcs_multicall_error('nomethod'); - } - if (!is_string($call['methodName'])) - { - return _xmlrpcs_multicall_error('notstring'); - } - if($call['methodName'] == 'system.multicall') - { - return _xmlrpcs_multicall_error('recursion'); - } - if(!array_key_exists('params', $call)) - { - return _xmlrpcs_multicall_error('noparams'); - } - if(!is_array($call['params'])) - { - return _xmlrpcs_multicall_error('notarray'); - } - - // this is a real dirty and simplistic hack, since we might have received a - // base64 or datetime values, but they will be listed as strings here... - $numParams = count($call['params']); - $pt = array(); - foreach($call['params'] as $val) - $pt[] = php_2_xmlrpc_type(gettype($val)); - - $result = $server->execute($call['methodName'], $call['params'], $pt); - - if($result->faultCode() != 0) - { - return _xmlrpcs_multicall_error($result); // Method returned fault. - } - - return new xmlrpcval(array($result->value()), 'array'); - } - - function _xmlrpcs_multicall($server, $m) - { - $result = array(); - // let accept a plain list of php parameters, beside a single xmlrpc msg object - if (is_object($m)) - { - $calls = $m->getParam(0); - $numCalls = $calls->arraysize(); - for($i = 0; $i < $numCalls; $i++) - { - $call = $calls->arraymem($i); - $result[$i] = _xmlrpcs_multicall_do_call($server, $call); - } - } - else - { - $numCalls=count($m); - for($i = 0; $i < $numCalls; $i++) - { - $result[$i] = _xmlrpcs_multicall_do_call_phpvals($server, $m[$i]); - } - } - - return new xmlrpcresp(new xmlrpcval($result, 'array')); - } - - $GLOBALS['_xmlrpcs_dmap']=array( - 'system.listMethods' => array( - 'function' => '_xmlrpcs_listMethods', - 'signature' => $_xmlrpcs_listMethods_sig, - 'docstring' => $_xmlrpcs_listMethods_doc, - 'signature_docs' => $_xmlrpcs_listMethods_sdoc), - 'system.methodHelp' => array( - 'function' => '_xmlrpcs_methodHelp', - 'signature' => $_xmlrpcs_methodHelp_sig, - 'docstring' => $_xmlrpcs_methodHelp_doc, - 'signature_docs' => $_xmlrpcs_methodHelp_sdoc), - 'system.methodSignature' => array( - 'function' => '_xmlrpcs_methodSignature', - 'signature' => $_xmlrpcs_methodSignature_sig, - 'docstring' => $_xmlrpcs_methodSignature_doc, - 'signature_docs' => $_xmlrpcs_methodSignature_sdoc), - 'system.multicall' => array( - 'function' => '_xmlrpcs_multicall', - 'signature' => $_xmlrpcs_multicall_sig, - 'docstring' => $_xmlrpcs_multicall_doc, - 'signature_docs' => $_xmlrpcs_multicall_sdoc), - 'system.getCapabilities' => array( - 'function' => '_xmlrpcs_getCapabilities', - 'signature' => $_xmlrpcs_getCapabilities_sig, - 'docstring' => $_xmlrpcs_getCapabilities_doc, - 'signature_docs' => $_xmlrpcs_getCapabilities_sdoc) - ); - - $GLOBALS['_xmlrpcs_occurred_errors'] = ''; - $GLOBALS['_xmlrpcs_prev_ehandler'] = ''; - /** - * Error handler used to track errors that occur during server-side execution of PHP code. - * This allows to report back to the client whether an internal error has occurred or not - * using an xmlrpc response object, instead of letting the client deal with the html junk - * that a PHP execution error on the server generally entails. - * - * NB: in fact a user defined error handler can only handle WARNING, NOTICE and USER_* errors. - * - */ - function _xmlrpcs_errorHandler($errcode, $errstring, $filename=null, $lineno=null, $context=null) - { - // obey the @ protocol - if (error_reporting() == 0) - return; - - //if($errcode != E_NOTICE && $errcode != E_WARNING && $errcode != E_USER_NOTICE && $errcode != E_USER_WARNING) - if($errcode != 2048) // do not use E_STRICT by name, since on PHP 4 it will not be defined - { - $GLOBALS['_xmlrpcs_occurred_errors'] = $GLOBALS['_xmlrpcs_occurred_errors'] . $errstring . "\n"; - } - // Try to avoid as much as possible disruption to the previous error handling - // mechanism in place - if($GLOBALS['_xmlrpcs_prev_ehandler'] == '') - { - // The previous error handler was the default: all we should do is log error - // to the default error log (if level high enough) - if(ini_get('log_errors') && (intval(ini_get('error_reporting')) & $errcode)) - { - error_log($errstring); - } - } - else - { - // Pass control on to previous error handler, trying to avoid loops... - if($GLOBALS['_xmlrpcs_prev_ehandler'] != '_xmlrpcs_errorHandler') - { - // NB: this code will NOT work on php < 4.0.2: only 2 params were used for error handlers - if(is_array($GLOBALS['_xmlrpcs_prev_ehandler'])) - { - // the following works both with static class methods and plain object methods as error handler - call_user_func_array($GLOBALS['_xmlrpcs_prev_ehandler'], array($errcode, $errstring, $filename, $lineno, $context)); - } - else - { - $GLOBALS['_xmlrpcs_prev_ehandler']($errcode, $errstring, $filename, $lineno, $context); - } - } - } - } - - $GLOBALS['_xmlrpc_debuginfo']=''; - - /** - * Add a string to the debug info that can be later seralized by the server - * as part of the response message. - * Note that for best compatbility, the debug string should be encoded using - * the $GLOBALS['xmlrpc_internalencoding'] character set. - * @param string $m - * @access public - */ - function xmlrpc_debugmsg($m) - { - $GLOBALS['_xmlrpc_debuginfo'] .= $m . "\n"; - } - - class xmlrpc_server - { - /// array defining php functions exposed as xmlrpc methods by this server - var $dmap=array(); - /** - * Defines how functions in dmap will be invokde: either using an xmlrpc msg object - * or plain php values. - * valid strings are 'xmlrpcvals', 'phpvals' or 'epivals' - */ - var $functions_parameters_type='xmlrpcvals'; - /// controls wether the server is going to echo debugging messages back to the client as comments in response body. valid values: 0,1,2,3 - var $debug = 1; - /** - * When set to true, it will enable HTTP compression of the response, in case - * the client has declared its support for compression in the request. - */ - var $compress_response = false; - /** - * List of http compression methods accepted by the server for requests. - * NB: PHP supports deflate, gzip compressions out of the box if compiled w. zlib - */ - var $accepted_compression = array(); - /// shall we serve calls to system.* methods? - var $allow_system_funcs = true; - /// list of charset encodings natively accepted for requests - var $accepted_charset_encodings = array(); - /** - * charset encoding to be used for response. - * NB: if we can, we will convert the generated response from internal_encoding to the intended one. - * can be: a supported xml encoding (only UTF-8 and ISO-8859-1 at present, unless mbstring is enabled), - * null (leave unspecified in response, convert output stream to US_ASCII), - * 'default' (use xmlrpc library default as specified in xmlrpc.inc, convert output stream if needed), - * or 'auto' (use client-specified charset encoding or same as request if request headers do not specify it (unless request is US-ASCII: then use library default anyway). - * NB: pretty dangerous if you accept every charset and do not have mbstring enabled) - */ - var $response_charset_encoding = ''; - /// storage for internal debug info - var $debug_info = ''; - /// extra data passed at runtime to method handling functions. Used only by EPI layer - var $user_data = null; - - /** - * @param array $dispmap the dispatch map withd efinition of exposed services - * @param boolean $servicenow set to false to prevent the server from runnung upon construction - */ - function xmlrpc_server($dispMap=null, $serviceNow=true) - { - // if ZLIB is enabled, let the server by default accept compressed requests, - // and compress responses sent to clients that support them - if(function_exists('gzinflate')) - { - $this->accepted_compression = array('gzip', 'deflate'); - $this->compress_response = true; - } - - // by default the xml parser can support these 3 charset encodings - $this->accepted_charset_encodings = array('UTF-8', 'ISO-8859-1', 'US-ASCII'); - - // dispMap is a dispatch array of methods - // mapped to function names and signatures - // if a method - // doesn't appear in the map then an unknown - // method error is generated - /* milosch - changed to make passing dispMap optional. - * instead, you can use the class add_to_map() function - * to add functions manually (borrowed from SOAPX4) - */ - if($dispMap) - { - $this->dmap = $dispMap; - if($serviceNow) - { - $this->service(); - } - } - } - - /** - * Set debug level of server. - * @param integer $in debug lvl: determines info added to xmlrpc responses (as xml comments) - * 0 = no debug info, - * 1 = msgs set from user with debugmsg(), - * 2 = add complete xmlrpc request (headers and body), - * 3 = add also all processing warnings happened during method processing - * (NB: this involves setting a custom error handler, and might interfere - * with the standard processing of the php function exposed as method. In - * particular, triggering an USER_ERROR level error will not halt script - * execution anymore, but just end up logged in the xmlrpc response) - * Note that info added at elevel 2 and 3 will be base64 encoded - * @access public - */ - function setDebug($in) - { - $this->debug=$in; - } - - /** - * Return a string with the serialized representation of all debug info - * @param string $charset_encoding the target charset encoding for the serialization - * @return string an XML comment (or two) - */ - function serializeDebug($charset_encoding='') - { - // Tough encoding problem: which internal charset should we assume for debug info? - // It might contain a copy of raw data received from client, ie with unknown encoding, - // intermixed with php generated data and user generated data... - // so we split it: system debug is base 64 encoded, - // user debug info should be encoded by the end user using the INTERNAL_ENCODING - $out = ''; - if ($this->debug_info != '') - { - $out .= "\n"; - } - if($GLOBALS['_xmlrpc_debuginfo']!='') - { - - $out .= "\n"; - // NB: a better solution MIGHT be to use CDATA, but we need to insert it - // into return payload AFTER the beginning tag - //$out .= "', ']_]_>', $GLOBALS['_xmlrpc_debuginfo']) . "\n]]>\n"; - } - return $out; - } - - /** - * Execute the xmlrpc request, printing the response - * @param string $data the request body. If null, the http POST request will be examined - * @return xmlrpcresp the response object (usually not used by caller...) - * @access public - */ - function service($data=null, $return_payload=false) - { - if ($data === null) - { - // workaround for a known bug in php ver. 5.2.2 that broke $HTTP_RAW_POST_DATA - $ver = phpversion(); - if ($ver[0] >= 5) - { - $data = file_get_contents('php://input'); - } - else - { - $data = isset($GLOBALS['HTTP_RAW_POST_DATA']) ? $GLOBALS['HTTP_RAW_POST_DATA'] : ''; - } - } - $raw_data = $data; - - // reset internal debug info - $this->debug_info = ''; - - // Echo back what we received, before parsing it - if($this->debug > 1) - { - $this->debugmsg("+++GOT+++\n" . $data . "\n+++END+++"); - } - - $r = $this->parseRequestHeaders($data, $req_charset, $resp_charset, $resp_encoding); - if (!$r) - { - $r=$this->parseRequest($data, $req_charset); - } - - // save full body of request into response, for more debugging usages - $r->raw_data = $raw_data; - - if($this->debug > 2 && $GLOBALS['_xmlrpcs_occurred_errors']) - { - $this->debugmsg("+++PROCESSING ERRORS AND WARNINGS+++\n" . - $GLOBALS['_xmlrpcs_occurred_errors'] . "+++END+++"); - } - - $payload=$this->xml_header($resp_charset); - if($this->debug > 0) - { - $payload = $payload . $this->serializeDebug($resp_charset); - } - - // G. Giunta 2006-01-27: do not create response serialization if it has - // already happened. Helps building json magic - if (empty($r->payload)) - { - $r->serialize($resp_charset); - } - $payload = $payload . $r->payload; - - if ($return_payload) - { - return $payload; - } - - // if we get a warning/error that has output some text before here, then we cannot - // add a new header. We cannot say we are sending xml, either... - if(!headers_sent()) - { - header('Content-Type: '.$r->content_type); - // we do not know if client actually told us an accepted charset, but if he did - // we have to tell him what we did - header("Vary: Accept-Charset"); - - // http compression of output: only - // if we can do it, and we want to do it, and client asked us to, - // and php ini settings do not force it already - $php_no_self_compress = !ini_get('zlib.output_compression') && (ini_get('output_handler') != 'ob_gzhandler'); - if($this->compress_response && function_exists('gzencode') && $resp_encoding != '' - && $php_no_self_compress) - { - if(strpos($resp_encoding, 'gzip') !== false) - { - $payload = gzencode($payload); - header("Content-Encoding: gzip"); - header("Vary: Accept-Encoding"); - } - elseif (strpos($resp_encoding, 'deflate') !== false) - { - $payload = gzcompress($payload); - header("Content-Encoding: deflate"); - header("Vary: Accept-Encoding"); - } - } - - // do not ouput content-length header if php is compressing output for us: - // it will mess up measurements - if($php_no_self_compress) - { - header('Content-Length: ' . (int)strlen($payload)); - } - } - else - { - error_log('XML-RPC: xmlrpc_server::service: http headers already sent before response is fully generated. Check for php warning or error messages'); - } - - print $payload; - - // return request, in case subclasses want it - return $r; - } - - /** - * Add a method to the dispatch map - * @param string $methodname the name with which the method will be made available - * @param string $function the php function that will get invoked - * @param array $sig the array of valid method signatures - * @param string $doc method documentation - * @param array $sigdoc the array of valid method signatures docs (one string per param, one for return type) - * @access public - */ - function add_to_map($methodname,$function,$sig=null,$doc=false,$sigdoc=false) - { - $this->dmap[$methodname] = array( - 'function' => $function, - 'docstring' => $doc - ); - if ($sig) - { - $this->dmap[$methodname]['signature'] = $sig; - } - if ($sigdoc) - { - $this->dmap[$methodname]['signature_docs'] = $sigdoc; - } - } - - /** - * Verify type and number of parameters received against a list of known signatures - * @param array $in array of either xmlrpcval objects or xmlrpc type definitions - * @param array $sig array of known signatures to match against - * @access private - */ - function verifySignature($in, $sig) - { - // check each possible signature in turn - if (is_object($in)) - { - $numParams = $in->getNumParams(); - } - else - { - $numParams = count($in); - } - foreach($sig as $cursig) - { - if(count($cursig)==$numParams+1) - { - $itsOK=1; - for($n=0; $n<$numParams; $n++) - { - if (is_object($in)) - { - $p=$in->getParam($n); - if($p->kindOf() == 'scalar') - { - $pt=$p->scalartyp(); - } - else - { - $pt=$p->kindOf(); - } - } - else - { - $pt= $in[$n] == 'i4' ? 'int' : $in[$n]; // dispatch maps never use i4... - } - - // param index is $n+1, as first member of sig is return type - if($pt != $cursig[$n+1] && $cursig[$n+1] != $GLOBALS['xmlrpcValue']) - { - $itsOK=0; - $pno=$n+1; - $wanted=$cursig[$n+1]; - $got=$pt; - break; - } - } - if($itsOK) - { - return array(1,''); - } - } - } - if(isset($wanted)) - { - return array(0, "Wanted ${wanted}, got ${got} at param ${pno}"); - } - else - { - return array(0, "No method signature matches number of parameters"); - } - } - - /** - * Parse http headers received along with xmlrpc request. If needed, inflate request - * @return null on success or an xmlrpcresp - * @access private - */ - function parseRequestHeaders(&$data, &$req_encoding, &$resp_encoding, &$resp_compression) - { - // Play nice to PHP 4.0.x: superglobals were not yet invented... - if(!isset($_SERVER)) - { - $_SERVER = $GLOBALS['HTTP_SERVER_VARS']; - } - - if($this->debug > 1) - { - if(function_exists('getallheaders')) - { - $this->debugmsg(''); // empty line - foreach(getallheaders() as $name => $val) - { - $this->debugmsg("HEADER: $name: $val"); - } - } - - } - - if(isset($_SERVER['HTTP_CONTENT_ENCODING'])) - { - $content_encoding = str_replace('x-', '', $_SERVER['HTTP_CONTENT_ENCODING']); - } - else - { - $content_encoding = ''; - } - - // check if request body has been compressed and decompress it - if($content_encoding != '' && strlen($data)) - { - if($content_encoding == 'deflate' || $content_encoding == 'gzip') - { - // if decoding works, use it. else assume data wasn't gzencoded - if(function_exists('gzinflate') && in_array($content_encoding, $this->accepted_compression)) - { - if($content_encoding == 'deflate' && $degzdata = @gzuncompress($data)) - { - $data = $degzdata; - if($this->debug > 1) - { - $this->debugmsg("\n+++INFLATED REQUEST+++[".strlen($data)." chars]+++\n" . $data . "\n+++END+++"); - } - } - elseif($content_encoding == 'gzip' && $degzdata = @gzinflate(substr($data, 10))) - { - $data = $degzdata; - if($this->debug > 1) - $this->debugmsg("+++INFLATED REQUEST+++[".strlen($data)." chars]+++\n" . $data . "\n+++END+++"); - } - else - { - $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['server_decompress_fail'], $GLOBALS['xmlrpcstr']['server_decompress_fail']); - return $r; - } - } - else - { - //error_log('The server sent deflated data. Your php install must have the Zlib extension compiled in to support this.'); - $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['server_cannot_decompress'], $GLOBALS['xmlrpcstr']['server_cannot_decompress']); - return $r; - } - } - } - - // check if client specified accepted charsets, and if we know how to fulfill - // the request - if ($this->response_charset_encoding == 'auto') - { - $resp_encoding = ''; - if (isset($_SERVER['HTTP_ACCEPT_CHARSET'])) - { - // here we should check if we can match the client-requested encoding - // with the encodings we know we can generate. - /// @todo we should parse q=0.x preferences instead of getting first charset specified... - $client_accepted_charsets = explode(',', strtoupper($_SERVER['HTTP_ACCEPT_CHARSET'])); - // Give preference to internal encoding - $known_charsets = array($GLOBALS['xmlrpc_internalencoding'], 'UTF-8', 'ISO-8859-1', 'US-ASCII'); - foreach ($known_charsets as $charset) - { - foreach ($client_accepted_charsets as $accepted) - if (strpos($accepted, $charset) === 0) - { - $resp_encoding = $charset; - break; - } - if ($resp_encoding) - break; - } - } - } - else - { - $resp_encoding = $this->response_charset_encoding; - } - - if (isset($_SERVER['HTTP_ACCEPT_ENCODING'])) - { - $resp_compression = $_SERVER['HTTP_ACCEPT_ENCODING']; - } - else - { - $resp_compression = ''; - } - - // 'guestimate' request encoding - /// @todo check if mbstring is enabled and automagic input conversion is on: it might mingle with this check??? - $req_encoding = guess_encoding(isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : '', - $data); - - return null; - } - - /** - * Parse an xml chunk containing an xmlrpc request and execute the corresponding - * php function registered with the server - * @param string $data the xml request - * @param string $req_encoding (optional) the charset encoding of the xml request - * @return xmlrpcresp - * @access private - */ - function parseRequest($data, $req_encoding='') - { - // 2005/05/07 commented and moved into caller function code - //if($data=='') - //{ - // $data=$GLOBALS['HTTP_RAW_POST_DATA']; - //} - - // G. Giunta 2005/02/13: we do NOT expect to receive html entities - // so we do not try to convert them into xml character entities - //$data = xmlrpc_html_entity_xlate($data); - - $GLOBALS['_xh']=array(); - $GLOBALS['_xh']['ac']=''; - $GLOBALS['_xh']['stack']=array(); - $GLOBALS['_xh']['valuestack'] = array(); - $GLOBALS['_xh']['params']=array(); - $GLOBALS['_xh']['pt']=array(); - $GLOBALS['_xh']['isf']=0; - $GLOBALS['_xh']['isf_reason']=''; - $GLOBALS['_xh']['method']=false; // so we can check later if we got a methodname or not - $GLOBALS['_xh']['rt']=''; - - // decompose incoming XML into request structure - if ($req_encoding != '') - { - if (!in_array($req_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) - // the following code might be better for mb_string enabled installs, but - // makes the lib about 200% slower... - //if (!is_valid_charset($req_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) - { - error_log('XML-RPC: xmlrpc_server::parseRequest: invalid charset encoding of received request: '.$req_encoding); - $req_encoding = $GLOBALS['xmlrpc_defencoding']; - } - /// @BUG this will fail on PHP 5 if charset is not specified in the xml prologue, - // the encoding is not UTF8 and there are non-ascii chars in the text... - /// @todo use an ampty string for php 5 ??? - $parser = xml_parser_create($req_encoding); - } - else - { - $parser = xml_parser_create(); - } - - xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, true); - // G. Giunta 2005/02/13: PHP internally uses ISO-8859-1, so we have to tell - // the xml parser to give us back data in the expected charset - // What if internal encoding is not in one of the 3 allowed? - // we use the broadest one, ie. utf8 - // This allows to send data which is native in various charset, - // by extending xmlrpc_encode_entitites() and setting xmlrpc_internalencoding - if (!in_array($GLOBALS['xmlrpc_internalencoding'], array('UTF-8', 'ISO-8859-1', 'US-ASCII'))) - { - xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, 'UTF-8'); - } - else - { - xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $GLOBALS['xmlrpc_internalencoding']); - } - - if ($this->functions_parameters_type != 'xmlrpcvals') - xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee_fast'); - else - xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee'); - xml_set_character_data_handler($parser, 'xmlrpc_cd'); - xml_set_default_handler($parser, 'xmlrpc_dh'); - if(!xml_parse($parser, $data, 1)) - { - // return XML error as a faultCode - $r= new xmlrpcresp(0, - $GLOBALS['xmlrpcerrxml']+xml_get_error_code($parser), - sprintf('XML error: %s at line %d, column %d', - xml_error_string(xml_get_error_code($parser)), - xml_get_current_line_number($parser), xml_get_current_column_number($parser))); - xml_parser_free($parser); - } - elseif ($GLOBALS['_xh']['isf']) - { - xml_parser_free($parser); - $r= new xmlrpcresp(0, - $GLOBALS['xmlrpcerr']['invalid_request'], - $GLOBALS['xmlrpcstr']['invalid_request'] . ' ' . $GLOBALS['_xh']['isf_reason']); - } - else - { - xml_parser_free($parser); - if ($this->functions_parameters_type != 'xmlrpcvals') - { - if($this->debug > 1) - { - $this->debugmsg("\n+++PARSED+++\n".var_export($GLOBALS['_xh']['params'], true)."\n+++END+++"); - } - $r = $this->execute($GLOBALS['_xh']['method'], $GLOBALS['_xh']['params'], $GLOBALS['_xh']['pt']); - } - else - { - // build an xmlrpcmsg object with data parsed from xml - $m= new xmlrpcmsg($GLOBALS['_xh']['method']); - // now add parameters in - for($i=0; $iaddParam($GLOBALS['_xh']['params'][$i]); - } - - if($this->debug > 1) - { - $this->debugmsg("\n+++PARSED+++\n".var_export($m, true)."\n+++END+++"); - } - $r = $this->execute($m); - } - } - return $r; - } - - /** - * Execute a method invoked by the client, checking parameters used - * @param mixed $m either an xmlrpcmsg obj or a method name - * @param array $params array with method parameters as php types (if m is method name only) - * @param array $paramtypes array with xmlrpc types of method parameters (if m is method name only) - * @return xmlrpcresp - * @access private - */ - function execute($m, $params=null, $paramtypes=null) - { - if (is_object($m)) - { - $methName = $m->method(); - } - else - { - $methName = $m; - } - $sysCall = $this->allow_system_funcs && (strpos($methName, "system.") === 0); - $dmap = $sysCall ? $GLOBALS['_xmlrpcs_dmap'] : $this->dmap; - - if(!isset($dmap[$methName]['function'])) - { - // No such method - return new xmlrpcresp(0, - $GLOBALS['xmlrpcerr']['unknown_method'], - $GLOBALS['xmlrpcstr']['unknown_method']); - } - - // Check signature - if(isset($dmap[$methName]['signature'])) - { - $sig = $dmap[$methName]['signature']; - if (is_object($m)) - { - list($ok, $errstr) = $this->verifySignature($m, $sig); - } - else - { - list($ok, $errstr) = $this->verifySignature($paramtypes, $sig); - } - if(!$ok) - { - // Didn't match. - return new xmlrpcresp( - 0, - $GLOBALS['xmlrpcerr']['incorrect_params'], - $GLOBALS['xmlrpcstr']['incorrect_params'] . ": ${errstr}" - ); - } - } - - $func = $dmap[$methName]['function']; - // let the 'class::function' syntax be accepted in dispatch maps - if(is_string($func) && strpos($func, '::')) - { - $func = explode('::', $func); - } - // verify that function to be invoked is in fact callable - if(!is_callable($func)) - { - error_log("XML-RPC: xmlrpc_server::execute: function $func registered as method handler is not callable"); - return new xmlrpcresp( - 0, - $GLOBALS['xmlrpcerr']['server_error'], - $GLOBALS['xmlrpcstr']['server_error'] . ": no function matches method" - ); - } - - // If debug level is 3, we should catch all errors generated during - // processing of user function, and log them as part of response - if($this->debug > 2) - { - $GLOBALS['_xmlrpcs_prev_ehandler'] = set_error_handler('_xmlrpcs_errorHandler'); - } - if (is_object($m)) - { - if($sysCall) - { - $r = call_user_func($func, $this, $m); - } - else - { - $r = call_user_func($func, $m); - } - if (!is_a($r, 'xmlrpcresp')) - { - error_log("XML-RPC: xmlrpc_server::execute: function $func registered as method handler does not return an xmlrpcresp object"); - if (is_a($r, 'xmlrpcval')) - { - $r = new xmlrpcresp($r); - } - else - { - $r = new xmlrpcresp( - 0, - $GLOBALS['xmlrpcerr']['server_error'], - $GLOBALS['xmlrpcstr']['server_error'] . ": function does not return xmlrpcresp object" - ); - } - } - } - else - { - // call a 'plain php' function - if($sysCall) - { - array_unshift($params, $this); - $r = call_user_func_array($func, $params); - } - else - { - // 3rd API convention for method-handling functions: EPI-style - if ($this->functions_parameters_type == 'epivals') - { - $r = call_user_func_array($func, array($methName, $params, $this->user_data)); - // mimic EPI behaviour: if we get an array that looks like an error, make it - // an eror response - if (is_array($r) && array_key_exists('faultCode', $r) && array_key_exists('faultString', $r)) - { - $r = new xmlrpcresp(0, (integer)$r['faultCode'], (string)$r['faultString']); - } - else - { - // functions using EPI api should NOT return resp objects, - // so make sure we encode the return type correctly - $r = new xmlrpcresp(php_xmlrpc_encode($r, array('extension_api'))); - } - } - else - { - $r = call_user_func_array($func, $params); - } - } - // the return type can be either an xmlrpcresp object or a plain php value... - if (!is_a($r, 'xmlrpcresp')) - { - // what should we assume here about automatic encoding of datetimes - // and php classes instances??? - $r = new xmlrpcresp(php_xmlrpc_encode($r, array('auto_dates'))); - } - } - if($this->debug > 2) - { - // note: restore the error handler we found before calling the - // user func, even if it has been changed inside the func itself - if($GLOBALS['_xmlrpcs_prev_ehandler']) - { - set_error_handler($GLOBALS['_xmlrpcs_prev_ehandler']); - } - else - { - restore_error_handler(); - } - } - return $r; - } - - /** - * add a string to the 'internal debug message' (separate from 'user debug message') - * @param string $strings - * @access private - */ - function debugmsg($string) - { - $this->debug_info .= $string."\n"; - } - - /** - * @access private - */ - function xml_header($charset_encoding='') - { - if ($charset_encoding != '') - { - return "\n"; - } - else - { - return "\n"; - } - } - - /** - * A debugging routine: just echoes back the input packet as a string value - * DEPRECATED! - */ - function echoInput() - { - $r= new xmlrpcresp(new xmlrpcval( "'Aha said I: '" . $GLOBALS['HTTP_RAW_POST_DATA'], 'string')); - print $r->serialize(); - } - } -?> \ No newline at end of file diff --git a/web/profile.php b/web/profile.php deleted file mode 100644 index d4c1ca4..0000000 --- a/web/profile.php +++ /dev/null @@ -1,691 +0,0 @@ - $row["classifieduuid"], - "name" => $row["name"]); - } - - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'data' => $data - )); - - print $response_xml; -} - -# Classifieds Update - -xmlrpc_server_register_method($xmlrpc_server, "classified_update", - "classified_update"); - -function classified_update($method_name, $params, $app_data) -{ - global $zeroUUID; - - $req = $params[0]; - - $classifieduuid = $req['classifiedUUID']; - $creator = $req['creatorUUID']; - $category = $req['category']; - $name = $req['name']; - $description = $req['description']; - $parceluuid = $req['parcelUUID']; - $parentestate = $req['parentestate']; - $snapshotuuid = $req['snapshotUUID']; - $simname = $req['sim_name']; - $parcelname = $req['parcelname']; - $globalpos = $req['globalpos']; - $classifiedflag = $req['classifiedFlags']; - $priceforlist = $req['classifiedPrice']; - - // Check if we already have this one in the database - $check = mysql_query("SELECT COUNT(*) FROM classifieds WHERE ". - "classifieduuid = '". mysql_real_escape_string($classifieduuid) ."'"); - - while ($row = mysql_fetch_row($check)) - { - $ready = $row[0]; - } - - // Doing some late checking - // Should be done by the module but let's see what happens when - // I do it here - - if ($parcelname == "") - $parcelname = "Unknown"; - - if ($parceluuid == "") - $parceluuid = $zeroUUID; - - if ($description == "") - $description = "No Description"; - - //If PG, Mature, and Adult flags are all 0 assume PG and set bit 2. - //This works around what might be a viewer bug regarding the flags. - //The ossearch query.php file expects bit 2 set for any PG listing. - if (($classifiedflag & 76) == 0) - $classifiedflag |= 4; - - if ($ready == 0) - { - //Renew Weekly flag is 32 (1 << 5) - if (($classifiedflag & 32) == 0) - { - $creationdate = time(); - $expirationdate = time() + (7 * 24 * 60 * 60); - } - else - { - $creationdate = time(); - $expirationdate = time() + (52 * 7 * 24 * 60 * 60); - } - - $sql = "INSERT INTO classifieds VALUES ". - "('". mysql_real_escape_string($classifieduuid) ."',". - "'". mysql_real_escape_string($creator) ."',". - "". mysql_real_escape_string($creationdate) .",". - "". mysql_real_escape_string($expirationdate) .",". - "'". mysql_real_escape_string($category) ."',". - "'". mysql_real_escape_string($name) ."',". - "'". mysql_real_escape_string($description) ."',". - "'". mysql_real_escape_string($parceluuid) ."',". - "". mysql_real_escape_string($parentestate) .",". - "'". mysql_real_escape_string($snapshotuuid) ."',". - "'". mysql_real_escape_string($simname) ."',". - "'". mysql_real_escape_string($globalpos) ."',". - "'". $parcelname ."',". - "". mysql_real_escape_string($classifiedflag) .",". - "". mysql_real_escape_string($priceforlist) .")"; - } - else - { - $expirationdate = $creationdate + (52 * 7 * 24 * 60 * 60); - - $sql = "UPDATE classifieds SET ". - "`creatoruuid`='". mysql_real_escape_string($creator)."',". - "`expirationdate`=". mysql_real_escape_string($expirationdate).",". - "`category`='". mysql_real_escape_string($category)."',". - "`name`='". mysql_real_escape_string($name)."',". - "`description`='". mysql_real_escape_string($description)."',". - "`parceluuid`='". mysql_real_escape_string($parceluuid)."',". - "`parentestate`=". mysql_real_escape_string($parentestate).",". - "`snapshotuuid`='". mysql_real_escape_string($snapshotuuid)."',". - "`simname`='". mysql_real_escape_string($simname)."',". - "`posglobal`='". mysql_real_escape_string($globalpos)."',". - "`parcelname`='". $parcelname."',". - "`classifiedflags`=". mysql_real_escape_string($classifiedflag).",". - "`priceforlisting`=". mysql_real_escape_string($priceforlist). - " WHERE ". - "`classifieduuid`='". mysql_real_escape_string($classifieduuid)."'"; - } - - // Create a new record for this classified - $result = mysql_query($sql); - - $response_xml = xmlrpc_encode(array( - 'success' => $result, - 'errorMessage' => mysql_error() - )); - - print $response_xml; -} - -# Classifieds Delete - -xmlrpc_server_register_method($xmlrpc_server, "classified_delete", - "classified_delete"); - -function classified_delete($method_name, $params, $app_data) -{ - $req = $params[0]; - - $classifieduuid = $req['classifiedID']; - - $result = mysql_query("DELETE FROM classifieds WHERE ". - "classifieduuid = '".mysql_real_escape_string($classifieduuid) ."'"); - - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'data' => $data - )); - - print $response_xml; -} - -# -# Picks -# - -# Avatar Picks Request - -xmlrpc_server_register_method($xmlrpc_server, "avatarpicksrequest", - "avatarpicksrequest"); - -function avatarpicksrequest($method_name, $params, $app_data) -{ - $req = $params[0]; - - $uuid = $req['uuid']; - - $data = array(); - - $result = mysql_query("SELECT `pickuuid`,`name` FROM userpicks WHERE ". - "creatoruuid = '". mysql_real_escape_string($uuid) ."'"); - - while (($row = mysql_fetch_assoc($result))) - { - $data[] = array( - "pickid" => $row["pickuuid"], - "name" => $row["name"]); - } - - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'data' => $data - )); - - print $response_xml; -} - -# Request Picks for User - -xmlrpc_server_register_method($xmlrpc_server, "pickinforequest", - "pickinforequest"); - -function pickinforequest($method_name, $params, $app_data) -{ - $req = $params[0]; - - $uuid = $req['avatar_id']; - $pick = $req['pick_id']; - - $data = array(); - - $result = mysql_query("SELECT * FROM userpicks WHERE ". - "creatoruuid = '". mysql_real_escape_string($uuid) ."' AND ". - "pickuuid = '". mysql_real_escape_string($pick) ."'"); - - $row = mysql_fetch_assoc($result); - if ($row != False) - { - if ($row["description"] == null || $row["description"] == "") - $row["description"] = "No description given"; - - $data[] = array( - "pickuuid" => $row["pickuuid"], - "creatoruuid" => $row["creatoruuid"], - "toppick" => $row["toppick"], - "parceluuid" => $row["parceluuid"], - "name" => $row["name"], - "description" => $row["description"], - "snapshotuuid" => $row["snapshotuuid"], - "user" => $row["user"], - "originalname" => $row["originalname"], - "simname" => $row["simname"], - "posglobal" => $row["posglobal"], - "sortorder"=> $row["sortorder"], - "enabled" => $row["enabled"]); - } - - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'data' => $data - )); - - print $response_xml; -} - -# Picks Update - -xmlrpc_server_register_method($xmlrpc_server, "picks_update", - "picks_update"); - -function picks_update($method_name, $params, $app_data) -{ - global $zeroUUID; - - $req = $params[0]; - - $pickuuid = $req['pick_id']; - $creator = $req['creator_id']; - $toppick = $req['top_pick']; - $name = $req['name']; - $description = $req['desc']; - $parceluuid = $req['parcel_uuid']; - $snapshotuuid = $req['snapshot_id']; - $user = $req['user']; - $simname = $req['sim_name']; - $posglobal = $req['pos_global']; - $sortorder = $req['sort_order']; - $enabled = $req['enabled']; - - if ($parceluuid == "") - $parceluuid = $zeroUUID; - - if ($description == "") - $description = "No Description"; - - // Check if we already have this one in the database - $check = mysql_query("SELECT COUNT(*) FROM userpicks WHERE ". - "pickuuid = '". mysql_real_escape_string($pickuuid) ."'"); - - $row = mysql_fetch_row($check); - - if ($row[0] == 0) - { - if ($user == null || $user == "") - $user = "Unknown"; - - //The original parcel name is the same as the name of the - //profile pick when a new profile pick is being created. - $original = $name; - - $query = "INSERT INTO userpicks VALUES ". - "('". mysql_real_escape_string($pickuuid) ."',". - "'". mysql_real_escape_string($creator) ."',". - "'". mysql_real_escape_string($toppick) ."',". - "'". mysql_real_escape_string($parceluuid) ."',". - "'". mysql_real_escape_string($name) ."',". - "'". mysql_real_escape_string($description) ."',". - "'". mysql_real_escape_string($snapshotuuid) ."',". - "'". mysql_real_escape_string($user) ."',". - "'". mysql_real_escape_string($original) ."',". - "'". mysql_real_escape_string($simname) ."',". - "'". mysql_real_escape_string($posglobal) ."',". - "'". mysql_real_escape_string($sortorder) ."',". - "'". mysql_real_escape_string($enabled) ."')"; - } - else - { - $query = "UPDATE userpicks SET " . - "parceluuid = '". mysql_real_escape_string($parceluuid) . "', " . - "name = '". mysql_real_escape_string($name) . "', " . - "description = '". mysql_real_escape_string($description) . "', " . - "snapshotuuid = '". mysql_real_escape_string($snapshotuuid) . "' WHERE ". - "pickuuid = '". mysql_real_escape_string($pickuuid) ."'"; - } - - $result = mysql_query($query); - if ($result != False) - $result = True; - - $response_xml = xmlrpc_encode(array( - 'success' => $result, - 'errorMessage' => mysql_error() - )); - - print $response_xml; -} - -# Picks Delete - -xmlrpc_server_register_method($xmlrpc_server, "picks_delete", - "picks_delete"); - -function picks_delete($method_name, $params, $app_data) -{ - $req = $params[0]; - - $pickuuid = $req['pick_id']; - - $result = mysql_query("DELETE FROM userpicks WHERE ". - "pickuuid = '".mysql_real_escape_string($pickuuid) ."'"); - - if ($result != False) - $result = True; - - $response_xml = xmlrpc_encode(array( - 'success' => $result, - 'errorMessage' => mysql_error() - )); - - print $response_xml; -} - -# -# Notes -# - -# Avatar Notes Request - - -xmlrpc_server_register_method($xmlrpc_server, "avatarnotesrequest", - "avatarnotesrequest"); - -function avatarnotesrequest($method_name, $params, $app_data) -{ - $req = $params[0]; - - $uuid = $req['avatar_id']; - $targetuuid = $req['uuid']; - - $result = mysql_query("SELECT notes FROM usernotes WHERE ". - "useruuid = '". mysql_real_escape_string($uuid) ."' AND ". - "targetuuid = '". mysql_real_escape_string($targetuuid) ."'"); - - $row = mysql_fetch_row($result); - if ($row == False) - $notes = ""; - else - $notes = $row[0]; - - $data[] = array( - "targetid" => $targetuuid, - "notes" => $notes); - - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'data' => $data - )); - - print $response_xml; -} - -# Avatar Notes Update - -xmlrpc_server_register_method($xmlrpc_server, "avatar_notes_update", - "avatar_notes_update"); - -function avatar_notes_update($method_name, $params, $app_data) -{ - $req = $params[0]; - - $uuid = $req['avatar_id']; - $targetuuid = $req['target_id']; - $notes = $req['notes']; - - // Check if we already have this one in the database - - $check = mysql_query("SELECT COUNT(*) FROM usernotes WHERE ". - "useruuid = '". mysql_real_escape_string($uuid) ."' AND ". - "targetuuid = '". mysql_real_escape_string($targetuuid) ."'"); - - $row = mysql_fetch_row($check); - - if ($row[0] == 0) - { - // Create a new record for this avatar note - $result = mysql_query("INSERT INTO usernotes VALUES ". - "('". mysql_real_escape_string($uuid) ."',". - "'". mysql_real_escape_string($targetuuid) ."',". - "'". mysql_real_escape_string($notes) ."')"); - } - else if ($notes == "") - { - // Delete the record for this avatar note - $result = mysql_query("DELETE FROM usernotes WHERE ". - "useruuid = '". mysql_real_escape_string($uuid) ."' AND ". - "targetuuid = '". mysql_real_escape_string($targetuuid) ."'"); - } - else - { - // Update the existing record - $result = mysql_query("UPDATE usernotes SET ". - "notes = '". mysql_real_escape_string($notes) ."' WHERE ". - "useruuid = '". mysql_real_escape_string($uuid) ."' AND ". - "targetuuid = '". mysql_real_escape_string($targetuuid) ."'"); - } - - $response_xml = xmlrpc_encode(array( - 'success' => True - )); - - print $response_xml; -} - -# Profile bits - -xmlrpc_server_register_method($xmlrpc_server, "avatar_properties_request", - "avatar_properties_request"); - -function avatar_properties_request($method_name, $params, $app_data) -{ - global $zeroUUID; - - $req = $params[0]; - - $uuid = $req['avatar_id']; - - $result = mysql_query("SELECT * FROM userprofile WHERE ". - "useruuid = '". mysql_real_escape_string($uuid) ."'"); - $row = mysql_fetch_assoc($result); - - if ($row != False) - { - $data[] = array( - "ProfileUrl" => $row["profileURL"], - "Image" => $row["profileImage"], - "AboutText" => $row["profileAboutText"], - "FirstLifeImage" => $row["profileFirstImage"], - "FirstLifeAboutText" => $row["profileFirstText"], - "Partner" => $row["profilePartner"], - - //Return interest data along with avatar properties - "wantmask" => $row["profileWantToMask"], - "wanttext" => $row["profileWantToText"], - "skillsmask" => $row["profileSkillsMask"], - "skillstext" => $row["profileSkillsText"], - "languages" => $row["profileLanguages"]); - } - else - { - //Insert empty record for avatar. - //FIXME: Should this only be done when asking for ones own profile? - $sql = "INSERT INTO userprofile VALUES ( ". - "'". mysql_real_escape_string($uuid) ."', ". - "'$zeroUUID', 0, 0, '', 0, '', 0, '', '', ". - "'$zeroUUID', '', '$zeroUUID', '')"; - $result = mysql_query($sql); - - $data[] = array( - "ProfileUrl" => "", - "Image" => $zeroUUID, - "AboutText" => "", - "FirstLifeImage" => $zeroUUID, - "FirstLifeAboutText" => "", - "Partner" => $zeroUUID, - - "wantmask" => 0, - "wanttext" => "", - "skillsmask" => 0, - "skillstext" => "", - "languages" => ""); - } - - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'data' => $data - )); - - print $response_xml; -} - -xmlrpc_server_register_method($xmlrpc_server, "avatar_properties_update", - "avatar_properties_update"); - -function avatar_properties_update($method_name, $params, $app_data) -{ - $req = $params[0]; - - $uuid = $req['avatar_id']; - $profileURL = $req['ProfileUrl']; - $image = $req['Image']; - $abouttext = $req['AboutText']; - $firstlifeimage = $req['FirstLifeImage']; - $firstlifetext = $req['FirstLifeAboutText']; - - $result=mysql_query("UPDATE userprofile SET ". - "profileURL='". mysql_real_escape_string($profileURL) ."', ". - "profileImage='". mysql_real_escape_string($image) ."', ". - "profileAboutText='". mysql_real_escape_string($abouttext) ."', ". - "profileFirstImage='". mysql_real_escape_string($firstlifeimage) ."', ". - "profileFirstText='". mysql_real_escape_string($firstlifetext) ."' ". - "WHERE useruuid='". mysql_real_escape_string($uuid) ."'" - ); - - $response_xml = xmlrpc_encode(array( - 'success' => $result, - 'errorMessage' => mysql_error() - )); - - print $response_xml; -} - - -// Profile Interests - -xmlrpc_server_register_method($xmlrpc_server, "avatar_interests_update", - "avatar_interests_update"); - -function avatar_interests_update($method_name, $params, $app_data) -{ - $req = $params[0]; - - $uuid = $req['avatar_id']; - $wanttext = $req['wanttext']; - $wantmask = $req['wantmask']; - $skillstext = $req['skillstext']; - $skillsmask = $req['skillsmask']; - $languages = $req['languages']; - - $result = mysql_query("UPDATE userprofile SET ". - "profileWantToMask = ". mysql_real_escape_string($wantmask) .",". - "profileWantToText = '". mysql_real_escape_string($wanttext) ."',". - "profileSkillsMask = ". mysql_real_escape_string($skillsmask) .",". - "profileSkillsText = '". mysql_real_escape_string($skillstext) ."',". - "profileLanguages = '". mysql_real_escape_string($languages) ."' ". - "WHERE useruuid = '". mysql_real_escape_string($uuid) ."'" - ); - - $response_xml = xmlrpc_encode(array( - 'success' => True - )); - - print $response_xml; -} - -// User Preferences - -xmlrpc_server_register_method($xmlrpc_server, "user_preferences_request", - "user_preferences_request"); - -function user_preferences_request($method_name, $params, $app_data) -{ - $req = $params[0]; - - $uuid = $req['avatar_id']; - - $result = mysql_query("SELECT imviaemail,visible,email FROM usersettings WHERE ". - "useruuid = '". mysql_real_escape_string($uuid) ."'"); - - $row = mysql_fetch_assoc($result); - - if ($row != False) - { - $data[] = array( - "imviaemail" => $row["imviaemail"], - "visible" => $row["visible"], - "email" => $row["email"]); - } - else - { - //Insert empty record for avatar. - //NOTE: The 'false' values here are enums defined in database - $sql = "INSERT INTO usersettings VALUES ". - "('". mysql_real_escape_string($uuid) ."', ". - "'false', 'false', '')"; - $result = mysql_query($sql); - - $data[] = array( - "imviaemail" => False, - "visible" => False, - "email" => ""); - } - - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'data' => $data - )); - - print $response_xml; -} - -xmlrpc_server_register_method($xmlrpc_server, "user_preferences_update", - "user_preferences_update"); - -function user_preferences_update($method_name, $params, $app_data) -{ - - $req = $params[0]; - - $uuid = $req['avatar_id']; - $wantim = $req['imViaEmail']; - $directory = $req['visible']; - - $result = mysql_query("UPDATE usersettings SET ". - "imviaemail = '".mysql_real_escape_string($wantim) ."', ". - "visible = '".mysql_real_escape_string($directory) ."' WHERE ". - "useruuid = '". mysql_real_escape_string($uuid) ."'"); - - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'data' => $data - )); - - print $response_xml; -} - -# -# Process the request -# - -$request_xml = file_get_contents("php://input"); - -xmlrpc_server_call_method($xmlrpc_server, $request_xml, ''); -xmlrpc_server_destroy($xmlrpc_server); -?> diff --git a/web/query.php b/web/query.php deleted file mode 100644 index 13b701b..0000000 --- a/web/query.php +++ /dev/null @@ -1,593 +0,0 @@ - 1) - { - $type = join($glue, $terms); - if ($add_paren == True) - $type = "(" . $type . ")"; - } - else - { - if (count($terms) == 1) - $type = $terms[0]; - else - $type = ""; - } - - return $type; -} - - -function process_region_type_flags($flags) -{ - $terms = array(); - - if ($flags & 16777216) //IncludePG (1 << 24) - $terms[] = "mature = 'PG'"; - if ($flags & 33554432) //IncludeMature (1 << 25) - $terms[] = "mature = 'Mature'"; - if ($flags & 67108864) //IncludeAdult (1 << 26) - $terms[] = "mature = 'Adult'"; - - return join_terms(" OR ", $terms, True); -} - - -# -# The XMLRPC server object -# - -$xmlrpc_server = xmlrpc_server_create(); - -# -# Places Query -# - -xmlrpc_server_register_method($xmlrpc_server, "dir_places_query", - "dir_places_query"); - -function dir_places_query($method_name, $params, $app_data) -{ - $req = $params[0]; - - $flags = $req['flags']; - $text = $req['text']; - $category = $req['category']; - $query_start = $req['query_start']; - - $pieces = split(" ", $text); - $text = join("%", $pieces); - - if ($text == "%%%") - { - $response_xml = xmlrpc_encode(array( - 'success' => False, - 'errorMessage' => "Invalid search terms" - )); - - print $response_xml; - - return; - } - - $terms = array(); - - $type = process_region_type_flags($flags); - if ($type != "") - $type = " AND " . $type; - - if ($flags & 1024) - $order = "dwell DESC,"; - - if ($category > 0) - $category = "searchcategory = '".mysql_real_escape_string($category)."' AND "; - else - $category = ""; - - $text = mysql_real_escape_string($text); - $result = mysql_query("SELECT * FROM parcels WHERE $category " . - "(parcelname LIKE '%$text%'" . - " OR description LIKE '%$text%')" . - $type . " ORDER BY $order parcelname" . - " LIMIT ".(0+$query_start).",101"); - - $data = array(); - while (($row = mysql_fetch_assoc($result))) - { - $data[] = array( - "parcel_id" => $row["infouuid"], - "name" => $row["parcelname"], - "for_sale" => "False", - "auction" => "False", - "dwell" => $row["dwell"]); - } - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'errorMessage' => "", - 'data' => $data - )); - - print $response_xml; -} - -# -# Popular Places Query -# - -xmlrpc_server_register_method($xmlrpc_server, "dir_popular_query", - "dir_popular_query"); - -function dir_popular_query($method_name, $params, $app_data) -{ - $req = $params[0]; - - $text = $req['text']; - $flags = $req['flags']; - $query_start = $req['query_start']; - - $terms = array(); - - if ($flags & 0x1000) //PicturesOnly (1 << 12) - $terms[] = "has_picture = 1"; - - if ($flags & 0x0800) //PgSimsOnly (1 << 11) - $terms[] = "mature = 0"; - - if ($text != "") - { - $text = mysql_real_escape_string($text); - $terms[] = "(name LIKE '%$text%')"; - } - - if (count($terms) > 0) - $where = " WHERE " . join_terms(" AND ", $terms, False); - else - $where = ""; - - $result = mysql_query("SELECT * FROM popularplaces" . $where . - " LIMIT " . mysql_real_escape_string($query_start) . ",101"); - - $data = array(); - while (($row = mysql_fetch_assoc($result))) - { - $data[] = array( - "parcel_id" => $row["infoUUID"], - "name" => $row["name"], - "dwell" => $row["dwell"]); - } - - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'errorMessage' => "", - 'data' => $data)); - - print $response_xml; -} - -# -# Land Query -# - -xmlrpc_server_register_method($xmlrpc_server, "dir_land_query", - "dir_land_query"); - -function dir_land_query($method_name, $params, $app_data) -{ - $req = $params[0]; - - $flags = $req['flags']; - $type = $req['type']; - $price = $req['price']; - $area = $req['area']; - $query_start = $req['query_start']; - - $terms = array(); - - if ($type != 4294967295) //Include all types of land? - { - //Do this check first so we can bail out quickly on Auction search - if (($type & 26) == 2) // Auction (from SearchTypeFlags enum) - { - $response_xml = xmlrpc_encode(array( - 'success' => False, - 'errorMessage' => "No auctions listed")); - - print $response_xml; - - return; - } - - if (($type & 24) == 8) //Mainland (24=0x18 [bits 3 & 4]) - $terms[] = "parentestate = 1"; - if (($type & 24) == 16) //Estate (24=0x18 [bits 3 & 4]) - $terms[] = "parentestate <> 1"; - } - - $s = process_region_type_flags($flags); - if ($s != "") - $terms[] = $s; - - if ($flags & 0x100000) //LimitByPrice (1 << 20) - $terms[] = "saleprice <= '" . mysql_real_escape_string($price) . "'"; - if ($flags & 0x200000) //LimitByArea (1 << 21) - $terms[] = "area >= '" . mysql_real_escape_string($area) . "'"; - - //The PerMeterSort flag is always passed from a map item query. - //It doesn't hurt to have this as the default search order. - $order = "lsq"; //PerMeterSort (1 << 17) - - if ($flags & 0x80000) //NameSort (1 << 19) - $order = "parcelname"; - if ($flags & 0x10000) //PriceSort (1 << 16) - $order = "saleprice"; - if ($flags & 0x40000) //AreaSort (1 << 18) - $order = "area"; - if (!($flags & 0x8000)) //SortAsc (1 << 15) - $order .= " DESC"; - - if (count($terms) > 0) - $where = " WHERE " . join_terms(" AND ", $terms, False); - else - $where = ""; - - $sql = "SELECT *, saleprice/area AS lsq FROM parcelsales" . $where . - " ORDER BY " . $order . " LIMIT " . - mysql_real_escape_string($query_start) . ",101"; - - $result = mysql_query($sql); - - $data = array(); - while (($row = mysql_fetch_assoc($result))) - { - $data[] = array( - "parcel_id" => $row["infoUUID"], - "name" => $row["parcelname"], - "auction" => "false", - "for_sale" => "true", - "sale_price" => $row["saleprice"], - "landing_point" => $row["landingpoint"], - "region_UUID" => $row["regionUUID"], - "area" => $row["area"]); - } - - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'errorMessage' => "", - 'data' => $data)); - - print $response_xml; -} - -# -# Events Query -# - -xmlrpc_server_register_method($xmlrpc_server, "dir_events_query", - "dir_events_query"); - -function dir_events_query($method_name, $params, $app_data) -{ - $req = $params[0]; - - $text = $req['text']; - $flags = $req['flags']; - $query_start = $req['query_start']; - - if ($text == "%%%") - { - $response_xml = xmlrpc_encode(array( - 'success' => False, - 'errorMessage' => "Invalid search terms" - )); - - print $response_xml; - - return; - } - - $pieces = explode("|", $text); - - $day = $pieces[0]; - $category = $pieces[1]; - if (count($pieces) < 3) - $search_text = ""; - else - $search_text = $pieces[2]; - - //Get todays date/time and adjust it to UTC - $now = time() - date_offset_get(new DateTime); - - $terms = array(); - - if ($day == "u") - $terms[] = "dateUTC > ".$now; - else - { - //Is $day a number of days before or after current date? - if ($day != 0) - $now += $day * 86400; - $now -= ($now % 86400); - $then = $now + 86400; - $terms[] = "(dateUTC > ".$now." AND dateUTC <= ".$then.")"; - } - - if ($category != 0) - $terms[] = "category = ".$category.""; - - $type = array(); - if ($flags & 16777216) //IncludePG (1 << 24) - $type[] = "eventflags = 0"; - if ($flags & 33554432) //IncludeMature (1 << 25) - $type[] = "eventflags = 1"; - if ($flags & 67108864) //IncludeAdult (1 << 26) - $type[] = "eventflags = 2"; - - //Was there at least one PG, Mature, or Adult flag? - if (count($type) > 0) - $terms[] = join_terms(" OR ", $type, True); - - if ($search_text != "") - { - $search_text = mysql_real_escape_string($search_text); - $terms[] = "(name LIKE '%$search_text%' OR " . - "description LIKE '%$search_text%')"; - } - - if (count($terms) > 0) - $where = " WHERE " . join_terms(" AND ", $terms, False); - else - $where = ""; - - $sql = "SELECT * FROM events". $where. - " LIMIT " . mysql_real_escape_string($query_start) . ",101"; - - $result = mysql_query($sql); - - $data = array(); - - while (($row = mysql_fetch_assoc($result))) - { - $date = strftime("%m/%d %I:%M %p",$row["dateUTC"]); - - $data[] = array( - "owner_id" => $row["owneruuid"], - "name" => $row["name"], - "event_id" => $row["eventid"], - "date" => $date, - "unix_time" => $row["dateUTC"], - "event_flags" => $row["eventflags"], - "landing_point" => $row["globalPos"], - "region_UUID" => $row["simname"]); - } - - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'errorMessage' => "", - 'data' => $data)); - - print $response_xml; -} - -# -# Classifieds Query -# - -xmlrpc_server_register_method($xmlrpc_server, "dir_classified_query", - "dir_classified_query"); - -function dir_classified_query ($method_name, $params, $app_data) -{ - $req = $params[0]; - - $text = $req['text']; - $flags = $req['flags']; - $category = $req['category']; - $query_start = $req['query_start']; - - if ($text == "%%%") - { - $response_xml = xmlrpc_encode(array( - 'success' => False, - 'errorMessage' => "Invalid search terms" - )); - - print $response_xml; - - return; - } - - $terms = array(); - - //Renew Weekly flag is bit 5 (32) in $flags. - $f = array(); - if ($flags & 4) //PG (1 << 2) - $f[] = "classifiedflags & 4 = 4"; - if ($flags & 8) //Mature (1 << 3) - $f[] = "classifiedflags & 8 = 8"; - if ($flags & 64) //Adult (1 << 6) - $f[] = "classifiedflags & 64 = 64"; - - //Was there at least one PG, Mature, or Adult flag? - if (count($f) > 0) - $terms[] = join_terms(" OR ", $f, True); - - //Only restrict results based on category if it is not 0 (Any Category) - if ($category != 0) - $terms[] = "category = " . $category; - - if ($text != "") - $terms[] = "(name LIKE '%$text%'" . - " OR description LIKE '%$text%')"; - - //Was there at least condition for the search? - if (count($terms) > 0) - $where = " WHERE " . join_terms(" AND ", $terms, False); - else - $where = ""; - - $sql = "SELECT * FROM classifieds" . $where . - " ORDER BY priceforlisting DESC" . - " LIMIT " . mysql_real_escape_string($query_start) . ",101"; - - $result = mysql_query($sql); - - $data = array(); - while (($row = mysql_fetch_assoc($result))) - { - $data[] = array( - "classifiedid" => $row["classifieduuid"], - "name" => $row["name"], - "classifiedflags" => $row["classifiedflags"], - "creation_date" => $row["creationdate"], - "expiration_date" => $row["expirationdate"], - "priceforlisting" => $row["priceforlisting"]); - } - - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'errorMessage' => "", - 'data' => $data)); - - print $response_xml; -} - -# -# Events Info Query -# - -xmlrpc_server_register_method($xmlrpc_server, "event_info_query", - "event_info_query"); - -function event_info_query($method_name, $params, $app_data) -{ - $req = $params[0]; - - $eventID = $req['eventID']; - - $sql = "SELECT * FROM events WHERE eventID = " . - mysql_real_escape_string($eventID); - - $result = mysql_query($sql); - - $data = array(); - while (($row = mysql_fetch_assoc($result))) - { - $date = strftime("%G-%m-%d %H:%M:%S",$row["dateUTC"]); - - $category = "*Unspecified*"; - if ($row['category'] == 18) $category = "Discussion"; - if ($row['category'] == 19) $category = "Sports"; - if ($row['category'] == 20) $category = "Live Music"; - if ($row['category'] == 22) $category = "Commercial"; - if ($row['category'] == 23) $category = "Nightlife/Entertainment"; - if ($row['category'] == 24) $category = "Games/Contests"; - if ($row['category'] == 25) $category = "Pageants"; - if ($row['category'] == 26) $category = "Education"; - if ($row['category'] == 27) $category = "Arts and Culture"; - if ($row['category'] == 28) $category = "Charity/Support Groups"; - if ($row['category'] == 29) $category = "Miscellaneous"; - - $data[] = array( - "event_id" => $row["eventid"], - "creator" => $row["creatoruuid"], - "name" => $row["name"], - "category" => $category, - "description" => $row["description"], - "date" => $date, - "dateUTC" => $row["dateUTC"], - "duration" => $row["duration"], - "covercharge" => $row["covercharge"], - "coveramount" => $row["coveramount"], - "simname" => $row["simname"], - "globalposition" => $row["globalPos"], - "eventflags" => $row["eventflags"]); - } - - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'errorMessage' => "", - 'data' => $data)); - - print $response_xml; -} - -# -# Classifieds Info Query -# - -xmlrpc_server_register_method($xmlrpc_server, "classifieds_info_query", - "classifieds_info_query"); - -function classifieds_info_query($method_name, $params, $app_data) -{ - $req = $params[0]; - - $classifiedID = $req['classifiedID']; - - $sql = "SELECT * FROM classifieds WHERE classifieduuid = '" . - mysql_real_escape_string($classifiedID). "'"; - - $result = mysql_query($sql); - - $data = array(); - while (($row = mysql_fetch_assoc($result))) - { - $data[] = array( - "classifieduuid" => $row["classifieduuid"], - "creatoruuid" => $row["creatoruuid"], - "creationdate" => $row["creationdate"], - "expirationdate" => $row["expirationdate"], - "category" => $row["category"], - "name" => $row["name"], - "description" => $row["description"], - "parceluuid" => $row["parceluuid"], - "parentestate" => $row["parentestate"], - "snapshotuuid" => $row["snapshotuuid"], - "simname" => $row["simname"], - "posglobal" => $row["posglobal"], - "parcelname" => $row["parcelname"], - "classifiedflags" => $row["classifiedflags"], - "priceforlisting" => $row["priceforlisting"]); - } - - $response_xml = xmlrpc_encode(array( - 'success' => True, - 'errorMessage' => "", - 'data' => $data)); - - print $response_xml; -} - -# -# Process the request -# - -$request_xml = file_get_contents("php://input"); -xmlrpc_server_call_method($xmlrpc_server, $request_xml, ''); -xmlrpc_server_destroy($xmlrpc_server); -?> diff --git a/web/register.php b/web/register.php deleted file mode 100644 index 70f42a6..0000000 --- a/web/register.php +++ /dev/null @@ -1,61 +0,0 @@ - registration // -// When the date is older, make a request to the Parser to grab new data // -////////////////////////////////////////////////////////////////////////////// - -include("../config/os_modules_mysql.php"); -//establish connection to master db server -mysql_connect ($DB_HOST, $DB_USER, $DB_PASSWORD); -mysql_select_db ($DB_NAME); - -$hostname = $_GET['host']; -$port = $_GET['port']; -$service = $_GET['service']; - -if ($hostname != "" && $port != "" && $service == "online") -{ - // Check if there is already a database row for this host - $checkhost = mysql_query("SELECT register FROM hostsregister WHERE " . - "host = '" . mysql_real_escape_string($hostname) . "' AND " . - "port = '" . mysql_real_escape_string($port) . "'"); - - // Get the request time as a timestamp for later - $timestamp = $_SERVER['REQUEST_TIME']; - - // if greater than 1, check the nextcheck date - if (mysql_num_rows($checkhost) > 0) - { - $update = "UPDATE hostsregister SET " . - "register = '" . mysql_real_escape_string($timestamp) . "', " . - "nextcheck = '0', checked = '0', " . - "failcounter = '0' " . - "WHERE host = '" . mysql_real_escape_string($hostname) . "' AND " . - "port = '" . mysql_real_escape_string($port) . "'"; - - $runupdate = mysql_query($update); - } - else - { - $register = "INSERT INTO hostsregister VALUES ". - "('" . mysql_real_escape_string($hostname) . "', " . - "'" . mysql_real_escape_string($port) . "', " . - "'" . mysql_real_escape_string($timestamp) . "', 0, 0, 0)"; - - $runupdate = mysql_query($register); - } -} -elseif ($hostname != "" && $port != "" && $service = "offline") -{ - $delete = "DELETE FROM hostsregister " . - "WHERE host = '" . mysql_real_escape_string($hostname) . "' AND " . - "port = '" . mysql_real_escape_string($port) . "'"; - - $rundelete = mysql_query($delete); -} -?> diff --git a/web/xmlrpc.php b/web/xmlrpc.php deleted file mode 100644 index fc0c575..0000000 --- a/web/xmlrpc.php +++ /dev/null @@ -1,1755 +0,0 @@ - "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - - Methods that run without errors, but do not have the intended result should return as: - - return array('succeed' => 'false', 'message' => 'No Groups Found', 'params' => var_export($params, TRUE)); - - or if applicable: - - return array('succeed' => 'false', 'message' => 'What went wrong', 'params' => var_export($params, TRUE), 'sql' => $sql); - */ - - include("phpxmlrpclib/xmlrpc.inc"); - include("phpxmlrpclib/xmlrpcs.inc"); - - include("../config/os_flotsam_config.php"); - include("../config/os_modules_mysql.php"); - - - $groupPowers = array( - 'None' => '0', - /// Can send invitations to groups default role - 'Invite' => '2', - /// Can eject members from group - 'Eject' => '4', - /// Can toggle 'Open Enrollment' and change 'Signup fee' - 'ChangeOptions' => '8', - /// Can create new roles - 'CreateRole' => '16', - /// Can delete existing roles - 'DeleteRole' => '32', - /// Can change Role names, titles and descriptions - 'RoleProperties' => '64', - /// Can assign other members to assigners role - 'AssignMemberLimited' => '128', - /// Can assign other members to any role - 'AssignMember' => '256', - /// Can remove members from roles - 'RemoveMember' => '512', - /// Can assign and remove abilities in roles - 'ChangeActions' => '1024', - /// Can change group Charter, Insignia, 'Publish on the web' and which - /// members are publicly visible in group member listings - 'ChangeIdentity' => '2048', - /// Can buy land or deed land to group - 'LandDeed' => '4096', - /// Can abandon group owned land to Governor Linden on mainland, or Estate owner for - /// private estates - 'LandRelease' => '8192', - /// Can set land for-sale information on group owned parcels - 'LandSetSale' => '16384', - /// Can subdivide and join parcels - 'LandDivideJoin' => '32768', - /// Can join group chat sessions - 'JoinChat' => '65536', - /// Can toggle "Show in Find Places" and set search category - 'FindPlaces' => '131072', - /// Can change parcel name, description, and 'Publish on web' settings - 'LandChangeIdentity' => '262144', - /// Can set the landing point and teleport routing on group land - 'SetLandingPoint' => '524288', - /// Can change music and media settings - 'ChangeMedia' => '1048576', - /// Can toggle 'Edit Terrain' option in Land settings - 'LandEdit' => '2097152', - /// Can toggle various About Land > Options settings - 'LandOptions' => '4194304', - /// Can always terraform land, even if parcel settings have it turned off - 'AllowEditLand' => '8388608', - /// Can always fly while over group owned land - 'AllowFly' => '16777216', - /// Can always rez objects on group owned land - 'AllowRez' => '33554432', - /// Can always create landmarks for group owned parcels - 'AllowLandmark' => '67108864', - /// Can use voice chat in Group Chat sessions - 'AllowVoiceChat' => '134217728', - /// Can set home location on any group owned parcel - 'AllowSetHome' => '268435456', - /// Can modify public access settings for group owned parcels - 'LandManageAllowed' => '536870912', - /// Can manager parcel ban lists on group owned land - 'LandManageBanned' => '1073741824', - /// Can manage pass list sales information - 'LandManagePasses' => '2147483648', - /// Can eject and freeze other avatars on group owned land - 'LandEjectAndFreeze' => '4294967296', - /// Can return objects set to group - 'ReturnGroupSet' => '8589934592', - /// Can return non-group owned/set objects - 'ReturnNonGroup' => '17179869184', - /// Can landscape using Linden plants - 'LandGardening' => '34359738368', - /// Can deed objects to group - 'DeedObject' => '68719476736', - /// Can moderate group chat sessions - 'ModerateChat' => '137438953472', - /// Can move group owned objects - 'ObjectManipulate' => '274877906944', - /// Can set group owned objects for-sale - 'ObjectSetForSale' => '549755813888', - /// Pay group liabilities and receive group dividends - 'Accountable' => '1099511627776', - /// Can send group notices - 'SendNotices' => '4398046511104', - /// Can receive group notices - 'ReceiveNotices' => '8796093022208', - /// Can create group proposals - 'StartProposal' => '17592186044416', - /// Can vote on group proposals - 'VoteOnProposal' => '35184372088832', - /// Can return group owned objects - 'ReturnGroupOwned' => '281474976710656', - /// Members are visible to non-owners - 'RoleMembersVisible' => '140737488355328' - ); - - $uuidZero = "00000000-0000-0000-0000-000000000000"; - - $groupDBCon = mysql_connect($DB_HOST,$DB_USER,$DB_PASSWORD); - if (!$groupDBCon) - { - die('Could not connect: ' . mysql_error()); - } - mysql_select_db($DB_NAME, $groupDBCon); - - // This is filled in by secure() - $requestingAgent = $uuidZero; - - function test() - { - return array('name' => 'Joe','age' => 27); - } - - // Use a common signature for all the group functions -> struct foo($struct) - $common_sig = array(array($xmlrpcStruct, $xmlrpcStruct)); - - function createGroup($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - - $groupID = $params["GroupID"]; - $name = $params["Name"]; - $charter = $params["Charter"]; - $insigniaID = $params["InsigniaID"]; - $founderID = $params["FounderID"]; - $membershipFee = $params["MembershipFee"]; - $openEnrollment = $params["OpenEnrollment"]; - $showInList = $params["ShowInList"]; - $allowPublish = $params["AllowPublish"]; - $maturePublish = $params["MaturePublish"]; - $ownerRoleID = $params["OwnerRoleID"]; - $everyonePowers = $params["EveryonePowers"]; - $ownersPowers = $params["OwnersPowers"]; - - $escapedParams = array_map("mysql_real_escape_string", $params); - $escapedGroupID = $escapedParams["GroupID"]; - $escapedName = $escapedParams["Name"]; - $escapedCharter = $escapedParams["Charter"]; - $escapedInsigniaID = $escapedParams["InsigniaID"]; - $escapedFounderID = $escapedParams["FounderID"]; - $escapedMembershipFee = $escapedParams["MembershipFee"]; - $escapedOpenEnrollment = $escapedParams["OpenEnrollment"]; - $escapedShowInList = $escapedParams["ShowInList"]; - $escapedAllowPublish = $escapedParams["AllowPublish"]; - $escapedMaturePublish = $escapedParams["MaturePublish"]; - $escapedOwnerRoleID = $escapedParams["OwnerRoleID"]; - - // Create group - $sql = "INSERT INTO osgroup - (GroupID, Name, Charter, InsigniaID, FounderID, MembershipFee, OpenEnrollment, ShowInList, AllowPublish, MaturePublish, OwnerRoleID) - VALUES - ('$escapedGroupID', '$escapedName', '$escapedCharter', '$escapedInsigniaID', '$escapedFounderID', $escapedMembershipFee, $escapedOpenEnrollment, $escapedShowInList, $escapedAllowPublish, $escapedMaturePublish, '$escapedOwnerRoleID')"; - - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - // Create Everyone Role - // NOTE: FIXME: This is a temp fix until the libomv enum for group powers is fixed in OpenSim - - $result = _addRoleToGroup(array('GroupID' => $groupID, 'RoleID' => $uuidZero, 'Name' => 'Everyone', 'Description' => 'Everyone in the group is in the everyone role.', 'Title' => "Member of $name", 'Powers' => $everyonePowers)); - if( isset($result['error']) ) - { - return $result; - } - - // Create Owner Role - $result = _addRoleToGroup(array('GroupID' => $groupID, 'RoleID' => $ownerRoleID, 'Name' => 'Owners', 'Description' => "Owners of $name", 'Title' => "Owner of $name", 'Powers' => $ownersPowers)); - if( isset($result['error']) ) - { - return $result; - } - - // Add founder to group, will automatically place them in the Everyone Role, also places them in specified Owner Role - $result = _addAgentToGroup(array('AgentID' => $founderID, 'GroupID' => $groupID, 'RoleID' => $ownerRoleID)); - if( isset($result['error']) ) - { - return $result; - } - - // Select the owner's role for the founder - $result = _setAgentGroupSelectedRole(array('AgentID' => $founderID, 'RoleID' => $ownerRoleID, 'GroupID' => $groupID)); - if( isset($result['error']) ) - { - return $result; - } - - // Set the new group as the founder's active group - $result = _setAgentActiveGroup(array('AgentID' => $founderID, 'GroupID' => $groupID)); - if( isset($result['error']) ) - { - return $result; - } - - return getGroup(array("GroupID"=>$groupID)); - } - - // Private method, does not include security, to only be called from places that have already verified security - function _addRoleToGroup($params) - { - $everyonePowers = 8796495740928; // This should now be fixed, when libomv was updated... - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; - $groupID = mysql_real_escape_string( $params['GroupID'] ); - $roleID = mysql_real_escape_string( $params['RoleID'] ); - $name = mysql_real_escape_string( $params['Name'] ); - $desc = mysql_real_escape_string( $params['Description'] ); - $title = mysql_real_escape_string( $params['Title'] ); - $powers = mysql_real_escape_string( $params['Powers'] ); - - if( !isset($powers) || ($powers == 0) || ($powers == '') ) - { - $powers = $everyonePowers; - } - - $sql = " INSERT INTO osrole (GroupID, RoleID, Name, Description, Title, Powers) VALUES " - ." ('$groupID', '$roleID', '$name', '$desc', '$title', $powers)"; - - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error() - , 'method' => 'addRoleToGroup' - , 'params' => var_export($params, TRUE)); - } - - return array("success" => "true"); - } - - function addRoleToGroup($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; - $groupID = $params['GroupID']; - - // Verify the requesting agent has permission - if( is_array($error = checkGroupPermission($groupID, $groupPowers['CreateRole'])) ) - { - return $error; - } - - return _addRoleToGroup($params); - } - - function updateGroupRole($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; - $groupID = mysql_real_escape_string( $params['GroupID'] ); - $roleID = mysql_real_escape_string( $params['RoleID'] ); - $name = mysql_real_escape_string( $params['Name'] ); - $desc = mysql_real_escape_string( $params['Description'] ); - $title = mysql_real_escape_string( $params['Title'] ); - $powers = mysql_real_escape_string( $params['Powers'] ); - - // Verify the requesting agent has permission - if( is_array($error = checkGroupPermission($groupID, $groupPowers['RoleProperties'])) ) - { - return $error; - } - - $sql = " UPDATE osrole SET RoleID = '$roleID' "; - if( isset($params['Name']) ) - { - $sql .= ", Name = '$name'"; - } - if( isset($params['Description']) ) - { - $sql .= ", Description = '$desc'"; - } - if( isset($params['Title']) ) - { - $sql .= ", Title = '$title'"; - } - if( isset($params['Powers']) ) - { - $sql .= ", Powers = $powers"; - } - - $sql .= " WHERE GroupID = '$groupID' AND RoleID = '$roleID'"; - - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - return array("success" => "true"); - } - - function removeRoleFromGroup($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; - $groupID = mysql_real_escape_string( $params['GroupID'] ); - $roleID = mysql_real_escape_string( $params['RoleID'] ); - - if( is_array($error = checkGroupPermission($groupID, $groupPowers['RoleProperties'])) ) - { - return $error; - } - - /// 1. Remove all members from Role - /// 2. Set selected Role to uuidZero for anyone that had the role selected - /// 3. Delete roll - - $sql = "DELETE FROM osgrouprolemembership WHERE GroupID = '$groupID' AND RoleID = '$roleID'"; - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - $sql = "UPDATE osgroupmembership SET SelectedRoleID = '$uuidZero' WHERE GroupID = '$groupID' AND SelectedRoleID = '$roleID'"; - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - $sql = "DELETE FROM osrole WHERE GroupID = '$groupID' AND RoleID = '$roleID'"; - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - return array("success" => "true"); - } - - function getGroup($params) - { - if( is_array($error = secureRequest($params, FALSE)) ) - { - return $error; - } - - return _getGroup($params); - } - - function _getGroup($params) - { - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $sql = " SELECT osgroup.GroupID, osgroup.Name, Charter, InsigniaID, FounderID, MembershipFee, OpenEnrollment, ShowInList, AllowPublish, MaturePublish, OwnerRoleID" - ." , count(osrole.RoleID) as GroupRolesCount, count(osgroupmembership.AgentID) as GroupMembershipCount " - ." FROM osgroup " - ." LEFT JOIN osrole ON (osgroup.GroupID = osrole.GroupID)" - ." LEFT JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)" - ." WHERE "; - - if( isset($params['GroupID']) ) - { - $sql .= "osgroup.GroupID = '" . mysql_real_escape_string($params['GroupID']). "'"; - } - else if( isset($params['Name']) ) - { - $sql .= "osgroup.Name = '" . mysql_real_escape_string($params['Name']) . "'"; - } - else - { - return array("error" => "Must specify GroupID or Name"); - } - - $sql .= " GROUP BY osgroup.GroupID, osgroup.name, charter, insigniaID, founderID, membershipFee, openEnrollment, showInList, allowPublish, maturePublish, ownerRoleID"; - - $result = mysql_query($sql, $groupDBCon); - - if (!$result) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if (mysql_num_rows($result) == 0) - { - return array('succeed' => 'false', 'error' => 'Group Not Found', 'params' => var_export($params, TRUE), 'sql' => $sql); - } - - return mysql_fetch_assoc($result); - } - - function updateGroup($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; - $groupID = mysql_real_escape_string( $params["GroupID"] ); - $charter = mysql_real_escape_string( $params["Charter"] ); - $insigniaID = mysql_real_escape_string( $params["InsigniaID"] ); - $membershipFee = mysql_real_escape_string( $params["MembershipFee"] ); - $openEnrollment = mysql_real_escape_string( $params["OpenEnrollment"] ); - $showInList = mysql_real_escape_string( $params["ShowInList"] ); - $allowPublish = mysql_real_escape_string( $params["AllowPublish"] ); - $maturePublish = mysql_real_escape_string( $params["MaturePublish"] ); - - if( is_array($error = checkGroupPermission($groupID, $groupPowers['ChangeOptions'])) ) - { - return $error; - } - - // Create group - $sql = "UPDATE osgroup - SET - Charter = '$charter' - , InsigniaID = '$insigniaID' - , MembershipFee = $membershipFee - , OpenEnrollment= $openEnrollment - , ShowInList = $showInList - , AllowPublish = $allowPublish - , MaturePublish = $maturePublish - WHERE - GroupID = '$groupID'"; - - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - return array('success' => 'true'); - } - - function findGroups($params) - { - if( is_array($error = secureRequest($params, FALSE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $search = mysql_real_escape_string( $params['Search'] ); - - $sql = " SELECT osgroup.GroupID, osgroup.Name, count(osgroupmembership.AgentID) as Members " - ." FROM osgroup LEFT JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID) " - ." WHERE " - ." ( MATCH (osgroup.name) AGAINST ('$search' IN BOOLEAN MODE)" - ." OR osgroup.name LIKE '%$search%'" - ." OR osgroup.name REGEXP '$search'" - ." ) AND ShowInList = 1" - ." GROUP BY osgroup.GroupID, osgroup.Name"; - - $result = mysql_query($sql, $groupDBCon); - - if (!$result) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if( mysql_num_rows($result) == 0 ) - { - return array('succeed' => 'false', 'error' => 'No groups found.', 'params' => var_export($params, TRUE), 'sql' => $sql); - } - - $results = array(); - - while ($row = mysql_fetch_assoc($result)) - { - $groupID = $row['GroupID']; - $results[$groupID] = $row; - } - - return array('results' => $results, 'success' => TRUE); - } - - function _setAgentActiveGroup($params) - { - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $agentID = mysql_real_escape_string( $params['AgentID'] ); - $groupID = mysql_real_escape_string( $params['GroupID'] ); - - $sql = " UPDATE osagent " - ." SET ActiveGroupID = '$groupID'" - ." WHERE AgentID = '$agentID'"; - - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if( mysql_affected_rows() == 0 ) - { - $sql = " INSERT INTO osagent (ActiveGroupID, AgentID) VALUES " - ." ('$groupID', '$agentID')"; - - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - } - - return array("success" => "true"); - } - - function setAgentActiveGroup($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $agentID = $params['AgentID']; - $groupID = $params['GroupID']; - - if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) ) - { - return array('error' => "Agent can only change their own Selected Group Role", 'params' => var_export($params, TRUE)); - } - - return _setAgentActiveGroup($params); - } - - function addAgentToGroup($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; - $groupID = $params["GroupID"]; - $agentID = $params["AgentID"]; - - if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) ) - { - // If they don't have direct permission, check to see if the group is marked for open enrollment - $groupInfo = _getGroup( array ('GroupID' => $groupID) ); - - if( isset($groupInfo['error'])) - { - return $groupInfo; - } - - if($groupInfo['OpenEnrollment'] != 1) - { - $escapedAgentID = mysql_real_escape_string($agentID); - $escapedGroupID = mysql_real_escape_string($groupID); - - // Group is not open enrollment, check if the specified agentid has an invite - $sql = " SELECT GroupID, RoleID, AgentID FROM osgroupinvite" - ." WHERE osgroupinvite.AgentID = '$escapedAgentID' AND osgroupinvite.GroupID = '$escapedGroupID'"; - - $results = mysql_query($sql, $groupDBCon); - if (!$results) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if( mysql_num_rows($results) == 1 ) - { - // if there is an invite, make sure we're adding the user to the role specified in the invite - $inviteInfo = mysql_fetch_assoc($results); - $params['RoleID'] = $inviteInfo['RoleID']; - } - else - { - // Not openenrollment, not invited, return permission denied error - return $error; - } - } - } - - return _addAgentToGroup($params); - } - - // Private method, does not include security, to only be called from places that have already verified security - function _addAgentToGroup($params) - { - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $agentID = $params["AgentID"]; - $groupID = $params["GroupID"]; - - $roleID = $uuidZero; - if( isset($params["RoleID"]) ) - { - $roleID = $params["RoleID"]; - } - - $escapedAgentID = mysql_real_escape_string($agentID); - $escapedGroupID = mysql_real_escape_string($groupID); - $escapedRoleID = mysql_real_escape_string($roleID); - - // Check if agent already a member - $sql = " SELECT count(AgentID) as isMember FROM osgroupmembership WHERE AgentID = '$escapedAgentID' AND GroupID = '$escapedGroupID'"; - $result = mysql_query($sql, $groupDBCon); - if (!$result) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - // If not a member, add membership, select role (defaults to uuidZero, or everyone role) - if( mysql_result($result, 0) == 0 ) - { - $sql = " INSERT INTO osgroupmembership (GroupID, AgentID, Contribution, ListInProfile, AcceptNotices, SelectedRoleID) VALUES " - ."('$escapedGroupID','$escapedAgentID', 0, 1, 1,'$escapedRoleID')"; - - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - } - - // Make sure they're in the Everyone role - $result = _addAgentToGroupRole(array("GroupID" => $groupID, "RoleID" => $uuidZero, "AgentID" => $agentID)); - if( isset($result['error']) ) - { - return $result; - } - - // Make sure they're in specified role, if they were invited - if( $roleID != $uuidZero ) - { - $result = _addAgentToGroupRole(array("GroupID" => $groupID, "RoleID" => $roleID, "AgentID" => $agentID)); - if( isset($result['error']) ) - { - return $result; - } - } - - //Set the role they were invited to as their selected role - _setAgentGroupSelectedRole(array('AgentID' => $agentID, 'RoleID' => $roleID, 'GroupID' => $groupID)); - - // Set the group as their active group. - // _setAgentActiveGroup(array("GroupID" => $groupID, "AgentID" => $agentID)); - - return array("success" => "true"); - } - - function removeAgentFromGroup($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; - $agentID = $params["AgentID"]; - $groupID = $params["GroupID"]; - - // An agent is always allowed to remove themselves from a group -- so only check if the requesting agent is different then the agent being removed. - if( $agentID != $requestingAgent ) - { - if( is_array($error = checkGroupPermission($groupID, $groupPowers['RemoveMember'])) ) - { - return $error; - } - } - - $escapedAgentID = mysql_real_escape_string($agentID); - $escapedGroupID = mysql_real_escape_string($groupID); - - // 1. If group is agent's active group, change active group to uuidZero - // 2. Remove Agent from group (osgroupmembership) - // 3. Remove Agent from all of the groups roles (osgrouprolemembership) - - $sql = " UPDATE osagent " - ." SET ActiveGroupID = '$uuidZero'" - ." WHERE AgentID = '$escapedAgentID' AND ActiveGroupID = '$escapedGroupID'"; - - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - $sql = " DELETE FROM osgroupmembership " - ." WHERE AgentID = '$agentID' AND GroupID = '$groupID'"; - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - $sql = " DELETE FROM osgrouprolemembership " - ." WHERE AgentID = '$escapedAgentID' AND GroupID = '$escapedGroupID'"; - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - return array("success" => "true"); - } - - function _addAgentToGroupRole($params) - { - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $agentID = mysql_real_escape_string($params["AgentID"]); - $groupID = mysql_real_escape_string($params["GroupID"]); - $roleID = mysql_real_escape_string($params["RoleID"]); - - // Check if agent already a member - $sql = " SELECT count(AgentID) as isMember FROM osgrouprolemembership WHERE AgentID = '$agentID' AND RoleID = '$roleID' AND GroupID = '$groupID'"; - $result = mysql_query($sql, $groupDBCon); - if (!$result) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if( mysql_result($result, 0) == 0 ) - { - $sql = " INSERT INTO osgrouprolemembership (GroupID, RoleID, AgentID) VALUES " - ."('$groupID', '$roleID', '$agentID')"; - - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - } - - return array("success" => "true"); - } - - function addAgentToGroupRole($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; - $agentID = $params["AgentID"]; - $groupID = $params["GroupID"]; - $roleID = $params["RoleID"]; - - $escapedAgentID = mysql_real_escape_string($agentID); - $escapedGroupID = mysql_real_escape_string($groupID); - $escapedRoleID = mysql_real_escape_string($roleID); - - // Check if being assigned to Owners role, assignments to an owners role can only be requested by owners. - $sql = " SELECT OwnerRoleID, osgrouprolemembership.AgentID " - ." FROM osgroup LEFT JOIN osgrouprolemembership ON (osgroup.GroupID = osgrouprolemembership.GroupID AND osgroup.OwnerRoleID = osgrouprolemembership.RoleID) " - ." WHERE osgrouprolemembership.AgentID = '" . mysql_real_escape_string($requestingAgent) . "' AND osgroup.GroupID = '$escapedGroupID'"; - - $results = mysql_query($sql, $groupDBCon); - if (!$results) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if( mysql_num_rows($results) == 0 ) - { - return array('error' => "Group ($groupID) not found or Agent ($agentID) is not in the owner's role", 'params' => var_export($params, TRUE)); - } - - $ownerRoleInfo = mysql_fetch_assoc($results); - if( ($ownerRoleInfo['OwnerRoleID'] == $roleID) && ($ownerRoleInfo['AgentID'] != $requestingAgent) ) - { - return array('error' => "Requesting agent $requestingAgent is not a member of the Owners Role and cannot add members to the owners role.", 'params' => var_export($params, TRUE)); - } - - if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) ) - { - return $error; - } - - return _addAgentToGroupRole($params); - } - - function removeAgentFromGroupRole($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; - $agentID = mysql_real_escape_string($params["AgentID"]); - $groupID = mysql_real_escape_string($params["GroupID"]); - $roleID = mysql_real_escape_string($params["RoleID"]); - - if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) ) - { - return $error; - } - - // If agent has this role selected, change their selection to everyone (uuidZero) role - $sql = " UPDATE osgroupmembership SET SelectedRoleID = '$uuidZero' WHERE AgentID = '$agentID' AND GroupID = '$groupID' AND SelectedRoleID = '$roleID'"; - $result = mysql_query($sql, $groupDBCon); - if (!$result) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - $sql = " DELETE FROM osgrouprolemembership WHERE AgentID = '$agentID' AND GroupID = '$groupID' AND RoleID = '$roleID'"; - - if (!mysql_query($sql, $groupDBCon)) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - return array("success" => "true"); - } - - function _setAgentGroupSelectedRole($params) - { - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $agentID = mysql_real_escape_string($params["AgentID"]); - $groupID = mysql_real_escape_string($params["GroupID"]); - $roleID = mysql_real_escape_string($params["RoleID"]); - - $sql = " UPDATE osgroupmembership SET SelectedRoleID = '$roleID' WHERE AgentID = '$agentID' AND GroupID = '$groupID'"; - $result = mysql_query($sql, $groupDBCon); - if (!$result) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - return array('success' => 'true'); - } - - function setAgentGroupSelectedRole($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $agentID = $params["AgentID"]; - $groupID = $params["GroupID"]; - $roleID = $params["RoleID"]; - - if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) ) - { - return array('error' => "Agent can only change their own Selected Group Role", 'params' => var_export($params, TRUE)); - } - - return _setAgentGroupSelectedRole($params); - } - - function getAgentGroupMembership($params) - { - if( is_array($error = secureRequest($params, FALSE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $groupID = mysql_real_escape_string($params['GroupID']); - $agentID = mysql_real_escape_string($params['AgentID']); - - $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish" - ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices" - ." , osgroupmembership.SelectedRoleID, osrole.Title" - ." , osagent.ActiveGroupID " - ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)" - ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)" - ." JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)" - ." WHERE osgroup.GroupID = '$groupID' AND osgroupmembership.AgentID = '$agentID'"; - - $groupmembershipResult = mysql_query($sql, $groupDBCon); - if (!$groupmembershipResult) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if( mysql_num_rows($groupmembershipResult) == 0 ) - { - return array('succeed' => 'false', 'error' => 'None Found', 'params' => var_export($params, TRUE), 'sql' => $sql); - } - - $groupMembershipInfo = mysql_fetch_assoc($groupmembershipResult); - - $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers" - ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)" - ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'"; - $groupPowersResult = mysql_query($sql, $groupDBCon); - if (!$groupPowersResult) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - $groupPowersInfo = mysql_fetch_assoc($groupPowersResult); - - return array_merge($groupMembershipInfo, $groupPowersInfo); - } - - function getAgentGroupMemberships($params) - { - if( is_array($error = secureRequest($params, FALSE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $agentID = mysql_real_escape_string($params['AgentID']); - - $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish" - ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices" - ." , osgroupmembership.SelectedRoleID, osrole.Title" - ." , IFNULL(osagent.ActiveGroupID, '$uuidZero') AS ActiveGroupID" - ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)" - ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)" - ." LEFT JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)" - ." WHERE osgroupmembership.AgentID = '$agentID'"; - - $groupmembershipResults = mysql_query($sql, $groupDBCon); - if (!$groupmembershipResults) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if( mysql_num_rows($groupmembershipResults) == 0 ) - { - return array('succeed' => 'false', 'error' => 'No Memberships', 'params' => var_export($params, TRUE), 'sql' => $sql); - } - - $groupResults = array(); - while($groupMembershipInfo = mysql_fetch_assoc($groupmembershipResults)) - { - $groupID = $groupMembershipInfo['GroupID']; - $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers" - ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)" - ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'"; - $groupPowersResult = mysql_query($sql, $groupDBCon); - if (!$groupPowersResult) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - $groupPowersInfo = mysql_fetch_assoc($groupPowersResult); - $groupResults[$groupID] = array_merge($groupMembershipInfo, $groupPowersInfo); - } - - return $groupResults; - } - - // Parameters should not already be mysql_real_escape_string() escaped - function canAgentViewRoleMembers( $agentID, $groupID, $roleID ) - { - global $membersVisibleTo, $groupDBCon; - - if( $membersVisibleTo == 'All' ) - return true; - - $agentID = mysql_real_escape_string($agentID); - $groupID = mysql_real_escape_string($groupID); - $roleID = mysql_real_escape_string($roleID); - - $sql = " SELECT CASE WHEN min(OwnerRoleMembership.AgentID) IS NOT NULL THEN 1 ELSE 0 END AS IsOwner "; - $sql .= " FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID AND osgroupmembership.AgentID = '$agentID')"; - $sql .= " LEFT JOIN osgrouprolemembership AS OwnerRoleMembership ON (OwnerRoleMembership.GroupID = osgroup.GroupID "; - $sql .= " AND OwnerRoleMembership.RoleID = osgroup.OwnerRoleID "; - $sql .= " AND OwnerRoleMembership.AgentID = '$agentID')"; - $sql .= " WHERE osgroup.GroupID = '$groupID' GROUP BY osgroup.GroupID"; - - $viewMemberResults = mysql_query($sql, $groupDBCon); - if (!$viewMemberResults) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error()); - } - - if (mysql_num_rows($viewMemberResults) == 0) - { - return false; - } - - $viewMemberInfo = mysql_fetch_assoc($viewMemberResults); - - switch( $membersVisibleTo ) - { - case 'Group': - // if we get to here, there is at least one row, so they are a member of the group - return true; - case 'Owners': - default: - return $viewMemberInfo['IsOwner']; - } - } - - function getGroupMembers($params) - { - if( is_array($error = secureRequest($params, FALSE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; - $groupID = $params['GroupID']; - $escapedGroupID = mysql_real_escape_string($groupID); - - $sql = " SELECT osgroupmembership.AgentID" - ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices" - ." , osgroupmembership.SelectedRoleID, osrole.Title" - ." , CASE WHEN OwnerRoleMembership.AgentID IS NOT NULL THEN 1 ELSE 0 END AS IsOwner" - ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)" - ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)" - ." JOIN osrole AS OwnerRole ON (osgroup.OwnerRoleID = OwnerRole.RoleID AND osgroup.GroupID = OwnerRole.GroupID)" - ." LEFT JOIN osgrouprolemembership AS OwnerRoleMembership ON (osgroup.OwnerRoleID = OwnerRoleMembership.RoleID - AND (osgroup.GroupID = OwnerRoleMembership.GroupID) - AND (osgroupmembership.AgentID = OwnerRoleMembership.AgentID))" - ." WHERE osgroup.GroupID = '$escapedGroupID'"; - - $groupmemberResults = mysql_query($sql, $groupDBCon); - if (!$groupmemberResults) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if (mysql_num_rows($groupmemberResults) == 0) - { - return array('succeed' => 'false', 'error' => 'No Group Members found', 'params' => var_export($params, TRUE), 'sql' => $sql); - } - - $roleMembersVisibleBit = $groupPowers['RoleMembersVisible']; - $canViewAllGroupRoleMembers = canAgentViewRoleMembers($requestingAgent, $groupID, ''); - - $memberResults = array(); - while ($memberInfo = mysql_fetch_assoc($groupmemberResults)) - { - $agentID = $memberInfo['AgentID']; - $sql = " SELECT BIT_OR(osrole.Powers) AS AgentPowers, ( BIT_OR(osrole.Powers) & $roleMembersVisibleBit) as MemberVisible" - ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)" - ." WHERE osgrouprolemembership.GroupID = '$escapedGroupID' AND osgrouprolemembership.AgentID = '$agentID'"; - $memberPowersResult = mysql_query($sql, $groupDBCon); - if (!$memberPowersResult) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - $memberPowersCount = mysql_num_rows($memberPowersResult); - error_log("Found $memberPowersCount rows for agent $agentID for requesting agent $requestingAgent"); - - if ($memberPowersCount == 0) - { - if ($canViewAllGroupRoleMembers || $agentID == $requestingAgent) - { - $memberResults[$agentID] = array_merge($memberInfo, array('AgentPowers' => 0)); - } - else - { - // if can't view all group role members and there is no Member Visible bit, then don't return this member's info - unset($memberResults[$agentID]); - } - } - else - { - $memberPowersInfo = mysql_fetch_assoc($memberPowersResult); - if ($memberPowersInfo['MemberVisible'] || $canViewAllGroupRoleMembers || $agentID == $requestingAgent) - { - $memberResults[$agentID] = array_merge($memberInfo, $memberPowersInfo); - } - else - { - // if can't view all group role members and there is no Member Visible bit, then don't return this member's info - unset($memberResults[$agentID]); - } - } - } - - error_log("Returning " . count($memberResults) . " visible members for group $groupID for agent $agentID"); - - if (count($memberResults) == 0) - { - return array('succeed' => 'false', 'error' => 'No Visible Group Members found', 'params' => var_export($params, TRUE), 'sql' => $sql); - } - - return $memberResults; - } - - function getAgentActiveMembership($params) - { - if( is_array($error = secureRequest($params, FALSE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $agentID = mysql_real_escape_string($params['AgentID']); - - $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish" - ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices" - ." , osgroupmembership.SelectedRoleID, osrole.Title" - ." , osagent.ActiveGroupID " - ." FROM osagent JOIN osgroup ON (osgroup.GroupID = osagent.ActiveGroupID)" - ." JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID AND osagent.AgentID = osgroupmembership.AgentID)" - ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)" - ." WHERE osagent.AgentID = '$agentID'"; - - $groupmembershipResult = mysql_query($sql, $groupDBCon); - if (!$groupmembershipResult) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - if (mysql_num_rows($groupmembershipResult) == 0) - { - return array('succeed' => 'false', 'error' => 'No Active Group Specified', 'params' => var_export($params, TRUE), 'sql' => $sql); - } - $groupMembershipInfo = mysql_fetch_assoc($groupmembershipResult); - - $groupID = $groupMembershipInfo['GroupID']; - $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers" - ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)" - ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'"; - $groupPowersResult = mysql_query($sql, $groupDBCon); - if (!$groupPowersResult) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - $groupPowersInfo = mysql_fetch_assoc($groupPowersResult); - - return array_merge($groupMembershipInfo, $groupPowersInfo); - } - - function getAgentRoles($params) - { - if( is_array($error = secureRequest($params, FALSE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $agentID = mysql_real_escape_string($params['AgentID']); - - $sql = " SELECT " - ." osrole.RoleID, osrole.GroupID, osrole.Title, osrole.Name, osrole.Description, osrole.Powers" - ." , CASE WHEN osgroupmembership.SelectedRoleID = osrole.RoleID THEN 1 ELSE 0 END AS Selected" - ." FROM osgroupmembership JOIN osgrouprolemembership ON (osgroupmembership.GroupID = osgrouprolemembership.GroupID AND osgroupmembership.AgentID = osgrouprolemembership.AgentID)" - ." JOIN osrole ON ( osgrouprolemembership.RoleID = osrole.RoleID AND osgrouprolemembership.GroupID = osrole.GroupID)" - ." LEFT JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)" - ." WHERE osgroupmembership.AgentID = '$agentID'"; - - if( isset($params['GroupID']) ) - { - $groupID = $params['GroupID']; - $sql .= " AND osgroupmembership.GroupID = '$groupID'"; - } - - $roleResults = mysql_query($sql, $groupDBCon); - if (!$roleResults) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if( mysql_num_rows($roleResults) == 0 ) - { - return array('succeed' => 'false', 'error' => 'None found', 'params' => var_export($params, TRUE), 'sql' => $sql); - } - - $roles = array(); - while($role = mysql_fetch_assoc($roleResults)) - { - $ID = $role['GroupID'].$role['RoleID']; - $roles[$ID] = $role; - } - - return $roles; - } - - function getGroupRoles($params) - { - if( is_array($error = secureRequest($params, FALSE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $groupID = mysql_real_escape_string($params['GroupID']); - - $sql = " SELECT " - ." osrole.RoleID, osrole.Name, osrole.Title, osrole.Description, osrole.Powers, count(osgrouprolemembership.AgentID) as Members" - ." FROM osrole LEFT JOIN osgrouprolemembership ON (osrole.GroupID = osgrouprolemembership.GroupID AND osrole.RoleID = osgrouprolemembership.RoleID)" - ." WHERE osrole.GroupID = '$groupID'" - ." GROUP BY osrole.RoleID, osrole.Name, osrole.Title, osrole.Description, osrole.Powers"; - - $roleResults = mysql_query($sql, $groupDBCon); - if (!$roleResults) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if( mysql_num_rows($roleResults) == 0 ) - { - return array('succeed' => 'false', 'error' => 'No roles found for group', 'params' => var_export($params, TRUE), 'sql' => $sql); - } - - $roles = array(); - while($role = mysql_fetch_assoc($roleResults)) - { - $RoleID = $role['RoleID']; - $roles[$RoleID] = $role; - } - - return $roles; - } - - function getGroupRoleMembers($params) - { - if( is_array($error = secureRequest($params, FALSE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; - $groupID = $params['GroupID']; - - $roleMembersVisibleBit = $groupPowers['RoleMembersVisible']; - $canViewAllGroupRoleMembers = canAgentViewRoleMembers($requestingAgent, $groupID, ''); - - $escapedGroupID = mysql_real_escape_string($groupID); - - $sql = " SELECT " - ." osrole.RoleID, osgrouprolemembership.AgentID" - ." , (osrole.Powers & $roleMembersVisibleBit) as MemberVisible" - ." FROM osrole JOIN osgrouprolemembership ON (osrole.GroupID = osgrouprolemembership.GroupID AND osrole.RoleID = osgrouprolemembership.RoleID)" - ." WHERE osrole.GroupID = '$escapedGroupID'"; - - $memberResults = mysql_query($sql, $groupDBCon); - if (!$memberResults) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if( mysql_num_rows($memberResults) == 0 ) - { - return array('succeed' => 'false', 'error' => 'No role memberships found for group', 'params' => var_export($params, TRUE), 'sql' => $sql); - } - - $members = array(); - while($member = mysql_fetch_assoc($memberResults)) - { - if( $canViewAllGroupRoleMembers || $member['MemberVisible'] || ($member['AgentID'] == $requestingAgent) ) - { - $Key = $member['AgentID'] . $member['RoleID']; - $members[$Key ] = $member; - } - } - - if( count($members) == 0 ) - { - return array('succeed' => 'false', 'error' => 'No role memberships visible for group', 'params' => var_export($params, TRUE), 'sql' => $sql); - } - - return $members; - } - - function setAgentGroupInfo($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - - if (isset($params['AgentID'])) { - $agentID = mysql_real_escape_string($params['AgentID']); - } else { - $agentID = ""; - } - if (isset($params['GroupID'])) { - $groupID = mysql_real_escape_string($params['GroupID']); - } else { - $groupID = ""; - } - if (isset($params['SelectedRoleID'])) { - $roleID = mysql_real_escape_string($params['SelectedRoleID']); - } else { - $roleID = ""; - } - if (isset($params['AcceptNotices'])) { - $acceptNotices = mysql_real_escape_string($params['AcceptNotices']); - } else { - $acceptNotices = 1; - } - if (isset($params['ListInProfile'])) { - $listInProfile = mysql_real_escape_string($params['ListInProfile']); - } else { - $listInProfile = 0; - } - - if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) ) - { - return array('error' => "Agent can only change their own group info", 'params' => var_export($params, TRUE)); - } - - $sql = " UPDATE " - ." osgroupmembership" - ." SET " - ." AgentID = '$agentID'"; - - if( isset($params['SelectedRoleID']) ) - { - $sql .=" , SelectedRoleID = '$roleID'"; - } - if( isset($params['AcceptNotices']) ) - { - $sql .=" , AcceptNotices = $acceptNotices"; - } - if( isset($params['ListInProfile']) ) - { - $sql .=" , ListInProfile = $listInProfile"; - } - - $sql .=" WHERE osgroupmembership.GroupID = '$groupID' AND osgroupmembership.AgentID = '$agentID'"; - - $memberResults = mysql_query($sql, $groupDBCon); - if (!$memberResults) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - return array('success'=> 'true'); - } - - function getGroupNotices($params) - { - if( is_array($error = secureRequest($params, FALSE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $groupID = mysql_real_escape_string($params['GroupID']); - - $sql = " SELECT " - ." GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket" - ." FROM osgroupnotice" - ." WHERE osgroupnotice.GroupID = '$groupID'"; - - $results = mysql_query($sql, $groupDBCon); - if (!$results) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if( mysql_num_rows($results) == 0 ) - { - return array('succeed' => 'false', 'error' => 'No Notices', 'params' => var_export($params, TRUE), 'sql' => $sql); - } - - $notices = array(); - while($notice = mysql_fetch_assoc($results)) - { - $NoticeID = $notice['NoticeID']; - $notices[$NoticeID] = $notice; - } - - return $notices; - } - - function getGroupNotice($params) - { - if( is_array($error = secureRequest($params, FALSE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $noticeID = mysql_real_escape_string($params['NoticeID']); - - $sql = " SELECT " - ." GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket" - ." FROM osgroupnotice" - ." WHERE osgroupnotice.NoticeID = '$noticeID'"; - - $results = mysql_query($sql, $groupDBCon); - if (!$results) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if( mysql_num_rows($results) == 0 ) - { - return array('succeed' => 'false', 'error' => 'Group Notice Not Found', 'params' => var_export($params, TRUE), 'sql' => $sql); - } - - return mysql_fetch_assoc($results); - } - - function addGroupNotice($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; - $groupID = mysql_real_escape_string($params['GroupID']); - $noticeID = mysql_real_escape_string($params['NoticeID']); - $fromName = mysql_real_escape_string($params['FromName']); - $subject = mysql_real_escape_string($params['Subject']); - $binaryBucket = mysql_real_escape_string($params['BinaryBucket']); - $message = mysql_real_escape_string($params['Message']); - $timeStamp = mysql_real_escape_string($params['TimeStamp']); - - if( is_array($error = checkGroupPermission($groupID, $groupPowers['SendNotices'])) ) - { - return $error; - } - - $sql = " INSERT INTO osgroupnotice" - ." (GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket)" - ." VALUES " - ." ('$groupID', '$noticeID', $timeStamp, '$fromName', '$subject', '$message', '$binaryBucket')"; - - $results = mysql_query($sql, $groupDBCon); - if (!$results) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - return array('success' => 'true'); - } - - function addAgentToGroupInvite($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; - - if( is_array($error = checkGroupPermission($params['GroupID'], $groupPowers['Invite'])) ) - { - return $error; - } - - $inviteID = mysql_real_escape_string($params['InviteID']); - $groupID = mysql_real_escape_string($params['GroupID']); - $roleID = mysql_real_escape_string($params['RoleID']); - $agentID = mysql_real_escape_string($params['AgentID']); - - // Remove any existing invites for this agent to this group - $sql = " DELETE FROM osgroupinvite" - ." WHERE osgroupinvite.AgentID = '$agentID' AND osgroupinvite.GroupID = '$groupID'"; - - $results = mysql_query($sql, $groupDBCon); - if (!$results) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - // Add new invite for this agent to this group for the specifide role - $sql = " INSERT INTO osgroupinvite" - ." (InviteID, GroupID, RoleID, AgentID) VALUES ('$inviteID', '$groupID', '$roleID', '$agentID')"; - - $results = mysql_query($sql, $groupDBCon); - if (!$results) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - return array('success' => 'true'); - } - - function getAgentToGroupInvite($params) - { - if( is_array($error = secureRequest($params, FALSE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $inviteID = mysql_real_escape_string($params['InviteID']); - - $sql = " SELECT GroupID, RoleID, AgentID FROM osgroupinvite" - ." WHERE osgroupinvite.InviteID = '$inviteID'"; - - $results = mysql_query($sql, $groupDBCon); - if (!$results) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - if( mysql_num_rows($results) == 1 ) - { - $inviteInfo = mysql_fetch_assoc($results); - $groupID = $inviteInfo['GroupID']; - $roleID = $inviteInfo['RoleID']; - $agentID = $inviteInfo['AgentID']; - - return array('success' => 'true', 'GroupID'=>$groupID, 'RoleID'=>$roleID, 'AgentID'=>$agentID); - } - else - { - return array('succeed' => 'false', 'error' => 'Invitation not found', 'params' => var_export($params, TRUE), 'sql' => $sql); - } - } - - function removeAgentToGroupInvite($params) - { - if( is_array($error = secureRequest($params, TRUE)) ) - { - return $error; - } - - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; - $inviteID = mysql_real_escape_string($params['InviteID']); - - $sql = " DELETE FROM osgroupinvite" - ." WHERE osgroupinvite.InviteID = '$inviteID'"; - - $results = mysql_query($sql, $groupDBCon); - if (!$results) - { - return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); - } - - return array('success' => 'true'); - } - - function secureRequest($params, $write = FALSE) - { - global $groupWriteKey, $groupReadKey, $verifiedReadKey, $verifiedWriteKey, $groupRequireAgentAuthForWrite, $requestingAgent; - global $overrideAgentUserService; - - // Cache this for access by other security functions - $requestingAgent = $params['RequestingAgentID']; - - if( isset($groupReadKey) && ($groupReadKey != '') && (!isset($verifiedReadKey) || ($verifiedReadKey !== TRUE)) ) - { - if( !isset($params['ReadKey']) || ($params['ReadKey'] != $groupReadKey ) ) - { - return array('error' => "Invalid (or No) Read Key Specified", 'params' => var_export($params, TRUE)); - } - else - { - $verifiedReadKey = TRUE; - } - } - - if( ($write == TRUE) && isset($groupWriteKey) && ($groupWriteKey != '') && (!isset($verifiedWriteKey) || ($verifiedWriteKey !== TRUE)) ) - { - if( !isset($params['WriteKey']) || ($params['WriteKey'] != $groupWriteKey ) ) - { - return array('error' => "Invalid (or No) Write Key Specified", 'params' => var_export($params, TRUE)); - } - else - { - $verifiedWriteKey = TRUE; - } - } - - if( ($write == TRUE) && isset($groupRequireAgentAuthForWrite) && ($groupRequireAgentAuthForWrite == TRUE) ) - { - // Note: my brain can't do boolean logic this morning, so just putting this here instead of integrating with line above. - // If the write key has already been verified for this request, don't check it again. This comes into play with methods that call other methods, such as CreateGroup() which calls Addrole() - if( isset($verifiedWriteKey) && ($verifiedWriteKey !== TRUE)) - { - return TRUE; - } - - if( !isset($params['RequestingAgentID']) - || !isset($params['RequestingAgentUserService']) - || !isset($params['RequestingSessionID']) ) - { - return array('error' => "Requesting AgentID and SessionID must be specified", 'params' => var_export($params, TRUE)); - } - - // NOTE: an AgentID and SessionID of $uuidZero will likely be a region making a request, that is not tied to a specific agent making the request. - - $UserService = $params['RequestingAgentUserService']; - if( isset($overrideAgentUserService) && ($overrideAgentUserService != "") ) - { - $UserService = $overrideAgentUserService; - } - - $client = new xmlrpc_client($UserService); - $client->return_type = 'phpvals'; - - $verifyParams = new xmlrpcval(array('avatar_uuid' => new xmlrpcval($params['RequestingAgentID'], 'string') - ,'session_id' => new xmlrpcval($params['RequestingSessionID'], 'string')) - , 'struct'); - - $message = new xmlrpcmsg("check_auth_session", array($verifyParams)); - $resp = $client->send($message, 5); - if ($resp->faultCode()) - { - return array('error' => "Error validating AgentID and SessionID" - , 'xmlrpcerror'=> $resp->faultString() - , 'params' => var_export($params, TRUE)); - } - - $verifyReturn = $resp->value(); - - if( !isset($verifyReturn['auth_session']) || ($verifyReturn['auth_session'] != 'TRUE') ) - { - return array('error' => "UserService.check_auth_session() did not return TRUE" - , 'userservice' => var_export($verifyReturn, TRUE) - , 'params' => var_export($params, TRUE)); - - } - } - - return TRUE; - } - - function checkGroupPermission($GroupID, $Permission) - { - global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; - - if( !isset($Permission) || ($Permission == 0) ) - { - return array('error' => 'No Permission value specified for checkGroupPermission' - , 'Permission' => $Permission); - } - - // If it isn't set to true, then always return true, otherwise verify they have perms - if( !isset($groupEnforceGroupPerms) || ($groupEnforceGroupPerms != TRUE) ) - { - return true; - } - - if( !isset($requestingAgent) || ($requestingAgent == $uuidZero) ) - { - return array('error' => 'Requesting agent was either not specified or not validated.' - , 'requestingAgent' => $requestingAgent); - } - - $params = array('AgentID' => $requestingAgent, 'GroupID' => $GroupID); - $reqAgentMembership = getAgentGroupMembership($params); - - if( isset($reqAgentMembership['error'] ) ) - { - return array('error' => 'Could not get agent membership for group' - , 'params' => var_export($params, TRUE) - , 'nestederror' => $reqAgentMembership['error']); - } - - // Worlds ugliest bitwise operation, EVER - $PermMask = $reqAgentMembership['GroupPowers']; - $PermValue = $Permission; - - global $groupDBCon; - $sql = " SELECT $PermMask & $PermValue AS Allowed"; - $results = mysql_query($sql, $groupDBCon); - if (!$results) - { - echo print_r( array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error())); - } - $PermMasked = mysql_result($results, 0); - - if( $PermMasked != $Permission ) - { - $permNames = array_flip($groupPowers); - - return array('error' => 'Agent does not have group power to ' . $Permission .'('.$permNames[$Permission].')' - , 'PermMasked' => $PermMasked - , 'params' => var_export($params, TRUE) - , 'permBitMaskSql' => $sql - , 'Permission' => $Permission); - } - - /* - return array('error' => 'Reached end' - , 'reqAgentMembership' => var_export($reqAgentMembership, TRUE) - , 'GroupID' => $GroupID - , 'Permission' => $Permission - , 'PermMasked' => $PermMasked - ); - */ - return TRUE; - } - - - $s = new xmlrpc_server(array( - "test" => array("function" => "test") - , "groups.createGroup" => array("function" => "createGroup", "signature" => $common_sig) - , "groups.updateGroup" => array("function" => "updateGroup", "signature" => $common_sig) - , "groups.getGroup" => array("function" => "getGroup", "signature" => $common_sig) - , "groups.findGroups" => array("function" => "findGroups", "signature" => $common_sig) - - , "groups.getGroupRoles" => array("function" => "getGroupRoles", "signature" => $common_sig) - , "groups.addRoleToGroup" => array("function" => "addRoleToGroup", "signature" => $common_sig) - , "groups.removeRoleFromGroup" => array("function" => "removeRoleFromGroup", "signature" => $common_sig) - , "groups.updateGroupRole" => array("function" => "updateGroupRole", "signature" => $common_sig) - , "groups.getGroupRoleMembers" => array("function" => "getGroupRoleMembers", "signature" => $common_sig) - - , "groups.setAgentGroupSelectedRole" => array("function" => "setAgentGroupSelectedRole", "signature" => $common_sig) - , "groups.addAgentToGroupRole" => array("function" => "addAgentToGroupRole", "signature" => $common_sig) - , "groups.removeAgentFromGroupRole" => array("function" => "removeAgentFromGroupRole", "signature" => $common_sig) - - , "groups.getGroupMembers" => array("function" => "getGroupMembers", "signature" => $common_sig) - , "groups.addAgentToGroup" => array("function" => "addAgentToGroup", "signature" => $common_sig) - , "groups.removeAgentFromGroup" => array("function" => "removeAgentFromGroup", "signature" => $common_sig) - , "groups.setAgentGroupInfo" => array("function" => "setAgentGroupInfo", "signature" => $common_sig) - - , "groups.addAgentToGroupInvite" => array("function" => "addAgentToGroupInvite", "signature" => $common_sig) - , "groups.getAgentToGroupInvite" => array("function" => "getAgentToGroupInvite", "signature" => $common_sig) - , "groups.removeAgentToGroupInvite" => array("function" => "removeAgentToGroupInvite", "signature" => $common_sig) - - , "groups.setAgentActiveGroup" => array("function" => "setAgentActiveGroup", "signature" => $common_sig) - , "groups.getAgentGroupMembership" => array("function" => "getAgentGroupMembership", "signature" => $common_sig) - , "groups.getAgentGroupMemberships" => array("function" => "getAgentGroupMemberships", "signature" => $common_sig) - , "groups.getAgentActiveMembership" => array("function" => "getAgentActiveMembership", "signature" => $common_sig) - , "groups.getAgentRoles" => array("function" => "getAgentRoles", "signature" => $common_sig) - - , "groups.getGroupNotices" => array("function" => "getGroupNotices", "signature" => $common_sig) - , "groups.getGroupNotice" => array("function" => "getGroupNotice", "signature" => $common_sig) - , "groups.addGroupNotice" => array("function" => "addGroupNotice", "signature" => $common_sig) - - - - - ), false); - - $s->functions_parameters_type = 'phpvals'; - if (isset($debugXMLRPC) && $debugXMLRPC > 0 && isset($debugXMLRPCFile) && $debugXMLRPCFile != "") - { - $s->setDebug($debugXMLRPC); - } - $s->service(); - - if (isset($debugXMLRPC) && $debugXMLRPC > 0 && isset($debugXMLRPCFile) && $debugXMLRPCFile != "") - { - $f = fopen($debugXMLRPCFile,"a"); - fwrite($f,"\n----- " . date("Y-m-d H:i:s") . " -----\n"); - $debugInfo = $s->serializeDebug(); - $debugInfo = split("\n",$debugInfo); - unset($debugInfo[0]); - unset($debugInfo[count($debugInfo) -1]); - $debugInfo = join("\n",$debugInfo); - fwrite($f,base64_decode($debugInfo)); - fclose($f); - } - - mysql_close($groupDBCon); -?> -- cgit v1.1