\n";
- }
- else
- {
- return "\n\n";
- }
- }
-
- /**
- * @access private
- */
- function xml_footer()
- {
- return '';
- }
-
- /**
- * @access private
- */
- function kindOf()
- {
- return 'msg';
- }
-
- /**
- * @access private
- */
- function createPayload($charset_encoding='')
- {
- if ($charset_encoding != '')
- $this->content_type = 'text/xml; charset=' . $charset_encoding;
- else
- $this->content_type = 'text/xml';
- $this->payload=$this->xml_header($charset_encoding);
- $this->payload.='' . $this->methodname . "\n";
- $this->payload.="\n";
- for($i=0; $iparams); $i++)
- {
- $p=$this->params[$i];
- $this->payload.="\n" . $p->serialize($charset_encoding) .
- "\n";
- }
- $this->payload.="\n";
- $this->payload.=$this->xml_footer();
- }
-
- /**
- * Gets/sets the xmlrpc method to be invoked
- * @param string $meth the method to be set (leave empty not to set it)
- * @return string the method that will be invoked
- * @access public
- */
- function method($meth='')
- {
- if($meth!='')
- {
- $this->methodname=$meth;
- }
- return $this->methodname;
- }
-
- /**
- * Returns xml representation of the message. XML prologue included
- * @return string the xml representation of the message, xml prologue included
- * @access public
- */
- function serialize($charset_encoding='')
- {
- $this->createPayload($charset_encoding);
- return $this->payload;
- }
-
- /**
- * Add a parameter to the list of parameters to be used upon method invocation
- * @param xmlrpcval $par
- * @return boolean false on failure
- * @access public
- */
- function addParam($par)
- {
- // add check: do not add to self params which are not xmlrpcvals
- if(is_object($par) && is_a($par, 'xmlrpcval'))
- {
- $this->params[]=$par;
- return true;
- }
- else
- {
- return false;
- }
- }
-
- /**
- * Returns the nth parameter in the message. The index zero-based.
- * @param integer $i the index of the parameter to fetch (zero based)
- * @return xmlrpcval the i-th parameter
- * @access public
- */
- function getParam($i) { return $this->params[$i]; }
-
- /**
- * Returns the number of parameters in the messge.
- * @return integer the number of parameters currently set
- * @access public
- */
- function getNumParams() { return count($this->params); }
-
- /**
- * Given an open file handle, read all data available and parse it as axmlrpc response.
- * NB: the file handle is not closed by this function.
- * NNB: might have trouble in rare cases to work on network streams, as we
- * check for a read of 0 bytes instead of feof($fp).
- * But since checking for feof(null) returns false, we would risk an
- * infinite loop in that case, because we cannot trust the caller
- * to give us a valid pointer to an open file...
- * @access public
- * @return xmlrpcresp
- * @todo add 2nd & 3rd param to be passed to ParseResponse() ???
- */
- function &parseResponseFile($fp)
- {
- $ipd='';
- while($data=fread($fp, 32768))
- {
- $ipd.=$data;
- }
- //fclose($fp);
- $r =& $this->parseResponse($ipd);
- return $r;
- }
-
- /**
- * Parses HTTP headers and separates them from data.
- * @access private
- */
- function &parseResponseHeaders(&$data, $headers_processed=false)
- {
- // Support "web-proxy-tunelling" connections for https through proxies
- if(preg_match('/^HTTP\/1\.[0-1] 200 Connection established/', $data))
- {
- // Look for CR/LF or simple LF as line separator,
- // (even though it is not valid http)
- $pos = strpos($data,"\r\n\r\n");
- if($pos || is_int($pos))
- {
- $bd = $pos+4;
- }
- else
- {
- $pos = strpos($data,"\n\n");
- if($pos || is_int($pos))
- {
- $bd = $pos+2;
- }
- else
- {
- // No separation between response headers and body: fault?
- $bd = 0;
- }
- }
- if ($bd)
- {
- // this filters out all http headers from proxy.
- // maybe we could take them into account, too?
- $data = substr($data, $bd);
- }
- else
- {
- error_log('XML-RPC: xmlrpcmsg::parseResponse: HTTPS via proxy error, tunnel connection possibly failed');
- $r= new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['http_error'], $GLOBALS['xmlrpcstr']['http_error']. ' (HTTPS via proxy error, tunnel connection possibly failed)');
- return $r;
- }
- }
-
- // Strip HTTP 1.1 100 Continue header if present
- while(preg_match('/^HTTP\/1\.1 1[0-9]{2} /', $data))
- {
- $pos = strpos($data, 'HTTP', 12);
- // server sent a Continue header without any (valid) content following...
- // give the client a chance to know it
- if(!$pos && !is_int($pos)) // works fine in php 3, 4 and 5
- {
- break;
- }
- $data = substr($data, $pos);
- }
- if(!preg_match('/^HTTP\/[0-9.]+ 200 /', $data))
- {
- $errstr= substr($data, 0, strpos($data, "\n")-1);
- error_log('XML-RPC: xmlrpcmsg::parseResponse: HTTP error, got response: ' .$errstr);
- $r= new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['http_error'], $GLOBALS['xmlrpcstr']['http_error']. ' (' . $errstr . ')');
- return $r;
- }
-
- $GLOBALS['_xh']['headers'] = array();
- $GLOBALS['_xh']['cookies'] = array();
-
- // be tolerant to usage of \n instead of \r\n to separate headers and data
- // (even though it is not valid http)
- $pos = strpos($data,"\r\n\r\n");
- if($pos || is_int($pos))
- {
- $bd = $pos+4;
- }
- else
- {
- $pos = strpos($data,"\n\n");
- if($pos || is_int($pos))
- {
- $bd = $pos+2;
- }
- else
- {
- // No separation between response headers and body: fault?
- // we could take some action here instead of going on...
- $bd = 0;
- }
- }
- // be tolerant to line endings, and extra empty lines
- $ar = split("\r?\n", trim(substr($data, 0, $pos)));
- while(list(,$line) = @each($ar))
- {
- // take care of multi-line headers and cookies
- $arr = explode(':',$line,2);
- if(count($arr) > 1)
- {
- $header_name = strtolower(trim($arr[0]));
- /// @todo some other headers (the ones that allow a CSV list of values)
- /// do allow many values to be passed using multiple header lines.
- /// We should add content to $GLOBALS['_xh']['headers'][$header_name]
- /// instead of replacing it for those...
- if ($header_name == 'set-cookie' || $header_name == 'set-cookie2')
- {
- if ($header_name == 'set-cookie2')
- {
- // version 2 cookies:
- // there could be many cookies on one line, comma separated
- $cookies = explode(',', $arr[1]);
- }
- else
- {
- $cookies = array($arr[1]);
- }
- foreach ($cookies as $cookie)
- {
- // glue together all received cookies, using a comma to separate them
- // (same as php does with getallheaders())
- if (isset($GLOBALS['_xh']['headers'][$header_name]))
- $GLOBALS['_xh']['headers'][$header_name] .= ', ' . trim($cookie);
- else
- $GLOBALS['_xh']['headers'][$header_name] = trim($cookie);
- // parse cookie attributes, in case user wants to correctly honour them
- // feature creep: only allow rfc-compliant cookie attributes?
- // @todo support for server sending multiple time cookie with same name, but using different PATHs
- $cookie = explode(';', $cookie);
- foreach ($cookie as $pos => $val)
- {
- $val = explode('=', $val, 2);
- $tag = trim($val[0]);
- $val = trim(@$val[1]);
- /// @todo with version 1 cookies, we should strip leading and trailing " chars
- if ($pos == 0)
- {
- $cookiename = $tag;
- $GLOBALS['_xh']['cookies'][$tag] = array();
- $GLOBALS['_xh']['cookies'][$cookiename]['value'] = urldecode($val);
- }
- else
- {
- if ($tag != 'value')
- {
- $GLOBALS['_xh']['cookies'][$cookiename][$tag] = $val;
- }
- }
- }
- }
- }
- else
- {
- $GLOBALS['_xh']['headers'][$header_name] = trim($arr[1]);
- }
- }
- elseif(isset($header_name))
- {
- /// @todo version1 cookies might span multiple lines, thus breaking the parsing above
- $GLOBALS['_xh']['headers'][$header_name] .= ' ' . trim($line);
- }
- }
-
- $data = substr($data, $bd);
-
- if($this->debug && count($GLOBALS['_xh']['headers']))
- {
- print '';
- foreach($GLOBALS['_xh']['headers'] as $header => $value)
- {
- print htmlentities("HEADER: $header: $value\n");
- }
- foreach($GLOBALS['_xh']['cookies'] as $header => $value)
- {
- print htmlentities("COOKIE: $header={$value['value']}\n");
- }
- print "
\n";
- }
-
- // if CURL was used for the call, http headers have been processed,
- // and dechunking + reinflating have been carried out
- if(!$headers_processed)
- {
- // Decode chunked encoding sent by http 1.1 servers
- if(isset($GLOBALS['_xh']['headers']['transfer-encoding']) && $GLOBALS['_xh']['headers']['transfer-encoding'] == 'chunked')
- {
- if(!$data = decode_chunked($data))
- {
- error_log('XML-RPC: xmlrpcmsg::parseResponse: errors occurred when trying to rebuild the chunked data received from server');
- $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['dechunk_fail'], $GLOBALS['xmlrpcstr']['dechunk_fail']);
- return $r;
- }
- }
-
- // Decode gzip-compressed stuff
- // code shamelessly inspired from nusoap library by Dietrich Ayala
- if(isset($GLOBALS['_xh']['headers']['content-encoding']))
- {
- $GLOBALS['_xh']['headers']['content-encoding'] = str_replace('x-', '', $GLOBALS['_xh']['headers']['content-encoding']);
- if($GLOBALS['_xh']['headers']['content-encoding'] == 'deflate' || $GLOBALS['_xh']['headers']['content-encoding'] == 'gzip')
- {
- // if decoding works, use it. else assume data wasn't gzencoded
- if(function_exists('gzinflate'))
- {
- if($GLOBALS['_xh']['headers']['content-encoding'] == 'deflate' && $degzdata = @gzuncompress($data))
- {
- $data = $degzdata;
- if($this->debug)
- print "---INFLATED RESPONSE---[".strlen($data)." chars]---\n" . htmlentities($data) . "\n---END---
";
- }
- elseif($GLOBALS['_xh']['headers']['content-encoding'] == 'gzip' && $degzdata = @gzinflate(substr($data, 10)))
- {
- $data = $degzdata;
- if($this->debug)
- print "---INFLATED RESPONSE---[".strlen($data)." chars]---\n" . htmlentities($data) . "\n---END---
";
- }
- else
- {
- error_log('XML-RPC: xmlrpcmsg::parseResponse: errors occurred when trying to decode the deflated data received from server');
- $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['decompress_fail'], $GLOBALS['xmlrpcstr']['decompress_fail']);
- return $r;
- }
- }
- else
- {
- error_log('XML-RPC: xmlrpcmsg::parseResponse: the server sent deflated data. Your php install must have the Zlib extension compiled in to support this.');
- $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['cannot_decompress'], $GLOBALS['xmlrpcstr']['cannot_decompress']);
- return $r;
- }
- }
- }
- } // end of 'if needed, de-chunk, re-inflate response'
-
- // real stupid hack to avoid PHP 4 complaining about returning NULL by ref
- $r = null;
- $r =& $r;
- return $r;
- }
-
- /**
- * Parse the xmlrpc response contained in the string $data and return an xmlrpcresp object.
- * @param string $data the xmlrpc response, eventually including http headers
- * @param bool $headers_processed when true prevents parsing HTTP headers for interpretation of content-encoding and consequent decoding
- * @param string $return_type decides return type, i.e. content of response->value(). Either 'xmlrpcvals', 'xml' or 'phpvals'
- * @return xmlrpcresp
- * @access public
- */
- function &parseResponse($data='', $headers_processed=false, $return_type='xmlrpcvals')
- {
- if($this->debug)
- {
- //by maHo, replaced htmlspecialchars with htmlentities
- print "---GOT---\n" . htmlentities($data) . "\n---END---\n
";
- }
-
- if($data == '')
- {
- error_log('XML-RPC: xmlrpcmsg::parseResponse: no response received from server.');
- $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['no_data'], $GLOBALS['xmlrpcstr']['no_data']);
- return $r;
- }
-
- $GLOBALS['_xh']=array();
-
- $raw_data = $data;
- // parse the HTTP headers of the response, if present, and separate them from data
- if(substr($data, 0, 4) == 'HTTP')
- {
- $r =& $this->parseResponseHeaders($data, $headers_processed);
- if ($r)
- {
- // failed processing of HTTP response headers
- // save into response obj the full payload received, for debugging
- $r->raw_data = $data;
- return $r;
- }
- }
- else
- {
- $GLOBALS['_xh']['headers'] = array();
- $GLOBALS['_xh']['cookies'] = array();
- }
-
- if($this->debug)
- {
- $start = strpos($data, '', $start);
- $comments = substr($data, $start, $end-$start);
- print "---SERVER DEBUG INFO (DECODED) ---\n\t".htmlentities(str_replace("\n", "\n\t", base64_decode($comments)))."\n---END---\n
";
- }
- }
-
- // be tolerant of extra whitespace in response body
- $data = trim($data);
-
- /// @todo return an error msg if $data=='' ?
-
- // be tolerant of junk after methodResponse (e.g. javascript ads automatically inserted by free hosts)
- // idea from Luca Mariano originally in PEARified version of the lib
- $bd = false;
- // Poor man's version of strrpos for php 4...
- $pos = strpos($data, '');
- while($pos || is_int($pos))
- {
- $bd = $pos+17;
- $pos = strpos($data, '', $bd);
- }
- if($bd)
- {
- $data = substr($data, 0, $bd);
- }
-
- // if user wants back raw xml, give it to him
- if ($return_type == 'xml')
- {
- $r = new xmlrpcresp($data, 0, '', 'xml');
- $r->hdrs = $GLOBALS['_xh']['headers'];
- $r->_cookies = $GLOBALS['_xh']['cookies'];
- $r->raw_data = $raw_data;
- return $r;
- }
-
- // try to 'guestimate' the character encoding of the received response
- $resp_encoding = guess_encoding(@$GLOBALS['_xh']['headers']['content-type'], $data);
-
- $GLOBALS['_xh']['ac']='';
- //$GLOBALS['_xh']['qt']=''; //unused...
- $GLOBALS['_xh']['stack'] = array();
- $GLOBALS['_xh']['valuestack'] = array();
- $GLOBALS['_xh']['isf']=0; // 0 = OK, 1 for xmlrpc fault responses, 2 = invalid xmlrpc
- $GLOBALS['_xh']['isf_reason']='';
- $GLOBALS['_xh']['rt']=''; // 'methodcall or 'methodresponse'
-
- // if response charset encoding is not known / supported, try to use
- // the default encoding and parse the xml anyway, but log a warning...
- if (!in_array($resp_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII')))
- // the following code might be better for mb_string enabled installs, but
- // makes the lib about 200% slower...
- //if (!is_valid_charset($resp_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII')))
- {
- error_log('XML-RPC: xmlrpcmsg::parseResponse: invalid charset encoding of received response: '.$resp_encoding);
- $resp_encoding = $GLOBALS['xmlrpc_defencoding'];
- }
- $parser = xml_parser_create($resp_encoding);
- xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, true);
- // G. Giunta 2005/02/13: PHP internally uses ISO-8859-1, so we have to tell
- // the xml parser to give us back data in the expected charset.
- // What if internal encoding is not in one of the 3 allowed?
- // we use the broadest one, ie. utf8
- // This allows to send data which is native in various charset,
- // by extending xmlrpc_encode_entitites() and setting xmlrpc_internalencoding
- if (!in_array($GLOBALS['xmlrpc_internalencoding'], array('UTF-8', 'ISO-8859-1', 'US-ASCII')))
- {
- xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, 'UTF-8');
- }
- else
- {
- xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $GLOBALS['xmlrpc_internalencoding']);
- }
-
- if ($return_type == 'phpvals')
- {
- xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee_fast');
- }
- else
- {
- xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee');
- }
-
- xml_set_character_data_handler($parser, 'xmlrpc_cd');
- xml_set_default_handler($parser, 'xmlrpc_dh');
-
- // first error check: xml not well formed
- if(!xml_parse($parser, $data, count($data)))
- {
- // thanks to Peter Kocks
- if((xml_get_current_line_number($parser)) == 1)
- {
- $errstr = 'XML error at line 1, check URL';
- }
- else
- {
- $errstr = sprintf('XML error: %s at line %d, column %d',
- xml_error_string(xml_get_error_code($parser)),
- xml_get_current_line_number($parser), xml_get_current_column_number($parser));
- }
- error_log($errstr);
- $r= new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['invalid_return'], $GLOBALS['xmlrpcstr']['invalid_return'].' ('.$errstr.')');
- xml_parser_free($parser);
- if($this->debug)
- {
- print $errstr;
- }
- $r->hdrs = $GLOBALS['_xh']['headers'];
- $r->_cookies = $GLOBALS['_xh']['cookies'];
- $r->raw_data = $raw_data;
- return $r;
- }
- xml_parser_free($parser);
- // second error check: xml well formed but not xml-rpc compliant
- if ($GLOBALS['_xh']['isf'] > 1)
- {
- if ($this->debug)
- {
- /// @todo echo something for user?
- }
-
- $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['invalid_return'],
- $GLOBALS['xmlrpcstr']['invalid_return'] . ' ' . $GLOBALS['_xh']['isf_reason']);
- }
- // third error check: parsing of the response has somehow gone boink.
- // NB: shall we omit this check, since we trust the parsing code?
- elseif ($return_type == 'xmlrpcvals' && !is_object($GLOBALS['_xh']['value']))
- {
- // something odd has happened
- // and it's time to generate a client side error
- // indicating something odd went on
- $r= new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['invalid_return'],
- $GLOBALS['xmlrpcstr']['invalid_return']);
- }
- else
- {
- if ($this->debug)
- {
- print "---PARSED---\n";
- // somehow htmlentities chokes on var_export, and some full html string...
- //print htmlentitites(var_export($GLOBALS['_xh']['value'], true));
- print htmlspecialchars(var_export($GLOBALS['_xh']['value'], true));
- print "\n---END---
";
- }
-
- // note that using =& will raise an error if $GLOBALS['_xh']['st'] does not generate an object.
- $v =& $GLOBALS['_xh']['value'];
-
- if($GLOBALS['_xh']['isf'])
- {
- /// @todo we should test here if server sent an int and a string,
- /// and/or coerce them into such...
- if ($return_type == 'xmlrpcvals')
- {
- $errno_v = $v->structmem('faultCode');
- $errstr_v = $v->structmem('faultString');
- $errno = $errno_v->scalarval();
- $errstr = $errstr_v->scalarval();
- }
- else
- {
- $errno = $v['faultCode'];
- $errstr = $v['faultString'];
- }
-
- if($errno == 0)
- {
- // FAULT returned, errno needs to reflect that
- $errno = -1;
- }
-
- $r = new xmlrpcresp(0, $errno, $errstr);
- }
- else
- {
- $r= new xmlrpcresp($v, 0, '', $return_type);
- }
- }
-
- $r->hdrs = $GLOBALS['_xh']['headers'];
- $r->_cookies = $GLOBALS['_xh']['cookies'];
- $r->raw_data = $raw_data;
- return $r;
- }
- }
-
- class xmlrpcval
- {
- var $me=array();
- var $mytype=0;
- var $_php_class=null;
-
- /**
- * @param mixed $val
- * @param string $type any valid xmlrpc type name (lowercase). If null, 'string' is assumed
- */
- function xmlrpcval($val=-1, $type='')
- {
- /// @todo: optimization creep - do not call addXX, do it all inline.
- /// downside: booleans will not be coerced anymore
- if($val!==-1 || $type!='')
- {
- // optimization creep: inlined all work done by constructor
- switch($type)
- {
- case '':
- $this->mytype=1;
- $this->me['string']=$val;
- break;
- case 'i4':
- case 'int':
- case 'double':
- case 'string':
- case 'boolean':
- case 'dateTime.iso8601':
- case 'base64':
- case 'null':
- $this->mytype=1;
- $this->me[$type]=$val;
- break;
- case 'array':
- $this->mytype=2;
- $this->me['array']=$val;
- break;
- case 'struct':
- $this->mytype=3;
- $this->me['struct']=$val;
- break;
- default:
- error_log("XML-RPC: xmlrpcval::xmlrpcval: not a known type ($type)");
- }
- /*if($type=='')
- {
- $type='string';
- }
- if($GLOBALS['xmlrpcTypes'][$type]==1)
- {
- $this->addScalar($val,$type);
- }
- elseif($GLOBALS['xmlrpcTypes'][$type]==2)
- {
- $this->addArray($val);
- }
- elseif($GLOBALS['xmlrpcTypes'][$type]==3)
- {
- $this->addStruct($val);
- }*/
- }
- }
-
- /**
- * Add a single php value to an (unitialized) xmlrpcval
- * @param mixed $val
- * @param string $type
- * @return int 1 or 0 on failure
- */
- function addScalar($val, $type='string')
- {
- $typeof=@$GLOBALS['xmlrpcTypes'][$type];
- if($typeof!=1)
- {
- error_log("XML-RPC: xmlrpcval::addScalar: not a scalar type ($type)");
- return 0;
- }
-
- // coerce booleans into correct values
- // NB: we should iether do it for datetimes, integers and doubles, too,
- // or just plain remove this check, implemnted on booleans only...
- if($type==$GLOBALS['xmlrpcBoolean'])
- {
- if(strcasecmp($val,'true')==0 || $val==1 || ($val==true && strcasecmp($val,'false')))
- {
- $val=true;
- }
- else
- {
- $val=false;
- }
- }
-
- switch($this->mytype)
- {
- case 1:
- error_log('XML-RPC: xmlrpcval::addScalar: scalar xmlrpcval can have only one value');
- return 0;
- case 3:
- error_log('XML-RPC: xmlrpcval::addScalar: cannot add anonymous scalar to struct xmlrpcval');
- return 0;
- case 2:
- // we're adding a scalar value to an array here
- //$ar=$this->me['array'];
- //$ar[]= new xmlrpcval($val, $type);
- //$this->me['array']=$ar;
- // Faster (?) avoid all the costly array-copy-by-val done here...
- $this->me['array'][]= new xmlrpcval($val, $type);
- return 1;
- default:
- // a scalar, so set the value and remember we're scalar
- $this->me[$type]=$val;
- $this->mytype=$typeof;
- return 1;
- }
- }
-
- /**
- * Add an array of xmlrpcval objects to an xmlrpcval
- * @param array $vals
- * @return int 1 or 0 on failure
- * @access public
- *
- * @todo add some checking for $vals to be an array of xmlrpcvals?
- */
- function addArray($vals)
- {
- if($this->mytype==0)
- {
- $this->mytype=$GLOBALS['xmlrpcTypes']['array'];
- $this->me['array']=$vals;
- return 1;
- }
- elseif($this->mytype==2)
- {
- // we're adding to an array here
- $this->me['array'] = array_merge($this->me['array'], $vals);
- return 1;
- }
- else
- {
- error_log('XML-RPC: xmlrpcval::addArray: already initialized as a [' . $this->kindOf() . ']');
- return 0;
- }
- }
-
- /**
- * Add an array of named xmlrpcval objects to an xmlrpcval
- * @param array $vals
- * @return int 1 or 0 on failure
- * @access public
- *
- * @todo add some checking for $vals to be an array?
- */
- function addStruct($vals)
- {
- if($this->mytype==0)
- {
- $this->mytype=$GLOBALS['xmlrpcTypes']['struct'];
- $this->me['struct']=$vals;
- return 1;
- }
- elseif($this->mytype==3)
- {
- // we're adding to a struct here
- $this->me['struct'] = array_merge($this->me['struct'], $vals);
- return 1;
- }
- else
- {
- error_log('XML-RPC: xmlrpcval::addStruct: already initialized as a [' . $this->kindOf() . ']');
- return 0;
- }
- }
-
- // poor man's version of print_r ???
- // DEPRECATED!
- function dump($ar)
- {
- foreach($ar as $key => $val)
- {
- echo "$key => $val
";
- if($key == 'array')
- {
- while(list($key2, $val2) = each($val))
- {
- echo "-- $key2 => $val2
";
- }
- }
- }
- }
-
- /**
- * Returns a string containing "struct", "array" or "scalar" describing the base type of the value
- * @return string
- * @access public
- */
- function kindOf()
- {
- switch($this->mytype)
- {
- case 3:
- return 'struct';
- break;
- case 2:
- return 'array';
- break;
- case 1:
- return 'scalar';
- break;
- default:
- return 'undef';
- }
- }
-
- /**
- * @access private
- */
- function serializedata($typ, $val, $charset_encoding='')
- {
- $rs='';
- switch(@$GLOBALS['xmlrpcTypes'][$typ])
- {
- case 1:
- switch($typ)
- {
- case $GLOBALS['xmlrpcBase64']:
- $rs.="<${typ}>" . base64_encode($val) . "${typ}>";
- break;
- case $GLOBALS['xmlrpcBoolean']:
- $rs.="<${typ}>" . ($val ? '1' : '0') . "${typ}>";
- break;
- case $GLOBALS['xmlrpcString']:
- // G. Giunta 2005/2/13: do NOT use htmlentities, since
- // it will produce named html entities, which are invalid xml
- $rs.="<${typ}>" . xmlrpc_encode_entitites($val, $GLOBALS['xmlrpc_internalencoding'], $charset_encoding). "${typ}>";
- break;
- case $GLOBALS['xmlrpcInt']:
- case $GLOBALS['xmlrpcI4']:
- $rs.="<${typ}>".(int)$val."${typ}>";
- break;
- case $GLOBALS['xmlrpcDouble']:
- // avoid using standard conversion of float to string because it is locale-dependent,
- // and also because the xmlrpc spec forbids exponential notation
- // sprintf('%F') would be most likely ok but it is only available since PHP 4.3.10 and PHP 5.0.3.
- // The code below tries its best at keeping max precision while avoiding exp notation,
- // but there is of course no limit in the number of decimal places to be used...
- $rs.="<${typ}>".preg_replace('/\\.?0+$/','',number_format((double)$val, 128, '.', ''))."${typ}>";
- break;
- case $GLOBALS['xmlrpcNull']:
- $rs.="";
- break;
- default:
- // no standard type value should arrive here, but provide a possibility
- // for xmlrpcvals of unknown type...
- $rs.="<${typ}>${val}${typ}>";
- }
- break;
- case 3:
- // struct
- if ($this->_php_class)
- {
- $rs.='\n";
- }
- else
- {
- $rs.="\n";
- }
- foreach($val as $key2 => $val2)
- {
- $rs.=''.xmlrpc_encode_entitites($key2, $GLOBALS['xmlrpc_internalencoding'], $charset_encoding)."\n";
- //$rs.=$this->serializeval($val2);
- $rs.=$val2->serialize($charset_encoding);
- $rs.="\n";
- }
- $rs.='';
- break;
- case 2:
- // array
- $rs.="\n\n";
- for($i=0; $iserializeval($val[$i]);
- $rs.=$val[$i]->serialize($charset_encoding);
- }
- $rs.="\n";
- break;
- default:
- break;
- }
- return $rs;
- }
-
- /**
- * Returns xml representation of the value. XML prologue not included
- * @param string $charset_encoding the charset to be used for serialization. if null, US-ASCII is assumed
- * @return string
- * @access public
- */
- function serialize($charset_encoding='')
- {
- // add check? slower, but helps to avoid recursion in serializing broken xmlrpcvals...
- //if (is_object($o) && (get_class($o) == 'xmlrpcval' || is_subclass_of($o, 'xmlrpcval')))
- //{
- reset($this->me);
- list($typ, $val) = each($this->me);
- return '' . $this->serializedata($typ, $val, $charset_encoding) . "\n";
- //}
- }
-
- // DEPRECATED
- function serializeval($o)
- {
- // add check? slower, but helps to avoid recursion in serializing broken xmlrpcvals...
- //if (is_object($o) && (get_class($o) == 'xmlrpcval' || is_subclass_of($o, 'xmlrpcval')))
- //{
- $ar=$o->me;
- reset($ar);
- list($typ, $val) = each($ar);
- return '' . $this->serializedata($typ, $val) . "\n";
- //}
- }
-
- /**
- * Checks wheter a struct member with a given name is present.
- * Works only on xmlrpcvals of type struct.
- * @param string $m the name of the struct member to be looked up
- * @return boolean
- * @access public
- */
- function structmemexists($m)
- {
- return array_key_exists($m, $this->me['struct']);
- }
-
- /**
- * Returns the value of a given struct member (an xmlrpcval object in itself).
- * Will raise a php warning if struct member of given name does not exist
- * @param string $m the name of the struct member to be looked up
- * @return xmlrpcval
- * @access public
- */
- function structmem($m)
- {
- return $this->me['struct'][$m];
- }
-
- /**
- * Reset internal pointer for xmlrpcvals of type struct.
- * @access public
- */
- function structreset()
- {
- reset($this->me['struct']);
- }
-
- /**
- * Return next member element for xmlrpcvals of type struct.
- * @return xmlrpcval
- * @access public
- */
- function structeach()
- {
- return each($this->me['struct']);
- }
-
- // DEPRECATED! this code looks like it is very fragile and has not been fixed
- // for a long long time. Shall we remove it for 2.0?
- function getval()
- {
- // UNSTABLE
- reset($this->me);
- list($a,$b)=each($this->me);
- // contributed by I Sofer, 2001-03-24
- // add support for nested arrays to scalarval
- // i've created a new method here, so as to
- // preserve back compatibility
-
- if(is_array($b))
- {
- @reset($b);
- while(list($id,$cont) = @each($b))
- {
- $b[$id] = $cont->scalarval();
- }
- }
-
- // add support for structures directly encoding php objects
- if(is_object($b))
- {
- $t = get_object_vars($b);
- @reset($t);
- while(list($id,$cont) = @each($t))
- {
- $t[$id] = $cont->scalarval();
- }
- @reset($t);
- while(list($id,$cont) = @each($t))
- {
- @$b->$id = $cont;
- }
- }
- // end contrib
- return $b;
- }
-
- /**
- * Returns the value of a scalar xmlrpcval
- * @return mixed
- * @access public
- */
- function scalarval()
- {
- reset($this->me);
- list(,$b)=each($this->me);
- return $b;
- }
-
- /**
- * Returns the type of the xmlrpcval.
- * For integers, 'int' is always returned in place of 'i4'
- * @return string
- * @access public
- */
- function scalartyp()
- {
- reset($this->me);
- list($a,)=each($this->me);
- if($a==$GLOBALS['xmlrpcI4'])
- {
- $a=$GLOBALS['xmlrpcInt'];
- }
- return $a;
- }
-
- /**
- * Returns the m-th member of an xmlrpcval of struct type
- * @param integer $m the index of the value to be retrieved (zero based)
- * @return xmlrpcval
- * @access public
- */
- function arraymem($m)
- {
- return $this->me['array'][$m];
- }
-
- /**
- * Returns the number of members in an xmlrpcval of array type
- * @return integer
- * @access public
- */
- function arraysize()
- {
- return count($this->me['array']);
- }
-
- /**
- * Returns the number of members in an xmlrpcval of struct type
- * @return integer
- * @access public
- */
- function structsize()
- {
- return count($this->me['struct']);
- }
- }
-
-
- // date helpers
-
- /**
- * Given a timestamp, return the corresponding ISO8601 encoded string.
- *
- * Really, timezones ought to be supported
- * but the XML-RPC spec says:
- *
- * "Don't assume a timezone. It should be specified by the server in its
- * documentation what assumptions it makes about timezones."
- *
- * These routines always assume localtime unless
- * $utc is set to 1, in which case UTC is assumed
- * and an adjustment for locale is made when encoding
- *
- * @param int $timet (timestamp)
- * @param int $utc (0 or 1)
- * @return string
- */
- function iso8601_encode($timet, $utc=0)
- {
- if(!$utc)
- {
- $t=strftime("%Y%m%dT%H:%M:%S", $timet);
- }
- else
- {
- if(function_exists('gmstrftime'))
- {
- // gmstrftime doesn't exist in some versions
- // of PHP
- $t=gmstrftime("%Y%m%dT%H:%M:%S", $timet);
- }
- else
- {
- $t=strftime("%Y%m%dT%H:%M:%S", $timet-date('Z'));
- }
- }
- return $t;
- }
-
- /**
- * Given an ISO8601 date string, return a timet in the localtime, or UTC
- * @param string $idate
- * @param int $utc either 0 or 1
- * @return int (datetime)
- */
- function iso8601_decode($idate, $utc=0)
- {
- $t=0;
- if(preg_match('/([0-9]{4})([0-9]{2})([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})/', $idate, $regs))
- {
- if($utc)
- {
- $t=gmmktime($regs[4], $regs[5], $regs[6], $regs[2], $regs[3], $regs[1]);
- }
- else
- {
- $t=mktime($regs[4], $regs[5], $regs[6], $regs[2], $regs[3], $regs[1]);
- }
- }
- return $t;
- }
-
- /**
- * Takes an xmlrpc value in PHP xmlrpcval object format and translates it into native PHP types.
- *
- * Works with xmlrpc message objects as input, too.
- *
- * Given proper options parameter, can rebuild generic php object instances
- * (provided those have been encoded to xmlrpc format using a corresponding
- * option in php_xmlrpc_encode())
- * PLEASE NOTE that rebuilding php objects involves calling their constructor function.
- * This means that the remote communication end can decide which php code will
- * get executed on your server, leaving the door possibly open to 'php-injection'
- * style of attacks (provided you have some classes defined on your server that
- * might wreak havoc if instances are built outside an appropriate context).
- * Make sure you trust the remote server/client before eanbling this!
- *
- * @author Dan Libby (dan@libby.com)
- *
- * @param xmlrpcval $xmlrpc_val
- * @param array $options if 'decode_php_objs' is set in the options array, xmlrpc structs can be decoded into php objects
- * @return mixed
- */
- function php_xmlrpc_decode($xmlrpc_val, $options=array())
- {
- switch($xmlrpc_val->kindOf())
- {
- case 'scalar':
- if (in_array('extension_api', $options))
- {
- reset($xmlrpc_val->me);
- list($typ,$val) = each($xmlrpc_val->me);
- switch ($typ)
- {
- case 'dateTime.iso8601':
- $xmlrpc_val->scalar = $val;
- $xmlrpc_val->xmlrpc_type = 'datetime';
- $xmlrpc_val->timestamp = iso8601_decode($val);
- return $xmlrpc_val;
- case 'base64':
- $xmlrpc_val->scalar = $val;
- $xmlrpc_val->type = $typ;
- return $xmlrpc_val;
- default:
- return $xmlrpc_val->scalarval();
- }
- }
- return $xmlrpc_val->scalarval();
- case 'array':
- $size = $xmlrpc_val->arraysize();
- $arr = array();
- for($i = 0; $i < $size; $i++)
- {
- $arr[] = php_xmlrpc_decode($xmlrpc_val->arraymem($i), $options);
- }
- return $arr;
- case 'struct':
- $xmlrpc_val->structreset();
- // If user said so, try to rebuild php objects for specific struct vals.
- /// @todo should we raise a warning for class not found?
- // shall we check for proper subclass of xmlrpcval instead of
- // presence of _php_class to detect what we can do?
- if (in_array('decode_php_objs', $options) && $xmlrpc_val->_php_class != ''
- && class_exists($xmlrpc_val->_php_class))
- {
- $obj = @new $xmlrpc_val->_php_class;
- while(list($key,$value)=$xmlrpc_val->structeach())
- {
- $obj->$key = php_xmlrpc_decode($value, $options);
- }
- return $obj;
- }
- else
- {
- $arr = array();
- while(list($key,$value)=$xmlrpc_val->structeach())
- {
- $arr[$key] = php_xmlrpc_decode($value, $options);
- }
- return $arr;
- }
- case 'msg':
- $paramcount = $xmlrpc_val->getNumParams();
- $arr = array();
- for($i = 0; $i < $paramcount; $i++)
- {
- $arr[] = php_xmlrpc_decode($xmlrpc_val->getParam($i));
- }
- return $arr;
- }
- }
-
- // This constant left here only for historical reasons...
- // it was used to decide if we have to define xmlrpc_encode on our own, but
- // we do not do it anymore
- if(function_exists('xmlrpc_decode'))
- {
- define('XMLRPC_EPI_ENABLED','1');
- }
- else
- {
- define('XMLRPC_EPI_ENABLED','0');
- }
-
- /**
- * Takes native php types and encodes them into xmlrpc PHP object format.
- * It will not re-encode xmlrpcval objects.
- *
- * Feature creep -- could support more types via optional type argument
- * (string => datetime support has been added, ??? => base64 not yet)
- *
- * If given a proper options parameter, php object instances will be encoded
- * into 'special' xmlrpc values, that can later be decoded into php objects
- * by calling php_xmlrpc_decode() with a corresponding option
- *
- * @author Dan Libby (dan@libby.com)
- *
- * @param mixed $php_val the value to be converted into an xmlrpcval object
- * @param array $options can include 'encode_php_objs', 'auto_dates', 'null_extension' or 'extension_api'
- * @return xmlrpcval
- */
- function &php_xmlrpc_encode($php_val, $options=array())
- {
- $type = gettype($php_val);
- switch($type)
- {
- case 'string':
- if (in_array('auto_dates', $options) && preg_match('/^[0-9]{8}T[0-9]{2}:[0-9]{2}:[0-9]{2}$/', $php_val))
- $xmlrpc_val = new xmlrpcval($php_val, $GLOBALS['xmlrpcDateTime']);
- else
- $xmlrpc_val = new xmlrpcval($php_val, $GLOBALS['xmlrpcString']);
- break;
- case 'integer':
- $xmlrpc_val = new xmlrpcval($php_val, $GLOBALS['xmlrpcInt']);
- break;
- case 'double':
- $xmlrpc_val = new xmlrpcval($php_val, $GLOBALS['xmlrpcDouble']);
- break;
- //
- // Add support for encoding/decoding of booleans, since they are supported in PHP
- case 'boolean':
- $xmlrpc_val = new xmlrpcval($php_val, $GLOBALS['xmlrpcBoolean']);
- break;
- //
- case 'array':
- // PHP arrays can be encoded to either xmlrpc structs or arrays,
- // depending on wheter they are hashes or plain 0..n integer indexed
- // A shorter one-liner would be
- // $tmp = array_diff(array_keys($php_val), range(0, count($php_val)-1));
- // but execution time skyrockets!
- $j = 0;
- $arr = array();
- $ko = false;
- foreach($php_val as $key => $val)
- {
- $arr[$key] =& php_xmlrpc_encode($val, $options);
- if(!$ko && $key !== $j)
- {
- $ko = true;
- }
- $j++;
- }
- if($ko)
- {
- $xmlrpc_val = new xmlrpcval($arr, $GLOBALS['xmlrpcStruct']);
- }
- else
- {
- $xmlrpc_val = new xmlrpcval($arr, $GLOBALS['xmlrpcArray']);
- }
- break;
- case 'object':
- if(is_a($php_val, 'xmlrpcval'))
- {
- $xmlrpc_val = $php_val;
- }
- else
- {
- $arr = array();
- while(list($k,$v) = each($php_val))
- {
- $arr[$k] = php_xmlrpc_encode($v, $options);
- }
- $xmlrpc_val = new xmlrpcval($arr, $GLOBALS['xmlrpcStruct']);
- if (in_array('encode_php_objs', $options))
- {
- // let's save original class name into xmlrpcval:
- // might be useful later on...
- $xmlrpc_val->_php_class = get_class($php_val);
- }
- }
- break;
- case 'NULL':
- if (in_array('extension_api', $options))
- {
- $xmlrpc_val = new xmlrpcval('', $GLOBALS['xmlrpcString']);
- }
- if (in_array('null_extension', $options))
- {
- $xmlrpc_val = new xmlrpcval('', $GLOBALS['xmlrpcNull']);
- }
- else
- {
- $xmlrpc_val = new xmlrpcval();
- }
- break;
- case 'resource':
- if (in_array('extension_api', $options))
- {
- $xmlrpc_val = new xmlrpcval((int)$php_val, $GLOBALS['xmlrpcInt']);
- }
- else
- {
- $xmlrpc_val = new xmlrpcval();
- }
- // catch "user function", "unknown type"
- default:
- // giancarlo pinerolo
- // it has to return
- // an empty object in case, not a boolean.
- $xmlrpc_val = new xmlrpcval();
- break;
- }
- return $xmlrpc_val;
- }
-
- /**
- * Convert the xml representation of a method response, method request or single
- * xmlrpc value into the appropriate object (a.k.a. deserialize)
- * @param string $xml_val
- * @param array $options
- * @return mixed false on error, or an instance of either xmlrpcval, xmlrpcmsg or xmlrpcresp
- */
- function php_xmlrpc_decode_xml($xml_val, $options=array())
- {
- $GLOBALS['_xh'] = array();
- $GLOBALS['_xh']['ac'] = '';
- $GLOBALS['_xh']['stack'] = array();
- $GLOBALS['_xh']['valuestack'] = array();
- $GLOBALS['_xh']['params'] = array();
- $GLOBALS['_xh']['pt'] = array();
- $GLOBALS['_xh']['isf'] = 0;
- $GLOBALS['_xh']['isf_reason'] = '';
- $GLOBALS['_xh']['method'] = false;
- $GLOBALS['_xh']['rt'] = '';
- /// @todo 'guestimate' encoding
- $parser = xml_parser_create();
- xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, true);
- // What if internal encoding is not in one of the 3 allowed?
- // we use the broadest one, ie. utf8!
- if (!in_array($GLOBALS['xmlrpc_internalencoding'], array('UTF-8', 'ISO-8859-1', 'US-ASCII')))
- {
- xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, 'UTF-8');
- }
- else
- {
- xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $GLOBALS['xmlrpc_internalencoding']);
- }
- xml_set_element_handler($parser, 'xmlrpc_se_any', 'xmlrpc_ee');
- xml_set_character_data_handler($parser, 'xmlrpc_cd');
- xml_set_default_handler($parser, 'xmlrpc_dh');
- if(!xml_parse($parser, $xml_val, 1))
- {
- $errstr = sprintf('XML error: %s at line %d, column %d',
- xml_error_string(xml_get_error_code($parser)),
- xml_get_current_line_number($parser), xml_get_current_column_number($parser));
- error_log($errstr);
- xml_parser_free($parser);
- return false;
- }
- xml_parser_free($parser);
- if ($GLOBALS['_xh']['isf'] > 1) // test that $GLOBALS['_xh']['value'] is an obj, too???
- {
- error_log($GLOBALS['_xh']['isf_reason']);
- return false;
- }
- switch ($GLOBALS['_xh']['rt'])
- {
- case 'methodresponse':
- $v =& $GLOBALS['_xh']['value'];
- if ($GLOBALS['_xh']['isf'] == 1)
- {
- $vc = $v->structmem('faultCode');
- $vs = $v->structmem('faultString');
- $r = new xmlrpcresp(0, $vc->scalarval(), $vs->scalarval());
- }
- else
- {
- $r = new xmlrpcresp($v);
- }
- return $r;
- case 'methodcall':
- $m = new xmlrpcmsg($GLOBALS['_xh']['method']);
- for($i=0; $i < count($GLOBALS['_xh']['params']); $i++)
- {
- $m->addParam($GLOBALS['_xh']['params'][$i]);
- }
- return $m;
- case 'value':
- return $GLOBALS['_xh']['value'];
- default:
- return false;
- }
- }
-
- /**
- * decode a string that is encoded w/ "chunked" transfer encoding
- * as defined in rfc2068 par. 19.4.6
- * code shamelessly stolen from nusoap library by Dietrich Ayala
- *
- * @param string $buffer the string to be decoded
- * @return string
- */
- function decode_chunked($buffer)
- {
- // length := 0
- $length = 0;
- $new = '';
-
- // read chunk-size, chunk-extension (if any) and crlf
- // get the position of the linebreak
- $chunkend = strpos($buffer,"\r\n") + 2;
- $temp = substr($buffer,0,$chunkend);
- $chunk_size = hexdec( trim($temp) );
- $chunkstart = $chunkend;
- while($chunk_size > 0)
- {
- $chunkend = strpos($buffer, "\r\n", $chunkstart + $chunk_size);
-
- // just in case we got a broken connection
- if($chunkend == false)
- {
- $chunk = substr($buffer,$chunkstart);
- // append chunk-data to entity-body
- $new .= $chunk;
- $length += strlen($chunk);
- break;
- }
-
- // read chunk-data and crlf
- $chunk = substr($buffer,$chunkstart,$chunkend-$chunkstart);
- // append chunk-data to entity-body
- $new .= $chunk;
- // length := length + chunk-size
- $length += strlen($chunk);
- // read chunk-size and crlf
- $chunkstart = $chunkend + 2;
-
- $chunkend = strpos($buffer,"\r\n",$chunkstart)+2;
- if($chunkend == false)
- {
- break; //just in case we got a broken connection
- }
- $temp = substr($buffer,$chunkstart,$chunkend-$chunkstart);
- $chunk_size = hexdec( trim($temp) );
- $chunkstart = $chunkend;
- }
- return $new;
- }
-
- /**
- * xml charset encoding guessing helper function.
- * Tries to determine the charset encoding of an XML chunk received over HTTP.
- * NB: according to the spec (RFC 3023), if text/xml content-type is received over HTTP without a content-type,
- * we SHOULD assume it is strictly US-ASCII. But we try to be more tolerant of unconforming (legacy?) clients/servers,
- * which will be most probably using UTF-8 anyway...
- *
- * @param string $httpheaders the http Content-type header
- * @param string $xmlchunk xml content buffer
- * @param string $encoding_prefs comma separated list of character encodings to be used as default (when mb extension is enabled)
- *
- * @todo explore usage of mb_http_input(): does it detect http headers + post data? if so, use it instead of hand-detection!!!
- */
- function guess_encoding($httpheader='', $xmlchunk='', $encoding_prefs=null)
- {
- // discussion: see http://www.yale.edu/pclt/encoding/
- // 1 - test if encoding is specified in HTTP HEADERS
-
- //Details:
- // LWS: (\13\10)?( |\t)+
- // token: (any char but excluded stuff)+
- // quoted string: " (any char but double quotes and cointrol chars)* "
- // header: Content-type = ...; charset=value(; ...)*
- // where value is of type token, no LWS allowed between 'charset' and value
- // Note: we do not check for invalid chars in VALUE:
- // this had better be done using pure ereg as below
- // Note 2: we might be removing whitespace/tabs that ought to be left in if
- // the received charset is a quoted string. But nobody uses such charset names...
-
- /// @todo this test will pass if ANY header has charset specification, not only Content-Type. Fix it?
- $matches = array();
- if(preg_match('/;\s*charset\s*=([^;]+)/i', $httpheader, $matches))
- {
- return strtoupper(trim($matches[1], " \t\""));
- }
-
- // 2 - scan the first bytes of the data for a UTF-16 (or other) BOM pattern
- // (source: http://www.w3.org/TR/2000/REC-xml-20001006)
- // NOTE: actually, according to the spec, even if we find the BOM and determine
- // an encoding, we should check if there is an encoding specified
- // in the xml declaration, and verify if they match.
- /// @todo implement check as described above?
- /// @todo implement check for first bytes of string even without a BOM? (It sure looks harder than for cases WITH a BOM)
- if(preg_match('/^(\x00\x00\xFE\xFF|\xFF\xFE\x00\x00|\x00\x00\xFF\xFE|\xFE\xFF\x00\x00)/', $xmlchunk))
- {
- return 'UCS-4';
- }
- elseif(preg_match('/^(\xFE\xFF|\xFF\xFE)/', $xmlchunk))
- {
- return 'UTF-16';
- }
- elseif(preg_match('/^(\xEF\xBB\xBF)/', $xmlchunk))
- {
- return 'UTF-8';
- }
-
- // 3 - test if encoding is specified in the xml declaration
- // Details:
- // SPACE: (#x20 | #x9 | #xD | #xA)+ === [ \x9\xD\xA]+
- // EQ: SPACE?=SPACE? === [ \x9\xD\xA]*=[ \x9\xD\xA]*
- if (preg_match('/^<\?xml\s+version\s*=\s*'. "((?:\"[a-zA-Z0-9_.:-]+\")|(?:'[a-zA-Z0-9_.:-]+'))".
- '\s+encoding\s*=\s*' . "((?:\"[A-Za-z][A-Za-z0-9._-]*\")|(?:'[A-Za-z][A-Za-z0-9._-]*'))/",
- $xmlchunk, $matches))
- {
- return strtoupper(substr($matches[2], 1, -1));
- }
-
- // 4 - if mbstring is available, let it do the guesswork
- // NB: we favour finding an encoding that is compatible with what we can process
- if(extension_loaded('mbstring'))
- {
- if($encoding_prefs)
- {
- $enc = mb_detect_encoding($xmlchunk, $encoding_prefs);
- }
- else
- {
- $enc = mb_detect_encoding($xmlchunk);
- }
- // NB: mb_detect likes to call it ascii, xml parser likes to call it US_ASCII...
- // IANA also likes better US-ASCII, so go with it
- if($enc == 'ASCII')
- {
- $enc = 'US-'.$enc;
- }
- return $enc;
- }
- else
- {
- // no encoding specified: as per HTTP1.1 assume it is iso-8859-1?
- // Both RFC 2616 (HTTP 1.1) and 1945 (HTTP 1.0) clearly state that for text/xxx content types
- // this should be the standard. And we should be getting text/xml as request and response.
- // BUT we have to be backward compatible with the lib, which always used UTF-8 as default...
- return $GLOBALS['xmlrpc_defencoding'];
- }
- }
-
- /**
- * Checks if a given charset encoding is present in a list of encodings or
- * if it is a valid subset of any encoding in the list
- * @param string $encoding charset to be tested
- * @param mixed $validlist comma separated list of valid charsets (or array of charsets)
- */
- function is_valid_charset($encoding, $validlist)
- {
- $charset_supersets = array(
- 'US-ASCII' => array ('ISO-8859-1', 'ISO-8859-2', 'ISO-8859-3', 'ISO-8859-4',
- 'ISO-8859-5', 'ISO-8859-6', 'ISO-8859-7', 'ISO-8859-8',
- 'ISO-8859-9', 'ISO-8859-10', 'ISO-8859-11', 'ISO-8859-12',
- 'ISO-8859-13', 'ISO-8859-14', 'ISO-8859-15', 'UTF-8',
- 'EUC-JP', 'EUC-', 'EUC-KR', 'EUC-CN')
- );
- if (is_string($validlist))
- $validlist = explode(',', $validlist);
- if (@in_array(strtoupper($encoding), $validlist))
- return true;
- else
- {
- if (array_key_exists($encoding, $charset_supersets))
- foreach ($validlist as $allowed)
- if (in_array($allowed, $charset_supersets[$encoding]))
- return true;
- return false;
- }
- }
-
-?>
\ No newline at end of file
diff --git a/web/phpxmlrpclib/xmlrpc_wrappers.inc b/web/phpxmlrpclib/xmlrpc_wrappers.inc
deleted file mode 100644
index cb0c6e8..0000000
--- a/web/phpxmlrpclib/xmlrpc_wrappers.inc
+++ /dev/null
@@ -1,944 +0,0 @@
-' . $funcname[1];
- }
- $exists = method_exists($funcname[0], $funcname[1]);
- }
- else
- {
- $plainfuncname = $funcname;
- $exists = function_exists($funcname);
- }
-
- if(!$exists)
- {
- error_log('XML-RPC: function to be wrapped is not defined: '.$plainfuncname);
- return false;
- }
- else
- {
- // determine name of new php function
- if($newfuncname == '')
- {
- if(is_array($funcname))
- {
- if(is_string($funcname[0]))
- $xmlrpcfuncname = "{$prefix}_".implode('_', $funcname);
- else
- $xmlrpcfuncname = "{$prefix}_".get_class($funcname[0]) . '_' . $funcname[1];
- }
- else
- {
- $xmlrpcfuncname = "{$prefix}_$funcname";
- }
- }
- else
- {
- $xmlrpcfuncname = $newfuncname;
- }
- while($buildit && function_exists($xmlrpcfuncname))
- {
- $xmlrpcfuncname .= 'x';
- }
-
- // start to introspect PHP code
- if(is_array($funcname))
- {
- $func =& new ReflectionMethod($funcname[0], $funcname[1]);
- if($func->isPrivate())
- {
- error_log('XML-RPC: method to be wrapped is private: '.$plainfuncname);
- return false;
- }
- if($func->isProtected())
- {
- error_log('XML-RPC: method to be wrapped is protected: '.$plainfuncname);
- return false;
- }
- if($func->isConstructor())
- {
- error_log('XML-RPC: method to be wrapped is the constructor: '.$plainfuncname);
- return false;
- }
- if($func->isDestructor())
- {
- error_log('XML-RPC: method to be wrapped is the destructor: '.$plainfuncname);
- return false;
- }
- if($func->isAbstract())
- {
- error_log('XML-RPC: method to be wrapped is abstract: '.$plainfuncname);
- return false;
- }
- /// @todo add more checks for static vs. nonstatic?
- }
- else
- {
- $func =& new ReflectionFunction($funcname);
- }
- if($func->isInternal())
- {
- // Note: from PHP 5.1.0 onward, we will possibly be able to use invokeargs
- // instead of getparameters to fully reflect internal php functions ?
- error_log('XML-RPC: function to be wrapped is internal: '.$plainfuncname);
- return false;
- }
-
- // retrieve parameter names, types and description from javadoc comments
-
- // function description
- $desc = '';
- // type of return val: by default 'any'
- $returns = $GLOBALS['xmlrpcValue'];
- // desc of return val
- $returnsDocs = '';
- // type + name of function parameters
- $paramDocs = array();
-
- $docs = $func->getDocComment();
- if($docs != '')
- {
- $docs = explode("\n", $docs);
- $i = 0;
- foreach($docs as $doc)
- {
- $doc = trim($doc, " \r\t/*");
- if(strlen($doc) && strpos($doc, '@') !== 0 && !$i)
- {
- if($desc)
- {
- $desc .= "\n";
- }
- $desc .= $doc;
- }
- elseif(strpos($doc, '@param') === 0)
- {
- // syntax: @param type [$name] desc
- if(preg_match('/@param\s+(\S+)(\s+\$\S+)?\s+(.+)/', $doc, $matches))
- {
- if(strpos($matches[1], '|'))
- {
- //$paramDocs[$i]['type'] = explode('|', $matches[1]);
- $paramDocs[$i]['type'] = 'mixed';
- }
- else
- {
- $paramDocs[$i]['type'] = $matches[1];
- }
- $paramDocs[$i]['name'] = trim($matches[2]);
- $paramDocs[$i]['doc'] = $matches[3];
- }
- $i++;
- }
- elseif(strpos($doc, '@return') === 0)
- {
- // syntax: @return type desc
- //$returns = preg_split('/\s+/', $doc);
- if(preg_match('/@return\s+(\S+)\s+(.+)/', $doc, $matches))
- {
- $returns = php_2_xmlrpc_type($matches[1]);
- if(isset($matches[2]))
- {
- $returnsDocs = $matches[2];
- }
- }
- }
- }
- }
-
- // execute introspection of actual function prototype
- $params = array();
- $i = 0;
- foreach($func->getParameters() as $paramobj)
- {
- $params[$i] = array();
- $params[$i]['name'] = '$'.$paramobj->getName();
- $params[$i]['isoptional'] = $paramobj->isOptional();
- $i++;
- }
-
-
- // start building of PHP code to be eval'd
- $innercode = '';
- $i = 0;
- $parsvariations = array();
- $pars = array();
- $pnum = count($params);
- foreach($params as $param)
- {
- if (isset($paramDocs[$i]['name']) && $paramDocs[$i]['name'] && strtolower($paramDocs[$i]['name']) != strtolower($param['name']))
- {
- // param name from phpdoc info does not match param definition!
- $paramDocs[$i]['type'] = 'mixed';
- }
-
- if($param['isoptional'])
- {
- // this particular parameter is optional. save as valid previous list of parameters
- $innercode .= "if (\$paramcount > $i) {\n";
- $parsvariations[] = $pars;
- }
- $innercode .= "\$p$i = \$msg->getParam($i);\n";
- if ($decode_php_objects)
- {
- $innercode .= "if (\$p{$i}->kindOf() == 'scalar') \$p$i = \$p{$i}->scalarval(); else \$p$i = php_{$prefix}_decode(\$p$i, array('decode_php_objs'));\n";
- }
- else
- {
- $innercode .= "if (\$p{$i}->kindOf() == 'scalar') \$p$i = \$p{$i}->scalarval(); else \$p$i = php_{$prefix}_decode(\$p$i);\n";
- }
-
- $pars[] = "\$p$i";
- $i++;
- if($param['isoptional'])
- {
- $innercode .= "}\n";
- }
- if($i == $pnum)
- {
- // last allowed parameters combination
- $parsvariations[] = $pars;
- }
- }
-
- $sigs = array();
- $psigs = array();
- if(count($parsvariations) == 0)
- {
- // only known good synopsis = no parameters
- $parsvariations[] = array();
- $minpars = 0;
- }
- else
- {
- $minpars = count($parsvariations[0]);
- }
-
- if($minpars)
- {
- // add to code the check for min params number
- // NB: this check needs to be done BEFORE decoding param values
- $innercode = "\$paramcount = \$msg->getNumParams();\n" .
- "if (\$paramcount < $minpars) return new {$prefix}resp(0, {$GLOBALS['xmlrpcerr']['incorrect_params']}, '{$GLOBALS['xmlrpcstr']['incorrect_params']}');\n" . $innercode;
- }
- else
- {
- $innercode = "\$paramcount = \$msg->getNumParams();\n" . $innercode;
- }
-
- $innercode .= "\$np = false;\n";
- // since there are no closures in php, if we are given an object instance,
- // we store a pointer to it in a global var...
- if ( is_array($funcname) && is_object($funcname[0]) )
- {
- $GLOBALS['xmlrpcWPFObjHolder'][$xmlrpcfuncname] =& $funcname[0];
- $innercode .= "\$obj =& \$GLOBALS['xmlrpcWPFObjHolder']['$xmlrpcfuncname'];\n";
- $realfuncname = '$obj->'.$funcname[1];
- }
- else
- {
- $realfuncname = $plainfuncname;
- }
- foreach($parsvariations as $pars)
- {
- $innercode .= "if (\$paramcount == " . count($pars) . ") \$retval = {$catch_warnings}$realfuncname(" . implode(',', $pars) . "); else\n";
- // build a 'generic' signature (only use an appropriate return type)
- $sig = array($returns);
- $psig = array($returnsDocs);
- for($i=0; $i < count($pars); $i++)
- {
- if (isset($paramDocs[$i]['type']))
- {
- $sig[] = php_2_xmlrpc_type($paramDocs[$i]['type']);
- }
- else
- {
- $sig[] = $GLOBALS['xmlrpcValue'];
- }
- $psig[] = isset($paramDocs[$i]['doc']) ? $paramDocs[$i]['doc'] : '';
- }
- $sigs[] = $sig;
- $psigs[] = $psig;
- }
- $innercode .= "\$np = true;\n";
- $innercode .= "if (\$np) return new {$prefix}resp(0, {$GLOBALS['xmlrpcerr']['incorrect_params']}, '{$GLOBALS['xmlrpcstr']['incorrect_params']}'); else {\n";
- //$innercode .= "if (\$_xmlrpcs_error_occurred) return new xmlrpcresp(0, $GLOBALS['xmlrpcerr']user, \$_xmlrpcs_error_occurred); else\n";
- $innercode .= "if (is_a(\$retval, '{$prefix}resp')) return \$retval; else\n";
- if($returns == $GLOBALS['xmlrpcDateTime'] || $returns == $GLOBALS['xmlrpcBase64'])
- {
- $innercode .= "return new {$prefix}resp(new {$prefix}val(\$retval, '$returns'));";
- }
- else
- {
- if ($encode_php_objects)
- $innercode .= "return new {$prefix}resp(php_{$prefix}_encode(\$retval, array('encode_php_objs')));\n";
- else
- $innercode .= "return new {$prefix}resp(php_{$prefix}_encode(\$retval));\n";
- }
- // shall we exclude functions returning by ref?
- // if($func->returnsReference())
- // return false;
- $code = "function $xmlrpcfuncname(\$msg) {\n" . $innercode . "}\n}";
- //print_r($code);
- if ($buildit)
- {
- $allOK = 0;
- eval($code.'$allOK=1;');
- // alternative
- //$xmlrpcfuncname = create_function('$m', $innercode);
-
- if(!$allOK)
- {
- error_log('XML-RPC: could not create function '.$xmlrpcfuncname.' to wrap php function '.$plainfuncname);
- return false;
- }
- }
-
- /// @todo examine if $paramDocs matches $parsvariations and build array for
- /// usage as method signature, plus put together a nice string for docs
-
- $ret = array('function' => $xmlrpcfuncname, 'signature' => $sigs, 'docstring' => $desc, 'signature_docs' => $psigs, 'source' => $code);
- return $ret;
- }
- }
-
- /**
- * Given a user-defined PHP class or php object, map its methods onto a list of
- * PHP 'wrapper' functions that can be exposed as xmlrpc methods from an xmlrpc_server
- * object and called from remote clients (as well as their corresponding signature info).
- *
- * @param mixed $classname the name of the class whose methods are to be exposed as xmlrpc methods, or an object instance of that class
- * @param array $extra_options see the docs for wrap_php_method for more options
- * string method_type 'static', 'nonstatic', 'all' and 'auto' (default); the latter will switch between static and non-static depending on wheter $classname is a class name or object instance
- * @return array or false on failure
- *
- * @todo get_class_methods will return both static and non-static methods.
- * we have to differentiate the action, depending on wheter we recived a class name or object
- */
- function wrap_php_class($classname, $extra_options=array())
- {
- $methodfilter = isset($extra_options['method_filter']) ? $extra_options['method_filter'] : '';
- $methodtype = isset($extra_options['method_type']) ? $extra_options['method_type'] : 'auto';
-
- if(version_compare(phpversion(), '5.0.3') == -1)
- {
- // up to php 5.0.3 some useful reflection methods were missing
- error_log('XML-RPC: cannot not wrap php functions unless running php version bigger than 5.0.3');
- return false;
- }
-
- $result = array();
- $mlist = get_class_methods($classname);
- foreach($mlist as $mname)
- {
- if ($methodfilter == '' || preg_match($methodfilter, $mname))
- {
- // echo $mlist."\n";
- $func =& new ReflectionMethod($classname, $mname);
- if(!$func->isPrivate() && !$func->isProtected() && !$func->isConstructor() && !$func->isDestructor() && !$func->isAbstract())
- {
- if(($func->isStatic && ($methodtype == 'all' || $methodtype == 'static' || ($methodtype == 'auto' && is_string($classname)))) ||
- (!$func->isStatic && ($methodtype == 'all' || $methodtype == 'nonstatic' || ($methodtype == 'auto' && is_object($classname)))))
- {
- $methodwrap = wrap_php_function(array($classname, $mname), '', $extra_options);
- if ( $methodwrap )
- {
- $result[$methodwrap['function']] = $methodwrap['function'];
- }
- }
- }
- }
- }
- return $result;
- }
-
- /**
- * Given an xmlrpc client and a method name, register a php wrapper function
- * that will call it and return results using native php types for both
- * params and results. The generated php function will return an xmlrpcresp
- * oject for failed xmlrpc calls
- *
- * Known limitations:
- * - server must support system.methodsignature for the wanted xmlrpc method
- * - for methods that expose many signatures, only one can be picked (we
- * could in priciple check if signatures differ only by number of params
- * and not by type, but it would be more complication than we can spare time)
- * - nested xmlrpc params: the caller of the generated php function has to
- * encode on its own the params passed to the php function if these are structs
- * or arrays whose (sub)members include values of type datetime or base64
- *
- * Notes: the connection properties of the given client will be copied
- * and reused for the connection used during the call to the generated
- * php function.
- * Calling the generated php function 'might' be slow: a new xmlrpc client
- * is created on every invocation and an xmlrpc-connection opened+closed.
- * An extra 'debug' param is appended to param list of xmlrpc method, useful
- * for debugging purposes.
- *
- * @param xmlrpc_client $client an xmlrpc client set up correctly to communicate with target server
- * @param string $methodname the xmlrpc method to be mapped to a php function
- * @param array $extra_options array of options that specify conversion details. valid ptions include
- * integer signum the index of the method signature to use in mapping (if method exposes many sigs)
- * integer timeout timeout (in secs) to be used when executing function/calling remote method
- * string protocol 'http' (default), 'http11' or 'https'
- * string new_function_name the name of php function to create. If unsepcified, lib will pick an appropriate name
- * string return_source if true return php code w. function definition instead fo function name
- * bool encode_php_objs let php objects be sent to server using the 'improved' xmlrpc notation, so server can deserialize them as php objects
- * bool decode_php_objs --- WARNING !!! possible security hazard. only use it with trusted servers ---
- * mixed return_on_fault a php value to be returned when the xmlrpc call fails/returns a fault response (by default the xmlrpcresp object is returned in this case). If a string is used, '%faultCode%' and '%faultString%' tokens will be substituted with actual error values
- * bool debug set it to 1 or 2 to see debug results of querying server for method synopsis
- * @return string the name of the generated php function (or false) - OR AN ARRAY...
- */
- function wrap_xmlrpc_method($client, $methodname, $extra_options=0, $timeout=0, $protocol='', $newfuncname='')
- {
- // mind numbing: let caller use sane calling convention (as per javadoc, 3 params),
- // OR the 2.0 calling convention (no options) - we really love backward compat, don't we?
- if (!is_array($extra_options))
- {
- $signum = $extra_options;
- $extra_options = array();
- }
- else
- {
- $signum = isset($extra_options['signum']) ? (int)$extra_options['signum'] : 0;
- $timeout = isset($extra_options['timeout']) ? (int)$extra_options['timeout'] : 0;
- $protocol = isset($extra_options['protocol']) ? $extra_options['protocol'] : '';
- $newfuncname = isset($extra_options['new_function_name']) ? $extra_options['new_function_name'] : '';
- }
- //$encode_php_objects = in_array('encode_php_objects', $extra_options);
- //$verbatim_client_copy = in_array('simple_client_copy', $extra_options) ? 1 :
- // in_array('build_class_code', $extra_options) ? 2 : 0;
-
- $encode_php_objects = isset($extra_options['encode_php_objs']) ? (bool)$extra_options['encode_php_objs'] : false;
- $decode_php_objects = isset($extra_options['decode_php_objs']) ? (bool)$extra_options['decode_php_objs'] : false;
- $simple_client_copy = isset($extra_options['simple_client_copy']) ? (int)($extra_options['simple_client_copy']) : 0;
- $buildit = isset($extra_options['return_source']) ? !($extra_options['return_source']) : true;
- $prefix = isset($extra_options['prefix']) ? $extra_options['prefix'] : 'xmlrpc';
- if (isset($extra_options['return_on_fault']))
- {
- $decode_fault = true;
- $fault_response = $extra_options['return_on_fault'];
- }
- else
- {
- $decode_fault = false;
- $fault_response = '';
- }
- $debug = isset($extra_options['debug']) ? ($extra_options['debug']) : 0;
-
- $msgclass = $prefix.'msg';
- $valclass = $prefix.'val';
- $decodefunc = 'php_'.$prefix.'_decode';
-
- $msg =& new $msgclass('system.methodSignature');
- $msg->addparam(new $valclass($methodname));
- $client->setDebug($debug);
- $response =& $client->send($msg, $timeout, $protocol);
- if($response->faultCode())
- {
- error_log('XML-RPC: could not retrieve method signature from remote server for method '.$methodname);
- return false;
- }
- else
- {
- $msig = $response->value();
- if ($client->return_type != 'phpvals')
- {
- $msig = $decodefunc($msig);
- }
- if(!is_array($msig) || count($msig) <= $signum)
- {
- error_log('XML-RPC: could not retrieve method signature nr.'.$signum.' from remote server for method '.$methodname);
- return false;
- }
- else
- {
- // pick a suitable name for the new function, avoiding collisions
- if($newfuncname != '')
- {
- $xmlrpcfuncname = $newfuncname;
- }
- else
- {
- // take care to insure that methodname is translated to valid
- // php function name
- $xmlrpcfuncname = $prefix.'_'.preg_replace(array('/\./', '/[^a-zA-Z0-9_\x7f-\xff]/'),
- array('_', ''), $methodname);
- }
- while($buildit && function_exists($xmlrpcfuncname))
- {
- $xmlrpcfuncname .= 'x';
- }
-
- $msig = $msig[$signum];
- $mdesc = '';
- // if in 'offline' mode, get method description too.
- // in online mode, favour speed of operation
- if(!$buildit)
- {
- $msg =& new $msgclass('system.methodHelp');
- $msg->addparam(new $valclass($methodname));
- $response =& $client->send($msg, $timeout, $protocol);
- if (!$response->faultCode())
- {
- $mdesc = $response->value();
- if ($client->return_type != 'phpvals')
- {
- $mdesc = $mdesc->scalarval();
- }
- }
- }
-
- $results = build_remote_method_wrapper_code($client, $methodname,
- $xmlrpcfuncname, $msig, $mdesc, $timeout, $protocol, $simple_client_copy,
- $prefix, $decode_php_objects, $encode_php_objects, $decode_fault,
- $fault_response);
-
- //print_r($code);
- if ($buildit)
- {
- $allOK = 0;
- eval($results['source'].'$allOK=1;');
- // alternative
- //$xmlrpcfuncname = create_function('$m', $innercode);
- if($allOK)
- {
- return $xmlrpcfuncname;
- }
- else
- {
- error_log('XML-RPC: could not create function '.$xmlrpcfuncname.' to wrap remote method '.$methodname);
- return false;
- }
- }
- else
- {
- $results['function'] = $xmlrpcfuncname;
- return $results;
- }
- }
- }
- }
-
- /**
- * Similar to wrap_xmlrpc_method, but will generate a php class that wraps
- * all xmlrpc methods exposed by the remote server as own methods.
- * For more details see wrap_xmlrpc_method.
- * @param xmlrpc_client $client the client obj all set to query the desired server
- * @param array $extra_options list of options for wrapped code
- * @return mixed false on error, the name of the created class if all ok or an array with code, class name and comments (if the appropriatevoption is set in extra_options)
- */
- function wrap_xmlrpc_server($client, $extra_options=array())
- {
- $methodfilter = isset($extra_options['method_filter']) ? $extra_options['method_filter'] : '';
- //$signum = isset($extra_options['signum']) ? (int)$extra_options['signum'] : 0;
- $timeout = isset($extra_options['timeout']) ? (int)$extra_options['timeout'] : 0;
- $protocol = isset($extra_options['protocol']) ? $extra_options['protocol'] : '';
- $newclassname = isset($extra_options['new_class_name']) ? $extra_options['new_class_name'] : '';
- $encode_php_objects = isset($extra_options['encode_php_objs']) ? (bool)$extra_options['encode_php_objs'] : false;
- $decode_php_objects = isset($extra_options['decode_php_objs']) ? (bool)$extra_options['decode_php_objs'] : false;
- $verbatim_client_copy = isset($extra_options['simple_client_copy']) ? !($extra_options['simple_client_copy']) : true;
- $buildit = isset($extra_options['return_source']) ? !($extra_options['return_source']) : true;
- $prefix = isset($extra_options['prefix']) ? $extra_options['prefix'] : 'xmlrpc';
-
- $msgclass = $prefix.'msg';
- //$valclass = $prefix.'val';
- $decodefunc = 'php_'.$prefix.'_decode';
-
- $msg =& new $msgclass('system.listMethods');
- $response =& $client->send($msg, $timeout, $protocol);
- if($response->faultCode())
- {
- error_log('XML-RPC: could not retrieve method list from remote server');
- return false;
- }
- else
- {
- $mlist = $response->value();
- if ($client->return_type != 'phpvals')
- {
- $mlist = $decodefunc($mlist);
- }
- if(!is_array($mlist) || !count($mlist))
- {
- error_log('XML-RPC: could not retrieve meaningful method list from remote server');
- return false;
- }
- else
- {
- // pick a suitable name for the new function, avoiding collisions
- if($newclassname != '')
- {
- $xmlrpcclassname = $newclassname;
- }
- else
- {
- $xmlrpcclassname = $prefix.'_'.preg_replace(array('/\./', '/[^a-zA-Z0-9_\x7f-\xff]/'),
- array('_', ''), $client->server).'_client';
- }
- while($buildit && class_exists($xmlrpcclassname))
- {
- $xmlrpcclassname .= 'x';
- }
-
- /// @todo add function setdebug() to new class, to enable/disable debugging
- $source = "class $xmlrpcclassname\n{\nvar \$client;\n\n";
- $source .= "function $xmlrpcclassname()\n{\n";
- $source .= build_client_wrapper_code($client, $verbatim_client_copy, $prefix);
- $source .= "\$this->client =& \$client;\n}\n\n";
- $opts = array('simple_client_copy' => 2, 'return_source' => true,
- 'timeout' => $timeout, 'protocol' => $protocol,
- 'encode_php_objs' => $encode_php_objects, 'prefix' => $prefix,
- 'decode_php_objs' => $decode_php_objects
- );
- /// @todo build javadoc for class definition, too
- foreach($mlist as $mname)
- {
- if ($methodfilter == '' || preg_match($methodfilter, $mname))
- {
- $opts['new_function_name'] = preg_replace(array('/\./', '/[^a-zA-Z0-9_\x7f-\xff]/'),
- array('_', ''), $mname);
- $methodwrap = wrap_xmlrpc_method($client, $mname, $opts);
- if ($methodwrap)
- {
- if (!$buildit)
- {
- $source .= $methodwrap['docstring'];
- }
- $source .= $methodwrap['source']."\n";
- }
- else
- {
- error_log('XML-RPC: will not create class method to wrap remote method '.$mname);
- }
- }
- }
- $source .= "}\n";
- if ($buildit)
- {
- $allOK = 0;
- eval($source.'$allOK=1;');
- // alternative
- //$xmlrpcfuncname = create_function('$m', $innercode);
- if($allOK)
- {
- return $xmlrpcclassname;
- }
- else
- {
- error_log('XML-RPC: could not create class '.$xmlrpcclassname.' to wrap remote server '.$client->server);
- return false;
- }
- }
- else
- {
- return array('class' => $xmlrpcclassname, 'code' => $source, 'docstring' => '');
- }
- }
- }
- }
-
- /**
- * Given the necessary info, build php code that creates a new function to
- * invoke a remote xmlrpc method.
- * Take care that no full checking of input parameters is done to ensure that
- * valid php code is emitted.
- * Note: real spaghetti code follows...
- * @access private
- */
- function build_remote_method_wrapper_code($client, $methodname, $xmlrpcfuncname,
- $msig, $mdesc='', $timeout=0, $protocol='', $client_copy_mode=0, $prefix='xmlrpc',
- $decode_php_objects=false, $encode_php_objects=false, $decode_fault=false,
- $fault_response='')
- {
- $code = "function $xmlrpcfuncname (";
- if ($client_copy_mode < 2)
- {
- // client copy mode 0 or 1 == partial / full client copy in emitted code
- $innercode = build_client_wrapper_code($client, $client_copy_mode, $prefix);
- $innercode .= "\$client->setDebug(\$debug);\n";
- $this_ = '';
- }
- else
- {
- // client copy mode 2 == no client copy in emitted code
- $innercode = '';
- $this_ = 'this->';
- }
- $innercode .= "\$msg =& new {$prefix}msg('$methodname');\n";
-
- if ($mdesc != '')
- {
- // take care that PHP comment is not terminated unwillingly by method description
- $mdesc = "/**\n* ".str_replace('*/', '* /', $mdesc)."\n";
- }
- else
- {
- $mdesc = "/**\nFunction $xmlrpcfuncname\n";
- }
-
- // param parsing
- $plist = array();
- $pcount = count($msig);
- for($i = 1; $i < $pcount; $i++)
- {
- $plist[] = "\$p$i";
- $ptype = $msig[$i];
- if($ptype == 'i4' || $ptype == 'int' || $ptype == 'boolean' || $ptype == 'double' ||
- $ptype == 'string' || $ptype == 'dateTime.iso8601' || $ptype == 'base64' || $ptype == 'null')
- {
- // only build directly xmlrpcvals when type is known and scalar
- $innercode .= "\$p$i =& new {$prefix}val(\$p$i, '$ptype');\n";
- }
- else
- {
- if ($encode_php_objects)
- {
- $innercode .= "\$p$i =& php_{$prefix}_encode(\$p$i, array('encode_php_objs'));\n";
- }
- else
- {
- $innercode .= "\$p$i =& php_{$prefix}_encode(\$p$i);\n";
- }
- }
- $innercode .= "\$msg->addparam(\$p$i);\n";
- $mdesc .= '* @param '.xmlrpc_2_php_type($ptype)." \$p$i\n";
- }
- if ($client_copy_mode < 2)
- {
- $plist[] = '$debug=0';
- $mdesc .= "* @param int \$debug when 1 (or 2) will enable debugging of the underlying {$prefix} call (defaults to 0)\n";
- }
- $plist = implode(', ', $plist);
- $mdesc .= '* @return '.xmlrpc_2_php_type($msig[0])." (or an {$prefix}resp obj instance if call fails)\n*/\n";
-
- $innercode .= "\$res =& \${$this_}client->send(\$msg, $timeout, '$protocol');\n";
- if ($decode_fault)
- {
- if (is_string($fault_response) && ((strpos($fault_response, '%faultCode%') !== false) || (strpos($fault_response, '%faultString%') !== false)))
- {
- $respcode = "str_replace(array('%faultCode%', '%faultString%'), array(\$res->faultCode(), \$res->faultString()), '".str_replace("'", "''", $fault_response)."')";
- }
- else
- {
- $respcode = var_export($fault_response, true);
- }
- }
- else
- {
- $respcode = '$res';
- }
- if ($decode_php_objects)
- {
- $innercode .= "if (\$res->faultcode()) return $respcode; else return php_{$prefix}_decode(\$res->value(), array('decode_php_objs'));";
- }
- else
- {
- $innercode .= "if (\$res->faultcode()) return $respcode; else return php_{$prefix}_decode(\$res->value());";
- }
-
- $code = $code . $plist. ") {\n" . $innercode . "\n}\n";
-
- return array('source' => $code, 'docstring' => $mdesc);
- }
-
- /**
- * Given necessary info, generate php code that will rebuild a client object
- * Take care that no full checking of input parameters is done to ensure that
- * valid php code is emitted.
- * @access private
- */
- function build_client_wrapper_code($client, $verbatim_client_copy, $prefix='xmlrpc')
- {
- $code = "\$client =& new {$prefix}_client('".str_replace("'", "\'", $client->path).
- "', '" . str_replace("'", "\'", $client->server) . "', $client->port);\n";
-
- // copy all client fields to the client that will be generated runtime
- // (this provides for future expansion or subclassing of client obj)
- if ($verbatim_client_copy)
- {
- foreach($client as $fld => $val)
- {
- if($fld != 'debug' && $fld != 'return_type')
- {
- $val = var_export($val, true);
- $code .= "\$client->$fld = $val;\n";
- }
- }
- }
- // only make sure that client always returns the correct data type
- $code .= "\$client->return_type = '{$prefix}vals';\n";
- //$code .= "\$client->setDebug(\$debug);\n";
- return $code;
- }
-?>
\ No newline at end of file
diff --git a/web/phpxmlrpclib/xmlrpcs.inc b/web/phpxmlrpclib/xmlrpcs.inc
deleted file mode 100644
index 7b47ca0..0000000
--- a/web/phpxmlrpclib/xmlrpcs.inc
+++ /dev/null
@@ -1,1198 +0,0 @@
-
-// $Id: xmlrpcs.inc,v 1.71 2008/10/29 23:41:28 ggiunta Exp $
-
-// Copyright (c) 1999,2000,2002 Edd Dumbill.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions
-// are met:
-//
-// * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//
-// * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following
-// disclaimer in the documentation and/or other materials provided
-// with the distribution.
-//
-// * Neither the name of the "XML-RPC for PHP" nor the names of its
-// contributors may be used to endorse or promote products derived
-// from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-// REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-
- // XML RPC Server class
- // requires: xmlrpc.inc
-
- $GLOBALS['xmlrpcs_capabilities'] = array(
- // xmlrpc spec: always supported
- 'xmlrpc' => new xmlrpcval(array(
- 'specUrl' => new xmlrpcval('http://www.xmlrpc.com/spec', 'string'),
- 'specVersion' => new xmlrpcval(1, 'int')
- ), 'struct'),
- // if we support system.xxx functions, we always support multicall, too...
- // Note that, as of 2006/09/17, the following URL does not respond anymore
- 'system.multicall' => new xmlrpcval(array(
- 'specUrl' => new xmlrpcval('http://www.xmlrpc.com/discuss/msgReader$1208', 'string'),
- 'specVersion' => new xmlrpcval(1, 'int')
- ), 'struct'),
- // introspection: version 2! we support 'mixed', too
- 'introspection' => new xmlrpcval(array(
- 'specUrl' => new xmlrpcval('http://phpxmlrpc.sourceforge.net/doc-2/ch10.html', 'string'),
- 'specVersion' => new xmlrpcval(2, 'int')
- ), 'struct')
- );
-
- /* Functions that implement system.XXX methods of xmlrpc servers */
- $_xmlrpcs_getCapabilities_sig=array(array($GLOBALS['xmlrpcStruct']));
- $_xmlrpcs_getCapabilities_doc='This method lists all the capabilites that the XML-RPC server has: the (more or less standard) extensions to the xmlrpc spec that it adheres to';
- $_xmlrpcs_getCapabilities_sdoc=array(array('list of capabilities, described as structs with a version number and url for the spec'));
- function _xmlrpcs_getCapabilities($server, $m=null)
- {
- $outAr = $GLOBALS['xmlrpcs_capabilities'];
- // NIL extension
- if ($GLOBALS['xmlrpc_null_extension']) {
- $outAr['nil'] = new xmlrpcval(array(
- 'specUrl' => new xmlrpcval('http://www.ontosys.com/xml-rpc/extensions.php', 'string'),
- 'specVersion' => new xmlrpcval(1, 'int')
- ), 'struct');
- }
- return new xmlrpcresp(new xmlrpcval($outAr, 'struct'));
- }
-
- // listMethods: signature was either a string, or nothing.
- // The useless string variant has been removed
- $_xmlrpcs_listMethods_sig=array(array($GLOBALS['xmlrpcArray']));
- $_xmlrpcs_listMethods_doc='This method lists all the methods that the XML-RPC server knows how to dispatch';
- $_xmlrpcs_listMethods_sdoc=array(array('list of method names'));
- function _xmlrpcs_listMethods($server, $m=null) // if called in plain php values mode, second param is missing
- {
-
- $outAr=array();
- foreach($server->dmap as $key => $val)
- {
- $outAr[]= new xmlrpcval($key, 'string');
- }
- if($server->allow_system_funcs)
- {
- foreach($GLOBALS['_xmlrpcs_dmap'] as $key => $val)
- {
- $outAr[]= new xmlrpcval($key, 'string');
- }
- }
- return new xmlrpcresp(new xmlrpcval($outAr, 'array'));
- }
-
- $_xmlrpcs_methodSignature_sig=array(array($GLOBALS['xmlrpcArray'], $GLOBALS['xmlrpcString']));
- $_xmlrpcs_methodSignature_doc='Returns an array of known signatures (an array of arrays) for the method name passed. If no signatures are known, returns a none-array (test for type != array to detect missing signature)';
- $_xmlrpcs_methodSignature_sdoc=array(array('list of known signatures, each sig being an array of xmlrpc type names', 'name of method to be described'));
- function _xmlrpcs_methodSignature($server, $m)
- {
- // let accept as parameter both an xmlrpcval or string
- if (is_object($m))
- {
- $methName=$m->getParam(0);
- $methName=$methName->scalarval();
- }
- else
- {
- $methName=$m;
- }
- if(strpos($methName, "system.") === 0)
- {
- $dmap=$GLOBALS['_xmlrpcs_dmap']; $sysCall=1;
- }
- else
- {
- $dmap=$server->dmap; $sysCall=0;
- }
- if(isset($dmap[$methName]))
- {
- if(isset($dmap[$methName]['signature']))
- {
- $sigs=array();
- foreach($dmap[$methName]['signature'] as $inSig)
- {
- $cursig=array();
- foreach($inSig as $sig)
- {
- $cursig[]= new xmlrpcval($sig, 'string');
- }
- $sigs[]= new xmlrpcval($cursig, 'array');
- }
- $r= new xmlrpcresp(new xmlrpcval($sigs, 'array'));
- }
- else
- {
- // NB: according to the official docs, we should be returning a
- // "none-array" here, which means not-an-array
- $r= new xmlrpcresp(new xmlrpcval('undef', 'string'));
- }
- }
- else
- {
- $r= new xmlrpcresp(0,$GLOBALS['xmlrpcerr']['introspect_unknown'], $GLOBALS['xmlrpcstr']['introspect_unknown']);
- }
- return $r;
- }
-
- $_xmlrpcs_methodHelp_sig=array(array($GLOBALS['xmlrpcString'], $GLOBALS['xmlrpcString']));
- $_xmlrpcs_methodHelp_doc='Returns help text if defined for the method passed, otherwise returns an empty string';
- $_xmlrpcs_methodHelp_sdoc=array(array('method description', 'name of the method to be described'));
- function _xmlrpcs_methodHelp($server, $m)
- {
- // let accept as parameter both an xmlrpcval or string
- if (is_object($m))
- {
- $methName=$m->getParam(0);
- $methName=$methName->scalarval();
- }
- else
- {
- $methName=$m;
- }
- if(strpos($methName, "system.") === 0)
- {
- $dmap=$GLOBALS['_xmlrpcs_dmap']; $sysCall=1;
- }
- else
- {
- $dmap=$server->dmap; $sysCall=0;
- }
- if(isset($dmap[$methName]))
- {
- if(isset($dmap[$methName]['docstring']))
- {
- $r= new xmlrpcresp(new xmlrpcval($dmap[$methName]['docstring']), 'string');
- }
- else
- {
- $r= new xmlrpcresp(new xmlrpcval('', 'string'));
- }
- }
- else
- {
- $r=new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['introspect_unknown'], $GLOBALS['xmlrpcstr']['introspect_unknown']);
- }
- return $r;
- }
-
- $_xmlrpcs_multicall_sig = array(array($GLOBALS['xmlrpcArray'], $GLOBALS['xmlrpcArray']));
- $_xmlrpcs_multicall_doc = 'Boxcar multiple RPC calls in one request. See http://www.xmlrpc.com/discuss/msgReader$1208 for details';
- $_xmlrpcs_multicall_sdoc = array(array('list of response structs, where each struct has the usual members', 'list of calls, with each call being represented as a struct, with members "methodname" and "params"'));
- function _xmlrpcs_multicall_error($err)
- {
- if(is_string($err))
- {
- $str = $GLOBALS['xmlrpcstr']["multicall_${err}"];
- $code = $GLOBALS['xmlrpcerr']["multicall_${err}"];
- }
- else
- {
- $code = $err->faultCode();
- $str = $err->faultString();
- }
- $struct = array();
- $struct['faultCode'] = new xmlrpcval($code, 'int');
- $struct['faultString'] = new xmlrpcval($str, 'string');
- return new xmlrpcval($struct, 'struct');
- }
-
- function _xmlrpcs_multicall_do_call($server, $call)
- {
- if($call->kindOf() != 'struct')
- {
- return _xmlrpcs_multicall_error('notstruct');
- }
- $methName = @$call->structmem('methodName');
- if(!$methName)
- {
- return _xmlrpcs_multicall_error('nomethod');
- }
- if($methName->kindOf() != 'scalar' || $methName->scalartyp() != 'string')
- {
- return _xmlrpcs_multicall_error('notstring');
- }
- if($methName->scalarval() == 'system.multicall')
- {
- return _xmlrpcs_multicall_error('recursion');
- }
-
- $params = @$call->structmem('params');
- if(!$params)
- {
- return _xmlrpcs_multicall_error('noparams');
- }
- if($params->kindOf() != 'array')
- {
- return _xmlrpcs_multicall_error('notarray');
- }
- $numParams = $params->arraysize();
-
- $msg = new xmlrpcmsg($methName->scalarval());
- for($i = 0; $i < $numParams; $i++)
- {
- if(!$msg->addParam($params->arraymem($i)))
- {
- $i++;
- return _xmlrpcs_multicall_error(new xmlrpcresp(0,
- $GLOBALS['xmlrpcerr']['incorrect_params'],
- $GLOBALS['xmlrpcstr']['incorrect_params'] . ": probable xml error in param " . $i));
- }
- }
-
- $result = $server->execute($msg);
-
- if($result->faultCode() != 0)
- {
- return _xmlrpcs_multicall_error($result); // Method returned fault.
- }
-
- return new xmlrpcval(array($result->value()), 'array');
- }
-
- function _xmlrpcs_multicall_do_call_phpvals($server, $call)
- {
- if(!is_array($call))
- {
- return _xmlrpcs_multicall_error('notstruct');
- }
- if(!array_key_exists('methodName', $call))
- {
- return _xmlrpcs_multicall_error('nomethod');
- }
- if (!is_string($call['methodName']))
- {
- return _xmlrpcs_multicall_error('notstring');
- }
- if($call['methodName'] == 'system.multicall')
- {
- return _xmlrpcs_multicall_error('recursion');
- }
- if(!array_key_exists('params', $call))
- {
- return _xmlrpcs_multicall_error('noparams');
- }
- if(!is_array($call['params']))
- {
- return _xmlrpcs_multicall_error('notarray');
- }
-
- // this is a real dirty and simplistic hack, since we might have received a
- // base64 or datetime values, but they will be listed as strings here...
- $numParams = count($call['params']);
- $pt = array();
- foreach($call['params'] as $val)
- $pt[] = php_2_xmlrpc_type(gettype($val));
-
- $result = $server->execute($call['methodName'], $call['params'], $pt);
-
- if($result->faultCode() != 0)
- {
- return _xmlrpcs_multicall_error($result); // Method returned fault.
- }
-
- return new xmlrpcval(array($result->value()), 'array');
- }
-
- function _xmlrpcs_multicall($server, $m)
- {
- $result = array();
- // let accept a plain list of php parameters, beside a single xmlrpc msg object
- if (is_object($m))
- {
- $calls = $m->getParam(0);
- $numCalls = $calls->arraysize();
- for($i = 0; $i < $numCalls; $i++)
- {
- $call = $calls->arraymem($i);
- $result[$i] = _xmlrpcs_multicall_do_call($server, $call);
- }
- }
- else
- {
- $numCalls=count($m);
- for($i = 0; $i < $numCalls; $i++)
- {
- $result[$i] = _xmlrpcs_multicall_do_call_phpvals($server, $m[$i]);
- }
- }
-
- return new xmlrpcresp(new xmlrpcval($result, 'array'));
- }
-
- $GLOBALS['_xmlrpcs_dmap']=array(
- 'system.listMethods' => array(
- 'function' => '_xmlrpcs_listMethods',
- 'signature' => $_xmlrpcs_listMethods_sig,
- 'docstring' => $_xmlrpcs_listMethods_doc,
- 'signature_docs' => $_xmlrpcs_listMethods_sdoc),
- 'system.methodHelp' => array(
- 'function' => '_xmlrpcs_methodHelp',
- 'signature' => $_xmlrpcs_methodHelp_sig,
- 'docstring' => $_xmlrpcs_methodHelp_doc,
- 'signature_docs' => $_xmlrpcs_methodHelp_sdoc),
- 'system.methodSignature' => array(
- 'function' => '_xmlrpcs_methodSignature',
- 'signature' => $_xmlrpcs_methodSignature_sig,
- 'docstring' => $_xmlrpcs_methodSignature_doc,
- 'signature_docs' => $_xmlrpcs_methodSignature_sdoc),
- 'system.multicall' => array(
- 'function' => '_xmlrpcs_multicall',
- 'signature' => $_xmlrpcs_multicall_sig,
- 'docstring' => $_xmlrpcs_multicall_doc,
- 'signature_docs' => $_xmlrpcs_multicall_sdoc),
- 'system.getCapabilities' => array(
- 'function' => '_xmlrpcs_getCapabilities',
- 'signature' => $_xmlrpcs_getCapabilities_sig,
- 'docstring' => $_xmlrpcs_getCapabilities_doc,
- 'signature_docs' => $_xmlrpcs_getCapabilities_sdoc)
- );
-
- $GLOBALS['_xmlrpcs_occurred_errors'] = '';
- $GLOBALS['_xmlrpcs_prev_ehandler'] = '';
- /**
- * Error handler used to track errors that occur during server-side execution of PHP code.
- * This allows to report back to the client whether an internal error has occurred or not
- * using an xmlrpc response object, instead of letting the client deal with the html junk
- * that a PHP execution error on the server generally entails.
- *
- * NB: in fact a user defined error handler can only handle WARNING, NOTICE and USER_* errors.
- *
- */
- function _xmlrpcs_errorHandler($errcode, $errstring, $filename=null, $lineno=null, $context=null)
- {
- // obey the @ protocol
- if (error_reporting() == 0)
- return;
-
- //if($errcode != E_NOTICE && $errcode != E_WARNING && $errcode != E_USER_NOTICE && $errcode != E_USER_WARNING)
- if($errcode != 2048) // do not use E_STRICT by name, since on PHP 4 it will not be defined
- {
- $GLOBALS['_xmlrpcs_occurred_errors'] = $GLOBALS['_xmlrpcs_occurred_errors'] . $errstring . "\n";
- }
- // Try to avoid as much as possible disruption to the previous error handling
- // mechanism in place
- if($GLOBALS['_xmlrpcs_prev_ehandler'] == '')
- {
- // The previous error handler was the default: all we should do is log error
- // to the default error log (if level high enough)
- if(ini_get('log_errors') && (intval(ini_get('error_reporting')) & $errcode))
- {
- error_log($errstring);
- }
- }
- else
- {
- // Pass control on to previous error handler, trying to avoid loops...
- if($GLOBALS['_xmlrpcs_prev_ehandler'] != '_xmlrpcs_errorHandler')
- {
- // NB: this code will NOT work on php < 4.0.2: only 2 params were used for error handlers
- if(is_array($GLOBALS['_xmlrpcs_prev_ehandler']))
- {
- // the following works both with static class methods and plain object methods as error handler
- call_user_func_array($GLOBALS['_xmlrpcs_prev_ehandler'], array($errcode, $errstring, $filename, $lineno, $context));
- }
- else
- {
- $GLOBALS['_xmlrpcs_prev_ehandler']($errcode, $errstring, $filename, $lineno, $context);
- }
- }
- }
- }
-
- $GLOBALS['_xmlrpc_debuginfo']='';
-
- /**
- * Add a string to the debug info that can be later seralized by the server
- * as part of the response message.
- * Note that for best compatbility, the debug string should be encoded using
- * the $GLOBALS['xmlrpc_internalencoding'] character set.
- * @param string $m
- * @access public
- */
- function xmlrpc_debugmsg($m)
- {
- $GLOBALS['_xmlrpc_debuginfo'] .= $m . "\n";
- }
-
- class xmlrpc_server
- {
- /// array defining php functions exposed as xmlrpc methods by this server
- var $dmap=array();
- /**
- * Defines how functions in dmap will be invokde: either using an xmlrpc msg object
- * or plain php values.
- * valid strings are 'xmlrpcvals', 'phpvals' or 'epivals'
- */
- var $functions_parameters_type='xmlrpcvals';
- /// controls wether the server is going to echo debugging messages back to the client as comments in response body. valid values: 0,1,2,3
- var $debug = 1;
- /**
- * When set to true, it will enable HTTP compression of the response, in case
- * the client has declared its support for compression in the request.
- */
- var $compress_response = false;
- /**
- * List of http compression methods accepted by the server for requests.
- * NB: PHP supports deflate, gzip compressions out of the box if compiled w. zlib
- */
- var $accepted_compression = array();
- /// shall we serve calls to system.* methods?
- var $allow_system_funcs = true;
- /// list of charset encodings natively accepted for requests
- var $accepted_charset_encodings = array();
- /**
- * charset encoding to be used for response.
- * NB: if we can, we will convert the generated response from internal_encoding to the intended one.
- * can be: a supported xml encoding (only UTF-8 and ISO-8859-1 at present, unless mbstring is enabled),
- * null (leave unspecified in response, convert output stream to US_ASCII),
- * 'default' (use xmlrpc library default as specified in xmlrpc.inc, convert output stream if needed),
- * or 'auto' (use client-specified charset encoding or same as request if request headers do not specify it (unless request is US-ASCII: then use library default anyway).
- * NB: pretty dangerous if you accept every charset and do not have mbstring enabled)
- */
- var $response_charset_encoding = '';
- /// storage for internal debug info
- var $debug_info = '';
- /// extra data passed at runtime to method handling functions. Used only by EPI layer
- var $user_data = null;
-
- /**
- * @param array $dispmap the dispatch map withd efinition of exposed services
- * @param boolean $servicenow set to false to prevent the server from runnung upon construction
- */
- function xmlrpc_server($dispMap=null, $serviceNow=true)
- {
- // if ZLIB is enabled, let the server by default accept compressed requests,
- // and compress responses sent to clients that support them
- if(function_exists('gzinflate'))
- {
- $this->accepted_compression = array('gzip', 'deflate');
- $this->compress_response = true;
- }
-
- // by default the xml parser can support these 3 charset encodings
- $this->accepted_charset_encodings = array('UTF-8', 'ISO-8859-1', 'US-ASCII');
-
- // dispMap is a dispatch array of methods
- // mapped to function names and signatures
- // if a method
- // doesn't appear in the map then an unknown
- // method error is generated
- /* milosch - changed to make passing dispMap optional.
- * instead, you can use the class add_to_map() function
- * to add functions manually (borrowed from SOAPX4)
- */
- if($dispMap)
- {
- $this->dmap = $dispMap;
- if($serviceNow)
- {
- $this->service();
- }
- }
- }
-
- /**
- * Set debug level of server.
- * @param integer $in debug lvl: determines info added to xmlrpc responses (as xml comments)
- * 0 = no debug info,
- * 1 = msgs set from user with debugmsg(),
- * 2 = add complete xmlrpc request (headers and body),
- * 3 = add also all processing warnings happened during method processing
- * (NB: this involves setting a custom error handler, and might interfere
- * with the standard processing of the php function exposed as method. In
- * particular, triggering an USER_ERROR level error will not halt script
- * execution anymore, but just end up logged in the xmlrpc response)
- * Note that info added at elevel 2 and 3 will be base64 encoded
- * @access public
- */
- function setDebug($in)
- {
- $this->debug=$in;
- }
-
- /**
- * Return a string with the serialized representation of all debug info
- * @param string $charset_encoding the target charset encoding for the serialization
- * @return string an XML comment (or two)
- */
- function serializeDebug($charset_encoding='')
- {
- // Tough encoding problem: which internal charset should we assume for debug info?
- // It might contain a copy of raw data received from client, ie with unknown encoding,
- // intermixed with php generated data and user generated data...
- // so we split it: system debug is base 64 encoded,
- // user debug info should be encoded by the end user using the INTERNAL_ENCODING
- $out = '';
- if ($this->debug_info != '')
- {
- $out .= "\n";
- }
- if($GLOBALS['_xmlrpc_debuginfo']!='')
- {
-
- $out .= "\n";
- // NB: a better solution MIGHT be to use CDATA, but we need to insert it
- // into return payload AFTER the beginning tag
- //$out .= "', ']_]_>', $GLOBALS['_xmlrpc_debuginfo']) . "\n]]>\n";
- }
- return $out;
- }
-
- /**
- * Execute the xmlrpc request, printing the response
- * @param string $data the request body. If null, the http POST request will be examined
- * @return xmlrpcresp the response object (usually not used by caller...)
- * @access public
- */
- function service($data=null, $return_payload=false)
- {
- if ($data === null)
- {
- // workaround for a known bug in php ver. 5.2.2 that broke $HTTP_RAW_POST_DATA
- $ver = phpversion();
- if ($ver[0] >= 5)
- {
- $data = file_get_contents('php://input');
- }
- else
- {
- $data = isset($GLOBALS['HTTP_RAW_POST_DATA']) ? $GLOBALS['HTTP_RAW_POST_DATA'] : '';
- }
- }
- $raw_data = $data;
-
- // reset internal debug info
- $this->debug_info = '';
-
- // Echo back what we received, before parsing it
- if($this->debug > 1)
- {
- $this->debugmsg("+++GOT+++\n" . $data . "\n+++END+++");
- }
-
- $r = $this->parseRequestHeaders($data, $req_charset, $resp_charset, $resp_encoding);
- if (!$r)
- {
- $r=$this->parseRequest($data, $req_charset);
- }
-
- // save full body of request into response, for more debugging usages
- $r->raw_data = $raw_data;
-
- if($this->debug > 2 && $GLOBALS['_xmlrpcs_occurred_errors'])
- {
- $this->debugmsg("+++PROCESSING ERRORS AND WARNINGS+++\n" .
- $GLOBALS['_xmlrpcs_occurred_errors'] . "+++END+++");
- }
-
- $payload=$this->xml_header($resp_charset);
- if($this->debug > 0)
- {
- $payload = $payload . $this->serializeDebug($resp_charset);
- }
-
- // G. Giunta 2006-01-27: do not create response serialization if it has
- // already happened. Helps building json magic
- if (empty($r->payload))
- {
- $r->serialize($resp_charset);
- }
- $payload = $payload . $r->payload;
-
- if ($return_payload)
- {
- return $payload;
- }
-
- // if we get a warning/error that has output some text before here, then we cannot
- // add a new header. We cannot say we are sending xml, either...
- if(!headers_sent())
- {
- header('Content-Type: '.$r->content_type);
- // we do not know if client actually told us an accepted charset, but if he did
- // we have to tell him what we did
- header("Vary: Accept-Charset");
-
- // http compression of output: only
- // if we can do it, and we want to do it, and client asked us to,
- // and php ini settings do not force it already
- $php_no_self_compress = !ini_get('zlib.output_compression') && (ini_get('output_handler') != 'ob_gzhandler');
- if($this->compress_response && function_exists('gzencode') && $resp_encoding != ''
- && $php_no_self_compress)
- {
- if(strpos($resp_encoding, 'gzip') !== false)
- {
- $payload = gzencode($payload);
- header("Content-Encoding: gzip");
- header("Vary: Accept-Encoding");
- }
- elseif (strpos($resp_encoding, 'deflate') !== false)
- {
- $payload = gzcompress($payload);
- header("Content-Encoding: deflate");
- header("Vary: Accept-Encoding");
- }
- }
-
- // do not ouput content-length header if php is compressing output for us:
- // it will mess up measurements
- if($php_no_self_compress)
- {
- header('Content-Length: ' . (int)strlen($payload));
- }
- }
- else
- {
- error_log('XML-RPC: xmlrpc_server::service: http headers already sent before response is fully generated. Check for php warning or error messages');
- }
-
- print $payload;
-
- // return request, in case subclasses want it
- return $r;
- }
-
- /**
- * Add a method to the dispatch map
- * @param string $methodname the name with which the method will be made available
- * @param string $function the php function that will get invoked
- * @param array $sig the array of valid method signatures
- * @param string $doc method documentation
- * @param array $sigdoc the array of valid method signatures docs (one string per param, one for return type)
- * @access public
- */
- function add_to_map($methodname,$function,$sig=null,$doc=false,$sigdoc=false)
- {
- $this->dmap[$methodname] = array(
- 'function' => $function,
- 'docstring' => $doc
- );
- if ($sig)
- {
- $this->dmap[$methodname]['signature'] = $sig;
- }
- if ($sigdoc)
- {
- $this->dmap[$methodname]['signature_docs'] = $sigdoc;
- }
- }
-
- /**
- * Verify type and number of parameters received against a list of known signatures
- * @param array $in array of either xmlrpcval objects or xmlrpc type definitions
- * @param array $sig array of known signatures to match against
- * @access private
- */
- function verifySignature($in, $sig)
- {
- // check each possible signature in turn
- if (is_object($in))
- {
- $numParams = $in->getNumParams();
- }
- else
- {
- $numParams = count($in);
- }
- foreach($sig as $cursig)
- {
- if(count($cursig)==$numParams+1)
- {
- $itsOK=1;
- for($n=0; $n<$numParams; $n++)
- {
- if (is_object($in))
- {
- $p=$in->getParam($n);
- if($p->kindOf() == 'scalar')
- {
- $pt=$p->scalartyp();
- }
- else
- {
- $pt=$p->kindOf();
- }
- }
- else
- {
- $pt= $in[$n] == 'i4' ? 'int' : $in[$n]; // dispatch maps never use i4...
- }
-
- // param index is $n+1, as first member of sig is return type
- if($pt != $cursig[$n+1] && $cursig[$n+1] != $GLOBALS['xmlrpcValue'])
- {
- $itsOK=0;
- $pno=$n+1;
- $wanted=$cursig[$n+1];
- $got=$pt;
- break;
- }
- }
- if($itsOK)
- {
- return array(1,'');
- }
- }
- }
- if(isset($wanted))
- {
- return array(0, "Wanted ${wanted}, got ${got} at param ${pno}");
- }
- else
- {
- return array(0, "No method signature matches number of parameters");
- }
- }
-
- /**
- * Parse http headers received along with xmlrpc request. If needed, inflate request
- * @return null on success or an xmlrpcresp
- * @access private
- */
- function parseRequestHeaders(&$data, &$req_encoding, &$resp_encoding, &$resp_compression)
- {
- // Play nice to PHP 4.0.x: superglobals were not yet invented...
- if(!isset($_SERVER))
- {
- $_SERVER = $GLOBALS['HTTP_SERVER_VARS'];
- }
-
- if($this->debug > 1)
- {
- if(function_exists('getallheaders'))
- {
- $this->debugmsg(''); // empty line
- foreach(getallheaders() as $name => $val)
- {
- $this->debugmsg("HEADER: $name: $val");
- }
- }
-
- }
-
- if(isset($_SERVER['HTTP_CONTENT_ENCODING']))
- {
- $content_encoding = str_replace('x-', '', $_SERVER['HTTP_CONTENT_ENCODING']);
- }
- else
- {
- $content_encoding = '';
- }
-
- // check if request body has been compressed and decompress it
- if($content_encoding != '' && strlen($data))
- {
- if($content_encoding == 'deflate' || $content_encoding == 'gzip')
- {
- // if decoding works, use it. else assume data wasn't gzencoded
- if(function_exists('gzinflate') && in_array($content_encoding, $this->accepted_compression))
- {
- if($content_encoding == 'deflate' && $degzdata = @gzuncompress($data))
- {
- $data = $degzdata;
- if($this->debug > 1)
- {
- $this->debugmsg("\n+++INFLATED REQUEST+++[".strlen($data)." chars]+++\n" . $data . "\n+++END+++");
- }
- }
- elseif($content_encoding == 'gzip' && $degzdata = @gzinflate(substr($data, 10)))
- {
- $data = $degzdata;
- if($this->debug > 1)
- $this->debugmsg("+++INFLATED REQUEST+++[".strlen($data)." chars]+++\n" . $data . "\n+++END+++");
- }
- else
- {
- $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['server_decompress_fail'], $GLOBALS['xmlrpcstr']['server_decompress_fail']);
- return $r;
- }
- }
- else
- {
- //error_log('The server sent deflated data. Your php install must have the Zlib extension compiled in to support this.');
- $r = new xmlrpcresp(0, $GLOBALS['xmlrpcerr']['server_cannot_decompress'], $GLOBALS['xmlrpcstr']['server_cannot_decompress']);
- return $r;
- }
- }
- }
-
- // check if client specified accepted charsets, and if we know how to fulfill
- // the request
- if ($this->response_charset_encoding == 'auto')
- {
- $resp_encoding = '';
- if (isset($_SERVER['HTTP_ACCEPT_CHARSET']))
- {
- // here we should check if we can match the client-requested encoding
- // with the encodings we know we can generate.
- /// @todo we should parse q=0.x preferences instead of getting first charset specified...
- $client_accepted_charsets = explode(',', strtoupper($_SERVER['HTTP_ACCEPT_CHARSET']));
- // Give preference to internal encoding
- $known_charsets = array($GLOBALS['xmlrpc_internalencoding'], 'UTF-8', 'ISO-8859-1', 'US-ASCII');
- foreach ($known_charsets as $charset)
- {
- foreach ($client_accepted_charsets as $accepted)
- if (strpos($accepted, $charset) === 0)
- {
- $resp_encoding = $charset;
- break;
- }
- if ($resp_encoding)
- break;
- }
- }
- }
- else
- {
- $resp_encoding = $this->response_charset_encoding;
- }
-
- if (isset($_SERVER['HTTP_ACCEPT_ENCODING']))
- {
- $resp_compression = $_SERVER['HTTP_ACCEPT_ENCODING'];
- }
- else
- {
- $resp_compression = '';
- }
-
- // 'guestimate' request encoding
- /// @todo check if mbstring is enabled and automagic input conversion is on: it might mingle with this check???
- $req_encoding = guess_encoding(isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : '',
- $data);
-
- return null;
- }
-
- /**
- * Parse an xml chunk containing an xmlrpc request and execute the corresponding
- * php function registered with the server
- * @param string $data the xml request
- * @param string $req_encoding (optional) the charset encoding of the xml request
- * @return xmlrpcresp
- * @access private
- */
- function parseRequest($data, $req_encoding='')
- {
- // 2005/05/07 commented and moved into caller function code
- //if($data=='')
- //{
- // $data=$GLOBALS['HTTP_RAW_POST_DATA'];
- //}
-
- // G. Giunta 2005/02/13: we do NOT expect to receive html entities
- // so we do not try to convert them into xml character entities
- //$data = xmlrpc_html_entity_xlate($data);
-
- $GLOBALS['_xh']=array();
- $GLOBALS['_xh']['ac']='';
- $GLOBALS['_xh']['stack']=array();
- $GLOBALS['_xh']['valuestack'] = array();
- $GLOBALS['_xh']['params']=array();
- $GLOBALS['_xh']['pt']=array();
- $GLOBALS['_xh']['isf']=0;
- $GLOBALS['_xh']['isf_reason']='';
- $GLOBALS['_xh']['method']=false; // so we can check later if we got a methodname or not
- $GLOBALS['_xh']['rt']='';
-
- // decompose incoming XML into request structure
- if ($req_encoding != '')
- {
- if (!in_array($req_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII')))
- // the following code might be better for mb_string enabled installs, but
- // makes the lib about 200% slower...
- //if (!is_valid_charset($req_encoding, array('UTF-8', 'ISO-8859-1', 'US-ASCII')))
- {
- error_log('XML-RPC: xmlrpc_server::parseRequest: invalid charset encoding of received request: '.$req_encoding);
- $req_encoding = $GLOBALS['xmlrpc_defencoding'];
- }
- /// @BUG this will fail on PHP 5 if charset is not specified in the xml prologue,
- // the encoding is not UTF8 and there are non-ascii chars in the text...
- /// @todo use an ampty string for php 5 ???
- $parser = xml_parser_create($req_encoding);
- }
- else
- {
- $parser = xml_parser_create();
- }
-
- xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, true);
- // G. Giunta 2005/02/13: PHP internally uses ISO-8859-1, so we have to tell
- // the xml parser to give us back data in the expected charset
- // What if internal encoding is not in one of the 3 allowed?
- // we use the broadest one, ie. utf8
- // This allows to send data which is native in various charset,
- // by extending xmlrpc_encode_entitites() and setting xmlrpc_internalencoding
- if (!in_array($GLOBALS['xmlrpc_internalencoding'], array('UTF-8', 'ISO-8859-1', 'US-ASCII')))
- {
- xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, 'UTF-8');
- }
- else
- {
- xml_parser_set_option($parser, XML_OPTION_TARGET_ENCODING, $GLOBALS['xmlrpc_internalencoding']);
- }
-
- if ($this->functions_parameters_type != 'xmlrpcvals')
- xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee_fast');
- else
- xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee');
- xml_set_character_data_handler($parser, 'xmlrpc_cd');
- xml_set_default_handler($parser, 'xmlrpc_dh');
- if(!xml_parse($parser, $data, 1))
- {
- // return XML error as a faultCode
- $r= new xmlrpcresp(0,
- $GLOBALS['xmlrpcerrxml']+xml_get_error_code($parser),
- sprintf('XML error: %s at line %d, column %d',
- xml_error_string(xml_get_error_code($parser)),
- xml_get_current_line_number($parser), xml_get_current_column_number($parser)));
- xml_parser_free($parser);
- }
- elseif ($GLOBALS['_xh']['isf'])
- {
- xml_parser_free($parser);
- $r= new xmlrpcresp(0,
- $GLOBALS['xmlrpcerr']['invalid_request'],
- $GLOBALS['xmlrpcstr']['invalid_request'] . ' ' . $GLOBALS['_xh']['isf_reason']);
- }
- else
- {
- xml_parser_free($parser);
- if ($this->functions_parameters_type != 'xmlrpcvals')
- {
- if($this->debug > 1)
- {
- $this->debugmsg("\n+++PARSED+++\n".var_export($GLOBALS['_xh']['params'], true)."\n+++END+++");
- }
- $r = $this->execute($GLOBALS['_xh']['method'], $GLOBALS['_xh']['params'], $GLOBALS['_xh']['pt']);
- }
- else
- {
- // build an xmlrpcmsg object with data parsed from xml
- $m= new xmlrpcmsg($GLOBALS['_xh']['method']);
- // now add parameters in
- for($i=0; $iaddParam($GLOBALS['_xh']['params'][$i]);
- }
-
- if($this->debug > 1)
- {
- $this->debugmsg("\n+++PARSED+++\n".var_export($m, true)."\n+++END+++");
- }
- $r = $this->execute($m);
- }
- }
- return $r;
- }
-
- /**
- * Execute a method invoked by the client, checking parameters used
- * @param mixed $m either an xmlrpcmsg obj or a method name
- * @param array $params array with method parameters as php types (if m is method name only)
- * @param array $paramtypes array with xmlrpc types of method parameters (if m is method name only)
- * @return xmlrpcresp
- * @access private
- */
- function execute($m, $params=null, $paramtypes=null)
- {
- if (is_object($m))
- {
- $methName = $m->method();
- }
- else
- {
- $methName = $m;
- }
- $sysCall = $this->allow_system_funcs && (strpos($methName, "system.") === 0);
- $dmap = $sysCall ? $GLOBALS['_xmlrpcs_dmap'] : $this->dmap;
-
- if(!isset($dmap[$methName]['function']))
- {
- // No such method
- return new xmlrpcresp(0,
- $GLOBALS['xmlrpcerr']['unknown_method'],
- $GLOBALS['xmlrpcstr']['unknown_method']);
- }
-
- // Check signature
- if(isset($dmap[$methName]['signature']))
- {
- $sig = $dmap[$methName]['signature'];
- if (is_object($m))
- {
- list($ok, $errstr) = $this->verifySignature($m, $sig);
- }
- else
- {
- list($ok, $errstr) = $this->verifySignature($paramtypes, $sig);
- }
- if(!$ok)
- {
- // Didn't match.
- return new xmlrpcresp(
- 0,
- $GLOBALS['xmlrpcerr']['incorrect_params'],
- $GLOBALS['xmlrpcstr']['incorrect_params'] . ": ${errstr}"
- );
- }
- }
-
- $func = $dmap[$methName]['function'];
- // let the 'class::function' syntax be accepted in dispatch maps
- if(is_string($func) && strpos($func, '::'))
- {
- $func = explode('::', $func);
- }
- // verify that function to be invoked is in fact callable
- if(!is_callable($func))
- {
- error_log("XML-RPC: xmlrpc_server::execute: function $func registered as method handler is not callable");
- return new xmlrpcresp(
- 0,
- $GLOBALS['xmlrpcerr']['server_error'],
- $GLOBALS['xmlrpcstr']['server_error'] . ": no function matches method"
- );
- }
-
- // If debug level is 3, we should catch all errors generated during
- // processing of user function, and log them as part of response
- if($this->debug > 2)
- {
- $GLOBALS['_xmlrpcs_prev_ehandler'] = set_error_handler('_xmlrpcs_errorHandler');
- }
- if (is_object($m))
- {
- if($sysCall)
- {
- $r = call_user_func($func, $this, $m);
- }
- else
- {
- $r = call_user_func($func, $m);
- }
- if (!is_a($r, 'xmlrpcresp'))
- {
- error_log("XML-RPC: xmlrpc_server::execute: function $func registered as method handler does not return an xmlrpcresp object");
- if (is_a($r, 'xmlrpcval'))
- {
- $r = new xmlrpcresp($r);
- }
- else
- {
- $r = new xmlrpcresp(
- 0,
- $GLOBALS['xmlrpcerr']['server_error'],
- $GLOBALS['xmlrpcstr']['server_error'] . ": function does not return xmlrpcresp object"
- );
- }
- }
- }
- else
- {
- // call a 'plain php' function
- if($sysCall)
- {
- array_unshift($params, $this);
- $r = call_user_func_array($func, $params);
- }
- else
- {
- // 3rd API convention for method-handling functions: EPI-style
- if ($this->functions_parameters_type == 'epivals')
- {
- $r = call_user_func_array($func, array($methName, $params, $this->user_data));
- // mimic EPI behaviour: if we get an array that looks like an error, make it
- // an eror response
- if (is_array($r) && array_key_exists('faultCode', $r) && array_key_exists('faultString', $r))
- {
- $r = new xmlrpcresp(0, (integer)$r['faultCode'], (string)$r['faultString']);
- }
- else
- {
- // functions using EPI api should NOT return resp objects,
- // so make sure we encode the return type correctly
- $r = new xmlrpcresp(php_xmlrpc_encode($r, array('extension_api')));
- }
- }
- else
- {
- $r = call_user_func_array($func, $params);
- }
- }
- // the return type can be either an xmlrpcresp object or a plain php value...
- if (!is_a($r, 'xmlrpcresp'))
- {
- // what should we assume here about automatic encoding of datetimes
- // and php classes instances???
- $r = new xmlrpcresp(php_xmlrpc_encode($r, array('auto_dates')));
- }
- }
- if($this->debug > 2)
- {
- // note: restore the error handler we found before calling the
- // user func, even if it has been changed inside the func itself
- if($GLOBALS['_xmlrpcs_prev_ehandler'])
- {
- set_error_handler($GLOBALS['_xmlrpcs_prev_ehandler']);
- }
- else
- {
- restore_error_handler();
- }
- }
- return $r;
- }
-
- /**
- * add a string to the 'internal debug message' (separate from 'user debug message')
- * @param string $strings
- * @access private
- */
- function debugmsg($string)
- {
- $this->debug_info .= $string."\n";
- }
-
- /**
- * @access private
- */
- function xml_header($charset_encoding='')
- {
- if ($charset_encoding != '')
- {
- return "\n";
- }
- else
- {
- return "\n";
- }
- }
-
- /**
- * A debugging routine: just echoes back the input packet as a string value
- * DEPRECATED!
- */
- function echoInput()
- {
- $r= new xmlrpcresp(new xmlrpcval( "'Aha said I: '" . $GLOBALS['HTTP_RAW_POST_DATA'], 'string'));
- print $r->serialize();
- }
- }
-?>
\ No newline at end of file
diff --git a/web/profile.php b/web/profile.php
deleted file mode 100644
index d4c1ca4..0000000
--- a/web/profile.php
+++ /dev/null
@@ -1,691 +0,0 @@
- $row["classifieduuid"],
- "name" => $row["name"]);
- }
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'data' => $data
- ));
-
- print $response_xml;
-}
-
-# Classifieds Update
-
-xmlrpc_server_register_method($xmlrpc_server, "classified_update",
- "classified_update");
-
-function classified_update($method_name, $params, $app_data)
-{
- global $zeroUUID;
-
- $req = $params[0];
-
- $classifieduuid = $req['classifiedUUID'];
- $creator = $req['creatorUUID'];
- $category = $req['category'];
- $name = $req['name'];
- $description = $req['description'];
- $parceluuid = $req['parcelUUID'];
- $parentestate = $req['parentestate'];
- $snapshotuuid = $req['snapshotUUID'];
- $simname = $req['sim_name'];
- $parcelname = $req['parcelname'];
- $globalpos = $req['globalpos'];
- $classifiedflag = $req['classifiedFlags'];
- $priceforlist = $req['classifiedPrice'];
-
- // Check if we already have this one in the database
- $check = mysql_query("SELECT COUNT(*) FROM classifieds WHERE ".
- "classifieduuid = '". mysql_real_escape_string($classifieduuid) ."'");
-
- while ($row = mysql_fetch_row($check))
- {
- $ready = $row[0];
- }
-
- // Doing some late checking
- // Should be done by the module but let's see what happens when
- // I do it here
-
- if ($parcelname == "")
- $parcelname = "Unknown";
-
- if ($parceluuid == "")
- $parceluuid = $zeroUUID;
-
- if ($description == "")
- $description = "No Description";
-
- //If PG, Mature, and Adult flags are all 0 assume PG and set bit 2.
- //This works around what might be a viewer bug regarding the flags.
- //The ossearch query.php file expects bit 2 set for any PG listing.
- if (($classifiedflag & 76) == 0)
- $classifiedflag |= 4;
-
- if ($ready == 0)
- {
- //Renew Weekly flag is 32 (1 << 5)
- if (($classifiedflag & 32) == 0)
- {
- $creationdate = time();
- $expirationdate = time() + (7 * 24 * 60 * 60);
- }
- else
- {
- $creationdate = time();
- $expirationdate = time() + (52 * 7 * 24 * 60 * 60);
- }
-
- $sql = "INSERT INTO classifieds VALUES ".
- "('". mysql_real_escape_string($classifieduuid) ."',".
- "'". mysql_real_escape_string($creator) ."',".
- "". mysql_real_escape_string($creationdate) .",".
- "". mysql_real_escape_string($expirationdate) .",".
- "'". mysql_real_escape_string($category) ."',".
- "'". mysql_real_escape_string($name) ."',".
- "'". mysql_real_escape_string($description) ."',".
- "'". mysql_real_escape_string($parceluuid) ."',".
- "". mysql_real_escape_string($parentestate) .",".
- "'". mysql_real_escape_string($snapshotuuid) ."',".
- "'". mysql_real_escape_string($simname) ."',".
- "'". mysql_real_escape_string($globalpos) ."',".
- "'". $parcelname ."',".
- "". mysql_real_escape_string($classifiedflag) .",".
- "". mysql_real_escape_string($priceforlist) .")";
- }
- else
- {
- $expirationdate = $creationdate + (52 * 7 * 24 * 60 * 60);
-
- $sql = "UPDATE classifieds SET ".
- "`creatoruuid`='". mysql_real_escape_string($creator)."',".
- "`expirationdate`=". mysql_real_escape_string($expirationdate).",".
- "`category`='". mysql_real_escape_string($category)."',".
- "`name`='". mysql_real_escape_string($name)."',".
- "`description`='". mysql_real_escape_string($description)."',".
- "`parceluuid`='". mysql_real_escape_string($parceluuid)."',".
- "`parentestate`=". mysql_real_escape_string($parentestate).",".
- "`snapshotuuid`='". mysql_real_escape_string($snapshotuuid)."',".
- "`simname`='". mysql_real_escape_string($simname)."',".
- "`posglobal`='". mysql_real_escape_string($globalpos)."',".
- "`parcelname`='". $parcelname."',".
- "`classifiedflags`=". mysql_real_escape_string($classifiedflag).",".
- "`priceforlisting`=". mysql_real_escape_string($priceforlist).
- " WHERE ".
- "`classifieduuid`='". mysql_real_escape_string($classifieduuid)."'";
- }
-
- // Create a new record for this classified
- $result = mysql_query($sql);
-
- $response_xml = xmlrpc_encode(array(
- 'success' => $result,
- 'errorMessage' => mysql_error()
- ));
-
- print $response_xml;
-}
-
-# Classifieds Delete
-
-xmlrpc_server_register_method($xmlrpc_server, "classified_delete",
- "classified_delete");
-
-function classified_delete($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $classifieduuid = $req['classifiedID'];
-
- $result = mysql_query("DELETE FROM classifieds WHERE ".
- "classifieduuid = '".mysql_real_escape_string($classifieduuid) ."'");
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'data' => $data
- ));
-
- print $response_xml;
-}
-
-#
-# Picks
-#
-
-# Avatar Picks Request
-
-xmlrpc_server_register_method($xmlrpc_server, "avatarpicksrequest",
- "avatarpicksrequest");
-
-function avatarpicksrequest($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $uuid = $req['uuid'];
-
- $data = array();
-
- $result = mysql_query("SELECT `pickuuid`,`name` FROM userpicks WHERE ".
- "creatoruuid = '". mysql_real_escape_string($uuid) ."'");
-
- while (($row = mysql_fetch_assoc($result)))
- {
- $data[] = array(
- "pickid" => $row["pickuuid"],
- "name" => $row["name"]);
- }
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'data' => $data
- ));
-
- print $response_xml;
-}
-
-# Request Picks for User
-
-xmlrpc_server_register_method($xmlrpc_server, "pickinforequest",
- "pickinforequest");
-
-function pickinforequest($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $uuid = $req['avatar_id'];
- $pick = $req['pick_id'];
-
- $data = array();
-
- $result = mysql_query("SELECT * FROM userpicks WHERE ".
- "creatoruuid = '". mysql_real_escape_string($uuid) ."' AND ".
- "pickuuid = '". mysql_real_escape_string($pick) ."'");
-
- $row = mysql_fetch_assoc($result);
- if ($row != False)
- {
- if ($row["description"] == null || $row["description"] == "")
- $row["description"] = "No description given";
-
- $data[] = array(
- "pickuuid" => $row["pickuuid"],
- "creatoruuid" => $row["creatoruuid"],
- "toppick" => $row["toppick"],
- "parceluuid" => $row["parceluuid"],
- "name" => $row["name"],
- "description" => $row["description"],
- "snapshotuuid" => $row["snapshotuuid"],
- "user" => $row["user"],
- "originalname" => $row["originalname"],
- "simname" => $row["simname"],
- "posglobal" => $row["posglobal"],
- "sortorder"=> $row["sortorder"],
- "enabled" => $row["enabled"]);
- }
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'data' => $data
- ));
-
- print $response_xml;
-}
-
-# Picks Update
-
-xmlrpc_server_register_method($xmlrpc_server, "picks_update",
- "picks_update");
-
-function picks_update($method_name, $params, $app_data)
-{
- global $zeroUUID;
-
- $req = $params[0];
-
- $pickuuid = $req['pick_id'];
- $creator = $req['creator_id'];
- $toppick = $req['top_pick'];
- $name = $req['name'];
- $description = $req['desc'];
- $parceluuid = $req['parcel_uuid'];
- $snapshotuuid = $req['snapshot_id'];
- $user = $req['user'];
- $simname = $req['sim_name'];
- $posglobal = $req['pos_global'];
- $sortorder = $req['sort_order'];
- $enabled = $req['enabled'];
-
- if ($parceluuid == "")
- $parceluuid = $zeroUUID;
-
- if ($description == "")
- $description = "No Description";
-
- // Check if we already have this one in the database
- $check = mysql_query("SELECT COUNT(*) FROM userpicks WHERE ".
- "pickuuid = '". mysql_real_escape_string($pickuuid) ."'");
-
- $row = mysql_fetch_row($check);
-
- if ($row[0] == 0)
- {
- if ($user == null || $user == "")
- $user = "Unknown";
-
- //The original parcel name is the same as the name of the
- //profile pick when a new profile pick is being created.
- $original = $name;
-
- $query = "INSERT INTO userpicks VALUES ".
- "('". mysql_real_escape_string($pickuuid) ."',".
- "'". mysql_real_escape_string($creator) ."',".
- "'". mysql_real_escape_string($toppick) ."',".
- "'". mysql_real_escape_string($parceluuid) ."',".
- "'". mysql_real_escape_string($name) ."',".
- "'". mysql_real_escape_string($description) ."',".
- "'". mysql_real_escape_string($snapshotuuid) ."',".
- "'". mysql_real_escape_string($user) ."',".
- "'". mysql_real_escape_string($original) ."',".
- "'". mysql_real_escape_string($simname) ."',".
- "'". mysql_real_escape_string($posglobal) ."',".
- "'". mysql_real_escape_string($sortorder) ."',".
- "'". mysql_real_escape_string($enabled) ."')";
- }
- else
- {
- $query = "UPDATE userpicks SET " .
- "parceluuid = '". mysql_real_escape_string($parceluuid) . "', " .
- "name = '". mysql_real_escape_string($name) . "', " .
- "description = '". mysql_real_escape_string($description) . "', " .
- "snapshotuuid = '". mysql_real_escape_string($snapshotuuid) . "' WHERE ".
- "pickuuid = '". mysql_real_escape_string($pickuuid) ."'";
- }
-
- $result = mysql_query($query);
- if ($result != False)
- $result = True;
-
- $response_xml = xmlrpc_encode(array(
- 'success' => $result,
- 'errorMessage' => mysql_error()
- ));
-
- print $response_xml;
-}
-
-# Picks Delete
-
-xmlrpc_server_register_method($xmlrpc_server, "picks_delete",
- "picks_delete");
-
-function picks_delete($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $pickuuid = $req['pick_id'];
-
- $result = mysql_query("DELETE FROM userpicks WHERE ".
- "pickuuid = '".mysql_real_escape_string($pickuuid) ."'");
-
- if ($result != False)
- $result = True;
-
- $response_xml = xmlrpc_encode(array(
- 'success' => $result,
- 'errorMessage' => mysql_error()
- ));
-
- print $response_xml;
-}
-
-#
-# Notes
-#
-
-# Avatar Notes Request
-
-
-xmlrpc_server_register_method($xmlrpc_server, "avatarnotesrequest",
- "avatarnotesrequest");
-
-function avatarnotesrequest($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $uuid = $req['avatar_id'];
- $targetuuid = $req['uuid'];
-
- $result = mysql_query("SELECT notes FROM usernotes WHERE ".
- "useruuid = '". mysql_real_escape_string($uuid) ."' AND ".
- "targetuuid = '". mysql_real_escape_string($targetuuid) ."'");
-
- $row = mysql_fetch_row($result);
- if ($row == False)
- $notes = "";
- else
- $notes = $row[0];
-
- $data[] = array(
- "targetid" => $targetuuid,
- "notes" => $notes);
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'data' => $data
- ));
-
- print $response_xml;
-}
-
-# Avatar Notes Update
-
-xmlrpc_server_register_method($xmlrpc_server, "avatar_notes_update",
- "avatar_notes_update");
-
-function avatar_notes_update($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $uuid = $req['avatar_id'];
- $targetuuid = $req['target_id'];
- $notes = $req['notes'];
-
- // Check if we already have this one in the database
-
- $check = mysql_query("SELECT COUNT(*) FROM usernotes WHERE ".
- "useruuid = '". mysql_real_escape_string($uuid) ."' AND ".
- "targetuuid = '". mysql_real_escape_string($targetuuid) ."'");
-
- $row = mysql_fetch_row($check);
-
- if ($row[0] == 0)
- {
- // Create a new record for this avatar note
- $result = mysql_query("INSERT INTO usernotes VALUES ".
- "('". mysql_real_escape_string($uuid) ."',".
- "'". mysql_real_escape_string($targetuuid) ."',".
- "'". mysql_real_escape_string($notes) ."')");
- }
- else if ($notes == "")
- {
- // Delete the record for this avatar note
- $result = mysql_query("DELETE FROM usernotes WHERE ".
- "useruuid = '". mysql_real_escape_string($uuid) ."' AND ".
- "targetuuid = '". mysql_real_escape_string($targetuuid) ."'");
- }
- else
- {
- // Update the existing record
- $result = mysql_query("UPDATE usernotes SET ".
- "notes = '". mysql_real_escape_string($notes) ."' WHERE ".
- "useruuid = '". mysql_real_escape_string($uuid) ."' AND ".
- "targetuuid = '". mysql_real_escape_string($targetuuid) ."'");
- }
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True
- ));
-
- print $response_xml;
-}
-
-# Profile bits
-
-xmlrpc_server_register_method($xmlrpc_server, "avatar_properties_request",
- "avatar_properties_request");
-
-function avatar_properties_request($method_name, $params, $app_data)
-{
- global $zeroUUID;
-
- $req = $params[0];
-
- $uuid = $req['avatar_id'];
-
- $result = mysql_query("SELECT * FROM userprofile WHERE ".
- "useruuid = '". mysql_real_escape_string($uuid) ."'");
- $row = mysql_fetch_assoc($result);
-
- if ($row != False)
- {
- $data[] = array(
- "ProfileUrl" => $row["profileURL"],
- "Image" => $row["profileImage"],
- "AboutText" => $row["profileAboutText"],
- "FirstLifeImage" => $row["profileFirstImage"],
- "FirstLifeAboutText" => $row["profileFirstText"],
- "Partner" => $row["profilePartner"],
-
- //Return interest data along with avatar properties
- "wantmask" => $row["profileWantToMask"],
- "wanttext" => $row["profileWantToText"],
- "skillsmask" => $row["profileSkillsMask"],
- "skillstext" => $row["profileSkillsText"],
- "languages" => $row["profileLanguages"]);
- }
- else
- {
- //Insert empty record for avatar.
- //FIXME: Should this only be done when asking for ones own profile?
- $sql = "INSERT INTO userprofile VALUES ( ".
- "'". mysql_real_escape_string($uuid) ."', ".
- "'$zeroUUID', 0, 0, '', 0, '', 0, '', '', ".
- "'$zeroUUID', '', '$zeroUUID', '')";
- $result = mysql_query($sql);
-
- $data[] = array(
- "ProfileUrl" => "",
- "Image" => $zeroUUID,
- "AboutText" => "",
- "FirstLifeImage" => $zeroUUID,
- "FirstLifeAboutText" => "",
- "Partner" => $zeroUUID,
-
- "wantmask" => 0,
- "wanttext" => "",
- "skillsmask" => 0,
- "skillstext" => "",
- "languages" => "");
- }
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'data' => $data
- ));
-
- print $response_xml;
-}
-
-xmlrpc_server_register_method($xmlrpc_server, "avatar_properties_update",
- "avatar_properties_update");
-
-function avatar_properties_update($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $uuid = $req['avatar_id'];
- $profileURL = $req['ProfileUrl'];
- $image = $req['Image'];
- $abouttext = $req['AboutText'];
- $firstlifeimage = $req['FirstLifeImage'];
- $firstlifetext = $req['FirstLifeAboutText'];
-
- $result=mysql_query("UPDATE userprofile SET ".
- "profileURL='". mysql_real_escape_string($profileURL) ."', ".
- "profileImage='". mysql_real_escape_string($image) ."', ".
- "profileAboutText='". mysql_real_escape_string($abouttext) ."', ".
- "profileFirstImage='". mysql_real_escape_string($firstlifeimage) ."', ".
- "profileFirstText='". mysql_real_escape_string($firstlifetext) ."' ".
- "WHERE useruuid='". mysql_real_escape_string($uuid) ."'"
- );
-
- $response_xml = xmlrpc_encode(array(
- 'success' => $result,
- 'errorMessage' => mysql_error()
- ));
-
- print $response_xml;
-}
-
-
-// Profile Interests
-
-xmlrpc_server_register_method($xmlrpc_server, "avatar_interests_update",
- "avatar_interests_update");
-
-function avatar_interests_update($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $uuid = $req['avatar_id'];
- $wanttext = $req['wanttext'];
- $wantmask = $req['wantmask'];
- $skillstext = $req['skillstext'];
- $skillsmask = $req['skillsmask'];
- $languages = $req['languages'];
-
- $result = mysql_query("UPDATE userprofile SET ".
- "profileWantToMask = ". mysql_real_escape_string($wantmask) .",".
- "profileWantToText = '". mysql_real_escape_string($wanttext) ."',".
- "profileSkillsMask = ". mysql_real_escape_string($skillsmask) .",".
- "profileSkillsText = '". mysql_real_escape_string($skillstext) ."',".
- "profileLanguages = '". mysql_real_escape_string($languages) ."' ".
- "WHERE useruuid = '". mysql_real_escape_string($uuid) ."'"
- );
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True
- ));
-
- print $response_xml;
-}
-
-// User Preferences
-
-xmlrpc_server_register_method($xmlrpc_server, "user_preferences_request",
- "user_preferences_request");
-
-function user_preferences_request($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $uuid = $req['avatar_id'];
-
- $result = mysql_query("SELECT imviaemail,visible,email FROM usersettings WHERE ".
- "useruuid = '". mysql_real_escape_string($uuid) ."'");
-
- $row = mysql_fetch_assoc($result);
-
- if ($row != False)
- {
- $data[] = array(
- "imviaemail" => $row["imviaemail"],
- "visible" => $row["visible"],
- "email" => $row["email"]);
- }
- else
- {
- //Insert empty record for avatar.
- //NOTE: The 'false' values here are enums defined in database
- $sql = "INSERT INTO usersettings VALUES ".
- "('". mysql_real_escape_string($uuid) ."', ".
- "'false', 'false', '')";
- $result = mysql_query($sql);
-
- $data[] = array(
- "imviaemail" => False,
- "visible" => False,
- "email" => "");
- }
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'data' => $data
- ));
-
- print $response_xml;
-}
-
-xmlrpc_server_register_method($xmlrpc_server, "user_preferences_update",
- "user_preferences_update");
-
-function user_preferences_update($method_name, $params, $app_data)
-{
-
- $req = $params[0];
-
- $uuid = $req['avatar_id'];
- $wantim = $req['imViaEmail'];
- $directory = $req['visible'];
-
- $result = mysql_query("UPDATE usersettings SET ".
- "imviaemail = '".mysql_real_escape_string($wantim) ."', ".
- "visible = '".mysql_real_escape_string($directory) ."' WHERE ".
- "useruuid = '". mysql_real_escape_string($uuid) ."'");
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'data' => $data
- ));
-
- print $response_xml;
-}
-
-#
-# Process the request
-#
-
-$request_xml = file_get_contents("php://input");
-
-xmlrpc_server_call_method($xmlrpc_server, $request_xml, '');
-xmlrpc_server_destroy($xmlrpc_server);
-?>
diff --git a/web/query.php b/web/query.php
deleted file mode 100644
index 13b701b..0000000
--- a/web/query.php
+++ /dev/null
@@ -1,593 +0,0 @@
- 1)
- {
- $type = join($glue, $terms);
- if ($add_paren == True)
- $type = "(" . $type . ")";
- }
- else
- {
- if (count($terms) == 1)
- $type = $terms[0];
- else
- $type = "";
- }
-
- return $type;
-}
-
-
-function process_region_type_flags($flags)
-{
- $terms = array();
-
- if ($flags & 16777216) //IncludePG (1 << 24)
- $terms[] = "mature = 'PG'";
- if ($flags & 33554432) //IncludeMature (1 << 25)
- $terms[] = "mature = 'Mature'";
- if ($flags & 67108864) //IncludeAdult (1 << 26)
- $terms[] = "mature = 'Adult'";
-
- return join_terms(" OR ", $terms, True);
-}
-
-
-#
-# The XMLRPC server object
-#
-
-$xmlrpc_server = xmlrpc_server_create();
-
-#
-# Places Query
-#
-
-xmlrpc_server_register_method($xmlrpc_server, "dir_places_query",
- "dir_places_query");
-
-function dir_places_query($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $flags = $req['flags'];
- $text = $req['text'];
- $category = $req['category'];
- $query_start = $req['query_start'];
-
- $pieces = split(" ", $text);
- $text = join("%", $pieces);
-
- if ($text == "%%%")
- {
- $response_xml = xmlrpc_encode(array(
- 'success' => False,
- 'errorMessage' => "Invalid search terms"
- ));
-
- print $response_xml;
-
- return;
- }
-
- $terms = array();
-
- $type = process_region_type_flags($flags);
- if ($type != "")
- $type = " AND " . $type;
-
- if ($flags & 1024)
- $order = "dwell DESC,";
-
- if ($category > 0)
- $category = "searchcategory = '".mysql_real_escape_string($category)."' AND ";
- else
- $category = "";
-
- $text = mysql_real_escape_string($text);
- $result = mysql_query("SELECT * FROM parcels WHERE $category " .
- "(parcelname LIKE '%$text%'" .
- " OR description LIKE '%$text%')" .
- $type . " ORDER BY $order parcelname" .
- " LIMIT ".(0+$query_start).",101");
-
- $data = array();
- while (($row = mysql_fetch_assoc($result)))
- {
- $data[] = array(
- "parcel_id" => $row["infouuid"],
- "name" => $row["parcelname"],
- "for_sale" => "False",
- "auction" => "False",
- "dwell" => $row["dwell"]);
- }
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'errorMessage' => "",
- 'data' => $data
- ));
-
- print $response_xml;
-}
-
-#
-# Popular Places Query
-#
-
-xmlrpc_server_register_method($xmlrpc_server, "dir_popular_query",
- "dir_popular_query");
-
-function dir_popular_query($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $text = $req['text'];
- $flags = $req['flags'];
- $query_start = $req['query_start'];
-
- $terms = array();
-
- if ($flags & 0x1000) //PicturesOnly (1 << 12)
- $terms[] = "has_picture = 1";
-
- if ($flags & 0x0800) //PgSimsOnly (1 << 11)
- $terms[] = "mature = 0";
-
- if ($text != "")
- {
- $text = mysql_real_escape_string($text);
- $terms[] = "(name LIKE '%$text%')";
- }
-
- if (count($terms) > 0)
- $where = " WHERE " . join_terms(" AND ", $terms, False);
- else
- $where = "";
-
- $result = mysql_query("SELECT * FROM popularplaces" . $where .
- " LIMIT " . mysql_real_escape_string($query_start) . ",101");
-
- $data = array();
- while (($row = mysql_fetch_assoc($result)))
- {
- $data[] = array(
- "parcel_id" => $row["infoUUID"],
- "name" => $row["name"],
- "dwell" => $row["dwell"]);
- }
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'errorMessage' => "",
- 'data' => $data));
-
- print $response_xml;
-}
-
-#
-# Land Query
-#
-
-xmlrpc_server_register_method($xmlrpc_server, "dir_land_query",
- "dir_land_query");
-
-function dir_land_query($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $flags = $req['flags'];
- $type = $req['type'];
- $price = $req['price'];
- $area = $req['area'];
- $query_start = $req['query_start'];
-
- $terms = array();
-
- if ($type != 4294967295) //Include all types of land?
- {
- //Do this check first so we can bail out quickly on Auction search
- if (($type & 26) == 2) // Auction (from SearchTypeFlags enum)
- {
- $response_xml = xmlrpc_encode(array(
- 'success' => False,
- 'errorMessage' => "No auctions listed"));
-
- print $response_xml;
-
- return;
- }
-
- if (($type & 24) == 8) //Mainland (24=0x18 [bits 3 & 4])
- $terms[] = "parentestate = 1";
- if (($type & 24) == 16) //Estate (24=0x18 [bits 3 & 4])
- $terms[] = "parentestate <> 1";
- }
-
- $s = process_region_type_flags($flags);
- if ($s != "")
- $terms[] = $s;
-
- if ($flags & 0x100000) //LimitByPrice (1 << 20)
- $terms[] = "saleprice <= '" . mysql_real_escape_string($price) . "'";
- if ($flags & 0x200000) //LimitByArea (1 << 21)
- $terms[] = "area >= '" . mysql_real_escape_string($area) . "'";
-
- //The PerMeterSort flag is always passed from a map item query.
- //It doesn't hurt to have this as the default search order.
- $order = "lsq"; //PerMeterSort (1 << 17)
-
- if ($flags & 0x80000) //NameSort (1 << 19)
- $order = "parcelname";
- if ($flags & 0x10000) //PriceSort (1 << 16)
- $order = "saleprice";
- if ($flags & 0x40000) //AreaSort (1 << 18)
- $order = "area";
- if (!($flags & 0x8000)) //SortAsc (1 << 15)
- $order .= " DESC";
-
- if (count($terms) > 0)
- $where = " WHERE " . join_terms(" AND ", $terms, False);
- else
- $where = "";
-
- $sql = "SELECT *, saleprice/area AS lsq FROM parcelsales" . $where .
- " ORDER BY " . $order . " LIMIT " .
- mysql_real_escape_string($query_start) . ",101";
-
- $result = mysql_query($sql);
-
- $data = array();
- while (($row = mysql_fetch_assoc($result)))
- {
- $data[] = array(
- "parcel_id" => $row["infoUUID"],
- "name" => $row["parcelname"],
- "auction" => "false",
- "for_sale" => "true",
- "sale_price" => $row["saleprice"],
- "landing_point" => $row["landingpoint"],
- "region_UUID" => $row["regionUUID"],
- "area" => $row["area"]);
- }
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'errorMessage' => "",
- 'data' => $data));
-
- print $response_xml;
-}
-
-#
-# Events Query
-#
-
-xmlrpc_server_register_method($xmlrpc_server, "dir_events_query",
- "dir_events_query");
-
-function dir_events_query($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $text = $req['text'];
- $flags = $req['flags'];
- $query_start = $req['query_start'];
-
- if ($text == "%%%")
- {
- $response_xml = xmlrpc_encode(array(
- 'success' => False,
- 'errorMessage' => "Invalid search terms"
- ));
-
- print $response_xml;
-
- return;
- }
-
- $pieces = explode("|", $text);
-
- $day = $pieces[0];
- $category = $pieces[1];
- if (count($pieces) < 3)
- $search_text = "";
- else
- $search_text = $pieces[2];
-
- //Get todays date/time and adjust it to UTC
- $now = time() - date_offset_get(new DateTime);
-
- $terms = array();
-
- if ($day == "u")
- $terms[] = "dateUTC > ".$now;
- else
- {
- //Is $day a number of days before or after current date?
- if ($day != 0)
- $now += $day * 86400;
- $now -= ($now % 86400);
- $then = $now + 86400;
- $terms[] = "(dateUTC > ".$now." AND dateUTC <= ".$then.")";
- }
-
- if ($category != 0)
- $terms[] = "category = ".$category."";
-
- $type = array();
- if ($flags & 16777216) //IncludePG (1 << 24)
- $type[] = "eventflags = 0";
- if ($flags & 33554432) //IncludeMature (1 << 25)
- $type[] = "eventflags = 1";
- if ($flags & 67108864) //IncludeAdult (1 << 26)
- $type[] = "eventflags = 2";
-
- //Was there at least one PG, Mature, or Adult flag?
- if (count($type) > 0)
- $terms[] = join_terms(" OR ", $type, True);
-
- if ($search_text != "")
- {
- $search_text = mysql_real_escape_string($search_text);
- $terms[] = "(name LIKE '%$search_text%' OR " .
- "description LIKE '%$search_text%')";
- }
-
- if (count($terms) > 0)
- $where = " WHERE " . join_terms(" AND ", $terms, False);
- else
- $where = "";
-
- $sql = "SELECT * FROM events". $where.
- " LIMIT " . mysql_real_escape_string($query_start) . ",101";
-
- $result = mysql_query($sql);
-
- $data = array();
-
- while (($row = mysql_fetch_assoc($result)))
- {
- $date = strftime("%m/%d %I:%M %p",$row["dateUTC"]);
-
- $data[] = array(
- "owner_id" => $row["owneruuid"],
- "name" => $row["name"],
- "event_id" => $row["eventid"],
- "date" => $date,
- "unix_time" => $row["dateUTC"],
- "event_flags" => $row["eventflags"],
- "landing_point" => $row["globalPos"],
- "region_UUID" => $row["simname"]);
- }
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'errorMessage' => "",
- 'data' => $data));
-
- print $response_xml;
-}
-
-#
-# Classifieds Query
-#
-
-xmlrpc_server_register_method($xmlrpc_server, "dir_classified_query",
- "dir_classified_query");
-
-function dir_classified_query ($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $text = $req['text'];
- $flags = $req['flags'];
- $category = $req['category'];
- $query_start = $req['query_start'];
-
- if ($text == "%%%")
- {
- $response_xml = xmlrpc_encode(array(
- 'success' => False,
- 'errorMessage' => "Invalid search terms"
- ));
-
- print $response_xml;
-
- return;
- }
-
- $terms = array();
-
- //Renew Weekly flag is bit 5 (32) in $flags.
- $f = array();
- if ($flags & 4) //PG (1 << 2)
- $f[] = "classifiedflags & 4 = 4";
- if ($flags & 8) //Mature (1 << 3)
- $f[] = "classifiedflags & 8 = 8";
- if ($flags & 64) //Adult (1 << 6)
- $f[] = "classifiedflags & 64 = 64";
-
- //Was there at least one PG, Mature, or Adult flag?
- if (count($f) > 0)
- $terms[] = join_terms(" OR ", $f, True);
-
- //Only restrict results based on category if it is not 0 (Any Category)
- if ($category != 0)
- $terms[] = "category = " . $category;
-
- if ($text != "")
- $terms[] = "(name LIKE '%$text%'" .
- " OR description LIKE '%$text%')";
-
- //Was there at least condition for the search?
- if (count($terms) > 0)
- $where = " WHERE " . join_terms(" AND ", $terms, False);
- else
- $where = "";
-
- $sql = "SELECT * FROM classifieds" . $where .
- " ORDER BY priceforlisting DESC" .
- " LIMIT " . mysql_real_escape_string($query_start) . ",101";
-
- $result = mysql_query($sql);
-
- $data = array();
- while (($row = mysql_fetch_assoc($result)))
- {
- $data[] = array(
- "classifiedid" => $row["classifieduuid"],
- "name" => $row["name"],
- "classifiedflags" => $row["classifiedflags"],
- "creation_date" => $row["creationdate"],
- "expiration_date" => $row["expirationdate"],
- "priceforlisting" => $row["priceforlisting"]);
- }
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'errorMessage' => "",
- 'data' => $data));
-
- print $response_xml;
-}
-
-#
-# Events Info Query
-#
-
-xmlrpc_server_register_method($xmlrpc_server, "event_info_query",
- "event_info_query");
-
-function event_info_query($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $eventID = $req['eventID'];
-
- $sql = "SELECT * FROM events WHERE eventID = " .
- mysql_real_escape_string($eventID);
-
- $result = mysql_query($sql);
-
- $data = array();
- while (($row = mysql_fetch_assoc($result)))
- {
- $date = strftime("%G-%m-%d %H:%M:%S",$row["dateUTC"]);
-
- $category = "*Unspecified*";
- if ($row['category'] == 18) $category = "Discussion";
- if ($row['category'] == 19) $category = "Sports";
- if ($row['category'] == 20) $category = "Live Music";
- if ($row['category'] == 22) $category = "Commercial";
- if ($row['category'] == 23) $category = "Nightlife/Entertainment";
- if ($row['category'] == 24) $category = "Games/Contests";
- if ($row['category'] == 25) $category = "Pageants";
- if ($row['category'] == 26) $category = "Education";
- if ($row['category'] == 27) $category = "Arts and Culture";
- if ($row['category'] == 28) $category = "Charity/Support Groups";
- if ($row['category'] == 29) $category = "Miscellaneous";
-
- $data[] = array(
- "event_id" => $row["eventid"],
- "creator" => $row["creatoruuid"],
- "name" => $row["name"],
- "category" => $category,
- "description" => $row["description"],
- "date" => $date,
- "dateUTC" => $row["dateUTC"],
- "duration" => $row["duration"],
- "covercharge" => $row["covercharge"],
- "coveramount" => $row["coveramount"],
- "simname" => $row["simname"],
- "globalposition" => $row["globalPos"],
- "eventflags" => $row["eventflags"]);
- }
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'errorMessage' => "",
- 'data' => $data));
-
- print $response_xml;
-}
-
-#
-# Classifieds Info Query
-#
-
-xmlrpc_server_register_method($xmlrpc_server, "classifieds_info_query",
- "classifieds_info_query");
-
-function classifieds_info_query($method_name, $params, $app_data)
-{
- $req = $params[0];
-
- $classifiedID = $req['classifiedID'];
-
- $sql = "SELECT * FROM classifieds WHERE classifieduuid = '" .
- mysql_real_escape_string($classifiedID). "'";
-
- $result = mysql_query($sql);
-
- $data = array();
- while (($row = mysql_fetch_assoc($result)))
- {
- $data[] = array(
- "classifieduuid" => $row["classifieduuid"],
- "creatoruuid" => $row["creatoruuid"],
- "creationdate" => $row["creationdate"],
- "expirationdate" => $row["expirationdate"],
- "category" => $row["category"],
- "name" => $row["name"],
- "description" => $row["description"],
- "parceluuid" => $row["parceluuid"],
- "parentestate" => $row["parentestate"],
- "snapshotuuid" => $row["snapshotuuid"],
- "simname" => $row["simname"],
- "posglobal" => $row["posglobal"],
- "parcelname" => $row["parcelname"],
- "classifiedflags" => $row["classifiedflags"],
- "priceforlisting" => $row["priceforlisting"]);
- }
-
- $response_xml = xmlrpc_encode(array(
- 'success' => True,
- 'errorMessage' => "",
- 'data' => $data));
-
- print $response_xml;
-}
-
-#
-# Process the request
-#
-
-$request_xml = file_get_contents("php://input");
-xmlrpc_server_call_method($xmlrpc_server, $request_xml, '');
-xmlrpc_server_destroy($xmlrpc_server);
-?>
diff --git a/web/register.php b/web/register.php
deleted file mode 100644
index 70f42a6..0000000
--- a/web/register.php
+++ /dev/null
@@ -1,61 +0,0 @@
- registration //
-// When the date is older, make a request to the Parser to grab new data //
-//////////////////////////////////////////////////////////////////////////////
-
-include("../config/os_modules_mysql.php");
-//establish connection to master db server
-mysql_connect ($DB_HOST, $DB_USER, $DB_PASSWORD);
-mysql_select_db ($DB_NAME);
-
-$hostname = $_GET['host'];
-$port = $_GET['port'];
-$service = $_GET['service'];
-
-if ($hostname != "" && $port != "" && $service == "online")
-{
- // Check if there is already a database row for this host
- $checkhost = mysql_query("SELECT register FROM hostsregister WHERE " .
- "host = '" . mysql_real_escape_string($hostname) . "' AND " .
- "port = '" . mysql_real_escape_string($port) . "'");
-
- // Get the request time as a timestamp for later
- $timestamp = $_SERVER['REQUEST_TIME'];
-
- // if greater than 1, check the nextcheck date
- if (mysql_num_rows($checkhost) > 0)
- {
- $update = "UPDATE hostsregister SET " .
- "register = '" . mysql_real_escape_string($timestamp) . "', " .
- "nextcheck = '0', checked = '0', " .
- "failcounter = '0' " .
- "WHERE host = '" . mysql_real_escape_string($hostname) . "' AND " .
- "port = '" . mysql_real_escape_string($port) . "'";
-
- $runupdate = mysql_query($update);
- }
- else
- {
- $register = "INSERT INTO hostsregister VALUES ".
- "('" . mysql_real_escape_string($hostname) . "', " .
- "'" . mysql_real_escape_string($port) . "', " .
- "'" . mysql_real_escape_string($timestamp) . "', 0, 0, 0)";
-
- $runupdate = mysql_query($register);
- }
-}
-elseif ($hostname != "" && $port != "" && $service = "offline")
-{
- $delete = "DELETE FROM hostsregister " .
- "WHERE host = '" . mysql_real_escape_string($hostname) . "' AND " .
- "port = '" . mysql_real_escape_string($port) . "'";
-
- $rundelete = mysql_query($delete);
-}
-?>
diff --git a/web/xmlrpc.php b/web/xmlrpc.php
deleted file mode 100644
index fc0c575..0000000
--- a/web/xmlrpc.php
+++ /dev/null
@@ -1,1755 +0,0 @@
- "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
-
- Methods that run without errors, but do not have the intended result should return as:
-
- return array('succeed' => 'false', 'message' => 'No Groups Found', 'params' => var_export($params, TRUE));
-
- or if applicable:
-
- return array('succeed' => 'false', 'message' => 'What went wrong', 'params' => var_export($params, TRUE), 'sql' => $sql);
- */
-
- include("phpxmlrpclib/xmlrpc.inc");
- include("phpxmlrpclib/xmlrpcs.inc");
-
- include("../config/os_flotsam_config.php");
- include("../config/os_modules_mysql.php");
-
-
- $groupPowers = array(
- 'None' => '0',
- /// Can send invitations to groups default role
- 'Invite' => '2',
- /// Can eject members from group
- 'Eject' => '4',
- /// Can toggle 'Open Enrollment' and change 'Signup fee'
- 'ChangeOptions' => '8',
- /// Can create new roles
- 'CreateRole' => '16',
- /// Can delete existing roles
- 'DeleteRole' => '32',
- /// Can change Role names, titles and descriptions
- 'RoleProperties' => '64',
- /// Can assign other members to assigners role
- 'AssignMemberLimited' => '128',
- /// Can assign other members to any role
- 'AssignMember' => '256',
- /// Can remove members from roles
- 'RemoveMember' => '512',
- /// Can assign and remove abilities in roles
- 'ChangeActions' => '1024',
- /// Can change group Charter, Insignia, 'Publish on the web' and which
- /// members are publicly visible in group member listings
- 'ChangeIdentity' => '2048',
- /// Can buy land or deed land to group
- 'LandDeed' => '4096',
- /// Can abandon group owned land to Governor Linden on mainland, or Estate owner for
- /// private estates
- 'LandRelease' => '8192',
- /// Can set land for-sale information on group owned parcels
- 'LandSetSale' => '16384',
- /// Can subdivide and join parcels
- 'LandDivideJoin' => '32768',
- /// Can join group chat sessions
- 'JoinChat' => '65536',
- /// Can toggle "Show in Find Places" and set search category
- 'FindPlaces' => '131072',
- /// Can change parcel name, description, and 'Publish on web' settings
- 'LandChangeIdentity' => '262144',
- /// Can set the landing point and teleport routing on group land
- 'SetLandingPoint' => '524288',
- /// Can change music and media settings
- 'ChangeMedia' => '1048576',
- /// Can toggle 'Edit Terrain' option in Land settings
- 'LandEdit' => '2097152',
- /// Can toggle various About Land > Options settings
- 'LandOptions' => '4194304',
- /// Can always terraform land, even if parcel settings have it turned off
- 'AllowEditLand' => '8388608',
- /// Can always fly while over group owned land
- 'AllowFly' => '16777216',
- /// Can always rez objects on group owned land
- 'AllowRez' => '33554432',
- /// Can always create landmarks for group owned parcels
- 'AllowLandmark' => '67108864',
- /// Can use voice chat in Group Chat sessions
- 'AllowVoiceChat' => '134217728',
- /// Can set home location on any group owned parcel
- 'AllowSetHome' => '268435456',
- /// Can modify public access settings for group owned parcels
- 'LandManageAllowed' => '536870912',
- /// Can manager parcel ban lists on group owned land
- 'LandManageBanned' => '1073741824',
- /// Can manage pass list sales information
- 'LandManagePasses' => '2147483648',
- /// Can eject and freeze other avatars on group owned land
- 'LandEjectAndFreeze' => '4294967296',
- /// Can return objects set to group
- 'ReturnGroupSet' => '8589934592',
- /// Can return non-group owned/set objects
- 'ReturnNonGroup' => '17179869184',
- /// Can landscape using Linden plants
- 'LandGardening' => '34359738368',
- /// Can deed objects to group
- 'DeedObject' => '68719476736',
- /// Can moderate group chat sessions
- 'ModerateChat' => '137438953472',
- /// Can move group owned objects
- 'ObjectManipulate' => '274877906944',
- /// Can set group owned objects for-sale
- 'ObjectSetForSale' => '549755813888',
- /// Pay group liabilities and receive group dividends
- 'Accountable' => '1099511627776',
- /// Can send group notices
- 'SendNotices' => '4398046511104',
- /// Can receive group notices
- 'ReceiveNotices' => '8796093022208',
- /// Can create group proposals
- 'StartProposal' => '17592186044416',
- /// Can vote on group proposals
- 'VoteOnProposal' => '35184372088832',
- /// Can return group owned objects
- 'ReturnGroupOwned' => '281474976710656',
- /// Members are visible to non-owners
- 'RoleMembersVisible' => '140737488355328'
- );
-
- $uuidZero = "00000000-0000-0000-0000-000000000000";
-
- $groupDBCon = mysql_connect($DB_HOST,$DB_USER,$DB_PASSWORD);
- if (!$groupDBCon)
- {
- die('Could not connect: ' . mysql_error());
- }
- mysql_select_db($DB_NAME, $groupDBCon);
-
- // This is filled in by secure()
- $requestingAgent = $uuidZero;
-
- function test()
- {
- return array('name' => 'Joe','age' => 27);
- }
-
- // Use a common signature for all the group functions -> struct foo($struct)
- $common_sig = array(array($xmlrpcStruct, $xmlrpcStruct));
-
- function createGroup($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
-
- $groupID = $params["GroupID"];
- $name = $params["Name"];
- $charter = $params["Charter"];
- $insigniaID = $params["InsigniaID"];
- $founderID = $params["FounderID"];
- $membershipFee = $params["MembershipFee"];
- $openEnrollment = $params["OpenEnrollment"];
- $showInList = $params["ShowInList"];
- $allowPublish = $params["AllowPublish"];
- $maturePublish = $params["MaturePublish"];
- $ownerRoleID = $params["OwnerRoleID"];
- $everyonePowers = $params["EveryonePowers"];
- $ownersPowers = $params["OwnersPowers"];
-
- $escapedParams = array_map("mysql_real_escape_string", $params);
- $escapedGroupID = $escapedParams["GroupID"];
- $escapedName = $escapedParams["Name"];
- $escapedCharter = $escapedParams["Charter"];
- $escapedInsigniaID = $escapedParams["InsigniaID"];
- $escapedFounderID = $escapedParams["FounderID"];
- $escapedMembershipFee = $escapedParams["MembershipFee"];
- $escapedOpenEnrollment = $escapedParams["OpenEnrollment"];
- $escapedShowInList = $escapedParams["ShowInList"];
- $escapedAllowPublish = $escapedParams["AllowPublish"];
- $escapedMaturePublish = $escapedParams["MaturePublish"];
- $escapedOwnerRoleID = $escapedParams["OwnerRoleID"];
-
- // Create group
- $sql = "INSERT INTO osgroup
- (GroupID, Name, Charter, InsigniaID, FounderID, MembershipFee, OpenEnrollment, ShowInList, AllowPublish, MaturePublish, OwnerRoleID)
- VALUES
- ('$escapedGroupID', '$escapedName', '$escapedCharter', '$escapedInsigniaID', '$escapedFounderID', $escapedMembershipFee, $escapedOpenEnrollment, $escapedShowInList, $escapedAllowPublish, $escapedMaturePublish, '$escapedOwnerRoleID')";
-
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- // Create Everyone Role
- // NOTE: FIXME: This is a temp fix until the libomv enum for group powers is fixed in OpenSim
-
- $result = _addRoleToGroup(array('GroupID' => $groupID, 'RoleID' => $uuidZero, 'Name' => 'Everyone', 'Description' => 'Everyone in the group is in the everyone role.', 'Title' => "Member of $name", 'Powers' => $everyonePowers));
- if( isset($result['error']) )
- {
- return $result;
- }
-
- // Create Owner Role
- $result = _addRoleToGroup(array('GroupID' => $groupID, 'RoleID' => $ownerRoleID, 'Name' => 'Owners', 'Description' => "Owners of $name", 'Title' => "Owner of $name", 'Powers' => $ownersPowers));
- if( isset($result['error']) )
- {
- return $result;
- }
-
- // Add founder to group, will automatically place them in the Everyone Role, also places them in specified Owner Role
- $result = _addAgentToGroup(array('AgentID' => $founderID, 'GroupID' => $groupID, 'RoleID' => $ownerRoleID));
- if( isset($result['error']) )
- {
- return $result;
- }
-
- // Select the owner's role for the founder
- $result = _setAgentGroupSelectedRole(array('AgentID' => $founderID, 'RoleID' => $ownerRoleID, 'GroupID' => $groupID));
- if( isset($result['error']) )
- {
- return $result;
- }
-
- // Set the new group as the founder's active group
- $result = _setAgentActiveGroup(array('AgentID' => $founderID, 'GroupID' => $groupID));
- if( isset($result['error']) )
- {
- return $result;
- }
-
- return getGroup(array("GroupID"=>$groupID));
- }
-
- // Private method, does not include security, to only be called from places that have already verified security
- function _addRoleToGroup($params)
- {
- $everyonePowers = 8796495740928; // This should now be fixed, when libomv was updated...
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
- $groupID = mysql_real_escape_string( $params['GroupID'] );
- $roleID = mysql_real_escape_string( $params['RoleID'] );
- $name = mysql_real_escape_string( $params['Name'] );
- $desc = mysql_real_escape_string( $params['Description'] );
- $title = mysql_real_escape_string( $params['Title'] );
- $powers = mysql_real_escape_string( $params['Powers'] );
-
- if( !isset($powers) || ($powers == 0) || ($powers == '') )
- {
- $powers = $everyonePowers;
- }
-
- $sql = " INSERT INTO osrole (GroupID, RoleID, Name, Description, Title, Powers) VALUES "
- ." ('$groupID', '$roleID', '$name', '$desc', '$title', $powers)";
-
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error()
- , 'method' => 'addRoleToGroup'
- , 'params' => var_export($params, TRUE));
- }
-
- return array("success" => "true");
- }
-
- function addRoleToGroup($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
- $groupID = $params['GroupID'];
-
- // Verify the requesting agent has permission
- if( is_array($error = checkGroupPermission($groupID, $groupPowers['CreateRole'])) )
- {
- return $error;
- }
-
- return _addRoleToGroup($params);
- }
-
- function updateGroupRole($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
- $groupID = mysql_real_escape_string( $params['GroupID'] );
- $roleID = mysql_real_escape_string( $params['RoleID'] );
- $name = mysql_real_escape_string( $params['Name'] );
- $desc = mysql_real_escape_string( $params['Description'] );
- $title = mysql_real_escape_string( $params['Title'] );
- $powers = mysql_real_escape_string( $params['Powers'] );
-
- // Verify the requesting agent has permission
- if( is_array($error = checkGroupPermission($groupID, $groupPowers['RoleProperties'])) )
- {
- return $error;
- }
-
- $sql = " UPDATE osrole SET RoleID = '$roleID' ";
- if( isset($params['Name']) )
- {
- $sql .= ", Name = '$name'";
- }
- if( isset($params['Description']) )
- {
- $sql .= ", Description = '$desc'";
- }
- if( isset($params['Title']) )
- {
- $sql .= ", Title = '$title'";
- }
- if( isset($params['Powers']) )
- {
- $sql .= ", Powers = $powers";
- }
-
- $sql .= " WHERE GroupID = '$groupID' AND RoleID = '$roleID'";
-
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- return array("success" => "true");
- }
-
- function removeRoleFromGroup($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
- $groupID = mysql_real_escape_string( $params['GroupID'] );
- $roleID = mysql_real_escape_string( $params['RoleID'] );
-
- if( is_array($error = checkGroupPermission($groupID, $groupPowers['RoleProperties'])) )
- {
- return $error;
- }
-
- /// 1. Remove all members from Role
- /// 2. Set selected Role to uuidZero for anyone that had the role selected
- /// 3. Delete roll
-
- $sql = "DELETE FROM osgrouprolemembership WHERE GroupID = '$groupID' AND RoleID = '$roleID'";
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- $sql = "UPDATE osgroupmembership SET SelectedRoleID = '$uuidZero' WHERE GroupID = '$groupID' AND SelectedRoleID = '$roleID'";
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- $sql = "DELETE FROM osrole WHERE GroupID = '$groupID' AND RoleID = '$roleID'";
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- return array("success" => "true");
- }
-
- function getGroup($params)
- {
- if( is_array($error = secureRequest($params, FALSE)) )
- {
- return $error;
- }
-
- return _getGroup($params);
- }
-
- function _getGroup($params)
- {
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $sql = " SELECT osgroup.GroupID, osgroup.Name, Charter, InsigniaID, FounderID, MembershipFee, OpenEnrollment, ShowInList, AllowPublish, MaturePublish, OwnerRoleID"
- ." , count(osrole.RoleID) as GroupRolesCount, count(osgroupmembership.AgentID) as GroupMembershipCount "
- ." FROM osgroup "
- ." LEFT JOIN osrole ON (osgroup.GroupID = osrole.GroupID)"
- ." LEFT JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
- ." WHERE ";
-
- if( isset($params['GroupID']) )
- {
- $sql .= "osgroup.GroupID = '" . mysql_real_escape_string($params['GroupID']). "'";
- }
- else if( isset($params['Name']) )
- {
- $sql .= "osgroup.Name = '" . mysql_real_escape_string($params['Name']) . "'";
- }
- else
- {
- return array("error" => "Must specify GroupID or Name");
- }
-
- $sql .= " GROUP BY osgroup.GroupID, osgroup.name, charter, insigniaID, founderID, membershipFee, openEnrollment, showInList, allowPublish, maturePublish, ownerRoleID";
-
- $result = mysql_query($sql, $groupDBCon);
-
- if (!$result)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if (mysql_num_rows($result) == 0)
- {
- return array('succeed' => 'false', 'error' => 'Group Not Found', 'params' => var_export($params, TRUE), 'sql' => $sql);
- }
-
- return mysql_fetch_assoc($result);
- }
-
- function updateGroup($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
- $groupID = mysql_real_escape_string( $params["GroupID"] );
- $charter = mysql_real_escape_string( $params["Charter"] );
- $insigniaID = mysql_real_escape_string( $params["InsigniaID"] );
- $membershipFee = mysql_real_escape_string( $params["MembershipFee"] );
- $openEnrollment = mysql_real_escape_string( $params["OpenEnrollment"] );
- $showInList = mysql_real_escape_string( $params["ShowInList"] );
- $allowPublish = mysql_real_escape_string( $params["AllowPublish"] );
- $maturePublish = mysql_real_escape_string( $params["MaturePublish"] );
-
- if( is_array($error = checkGroupPermission($groupID, $groupPowers['ChangeOptions'])) )
- {
- return $error;
- }
-
- // Create group
- $sql = "UPDATE osgroup
- SET
- Charter = '$charter'
- , InsigniaID = '$insigniaID'
- , MembershipFee = $membershipFee
- , OpenEnrollment= $openEnrollment
- , ShowInList = $showInList
- , AllowPublish = $allowPublish
- , MaturePublish = $maturePublish
- WHERE
- GroupID = '$groupID'";
-
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- return array('success' => 'true');
- }
-
- function findGroups($params)
- {
- if( is_array($error = secureRequest($params, FALSE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $search = mysql_real_escape_string( $params['Search'] );
-
- $sql = " SELECT osgroup.GroupID, osgroup.Name, count(osgroupmembership.AgentID) as Members "
- ." FROM osgroup LEFT JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID) "
- ." WHERE "
- ." ( MATCH (osgroup.name) AGAINST ('$search' IN BOOLEAN MODE)"
- ." OR osgroup.name LIKE '%$search%'"
- ." OR osgroup.name REGEXP '$search'"
- ." ) AND ShowInList = 1"
- ." GROUP BY osgroup.GroupID, osgroup.Name";
-
- $result = mysql_query($sql, $groupDBCon);
-
- if (!$result)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if( mysql_num_rows($result) == 0 )
- {
- return array('succeed' => 'false', 'error' => 'No groups found.', 'params' => var_export($params, TRUE), 'sql' => $sql);
- }
-
- $results = array();
-
- while ($row = mysql_fetch_assoc($result))
- {
- $groupID = $row['GroupID'];
- $results[$groupID] = $row;
- }
-
- return array('results' => $results, 'success' => TRUE);
- }
-
- function _setAgentActiveGroup($params)
- {
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $agentID = mysql_real_escape_string( $params['AgentID'] );
- $groupID = mysql_real_escape_string( $params['GroupID'] );
-
- $sql = " UPDATE osagent "
- ." SET ActiveGroupID = '$groupID'"
- ." WHERE AgentID = '$agentID'";
-
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if( mysql_affected_rows() == 0 )
- {
- $sql = " INSERT INTO osagent (ActiveGroupID, AgentID) VALUES "
- ." ('$groupID', '$agentID')";
-
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
- }
-
- return array("success" => "true");
- }
-
- function setAgentActiveGroup($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $agentID = $params['AgentID'];
- $groupID = $params['GroupID'];
-
- if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) )
- {
- return array('error' => "Agent can only change their own Selected Group Role", 'params' => var_export($params, TRUE));
- }
-
- return _setAgentActiveGroup($params);
- }
-
- function addAgentToGroup($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
- $groupID = $params["GroupID"];
- $agentID = $params["AgentID"];
-
- if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
- {
- // If they don't have direct permission, check to see if the group is marked for open enrollment
- $groupInfo = _getGroup( array ('GroupID' => $groupID) );
-
- if( isset($groupInfo['error']))
- {
- return $groupInfo;
- }
-
- if($groupInfo['OpenEnrollment'] != 1)
- {
- $escapedAgentID = mysql_real_escape_string($agentID);
- $escapedGroupID = mysql_real_escape_string($groupID);
-
- // Group is not open enrollment, check if the specified agentid has an invite
- $sql = " SELECT GroupID, RoleID, AgentID FROM osgroupinvite"
- ." WHERE osgroupinvite.AgentID = '$escapedAgentID' AND osgroupinvite.GroupID = '$escapedGroupID'";
-
- $results = mysql_query($sql, $groupDBCon);
- if (!$results)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if( mysql_num_rows($results) == 1 )
- {
- // if there is an invite, make sure we're adding the user to the role specified in the invite
- $inviteInfo = mysql_fetch_assoc($results);
- $params['RoleID'] = $inviteInfo['RoleID'];
- }
- else
- {
- // Not openenrollment, not invited, return permission denied error
- return $error;
- }
- }
- }
-
- return _addAgentToGroup($params);
- }
-
- // Private method, does not include security, to only be called from places that have already verified security
- function _addAgentToGroup($params)
- {
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $agentID = $params["AgentID"];
- $groupID = $params["GroupID"];
-
- $roleID = $uuidZero;
- if( isset($params["RoleID"]) )
- {
- $roleID = $params["RoleID"];
- }
-
- $escapedAgentID = mysql_real_escape_string($agentID);
- $escapedGroupID = mysql_real_escape_string($groupID);
- $escapedRoleID = mysql_real_escape_string($roleID);
-
- // Check if agent already a member
- $sql = " SELECT count(AgentID) as isMember FROM osgroupmembership WHERE AgentID = '$escapedAgentID' AND GroupID = '$escapedGroupID'";
- $result = mysql_query($sql, $groupDBCon);
- if (!$result)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- // If not a member, add membership, select role (defaults to uuidZero, or everyone role)
- if( mysql_result($result, 0) == 0 )
- {
- $sql = " INSERT INTO osgroupmembership (GroupID, AgentID, Contribution, ListInProfile, AcceptNotices, SelectedRoleID) VALUES "
- ."('$escapedGroupID','$escapedAgentID', 0, 1, 1,'$escapedRoleID')";
-
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
- }
-
- // Make sure they're in the Everyone role
- $result = _addAgentToGroupRole(array("GroupID" => $groupID, "RoleID" => $uuidZero, "AgentID" => $agentID));
- if( isset($result['error']) )
- {
- return $result;
- }
-
- // Make sure they're in specified role, if they were invited
- if( $roleID != $uuidZero )
- {
- $result = _addAgentToGroupRole(array("GroupID" => $groupID, "RoleID" => $roleID, "AgentID" => $agentID));
- if( isset($result['error']) )
- {
- return $result;
- }
- }
-
- //Set the role they were invited to as their selected role
- _setAgentGroupSelectedRole(array('AgentID' => $agentID, 'RoleID' => $roleID, 'GroupID' => $groupID));
-
- // Set the group as their active group.
- // _setAgentActiveGroup(array("GroupID" => $groupID, "AgentID" => $agentID));
-
- return array("success" => "true");
- }
-
- function removeAgentFromGroup($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
- $agentID = $params["AgentID"];
- $groupID = $params["GroupID"];
-
- // An agent is always allowed to remove themselves from a group -- so only check if the requesting agent is different then the agent being removed.
- if( $agentID != $requestingAgent )
- {
- if( is_array($error = checkGroupPermission($groupID, $groupPowers['RemoveMember'])) )
- {
- return $error;
- }
- }
-
- $escapedAgentID = mysql_real_escape_string($agentID);
- $escapedGroupID = mysql_real_escape_string($groupID);
-
- // 1. If group is agent's active group, change active group to uuidZero
- // 2. Remove Agent from group (osgroupmembership)
- // 3. Remove Agent from all of the groups roles (osgrouprolemembership)
-
- $sql = " UPDATE osagent "
- ." SET ActiveGroupID = '$uuidZero'"
- ." WHERE AgentID = '$escapedAgentID' AND ActiveGroupID = '$escapedGroupID'";
-
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- $sql = " DELETE FROM osgroupmembership "
- ." WHERE AgentID = '$agentID' AND GroupID = '$groupID'";
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- $sql = " DELETE FROM osgrouprolemembership "
- ." WHERE AgentID = '$escapedAgentID' AND GroupID = '$escapedGroupID'";
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- return array("success" => "true");
- }
-
- function _addAgentToGroupRole($params)
- {
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $agentID = mysql_real_escape_string($params["AgentID"]);
- $groupID = mysql_real_escape_string($params["GroupID"]);
- $roleID = mysql_real_escape_string($params["RoleID"]);
-
- // Check if agent already a member
- $sql = " SELECT count(AgentID) as isMember FROM osgrouprolemembership WHERE AgentID = '$agentID' AND RoleID = '$roleID' AND GroupID = '$groupID'";
- $result = mysql_query($sql, $groupDBCon);
- if (!$result)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if( mysql_result($result, 0) == 0 )
- {
- $sql = " INSERT INTO osgrouprolemembership (GroupID, RoleID, AgentID) VALUES "
- ."('$groupID', '$roleID', '$agentID')";
-
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
- }
-
- return array("success" => "true");
- }
-
- function addAgentToGroupRole($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
- $agentID = $params["AgentID"];
- $groupID = $params["GroupID"];
- $roleID = $params["RoleID"];
-
- $escapedAgentID = mysql_real_escape_string($agentID);
- $escapedGroupID = mysql_real_escape_string($groupID);
- $escapedRoleID = mysql_real_escape_string($roleID);
-
- // Check if being assigned to Owners role, assignments to an owners role can only be requested by owners.
- $sql = " SELECT OwnerRoleID, osgrouprolemembership.AgentID "
- ." FROM osgroup LEFT JOIN osgrouprolemembership ON (osgroup.GroupID = osgrouprolemembership.GroupID AND osgroup.OwnerRoleID = osgrouprolemembership.RoleID) "
- ." WHERE osgrouprolemembership.AgentID = '" . mysql_real_escape_string($requestingAgent) . "' AND osgroup.GroupID = '$escapedGroupID'";
-
- $results = mysql_query($sql, $groupDBCon);
- if (!$results)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if( mysql_num_rows($results) == 0 )
- {
- return array('error' => "Group ($groupID) not found or Agent ($agentID) is not in the owner's role", 'params' => var_export($params, TRUE));
- }
-
- $ownerRoleInfo = mysql_fetch_assoc($results);
- if( ($ownerRoleInfo['OwnerRoleID'] == $roleID) && ($ownerRoleInfo['AgentID'] != $requestingAgent) )
- {
- return array('error' => "Requesting agent $requestingAgent is not a member of the Owners Role and cannot add members to the owners role.", 'params' => var_export($params, TRUE));
- }
-
- if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
- {
- return $error;
- }
-
- return _addAgentToGroupRole($params);
- }
-
- function removeAgentFromGroupRole($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
- $agentID = mysql_real_escape_string($params["AgentID"]);
- $groupID = mysql_real_escape_string($params["GroupID"]);
- $roleID = mysql_real_escape_string($params["RoleID"]);
-
- if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
- {
- return $error;
- }
-
- // If agent has this role selected, change their selection to everyone (uuidZero) role
- $sql = " UPDATE osgroupmembership SET SelectedRoleID = '$uuidZero' WHERE AgentID = '$agentID' AND GroupID = '$groupID' AND SelectedRoleID = '$roleID'";
- $result = mysql_query($sql, $groupDBCon);
- if (!$result)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- $sql = " DELETE FROM osgrouprolemembership WHERE AgentID = '$agentID' AND GroupID = '$groupID' AND RoleID = '$roleID'";
-
- if (!mysql_query($sql, $groupDBCon))
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- return array("success" => "true");
- }
-
- function _setAgentGroupSelectedRole($params)
- {
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $agentID = mysql_real_escape_string($params["AgentID"]);
- $groupID = mysql_real_escape_string($params["GroupID"]);
- $roleID = mysql_real_escape_string($params["RoleID"]);
-
- $sql = " UPDATE osgroupmembership SET SelectedRoleID = '$roleID' WHERE AgentID = '$agentID' AND GroupID = '$groupID'";
- $result = mysql_query($sql, $groupDBCon);
- if (!$result)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- return array('success' => 'true');
- }
-
- function setAgentGroupSelectedRole($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $agentID = $params["AgentID"];
- $groupID = $params["GroupID"];
- $roleID = $params["RoleID"];
-
- if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) )
- {
- return array('error' => "Agent can only change their own Selected Group Role", 'params' => var_export($params, TRUE));
- }
-
- return _setAgentGroupSelectedRole($params);
- }
-
- function getAgentGroupMembership($params)
- {
- if( is_array($error = secureRequest($params, FALSE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $groupID = mysql_real_escape_string($params['GroupID']);
- $agentID = mysql_real_escape_string($params['AgentID']);
-
- $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish"
- ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
- ." , osgroupmembership.SelectedRoleID, osrole.Title"
- ." , osagent.ActiveGroupID "
- ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
- ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
- ." JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)"
- ." WHERE osgroup.GroupID = '$groupID' AND osgroupmembership.AgentID = '$agentID'";
-
- $groupmembershipResult = mysql_query($sql, $groupDBCon);
- if (!$groupmembershipResult)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if( mysql_num_rows($groupmembershipResult) == 0 )
- {
- return array('succeed' => 'false', 'error' => 'None Found', 'params' => var_export($params, TRUE), 'sql' => $sql);
- }
-
- $groupMembershipInfo = mysql_fetch_assoc($groupmembershipResult);
-
- $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers"
- ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
- ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'";
- $groupPowersResult = mysql_query($sql, $groupDBCon);
- if (!$groupPowersResult)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
- $groupPowersInfo = mysql_fetch_assoc($groupPowersResult);
-
- return array_merge($groupMembershipInfo, $groupPowersInfo);
- }
-
- function getAgentGroupMemberships($params)
- {
- if( is_array($error = secureRequest($params, FALSE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $agentID = mysql_real_escape_string($params['AgentID']);
-
- $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish"
- ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
- ." , osgroupmembership.SelectedRoleID, osrole.Title"
- ." , IFNULL(osagent.ActiveGroupID, '$uuidZero') AS ActiveGroupID"
- ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
- ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
- ." LEFT JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)"
- ." WHERE osgroupmembership.AgentID = '$agentID'";
-
- $groupmembershipResults = mysql_query($sql, $groupDBCon);
- if (!$groupmembershipResults)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if( mysql_num_rows($groupmembershipResults) == 0 )
- {
- return array('succeed' => 'false', 'error' => 'No Memberships', 'params' => var_export($params, TRUE), 'sql' => $sql);
- }
-
- $groupResults = array();
- while($groupMembershipInfo = mysql_fetch_assoc($groupmembershipResults))
- {
- $groupID = $groupMembershipInfo['GroupID'];
- $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers"
- ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
- ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'";
- $groupPowersResult = mysql_query($sql, $groupDBCon);
- if (!$groupPowersResult)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
- $groupPowersInfo = mysql_fetch_assoc($groupPowersResult);
- $groupResults[$groupID] = array_merge($groupMembershipInfo, $groupPowersInfo);
- }
-
- return $groupResults;
- }
-
- // Parameters should not already be mysql_real_escape_string() escaped
- function canAgentViewRoleMembers( $agentID, $groupID, $roleID )
- {
- global $membersVisibleTo, $groupDBCon;
-
- if( $membersVisibleTo == 'All' )
- return true;
-
- $agentID = mysql_real_escape_string($agentID);
- $groupID = mysql_real_escape_string($groupID);
- $roleID = mysql_real_escape_string($roleID);
-
- $sql = " SELECT CASE WHEN min(OwnerRoleMembership.AgentID) IS NOT NULL THEN 1 ELSE 0 END AS IsOwner ";
- $sql .= " FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID AND osgroupmembership.AgentID = '$agentID')";
- $sql .= " LEFT JOIN osgrouprolemembership AS OwnerRoleMembership ON (OwnerRoleMembership.GroupID = osgroup.GroupID ";
- $sql .= " AND OwnerRoleMembership.RoleID = osgroup.OwnerRoleID ";
- $sql .= " AND OwnerRoleMembership.AgentID = '$agentID')";
- $sql .= " WHERE osgroup.GroupID = '$groupID' GROUP BY osgroup.GroupID";
-
- $viewMemberResults = mysql_query($sql, $groupDBCon);
- if (!$viewMemberResults)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error());
- }
-
- if (mysql_num_rows($viewMemberResults) == 0)
- {
- return false;
- }
-
- $viewMemberInfo = mysql_fetch_assoc($viewMemberResults);
-
- switch( $membersVisibleTo )
- {
- case 'Group':
- // if we get to here, there is at least one row, so they are a member of the group
- return true;
- case 'Owners':
- default:
- return $viewMemberInfo['IsOwner'];
- }
- }
-
- function getGroupMembers($params)
- {
- if( is_array($error = secureRequest($params, FALSE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
- $groupID = $params['GroupID'];
- $escapedGroupID = mysql_real_escape_string($groupID);
-
- $sql = " SELECT osgroupmembership.AgentID"
- ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
- ." , osgroupmembership.SelectedRoleID, osrole.Title"
- ." , CASE WHEN OwnerRoleMembership.AgentID IS NOT NULL THEN 1 ELSE 0 END AS IsOwner"
- ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
- ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
- ." JOIN osrole AS OwnerRole ON (osgroup.OwnerRoleID = OwnerRole.RoleID AND osgroup.GroupID = OwnerRole.GroupID)"
- ." LEFT JOIN osgrouprolemembership AS OwnerRoleMembership ON (osgroup.OwnerRoleID = OwnerRoleMembership.RoleID
- AND (osgroup.GroupID = OwnerRoleMembership.GroupID)
- AND (osgroupmembership.AgentID = OwnerRoleMembership.AgentID))"
- ." WHERE osgroup.GroupID = '$escapedGroupID'";
-
- $groupmemberResults = mysql_query($sql, $groupDBCon);
- if (!$groupmemberResults)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if (mysql_num_rows($groupmemberResults) == 0)
- {
- return array('succeed' => 'false', 'error' => 'No Group Members found', 'params' => var_export($params, TRUE), 'sql' => $sql);
- }
-
- $roleMembersVisibleBit = $groupPowers['RoleMembersVisible'];
- $canViewAllGroupRoleMembers = canAgentViewRoleMembers($requestingAgent, $groupID, '');
-
- $memberResults = array();
- while ($memberInfo = mysql_fetch_assoc($groupmemberResults))
- {
- $agentID = $memberInfo['AgentID'];
- $sql = " SELECT BIT_OR(osrole.Powers) AS AgentPowers, ( BIT_OR(osrole.Powers) & $roleMembersVisibleBit) as MemberVisible"
- ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
- ." WHERE osgrouprolemembership.GroupID = '$escapedGroupID' AND osgrouprolemembership.AgentID = '$agentID'";
- $memberPowersResult = mysql_query($sql, $groupDBCon);
- if (!$memberPowersResult)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- $memberPowersCount = mysql_num_rows($memberPowersResult);
- error_log("Found $memberPowersCount rows for agent $agentID for requesting agent $requestingAgent");
-
- if ($memberPowersCount == 0)
- {
- if ($canViewAllGroupRoleMembers || $agentID == $requestingAgent)
- {
- $memberResults[$agentID] = array_merge($memberInfo, array('AgentPowers' => 0));
- }
- else
- {
- // if can't view all group role members and there is no Member Visible bit, then don't return this member's info
- unset($memberResults[$agentID]);
- }
- }
- else
- {
- $memberPowersInfo = mysql_fetch_assoc($memberPowersResult);
- if ($memberPowersInfo['MemberVisible'] || $canViewAllGroupRoleMembers || $agentID == $requestingAgent)
- {
- $memberResults[$agentID] = array_merge($memberInfo, $memberPowersInfo);
- }
- else
- {
- // if can't view all group role members and there is no Member Visible bit, then don't return this member's info
- unset($memberResults[$agentID]);
- }
- }
- }
-
- error_log("Returning " . count($memberResults) . " visible members for group $groupID for agent $agentID");
-
- if (count($memberResults) == 0)
- {
- return array('succeed' => 'false', 'error' => 'No Visible Group Members found', 'params' => var_export($params, TRUE), 'sql' => $sql);
- }
-
- return $memberResults;
- }
-
- function getAgentActiveMembership($params)
- {
- if( is_array($error = secureRequest($params, FALSE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $agentID = mysql_real_escape_string($params['AgentID']);
-
- $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish"
- ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
- ." , osgroupmembership.SelectedRoleID, osrole.Title"
- ." , osagent.ActiveGroupID "
- ." FROM osagent JOIN osgroup ON (osgroup.GroupID = osagent.ActiveGroupID)"
- ." JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID AND osagent.AgentID = osgroupmembership.AgentID)"
- ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
- ." WHERE osagent.AgentID = '$agentID'";
-
- $groupmembershipResult = mysql_query($sql, $groupDBCon);
- if (!$groupmembershipResult)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
- if (mysql_num_rows($groupmembershipResult) == 0)
- {
- return array('succeed' => 'false', 'error' => 'No Active Group Specified', 'params' => var_export($params, TRUE), 'sql' => $sql);
- }
- $groupMembershipInfo = mysql_fetch_assoc($groupmembershipResult);
-
- $groupID = $groupMembershipInfo['GroupID'];
- $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers"
- ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
- ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'";
- $groupPowersResult = mysql_query($sql, $groupDBCon);
- if (!$groupPowersResult)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
- $groupPowersInfo = mysql_fetch_assoc($groupPowersResult);
-
- return array_merge($groupMembershipInfo, $groupPowersInfo);
- }
-
- function getAgentRoles($params)
- {
- if( is_array($error = secureRequest($params, FALSE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $agentID = mysql_real_escape_string($params['AgentID']);
-
- $sql = " SELECT "
- ." osrole.RoleID, osrole.GroupID, osrole.Title, osrole.Name, osrole.Description, osrole.Powers"
- ." , CASE WHEN osgroupmembership.SelectedRoleID = osrole.RoleID THEN 1 ELSE 0 END AS Selected"
- ." FROM osgroupmembership JOIN osgrouprolemembership ON (osgroupmembership.GroupID = osgrouprolemembership.GroupID AND osgroupmembership.AgentID = osgrouprolemembership.AgentID)"
- ." JOIN osrole ON ( osgrouprolemembership.RoleID = osrole.RoleID AND osgrouprolemembership.GroupID = osrole.GroupID)"
- ." LEFT JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)"
- ." WHERE osgroupmembership.AgentID = '$agentID'";
-
- if( isset($params['GroupID']) )
- {
- $groupID = $params['GroupID'];
- $sql .= " AND osgroupmembership.GroupID = '$groupID'";
- }
-
- $roleResults = mysql_query($sql, $groupDBCon);
- if (!$roleResults)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if( mysql_num_rows($roleResults) == 0 )
- {
- return array('succeed' => 'false', 'error' => 'None found', 'params' => var_export($params, TRUE), 'sql' => $sql);
- }
-
- $roles = array();
- while($role = mysql_fetch_assoc($roleResults))
- {
- $ID = $role['GroupID'].$role['RoleID'];
- $roles[$ID] = $role;
- }
-
- return $roles;
- }
-
- function getGroupRoles($params)
- {
- if( is_array($error = secureRequest($params, FALSE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $groupID = mysql_real_escape_string($params['GroupID']);
-
- $sql = " SELECT "
- ." osrole.RoleID, osrole.Name, osrole.Title, osrole.Description, osrole.Powers, count(osgrouprolemembership.AgentID) as Members"
- ." FROM osrole LEFT JOIN osgrouprolemembership ON (osrole.GroupID = osgrouprolemembership.GroupID AND osrole.RoleID = osgrouprolemembership.RoleID)"
- ." WHERE osrole.GroupID = '$groupID'"
- ." GROUP BY osrole.RoleID, osrole.Name, osrole.Title, osrole.Description, osrole.Powers";
-
- $roleResults = mysql_query($sql, $groupDBCon);
- if (!$roleResults)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if( mysql_num_rows($roleResults) == 0 )
- {
- return array('succeed' => 'false', 'error' => 'No roles found for group', 'params' => var_export($params, TRUE), 'sql' => $sql);
- }
-
- $roles = array();
- while($role = mysql_fetch_assoc($roleResults))
- {
- $RoleID = $role['RoleID'];
- $roles[$RoleID] = $role;
- }
-
- return $roles;
- }
-
- function getGroupRoleMembers($params)
- {
- if( is_array($error = secureRequest($params, FALSE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
- $groupID = $params['GroupID'];
-
- $roleMembersVisibleBit = $groupPowers['RoleMembersVisible'];
- $canViewAllGroupRoleMembers = canAgentViewRoleMembers($requestingAgent, $groupID, '');
-
- $escapedGroupID = mysql_real_escape_string($groupID);
-
- $sql = " SELECT "
- ." osrole.RoleID, osgrouprolemembership.AgentID"
- ." , (osrole.Powers & $roleMembersVisibleBit) as MemberVisible"
- ." FROM osrole JOIN osgrouprolemembership ON (osrole.GroupID = osgrouprolemembership.GroupID AND osrole.RoleID = osgrouprolemembership.RoleID)"
- ." WHERE osrole.GroupID = '$escapedGroupID'";
-
- $memberResults = mysql_query($sql, $groupDBCon);
- if (!$memberResults)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if( mysql_num_rows($memberResults) == 0 )
- {
- return array('succeed' => 'false', 'error' => 'No role memberships found for group', 'params' => var_export($params, TRUE), 'sql' => $sql);
- }
-
- $members = array();
- while($member = mysql_fetch_assoc($memberResults))
- {
- if( $canViewAllGroupRoleMembers || $member['MemberVisible'] || ($member['AgentID'] == $requestingAgent) )
- {
- $Key = $member['AgentID'] . $member['RoleID'];
- $members[$Key ] = $member;
- }
- }
-
- if( count($members) == 0 )
- {
- return array('succeed' => 'false', 'error' => 'No role memberships visible for group', 'params' => var_export($params, TRUE), 'sql' => $sql);
- }
-
- return $members;
- }
-
- function setAgentGroupInfo($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
-
- if (isset($params['AgentID'])) {
- $agentID = mysql_real_escape_string($params['AgentID']);
- } else {
- $agentID = "";
- }
- if (isset($params['GroupID'])) {
- $groupID = mysql_real_escape_string($params['GroupID']);
- } else {
- $groupID = "";
- }
- if (isset($params['SelectedRoleID'])) {
- $roleID = mysql_real_escape_string($params['SelectedRoleID']);
- } else {
- $roleID = "";
- }
- if (isset($params['AcceptNotices'])) {
- $acceptNotices = mysql_real_escape_string($params['AcceptNotices']);
- } else {
- $acceptNotices = 1;
- }
- if (isset($params['ListInProfile'])) {
- $listInProfile = mysql_real_escape_string($params['ListInProfile']);
- } else {
- $listInProfile = 0;
- }
-
- if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) )
- {
- return array('error' => "Agent can only change their own group info", 'params' => var_export($params, TRUE));
- }
-
- $sql = " UPDATE "
- ." osgroupmembership"
- ." SET "
- ." AgentID = '$agentID'";
-
- if( isset($params['SelectedRoleID']) )
- {
- $sql .=" , SelectedRoleID = '$roleID'";
- }
- if( isset($params['AcceptNotices']) )
- {
- $sql .=" , AcceptNotices = $acceptNotices";
- }
- if( isset($params['ListInProfile']) )
- {
- $sql .=" , ListInProfile = $listInProfile";
- }
-
- $sql .=" WHERE osgroupmembership.GroupID = '$groupID' AND osgroupmembership.AgentID = '$agentID'";
-
- $memberResults = mysql_query($sql, $groupDBCon);
- if (!$memberResults)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- return array('success'=> 'true');
- }
-
- function getGroupNotices($params)
- {
- if( is_array($error = secureRequest($params, FALSE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $groupID = mysql_real_escape_string($params['GroupID']);
-
- $sql = " SELECT "
- ." GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket"
- ." FROM osgroupnotice"
- ." WHERE osgroupnotice.GroupID = '$groupID'";
-
- $results = mysql_query($sql, $groupDBCon);
- if (!$results)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if( mysql_num_rows($results) == 0 )
- {
- return array('succeed' => 'false', 'error' => 'No Notices', 'params' => var_export($params, TRUE), 'sql' => $sql);
- }
-
- $notices = array();
- while($notice = mysql_fetch_assoc($results))
- {
- $NoticeID = $notice['NoticeID'];
- $notices[$NoticeID] = $notice;
- }
-
- return $notices;
- }
-
- function getGroupNotice($params)
- {
- if( is_array($error = secureRequest($params, FALSE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $noticeID = mysql_real_escape_string($params['NoticeID']);
-
- $sql = " SELECT "
- ." GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket"
- ." FROM osgroupnotice"
- ." WHERE osgroupnotice.NoticeID = '$noticeID'";
-
- $results = mysql_query($sql, $groupDBCon);
- if (!$results)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if( mysql_num_rows($results) == 0 )
- {
- return array('succeed' => 'false', 'error' => 'Group Notice Not Found', 'params' => var_export($params, TRUE), 'sql' => $sql);
- }
-
- return mysql_fetch_assoc($results);
- }
-
- function addGroupNotice($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
- $groupID = mysql_real_escape_string($params['GroupID']);
- $noticeID = mysql_real_escape_string($params['NoticeID']);
- $fromName = mysql_real_escape_string($params['FromName']);
- $subject = mysql_real_escape_string($params['Subject']);
- $binaryBucket = mysql_real_escape_string($params['BinaryBucket']);
- $message = mysql_real_escape_string($params['Message']);
- $timeStamp = mysql_real_escape_string($params['TimeStamp']);
-
- if( is_array($error = checkGroupPermission($groupID, $groupPowers['SendNotices'])) )
- {
- return $error;
- }
-
- $sql = " INSERT INTO osgroupnotice"
- ." (GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket)"
- ." VALUES "
- ." ('$groupID', '$noticeID', $timeStamp, '$fromName', '$subject', '$message', '$binaryBucket')";
-
- $results = mysql_query($sql, $groupDBCon);
- if (!$results)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- return array('success' => 'true');
- }
-
- function addAgentToGroupInvite($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
-
- if( is_array($error = checkGroupPermission($params['GroupID'], $groupPowers['Invite'])) )
- {
- return $error;
- }
-
- $inviteID = mysql_real_escape_string($params['InviteID']);
- $groupID = mysql_real_escape_string($params['GroupID']);
- $roleID = mysql_real_escape_string($params['RoleID']);
- $agentID = mysql_real_escape_string($params['AgentID']);
-
- // Remove any existing invites for this agent to this group
- $sql = " DELETE FROM osgroupinvite"
- ." WHERE osgroupinvite.AgentID = '$agentID' AND osgroupinvite.GroupID = '$groupID'";
-
- $results = mysql_query($sql, $groupDBCon);
- if (!$results)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- // Add new invite for this agent to this group for the specifide role
- $sql = " INSERT INTO osgroupinvite"
- ." (InviteID, GroupID, RoleID, AgentID) VALUES ('$inviteID', '$groupID', '$roleID', '$agentID')";
-
- $results = mysql_query($sql, $groupDBCon);
- if (!$results)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- return array('success' => 'true');
- }
-
- function getAgentToGroupInvite($params)
- {
- if( is_array($error = secureRequest($params, FALSE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $inviteID = mysql_real_escape_string($params['InviteID']);
-
- $sql = " SELECT GroupID, RoleID, AgentID FROM osgroupinvite"
- ." WHERE osgroupinvite.InviteID = '$inviteID'";
-
- $results = mysql_query($sql, $groupDBCon);
- if (!$results)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- if( mysql_num_rows($results) == 1 )
- {
- $inviteInfo = mysql_fetch_assoc($results);
- $groupID = $inviteInfo['GroupID'];
- $roleID = $inviteInfo['RoleID'];
- $agentID = $inviteInfo['AgentID'];
-
- return array('success' => 'true', 'GroupID'=>$groupID, 'RoleID'=>$roleID, 'AgentID'=>$agentID);
- }
- else
- {
- return array('succeed' => 'false', 'error' => 'Invitation not found', 'params' => var_export($params, TRUE), 'sql' => $sql);
- }
- }
-
- function removeAgentToGroupInvite($params)
- {
- if( is_array($error = secureRequest($params, TRUE)) )
- {
- return $error;
- }
-
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
- $inviteID = mysql_real_escape_string($params['InviteID']);
-
- $sql = " DELETE FROM osgroupinvite"
- ." WHERE osgroupinvite.InviteID = '$inviteID'";
-
- $results = mysql_query($sql, $groupDBCon);
- if (!$results)
- {
- return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
- }
-
- return array('success' => 'true');
- }
-
- function secureRequest($params, $write = FALSE)
- {
- global $groupWriteKey, $groupReadKey, $verifiedReadKey, $verifiedWriteKey, $groupRequireAgentAuthForWrite, $requestingAgent;
- global $overrideAgentUserService;
-
- // Cache this for access by other security functions
- $requestingAgent = $params['RequestingAgentID'];
-
- if( isset($groupReadKey) && ($groupReadKey != '') && (!isset($verifiedReadKey) || ($verifiedReadKey !== TRUE)) )
- {
- if( !isset($params['ReadKey']) || ($params['ReadKey'] != $groupReadKey ) )
- {
- return array('error' => "Invalid (or No) Read Key Specified", 'params' => var_export($params, TRUE));
- }
- else
- {
- $verifiedReadKey = TRUE;
- }
- }
-
- if( ($write == TRUE) && isset($groupWriteKey) && ($groupWriteKey != '') && (!isset($verifiedWriteKey) || ($verifiedWriteKey !== TRUE)) )
- {
- if( !isset($params['WriteKey']) || ($params['WriteKey'] != $groupWriteKey ) )
- {
- return array('error' => "Invalid (or No) Write Key Specified", 'params' => var_export($params, TRUE));
- }
- else
- {
- $verifiedWriteKey = TRUE;
- }
- }
-
- if( ($write == TRUE) && isset($groupRequireAgentAuthForWrite) && ($groupRequireAgentAuthForWrite == TRUE) )
- {
- // Note: my brain can't do boolean logic this morning, so just putting this here instead of integrating with line above.
- // If the write key has already been verified for this request, don't check it again. This comes into play with methods that call other methods, such as CreateGroup() which calls Addrole()
- if( isset($verifiedWriteKey) && ($verifiedWriteKey !== TRUE))
- {
- return TRUE;
- }
-
- if( !isset($params['RequestingAgentID'])
- || !isset($params['RequestingAgentUserService'])
- || !isset($params['RequestingSessionID']) )
- {
- return array('error' => "Requesting AgentID and SessionID must be specified", 'params' => var_export($params, TRUE));
- }
-
- // NOTE: an AgentID and SessionID of $uuidZero will likely be a region making a request, that is not tied to a specific agent making the request.
-
- $UserService = $params['RequestingAgentUserService'];
- if( isset($overrideAgentUserService) && ($overrideAgentUserService != "") )
- {
- $UserService = $overrideAgentUserService;
- }
-
- $client = new xmlrpc_client($UserService);
- $client->return_type = 'phpvals';
-
- $verifyParams = new xmlrpcval(array('avatar_uuid' => new xmlrpcval($params['RequestingAgentID'], 'string')
- ,'session_id' => new xmlrpcval($params['RequestingSessionID'], 'string'))
- , 'struct');
-
- $message = new xmlrpcmsg("check_auth_session", array($verifyParams));
- $resp = $client->send($message, 5);
- if ($resp->faultCode())
- {
- return array('error' => "Error validating AgentID and SessionID"
- , 'xmlrpcerror'=> $resp->faultString()
- , 'params' => var_export($params, TRUE));
- }
-
- $verifyReturn = $resp->value();
-
- if( !isset($verifyReturn['auth_session']) || ($verifyReturn['auth_session'] != 'TRUE') )
- {
- return array('error' => "UserService.check_auth_session() did not return TRUE"
- , 'userservice' => var_export($verifyReturn, TRUE)
- , 'params' => var_export($params, TRUE));
-
- }
- }
-
- return TRUE;
- }
-
- function checkGroupPermission($GroupID, $Permission)
- {
- global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
-
- if( !isset($Permission) || ($Permission == 0) )
- {
- return array('error' => 'No Permission value specified for checkGroupPermission'
- , 'Permission' => $Permission);
- }
-
- // If it isn't set to true, then always return true, otherwise verify they have perms
- if( !isset($groupEnforceGroupPerms) || ($groupEnforceGroupPerms != TRUE) )
- {
- return true;
- }
-
- if( !isset($requestingAgent) || ($requestingAgent == $uuidZero) )
- {
- return array('error' => 'Requesting agent was either not specified or not validated.'
- , 'requestingAgent' => $requestingAgent);
- }
-
- $params = array('AgentID' => $requestingAgent, 'GroupID' => $GroupID);
- $reqAgentMembership = getAgentGroupMembership($params);
-
- if( isset($reqAgentMembership['error'] ) )
- {
- return array('error' => 'Could not get agent membership for group'
- , 'params' => var_export($params, TRUE)
- , 'nestederror' => $reqAgentMembership['error']);
- }
-
- // Worlds ugliest bitwise operation, EVER
- $PermMask = $reqAgentMembership['GroupPowers'];
- $PermValue = $Permission;
-
- global $groupDBCon;
- $sql = " SELECT $PermMask & $PermValue AS Allowed";
- $results = mysql_query($sql, $groupDBCon);
- if (!$results)
- {
- echo print_r( array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error()));
- }
- $PermMasked = mysql_result($results, 0);
-
- if( $PermMasked != $Permission )
- {
- $permNames = array_flip($groupPowers);
-
- return array('error' => 'Agent does not have group power to ' . $Permission .'('.$permNames[$Permission].')'
- , 'PermMasked' => $PermMasked
- , 'params' => var_export($params, TRUE)
- , 'permBitMaskSql' => $sql
- , 'Permission' => $Permission);
- }
-
- /*
- return array('error' => 'Reached end'
- , 'reqAgentMembership' => var_export($reqAgentMembership, TRUE)
- , 'GroupID' => $GroupID
- , 'Permission' => $Permission
- , 'PermMasked' => $PermMasked
- );
- */
- return TRUE;
- }
-
-
- $s = new xmlrpc_server(array(
- "test" => array("function" => "test")
- , "groups.createGroup" => array("function" => "createGroup", "signature" => $common_sig)
- , "groups.updateGroup" => array("function" => "updateGroup", "signature" => $common_sig)
- , "groups.getGroup" => array("function" => "getGroup", "signature" => $common_sig)
- , "groups.findGroups" => array("function" => "findGroups", "signature" => $common_sig)
-
- , "groups.getGroupRoles" => array("function" => "getGroupRoles", "signature" => $common_sig)
- , "groups.addRoleToGroup" => array("function" => "addRoleToGroup", "signature" => $common_sig)
- , "groups.removeRoleFromGroup" => array("function" => "removeRoleFromGroup", "signature" => $common_sig)
- , "groups.updateGroupRole" => array("function" => "updateGroupRole", "signature" => $common_sig)
- , "groups.getGroupRoleMembers" => array("function" => "getGroupRoleMembers", "signature" => $common_sig)
-
- , "groups.setAgentGroupSelectedRole" => array("function" => "setAgentGroupSelectedRole", "signature" => $common_sig)
- , "groups.addAgentToGroupRole" => array("function" => "addAgentToGroupRole", "signature" => $common_sig)
- , "groups.removeAgentFromGroupRole" => array("function" => "removeAgentFromGroupRole", "signature" => $common_sig)
-
- , "groups.getGroupMembers" => array("function" => "getGroupMembers", "signature" => $common_sig)
- , "groups.addAgentToGroup" => array("function" => "addAgentToGroup", "signature" => $common_sig)
- , "groups.removeAgentFromGroup" => array("function" => "removeAgentFromGroup", "signature" => $common_sig)
- , "groups.setAgentGroupInfo" => array("function" => "setAgentGroupInfo", "signature" => $common_sig)
-
- , "groups.addAgentToGroupInvite" => array("function" => "addAgentToGroupInvite", "signature" => $common_sig)
- , "groups.getAgentToGroupInvite" => array("function" => "getAgentToGroupInvite", "signature" => $common_sig)
- , "groups.removeAgentToGroupInvite" => array("function" => "removeAgentToGroupInvite", "signature" => $common_sig)
-
- , "groups.setAgentActiveGroup" => array("function" => "setAgentActiveGroup", "signature" => $common_sig)
- , "groups.getAgentGroupMembership" => array("function" => "getAgentGroupMembership", "signature" => $common_sig)
- , "groups.getAgentGroupMemberships" => array("function" => "getAgentGroupMemberships", "signature" => $common_sig)
- , "groups.getAgentActiveMembership" => array("function" => "getAgentActiveMembership", "signature" => $common_sig)
- , "groups.getAgentRoles" => array("function" => "getAgentRoles", "signature" => $common_sig)
-
- , "groups.getGroupNotices" => array("function" => "getGroupNotices", "signature" => $common_sig)
- , "groups.getGroupNotice" => array("function" => "getGroupNotice", "signature" => $common_sig)
- , "groups.addGroupNotice" => array("function" => "addGroupNotice", "signature" => $common_sig)
-
-
-
-
- ), false);
-
- $s->functions_parameters_type = 'phpvals';
- if (isset($debugXMLRPC) && $debugXMLRPC > 0 && isset($debugXMLRPCFile) && $debugXMLRPCFile != "")
- {
- $s->setDebug($debugXMLRPC);
- }
- $s->service();
-
- if (isset($debugXMLRPC) && $debugXMLRPC > 0 && isset($debugXMLRPCFile) && $debugXMLRPCFile != "")
- {
- $f = fopen($debugXMLRPCFile,"a");
- fwrite($f,"\n----- " . date("Y-m-d H:i:s") . " -----\n");
- $debugInfo = $s->serializeDebug();
- $debugInfo = split("\n",$debugInfo);
- unset($debugInfo[0]);
- unset($debugInfo[count($debugInfo) -1]);
- $debugInfo = join("\n",$debugInfo);
- fwrite($f,base64_decode($debugInfo));
- fclose($f);
- }
-
- mysql_close($groupDBCon);
-?>
--
cgit v1.1