[Summary view] [Print] [Text view]

   1  <?php
   2  /*+*******************************************************************************
   3   * The contents of this file are subject to the vtiger CRM Public License Version 1.0
   4   * ("License"); You may not use this file except in compliance with the License
   5   * The Original Code is:  vtiger CRM Open Source
   6   * The Initial Developer of the Original Code is vtiger.
   7   * Portions created by vtiger are Copyright (C) vtiger.
   8   * All Rights Reserved.
   9   ********************************************************************************/
  10  
  11      require_once ("config.php");
  12      /**
  13      * URL Verfication - Required to overcome Apache mis-configuration and leading to shared setup mode.
  14      */
  15      if (file_exists('config_override.php')) {
  16          include_once 'config_override.php';
  17      }
  18  
  19      //Overrides GetRelatedList : used to get related query
  20      //TODO : Eliminate below hacking solution
  21      include_once  'include/Webservices/Relation.php';
  22  
  23      include_once  'vtlib/Vtiger/Module.php';
  24      include_once  'includes/main/WebUI.php';
  25  
  26      require_once ("libraries/HTTP_Session/Session.php");
  27      require_once  'include/Webservices/Utils.php';
  28      require_once ("include/Webservices/State.php");
  29      require_once ("include/Webservices/OperationManager.php");
  30      require_once ("include/Webservices/SessionManager.php");
  31      require_once ("include/Zend/Json.php");
  32      require_once ('include/logging.php');
  33  
  34      $API_VERSION = "0.22";
  35  
  36      global $seclog,$log;
  37      $seclog =& LoggerManager::getLogger('SECURITY');
  38      $log =& LoggerManager::getLogger('webservice');
  39  
  40  	function getRequestParamsArrayForOperation($operation){
  41          global $operationInput;
  42          return $operationInput[$operation];
  43      }
  44  
  45  	function setResponseHeaders() {
  46          header('Content-type: application/json');
  47      }
  48  
  49  	function writeErrorOutput($operationManager, $error){
  50  
  51          setResponseHeaders();
  52          $state = new State();
  53          $state->success = false;
  54          $state->error = $error;
  55          unset($state->result);
  56          $output = $operationManager->encode($state);
  57          echo $output;
  58  
  59      }
  60  
  61  	function writeOutput($operationManager, $data){
  62  
  63          setResponseHeaders();
  64          $state = new State();
  65          $state->success = true;
  66          $state->result = $data;
  67          unset($state->error);
  68          $output = $operationManager->encode($state);
  69          echo $output;
  70  
  71      }
  72  
  73      $operation = vtws_getParameter($_REQUEST, "operation");
  74      $operation = strtolower($operation);
  75      $format = vtws_getParameter($_REQUEST, "format","json");
  76      $sessionId = vtws_getParameter($_REQUEST,"sessionName");
  77  
  78      $sessionManager = new SessionManager();
  79      $operationManager = new OperationManager($adb,$operation,$format,$sessionManager);
  80  
  81      try{
  82          if(!$sessionId || strcasecmp($sessionId,"null")===0){
  83              $sessionId = null;
  84          }
  85  
  86          $input = $operationManager->getOperationInput();
  87          $adoptSession = false;
  88          if(strcasecmp($operation,"extendsession")===0){
  89              if(isset($input['operation'])){
  90                  // Workaround fix for PHP 5.3.x: $_REQUEST doesn't have PHPSESSID
  91                  if(isset($_REQUEST['PHPSESSID'])) {
  92                      $sessionId = vtws_getParameter($_REQUEST,"PHPSESSID");
  93                  } else {
  94                      // NOTE: Need to evaluate for possible security issues
  95                      $sessionId = vtws_getParameter($_COOKIE,'PHPSESSID');
  96                  }
  97                  // END
  98                  $adoptSession = true;
  99              }else{
 100                  writeErrorOutput($operationManager,new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED,"Authencation required"));
 101                  return;
 102              }
 103          }
 104          $sid = $sessionManager->startSession($sessionId,$adoptSession);
 105  
 106          if(!$sessionId && !$operationManager->isPreLoginOperation()){
 107              writeErrorOutput($operationManager,new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED,"Authencation required"));
 108              return;
 109          }
 110  
 111          if(!$sid){
 112              writeErrorOutput($operationManager, $sessionManager->getError());
 113              return;
 114          }
 115  
 116          $userid = $sessionManager->get("authenticatedUserId");
 117  
 118          if($userid){
 119  
 120              $seed_user = new Users();
 121              $current_user = $seed_user->retrieveCurrentUserInfoFromFile($userid);
 122  
 123          }else{
 124              $current_user = null;
 125          }
 126  
 127          $operationInput = $operationManager->sanitizeOperation($input);
 128          $includes = $operationManager->getOperationIncludes();
 129  
 130          foreach($includes as $ind=>$path){
 131              checkFileAccessForInclusion($path);
 132              require_once($path);
 133          }
 134          $rawOutput = $operationManager->runOperation($operationInput,$current_user);
 135          writeOutput($operationManager, $rawOutput);
 136      }catch(WebServiceException $e){
 137          writeErrorOutput($operationManager,$e);
 138      }catch(Exception $e){
 139          writeErrorOutput($operationManager,
 140              new WebServiceException(WebServiceErrorCode::$INTERNALERROR,"Unknown Error while processing request"));
 141      }
 142  ?>