-
Notifications
You must be signed in to change notification settings - Fork 14
/
webservice.php
164 lines (136 loc) · 4.83 KB
/
webservice.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
<?php
/*************************************
* SPDX-FileCopyrightText: 2009-2020 Vtenext S.r.l. <[email protected]>
* SPDX-License-Identifier: AGPL-3.0-only
************************************/
require_once("config.inc.php");
require_once('include/utils/utils.php');
require_once("include/HTTP_Session/Session.php");
require_once 'include/Webservices/Utils.php';
require_once("include/Webservices/State.php");
require_once("include/Webservices/OperationManager.php");
require_once("include/Webservices/SessionManager.php");
require_once("include/Zend/Json.php");
require_once('include/logging.php');
require_once "include/language/$default_language.lang.php";
$API_VERSION = "0.22";
// crmv@91979
require_once('include/MaintenanceMode.php');
if (MaintenanceMode::check()) {
MaintenanceMode::displayWS();
die();
}
// crmv@91979e
// crmv@146653
if (PHP_MAJOR_VERSION >= 7) {
set_error_handler(function ($errno, $errstr) {
return (strpos($errstr, 'Declaration of') === 0);
}, E_WARNING);
}
// crmv@146653e
//crmv@sdk-18503 crmv@128133
require_once('modules/SDK/SDK.php');
SDK::getUtils();
//crmv@sdk-18503e crmv@128133e
global $seclog,$log;
$seclog =& LoggerManager::getLogger('SECURITY');
$log =& LoggerManager::getLogger('webservice');
// set timezone info
global $default_timezone;
if (!empty($default_timezone) && function_exists('date_default_timezone_set')) {
@date_default_timezone_set($default_timezone);
}
function getRequestParamsArrayForOperation($operation){
global $operationInput;
return $operationInput[$operation];
}
function setResponseHeaders() {
header('Content-type: application/json');
}
function writeErrorOutput($operationManager, $error){
setResponseHeaders();
$state = new State();
$state->success = false;
$state->error = $error;
unset($state->result);
$output = $operationManager->encode($state);
wsLog('output',$output); //crmv@OPER10174
echo $output;
}
function writeOutput($operationManager, $data){
setResponseHeaders();
$state = new State();
$state->success = true;
$state->result = $data;
unset($state->error);
$output = $operationManager->encode($state);
wsLog('output',$output); //crmv@OPER10174
echo $output;
}
//crmv@OPER10174 crmv@173186 crmv@176614
function wsLog($title,$str='',$new=false) {
global $site_URL;
// skip internal calls (ex. ProcessMaker)
if (stripos($_SERVER['HTTP_REFERER'],$site_URL) !== false) return;
// log the call (if disabled, it won't do anything)
VTESystemLogger::log('webservices', $title, $str, $new);
}
//crmv@OPER10174e crmv@173186e crmv@176614e
$operation = vtws_getParameter($_REQUEST, "operation");
$operation = strtolower($operation);
$format = vtws_getParameter($_REQUEST, "format","json");
$sessionId = vtws_getParameter($_REQUEST,"sessionName");
$sessionManager = new SessionManager();
$operationManager = new OperationManager($adb,$operation,$format,$sessionManager);
try{
if(!$sessionId || strcasecmp($sessionId,"null")===0){
$sessionId = null;
}
wsLog('request',print_r($_REQUEST,true),true); //crmv@OPER10174
$input = $operationManager->getOperationInput();
$adoptSession = false;
if(strcasecmp($operation,"extendsession")===0){
if(isset($input['operation'])){
// Workaround fix for PHP 5.3.x: $_REQUEST doesn't have PHPSESSID
if(isset($_REQUEST['PHPSESSID'])) {
$sessionId = vtws_getParameter($_REQUEST,"PHPSESSID");
} else {
// NOTE: Need to evaluate for possible security issues
$sessionId = vtws_getParameter($_COOKIE,'PHPSESSID');
}
// END
$adoptSession = true;
}else{
writeErrorOutput($operationManager,new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED,"Authencation required"));
return;
}
}
$sid = $sessionManager->startSession($sessionId,$adoptSession);
if(!$sessionId && !$operationManager->isPreLoginOperation()){
writeErrorOutput($operationManager,new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED,"Authencation required"));
return;
}
if(!$sid){
writeErrorOutput($operationManager, $sessionManager->getError());
return;
}
$userid = $sessionManager->get("authenticatedUserId");
if($userid){
$seed_user = CRMEntity::getInstance('Users');
$current_user = $seed_user->retrieveCurrentUserInfoFromFile($userid);
}else{
$current_user = null;
}
wsLog('',"userId:{$current_user->id} sessionName:$sessionId clientIP:".getIp()); //crmv@OPER10174 crmv@173186
$operationInput = $operationManager->sanitizeOperation($input);
$includes = $operationManager->getOperationIncludes();
foreach($includes as $ind=>$path){
require_once($path);
}
$rawOutput = $operationManager->runOperation($operationInput,$current_user);
writeOutput($operationManager, $rawOutput);
}catch(WebServiceException $e){
writeErrorOutput($operationManager,$e);
}catch(Exception $e){
writeErrorOutput($operationManager, new WebServiceException(WebServiceErrorCode::$INTERNALERROR,"Unknown Error while processing request"));
}