forked from vtiger-crm/vtigercrm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
webservice.php
128 lines (105 loc) · 3.98 KB
/
webservice.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php
/*+*******************************************************************************
* The contents of this file are subject to the vtiger CRM Public License Version 1.0
* ("License"); You may not use this file except in compliance with the License
* The Original Code is: vtiger CRM Open Source
* The Initial Developer of the Original Code is vtiger.
* Portions created by vtiger are Copyright (C) vtiger.
* All Rights Reserved.
********************************************************************************/
require_once("config.inc.php");
require_once("include/HTTP_Session/Session.php");
require_once 'include/Webservices/Utils.php';
require_once("include/Webservices/State.php");
require_once("include/Webservices/OperationManager.php");
require_once("include/Webservices/SessionManager.php");
require_once("include/Zend/Json.php");
require_once('include/logging.php');
require_once "include/language/$default_language.lang.php";
$API_VERSION = "0.22";
global $seclog,$log;
$seclog =& LoggerManager::getLogger('SECURITY');
$log =& LoggerManager::getLogger('webservice');
function getRequestParamsArrayForOperation($operation){
global $operationInput;
return $operationInput[$operation];
}
function setResponseHeaders() {
header('Content-type: application/json');
}
function writeErrorOutput($operationManager, $error){
setResponseHeaders();
$state = new State();
$state->success = false;
$state->error = $error;
unset($state->result);
$output = $operationManager->encode($state);
echo $output;
}
function writeOutput($operationManager, $data){
setResponseHeaders();
$state = new State();
$state->success = true;
$state->result = $data;
unset($state->error);
$output = $operationManager->encode($state);
echo $output;
}
$operation = vtws_getParameter($_REQUEST, "operation");
$operation = strtolower($operation);
$format = vtws_getParameter($_REQUEST, "format","json");
$sessionId = vtws_getParameter($_REQUEST,"sessionName");
$sessionManager = new SessionManager();
$operationManager = new OperationManager($adb,$operation,$format,$sessionManager);
try{
if(!$sessionId || strcasecmp($sessionId,"null")===0){
$sessionId = null;
}
$input = $operationManager->getOperationInput();
$adoptSession = false;
if(strcasecmp($operation,"extendsession")===0){
if(isset($input['operation'])){
// Workaround fix for PHP 5.3.x: $_REQUEST doesn't have PHPSESSID
if(isset($_REQUEST['PHPSESSID'])) {
$sessionId = vtws_getParameter($_REQUEST,"PHPSESSID");
} else {
// NOTE: Need to evaluate for possible security issues
$sessionId = vtws_getParameter($_COOKIE,'PHPSESSID');
}
// END
$adoptSession = true;
}else{
writeErrorOutput($operationManager,new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED,"Authencation required"));
return;
}
}
$sid = $sessionManager->startSession($sessionId,$adoptSession);
if(!$sessionId && !$operationManager->isPreLoginOperation()){
writeErrorOutput($operationManager,new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED,"Authencation required"));
return;
}
if(!$sid){
writeErrorOutput($operationManager, $sessionManager->getError());
return;
}
$userid = $sessionManager->get("authenticatedUserId");
if($userid){
$seed_user = new Users();
$current_user = $seed_user->retrieveCurrentUserInfoFromFile($userid);
}else{
$current_user = null;
}
$operationInput = $operationManager->sanitizeOperation($input);
$includes = $operationManager->getOperationIncludes();
foreach($includes as $ind=>$path){
require_once($path);
}
$rawOutput = $operationManager->runOperation($operationInput,$current_user);
writeOutput($operationManager, $rawOutput);
}catch(WebServiceException $e){
writeErrorOutput($operationManager,$e);
}catch(Exception $e){
writeErrorOutput($operationManager,
new WebServiceException(WebServiceErrorCode::$INTERNALERROR,"Unknown Error while processing request"));
}
?>