function ezp_authandexec($user, $password, $functionName, $params)
{
$server = $GLOBALS['ggws_server'];
// replicate here logic found in user/login
$ini = eZINI::instance();
if ($ini->hasVariable('UserSettings', 'LoginHandler')) {
$loginHandlers = $ini->variable('UserSettings', 'LoginHandler');
} else {
$loginHandlers = array('standard');
}
foreach ($loginHandlers as $loginHandler) {
$userClass = eZUserLoginHandler::instance($loginHandler);
$user = $userClass->loginUser($user, $password);
if ($user instanceof eZUser) {
// do we need to check this, really?
//$hasAccessToSite = $user->canLoginToSiteAccess( $GLOBALS['eZCurrentAccess'] );
//if ( $hasAccessToSite )
//{
// check if new user has access to the actual ws
$access = ggeZWebservices::checkAccess($functionName, $user);
if (!$access) {
return new ggWebservicesFault(ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING);
}
if ($server->isInternalRequest($functionName)) {
return $server->handleInternalRequest($functionName, $params);
} else {
return $server->handleRequest($functionName, $params);
}
//}
//else
//{
// $user->logoutCurrent();
// // @todo ...
// //return $module->handleError( eZError::KERNEL_ACCESS_DENIED, 'kernel' );
// return new ggWebservicesFault( ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING );
//}
}
}
return new ggWebservicesFault(ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING);
}
/**
Executes the needed operator(s).
Checks operator names, and calls the appropriate functions.
*/
function modify(&$tpl, &$operatorName, &$operatorParameters, &$rootNamespace, &$currentNamespace, &$operatorValue, &$namedParameters)
{
switch ($operatorName) {
case 'washxml':
$operatorValue = str_replace(array('&', '"', "'", '<', '>'), array('&', '"', ''', '<', '>'), $operatorValue);
break;
case 'washxmlcomment':
// in xml comments the -- string is not permitted
$operatorValue = str_replace('--', '_-', $operatorValue);
break;
case 'washxmlcdata':
/// @todo
eZDebug::writeWarning('Template operator washxmlcdata not yet implemented, it should not be used!', __METHOD__);
break;
case 'xsdtype':
$operatorValue = ggWSDLParser::phpType2xsdType($operatorValue, $namedParameters['targetprefix'], $namedParameters['xsdprefix'], $namedParameters['soapencprefix']);
break;
case 'classInspect':
$operatorValue = ggeZWebservices::classInspect($operatorValue);
break;
}
}
}
// loop on methods
echo "</tbody>\n</table>";
break;
case 'execute':
$note = "";
$value = $response->value();
if ($value instanceof ggSimpleTemplateXML) {
$note = "<u>NB</u>: actual response is an object of class 'ggSimpleTemplateXML', it is shown as an array for convenience\n\n";
$value = $value->toArray();
}
echo '<div id="response"> ' . '<h2>Status code: ' . $response->statusCode() . '</h2>' . '<h2>Content type: ' . htmlspecialchars($response->contentType()) . '</h2>' . '<h2>Charset: ' . htmlspecialchars($response->charset()) . '</h2>' . '<h2>Response:</h2>' . $note . htmlspecialchars(print_r($value, true)) . '</div>';
break;
default:
// give a warning
}
}
}
} else {
// no action taken yet: give some instructions on debugger usage
$tpl = ggeZWebservices::eZTemplateFactory();
$tpl->setVariable('curl', extension_loaded('curl'));
echo $tpl->fetch("design:webservices/debugger/action_notes.tpl");
}
if ($action != 'inspect' || $debug) {
?>
</body>
</html>
<?php
}
eZExecution::cleanExit();
// it does not return to us different values for method not found / perms not accorded
if ($wsINI->variable('GeneralSettings', 'JscoreIntegration') == 'enabled' && class_exists('ezjscServerRouter')) {
if (strpos($functionName, '::') !== false) {
$jscserver = ezjscServerRouter::getInstance(array_merge(explode('::', $functionName), $params));
if ($jscserver != null) {
$jscresponse = $jscserver->call();
$server->showResponse($functionName, $namespaceURI, $jscresponse);
eZExecution::cleanExit();
die;
}
}
}
// if jscore did not answer yet, process request the standard way
// check perms
$user = eZUser::currentUser();
$access = ggeZWebservices::checkAccess($functionName, $user);
if (!$access) {
$server->showResponse($functionName, $namespaceURI, new ggWebservicesFault(ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING));
eZExecution::cleanExit();
die;
// $module->handleError( eZError::KERNEL_ACCESS_DENIED, 'kernel' );
}
if ($wsclass == 'PhpSOAP') {
$server->processRequestObj($request);
} else {
if ($server->isInternalRequest($functionName)) {
$response = $server->handleInternalRequest($functionName, $params);
} else {
$response = $server->handleRequest($functionName, $params);
}
$server->showResponse($functionName, $namespaceURI, $response);
/**
* Substitute for handleRquest() + echo results
*/
function processRequestObj($request)
{
$functionName = $request->name();
if (array_key_exists($functionName, $this->FunctionList)) {
/// we use a self-generated wsdl (even if user gave no param description), as it is supposedly better than nothing...
$wsdlUrl = ggeZWebservices::methodsWSDL($this, array($functionName), $functionName, true);
$server = new SoapServer($wsdlUrl, array('soap_version' => $request->getSoapVersion()));
foreach ($this->FunctionList as $function => $desc) {
$server->addFunction($function);
}
//ob_start();
$server->handle($request->payload());
//$response = ob_get_clean();
} else {
$this->showResponse($functionName, '...', new ggWebservicesFault(self::INVALIDMETHODERROR, self::INVALIDMETHODSTRING . " '{$functionName}'"));
}
}
$methods[] = $policy['Webservices'];
}
}
}
}
}
}
if ($methods === false) {
// Error access denied - shall we show an error response in protocol format instead of html?
return $module->handleError(eZError::KERNEL_ACCESS_DENIED, 'kernel');
}
// $method can be NULL (all methods), an array of methods or a single one
// make it more homogeneous
if ($methods == null) {
$methods = $server->registeredMethods();
} else {
if (is_string($methods)) {
// verify that $ws is a valid webservice, as we did not check above
if (!in_array($methods, $server->registeredMethods())) {
return $module->handleError(eZError::KERNEL_ACCESS_DENIED, 'kernel');
}
$methods = array($methods);
}
}
$wsdl = ggeZWebservices::methodsWSDL($server, $methods, $ws, false, $wsdl_version, $output_type, $external_typedefs);
if ($output_type != 'html') {
header('Content-type: application/wsdl+xml');
}
echo $wsdl;
}
eZExecution::cleanExit();
} else {
// if user wants global wsdl, only show him methods he can access
$methods[] = $policy['Webservices'];
}
}
}
}
}
}
if ($methods === false) {
// Error access denied - shall we show an error response in protocol format instead of html?
return $module->handleError(eZError::KERNEL_ACCESS_DENIED, 'kernel');
}
// $method can be NULL (all methods), an array of methods or a single one
// make it more homogeneous
if ($methods == null) {
$methods = $server->registeredMethods();
} else {
if (is_string($methods)) {
// verify that $ws is a valid webservice, as we did not check above
if (!in_array($methods, $server->registeredMethods())) {
return $module->handleError(eZError::KERNEL_ACCESS_DENIED, 'kernel');
}
$methods = array($methods);
}
}
$xsd = ggeZWebservices::methodsXSD($server, $methods, $ws);
header('Content-type: application/xml');
echo $xsd;
}
eZExecution::cleanExit();
eZExecution::cleanExit();
die;
}
// analyze request body
$namespaceURI = '';
$serverClass = 'gg' . $protocol . 'Server';
$server = new $serverClass();
$request = $server->parseRequest($data);
if (!is_object($request)) {
$server->showResponse('unknown_function_name', $namespaceURI, new ggWebservicesFault(ggWebservicesServer::INVALIDREQUESTERROR, ggWebservicesServer::INVALIDREQUESTSTRING));
eZExecution::cleanExit();
die;
}
// check perms
$user = eZUser::currentUser();
$access = ggeZWebservices::checkAccessToServer($remoteserver, $user);
if (!$access) {
// Error: access denied. We respond using an answer which is correct according
// to the protocol used by the caller, instead of going through the standard
// eZ access denied error handler, which displays in general an html page
// with a 200 OK http return code
$server->showResponse('unknown_function_name', $namespaceURI, new ggWebservicesFault(ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING));
eZExecution::cleanExit();
die;
// $module->handleError( eZError::KERNEL_ACCESS_DENIED, 'kernel' );
}
// execute method, return response as object
// this also does validation of server name
$response = ggeZWebservicesClient::send($remoteserver, $request->name(), $request->parameters(), true);
/// @var ggWebservicesResponse $response
$response = reset($response);
/// @todo also parse from ini forceCURL, requestCompression, acceptedCompression
}
switch ($target_list[$groupname]['providerType']) {
case 'JSONRPC':
$params .= '&wstype=1';
break;
case 'eZJSCore':
$params .= '&wstype=2';
break;
case 'PhpSOAP':
$params .= '&wstype=3';
break;
case 'REST':
$params .= '&wstype=4';
break;
}
$target_list[$groupname]['urlparams'] = $params;
}
}
}
}
// display the iframe_based template
$tpl = ggeZWebservices::eZTemplateFactory();
//$tpl->setVariable( 'query_string', $query_string );
$tpl->setVariable('target_list', $target_list);
$tpl->setVariable('server_list', $server_list);
$Result = array();
$Result['content'] = $tpl->fetch("design:webservices/debugger/frame.tpl");
$Result['left_menu'] = 'design:parts/wsdebugger/menu.tpl';
$Result['path'] = array(array('url' => 'webservices/debugger', 'text' => ggeZWebservices::ezpI18ntr('extension/webservices', 'WS Debugger')));
list($i18nSettings['internal-charset'], $i18nSettings['http-charset'], $i18nSettings['mbstring-extension']) = $ini->variableMulti('CharacterSettings', array('Charset', 'HTTPCharset', 'MBStringExtension'), array(false, false, 'enabled'));
//include_once( 'lib/ezi18n/classes/eztextcodec.php' );
eZTextCodec::updateSettings($i18nSettings);
}
// Initialize text codec settings
eZUpdateTextCodecSettings();
//include_once( 'lib/ezdb/classes/ezdb.php' );
//$db = eZDB::instance();
// Initialize module loading
//include_once( "lib/ezutils/classes/ezmodule.php" );
$moduleRepositories = eZModule::activeModuleRepositories();
eZModule::setGlobalPathList($moduleRepositories);
// Load extensions
$enable = $wsINI->variable('GeneralSettings', 'Enable' . strtoupper(WS_PROTOCOL));
if ($enable == 'true') {
eZSys::init(WS_PROTOCOL . '.php');
//include_once( 'kernel/classes/datatypes/ezuser/ezuser.php' );
// Login if we have username and password.
if (eZHTTPTool::username() and eZHTTPTool::password()) {
eZUser::loginUser(eZHTTPTool::username(), eZHTTPTool::password());
}
//include_once( 'lib/ezsoap/classes/ezsoapserver.php' );
$server_class = 'gg' . strtoupper(WS_PROTOCOL) . 'Server';
$server = new $server_class();
// nb: this will register methods declared only for $protocol or for all
// protocols, depending on ini settings
ggeZWebservices::registerAvailableMethods($server, WS_PROTOCOL);
$server->processRequest();
}
ob_end_flush();
eZExecution::cleanExit();
/**
* This method sends a XML-RPC/JSON-RPC/SOAP/REST Request to the provider,
* throwing an exception in case of major problems (ie. client-side errors)
*
* @param string $server provider name from the wsproviders.ini located in the extension's settings
* @param string $method the webservice method to be executed
* @param array $parameters parameters for the webservice method
* @param array $options extra options to be set into the ws client
* @return ggWebservicesResponse (a subclass of generally)
*
* @throws Exception
*/
private static function _call($server, $method, $parameters, $options = array())
{
// Gets provider's data from the conf
$ini = eZINI::instance('wsproviders.ini');
/// check: if section $server does not exist, error out here
if (!$ini->hasGroup($server)) {
ggeZWebservices::appendLogEntry('Trying to call service on undefined server: ' . $server, 'error');
throw new Exception('Trying to call service on undefined server: ' . $server);
}
$providerURI = $ini->variable($server, 'providerUri');
$providerType = $ini->variable($server, 'providerType');
$wsdl = $ini->hasVariable($server, 'WSDL') ? $ini->variable($server, 'WSDL') : '';
/// @deprecated all of the ini vars in this block of code are deprecated
$soapversion = $ini->hasVariable($server, 'SoapVersion') && strtolower($ini->variable($server, 'SoapVersion')) == 'soap12' ? 2 : 1;
// work even if php soap ext. disabled
//$providerAuthtype = $ini->hasVariable( $server, 'providerAuthtype' ) ? $ini->variable( $server, 'providerAuthtype' ) : false; /// @TODO: to be implemented
//$providerSSLRequired = $ini->hasVariable( $server, 'providerSSLRequired' ) ? $ini->variable( $server, 'providerSSLRequired' ) : false; /// @TODO: to be implemented
$providerUsername = $ini->hasVariable($server, 'providerUsername') ? $ini->variable($server, 'providerUsername') : false;
$providerPassword = $ini->hasVariable($server, 'providerPassword') ? $ini->variable($server, 'providerPassword') : false;
if ($ini->hasVariable($server, 'timeout')) {
$timeout = (int) $ini->variable($server, 'timeout');
} else {
$timeout = false;
}
// 'new style' server config: make it easier to define any desired client setting,
// even ones added in future releases, without having to parse it by hand in this class
$providerOptions = $ini->hasVariable($server, 'Options') ? $ini->variable($server, 'Options') : array();
// add the user-set options on top of the options set in ini file
$providerOptions = array_merge($providerOptions, $options);
/// @todo add support for proxy config in either $providerOptions or $options
// Proxy: if not specified per-target server, use global one
$providerProxy = '';
if (!$ini->hasVariable($server, 'ProxyServer')) {
$ini = eZINI::instance('site.ini');
$group = 'ProxySettings';
$proxyPrefix = '';
} else {
$group = $server;
$proxyPrefix = 'Proxy';
}
if ($ini->hasVariable($group, 'ProxyServer') && $ini->variable($group, 'ProxyServer') != '') {
$providerProxy = $ini->variable($group, 'ProxyServer');
$providerProxyPort = explode(':', $providerProxy);
if (count($providerProxyPort) > 1) {
$providerProxy = $providerProxyPort[0];
$providerProxyPort = $providerProxyPort[1];
} else {
$providerProxyPort = 0;
}
$providerProxyUser = '';
$providerProxyPassword = '';
if ($ini->hasVariable($group, $proxyPrefix . 'User')) {
$providerProxyUser = $ini->variable($group, $proxyPrefix . 'User');
if ($ini->hasVariable($group, $proxyPrefix . 'Password')) {
$providerProxyPassword = $ini->variable($group, $proxyPrefix . 'Password');
}
}
}
$clientClass = 'gg' . $providerType . 'Client';
$requestClass = 'gg' . $providerType . 'Request';
$responseClass = 'gg' . $providerType . 'Response';
switch ($providerType) {
case 'REST':
case 'JSONRPC':
case 'SOAP':
case 'PhpSOAP':
case 'eZJSCore':
case 'XMLRPC':
case 'HTTP':
$proxylog = '';
if ($providerProxy != '') {
$proxylog = "using proxy {$providerProxy}:{$providerProxyPort}";
}
$wsdllog = '';
if ($wsdl != '') {
$wsdllog = "(wsdl: {$wsdl})";
}
ggeZWebservices::appendLogEntry("Connecting to: {$providerURI} {$wsdllog} via {$providerType} {$proxylog}", 'debug');
if ($providerURI != '') {
$url = parse_url($providerURI);
if (!isset($url['scheme']) || !isset($url['host'])) {
ggeZWebservices::appendLogEntry("Error in user request: bad server url {$providerURI} for server {$server}", 'error');
throw new Exception("Error in user request: bad server url {$providerURI} for server {$server}");
}
if (!isset($url['path'])) {
$url['path'] = '/';
}
if (!isset($url['port'])) {
if ($url['scheme'] == 'https') {
$url['port'] = 443;
} else {
$url['port'] = 80;
}
}
} else {
if ($wsdl != '') {
$url = array('host' => '', 'path' => '', 'port' => 0, 'scheme' => null);
} else {
ggeZWebservices::appendLogEntry("Error in user request: no server url for server {$server}", 'error');
throw new Exception("Error in user request: no server url for server {$server}");
}
}
$client = new $clientClass($url['host'], $url['path'], $url['port'], $url['scheme'], $wsdl);
/// deprecated settings
if ($providerUsername != '') {
$client->setOptions(array('login' => $providerUsername, 'password' => $providerPassword));
}
if ($timeout) {
$client->setOption('timeout', $timeout);
}
if ($providerType == 'PhpSOAP') {
$client->setOption('soapVersion', $soapversion);
}
/// other settings
if ($providerProxy != '') {
$client->setOptions(array('proxyHost' => $providerProxy, 'proxyPort' => $providerProxyPort, 'proxyUser' => $providerProxyUser, 'proxyPassword' => $providerProxyPassword));
}
if (is_array($providerOptions)) {
$client->setOptions($providerOptions);
}
/// @todo shall we allow caller to override this setting?
if (ggeZWebservices::isLoggingEnabled('info')) {
$client->setOption('debug', 2);
}
if ($providerType == 'SOAP' || $providerType == 'PhpSOAP') {
$namespace = null;
if (is_array($method)) {
$namespace = $method[1];
$method = $method[0];
}
$request = new $requestClass($method, $parameters, $namespace);
} else {
$request = new $requestClass($method, $parameters);
}
$response = $client->send($request);
if (ggeZWebservices::isLoggingEnabled('info')) {
ggeZWebservices::appendLogEntry('Sent: ' . $client->requestPayload(), 'info');
ggeZWebservices::appendLogEntry('Received: ' . $client->responsePayload(), 'info');
}
if (!is_object($response)) {
ggeZWebservices::appendLogEntry('HTTP-level error ' . $client->errorNumber() . ': ' . $client->errorString(), 'error');
$response = new $responseClass($method);
$response->setValue(new ggWebservicesFault($client->errorNumber(), $client->errorString()));
return $response;
}
unset($client);
if ($response->isFault()) {
ggeZWebservices::appendLogEntry("{$providerType} protocol-level error " . $response->faultCode() . ':' . $response->faultString(), 'error');
}
return $response;
default:
// unsupported protocol
ggeZWebservices::appendLogEntry("Error in user request: unsupported protocol {$providerType}", 'error');
throw new Exception("Error in user request: unsupported protocol {$providerType}");
}
}