//Parte per calcolare i tempi di esecuzione $mtime = microtime(); $mtime = explode(" ", $mtime); $mtime = $mtime[1] + $mtime[0]; $endtime = $mtime; $totaltime = number_format($endtime - $starttime, 15); $STAT_QUERY = "INSERT INTO STATS (REPOSITORY,DATA,EXECUTION_TIME,OPERATION) VALUES ('" . $_SERVER['REMOTE_ADDR'] . "',CURRENT_TIMESTAMP,'{$totaltime}','STOREDQUERY-B')"; $ris = query_exec2($STAT_QUERY, $connessione); writeSQLQueryService($ris . ": " . $STAT_QUERY); } ###################################################################### #### METTO L'ebXML SU STRINGA $ebXML_Response_SOAPED_string = makeSoapedSuccessStoredQueryResponse($Action, $MessageID, $ebXML_Response_string); ### SCRIVO LA RISPOSTA IN UN FILE $file_input = $idfile . "-ebxmlResponseSOAP.xml"; writeTmpQueryFiles($ebXML_Response_SOAPED_string, $file_input, true); writeTimeFile($idfile . "--StoredQuery: Creo file ebxmlResponseSOAP"); SendResponseFile($tmpQueryService_path . $file_input); //SendResponse($ebXML_Response_SOAPED_string,"application/soap+xml",(string)filesize($tmpQueryService_path.$idfile."-ebxmlResponseSOAP.xml")); // Clean tmp folder $system = PHP_OS; $windows = substr_count(strtoupper($system), "WIN"); if ($clean_cache == "O") { if ($windows > 0) { exec('del tmpQueryService\\' . $idfile . "* /q"); } else { exec('rm -Rf ' . $tmpQueryService_path . $idfile . "*"); } } unset($_SESSION['tmp_path']); unset($_SESSION['idfile']);
function controllaQuery($SQLQuery) { $errorcode = array(); $error_message = array(); $isQueryAllowed = true; ###DEFAULT $queryError = ""; $pos_1 = strpos(strtoupper($SQLQuery), "SELECT"); $pos_2 = strpos(strtoupper($SQLQuery), "*"); //$pos_3=strpos(strtoupper($SQLQuery),"%"); //$pos_4=strpos(strtoupper($SQLQuery),"LIKE"); ## Notate l'uso di === ### Il == non avrebbe risposto come atteso ##### ACCETTO SOLO QUERY DEL TIPO: SELECT eo.id FROM.... if (!($pos_1 === 0) || $pos_2) { $isQueryAllowed = false; $errorcode[] = "XDSSqlError"; $error_message[] = "[ERROR: NOT PROPER QUERY] - YOU ARE NOT ALLOWED TO PERFORM THIS KIND OF QUERY TO THIS REGISTRY[ " . avoidHtmlEntitiesInterpretation($SQLQuery) . " ]"; $query_not_allowed_response = makeSoapedFailureResponse($error_message, $errorcode); writeTimeFile($_SESSION['idfile'] . "--StoredQuery: Query NOT allowed"); $file_input = $_SESSION['idfile'] . "-query_not_allowed.xml"; writeTmpQueryFiles($query_not_allowed_response, $file_input, true); SendResponseFile($_SESSION['tmpQueryService_path'] . $file_input); //SendResponse($query_not_allowed_response); exit; } else { writeTimeFile($_SESSION['idfile'] . "--StoredQuery: Query allowed"); } $ret = array($isQueryAllowed, $queryError); return $ret; }
//Parte per calcolare i tempi di esecuzione $mtime = microtime(); $mtime = explode(" ", $mtime); $mtime = $mtime[1] + $mtime[0]; $endtime = $mtime; $totaltime = number_format($endtime - $starttime, 15); $STAT_QUERY = "INSERT INTO STATS (REPOSITORY,DATA,EXECUTION_TIME,OPERATION) VALUES ('" . $_SERVER['REMOTE_ADDR'] . "',CURRENT_TIMESTAMP,'{$totaltime}','QUERY-A')"; $ris = query_exec2($STAT_QUERY, $connessione); writeSQLQueryService($ris . ": " . $STAT_QUERY); } ##### IMBUSTO PER LA SPEDIZIONE $ebXML_Response_SOAPED_string = makeSoapedSuccessQueryResponse($ebXML_Response_string); ##################################################################### #################### RISPONDO ALLA QUERY ############################ ###### SCRIVO L'ebXML IMBUSTATO SOAP writeTmpQueryFiles($ebXML_Response_SOAPED_string, $idfile . "-ebxmlResponseSOAP.xml"); ############## PULISCO IL BUFFER DI USCITA ob_get_clean(); ### OKKIO FONDAMENTALE!!!!! ################QUI CI VA IL RESPONSE #### HEADERS header("HTTP/1.1 200 OK"); $path_header = "Path: {$www_REG_path}"; if ($http == "TLS") { ##### NEL CASO TLS AGGIUNGO LA DICITURA SECURE $path_header = $path_header . "; Secure"; } header($path_header); header("Content-Type: text/xml;charset=UTF-8"); header("Content-Length: " . (string) filesize($tmpQueryService_path . $idfile . "-ebxmlResponseSOAP.xml")); ##### FILE BODY
function writeTmpQueryFiles($log_text, $file_name, $mandatory = false) { //$mandatory indica se il file deve essere salvato. ### PATH COMPLETO AL FILE if (!isset($_SESSION['tmpQueryService_path'])) { $pathToFile = "./tmpQueryService/" . $file_name; } else { $pathToFile = $_SESSION['tmpQueryService_path'] . $file_name; } $writef = false; $nfile = 0; //Se il file è obbligatorio devo accertarmi che venga salvato if ($mandatory) { while (!$writef && $nfile < 10) { ### APERTURA DEL FILE IN FORMA TAIL ED IN SOLA SCRITTURA $handler_log = fopen($pathToFile, "wb+"); if ($handler_log) { ## CASO DI DATO TIPO ARRAY if (is_array($log_text)) { $txt = ""; ### IMPOSTA L'ARRAY NELLA FORMA [etichetta] = valore foreach ($log_text as $element => $value) { $txt = $txt . "{$element} = {$value}\n"; } //END OF foreach $log_text = $txt; } //END OF if(is_array($log_text)) if (fwrite($handler_log, $log_text) === FALSE) { sleep(1); $nfile++; } else { // Caso OK Riesce a aprire e scrivere il file correttamente $writef = true; } } else { sleep(1); $nfile++; } } //Fine while #### CHIUDO L'HANDLER fclose($handler_log); if (!$writef) { $errorcode[] = "XDSRegistryError"; $error_message[] = "Registry can't create tmp file. "; $tmp_response = makeSoapedFailureResponse($error_message, $errorcode); writeTimeFile($_SESSION['idfile'] . "--Registry: Tmp File error"); $file_input = $idfile . "-tmp_failure_response-" . $idfile; writeTmpQueryFiles($tmp_response, $file_input); SendResponse($tmp_response); exit; } } else { $handler_log = fopen($pathToFile, "wb+"); ## CASO DI DATO TIPO ARRAY if (is_array($log_text)) { $txt = ""; ### IMPOSTA L'ARRAY NELLA FORMA [etichetta] = valore foreach ($log_text as $element => $value) { $txt = $txt . "{$element} = {$value}\n"; } //END OF foreach $log_text = $txt; } //END OF if(is_array($log_text)) fwrite($handler_log, $log_text); fclose($handler_log); } #### RITORNO IL PATH AL FILE SCRITTO return $pathToFile; }
writeTimeFile($idfile . "--Repository Retrieve: Ho recuperato soapenv"); $dom = new DomDocument(); $dom->preserveWhiteSpace = FALSE; $dom->loadXML($body); $Action_node = $dom->getElementsByTagName('Action'); $Action = $Action_node->item(0)->nodeValue; writeTimeFile($idfile . "--Repository Retrieve: Action: " . $Action); $MessageID_node = $dom->getElementsByTagName('MessageID'); $MessageID = $MessageID_node->item(0)->nodeValue; writeTimeFile($idfile . "--Repository Retrieve: MessageID: " . $MessageID); if ($Action == "") { $failure_response = array("You must set the Action of the Request"); $error_code = array("XDSRepositoryActionError"); $SOAPED_failure_response = makeSoapedFailureResponse($failure_response, $error_code, $Action, $MessageID); $file_input = $idfile . "-SOAPED_Action_failure.xml"; writeTmpQueryFiles($SOAPED_failure_response, $file_input, true); SendResponseFile($_SESSION['tmpQueryService_path'] . $file_input); exit; } elseif ($Action != "urn:ihe:iti:2007:RetrieveDocumentSet") { $failure_response = array("This is a Retrieve Document Set transaction and you don't use the Action urn:ihe:iti:2007:RetrieveDocumentSet"); $error_code = array("XDSRepositoryActionError"); $SOAPED_failure_response = makeSoapedFailureResponse($failure_response, $error_code, $Action, $MessageID); $file_input = $idfile . "-SOAPED_Action_failure.xml"; writeTmpFiles($SOAPED_failure_response, $file_input, true); SendResponseFile($_SESSION['tmp_path'] . $file_input); exit; } $DocumentRequests = $dom->getElementsByTagName('DocumentRequest'); $DocumentRequests_array = array(); $file = array(); $documento_encoded64 = array();