/** * PHP5 SOAP implementation */ function webServiceAction_php5(&$amfbody, $webServiceURI, $webServiceMethod, $args, $phpInternalEncoding) { //Note that encoding is set to php internal encoding, //As SoapClient always sends and receives stuff in UTF-8 anyway if (class_exists('SoapClient')) { $client = new SoapClient($webServiceURI, array("exceptions" => 0, "trace" => 1, "encoding" => $phpInternalEncoding)); $response = $client->__soapCall($webServiceMethod, $args[0]); if (is_soap_fault($response)) { $ex = new AMFException(E_USER_ERROR, "SOAP error: " . $client->__getLastResponse(), __FILE__, __LINE__, "AMFPHP_SOAP_ERROR"); AMFException::throwException($amfbody, $ex); } return $response; } else { $ex = new AMFException(E_USER_ERROR, "PHP5 SoapClient is not installed", __FILE__, __LINE__, "AMFPHP_SOAP_NOT_INSTALLED_ERROR"); AMFException::throwException($amfbody, $ex); } }
function doAction(&$bodyObj) { $className = str_replace('.php', '', str_replace('/', '.', $bodyObj->getUriClassPath())); $method = $bodyObj->getMethodName(); $args = $bodyObj->getValue(); if (!$bodyObj->getIgnoreExecution()) { if ($bodyObj->getIsDynamicPage()) { $offset = $args[count($args) - 2] - 1; $limit = $args[count($args) - 1]; array_splice($args, -2); } else { $offset = 0; $limit = 3; } try { $records = $this->getRecords($className, $method, $args); } catch (Exception $fault) { $ex = new AMFException(E_USER_ERROR, $fault->getMessage(), $fault->getFile(), $fault->getLine()); $records = '__amfphp_error'; AMFException::throwException($bodyObj, $ex); } if ($records !== '__amfphp_error') { $dataSet = array_slice($records, $offset, $limit); $keys = array_keys($dataSet[0]); array_pop($keys); if ($bodyObj->getIsDynamicPage()) { $results = array("cursor" => $args[count($args) - 2] + 1, "data" => new Arrayf($dataSet, $keys)); $bodyObj->setType("__DYNAMIC_PAGE__"); } else { $results = array('class' => $bodyObj->getUriClassPath(), 'method' => $bodyObj->getMethodName(), 'count' => count($records), "args" => $args, "data" => new Arrayf($dataSet, $keys)); $bodyObj->setType('__DYNAMIC_PAGEABLE_RESULTSET__'); } $bodyObj->setResults($results); $bodyObj->setResponseURI($bodyObj->getResponseIndex() . "/onResult"); } } else { if ($bodyObj->getIsDynamicPage()) { $bodyObj->setResults(true); $bodyObj->setType('boolean'); $bodyObj->setResponseURI($bodyObj->getResponseIndex() . "/onResult"); } } return true; }
/** * Include a class * If there is an error, catch and return to caller */ function includeClass(&$bodyObj, $location) { $included = false; try { include_once $location; $included = true; } catch (Exception $fault) { $included = false; if (get_class($fault) == "VerboseException") { $ex = new AMFException($fault->code, $fault->getMessage(), $fault->file, $fault->line, 'AMFPHP_INCLUDE_ERROR'); } else { $ex = new AMFException(E_USER_ERROR, $fault->getMessage(), $fault->getFile(), $fault->getLine(), 'AMFPHP_INCLUDE_ERROR'); } AMFException::throwException($bodyObj, $ex); } return $included; }
/** * Security action checks that the caller has the credentials to run the remote methods */ function securityAction(&$amfbody) { $check = true; if (!$amfbody->noExec) { $classConstruct =& $amfbody->getClassConstruct(); $methodName = $amfbody->methodName; $className = $amfbody->className; if ($methodName == "_authenticate") { if (method_exists($classConstruct, "_authenticate")) { $credentials = $amfbody->getValue(); //Fix for error in _authenticate //Pass throught the executive $roles = Executive::doMethodCall($amfbody, $classConstruct, '_authenticate', array($credentials['userid'], $credentials['password'])); if ($roles !== '__amfphp_error' && $roles !== false && $roles !== "") { Authenticate::login($credentials['userid'], $roles); return false; } else { Authenticate::logout(); return false; } } else { $ex = new AMFException(E_USER_ERROR, "The _authenticate method was not found in the " . $className . " class", __FILE__, __LINE__, "AMFPHP_AUTHENTICATE_NOT_FOUND"); AMFException::throwException($amfbody, $ex); return false; } } //else //Check for gateway restrictions $methodRecord = $classConstruct->methodTable[$methodName]; // create a shortcut for the ugly path $instanceName = $GLOBALS['amfphp']['instanceName']; if (isset($instanceName) && isset($methodRecord['instance'])) { // see if we have an instance defined if ($instanceName != $methodRecord['instance']) { // if the names don't match die $ex = new AMFException(E_USER_ERROR, "The method {" . $methodName . "} instance name does not match this gateway's instance name.", __FILE__, __LINE__, "AMFPHP_INSTANCE_NAME_MISMATCH"); AMFException::throwException($amfbody, $ex); return false; } } else { if (isset($methodRecord['instance'])) { // see if the method has an instance defined if ($instanceName != $methodRecord['instance']) { // if the names don't match die $ex = new AMFException(E_USER_ERROR, "The restricted method {" . $methodName . "} is not allowed through a non-restricted gateway.", __FILE__, __LINE__, "AMFPHP_INSTANCE_NAME_RESTRICTION"); AMFException::throwException($amfbody, $ex); return false; } } } if (!isset($methodRecord['access']) || strtolower($methodRecord['access']) != "remote") { // make sure we can remotely call it $ex = new AMFException(E_USER_ERROR, "ACCESS DENIED: The method {" . $methodName . "} has not been declared a remote method.", __FILE__, __LINE__, "AMFPHP_METHOD_NOT_REMOTE"); AMFException::throwException($amfbody, $ex); return false; } if (isset($methodRecord['roles']) && !Authenticate::isUserInRole($methodRecord['roles'])) { $ex = new AMFException(E_USER_ERROR, "This user is not does not have access to {" . $methodName . "}.", __FILE__, __LINE__, "AMFPHP_AUTH_MISMATCH"); AMFException::throwException($amfbody, $ex); return false; } } return true; }