/** * Adds debugging information to outgoing packet */ function debugFilter(&$amf) { //Add trace headers before outputting if (!$GLOBALS['amfphp']['isFlashComm'] && !$GLOBALS['amfphp']['disableTrace']) { $headerresults = array(); // create a result array $headerresults[0] = array(); // create a sub array in results (CF seems to do this, don't know why) if (count(NetDebug::getTraceStack()) != 0) { $ts = NetDebug::getTraceStack(); $headerresults[0][] = new TraceHeader($ts); } if (Headers::getHeader("serviceBrowser") == true) { global $amfphp; $amfphp['totalTime'] = microtime_float() - $amfphp['startTime']; $headerresults[0][] = new ProfilingHeader(); } //Get the last body in the stack if (count($headerresults[0]) > 0) { $body =& $amf->getBodyAt($amf->numBody() - 1); $headers = new MessageBody(NULL, $body->responseIndex, NULL); // create a new amf body $headers->responseURI = $body->responseIndex . "/onDebugEvents"; // set the response uri of this body $headers->setResults($headerresults); // set the results. $amf->addBodyAt(0, $headers); } } }
/** * The service method runs the gateway application. It turns the gateway 'on'. You * have to call the service method as the last line of the gateway script after all of the * gateway configuration properties have been set. * * Right now the service method also includes a very primitive debugging mode that * just dumps the raw amf input and output to files. This may change in later versions. * The debugging implementation is NOT thread safe so be aware of file corruptions that * may occur in concurrent environments. */ function service() { //Set the parameters for the charset handler CharsetHandler::setMethod($this->_charsetMethod); CharsetHandler::setPhpCharset($this->_charsetPhp); CharsetHandler::setSqlCharset($this->_charsetSql); //Attempt to call charset handler to catch any uninstalled extensions $ch = new CharsetHandler('flashtophp'); $ch->transliterate('?'); $ch2 = new CharsetHandler('sqltophp'); $ch2->transliterate('?'); $GLOBALS['amfphp']['actions'] = $this->actions; if (!isset($GLOBALS['HTTP_RAW_POST_DATA'])) { $GLOBALS['HTTP_RAW_POST_DATA'] = file_get_contents('php://input'); } if (isset($GLOBALS["HTTP_RAW_POST_DATA"]) && $GLOBALS["HTTP_RAW_POST_DATA"] != "") { //Start NetDebug NetDebug::initialize(); error_reporting($GLOBALS['amfphp']['errorLevel']); //Enable loose mode if requested if ($this->_looseMode) { ob_start(); } $amf = new AMFObject($GLOBALS["HTTP_RAW_POST_DATA"]); // create the amf object if ($this->incomingMessagesFolder != NULL) { $mt = microtime(); $pieces = explode(' ', $mt); file_put_contents($this->incomingMessagesFolder . 'in.' . $pieces[1] . '.' . substr($pieces[0], 2) . ".amf", $GLOBALS["HTTP_RAW_POST_DATA"]); } foreach ($this->filters as $key => $filter) { $filter($amf); // invoke the first filter in the chain } $output = $amf->outputStream; // grab the output stream //Clear the current output buffer if requested if ($this->_looseMode) { ob_end_clean(); } //Send content length header //Thanks to Alec Horley for pointing out the necessity //of this for FlashComm support header(AMFPHP_CONTENT_TYPE); // define the proper header if (Headers::getHeader('serviceBrowser') == true) { //Add the total time header $toAddPos = strpos($output, "СА"); $time = (int) ((microtime_float() - $GLOBALS['amfphp']['startTime']) * 1000); $b = pack("d", $time); // pack the bytes if (AMFPHP_BIG_ENDIAN) { // if we are a big-endian processor $r = strrev($b); } else { // add the bytes to the output $r = $b; } $output = substr($output, 0, $toAddPos) . $r . substr($output, $toAddPos + 8); } //Send expire header, apparently helps for SSL //Thanks to Gary Rogers for that //And also to Lucas Filippi from openAMF list //And to Robert Reinhardt who appears to be the first who //documented the bug //Finally to Gary who appears to have find a solution which works even more reliably $dateStr = date("D, j M Y ") . date("H:i:s", strtotime("-2 days")); header("Expires: {$dateStr} GMT"); header("Pragma: no-store"); header("Cache-Control: no-store"); //else don't send any special headers at all if ($this->outgoingMessagesFolder != NULL) { $mt = microtime(); $pieces = explode(' ', $mt); file_put_contents($this->outgoingMessagesFolder . 'out.' . $pieces[1] . '.' . substr($pieces[0], 2) . ".amf", $output); } $doCompress = false; $outputCompression = @ini_get("zlib.output_compression"); if (!$outputCompression) { if (strlen($output) > $this->_gzipCompressionThreshold && extension_loaded("zlib") && strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== FALSE && $this->_enableGzipCompression) { $doCompress = true; ob_start(); ob_start('ob_gzhandler'); } else { header("Content-length: " . strlen($output)); } } print $output; // flush the binary data if ($doCompress) { ob_end_flush(); header("Content-length: " . ob_get_length()); ob_end_flush(); } } else { $versionData = explode("\n", file_get_contents(APP . DS . "plugins" . DS . "cpamf" . DS . "version.txt")); $cpamfVersion = $versionData[count($versionData) - 1]; echo "<p> CpAmf plugin v" . $cpamfVersion . " (CakePHP 1.2)</p>"; echo "<p>amfphp and this gateway are installed correctly. You may now connect " . "to this gateway from Flash.</p>"; if (function_exists("amf_decode")) { echo "<p>AMF C Extension is loaded " . ($GLOBALS['amfphp']['native'] ? "and enabled." : "but disabled") . "</p>"; } echo "<p>Note: If you're reading an " . "old tutorial, it will tell you that you should see a download " . "window instead of this message. This confused people so this is " . "the new behaviour starting from amfphp 1.2.</p><p>" . "<a href='http://www.amfphp.org/docs'>View the amfphp documentation</p>" . "<p><a href='browser'>Load the service browser</a></p>"; echo "<pre>"; } }
/** * MetaDataAction loads the required info from the methodTable */ function securityAction(&$amfbody) { if (!$amfbody->noExec) { $classConstruct =& $amfbody->getClassConstruct(); $methodName = $amfbody->methodName; $className = $amfbody->className; //Check if method exists if (!method_exists($classConstruct, $methodName)) { // check to see if the method exists $ex = new MessageException(E_USER_ERROR, "The method {" . $methodName . "} does not exist in class {" . $className . "}.", __FILE__, __LINE__, "AMFPHP_INEXISTANT_METHOD"); MessageException::throwException($amfbody, $ex); return false; } //Check if method is private (PHP4) if (strpos($methodName, '_') === 0) { // check to see if the method exists $ex = new MessageException(E_USER_ERROR, "The method {" . $methodName . "} starts with an underscore and is therefore considered private, so it cannot be remotely called.", __FILE__, __LINE__, "AMFPHP_PRIVATE_METHOD"); MessageException::throwException($amfbody, $ex); return false; } //Check to see if method is private or protected (PHP5) if (class_exists('ReflectionMethod')) { $method = new ReflectionMethod($className, $methodName); if (!$method->isPublic()) { $ex = new MessageException(E_USER_ERROR, "The method {" . $methodName . "} in {" . $className . "} is not public and therefore cannot be called.", __FILE__, __LINE__, "AMFPHP_PRIVATE_METHOD"); MessageException::throwException($amfbody, $ex); return false; } } $classConstruct =& $amfbody->getClassConstruct(); $methodName = $amfbody->methodName; $className = $amfbody->className; if (method_exists($classConstruct, "beforeFilter")) { //Pass throught the executive if (Headers::getHeader('Credentials') == true) { $header = Headers::getHeader('Credentials'); } //authenticationFilter($amf) $allow = Executive::doMethodCall($amfbody, $classConstruct, 'beforeFilter', array($methodName, $header["userid"], $header["password"])); if ($allow === '__amfphp_error' || $allow === false) { $ex = new MessageException(E_USER_ERROR, "Method access blocked by beforeFilter in " . $className . " class", __FILE__, __LINE__, "AMFPHP_AUTHENTICATE_ERROR"); MessageException::throwException($amfbody, $ex); return false; } } } return true; }