function api_output_send($rsp, $more = array())
{
$rsp['stat'] = isset($more['is_error']) ? 'error' : 'ok';
api_log(array('stat' => $rsp['stat']), 'write');
api_output_utils_start_headers($rsp, $more);
if (features_is_enabled("api_cors")) {
if ($origin = $GLOBALS['cfg']['api_cors_allow_origin']) {
header("Access-Control-Allow-Origin: " . htmlspecialchars($origin));
}
}
if (!request_isset("inline")) {
header("Content-Type: text/json");
}
$json = json_encode($rsp);
header("Content-Length: " . strlen($json));
echo $json;
exit;
}
/**
* Training Delete
*/
function training_delete()
{
// check training edit permission
if (!api_checkPermission("module-diary", "training_del")) {
api_die("trainingDenied");
}
// get objects
$training = api_moduleDiary_training($_GET['idTraining']);
if (!$training->id) {
exit(header("location: module-diary_list.php?alert=trainingNotFound&alert_class=alert-error"));
}
// execute queries
$GLOBALS['db']->execute("DELETE FROM `module-diary_trainings` WHERE `id`='" . $training->id . "'");
// log event
$log = api_log(API_LOG_WARNING, "module-diary", "trainingDeleted", "{logs_module-diary_trainingDeleted|" . $training->sport . "|" . $training->sort . "}", $training->id);
// redirect
$alert = "?alert=trainingDeleted&alert_class=alert-warning&idLog=" . $log->id;
exit(header("location: module-diary_list.php" . $alert));
}
function api_output_send($rsp, $callback, $more = array())
{
$rsp['stat'] = isset($more['is_error']) ? 'error' : 'ok';
api_log(array('stat' => $rsp['stat']), 'write');
api_output_utils_start_headers($rsp, $more);
if (features_is_enabled("api_cors")) {
if ($origin = $GLOBALS['cfg']['api_cors_allow_origin']) {
header("Access-Control-Allow-Origin: " . htmlspecialchars($origin));
}
}
$json = json_encode($rsp);
# http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
$jsonp = "/**/" . $callback . "(" . $json . ")";
header("Content-Disposition: attachment; filename=f.txt,");
header("X-Content-Type-Options: nosniff");
header("Content-Length: " . strlen($jsonp));
if (!request_isset("inline")) {
header("Content-Type: application/javascript");
}
echo $jsonp;
exit;
}
$result = 'ERROR';
$result_reason = "agent_user is not allowed to place manual dial calls";
echo "{$result}: {$result_reason} - {$agent_user}\n";
api_log($link, $api_logging, $api_script, $user, $agent_user, $function, $value, $result, $result_reason, $source, $data);
}
} else {
$result = 'ERROR';
$result_reason = "agent_user is not paused";
echo "{$result}: {$result_reason} - {$agent_user}\n";
api_log($link, $api_logging, $api_script, $user, $agent_user, $function, $value, $result, $result_reason, $source, $data);
}
} else {
$result = 'ERROR';
$result_reason = "agent_user is not logged in";
echo "{$result}: {$result_reason} - {$agent_user}\n";
api_log($link, $api_logging, $api_script, $user, $agent_user, $function, $value, $result, $result_reason, $source, $data);
}
}
}
################################################################################
### END - external_dial
################################################################################
if ($format == 'debug') {
$ENDtime = date("U");
$RUNtime = $ENDtime - $StarTtime;
echo "\n<!-- script runtime: {$RUNtime} seconds -->";
echo "\n</body>\n</html>\n";
}
exit;
##### FUNCTIONS #####
##### Logging #####
function api_dispatch($method)
{
if (!$GLOBALS['cfg']['enable_feature_api']) {
api_output_error(999, 'API disabled');
}
$method = filter_strict($method);
$api_key = request_str("api_key");
$access_token = request_str("access_token");
# Log the basics
api_log(array('api_key' => $api_key, 'method' => $method, 'access_token' => $access_token, 'remote_addr' => $_SERVER['REMOTE_ADDR']));
$methods = $GLOBALS['cfg']['api']['methods'];
if (!$method || !isset($methods[$method])) {
$enc_method = htmlspecialchars($method);
api_output_error(404, "Method '{$enc_method}' not found");
}
apache_setenv("API_METHOD", $method);
$method_row = $methods[$method];
$key_row = null;
$token_row = null;
if (!$method_row['enabled']) {
$enc_method = htmlspecialchars($method);
api_output_error(404, "Method '{$enc_method}' not found");
}
$method_row['name'] = $method;
if ($GLOBALS['cfg']['api_auth_type'] == 'oauth2') {
if ($_SERVER['REQUEST_METHOD'] != 'POST' && !$GLOBALS['cfg']['api_oauth2_allow_get_parameters']) {
api_output_error(405, 'Method not allowed');
}
}
if (isset($method_row['request_method'])) {
if ($_SERVER['REQUEST_METHOD'] != $method_row['request_method']) {
api_output_error(405, 'Method not allowed');
}
}
# Okay – now we get in to validation and authorization. Which means a
# whole world of pedantic stupid if we're using Oauth2. Note that you
# could use OAuth2 and require API keys be passed explictly but since
# that's not part of the spec if you enable the two features simultaneously
# don't be surprised when hilarity ensues. Good times. (20121026/straup)
# First API keys
if (features_is_enabled("api_require_keys")) {
if (!$api_key) {
api_output_error(999, "Required API key is missing");
}
$key_row = api_keys_get_by_key($api_key);
api_keys_utils_ensure_valid_key($key_row);
}
# Second auth-y bits
$auth_rsp = api_auth_ensure_auth($method_row, $key_row);
if (isset($auth_rsp['api_key'])) {
$key_row = $auth_rsp['api_key'];
}
if (isset($auth_rsp['access_token'])) {
$token_row = $auth_rsp['access_token'];
}
if ($auth_rsp['user']) {
$GLOBALS['cfg']['user'] = $auth_rsp['user'];
}
apache_setenv("API_KEY", $key_row['api_key']);
# Check for require-iness of users here ?
# Roles - for API keys (things like only the site keys)
api_config_ensure_role($method_row, $key_row, $token_row);
# Blessings and other method specific access controls
api_config_ensure_blessing($method_row, $key_row, $token_row);
# Finally, crumbs - because they are tastey
if ($method_row['requires_crumb']) {
api_auth_ensure_crumb($method_row);
}
# GO!
loadlib($method_row['library']);
$parts = explode(".", $method);
$method = array_pop($parts);
$func = "{$method_row['library']}_{$method}";
if (!function_exists($func)) {
api_output_error(404, "Method not found");
}
call_user_func($func);
exit;
}
