public function query($q)
{
$parser = new Parser($this->user, $q);
$error = $parser->parse();
if ($error) {
return $parser->getError();
}
$mysql_query = $parser->getSql();
$meta = $parser->getObjectMetaData();
$this->pearDB->startTransaction();
$result = $this->pearDB->pquery($mysql_query, array());
$error = $this->pearDB->hasFailedTransaction();
$this->pearDB->completeTransaction();
if ($error) {
throw new WebServiceException(WebServiceErrorCode::$DATABASEQUERYERROR, "Database error while performing required operation");
}
$noofrows = $this->pearDB->num_rows($result);
$output = array();
for ($i = 0; $i < $noofrows; $i++) {
$row = $this->pearDB->fetchByAssoc($result, $i);
if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $row["crmid"])) {
continue;
}
$output[] = DataTransform::sanitizeDataWithColumn($row, $meta);
}
return $output;
}
public function query($q)
{
$parser = new Parser($this->user, $q);
if (stripos($q, 'related.') > 0) {
// related query
require_once 'include/Webservices/Utils.php';
require_once 'include/Webservices/GetRelatedRecords.php';
$queryParameters['columns'] = trim(substr($q, 6, stripos($q, ' from ') - 5));
$moduleRegex = "/[fF][rR][Oo][Mm]\\s+([^\\s;]+)/";
preg_match($moduleRegex, $q, $m);
$relatedModule = trim($m[1]);
$moduleRegex = "/[rR][eE][lL][aA][tT][eE][dD]\\.([^\\s;]+)\\s*=\\s*([^\\s;]+)/";
preg_match($moduleRegex, $q, $m);
$moduleName = trim($m[1]);
$id = trim($m[2], "(')");
$mysql_query = __getRLQuery($id, $moduleName, $relatedModule, $queryParameters, $this->user);
// where, limit and order
$afterwhere = substr($q, stripos($q, ' where ') + 6);
// eliminate related conditions
$relatedCond = "/\\(*[rR][eE][lL][aA][tT][eE][dD]\\.([^\\s;]+)\\s*=\\s*([^\\s;]+)\\)*\\s*([aA][nN][dD]|[oO][rR]\\s)*/";
preg_match($relatedCond, $afterwhere, $pieces);
$glue = isset($pieces[3]) ? trim($pieces[3]) : 'and';
$afterwhere = trim(preg_replace($relatedCond, '', $afterwhere), ' ;');
$relatedCond = "/\\s+([aA][nN][dD]|[oO][rR])+\\s+([oO][rR][dD][eE][rR])+/";
$afterwhere = trim(preg_replace($relatedCond, ' order ', $afterwhere), ' ;');
$relatedCond = "/\\s+([aA][nN][dD]|[oO][rR])+\\s+([lL][iI][mM][iI][tT])+/";
$afterwhere = trim(preg_replace($relatedCond, ' limit ', $afterwhere), ' ;');
// if related is at the end of condition we need to strip last and|or
if (strtolower(substr($afterwhere, -3)) == 'and') {
$afterwhere = substr($afterwhere, 0, strlen($afterwhere) - 3);
}
if (strtolower(substr($afterwhere, -2)) == 'or') {
$afterwhere = substr($afterwhere, 0, strlen($afterwhere) - 2);
}
// transform REST ids
$relatedCond = "/=\\s*'*\\d+x(\\d+)'*/";
$afterwhere = preg_replace($relatedCond, ' = $1 ', $afterwhere);
// kill unbalanced parenthesis
$balanced = 0;
$pila = array();
for ($ch = 0; $ch < strlen($afterwhere); $ch++) {
if ($afterwhere[$ch] == '(') {
$pila[$balanced] = array('pos' => $ch, 'dir' => '(');
$balanced++;
} elseif ($afterwhere[$ch] == ')') {
if ($balanced > 0 and $pila[$balanced - 1]['dir'] == '(') {
array_pop($pila);
$balanced--;
} else {
$pila[$balanced] = array('pos' => $ch, 'dir' => ')');
$balanced++;
}
}
}
foreach ($pila as $paren) {
$afterwhere[$paren['pos']] = ' ';
}
// transform artificial commentcontent for FAQ and Ticket comments
if (strtolower($relatedModule) == 'modcomments' and (strtolower($moduleName) == 'helpdesk' or strtolower($moduleName) == 'faq')) {
$afterwhere = str_ireplace('commentcontent', 'comments', $afterwhere);
}
// transform fieldnames to columnnames
$handler = vtws_getModuleHandlerFromName($relatedModule, $this->user);
$meta = $handler->getMeta();
$fldmap = $meta->getFieldColumnMapping();
$tblmap = $meta->getColumnTableMapping();
$tok = strtok($afterwhere, ' ');
$chgawhere = '';
while ($tok !== false) {
if (!empty($fldmap[$tok])) {
$chgawhere .= (strpos($tok, '.') ? '' : $tblmap[$fldmap[$tok]] . '.') . $fldmap[$tok] . ' ';
} else {
$chgawhere .= $tok . ' ';
}
$tok = strtok(' ');
}
$afterwhere = $chgawhere;
if (!empty($afterwhere)) {
$start = strtolower(substr(trim($afterwhere), 0, 5));
if ($start != 'limit' and $start != 'order') {
// there is a condition we add the glue
$mysql_query .= " {$glue} ";
}
$mysql_query .= " {$afterwhere}";
}
if (stripos($q, 'count(*)') > 0) {
$mysql_query = str_ireplace(' as count ', '', mkCountQuery($mysql_query));
}
} else {
$error = $parser->parse();
if ($error) {
return $parser->getError();
}
$mysql_query = $parser->getSql();
$meta = $parser->getObjectMetaData();
}
$this->pearDB->startTransaction();
$result = $this->pearDB->pquery($mysql_query, array());
$error = $this->pearDB->hasFailedTransaction();
$this->pearDB->completeTransaction();
if ($error) {
throw new WebServiceException(WebServiceErrorCode::$DATABASEQUERYERROR, vtws_getWebserviceTranslatedString('LBL_' . WebServiceErrorCode::$DATABASEQUERYERROR));
}
$noofrows = $this->pearDB->num_rows($result);
$output = array();
for ($i = 0; $i < $noofrows; $i++) {
$row = $this->pearDB->fetchByAssoc($result, $i);
if (!$meta->hasPermission(EntityMeta::$RETRIEVE, $row["crmid"])) {
continue;
}
$output[] = DataTransform::sanitizeDataWithColumn($row, $meta);
}
return $output;
}
function post()
{
global $page;
if (config::get("post_password") == '' || crypt($_POST['password'], config::get("post_password")) == config::get("post_password") || $page->isAdmin()) {
$parser = new Parser($_POST['killmail']);
// Filtering
if (config::get('filter_apply')) {
$filterdate = config::get('filter_date');
$year = substr($_POST['killmail'], 0, 4);
$month = substr($_POST['killmail'], 5, 2);
$day = substr($_POST['killmail'], 8, 2);
$killstamp = mktime(0, 0, 0, $month, $day, $year);
if ($killstamp < $filterdate) {
$killid = -3;
} else {
$killid = $parser->parse(true, null, false);
}
} else {
$killid = $parser->parse(true, null, false);
}
if ($killid <= 0) {
if ($killid == 0) {
$html = "Killmail is malformed.<br/>";
if ($errors = $parser->getError()) {
foreach ($errors as $error) {
$html .= 'Error: ' . $error[0];
if ($error[1]) {
$html .= ' The text leading to this error was: "' . $error[1] . '"';
}
$html .= '<br/>';
}
}
} elseif ($killid == -1) {
$url = edkURI::page('kill_detail', $parser->getDupeID(), 'kll_id');
$html = "That killmail has already been posted <a href=\"" . edkURI::page('kill_detail', $parser->getDupeID(), 'kll_id') . "\">here</a>.";
} elseif ($killid == -2) {
$html = "You are not authorized to post this killmail.";
} elseif ($killid == -3) {
$filterdate = kbdate("j F Y", config::get("filter_date"));
$html = "You are not allowed to post killmails older than" . " {$filterdate}.";
} elseif ($killid == -4) {
$html = "That mail has been deleted. Kill id was " . $parser->getDupeID();
if ($page->isAdmin()) {
$html .= '<br />
<form id="postform" name="postform" class="f_killmail" method="post" action="' . edkURI::page('post') . '">
<input type="hidden" name="killmail" id="killmail" value = "' . htmlentities($_POST['killmail']) . '"/>
<input type="hidden" name="kll_id" id="kill_id" value = "' . $parser->getDupeID() . '"/>
<input type="hidden" name="undelete" id="undelete" value = "1"/>
<input id="submit" name="submit" type="submit" value="Undelete" />
</form>';
}
}
} else {
if (config::get('post_mailto') != "") {
$mailer = new PHPMailer();
$kill = new Kill($killid);
if (!($server = config::get('post_mailserver'))) {
$server = 'localhost';
}
$mailer->From = "mailer@" . config::get('post_mailhost');
$mailer->FromName = config::get('post_mailhost');
$mailer->Subject = "Killmail #" . $killid;
$mailer->Host = $server;
$mailer->Port = 25;
$mailer->Helo = $server;
$mailer->Mailer = "smtp";
$mailer->AddReplyTo("no_reply@" . config::get('post_mailhost'), "No-Reply");
$mailer->Sender = "mailer@" . config::get('post_mailhost');
$mailer->Body = $_POST['killmail'];
$mailer->AddAddress(config::get('post_mailhost'));
$mailer->Send();
}
logger::logKill($killid);
header("Location: " . htmlspecialchars_decode(edkURI::page('kill_detail', $killid, 'kll_id')));
exit;
}
} else {
$html = "Invalid password.";
}
return $html;
}
public function wsVTQL2SQL($q, &$meta, &$queryRelatedModules)
{
require_once 'include/Webservices/GetExtendedQuery.php';
if (__FQNExtendedQueryIsRelatedQuery($q)) {
// related query
require_once 'include/Webservices/GetRelatedRecords.php';
$queryParameters = array();
$queryParameters['columns'] = trim(substr($q, 6, stripos($q, ' from ') - 5));
$moduleRegex = "/[fF][rR][Oo][Mm]\\s+([^\\s;]+)/";
preg_match($moduleRegex, $q, $m);
$relatedModule = trim($m[1]);
$moduleRegex = "/[rR][eE][lL][aA][tT][eE][dD]\\.([^\\s;]+)\\s*=\\s*([^\\s;]+)/";
preg_match($moduleRegex, $q, $m);
$moduleName = trim($m[1]);
$id = trim($m[2], "(')");
$mysql_query = __getRLQuery($id, $moduleName, $relatedModule, $queryParameters, $this->user);
// where, limit and order
$afterwhere = substr($q, stripos($q, ' where ') + 6);
// eliminate related conditions
$relatedCond = "/\\(*[rR][eE][lL][aA][tT][eE][dD]\\.([^\\s;]+)\\s*=\\s*([^\\s;]+)\\)*\\s*([aA][nN][dD]|[oO][rR]\\s)*/";
preg_match($relatedCond, $afterwhere, $pieces);
$glue = isset($pieces[3]) ? trim($pieces[3]) : 'and';
$afterwhere = trim(preg_replace($relatedCond, '', $afterwhere), ' ;');
$relatedCond = "/\\s+([aA][nN][dD]|[oO][rR])+\\s+([oO][rR][dD][eE][rR])+/";
$afterwhere = trim(preg_replace($relatedCond, ' order ', $afterwhere), ' ;');
$relatedCond = "/\\s+([aA][nN][dD]|[oO][rR])+\\s+([lL][iI][mM][iI][tT])+/";
$afterwhere = trim(preg_replace($relatedCond, ' limit ', $afterwhere), ' ;');
// if related is at the end of condition we need to strip last and|or
if (strtolower(substr($afterwhere, -3)) == 'and') {
$afterwhere = substr($afterwhere, 0, strlen($afterwhere) - 3);
}
if (strtolower(substr($afterwhere, -2)) == 'or') {
$afterwhere = substr($afterwhere, 0, strlen($afterwhere) - 2);
}
// transform REST ids
$relatedCond = "/=\\s*'*\\d+x(\\d+)'*/";
$afterwhere = preg_replace($relatedCond, ' = $1 ', $afterwhere);
// kill unbalanced parenthesis
$balanced = 0;
$pila = array();
for ($ch = 0; $ch < strlen($afterwhere); $ch++) {
if ($afterwhere[$ch] == '(') {
$pila[$balanced] = array('pos' => $ch, 'dir' => '(');
$balanced++;
} elseif ($afterwhere[$ch] == ')') {
if ($balanced > 0 and $pila[$balanced - 1]['dir'] == '(') {
array_pop($pila);
$balanced--;
} else {
$pila[$balanced] = array('pos' => $ch, 'dir' => ')');
$balanced++;
}
}
}
foreach ($pila as $paren) {
$afterwhere[$paren['pos']] = ' ';
}
// transform artificial commentcontent for FAQ and Ticket comments
if (strtolower($relatedModule) == 'modcomments' and (strtolower($moduleName) == 'helpdesk' or strtolower($moduleName) == 'faq')) {
$afterwhere = str_ireplace('commentcontent', 'comments', $afterwhere);
}
$relhandler = vtws_getModuleHandlerFromName($moduleName, $this->user);
$relmeta = $relhandler->getMeta();
$queryRelatedModules[$moduleName] = $relmeta;
// transform fieldnames to columnnames
$handler = vtws_getModuleHandlerFromName($relatedModule, $this->user);
$meta = $handler->getMeta();
$fldmap = $meta->getFieldColumnMapping();
$tblmap = $meta->getColumnTableMapping();
$tok = strtok($afterwhere, ' ');
$chgawhere = '';
while ($tok !== false) {
if (!empty($fldmap[$tok])) {
$chgawhere .= (strpos($tok, '.') ? '' : $tblmap[$fldmap[$tok]] . '.') . $fldmap[$tok] . ' ';
} else {
$chgawhere .= $tok . ' ';
}
$tok = strtok(' ');
}
$afterwhere = $chgawhere;
if (!empty($afterwhere)) {
$start = strtolower(substr(trim($afterwhere), 0, 5));
if ($start != 'limit' and $start != 'order') {
// there is a condition we add the glue
$mysql_query .= " {$glue} ";
}
$mysql_query .= " {$afterwhere}";
}
if (stripos($q, 'count(*)') > 0) {
$mysql_query = str_ireplace(' as count ', '', mkCountQuery($mysql_query));
}
} elseif (__FQNExtendedQueryIsFQNQuery($q)) {
// FQN extended syntax
list($mysql_query, $queryRelatedModules) = __FQNExtendedQueryGetQuery($q, $this->user);
$moduleRegex = "/[fF][rR][Oo][Mm]\\s+([^\\s;]+)/";
preg_match($moduleRegex, $q, $m);
$fromModule = trim($m[1]);
$handler = vtws_getModuleHandlerFromName($fromModule, $this->user);
$meta = $handler->getMeta();
} else {
$parser = new Parser($this->user, $q);
$error = $parser->parse();
if ($error) {
return $parser->getError();
}
$mysql_query = $parser->getSql();
$meta = $parser->getObjectMetaData();
}
return $mysql_query;
}
/**
* processes SOAP message received from client.
*
* @param array $headers The HTTP headers
* @param string $data unprocessed request data from client
*
* @return mixed value of the message, decoded into a PHP type
*/
public function parseRequest($headers, $data)
{
$this->debug('Entering parseRequest() for data of length ' . strlen($data) . ' headers:');
$this->appendDebug($this->varDump($headers));
if (!isset($headers['content-type'])) {
$this->setError('Request not of type text/xml (no content-type header)');
return false;
}
if (!strstr($headers['content-type'], 'text/xml')) {
$this->setError('Request not of type text/xml');
return false;
}
if (strpos($headers['content-type'], '=')) {
$enc = str_replace('"', '', substr(strstr($headers['content-type'], '='), 1));
$this->debug('Got response encoding: ' . $enc);
if (preg_match('/^(ISO-8859-1|US-ASCII|UTF-8)$/i', $enc)) {
$this->xml_encoding = strtoupper($enc);
} else {
$this->xml_encoding = 'US-ASCII';
}
} else {
// should be US-ASCII for HTTP 1.0 or ISO-8859-1 for HTTP 1.1
$this->xml_encoding = 'ISO-8859-1';
}
$this->debug('Use encoding: ' . $this->xml_encoding . ' when creating Boskee\\Soap\\Parser');
// parse response, get soap parser obj
$parser = new Parser($data, $this->xml_encoding, '', $this->decode_utf8);
// parser debug
$this->debug("parser debug: \n" . $parser->getDebug());
// if fault occurred during message parsing
if ($err = $parser->getError()) {
$this->result = 'fault: error in msg parsing: ' . $err;
$this->fault('SOAP-ENV:Client', "error in msg parsing:\n" . $err);
// else successfully parsed request into soapval object
} else {
// get/set methodname
$this->methodURI = $parser->root_struct_namespace;
$this->methodname = $parser->root_struct_name;
$this->debug('methodname: ' . $this->methodname . ' methodURI: ' . $this->methodURI);
$this->debug('calling parser->get_soapbody()');
$this->methodparams = $parser->get_soapbody();
// get SOAP headers
$this->requestHeaders = $parser->getHeaders();
// get SOAP Header
$this->requestHeader = $parser->get_soapheader();
// add document for doclit support
$this->document = $parser->document;
}
}
/**
* processes SOAP message returned from server.
*
* @param array $headers The HTTP headers
* @param string $data unprocessed response data from server
*
* @return mixed value of the message, decoded into a PHP type
*/
public function parseResponse($headers, $data)
{
$this->debug('Entering parseResponse() for data of length ' . strlen($data) . ' headers:');
$this->appendDebug($this->varDump($headers));
if (!isset($headers['content-type'])) {
$this->setError('Response not of type text/xml (no content-type header)');
return false;
}
if (!strstr($headers['content-type'], 'text/xml')) {
$this->setError('Response not of type text/xml: ' . $headers['content-type']);
return false;
}
if (strpos($headers['content-type'], '=')) {
$enc = str_replace('"', '', substr(strstr($headers['content-type'], '='), 1));
$this->debug('Got response encoding: ' . $enc);
if (preg_match('/^(ISO-8859-1|US-ASCII|UTF-8)$/i', $enc)) {
$this->xml_encoding = strtoupper($enc);
} else {
$this->xml_encoding = 'US-ASCII';
}
} else {
// should be US-ASCII for HTTP 1.0 or ISO-8859-1 for HTTP 1.1
$this->xml_encoding = 'ISO-8859-1';
}
$this->debug('Use encoding: ' . $this->xml_encoding . ' when creating Boskee\\Soap\\Parser');
$parser = new Parser($data, $this->xml_encoding, $this->operation, $this->decode_utf8);
// add parser debug data to our debug
$this->appendDebug($parser->getDebug());
// if parse errors
if ($errstr = $parser->getError()) {
$this->setError($errstr);
// destroy the parser object
unset($parser);
return false;
} else {
// get SOAP headers
$this->responseHeaders = $parser->getHeaders();
// get SOAP headers
$this->responseHeader = $parser->get_soapheader();
// get decoded message
$return = $parser->get_soapbody();
// add document for doclit support
$this->document = $parser->document;
// destroy the parser object
unset($parser);
// return decode message
return $return;
}
}
