<?php /*+******************************************************************************* * The contents of this file are subject to the vtiger CRM Public License Version 1.0 * ("License"); You may not use this file except in compliance with the License * The Original Code is: vtiger CRM Open Source * The Initial Developer of the Original Code is vtiger. * Portions created by vtiger are Copyright (C) vtiger. * All Rights Reserved. ********************************************************************************/ require_once("config.php"); /** * URL Verfication - Required to overcome Apache mis-configuration and leading to shared setup mode. */ if (file_exists('config_override.php')) { include_once 'config_override.php'; } //Overrides GetRelatedList : used to get related query //TODO : Eliminate below hacking solution include_once 'include/Webservices/Relation.php'; include_once 'vtlib/Vtiger/Module.php'; include_once 'includes/main/WebUI.php'; require_once("libraries/HTTP_Session2/HTTP/Session2.php"); require_once 'include/Webservices/Utils.php'; require_once("include/Webservices/State.php"); require_once("include/Webservices/OperationManager.php"); require_once("include/Webservices/SessionManager.php"); require_once("include/Zend/Json.php"); require_once('include/logging.php'); $API_VERSION = "0.22"; global $seclog,$log; $seclog =& LoggerManager::getLogger('SECURITY'); $log =& LoggerManager::getLogger('webservice'); function getRequestParamsArrayForOperation($operation){ global $operationInput; return $operationInput[$operation]; } function setResponseHeaders() { header('Content-type: application/json'); } function writeErrorOutput($operationManager, $error){ switch ($error->code) { case WebServiceErrorCode::$AUTHREQUIRED: case WebServiceErrorCode::$INVALIDUSERPWD: case WebServiceErrorCode::$SESSIONIDINVALID: case WebServiceErrorCode::$AUTHFAILURE: header("HTTP/1.0 401 Unauthorized"); break; case WebServiceErrorCode::$INTERNALERROR: case WebServiceErrorCode::$DATABASEQUERYERROR: header("HTTP/1.0 500 Internal Server Error"); break; case WebServiceErrorCode::$ACCESSDENIED: header("HTTP/1.0 403 Forbidden"); break; default: header("HTTP/1.0 400 Bad Request"); } setResponseHeaders(); $state = new State(); $state->success = false; $state->error = $error; unset($state->result); $output = (isset($operationManager)) ? $operationManager->encode($state) : $error->getMessage(); echo $output; } function writeOutput($operationManager, $data){ setResponseHeaders(); $state = new State(); $state->success = true; $state->result = $data; unset($state->error); $output = $operationManager->encode($state); echo $output; } $operation = vtws_getParameter($_REQUEST, "operation"); $operation = strtolower($operation); $format = vtws_getParameter($_REQUEST, "format","json"); $sessionId = vtws_getParameter($_REQUEST,"sessionName"); $sessionManager = new SessionManager(); try{ $operationManager = new OperationManager($adb,$operation,$format,$sessionManager); if(!$sessionId || strcasecmp($sessionId,"null")===0){ $sessionId = null; } $input = $operationManager->getOperationInput(); $adoptSession = false; if(strcasecmp($operation,"extendsession")===0){ if(isset($input['operation'])){ // Workaround fix for PHP 5.3.x: $_REQUEST doesn't have PHPSESSID if(isset($_REQUEST['PHPSESSID'])) { $sessionId = vtws_getParameter($_REQUEST,"PHPSESSID"); } else { // NOTE: Need to evaluate for possible security issues $sessionId = vtws_getParameter($_COOKIE,'PHPSESSID'); } // END $adoptSession = true; }else{ writeErrorOutput($operationManager,new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED,"Authencation required")); return; } } $sid = $sessionManager->startSession($sessionId,$adoptSession); if(!$sessionId && !$operationManager->isPreLoginOperation()){ writeErrorOutput($operationManager,new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED,"Authencation required")); return; } if(!$sid){ writeErrorOutput($operationManager, $sessionManager->getError()); return; } $userid = $sessionManager->get("authenticatedUserId"); if($userid){ $seed_user = new Users(); $current_user = $seed_user->retrieveCurrentUserInfoFromFile($userid); } else{ $current_user = null; } $operationInput = $operationManager->sanitizeOperation($input); $includes = $operationManager->getOperationIncludes(); foreach($includes as $ind=>$path){ checkFileAccessForInclusion($path); require_once($path); } $rawOutput = $operationManager->runOperation($operationInput,$current_user); writeOutput($operationManager, $rawOutput); } catch(WebServiceException $e){ writeErrorOutput($operationManager,$e); } catch(Exception $e){ writeErrorOutput($operationManager, new WebServiceException(WebServiceErrorCode::$INTERNALERROR,"Unknown Error while processing request")); }