From 32d853efe4cd338677e3a3727b5fdda9e44b3f6b Mon Sep 17 00:00:00 2001 From: konrad Date: Fri, 7 Aug 2009 20:44:00 +0000 Subject: [PATCH] *switched machine interface to new framework *implemented web communication - compiles, but UNTESTED! *removed sub-full-serializers git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@318 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33 --- src/customer.cpp | 12 +- src/customer.h | 1 + src/mainwindow.cpp | 3 +- src/msinterface.cpp | 16 ++- src/msinterface.h | 2 +- src/order.cpp | 2 +- src/overview.cpp | 4 +- src/phpscan.pri | 26 ++- src/user.cpp | 22 +- src/user.h | 4 +- src/wbase/WInterface.h | 8 +- src/wbase/WTransaction.cpp | 4 +- src/wbase/WTransaction.h | 7 +- wob/event.wolf | 8 +- wob/magicsmoke.wolf | 6 +- wob/order.wolf | 18 +- wob/user.wolf | 23 ++- woc/phpout.cpp | 78 ++++--- woc/phpout.h | 2 +- woc/processor.cpp | 20 -- woc/processor.h | 9 +- woc/qtout.cpp | 261 ++++++++++++++------ woc/qtout.h | 5 + www/config.php.template | 10 - www/inc/loader_nonadmin.php | 1 - www/inc/machine/autoload.php | 4 +- www/inc/machine/cauth_hash.php | 35 --- www/inc/machine/cauth_mhash.php | 35 --- www/inc/machine/cauth_string.php | 31 --- www/inc/machine/session.php | 263 +++++++++------------ www/inc/machine/version.inc | 12 +- www/inc/machine/version.php | 8 + www/inc/wbase/transaction.php | 7 + www/machine.php | 488 +------------------------------------- 34 files changed, 478 insertions(+), 957 deletions(-) delete mode 100644 www/inc/machine/cauth_hash.php delete mode 100644 www/inc/machine/cauth_mhash.php delete mode 100644 www/inc/machine/cauth_string.php diff --git a/src/customer.cpp b/src/customer.cpp index 1a93a2d..aed971b 100644 --- a/src/customer.cpp +++ b/src/customer.cpp @@ -132,9 +132,10 @@ void MCustomerListDialog::updateList(int nid) MTGetAllCustomerNames gac=req->queryGetAllCustomerNames(); if(gac.stage()!=gac.Success)return; m_list.clear(); - QListcl=gac.getcustomers(); - for(int i=0;icl=gac.getcustomers(); + //FIXME +// for(int i=0;iclear(); m_listmodel->insertRows(0,m_list.size()); @@ -265,7 +266,8 @@ MCustomerDialog::MCustomerDialog(MCustomer c,QWidget*par) m_addr->setPlainText(m_cust.address()); gl->addWidget(new QLabel(tr("Contact Information:")),++lc,0); gl->addWidget(m_cont=new QTextEdit,lc,1); - m_cont->setPlainText(m_cust.contact()); + //FIXME +// m_cont->setPlainText(m_cust.contact()); gl->setRowMinimumHeight(++lc,10); gl->addWidget(new QLabel(tr("Web-Login/eMail:")),++lc,0); gl->addWidget(m_mail=new QLabel(m_cust.email()),lc,1); @@ -291,7 +293,7 @@ MCustomer MCustomerDialog::getCustomer() m_cust.setname(m_name->text()); //TODO: redo address editing //m_cust.setaddress(m_addr->toPlainText()); - m_cust.setcontact(m_cont->toPlainText()); + //m_cust.setcontact(m_cont->toPlainText()); m_cust.setcomments(m_comm->toPlainText()); return m_cust; } diff --git a/src/customer.h b/src/customer.h index d123af7..3653381 100644 --- a/src/customer.h +++ b/src/customer.h @@ -17,6 +17,7 @@ #include #include +#include "MOCustomerShort.h" #include "MOCustomer.h" /**this class expands on MOCustomer to add some convenience methods*/ diff --git a/src/mainwindow.cpp b/src/mainwindow.cpp index 9c553aa..54b7821 100644 --- a/src/mainwindow.cpp +++ b/src/mainwindow.cpp @@ -229,7 +229,8 @@ void MMainWindow::startLogin() QString hn; if(usealterhost->isChecked())hn=alterhostname->text(); else hn=QSettings().value("hostname").toString(); - if(!mw->login(username->text(),password->text(),hn)){ + QString hk=QSettings().value("hostkey").toString(); + if(!mw->login(username->text(),password->text(),hn,hk)){ QMessageBox::warning(this,tr("Warning"),tr("Unable to log in.")); mw->deleteLater(); setEnabled(true); diff --git a/src/msinterface.cpp b/src/msinterface.cpp index 92b6eca..f4a5526 100644 --- a/src/msinterface.cpp +++ b/src/msinterface.cpp @@ -11,9 +11,23 @@ // #include "msinterface.h" +#include MSInterface::MSInterface(QString pid) :MInterface() { profileid=pid; -} \ No newline at end of file +} + +bool MSInterface::login(QString username,QString passwd,QString hostname,QString hostkey) +{ + MTLogin lg=MTLogin::query(username,passwd,hostname,hostkey); + if(lg.stage()==lg.Error) + QMessageBox::warning(0,tr("Warning"),tr("Login failed: %1").arg(tr(lg.errorString().toAscii()))); + else + setSessionId(lg.getsessionid()); + return lg.stage()==lg.Success; +} + + void logout(){} + bool relogin(){return false;} diff --git a/src/msinterface.h b/src/msinterface.h index bf7b04c..6ef9060 100644 --- a/src/msinterface.h +++ b/src/msinterface.h @@ -23,7 +23,7 @@ class MSInterface:public MInterface static MSInterface* instance(){return qobject_cast(MInterface::instance());} - bool login(QString,QString,QString){return false;} + bool login(QString username,QString passwd,QString hostname,QString hostkey); void logout(){} bool relogin(){return false;} QString currentUser()const{return "";} diff --git a/src/order.cpp b/src/order.cpp index ce823a0..9384883 100644 --- a/src/order.cpp +++ b/src/order.cpp @@ -403,7 +403,7 @@ QString MTicket::ticketReturn() bool MTicket::isToBePaid()const { - if(status()==Bought || status()==Used)return true; + if(status()==Ordered || status()==Used)return true; else return false; } diff --git a/src/overview.cpp b/src/overview.cpp index 8feed63..b7b61f0 100644 --- a/src/overview.cpp +++ b/src/overview.cpp @@ -465,7 +465,7 @@ void MOverview::eventCancel() MOEvent ev=getev.getevent(); QString r=QInputDialog::getText(this,tr("Cancel Event"),tr("Please enter a reason to cancel event \"%1\" or abort:").arg(ev.title()),QLineEdit::Normal,"",&ok); if(!ok)return; - MTCancelEvent cev=MTCancelEvent::queryWeb(id,r); + MTCancelEvent cev=MTCancelEvent::query(id,r); if(!cev.hasError()) QMessageBox::information(this,tr("Event Cancelled"),tr("The event \"%1\" has been cancelled. Please inform everybody who bought a ticket.").arg(ev.title())); else @@ -516,7 +516,7 @@ void MOverview::newUser() //get password QString pwd=QInputDialog::getText(this,tr("Password"),tr("Please enter an initial password for the user:"),QLineEdit::Password); //send request - req->queryCreateUser(name,pwd); + req->queryCreateUser(name,pwd,""); //update display updateUsers(); } diff --git a/src/phpscan.pri b/src/phpscan.pri index 7452b1c..d78279e 100644 --- a/src/phpscan.pri +++ b/src/phpscan.pri @@ -51,8 +51,9 @@ HEADERS += \ ../www/inc/wob/wo_User.php \ ../www/inc/wob/wtr_SetUserDescription.php \ ../www/inc/wob/wtr_GetAllHostNames.php \ -../www/inc/wob/wo_HostAcl.php \ ../www/inc/wob/wt_room.php \ +../www/inc/wob/wt_item.php \ +../www/inc/wob/wt_eventprice.php \ ../www/inc/wob/wtr_GetAllShipping.php \ ../www/inc/wob/wt_customer.php \ ../www/inc/wob/wo_CartVoucher.php \ @@ -60,42 +61,54 @@ HEADERS += \ ../www/inc/wob/wt_host.php \ ../www/inc/wob/wt_country.php \ ../www/inc/wob/wo_Country.php \ -../www/inc/wob/wt_userhosts.php \ +../www/inc/wob/wo_CustomerShort.php \ +../www/inc/wob/wtr_Logout.php \ ../www/inc/wob/wtr_GetUserRoles.php \ +../www/inc/wob/wt_seatplan.php \ ../www/inc/wob/wo_Ticket.php \ ../www/inc/wob/wt_config.php \ +../www/inc/wob/wt_artist.php \ ../www/inc/wob/wtr_SetUserRoles.php \ ../www/inc/wob/wtr_ChangePassword.php \ +../www/inc/wob/wt_contact.php \ ../www/inc/wob/wtr_DeleteUser.php \ ../www/inc/wob/wo_Voucher.php \ ../www/inc/wob/wtr_GetTicket.php \ ../www/inc/wob/wtr_CancelEvent.php \ ../www/inc/wob/wo_Host.php \ ../www/inc/wob/wo_CartOrder.php \ -../www/inc/wob/wo_UserRole.php \ +../www/inc/wob/wt_userhost.php \ ../www/inc/wob/wt_cart_voucher.php \ ../www/inc/wob/wt_voucher.php \ ../www/inc/wob/wo_CartTicket.php \ ../www/inc/wob/wt_ticket.php \ ../www/inc/wob/wtr_GetAllRooms.php \ ../www/inc/wob/wt_moneylog.php \ +../www/inc/wob/wtr_GetMyRights.php \ ../www/inc/wob/wtr_ServerInfo.php \ ../www/inc/wob/wtr_Login.php \ ../www/inc/wob/wtr_GetVoucher.php \ -../www/inc/wob/wt_users.php \ +../www/inc/wob/wt_documentlog.php \ +../www/inc/wob/wt_role.php \ ../www/inc/wob/wtr_GetAllHosts.php \ ../www/inc/wob/wtr_GetCustomer.php \ +../www/inc/wob/wo_ContactType.php \ ../www/inc/wob/wt_cart_ticket.php \ +../www/inc/wob/wt_product.php \ ../www/inc/wob/wtr_GetOrder.php \ ../www/inc/wob/wtr_SetHost.php \ ../www/inc/wob/wt_template.php \ ../www/inc/wob/wo_Room.php \ ../www/inc/wob/wtr_GetEvent.php \ ../www/inc/wob/wt_shipping.php \ +../www/inc/wob/wt_user.php \ +../www/inc/wob/wt_contacttype.php \ ../www/inc/wob/wt_address.php \ ../www/inc/wob/wtr_GetMyRoles.php \ ../www/inc/wob/wtr_GetAllUsers.php \ ../www/inc/wob/autoload.php \ +../www/inc/wob/wt_cart_item.php \ +../www/inc/wob/wt_pricecategory.php \ ../www/inc/wob/wo_Address.php \ ../www/inc/wob/wo_Customer.php \ ../www/inc/wob/wt_websession.php \ @@ -103,17 +116,16 @@ HEADERS += \ ../www/inc/wob/wo_Order.php \ ../www/inc/wob/transaction.php \ ../www/inc/wob/wtr_SetUserHosts.php \ +../www/inc/wob/wt_roleright.php \ +../www/inc/wob/wo_Contact.php \ ../www/inc/wob/wtr_GetUserHosts.php \ ../www/inc/wob/wt_userrole.php \ ../www/inc/wob/wo_Event.php \ ../www/inc/wob/wtr_DeleteHost.php \ ../www/inc/global_variables.php \ ../www/inc/global_functions.php \ -../www/inc/machine/cauth_hash.php \ -../www/inc/machine/cauth_mhash.php \ ../www/inc/machine/host.php \ ../www/inc/machine/version.php \ -../www/inc/machine/cauth_string.php \ ../www/inc/machine/template.php \ ../www/inc/machine/session.php \ ../www/inc/machine/autoload.php \ diff --git a/src/user.cpp b/src/user.cpp index e16afb8..4c7b18b 100644 --- a/src/user.cpp +++ b/src/user.cpp @@ -29,7 +29,7 @@ bool MUser::create(QString pwd) //do not attempt to save invalid or incomplete data if(!isValid())return false; //call - MTCreateUser cu=req->queryCreateUser(name(),pwd); + MTCreateUser cu=req->queryCreateUser(name(),pwd,""); //check success if(cu.stage()==cu.Success){ operator=(cu.getuser().value()); @@ -84,16 +84,17 @@ MCheckList MUser::getRoles() MTGetUserRoles gr=req->queryGetUserRoles(name()); //check success MCheckList ret; + //TODO: also get roles we don't have and do something about rights if(gr.stage()==gr.Success){ - QListlr=gr.getroles(); + QListlr=gr.getroles(); for(int i=0;ilr; for(int i=0;iquerySetUserRoles(name(),lr); if(sur.stage()==sur.Success)return true; - else return false; + else*/ return false; } MCheckList MUser::getHosts() -{ +{/*TODO //call MTGetUserHosts gh=req->queryGetUserHosts(name()); //check success @@ -120,11 +121,11 @@ MCheckList MUser::getHosts() ret.addItem(new MUserHost(hl[i])); } } - return ret; + return ret;*/ return MCheckList(); } bool MUser::setHosts(const MCheckList&cl) -{ +{/*TODO //create DOM QList hal; for(int i=0;iquerySetUserHosts(name(),hal); if(suh.stage()==suh.Success)return true; - else return false; + else*/ return false; } /********************************************************/ @@ -216,11 +217,12 @@ MUserHost::MUserHost(QString h,bool s) m_set=s; } +/*TODO MUserHost::MUserHost(const MOHostAcl&a) { m_host=a.hostname(); m_set=a.isset(); -} +}*/ QString MUserHost::host()const { diff --git a/src/user.h b/src/user.h index 98bae85..e49f125 100644 --- a/src/user.h +++ b/src/user.h @@ -88,7 +88,7 @@ class MAcl:public MCheckItem bool m_set; }; -class MOHostAcl; +// class MOHostAcl; /**overwrites MCheckItem to represent a host item for the user*/ class MUserHost:public MCheckItem { @@ -96,7 +96,7 @@ class MUserHost:public MCheckItem MUserHost(); MUserHost(const MUserHost&); MUserHost(QString,bool); - MUserHost(const MOHostAcl&); + //MUserHost(const MOHostAcl&); /**returns the host this item represents*/ virtual QString host()const; diff --git a/src/wbase/WInterface.h b/src/wbase/WInterface.h index 29b2983..94a0908 100644 --- a/src/wbase/WInterface.h +++ b/src/wbase/WInterface.h @@ -65,6 +65,9 @@ class WInterface:public QObject /**returns the current log level*/ LogLevel logLevel()const{return loglvl;} + + /**returns the current session ID*/ + QString sessionId()const{return m_sessid;} public slots: /**set log level*/ @@ -80,11 +83,14 @@ class WInterface:public QObject /**sets the URL of the interface*/ void setUrl(QUrl u){m_url=u;} + + /**sets the session id to be transmitted*/ + void setSessionId(QString sid){m_sessid=sid;} private: static QMapinst; QUrl m_url; - QString m_proxyhost,m_proxyuser,m_proxypass; + QString m_proxyhost,m_proxyuser,m_proxypass,m_sessid; unsigned short m_proxyport; int m_wtimeout; LogLevel loglvl; diff --git a/src/wbase/WTransaction.cpp b/src/wbase/WTransaction.cpp index aba27a7..615cae1 100644 --- a/src/wbase/WTransaction.cpp +++ b/src/wbase/WTransaction.cpp @@ -24,7 +24,6 @@ WTransaction::WTransaction(QString ifc) { m_stage=Uninitialized; - m_qsource=None; m_httpid=-1; m_iface=ifc; } @@ -32,7 +31,6 @@ WTransaction::WTransaction(const WTransaction&t) :QObject() { m_stage=t.m_stage; - m_qsource=t.m_qsource; m_errstr=t.m_errstr; m_errtype=t.m_errtype; m_iface=t.m_iface; @@ -58,7 +56,6 @@ QByteArray WTransaction::executeQuery(QString hreq,QByteArray data) //show the user we are waiting WaitCursor wc; //set up request - m_qsource=Web; QString log; QEventLoop loop(this); connect(this,SIGNAL(webFinished()),&loop,SLOT(quit())); @@ -67,6 +64,7 @@ QByteArray WTransaction::executeQuery(QString hreq,QByteArray data) qDebug("Error: transaction cannot find interface."); m_stage=Error; m_errtype="_iface"; + m_errstr="interface not found"; return QByteArray(); } QUrl url=iface->url(); diff --git a/src/wbase/WTransaction.h b/src/wbase/WTransaction.h index 162c989..4effa4c 100644 --- a/src/wbase/WTransaction.h +++ b/src/wbase/WTransaction.h @@ -24,14 +24,14 @@ class WTransaction:public QObject Q_OBJECT public: enum Stage {Uninitialized,Success,Error}; - enum QuerySource{None,Buffer,Web}; Stage stage()const{return m_stage;} - QuerySource querySource()const{return m_qsource;} bool hasError()const{return m_stage==Error;} QString errorType()const{return m_errtype;} QString errorString()const{return m_errstr;} + + QString interface()const{return m_iface;} protected: WTransaction(QString iface=QString()); WTransaction(const WTransaction&); @@ -42,9 +42,8 @@ class WTransaction:public QObject void webReady(int,bool); signals: void webFinished(); - private: + protected: Stage m_stage; - QuerySource m_qsource; QString m_errtype,m_errstr,m_iface; int m_httpid; }; diff --git a/wob/event.wolf b/wob/event.wolf index 2ebf21c..441d503 100644 --- a/wob/event.wolf +++ b/wob/event.wolf @@ -60,7 +60,7 @@ - +
@@ -96,7 +96,7 @@ - + @@ -104,7 +104,7 @@ - + @@ -119,7 +119,7 @@ - + \ No newline at end of file diff --git a/wob/magicsmoke.wolf b/wob/magicsmoke.wolf index 4d359cf..b6a13e6 100644 --- a/wob/magicsmoke.wolf +++ b/wob/magicsmoke.wolf @@ -15,7 +15,11 @@ - + diff --git a/wob/order.wolf b/wob/order.wolf index 50fd0d4..6921415 100644 --- a/wob/order.wolf +++ b/wob/order.wolf @@ -112,9 +112,6 @@ - ticketid eventid price status - ticketid eventid price status orderid - @@ -129,7 +126,7 @@ - + @@ -144,9 +141,6 @@ - - voucherid value price status - voucherid value price status @@ -154,7 +148,7 @@ - + @@ -176,9 +170,6 @@ - - orderid customerid seller amountpaid state amountdue - orderid customerid seller amountpaid state amountdue tickets/inOrder vouchers/inOrder @@ -186,7 +177,7 @@ - + @@ -203,13 +194,12 @@ - id cost canuseweb canallusers description - + \ No newline at end of file diff --git a/wob/user.wolf b/wob/user.wolf index 8b7a753..799302b 100644 --- a/wob/user.wolf +++ b/wob/user.wolf @@ -41,7 +41,7 @@
- +
@@ -65,11 +65,11 @@ - + - - + + @@ -80,18 +80,33 @@ + + + + + + + + + + + + + + + diff --git a/woc/phpout.cpp b/woc/phpout.cpp index 2eb1d90..39d86ae 100644 --- a/woc/phpout.cpp +++ b/woc/phpout.cpp @@ -36,6 +36,7 @@ WocPHPServerOut::WocPHPServerOut(const QDomElement&el) m_isauth=el2.attribute("isAuthenticated","false"); m_hasrole=el2.attribute("hasRole","false"); m_username=el2.attribute("userName","\"\""); + m_authinit=el2.attribute("init",""); }else{ m_isauth="false"; m_hasrole="false"; @@ -545,22 +546,18 @@ QString WocPHPServerOut::classPropertyScalarSetters(const WocClass&cls,QString p QString WocPHPServerOut::classSerializers(const WocClass&cls) { QString code; - QStringList k=cls.serializers(); - for(int i=0;isaveXml();\n}\n"; - //toXml function: - code+="public function toXml"+k[i]+"($xml,$elementname=\""+cls.name()+"\"){\n"; - code+="\t$root=$xml->createElement($elementname);\n"; - code+="\t$root->setAttribute(\"serialization-mode\",\""+k[i]+"\");\n"; - //add properties - QStringList p=cls.serializerProperties(k[i]); - for(int j=0;j1)var=sl[1].trimmed(); + QString prop=sl.trimmed(); //is it a list? if(cls.propertyIsList(prop)){ //is it a class? if(cls.propertyIsObject(prop)){ QString code="\tforeach($this->get_"+prop+"() as $o)\n\t\t"; - code+="$root->appendChild($o->toXml"+var+"($xml,\""+prop+"\"));\n"; + code+="$root->appendChild($o->toXml($xml,\""+prop+"\"));\n"; return code; }else{ //there is no way to create lists of attributes, hence we always create elements @@ -652,7 +645,7 @@ QString WocPHPServerOut::propertyToXml(const WocClass&cls,QString pt) return "\t$root->appendChild($xml->createElement(\""+prop+"\",xq($this->getstr_"+prop+"())));\n"; //is it a class? if(cls.propertyIsObject(prop)) - return "\t$root->appendChild($this->get_"+prop+"()->toXml"+var+"($xml,\""+prop+"\"));\n"; + return "\t$root->appendChild($this->get_"+prop+"()->toXml($xml,\""+prop+"\"));\n"; //anything else? qDebug("Warning: end of WocPHPServerOut::propertyToXml - this code should not be reachable."); return "//internal generator error!\n"; @@ -683,15 +676,28 @@ void WocPHPServerOut::newTransaction(const WocTransaction&trn) //request handler: code="public function handleRequest(){\n"; + //parse low level XML + code+="\tglobal $HTTP_RAW_POST_DATA;\n\tif(isset($HTTP_RAW_POST_DATA))$txt=$HTTP_RAW_POST_DATA;else $txt=\"\";\n"; + code+="\t$xml=new DOMDocument;\n\tif(!$xml->loadXML($txt))xmlParserError();\n"; + code+="\t$root=$xml->documentElement;\n"; + //security handling switch(trn.authMode()){ case WocTransaction::Checked: - code+="\tif(!"+m_isauth+"||!"+QString(m_hasrole).replace("%",trn.name())+")notAuthenticated();\n"; + code+="\t/*security check: authenticated and authorized*/\n"; + code+="\t$sid=$root->getAttribute(\"sessionid\");\n"; + code+="\t"+QString(m_authinit).replace("%","$sid")+";\n"; + code+="\tif(!"+m_isauth+"||!"+QString(m_hasrole).replace("%","\""+trn.name()+"\"")+")notAuthenticated();\n"; break; case WocTransaction::Auth: + code+="\t/*security check: authenticated*/\n"; + code+="\t$sid=$root->getAttribute(\"sessionid\");\n"; + code+="\t"+QString(m_authinit).replace("%","$sid")+";\n"; code+="\tif(!"+m_isauth+")notAuthenticated();\n"; break; - default: break;//none + default: + code+="\t/*no security check, open function*/\n"; + break;//none } //parse inputs @@ -699,9 +705,12 @@ void WocPHPServerOut::newTransaction(const WocTransaction&trn) //call if(trn.hasCall("php")){ + code+="\t/*call actual functionality:*/\n"; code+="\ttry{"+trn.callFunction("php")+"}catch(Exception $e){handleException($e);}\n"; - }else + }else{ + code+="\t/*normally here would be the PHP call, but it is missing from the config*/\n"; qDebug("Warning: transaction %s does not have a PHP call!",trn.name().toAscii().data()); + } //encode outputs/handle errors code+=trnOutput(trn); @@ -764,9 +773,8 @@ QString WocPHPServerOut::trnConstruct(const WocTransaction&trn) QString WocPHPServerOut::trnInput(const WocTransaction&trn) { - QString code="\tglobal $HTTP_RAW_POST_DATA;\n\tif(isset($HTTP_RAW_POST_DATA))$txt=$HTTP_RAW_POST_DATA;else $txt=\"\";\n"; - code+="\t$xml=new DOMDocument;\n\tif(!$xml->loadXML($txt))xmlParserError();\n"; - code+="\t$root=$xml->documentElement;\n\ttry{\n"; + QString code="\t/*start of input parsing*/\n"; + code+="\ttry{\n"; QStringList sl=trn.inputNames(); for(int i=0;i > enumValues(QString t)const{return m_enumvals[t];} - /**returns the names of all serializer methods of this class*/ - QStringList serializers()const{return m_serial.keys();} - /**returns true if the given serializer is defined*/ - bool hasSerializer(QString s)const{return m_serial.contains(s);} - /**returns which properties are encoded by this serializer*/ - QStringList serializerProperties(QString s)const{return m_serial[s];} - /**returns true if the given mapping exists*/ bool hasMapping(QString m)const{return m_maps.contains(m);} /**returns the names of all tables for which a mapping exists*/ @@ -120,7 +113,7 @@ class WocClass //enum types: "type-name" => List of ("constant-name",int-constant-value) QMap > >m_enumvals; //serializers: "name" => List of properties (syntax Objects: "propertyname/Serializer" - QMap m_serial; +// QMap m_serial; //helper: contains predefined types sorted by serialization type static const QStringList attrtypes,elemtypes; diff --git a/woc/qtout.cpp b/woc/qtout.cpp index d697e7e..cbf1290 100644 --- a/woc/qtout.cpp +++ b/woc/qtout.cpp @@ -264,7 +264,7 @@ void WocQtClientOut::classDeserializer(const WocClass&cls,QFile&hdr,QFile&src,QS scd+="\tmp_"+k[i]+"=o.mp_"+k[i]+";\n"; scd+="\treturn *this;\n}\n"; - //implement deserializer + //implement deserializer (as constructor) hcd+="\t"+cn+"(const QDomElement&);\n"; scd+=cn+"::"+cn+"(const QDomElement&root)\n\t:WObject()\n{\n"; scd+="\tQDomNodeList nl;\n"; @@ -357,87 +357,83 @@ void WocQtClientOut::classDeserializer(const WocClass&cls,QFile&hdr,QFile&src,QS void WocQtClientOut::classSerializers(const WocClass&cls,QFile&hdr,QFile&src,QString cn) { - QStringList k=cls.serializers(); - if(k.size()==0)return; QString hcd=" public:\n"; QString scd; - for(int i=0;i1)var=pv[1]; + //is it a list + if(cls.propertyIsList(prop)){ + scd+="\tfor(int i=0;i1)var=pv[1]; - //is it a list - if(cls.propertyIsList(prop)){ - scd+="\tfor(int i=0;i\n"; @@ -490,8 +487,6 @@ void WocQtClientOut::newTransaction(const WocTransaction&trn) //interface code QString sif=" "+cn+" query"+trn.name()+"("+inlist+")\n\t"; sif+="{return "+cn+"::query("+clist+(clist!=""?",":"")+"name());}\n"; - sif+=" "+cn+" queryWeb"+trn.name()+"("+inlist+")\n\t"; - sif+="{return "+cn+"::queryWeb("+clist+(clist!=""?",":"")+"name());}\n\n"; m_iface.write(sif.toAscii()); //create constructor @@ -515,10 +510,19 @@ void WocQtClientOut::newTransaction(const WocTransaction&trn) //query method hcd+="\tvoid netquery();\n"; scd+="void "+cn+"::netquery()\n{\n"; - //TODO: encode input - for(int i=0;isessionId());\n"; + //encode input + scd+=trnInput(trn); + scd+="\tdoc.appendChild(root);\n"; + //query + scd+="\tQByteArray rba=executeQuery(\""+trn.name()+"\",doc.toByteArray());\n"; + //decode output + scd+=trnOutput(trn); scd+="}\n"; hdr.write(hcd.toAscii()); src.write(scd.toAscii()); @@ -534,10 +538,8 @@ void WocQtClientOut::newTransaction(const WocTransaction&trn) } //create queries scd=""; - //TODO: query should optimize between local & web - hcd+="\tstatic "+cn+" query("+inlist+defparm+"){return queryWeb("+clist+");}\n"; - hcd+="\tstatic "+cn+" queryWeb("+inlist+defparm+");\n"; - scd+=cn+" "+cn+"::queryWeb("+inlist+")\n{\n"; + hcd+="\tstatic "+cn+" query("+inlist+defparm+");\n"; + scd+=cn+" "+cn+"::query("+inlist+")\n{\n"; scd+="\t"+cn; if(clist!="")scd+=" r("+clist+");\n";else scd+=" r;"; scd+="\tr.netquery();\n\treturn r;\n}\n"; @@ -550,6 +552,113 @@ void WocQtClientOut::newTransaction(const WocTransaction&trn) src.write(QByteArray(SRCEND).replace("%",cn.toAscii())); } +QString WocQtClientOut::trnInput(const WocTransaction&trn) +{ + QString code="\t/*start of input encoding*/\n"; + QStringList sl=trn.inputNames(); + for(int i=0;isetAdminPassCode("Admin","SmokeInMyEye"); //////////// //Dedicated Client Configuration -//Authentication algorithm -// possible: md5, sha1, sha256, hmac-md5, hmac-sha1, hmac-sha256 -$ClientAuthAlgo="hmac-sha1"; -//hash algorithm library -- the PHP extension/module used for calculation -// possible: string (md5, sha1 only), hash, mhash -$HashLib="hash"; - -//Initial timeout from start of session request to session authentication -// usually 300s (5min) is a good value -$ClientAuthTimeout=300; //Authenticated session timeout - how long an authenticated session lasts // this should usually be a few hours (3600s per hour) $ClientSessionTimeout=2*3600; diff --git a/www/inc/loader_nonadmin.php b/www/inc/loader_nonadmin.php index 67a3aa8..7ee0944 100644 --- a/www/inc/loader_nonadmin.php +++ b/www/inc/loader_nonadmin.php @@ -4,6 +4,5 @@ if(!$db->canUseDb()) die("Database is not correctly configured. Giving up."); //load class-files include('./inc/classes/autoload.php'); -include("./inc/machine/autoload.php"); ?> \ No newline at end of file diff --git a/www/inc/machine/autoload.php b/www/inc/machine/autoload.php index f4602a6..8fb7f1f 100644 --- a/www/inc/machine/autoload.php +++ b/www/inc/machine/autoload.php @@ -15,7 +15,5 @@ $AUTOCLASS["Session"]="./inc/machine/session.php"; $AUTOCLASS["Host"]="./inc/machine/host.php"; $AUTOCLASS["Template"]="./inc/machine/template.php"; -//load hash lib -include("./inc/machine/cauth_".$HashLib.".php"); - +include("./inc/machine/version.php"); ?> \ No newline at end of file diff --git a/www/inc/machine/cauth_hash.php b/www/inc/machine/cauth_hash.php deleted file mode 100644 index c3d6ef2..0000000 --- a/www/inc/machine/cauth_hash.php +++ /dev/null @@ -1,35 +0,0 @@ -, (C) 2007 -// -// Copyright: See README/COPYING files that come with this distribution -// -// - -/**helper for Session::authenticate, using hash module*/ -function calcAuth($cha,$tok) -{ - global $ClientAuthAlgo; - switch($ClientAuthAlgo){ - case "md5": - case "sha1": - case "sha256":return hash($ClientAuthAlgo,$cha.$tok); - case "hmac-md5":return hash_hmac("md5",$cha,$tok); - case "hmac-sha1":return hash_hmac("sha1",$cha,$tok); - case "hmac-sha256":return hash_hmac("sha256",$cha,$tok); - default:trigger_error("Internal error: unknown hash algorithm",E_USER_ERROR); - } -} - -/**helper for Customer::authenticate and Customer::setPassword*/ -function calcPasswd($pass,$salt) -{ - return $salt.":".hash("sha1",$salt.$pass); -} - -?> \ No newline at end of file diff --git a/www/inc/machine/cauth_mhash.php b/www/inc/machine/cauth_mhash.php deleted file mode 100644 index 9813969..0000000 --- a/www/inc/machine/cauth_mhash.php +++ /dev/null @@ -1,35 +0,0 @@ -, (C) 2007 -// -// Copyright: See README/COPYING files that come with this distribution -// -// - -/**helper for Session::authenticate, using mhash module*/ -function calcAuth($cha,$tok) -{ - global $ClientAuthAlgo; - switch($ClientAuthAlgo){ - case "md5":return bin2hex(mhash(MHASH_MD5,$cha.$tok)); - case "sha1":return bin2hex(mhash(MHASH_SHA1,$cha.$tok)); - case "sha256":return bin2hex(mhash(MHASH_SHA256,$cha.$tok)); - case "hmac-md5":return bin2hex(mhash(MHASH_MD5,$cha,$tok)); - case "hmac-sha1":return bin2hex(mhash(MHASH_SHA1,$cha,$tok)); - case "hmac-sha256":return bin2hex(mhash(MHASH_SHA256,$cha,$tok)); - default:trigger_error("Internal error: unknown hash algorithm",E_USER_ERROR); - } -} - -/**helper for Customer::authenticate and Customer::setPassword*/ -function calcPasswd($pass,$salt) -{ - return $salt.":".bin2hex(mhash(MHASH_SHA1,$salt.$pass)); -} - -?> \ No newline at end of file diff --git a/www/inc/machine/cauth_string.php b/www/inc/machine/cauth_string.php deleted file mode 100644 index 546a8f9..0000000 --- a/www/inc/machine/cauth_string.php +++ /dev/null @@ -1,31 +0,0 @@ -, (C) 2007 -// -// Copyright: See README/COPYING files that come with this distribution -// -// - -/**helper for Session::authenticate, using string module*/ -function calcAuth($key,$tok) -{ - global $ClientAuthAlgo; - switch($ClientAuthAlgo){ - case "md5":return strtolower(md5($key.$tok)); - case "sha1":return strtolower(sha1($key.$tok)); - default:trigger_error("Internal error: unknown hash algorithm",E_USER_ERROR); - } -} - -/**helper for Customer::authenticate and Customer::setPassword*/ -function calcPasswd($pass,$salt) -{ - return $salt.":".strtolower(sha1($salt.$pass)); -} - -?> \ No newline at end of file diff --git a/www/inc/machine/session.php b/www/inc/machine/session.php index 80c1139..37bb596 100644 --- a/www/inc/machine/session.php +++ b/www/inc/machine/session.php @@ -16,57 +16,124 @@ global $db; $db->deleteRows("session","timeout<=".time()); -/**initiate new session - $rand should contain some food for the random number generator (from the host request)*/ -function newSession($rand) -{ - global $db,$ClientAuthTimeout; - //get random bits - randseed($rand); - $sid=getRandom(128); - $ucha=getRandom(128); - $hcha=getRandom(128); - //try to create entry - $db->beginTransaction(); - while(1){ - //check for existence - $res=$db->select("session","sessionid","sessionid='".$sid."'"); - if(count($res)==0)break; - //create new SID and repeat - $sid=getRandom(128); - } - $ret=array("sessionid"=>$sid,"uchallenge"=>$ucha,"hchallenge"=>$hcha,"user"=>"","timeout"=>time()+$ClientAuthTimeout); - $db->insert("session",$ret); - $db->commitTransaction(); - return $ret; -} - -/**delete current session*/ -function deleteSession() -{ - global $_SERVER,$db; - if(isset($_SERVER["HTTP_X_MAGICSMOKE_SESSION"])) - $db->deleteRows("session","sessionid=".$db->escapeString($_SERVER["HTTP_X_MAGICSMOKE_SESSION"])); -} - /**The session class*/ class Session { private $sessid=""; private $user=""; + private $roles; + private $rights; /**construct the session object, check validity*/ - public function __construct() + public function __construct($sid) + { + global $db,$session; + $this->roles=array(); + $this->rights=array(); + $res=$db->select("session","sessionid,user","sessionid=".$db->escapeString($sid)); + if(count($res)>0){ + $this->sessid=$sid; + $this->user=$res[0]["user"]; + $this->initRights(); + } + $session=$this; + } + + /**internal: retrieve and remember the rights of this user*/ + public function initRights() { - global $_SERVER,$db; - if(isset($_SERVER["HTTP_X_MAGICSMOKE_SESSION"])){ - $res=$db->select("session","sessionid,user","sessionid=".$db->escapeString($_SERVER["HTTP_X_MAGICSMOKE_SESSION"])); - if(count($res)>0){ - $this->sessid=$_SERVER["HTTP_X_MAGICSMOKE_SESSION"]; - $this->user=$res[0]["user"]; - } + global $db; + $res=$db->select("userrole","role","uname=".$db->escapeString($this->user)); + for($i=0;$iroles[]=$res[$i][0]; + $res2=$db->select("roleright","rightname","rolename=".$db->escapeString($res[$i][0])); + for($j=0;$jrights[]=$res2[$j][0]; + } + } + + /**returns all rights of this user*/ + public function getRights(){return $this->rights;} + + /**returns all roles of this user*/ + public function getRoles(){return $this->roles;} + + /**creates a new session*/ + static public function login($trans) + { + global $db,$ClientSessionTimeout; + //get host data + $uhres=$db->select("userhosts","host","uname=".$db->escapeString($trans->getusername())); + $hres=$db->select("host","*","hostname=".$db->escapeString($trans->gethostname)); + $hosts=array(); + foreach($uhres as $hst) + $hosts[]=$hst["host"]; + //logic check 1: abort if host is unknown + if(count($hres)==0){ + $trans->abortWithError("auth",translate("php::","Unknown Host")); + } + //logic check: login is allowed if + // a) $hosts contains _any and the host is known, or + // b) $hosts contains the transmitted host name + $hostname=$trans->gethostname(); + if( !in_array($hostname,$hosts) && !in_array("_any",$hosts)){ + $trans->abortWithError("auth",translate("php::","Host/User combination not allowed"); + } + + //validate host + $splt=explode(" ",$hres[0]["hostkey"]); + if(count($splt)!=2){ + $trans->abortWithError("auth",translate("php::","Host authentication failed")); + } + $cmp=strtolower(sha1($splt[0].$trans->gethostkey())); + if($cmp != strtolower($splt[1])){ + $trans->abortWithError("auth",translate("php::","Host authentication failed")); + } + + //get user data + $ures=$db->select("users","*","uname=".$db->escapeString($trans->getusername())); + if(count($ures)<1){ + $trans->abortWithError("auth",translate("php::","User Authentication failed")); + } + //validate user + $splt=explode(" ",$ures[0]["passwd"]); + if(count($splt)!=2){ + $trans->abortWithError("auth",translate("php::","User Authentication failed")); + } + $cmp=strtolower(sha1($splt[0].$trans->getpassword())); + if($cmp!=strtolower($splt[1])){ + $trans->abortWithError("auth",translate("php::","User Authentication failed")); + } + + //create session and return + //get random bits + randseed($rand); + $sid=getRandom(128); + //try to create entry + $db->beginTransaction(); + while(1){ + //check for existence + $res=$db->select("session","sessionid","sessionid='".$sid."'"); + if(count($res)==0)break; + //create new SID and repeat + $sid=getRandom(128); } + $valid=time()+$ClientSessionTimeout; + $ret=array("sessionid"=>$sid,"user"=>$trans->getusername(),"timeout"=>$valid); + $db->insert("session",$ret); + $db->commitTransaction(); + + $trans->setsessionid($sid); + $trans->setvalidtill($valid); } + /**delete current session*/ + function deleteSession() + { + global $db; + $db->deleteRows("session","sessionid=".$db->escapeString($this->sessid)); + } + /**returns true if the session exists, it may still be temporary and unauthenticated*/ public function isValid() { @@ -94,115 +161,6 @@ class Session exit(); } - /**runs authentication against the user request*/ - public function authenticate() - { - global $db,$REQUESTDATA; - //already authenticated? - if($this->isAuthenticated()){ - header("X-MagicSmoke-Status: Error"); - die("Protocol violation: already authenticated."); - } - //get DB record:session - $sres=$db->select("session","*","sessionid=".$db->escapeString($this->sessid)); - if(count($sres)<1){ - header("X-MagicSmoke-Status: Unauthenticated"); - deleteSession(); - die("No such session"); - } - //parse request - $auth=new DOMDocument; - if(!$auth->loadXML($REQUESTDATA)){ - header("X-MagicSmoke-Status: SyntaxError"); - deleteSession(); - die(tr("unable to parse XML data")); - } - $hostname="";$hostauth="";$username="";$userauth=""; - foreach($auth->getElementsByTagName("HostName") as $el) - foreach($el->childNodes as $cn) - if($cn->nodeType==XML_TEXT_NODE) - $hostname=$cn->wholeText; - foreach($auth->getElementsByTagName("HostAuth") as $el) - foreach($el->childNodes as $cn) - if($cn->nodeType==XML_TEXT_NODE) - $hostauth=$cn->wholeText; - foreach($auth->getElementsByTagName("UserName") as $el) - foreach($el->childNodes as $cn) - if($cn->nodeType==XML_TEXT_NODE) - $username=$cn->wholeText; - foreach($auth->getElementsByTagName("UserAuth") as $el) - foreach($el->childNodes as $cn) - if($cn->nodeType==XML_TEXT_NODE) - $userauth=$cn->wholeText; - if($hostname=="" || $hostauth=="" || $username=="" || $userauth==""){ - header("X-MagicSmoke-Status: SyntaxError"); - deleteSession(); - die(tr("missing some authentication data")); - } - //get user data - $ures=$db->select("users","*","uname=".$db->escapeString($username)); - if(count($ures)<1){ - header("X-MagicSmoke-Status: Unauthenticated"); - deleteSession(); - $this->xdie("No such user"); - } - //get allowed hosts - $uhres=$db->select("userhosts","host","uname=".$db->escapeString($username)); - $hres=$db->select("host","*","hostname=".$db->escapeString($hostname)); - $hosts=array(); - foreach($uhres as $hst) - $hosts[]=$hst["host"]; - //check that host is allowed - $needhostauth=true; - if(in_array("_anon",$hosts)){ - //anonymous hosts allowed, ignore host auth - $needhostauth=false; - }else - if(in_array("_any",$hosts)){ - //any host allowed, check it exists - if(count($hres)<1){ - header("X-MagicSmoke-Status: Unauthenticated"); - deleteSession(); - $this->xdie("unknown host"); - } - }else{ - //check whether allowed - if(!in_array($hostname,$hosts)){ - //host name not in allowed list - header("X-MagicSmoke-Status: Unauthenticated"); - deleteSession(); - $this->xdie("host not allowed"); - } - //check whether exists - if(count($hres)<1){ - header("X-MagicSmoke-Status: Unauthenticated"); - deleteSession(); - $this->xdie("No such host"); - } - } - //compare - $ua=calcAuth($sres[0]["uchallenge"],$ures[0]["passwd"]); - if($ua!=$userauth){ - header("X-MagicSmoke-Status: Unauthenticated"); - deleteSession(); - $this->xdie("user challenge failed"); - } - if($needhostauth){ - $ha=calcAuth($sres[0]["hchallenge"],$hres[0]["hostkey"]); - if($ha!=$hostauth){ - header("X-MagicSmoke-Status: Unauthenticated"); - deleteSession(); - $this->xdie("host challenge failed"); - } - } - //success - header("X-MagicSmoke-Status: Ok"); - global $ClientSessionTimeout; - $tout=(time()+$ClientSessionTimeout)."\n".time(); - $db->update("session",array("user"=>$username,"timeout"=>$tout),"sessionid=".$db->escapeString($this->sessid)); - echo $tout; - } - /**set my own password*/ public function setMyPasswd($txt) { @@ -251,11 +209,8 @@ class Session public function canExecute($transaction) { global $db; - $res=$db->select("userrole","role","uname=".$db->escapeString($this->user)); - foreach($res as $rl) - if($rl["role"]==$transaction || $rl["role"]=="_admin") - return true; - return false; + if(in_array("_admin",$this->roles))return true; + return in_array($transaction,$this->rights); } /**called for GetMyRoles transaction*/ diff --git a/www/inc/machine/version.inc b/www/inc/machine/version.inc index 3963284..6a53038 100644 --- a/www/inc/machine/version.inc +++ b/www/inc/machine/version.inc @@ -11,17 +11,17 @@ // PHP: scans each line splitting at () and , //minimum version that the server understands (4 hex digits) -defversion(MINSERVER,0000) +defversion(MINSERVER,0101) //current version of the server -defversion(CURSERVER,0005) +defversion(CURSERVER,0101) //current human readable version of the server -defversion(HRSERVER,1.1 beta) +defversion(HRSERVER,1.91 alpha) //minimum version that the client requires -defversion(MINCLIENT,0000) +defversion(MINCLIENT,0101) //current version of the client -defversion(CURCLIENT,0005) +defversion(CURCLIENT,0101) //current human readable version of the client -defversion(HRCLIENT,1.1 beta) +defversion(HRCLIENT,1.91 alpha) diff --git a/www/inc/machine/version.php b/www/inc/machine/version.php index 924c9f7..cadb3bd 100644 --- a/www/inc/machine/version.php +++ b/www/inc/machine/version.php @@ -29,4 +29,12 @@ $MSVERSION=array(); //load version include defversion(); +function serverInfoXml($trans) +{ + global $MSVERSION; + $trans->setServerVersion($MSVERSION["HRSERVER"]); + $trans->setMinimumProtocolVersion($MSVERSION["MINSERVER"]); + $trans->setServerProtocolVersion($MSVERSION["CURSERVER"]); +} + ?> \ No newline at end of file diff --git a/www/inc/wbase/transaction.php b/www/inc/wbase/transaction.php index 66edbb2..f5b902c 100644 --- a/www/inc/wbase/transaction.php +++ b/www/inc/wbase/transaction.php @@ -67,6 +67,13 @@ class WobTransactionBase { exit(); } + /**called to abort a transactions flow*/ + public function abortWithError($type,$text){ + header("X-WobResponse-Status: Error"); + print("".xq($text)."\n"); + exit(); + } + /**returns the status of the transaction as string*/ public function statusString() { diff --git a/www/machine.php b/www/machine.php index cbe7977..bb057a7 100644 --- a/www/machine.php +++ b/www/machine.php @@ -1,493 +1,13 @@ ErrorThis is the machine interface of Magic Smoke. Other clients and browsers are not allowed."); - exit(); -} //fix content-type to something that is not manipulated by proxies header("Content-Type: application/x-MagicSmoke"); -include_once("inc/tr.php"); -include_once("inc/machine/version.php"); - -//check whether the request is known -/* TRANSLATOR TransactionNames:: */ -/**all valid requests must be listed here (in lower case and wrapped in tr())*/ -$ALLOWEDREQUESTS=array( - //info request: - tr("serverinfo"), - //session requests: - tr("startsession"),tr("sessionauth"),tr("closesession"), - ////////// - //all requests below here need authentication - //role management: get my own ACLs - tr("getmyroles"), - ///////// - //all requests below here need a role entry in the DB - //user management - tr("getusers"),tr("setuserdescription"),tr("getuseracl"),tr("setuseracl"),tr("getuserhosts"), - tr("setuserhosts"),tr("adduser"),tr("deleteuser"),tr("setmypasswd"),tr("setpasswd"), - //host management - tr("gethosts"),tr("sethost"),tr("addhost"),tr("deletehost"), - //event infos - tr("geteventlist"),tr("geteventdata"),tr("seteventdata"),tr("eventsummary"),tr("cancelevent"), - //room infos - tr("getroomdata"),tr("setroomdata"), - //customer info - tr("getcustomerlist"),tr("getcustomer"),tr("setcustomer"),tr("deletecustomer"), - //sell/order stuff - tr("checkorder"),tr("createorder"),tr("createsale"),tr("createreservedorder"),tr("getorderlist"), - tr("getorder"),tr("orderpay"),tr("orderrefund"),tr("ordershipped"),tr("cancelorder"), - tr("orderbyticket"),tr("getordersbyevents"),tr("setordercomment"),tr("orderchangeshipping"), - tr("reservationtoorder"),tr("reservationtosale"), - //shipping info - tr("getshipping"),tr("setshipping"),tr("deleteshipping"), - //ticket management - tr("getticket"),tr("useticket"),tr("changeticketprice"),tr("ticketreturn"), - //voucher management - tr("getvoucherprices"),tr("cancelvoucher"),tr("emptyvoucher"),tr("usevoucher"),tr("usevoucheroutside"),tr("getvoucher"), - //templates - tr("gettemplatelist"),tr("gettemplate"),tr("settemplate"),tr("settemplatedescription"), - tr("deletetemplate"), - //backup - tr("backup"), - //money trail - tr("moneylog") -); -/**special roles begin with _ and are listed here (in lower case and wrapped in tr())*/ -$SPECIALROLES=array( - tr("_admin"),//system administrator - tr("_anyshipping"),//user can assign any kind of shipping - tr("_repriceshipping"),//user may alter shipping price - tr("_anyvoucher"),//user may generate vouchers of any value/price, not just configured ones - tr("_anypricevoucher"),//user may generate vouchers with price different from value - tr("_explicitshipdate")//user may set an explicit shipping date -); -/* TRANSLATOR php:: -*/ -/**contains the low-level request name from the client*/ -$SMOKEREQUEST=strtolower($_SERVER["HTTP_X_MAGICSMOKE_REQUEST"]); -if(!in_array($SMOKEREQUEST,$ALLOWEDREQUESTS)){ - header("X-MagicSmoke-Status: InvalidRequest"); - die(tr("Invalid Request, please use the MagicSmoke Client with this page.")); -} -/**contains the low-level request data from the client*/ -$REQUESTDATA=""; -if(isset($HTTP_RAW_POST_DATA)){ - $REQUESTDATA=$HTTP_RAW_POST_DATA; -} - -//initialize basics +//initialize include("inc/loader.php"); - -// server info can be answered without performing any more initialization -if($SMOKEREQUEST=="serverinfo"){ - header("X-MagicSmoke-Status: Ok"); - print("\n ".$MSVERSION["HRSERVER"]); - print("\n $ClientAuthAlgo\n"); - exit(); -} - -//initialize DB include("inc/loader_nonadmin.php"); +include("./inc/machine/autoload.php"); -//load machine interface -include("inc/machine/session.php"); -include("inc/machine/host.php"); -include("inc/machine/template.php"); - -// request to start a session -if($SMOKEREQUEST=="startsession"){ - //start session - $sess=newSession($REQUESTDATA); - header("X-MagicSmoke-Status: Ok"); - print("".$sess["sessionid"]."".$sess["hchallenge"]. - "".$sess["uchallenge"]."". - $sess["timeout"].""); - exit(); -} -//request to close a session -if($SMOKEREQUEST=="closesession"){ - //close session - deleteSession(); - //return - header("X-MagicSmoke-Status: Ok"); - exit(); -} - -//all others need a valid session, check it -//check session -/**session object*/ -$session=new Session; -if(!$session->isValid()){ - header("X-MagicSmoke-Status: Unauthenticated"); - die(tr("Invalid or missing sessionid, or session timed out.")); -} - -//request session authentication -if($SMOKEREQUEST=="sessionauth"){ - $session->authenticate(); - exit(); -} - -//remainder must be authenticated -if(!$session->isAuthenticated()){ - header("X-MagicSmoke-Status: Unauthenticated"); - die(tr("Session not yet authenticated.")); -} - -//get roles of myself -if($SMOKEREQUEST=="getmyroles"){ - $session->getMyRoles(); - exit(); -} - -//check that we actually are allowed to do this -if(!$session->canExecute($SMOKEREQUEST)){ - header("X-MagicSmoke-Status: NotAllowed"); - die(tr("You do not have the right to execute this transaction.")); -} - -//get a list of events -if($SMOKEREQUEST=="geteventlist"){ - getAllEventsXml(); - exit(); -} - -//get a specific event -if($SMOKEREQUEST=="geteventdata"){ - //convert request data into array - $evts=array(); - $lst=explode(" ",$REQUESTDATA); - foreach($lst as $k=>$v){ - $evts[]=$v+0; - } - //get data and build XML - getEventsXml(array_values(array_unique($evts))); - exit(); -} - -//set an event -if($SMOKEREQUEST=="seteventdata"){ - setEventXml($REQUESTDATA); - exit(); -} - -//get the summary info of the event -if($SMOKEREQUEST=="eventsummary"){ - getEventSummaryXml($REQUESTDATA+0); - exit(); -} - -//cancel an event -if($SMOKEREQUEST=="cancelevent"){ - cancelEventXml(trim($REQUESTDATA)); - exit(); -} - -//get room -if($SMOKEREQUEST=="getroomdata"){ - getRoomsXml($REQUESTDATA); - exit(); -} - -//set room -if($SMOKEREQUEST=="setroomdata"){ - setRoomsXml($REQUESTDATA); - exit(); -} - -//get all users -if($SMOKEREQUEST=="getusers"){ - getAllUsersXml(); - exit(); -} - -if($SMOKEREQUEST=="setuserdescription"){ - setUserDescrXml($REQUESTDATA); - exit(); -} - -//get ACL info of specific users -if($SMOKEREQUEST=="getuseracl"){ - getUserAclXml($REQUESTDATA); - exit(); -} -//set the ACL of a specific user -if($SMOKEREQUEST=="setuseracl"){ - setUserAclXml($REQUESTDATA); - exit(); -} -//get the allowed client hosts of a specific user -if($SMOKEREQUEST=="getuserhosts"){ - getUserHostsXml($REQUESTDATA); - exit(); -} -//set the allowed client hosts of a specific user -if($SMOKEREQUEST=="setuserhosts"){ - setUserHostsXml($REQUESTDATA); - exit(); -} -//create a new user -if($SMOKEREQUEST=="adduser"){ - addUserXml($REQUESTDATA); - exit(); -} -//delete an user -if($SMOKEREQUEST=="deleteuser"){ - deleteUserXml($REQUESTDATA); - exit(); -} -//set my own password -if($SMOKEREQUEST=="setmypasswd"){ - $session->setMyPasswd($REQUESTDATA); - exit(); -} -//reset another users password -if($SMOKEREQUEST=="setpasswd"){ - setPasswdXml($REQUESTDATA); - exit(); -} - -//return a list of all hosts with their keys -// there is currently no transaction to get names only, since this is -// implied in getuserhosts -if($SMOKEREQUEST=="gethosts"){ - getAllHostsXml(); - exit(); -} -//change the key of a host -if($SMOKEREQUEST=="sethost"){ - setHostXml($REQUESTDATA); -} -//create a new host entry -if($SMOKEREQUEST=="addhost"){ - addHostXml($REQUESTDATA); - exit(); -} -if($SMOKEREQUEST=="deletehost"){ - deleteHostXml($REQUESTDATA); - exit(); -} - - -//return list of templates -if($SMOKEREQUEST=="gettemplatelist"){ - getTemplateList(); - exit(); -} -//get specific template -if($SMOKEREQUEST=="gettemplate"){ - getTemplate(trim($REQUESTDATA)); - exit(); -} -//set a specific template -if($SMOKEREQUEST=="settemplate"){ - setTemplate($REQUESTDATA); - exit(); -} -//set a specific template description -if($SMOKEREQUEST=="settemplatedescription"){ - setTemplateDescription($REQUESTDATA); - exit(); -} -//delete a template -if($SMOKEREQUEST=="deletetemplate"){ - deleteTemplate(trim($REQUESTDATA)); - exit(); -} - - -//get the list of customers -if($SMOKEREQUEST=="getcustomerlist"){ - getCustomerListXml(); - exit(); -} - -//get a specific customer -if($SMOKEREQUEST=="getcustomer"){ - getCustomerXml(trim($REQUESTDATA)); - exit(); -} - -//set/create a specific customer -if($SMOKEREQUEST=="setcustomer"){ - setCustomerXml($REQUESTDATA); - exit(); -} - -//delete/merge a specific customer -if($SMOKEREQUEST=="deletecustomer"){ - deleteCustomerXml($REQUESTDATA); - exit(); -} - -//check that the order can be executed -if($SMOKEREQUEST=="checkorder"){ - createOrderXml($REQUESTDATA,"check"); - exit(); -} -//create order as normal order -if($SMOKEREQUEST=="createorder"){ - createOrderXml($REQUESTDATA,"order"); - exit(); -} -//create order as a sale (already paid and delivered) -if($SMOKEREQUEST=="createsale"){ - createOrderXml($REQUESTDATA,"sell"); - exit(); -} -//create order as a reservation (like normal order, but cannot be used/paid/sent) -if($SMOKEREQUEST=="createreservedorder"){ - createOrderXml($REQUESTDATA,"reserve"); - exit(); -} -//change reservation into order -if($SMOKEREQUEST=="reservationtoorder"){ - changeReservationXml(trim($REQUESTDATA),ORDER_PLACED); - exit(); -} -//change reservation into sale -if($SMOKEREQUEST=="reservationtosale"){ - changeReservationXml(trim($REQUESTDATA),ORDER_SOLD); - exit(); -} -//get list of all orders -if($SMOKEREQUEST=="getorderlist"){ - getOrderListXml(); - exit(); -} -//get a single order -if($SMOKEREQUEST=="getorder"){ - getOrderXml(trim($REQUESTDATA)+0); - exit(); -} -//pay for an order -if($SMOKEREQUEST=="orderpay"){ - orderPayXml($REQUESTDATA,1); - exit(); -} -//refund an order -if($SMOKEREQUEST=="orderrefund"){ - orderPayXml($REQUESTDATA,-1); - exit(); -} -//mark order shipped -if($SMOKEREQUEST=="ordershipped"){ - orderShippedXml(trim($REQUESTDATA)); - exit(); -} -//cancel order -if($SMOKEREQUEST=="cancelorder"){ - orderCancelXml(trim($REQUESTDATA)); - exit(); -} -//find an order -if($SMOKEREQUEST=="orderbyticket"){ - orderByTicketXml(trim($REQUESTDATA)); - exit(); -} -if($SMOKEREQUEST=="getordersbyevents"){ - orderByEventXml(trim($REQUESTDATA)); - exit(); -} -if($SMOKEREQUEST=="setordercomment"){ - setOrderCommentXml(trim($REQUESTDATA)); - exit(); -} -if($SMOKEREQUEST=="orderchangeshipping"){ - setOrderShippingXml(trim($REQUESTDATA)); - exit(); -} - -//get shipping info -if($SMOKEREQUEST=="getshipping"){ - getShippingXml(); - exit(); -} -//set/create shipping info -if($SMOKEREQUEST=="setshipping"){ - setShippingXml(trim($REQUESTDATA)); - exit(); -} -//delete shipping info -if($SMOKEREQUEST=="deleteshipping"){ - deleteShippingXml(trim($REQUESTDATA)); - exit(); -} - - -//get a ticket -if($SMOKEREQUEST=="getticket"){ - getTicketXml(trim($REQUESTDATA)); - exit(); -} -//mark a ticket as used -if($SMOKEREQUEST=="useticket"){ - useTicketXml(trim($REQUESTDATA)); - exit(); -} -//change the price of a ticket -if($SMOKEREQUEST=="changeticketprice"){ - changeTicketPriceXml(trim($REQUESTDATA)); - exit(); -} -//return a ticket: cancels it -if($SMOKEREQUEST=="ticketreturn"){ - ticketReturnXml(trim($REQUESTDATA)); - exit(); -} - -//get all valid prices for vouchers -if($SMOKEREQUEST=="getvoucherprices"){ - getVoucherPricesXml(); - exit(); -} -//return a voucher: cancels it -if($SMOKEREQUEST=="cancelvoucher"){ - cancelVoucherXml(trim($REQUESTDATA)); - exit(); -} -//return a voucher: emties it -if($SMOKEREQUEST=="emptyvoucher"){ - emptyVoucherXml(trim($REQUESTDATA)); - exit(); -} -//use a voucher to pay -if($SMOKEREQUEST=="usevoucher"){ - useVoucherXml(trim($REQUESTDATA)); - exit(); -} -//use a voucher to pay -if($SMOKEREQUEST=="usevoucheroutside"){ - useVoucher2Xml(trim($REQUESTDATA)); - exit(); -} -//get info about a voucher -if($SMOKEREQUEST=="getvoucher"){ - getVoucherXml(trim($REQUESTDATA)); - exit(); -} - - -//get info about a voucher -if($SMOKEREQUEST=="moneylog"){ - moneylogXml(trim($REQUESTDATA)); - exit(); -} - - -//retrieve backup -if($SMOKEREQUEST=="backup"){ - header("X-MagicSmoke-Status: Ok"); - $db->dumpBackup(); - exit(); -} +//let wob do the rest +WobTransaction::handle(); -//EOF -header("X-MagicSmoke-Status: Error"); -die(tr("Internal Error: unknown command, hiccup in code structure.")); ?> \ No newline at end of file -- 1.7.2.5