<?php
/*
*********************************************************************************************************
* PHP Web Platform
*
* Authors: Giulio Calzolari <hide@address.com>
*********************************************************************************************************
*/
include "Define.inc";
class XMLRPC
{
private $cseq,$method,$sql;
public function __construct()
{
}
public function LoadReq ($xml){
return $this->CheckIntegrity($xml);
}
private function CheckIntegrity($xml)
{
if (!preg_match('/<XML-RPC-REQUEST>|<\/XML-RPC-REQUEST>/', $xml)){
return false; /// non รจ una request rpc
}
preg_match('/<PASSWD>(.*)<\/PASSWD>/', $xml ,$PASSWD);
if ($PASSWD[1] == md5(PASSWORD_SHARE)){
//echo "password giusta";
}else{
return false;
}
if (preg_match('/<CSEQ>(.*)<\/CSEQ>/', $xml ,$CSEQ)){
$this->cseq= $CSEQ[1];
}else{
return false; /// non eiste cseq
}
if ( preg_match('/<METHOD>(.*)<\/METHOD>/', $xml ,$METHOD)){
$this->method= $METHOD[1];
}else{
return false; /// non eiste il method
}
if ( preg_match('/<METHOD_ADMIN>(.*)<\/METHOD_ADMIN>/', $xml ,$METHOD_ADMIN)){
if ($METHOD_ADMIN[1] == md5(PASSWORD_ADMIN)){
$this->method_admin= true; /// richiesta di un amminstratore
}else{
$this->method_admin= false; /// method admin sbagliato
}
}else{
$this->method_admin= false; /// non eiste il method admin
}
if ( preg_match('/<SQL>(.*)<\/SQL>/', $xml ,$SQL)){
$this->sql= $SQL[1];
}else{
$this->sql= ""; /// non esite query
}
return true;
}
public function GetResponse() {
switch ($this->method) {
case 'select_user_act':
$sqlrun = $this->BuildSelect('utenti_attivi');
DBConnection::instance()->SetFetchMode('1');
$rs = &DBConnection::instance()->executeSQL($sqlrun);
return $this->BuildResponse($rs);
break;
case 'select_user_disable':
$sqlrun = $this->BuildSelect('utenti_disattivi');
DBConnection::instance()->SetFetchMode('1');
$rs = &DBConnection::instance()->executeSQL($sqlrun);
return $this->BuildResponse($rs);
break;
case 'shell':
return $this->StartConsole($this->sql);
break;
default:
$rs = "";
return $this->BuildResponse($rs);
}
exit;
}
private function BuildSelect($section){
switch ($section) {
case 'utenti_attivi':
if ($this->method_admin == true){
$sqlrun = $this->sql;
}else if ($this->sql == "*" ) {
$sqlrun = "SELECT * FROM utenti WHERE status = 'attivi' ";
}else if ($this->sql != "" ){
$sqlrun = "SELECT * FROM utenti WHERE status = 'attivi' AND codiceriutente = '".$this->sql."'";
}else{
return false;
}
return $sqlrun;
break;
case 'utenti_disattivi':
if ($this->method_admin == true){
$sqlrun = $this->sql;
}else if ($this->sql == "*" ) {
$sqlrun = "SELECT * FROM utenti WHERE status = 'disattivi' ";
}else if ($this->sql != "" ){
$sqlrun = "SELECT * FROM utenti WHERE status = 'disattivi' AND codiceriutente = '".$this->sql."'";
}else{
return false;
}
return $sqlrun;
break;
}
}
private function BuildResponse($rs){
$rsp = LT."XML-RPC-RESPONSE".GT ;
$rsp .= LT."PASSW".GT.md5(PASSWORD_SHARE).LT."/PASSW".GT ;
$rsp .= LT."CSEQ".GT.$this->cseq.LT."/CSEQ".GT ;
$rsp .= LT."METHOD".GT."field".LT."/METHOD".GT ;
$rsp .= LT."FIELD".GT ;
if(!empty($rs)){
while (!$rs->EOF) {
$rsp .= LT."RW".GT ;
for($i=0;$i<count($rs->fields);$i++) {
$rsp .= LT."RC".GT.$rs->fields[$i].LT."/RC".GT;
}
$rsp .= LT."/RW".GT."\n" ;
$rs->MoveNext();
}
}
$rsp .= LT."/FIELD".GT ;
$rsp .= LT."/XML-RPC-RESPONSE".GT ;
return $rsp;
}
private function StartConsole($cmd){
if ($this->method_admin == true){
exec ($cmd,$out);
return $this->BuilConsoleOut($out);
}else{
return false;
}
}
private function BuilConsoleOut($outcmd){
$rsp = LT."XML-RPC-RESPONSE".GT."\n" ;
$rsp .= LT."PASSW".GT.md5(PASSWORD_SHARE).LT."/PASSW".GT."\n" ;
$rsp .= LT."CSEQ".GT.$this->cseq.LT."/CSEQ".GT."\n" ;
$rsp .= LT."METHOD".GT."output".LT."/METHOD".GT."\n" ;
$rsp .= LT."OUT".GT."\n" ;
if(!empty($outcmd)){
foreach ($outcmd as $key => $val){
$rsp .= LT."RW".GT.$val.LT."/RW".GT."\n";
}
} else{
$rsp .= LT."RW".GT."NO-OUTPUT".LT."/RW".GT."\n";
}
$rsp .= LT."/OUT".GT."\n" ;
$rsp .= LT."/XML-RPC-RESPONSE".GT."\n" ;
return $rsp;
}
}
?>