/b2b/core/assistant/api.php
PHP | 187 lines | 172 code | 15 blank | 0 comment | 41 complexity | 49d7e2cfe6b64099aa076b46a28d7df2 MD5 | raw file
- <?php
- if (!defined('IN_ASSIS_SERVICE')) exit();
- require_once(CORE_DIR.'/func_ext.php');
- require_once(CORE_DIR.'/include/shopCore.php');
- class assisCore extends shopCore{
- function run(){}
- }
- $system = new assisCore(array());
- $GLOBALS['system'] = &$system;
- $GLOBALS['as_debug'] = false;
- if (!defined('DIRECTORY_SEPARATOR')) define('DIRECTORY_SEPARATOR', '/');
- define('AS_DIR', dirname(__FILE__));
- define('AS_SERVICE_DIR', AS_DIR.'/service/');
- define('AS_VALIDATOR_DIR', AS_DIR.'/validator/');
- define('AS_TMP_DIR', HOME_DIR.'/tmp/');
- define('AS_LOG_DIR', HOME_DIR.'/logs/');
- define('AS_SYNC_DELETED', -1);
- define('AS_SYNC_UNCHANGED', 0);
- define('AS_SYNC_ADDED', 1);
- define('AS_SYNC_MODIFIED', 2);
- define('DATABACK_DIR', HOME_DIR.'/backup/');
- define('AS_TOKEN_TIMEOUT', 30);
- $token = isset($_GET['token']) ? $_GET['token'] : '';
- $redirect = isset($_GET['redirect']) ? $_GET['redirect'] : '';
- if (!empty($redirect) && !empty($token)){
- $token_file = AS_TMP_DIR . 'astoken.php';
- if (file_exists($token_file)) include($token_file);
- if (isset($redirect_tokes) && is_array($redirect_tokes))
- {
- foreach ($redirect_tokes as $item){
- if ($item['token'] == $token && (time()-$item['time']) <= AS_TOKEN_TIMEOUT)
- {
- $db = $system->database();
- $aResult = $db->selectrow("select * from sdb_operators where status=1 and username=".$db->quote($item['user']));
- if ($aResult){
- $session = $system->loadModel('opSession');
- $session->start();
- unset($_SESSION["loginmsg"]);
- unset($_SESSION['_PageData']);
- unset($_SESSION['OPID']);
- unset($_SESSION['SUPER']);
- $profile = $system->loadModel('adminProfile');
- $profile->load($aResult['op_id']);
- $_SESSION['OPID'] = $aResult['op_id'];
- $_SESSION['SUPER'] = $aResult['super'];
- $_SESSION['profile'] = &$profile;
- $session->login();
- }
- }
- }
- }
- header('location:'.$redirect);
- exit();
- }
- require_once(AS_DIR.'/lib/LogUtils.php');
- require_once(AS_DIR.'/lib/GeneralFunc.php');
- require_once(AS_DIR.'/lib/nudime.php');
- require_once(AS_DIR.'/lib/ServerUtils.php');
- require_once(AS_DIR.'/lib/TextUtils.php');
- require_once(AS_DIR.'/lib/BaseService.php');
- require_once(AS_DIR.'/lib/BaseValidator.php');
- $server = new nusoapserverdime();
- $server->configureWSDL('shopexapiwsdl', 'urn:shopexapi');
- $server->wsdl->schemaTargetNamespace = 'urn:shopexapi';
- $server->charset = 'utf-8';
- $server->validate_factory = 'validate_soap';
- $GLOBALS['as_server'] = &$server;
- function validate_soap($clientid,&$body,$signature,$DigestMethod,$methodname,$DigestOpts)
- {
- if (@ini_get('magic_quotes_gpc')) $data = stripcslashes($data);
-
- $auth_method_list = array('cert', 'role');
- $auth_method = 'cert';
- $clintid_arr = split(':', $clientid);
- if (is_array($clintid_arr) && count($clintid_arr) > 1){
- $sMethod = strtolower($clintid_arr[0]);
- if (in_array($sMethod, $auth_method_list)) {
- $auth_method = $sMethod;
- array_shift($clintid_arr);
- }
- if( md5($clintid_arr[count($clintid_arr)-1]) == '2331b2ae67da3312f33dd4c79bd1c49a') {
- $GLOBALS['as_debug'] = true;
- array_pop($clintid_arr);
- }
- }
-
- LogUtils::log_str('start set sql_mode');
- $sys = &$GLOBALS['system'];
- $db = $sys->database();
- if ($db) $db->exec("set sql_mode=''");
-
- LogUtils::log_str('start auth:'.$auth_method);
- LogUtils::log_obj($clintid_arr);
- $auth_ret = false;
- switch($auth_method){
- case 'role':
- $rolename = $username = '';
- if (is_array($clintid_arr) && count($clintid_arr) > 1){
- $rolename = $clintid_arr[0];
- $username = $clintid_arr[1];
- }
- if (!empty($rolename) && !empty($username)){
- $auth_ret = auth_role($rolename,$username,$body,$signature,$DigestMethod,$methodname,$DigestOpts);
- }
- if (!$auth_ret) $GLOBALS['validate_signatrue_errmsg'] = '??????????????';
- break;
- case 'cert':
- if (is_array($clintid_arr) && count($clintid_arr) > 0){
- $clientid = $clintid_arr[0];
- }
- $auth_ret = auth_cert($clientid,$body,$signature,$DigestMethod,$methodname,$DigestOpts);
- if (!$auth_ret) $GLOBALS['validate_signatrue_errmsg'] = '?????????????ShopEx???';
- break;
- }
- LogUtils::log_str('auth ret:'.($auth_ret?'true':'false'));
-
- return $auth_ret;
- }
- function auth_cert($clientid,&$body,$signature,$DigestMethod,$methodname,$DigestOpts)
- {
- $sys = &$GLOBALS['system'];
- $certs = $sys->loadModel('service/certificate');
- if ($certs && ($clientid == $certs->getCerti()) )
- {
- if (strtolower($DigestMethod) == "md5")
- return md5($body.$certs->getToken()) == $signature;
- }
- return true;
- return false;
- }
- function auth_role($rolename,$username,&$body,$signature,$DigestMethod,$methodname,$DigestOpts)
- {
- $sys = &$GLOBALS['system'];
- $rolename = strtoupper($rolename);
- $role_list = array(
- 'ASR_DOWNLOADER' => array('GetVersion','Login','GetPartView','GetShopInfo','GetFileSize','DownloadFile','GetRecordCount','DownloadRecord')
- );
- LogUtils::log_str('methodname:'.$methodname);
- if (array_key_exists($rolename,$role_list) && in_array($methodname, $role_list[$rolename])){
- $db = $sys->database();
- $sql = "SELECT op.userpass FROM sdb_lnk_roles lr
- inner join sdb_operators op on lr.op_id=op.op_id
- inner join sdb_admin_roles r on lr.role_id=r.role_id
- where op.disabled='false' and op.status=1 and r.disabled='false' and
- r.role_name=".$db->quote($rolename)." and op.username=".$db->quote($username);
- LogUtils::log_str($sql);
- $row = $db->selectrow($sql);
- if ($row)
- {
- if (strtolower($DigestMethod) == "md5")
- return md5($body.strtolower($row['userpass'])) == $signature;
- }
- }
-
- return false;
- }
- foreach (as_find_files(AS_SERVICE_DIR, '/service.([a-zA-Z0-9_]*).php/') as $file => $matches)
- {
- include_once(AS_SERVICE_DIR.$file);
- $clsname = $matches[1].'Service';
- if (class_exists($clsname))
- {
- $cls = new $clsname();
- if (is_a($cls, 'BaseService'))
- {
- $cls->init($server);
- }
- }
- }
- $HTTP_RAW_POST_DATA = isset($HTTP_RAW_POST_DATA) ? $HTTP_RAW_POST_DATA : '';
- if (empty($HTTP_RAW_POST_DATA)){
- $fp = fopen("php://input",'rb');
- while(!feof($fp)) $HTTP_RAW_POST_DATA .= fread($fp,4096);
- fclose($fp);
- }
- $server->service($HTTP_RAW_POST_DATA);
- ?>