Location: PHPKode > scripts > XML-RPC DB > inc/Xml-rpc.inc
<?php
 /*
 *********************************************************************************************************
 * PHP Web Platform
 *
 * Authors:	Giulio Calzolari <hide@address.com>
 *********************************************************************************************************
 */
 

include "Define.inc";
class  XMLRPC
{
    private $cseq,$method,$sql;

    
    public function __construct()
    {
    }
   
    public function LoadReq ($xml){
    
      return $this->CheckIntegrity($xml);
    }
    
   private  function CheckIntegrity($xml) 
   {                                  
      if (!preg_match('/<XML-RPC-REQUEST>|<\/XML-RPC-REQUEST>/', $xml)){
          return false;  ///  non รจ una request rpc
      }

      preg_match('/<PASSWD>(.*)<\/PASSWD>/', $xml ,$PASSWD);
          if ($PASSWD[1] == md5(PASSWORD_SHARE)){
              //echo "password giusta";
          }else{     
                return false;
          }
          
      if (preg_match('/<CSEQ>(.*)<\/CSEQ>/', $xml ,$CSEQ)){
         $this->cseq= $CSEQ[1];  
      }else{      
          return false;   /// non eiste cseq
      }
       
      if ( preg_match('/<METHOD>(.*)<\/METHOD>/', $xml ,$METHOD)){
         $this->method= $METHOD[1];  
      }else{     
          return false;   /// non eiste il method
      }
      
      if ( preg_match('/<METHOD_ADMIN>(.*)<\/METHOD_ADMIN>/', $xml ,$METHOD_ADMIN)){
          if ($METHOD_ADMIN[1] == md5(PASSWORD_ADMIN)){
               $this->method_admin= true;    /// richiesta di un amminstratore
          }else{      
                $this->method_admin= false;    /// method admin sbagliato
          }
          
      }else{
           $this->method_admin= false;   /// non eiste il method admin
      }
      
      
      if ( preg_match('/<SQL>(.*)<\/SQL>/', $xml ,$SQL)){
         $this->sql= $SQL[1];  
      }else{
          $this->sql= "";   /// non esite query 
      }
      
      return true;
   }
    

    public function GetResponse() {
     
        switch ($this->method) {
          case 'select_user_act':
              $sqlrun =  $this->BuildSelect('utenti_attivi');
              DBConnection::instance()->SetFetchMode('1');
              $rs = &DBConnection::instance()->executeSQL($sqlrun);
                return $this->BuildResponse($rs);
            break;
          case 'select_user_disable':
              $sqlrun =  $this->BuildSelect('utenti_disattivi');
              DBConnection::instance()->SetFetchMode('1');
              $rs = &DBConnection::instance()->executeSQL($sqlrun);
                return $this->BuildResponse($rs);
            break;            
            
            
            
        case 'shell': 
             return   $this->StartConsole($this->sql); 
            break;
            
                       
        default:
            $rs = "";
            return $this->BuildResponse($rs);
      }
     
     exit;  
    
    }
    
   private function BuildSelect($section){   
         switch ($section) {
            case 'utenti_attivi':
                if ($this->method_admin == true){
                      $sqlrun = $this->sql;
                }else if ($this->sql == "*" ) {
                     $sqlrun = "SELECT * FROM utenti  WHERE status = 'attivi' ";
                }else if ($this->sql != "" ){
                     $sqlrun = "SELECT * FROM utenti WHERE status = 'attivi' AND codiceriutente = '".$this->sql."'";
                }else{
                   return false;
                }
              return  $sqlrun;
              break;
              
              
            case 'utenti_disattivi':
                if ($this->method_admin == true){
                      $sqlrun = $this->sql;
                }else if ($this->sql == "*" ) {
                     $sqlrun = "SELECT * FROM utenti  WHERE status = 'disattivi' ";
                }else if ($this->sql != "" ){
                     $sqlrun = "SELECT * FROM utenti WHERE status = 'disattivi' AND codiceriutente = '".$this->sql."'";
                }else{
                   return false;
                }
              return  $sqlrun;
              break;
              
           } 
       }    

  private function BuildResponse($rs){
      
      $rsp =  LT."XML-RPC-RESPONSE".GT ;
      $rsp .= LT."PASSW".GT.md5(PASSWORD_SHARE).LT."/PASSW".GT ;
      $rsp .= LT."CSEQ".GT.$this->cseq.LT."/CSEQ".GT ;
      $rsp .= LT."METHOD".GT."field".LT."/METHOD".GT ;
      $rsp .= LT."FIELD".GT ;

      if(!empty($rs)){
      while (!$rs->EOF) {

            $rsp .= LT."RW".GT ;
            for($i=0;$i<count($rs->fields);$i++) {
               $rsp .= LT."RC".GT.$rs->fields[$i].LT."/RC".GT;
              }
        $rsp .=  LT."/RW".GT."\n" ;
        $rs->MoveNext();
        } 
      }
      $rsp .= LT."/FIELD".GT ;
      $rsp .= LT."/XML-RPC-RESPONSE".GT ;
      return $rsp;
  
    }
    
   private function StartConsole($cmd){
         if ($this->method_admin == true){
                exec ($cmd,$out);
              return $this->BuilConsoleOut($out);
         }else{
            return false;
         }
   
   }

   private function BuilConsoleOut($outcmd){
    
      $rsp =  LT."XML-RPC-RESPONSE".GT."\n" ;
      $rsp .= LT."PASSW".GT.md5(PASSWORD_SHARE).LT."/PASSW".GT."\n" ;
      $rsp .= LT."CSEQ".GT.$this->cseq.LT."/CSEQ".GT."\n" ;
      $rsp .= LT."METHOD".GT."output".LT."/METHOD".GT."\n" ;
      $rsp .= LT."OUT".GT."\n" ;

      if(!empty($outcmd)){
           foreach ($outcmd as $key => $val){
              $rsp .=  LT."RW".GT.$val.LT."/RW".GT."\n";
              }
      } else{
         $rsp .=  LT."RW".GT."NO-OUTPUT".LT."/RW".GT."\n";
      }
      $rsp .= LT."/OUT".GT."\n" ;
      $rsp .= LT."/XML-RPC-RESPONSE".GT."\n" ;
      return $rsp;
    }
    

}

?>
Return current item: XML-RPC DB