1. Import

html/include/ajaxReqGeneric.php

@@ -0,0 +1,177 @@
+<?php
+
+/*=======================================================================
+ *
+ * ajaxReqGeneric.php
+ *
+ * Autor: Marc Vollmann
+ *
+ *
+ =======================================================================*/   
+
+
+include_once ("../include/mcglobal.inc.php");
+include_once ("../include/auth.inc.php");
+include_once ("../include/inc_parseXML.inc.php");
+
+
+// Check HTTP-Parameters
+// Stocks
+getSecHttpVarsAjax("1",array("f_act", "mode", "submode", "moId", "fun", "retIdx", "retParName", "incPath", "incFile", "incAllowAllTypes", "fixNumOfPars", "wrap_html",
+                             "par_01", "par_02", "par_03", "par_04", "par_05", "par_06", "par_07", "par_08", "par_09", "par_10"));
+
+if ($mode != "") :
+   header("Content-Type: text/html; charset=ISO-8859-1\n");
+endif;
+
+
+function wrap_html($aStr) {
+	global $wrap_html;
+	if ($wrap_html == "1") :
+	   // $aStr = my_str_check_html($aStr);
+     $aStr = str_replace("%u20AC", '&euro;', $aStr);
+  endif;
+  return $aStr;
+}
+
+
+// echo "alert('" . $mode . " ' + '" . $submode . " ' + '" . $incFile . " ' + '" . $fun . " ' + '" . $par_01 . " ' + '" . $par_02 . " ' + '" . $par_03 . " ');";
+
+
+// Gets all script-parameters (HTTP_GET_VARS and HTTP_POST_VARS).
+// If "$mode == 1" then all id-parameters (only these!) will be decoded
+function getSecHttpVarsAjax($getSecHttpVarsMode = "0", $httpVars)
+{
+  global $HTTP_GET_VARS, $HTTP_POST_VARS;
+
+  $retArr = getHttpVars($httpVars);
+  $i = 0;
+  foreach ($httpVars as $par) {
+      global $$par;
+      $$par = $retArr[$i];
+      $i++;
+  }
+  // Decryption of the fields if encrypted
+  if ($getSecHttpVarsMode == "1") :
+     foreach ($httpVars as $par) {
+        $$par = dc($$par);
+        $$par = urldecode($$par);
+        $$par = str_replace("'", "", $$par);
+        // $$par = mcEncode($$par);  // DISABLED because of "new browser based" decoding in "glob_defs"
+        // $$par = str_replace("'", "", $$par);
+        if ($wrap_html == "1") :
+           $$par = wrap_html($$par);
+        endif;
+     }         
+  endif;  
+  return $retArr;
+}  
+
+
+// Decryption of called function name
+// Takes the parameter "$value" and returns the decrypted, original value
+function mdc($value) {
+   global $hq_id;   
+   $parSecSeq = getParameterValue("0", "HTTP_VARS_SEC_SEQ", $hq_id);
+   if ($parSecSeq == "") : $parSecSeq = getParameterValue("0", "HTTP_VARS_SEC_SEQ", "0"); endif;
+   if ($parSecSeq == "") : $parSecSeq = "__"; endif;
+   $len = strlen($parSecSeq);
+   if ((substr($value, 0, $len) == $parSecSeq) && (substr($value, -$len) == $parSecSeq)) :
+      // Get real function name by hash
+      $value = $value;
+   endif;
+   return $value;
+}
+
+
+// Init
+if ($retParName == "") : $retParName = "retValue"; endif;
+
+
+$fun = mdc($fun);  // Decode function name in $fun
+
+if ($fun != "") :
+
+   // Include special file with requested function if requested
+   if ($incFile != "") :
+      if (!isset($incAllowAllTypes) || $incAllowAllTypes == "") :
+         if (substr($incFile,-4) != ".php") : 
+            $incFile.= ".php";
+         endif;
+      endif;
+      if ($incPath == "") :
+         $incPath = "include";
+      endif;
+      include ("../" . $incPath . "/" . $incFile);
+   endif;
+
+   if (function_exists($fun)) :
+
+      // Get requested operational database instance via metaobject for each called service functions
+      // global $dbname, $dblogin, $dbpassword;
+      $db_op_conn = "";
+      if ($moId != "") :
+           $moValue = getOperationalDatabase($moId);
+           if ($moValue != "") :
+              $db_op_conn = getDbConnectionSpecial($moValue, $dbname, $dblogin, $dbpassword);
+              if ($db_op_conn != "" && is_object($db_op_conn)) : $db = $db_op_conn; endif;
+           endif;
+      endif;
+
+      if (true || ($db != "" && is_object($db))) :
+
+         // Get number of arguments of requested function
+         $fct = new ReflectionFunction($fun);
+         $numOfFunctionArguments = $fct->getNumberOfRequiredParameters();
+         if ($fixNumOfPars != "" && is_numeric($fixNumOfPars)) :
+            $numOfFunctionArguments = $fixNumOfPars;
+         endif;
+         $argumentArray = array();
+         for ($i = 1; $i <= $numOfFunctionArguments; $i++) :
+             $parValue = ${("par_" . pad($i, 2))};
+             array_push($argumentArray, $parValue);
+         endfor;
+
+         // Call function ang get HTML output
+         $retValue = call_user_func_array($fun, $argumentArray);
+
+         if (is_array($retValue)) :
+            if ($retIdx != "") :
+               $retValue = $retValue[$retIdx];
+               if (is_array($retValue)) :
+                  echo $retParName . " = " . json_encode($retValue) . ";\n";
+               else :
+                  echo $retParName . " = '" . my_str_check_js($retValue) . "';\n";
+               endif;
+            else :
+               echo $retParName . " = " . json_encode($retValue) . ";\n";
+            endif;
+
+         elseif (is_bool($retValue) === true) :
+            if ($retValue) : $retValue = "1"; else : $retValue = "0"; endif;
+            echo $retParName . " = '" . $retValue . "';\n";
+
+         else :
+            if ($retParName == "_RAW_TEXT_") :
+               if (strtolower($mode) == "html") :
+                  $retValue = nl2br($retValue);
+               endif;
+               echo $retValue;
+            else :
+               echo $retParName . " = '" . my_str_check_js($retValue) . "';\n";
+            endif;
+         endif;
+
+      else :
+         $retValue = "ERR_03";  // No database available
+         echo $retParName . " = '" . $retValue . "';\n";
+      endif;
+   else :
+      $retValue = "ERR_02";  // Called function does not exist
+      echo $retParName . " = '" . $retValue . "';\n";      
+   endif;
+else :
+   $retValue = "ERR_01";  // No function name specified
+   echo $retParName . " = '" . $retValue . "';\n";
+endif; 
+?>