177 lines
5.7 KiB
PHP
177 lines
5.7 KiB
PHP
<?php
|
|
|
|
/*=======================================================================
|
|
*
|
|
* ajaxReqGeneric.php
|
|
*
|
|
* Autor: Marc Vollmann
|
|
*
|
|
*
|
|
=======================================================================*/
|
|
|
|
|
|
include_once ("../include/mcglobal.inc.php");
|
|
include_once ("../include/auth.inc.php");
|
|
include_once ("../include/inc_parseXML.inc.php");
|
|
|
|
|
|
// Check HTTP-Parameters
|
|
// Stocks
|
|
getSecHttpVarsAjax("1",array("f_act", "mode", "submode", "moId", "fun", "retIdx", "retParName", "incPath", "incFile", "incAllowAllTypes", "fixNumOfPars", "wrap_html",
|
|
"par_01", "par_02", "par_03", "par_04", "par_05", "par_06", "par_07", "par_08", "par_09", "par_10"));
|
|
|
|
if ($mode != "") :
|
|
header("Content-Type: text/html; charset=ISO-8859-1\n");
|
|
endif;
|
|
|
|
|
|
function wrap_html($aStr) {
|
|
global $wrap_html;
|
|
if ($wrap_html == "1") :
|
|
// $aStr = my_str_check_html($aStr);
|
|
$aStr = str_replace("%u20AC", '€', $aStr);
|
|
endif;
|
|
return $aStr;
|
|
}
|
|
|
|
|
|
// echo "alert('" . $mode . " ' + '" . $submode . " ' + '" . $incFile . " ' + '" . $fun . " ' + '" . $par_01 . " ' + '" . $par_02 . " ' + '" . $par_03 . " ');";
|
|
|
|
|
|
// Gets all script-parameters (HTTP_GET_VARS and HTTP_POST_VARS).
|
|
// If "$mode == 1" then all id-parameters (only these!) will be decoded
|
|
function getSecHttpVarsAjax($getSecHttpVarsMode = "0", $httpVars)
|
|
{
|
|
global $HTTP_GET_VARS, $HTTP_POST_VARS;
|
|
|
|
$retArr = getHttpVars($httpVars);
|
|
$i = 0;
|
|
foreach ($httpVars as $par) {
|
|
global $$par;
|
|
$$par = $retArr[$i];
|
|
$i++;
|
|
}
|
|
// Decryption of the fields if encrypted
|
|
if ($getSecHttpVarsMode == "1") :
|
|
foreach ($httpVars as $par) {
|
|
$$par = dc($$par);
|
|
$$par = urldecode($$par);
|
|
$$par = str_replace("'", "", $$par);
|
|
// $$par = mcEncode($$par); // DISABLED because of "new browser based" decoding in "glob_defs"
|
|
// $$par = str_replace("'", "", $$par);
|
|
if ($wrap_html == "1") :
|
|
$$par = wrap_html($$par);
|
|
endif;
|
|
}
|
|
endif;
|
|
return $retArr;
|
|
}
|
|
|
|
|
|
// Decryption of called function name
|
|
// Takes the parameter "$value" and returns the decrypted, original value
|
|
function mdc($value) {
|
|
global $hq_id;
|
|
$parSecSeq = getParameterValue("0", "HTTP_VARS_SEC_SEQ", $hq_id);
|
|
if ($parSecSeq == "") : $parSecSeq = getParameterValue("0", "HTTP_VARS_SEC_SEQ", "0"); endif;
|
|
if ($parSecSeq == "") : $parSecSeq = "__"; endif;
|
|
$len = strlen($parSecSeq);
|
|
if ((substr($value, 0, $len) == $parSecSeq) && (substr($value, -$len) == $parSecSeq)) :
|
|
// Get real function name by hash
|
|
$value = $value;
|
|
endif;
|
|
return $value;
|
|
}
|
|
|
|
|
|
// Init
|
|
if ($retParName == "") : $retParName = "retValue"; endif;
|
|
|
|
|
|
$fun = mdc($fun); // Decode function name in $fun
|
|
|
|
if ($fun != "") :
|
|
|
|
// Include special file with requested function if requested
|
|
if ($incFile != "") :
|
|
if (!isset($incAllowAllTypes) || $incAllowAllTypes == "") :
|
|
if (substr($incFile,-4) != ".php") :
|
|
$incFile.= ".php";
|
|
endif;
|
|
endif;
|
|
if ($incPath == "") :
|
|
$incPath = "include";
|
|
endif;
|
|
include ("../" . $incPath . "/" . $incFile);
|
|
endif;
|
|
|
|
if (function_exists($fun)) :
|
|
|
|
// Get requested operational database instance via metaobject for each called service functions
|
|
// global $dbname, $dblogin, $dbpassword;
|
|
$db_op_conn = "";
|
|
if ($moId != "") :
|
|
$moValue = getOperationalDatabase($moId);
|
|
if ($moValue != "") :
|
|
$db_op_conn = getDbConnectionSpecial($moValue, $dbname, $dblogin, $dbpassword);
|
|
if ($db_op_conn != "" && is_object($db_op_conn)) : $db = $db_op_conn; endif;
|
|
endif;
|
|
endif;
|
|
|
|
if (true || ($db != "" && is_object($db))) :
|
|
|
|
// Get number of arguments of requested function
|
|
$fct = new ReflectionFunction($fun);
|
|
$numOfFunctionArguments = $fct->getNumberOfRequiredParameters();
|
|
if ($fixNumOfPars != "" && is_numeric($fixNumOfPars)) :
|
|
$numOfFunctionArguments = $fixNumOfPars;
|
|
endif;
|
|
$argumentArray = array();
|
|
for ($i = 1; $i <= $numOfFunctionArguments; $i++) :
|
|
$parValue = ${("par_" . pad($i, 2))};
|
|
array_push($argumentArray, $parValue);
|
|
endfor;
|
|
|
|
// Call function ang get HTML output
|
|
$retValue = call_user_func_array($fun, $argumentArray);
|
|
|
|
if (is_array($retValue)) :
|
|
if ($retIdx != "") :
|
|
$retValue = $retValue[$retIdx];
|
|
if (is_array($retValue)) :
|
|
echo $retParName . " = " . json_encode($retValue) . ";\n";
|
|
else :
|
|
echo $retParName . " = '" . my_str_check_js($retValue) . "';\n";
|
|
endif;
|
|
else :
|
|
echo $retParName . " = " . json_encode($retValue) . ";\n";
|
|
endif;
|
|
|
|
elseif (is_bool($retValue) === true) :
|
|
if ($retValue) : $retValue = "1"; else : $retValue = "0"; endif;
|
|
echo $retParName . " = '" . $retValue . "';\n";
|
|
|
|
else :
|
|
if ($retParName == "_RAW_TEXT_") :
|
|
if (strtolower($mode) == "html") :
|
|
$retValue = nl2br($retValue);
|
|
endif;
|
|
echo $retValue;
|
|
else :
|
|
echo $retParName . " = '" . my_str_check_js($retValue) . "';\n";
|
|
endif;
|
|
endif;
|
|
|
|
else :
|
|
$retValue = "ERR_03"; // No database available
|
|
echo $retParName . " = '" . $retValue . "';\n";
|
|
endif;
|
|
else :
|
|
$retValue = "ERR_02"; // Called function does not exist
|
|
echo $retParName . " = '" . $retValue . "';\n";
|
|
endif;
|
|
else :
|
|
$retValue = "ERR_01"; // No function name specified
|
|
echo $retParName . " = '" . $retValue . "';\n";
|
|
endif;
|
|
?>
|