2025-09-26 10:43:05 +03:00
|
|
|
<?php
|
|
|
|
|
/*+*******************************************************************************
|
2025-10-16 11:17:21 +03:00
|
|
|
* The contents of this file are subject to the vtiger CRM Public License Version 1.0
|
|
|
|
|
* ("License"); You may not use this file except in compliance with the License
|
|
|
|
|
* The Original Code is: vtiger CRM Open Source
|
|
|
|
|
* The Initial Developer of the Original Code is vtiger.
|
|
|
|
|
* Portions created by vtiger are Copyright (C) vtiger.
|
|
|
|
|
* All Rights Reserved.
|
|
|
|
|
********************************************************************************/
|
|
|
|
|
|
|
|
|
|
// Start output buffering to prevent "headers already sent" errors
|
|
|
|
|
ob_start();
|
2025-09-26 10:43:05 +03:00
|
|
|
|
|
|
|
|
require_once("config.php");
|
|
|
|
|
/**
|
|
|
|
|
* URL Verfication - Required to overcome Apache mis-configuration and leading to shared setup mode.
|
|
|
|
|
*/
|
|
|
|
|
if (file_exists('config_override.php')) {
|
|
|
|
|
include_once 'config_override.php';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Overrides GetRelatedList : used to get related query
|
|
|
|
|
//TODO : Eliminate below hacking solution
|
|
|
|
|
include_once 'include/Webservices/Relation.php';
|
|
|
|
|
|
|
|
|
|
include_once 'vtlib/Vtiger/Module.php';
|
|
|
|
|
include_once 'includes/main/WebUI.php';
|
|
|
|
|
|
|
|
|
|
require_once("libraries/HTTP_Session2/HTTP/Session2.php");
|
|
|
|
|
require_once 'include/Webservices/Utils.php';
|
|
|
|
|
require_once("include/Webservices/State.php");
|
|
|
|
|
require_once("include/Webservices/OperationManager.php");
|
|
|
|
|
require_once("include/Webservices/SessionManager.php");
|
|
|
|
|
require_once("include/Zend/Json.php");
|
|
|
|
|
require_once('include/logging.php');
|
2025-10-16 11:17:21 +03:00
|
|
|
require_once('include/Webservices/CreateTGContact.php');
|
2025-09-26 10:43:05 +03:00
|
|
|
|
|
|
|
|
$API_VERSION = "0.22";
|
|
|
|
|
|
2025-10-16 11:17:21 +03:00
|
|
|
// Initialize database connection
|
|
|
|
|
require_once('include/database/PearDatabase.php');
|
|
|
|
|
global $adb, $seclog, $log;
|
|
|
|
|
$adb = PearDatabase::getInstance();
|
|
|
|
|
|
2025-09-26 10:43:05 +03:00
|
|
|
$seclog =& LoggerManager::getLogger('SECURITY');
|
|
|
|
|
$log =& LoggerManager::getLogger('webservice');
|
|
|
|
|
|
|
|
|
|
function getRequestParamsArrayForOperation($operation){
|
|
|
|
|
global $operationInput;
|
|
|
|
|
return $operationInput[$operation];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function setResponseHeaders() {
|
|
|
|
|
header('Content-type: application/json');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function writeErrorOutput($operationManager, $error){
|
|
|
|
|
|
|
|
|
|
setResponseHeaders();
|
|
|
|
|
$state = new State();
|
|
|
|
|
$state->success = false;
|
|
|
|
|
$state->error = $error;
|
|
|
|
|
unset($state->result);
|
2025-10-16 11:17:21 +03:00
|
|
|
|
|
|
|
|
if ($operationManager) {
|
|
|
|
|
$output = $operationManager->encode($state);
|
|
|
|
|
echo $output;
|
|
|
|
|
} else {
|
|
|
|
|
// Fallback when OperationManager is not available
|
|
|
|
|
require_once("include/Zend/Json.php");
|
|
|
|
|
echo Zend_Json::encode($state);
|
|
|
|
|
}
|
2025-09-26 10:43:05 +03:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function writeOutput($operationManager, $data){
|
|
|
|
|
|
|
|
|
|
setResponseHeaders();
|
|
|
|
|
$state = new State();
|
|
|
|
|
$state->success = true;
|
|
|
|
|
$state->result = $data;
|
|
|
|
|
unset($state->error);
|
|
|
|
|
$output = $operationManager->encode($state);
|
2025-11-01 16:53:20 +03:00
|
|
|
|
2025-09-26 10:43:05 +03:00
|
|
|
echo $output;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$logstring = date('Y-m-d H:i:s').' '.json_encode($_REQUEST).PHP_EOL;
|
|
|
|
|
file_put_contents('logs/webservice.log', $logstring, FILE_APPEND);
|
|
|
|
|
|
2025-11-01 16:53:20 +03:00
|
|
|
// ✅ Очищаем буфер от BOM, который мог появиться при загрузке include файлов
|
2025-11-02 00:09:22 +03:00
|
|
|
$buffer = ob_get_clean();
|
|
|
|
|
ob_start(); // Перезапускаем буферизацию
|
2025-11-01 16:53:20 +03:00
|
|
|
|
2025-09-26 10:43:05 +03:00
|
|
|
$operation = vtws_getParameter($_REQUEST, "operation");
|
|
|
|
|
$operation = strtolower($operation);
|
|
|
|
|
$format = vtws_getParameter($_REQUEST, "format","json");
|
|
|
|
|
$sessionId = vtws_getParameter($_REQUEST,"sessionName");
|
|
|
|
|
|
2025-10-16 11:17:21 +03:00
|
|
|
$sessionManager = null;
|
|
|
|
|
$operationManager = null;
|
|
|
|
|
|
2025-09-26 10:43:05 +03:00
|
|
|
try{
|
2025-10-16 11:17:21 +03:00
|
|
|
$sessionManager = new SessionManager();
|
|
|
|
|
$operationManager = new OperationManager($adb,$operation,$format,$sessionManager);
|
|
|
|
|
|
2025-09-26 10:43:05 +03:00
|
|
|
if(!$sessionId || strcasecmp($sessionId,"null")===0){
|
|
|
|
|
$sessionId = null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$input = $operationManager->getOperationInput();
|
|
|
|
|
$adoptSession = false;
|
|
|
|
|
if(strcasecmp($operation,"extendsession")===0){
|
|
|
|
|
if(isset($input['operation'])){
|
|
|
|
|
// Workaround fix for PHP 5.3.x: $_REQUEST doesn't have PHPSESSID
|
|
|
|
|
if(isset($_REQUEST['PHPSESSID'])) {
|
|
|
|
|
$sessionId = vtws_getParameter($_REQUEST,"PHPSESSID");
|
|
|
|
|
} else {
|
|
|
|
|
// NOTE: Need to evaluate for possible security issues
|
|
|
|
|
$sessionId = vtws_getParameter($_COOKIE,'PHPSESSID');
|
|
|
|
|
}
|
|
|
|
|
// END
|
|
|
|
|
$adoptSession = true;
|
|
|
|
|
}else{
|
|
|
|
|
writeErrorOutput($operationManager,new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED,"Authencation required"));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$sid = $sessionManager->startSession($sessionId,$adoptSession);
|
|
|
|
|
|
|
|
|
|
if(!$sessionId && !$operationManager->isPreLoginOperation()){
|
|
|
|
|
writeErrorOutput($operationManager,new WebServiceException(WebServiceErrorCode::$AUTHREQUIRED,"Authencation required"));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(!$sid){
|
|
|
|
|
writeErrorOutput($operationManager, $sessionManager->getError());
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$userid = $sessionManager->get("authenticatedUserId");
|
|
|
|
|
|
|
|
|
|
if($userid){
|
|
|
|
|
|
|
|
|
|
$seed_user = new Users();
|
|
|
|
|
$current_user = $seed_user->retrieveCurrentUserInfoFromFile($userid);
|
|
|
|
|
|
|
|
|
|
}else{
|
|
|
|
|
$current_user = null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$operationInput = $operationManager->sanitizeOperation($input);
|
|
|
|
|
$includes = $operationManager->getOperationIncludes();
|
|
|
|
|
|
|
|
|
|
foreach($includes as $ind=>$path){
|
|
|
|
|
checkFileAccessForInclusion($path);
|
|
|
|
|
require_once($path);
|
|
|
|
|
}
|
|
|
|
|
$rawOutput = $operationManager->runOperation($operationInput,$current_user);
|
|
|
|
|
writeOutput($operationManager, $rawOutput);
|
|
|
|
|
} catch (DuplicateException $e) {
|
|
|
|
|
writeErrorOutput($operationManager,new WebServiceException($e->getCode(), $e->getMessage()));
|
|
|
|
|
}catch(WebServiceException $e){
|
|
|
|
|
writeErrorOutput($operationManager,$e);
|
|
|
|
|
}catch(Exception $e){
|
|
|
|
|
writeErrorOutput($operationManager,
|
|
|
|
|
new WebServiceException(WebServiceErrorCode::$INTERNALERROR,"Unknown Error while processing request"));
|
|
|
|
|
}
|
|
|
|
|
?>
|
