forked from phpList/phplist-plugin-restapi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcall.php
140 lines (109 loc) · 4.71 KB
/
call.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
<?php
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Reference;
use Symfony\Component\Config\FileLocator;
use Symfony\Component\DependencyInjection\Loader\YamlFileLoader;
require_once 'vendor/autoload.php';
// Disable HTML output as HTML cannot be easily read during HTTP POST testing
ini_set( 'html_errors', 0 );
// Disable xdebug HTML outputif debug is disabled and function exists
if (
(! isset( $GLOBALS['DEBUG'] ) || $GLOBALS['DEBUG'] == 0)
&& function_exists( 'xdebug_disable' )
) {
//xdebug_disable();
}
// Check that the plugin has been initiatlised
defined( 'PHPLISTINIT' ) || die;
// No HTML-output, please!
ob_end_clean();
// Getting phpList globals for this plugin
$plugin = $GLOBALS['plugins'][$_GET['pi']];
// Create Symfony DI service container object for use by other classes
$container = new ContainerBuilder();
// Create new Symfony file loader to handle the YAML service config file
$loader = new YamlFileLoader( $container, new FileLocator( __DIR__ ) );
// Load the service config file, which is in YAML format
$loader->load( 'services.yml' );
// Set default path to host phpList instance config file
// NOTE: This config file must be in phpList 4 ini format
// NOTE: Parent phpList 3 config file path available via: $GLOBALS['configfile']
$configFilePath = dirname( __FILE__ ) . '/config-phplist4.php';
// Set necessary config class parameter
$container->setParameter( 'config.configfile', $configFilePath );
// Set service parameters for the RAPI database connection
// NOTE: phpList4 database connection configured elsewhere
// These service parameters will be used as constructor arguments for pdoEx{}
$container->setParameter( 'pdoEx.hostname', $GLOBALS['database_host'] );
$container->setParameter( 'pdoEx.username', $GLOBALS['database_user'] );
$container->setParameter( 'pdoEx.pass', $GLOBALS['database_password'] );
$container->setParameter( 'pdoEx.dbname', $GLOBALS['database_name'] );
// Get a phpList4 configuration object so we can configure the database
$pl4Config = $container->get( 'Config' );
// Load phpList 4 configuration into session, taken from host globals
require_once( 'phplist4-bootstrap.php');
if ( function_exists( 'api_request_log' ) )
{
api_request_log();
}
// Get necessary objects from container
/** @var \Rapi\Call $call */
$call = $container->get( 'Call' );
/** @var \Rapi\Response $response */
$response = $container->get( 'Response' );
// Check if you are calling loginHandler, if you aren't, it checks for a token to see if you are logged in
if($_GET['className'] !== "loginHandler"){
/** @var \Rapi\Admin $admin */
$admin = $container->get( 'Admin' );
if(isset($_POST['token'])){
if(!$admin->isLoggedIn($_POST['token'])){
$response->outputErrorMessage( 'You should login to access the REST API' );
}
unset($_POST['token']);
}else{
$response->outputErrorMessage( 'You should specify you login token as a POST field' );
}
}
// Check if this is called outside phpList auth, this should never occur!
if ( empty( $plugin->coderoot ) )
{
$response->outputErrorMessage( 'Not authorized! Please login to API with HTTP POST parameters [login] and [password] set' );
}
// Check if the request received was via HTTP post
if ( $_SERVER['REQUEST_METHOD'] != "POST" ) {
$response->outputErrorMessage( 'Requests must be made via HTTP POST. Method of this call: ' . $_SERVER['REQUEST_METHOD'] );
}
// NOTE: Login authentication is handled by the main phpList application. HTTP
// POST parameters 'login' and 'password' are required to validate login, else
// an HTML login form will be returned.
// Check if a command was specified
if (
empty( $_REQUEST['className'] )
|| empty( $_REQUEST['method'] )
) {
$response->outputErrorMessage( 'No action requested: specify commands via parameters \'className\' and \'method\'' );
} else {
// Set command for use later
$className = $_REQUEST['className'];
$method = $_REQUEST['method'];
}
// Check the command is callable
if ( ! $call->validateCall( $className, $method ) ) {
// Add error message if not callable
$response->outputErrorMessage( 'Requested command is not callable' );
}
try {
// Execute the requested call
$callResult = $call->doCall( $className, $method, $_POST );
} catch ( \Exception $e ) {
// If call handler encounters error, turn it into a response
$response->outputErrorMessage( 'Call handler error: ' . $e->getMessage() );
//var_dump($e->getLine());
//die;
}
// Format call output for making a response
$resultArray = $call->callResultToArray( $callResult );
// Save output to response
$response->setData( 'unspecified', $resultArray );
// Output the response
$response->output();