-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdata.php
111 lines (77 loc) · 3.51 KB
/
data.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
<?php
/**
*
* data page, allows other sites to consume the xml of a toolkit
*
* @author Patrick Lockley
* @version 1.0
* @copyright Copyright (c) 2008,2009 University of Nottingham
* @package
*/
require_once(dirname(__FILE__) . "/config.php");
_load_language_file('data.inc');
require $xerte_toolkits_site->php_library_path . "template_status.php";
require $xerte_toolkits_site->php_library_path . "display_library.php";
/**
* Check the template ID is a number
*/
if(!isset($_GET['template_id']) || !is_numeric($_GET['template_id'])) {
dont_show_template();
exit(0);
}
/**
* Run the standard query from config.php, excessive in this case, but suitable
*/
$query_to_check_data = "select * from {$xerte_toolkits_site->database_table_prefix}additional_sharing where sharing_type=? AND template_id = ?";
$query_for_data_response = db_query_one($query_to_check_data, array('xml', $_GET['template_id']));
/**
* Check to see if for this ID a data value is set in additional sharing.
*/
if(!empty($query_for_data_response)) {
$row_data = $query_for_data_response;
/**
* The extra value in this case is the hostname we have limited XML consumption too, and as such see it exists
*/
if($row_data['extra']!=""){
/**
* Compare to the host variables
*/
if(($row_data['extra']==$_SERVER['HTTP_REFERER'])||($row_data['extra']==$_SERVER['REMOTE_ADDR'])){
/**
* Fetch and return the XML
*/
$query_for_preview_content = $xerte_toolkits_site->play_edit_preview_query;
$query_for_preview_content_response = mysql_query($query_for_preview_content);
$row = mysql_fetch_array($query_for_preview_content_response);
$query_for_username = "select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?";
$row_username = db_query_one($query_for_username, array($row['user_id']));
if(empty($row_username)) {
_debug("User deleted, but template remains?");
}
else {
$path = $xerte_toolkits_site->users_file_area_short . $row['template_id'] . "-" . $row_username['username'] . "-" . $row['template_name'] . "/";
echo str_replace("FileLocation + '", $xerte_toolkits_site->site_url . $path, file_get_contents($path . "data.xml"));
}
}else{
dont_show_template();
}
}else{
/**
* Fetch and return the XML
*/
$query_for_play_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query);
$query_for_play_content = str_replace("TEMPLATE_ID_TO_REPLACE", mysql_real_escape_string($_GET['template_id']), $query_for_play_content_strip);
$row = db_query_one($query_for_play_content);
$query_for_username = "select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?";
$row_username = db_query_one($query_for_username, array($row['user_id']));
$path = $xerte_toolkits_site->users_file_area_short . $row['template_id'] . "-" . $row_username['username'] . "-" . $row['template_name'] . "/";
echo str_replace("FileLocation + '", $xerte_toolkits_site->site_url . $path, file_get_contents($path . "data.xml"));
}
}
else{
/***
Display nothing
*/
echo DATA_XMLFAIL;
dont_show_template();
}