phpBMS

root/trunk/phpbms/modules/mailchimp/manual_list_sync_ajax.php

Revision 730, 4.7 KB (checked in by brieb, 2 years ago)
  • more sucrity tightening with roles.
Line 
1<?php
2/*
3 $Rev: 267 $ | $LastChangedBy: brieb $
4 $LastChangedDate: 2007-08-14 13:08:27 -0600 (Tue, 14 Aug 2007) $
5 +-------------------------------------------------------------------------+
6 | Copyright (c) 2004 - 2010, Kreotek LLC                                  |
7 | All rights reserved.                                                    |
8 +-------------------------------------------------------------------------+
9 |                                                                         |
10 | Redistribution and use in source and binary forms, with or without      |
11 | modification, are permitted provided that the following conditions are  |
12 | met:                                                                    |
13 |                                                                         |
14 | - Redistributions of source code must retain the above copyright        |
15 |   notice, this list of conditions and the following disclaimer.         |
16 |                                                                         |
17 | - Redistributions in binary form must reproduce the above copyright     |
18 |   notice, this list of conditions and the following disclaimer in the   |
19 |   documentation and/or other materials provided with the distribution.  |
20 |                                                                         |
21 | - Neither the name of Kreotek LLC nor the names of its contributore may |
22 |   be used to endorse or promote products derived from this software     |
23 |   without specific prior written permission.                            |
24 |                                                                         |
25 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS     |
26 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT       |
27 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A |
28 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT      |
29 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,   |
30 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT        |
31 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,   |
32 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY   |
33 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT     |
34 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE   |
35 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.    |
36 |                                                                         |
37 +-------------------------------------------------------------------------+
38*/
39
40class manualSync{
41
42    var $db;
43
44    function manualSync($db){
45
46        $this->db = $db;
47        $this->db->errorFormat = "json";
48
49    }//end function init
50
51
52    function checkSecurity(){
53
54        $querystatement = "
55            SELECT
56                roleid
57            FROM
58                tableoptions
59            WHERE
60                name= 'massemail'
61                AND tabledefid = 'tbld:6d290174-8b73-e199-fe6c-bcf3d4b61083'
62                ";
63
64        $queryresult = $this->db->query($querystatement);
65
66        $therecord = $this->db->fetchArray($queryresult);
67
68        if(hasRights($therecord["roleid"]))
69           return true;
70        else
71            return false;
72
73    }//end function checkSecurity
74
75
76    function sync(){
77
78        $listSync = new listSync(
79                                 $this->db,
80                                 MAILCHIMP_APIKEY,
81                                 MAILCHIMP_LIST_ID,
82                                 MAILCHIMP_LAST_SYNC_DATE,
83                                 NULL,
84                                 MAILCHIMP_SECURE
85                                 );
86
87        $response = $listSync->process();
88
89        if(!isset($response["type"])){
90            $response = array();
91            $response["type"] = "error";
92            $response["details"] = array("message"=>"Fatal error: no valid response from script.", "code"=>NULL);
93        }//end if
94
95        $response = json_encode($response);
96        echo($response);
97
98    }//end function sync
99
100}//end class
101
102/**
103 * PROCESSING ==================================================================
104 */
105if(!isset($noOutput)){
106
107    require("../../include/session.php");
108    include("include/MCAPI.class.php");//for MCAPI CLASS (listSync class uses it)
109    include("include/list_sync.php");//for listSync class
110
111    $sync = new manualSync($db);
112
113    if($sync->checkSecurity())
114        $sync->sync();
115    else{
116
117        $response = array();
118        $response["type"] = "error";
119        $response["details"] = array("message"=>"No rights to run script", "code"=>NULL);
120        echo json_encode($response);
121
122    }//endif
123
124}//endif
125
126
127?>
Note: See TracBrowser for help on using the browser.
phpBMS vulnerability assesment provided by Orvant Inc. Copyright © 2010 Kreotek, LLC. All Rights reserved.