index.php 5.64 KB
Newer Older
1
<?php
2

3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
/**
 * Convinience function to send a json encoded response and exit
 * 
 * @param $response array Array containing the response to json encode
 * @param $error_code HTTP STATUS response code 
 */
function error_response($response, $error_code = 200) 
{
    http_response_code($error_code);
    header("Content-Type: application/json");
    echo json_encode($response);
    exit(0);
}

//

$settings_file = __DIR__ . '/settings.php';
if (is_readable($settings_file)) {
    $settings = require($settings_file);
} else {
    error_response(['message' => 'Error: Application Server (Internal Error, cannot read file system or missing property file)'], 500);
}
25

26 27 28 29 30
/**
 * Get params.
 * operation == queryID || echo 
 */
$params = [
31 32
    'username' => ($username = filter_input(INPUT_GET, 'username')) ? $username : $settings['username'],
    'password' => ($password = filter_input(INPUT_GET, 'password')) ? $password : $settings['password'],
33 34 35 36 37
    'identity' => ($identity = filter_input(INPUT_GET, 'identity')) ? $identity : '-1',
    'operation' => (in_array($operation = filter_input(INPUT_GET, 'operation'), [
        'testServiceStatus',
        'queryIDnoCD', 'queryID',
        'echo',
38 39 40
    ])) ? $operation : 'queryID',
    'secure_endpoint_username' => isset($settings['secure_endpoint_username']) ? $settings['secure_endpoint_username'] : 'n/a',
    'secure_endpoint_password' => isset($settings['secure_endpoint_password']) ? $settings['secure_endpoint_password'] : 'n/a',
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
];

/**
 * Call remote ws 
 */
function wscall($params)
{
    /**
     * Prep auth 
     */
    $pass_md5 = md5($params['password']);
    $auth = "Basic " . base64_encode("{$params['username']}:{$pass_md5}");

    /**
     * Do the call 
     */
    $ch = curl_init();

    $payload = json_encode(array("SubmissionCode" => $params['identity']));

    curl_setopt($ch, CURLOPT_URL, "https://academicidapp.grnet.gr/admin/web/ws/users/inspectAcademicID");
62
    // curl_setopt($ch, CURLOPT_URL, "https://academicidapp.grnet.gr/admin/web/ws/users/inspectAMKA");
63 64 65 66 67 68 69 70 71 72 73 74
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        "Authorization: {$auth}",
        'Content-Type: application/json',
        'Accept: */*',
        'User-Agent: AcademicIDClientTestPHP/v1.0 osteam'
        ]
    );
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    $result = curl_exec($ch);
75 76 77 78 79 80 81 82

    if (curl_errno($ch)) {
        error_response(['message' => 'Error: EDET Web Service Unreachable'], 500);
    }
    if (intval(($http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE)) / 100) != 2) {
        http_response_code($http_code);            
    }

83 84 85
    curl_close($ch);
    return $result;
}
86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105

/**
 * Get http request header
 */
if (!function_exists('getallheaders'))
{
    function getallheaders()
    {
       $headers = '';
       foreach ($_SERVER as $name => $value)
       {
           if (substr($name, 0, 5) == 'HTTP_')
           {
               $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
           }
       }
       return $headers;
    }
} 

106 107 108 109 110 111 112 113 114 115
/**
 * Check the input 
 * 
 * @return true|mixed True in case of valid input, or response and exit
 */ 
function check_input($identity)
{
    $valid = true;

    if (preg_match('/^[0-9]{12}$/', $identity) !== 1) {
116
        error_response(['message' => 'Error: Service Call Parameters Error, academic id must be 12 digit number'], 500);
117 118 119 120 121
    }

    return true;
}

122 123 124 125 126 127 128 129 130 131 132 133 134
/**
 * Check the authentication header
 * 
 * @return true|mixed True in case of valid auth header, or response and exit
 */
function check_authentication_header($username, $password) 
{
    $auth = true;
    $headers = getallheaders();
    if (array_key_exists('Authorization', $headers)) {
        $header = $headers['Authorization'];
        $auth_parts = [];
        if (preg_match('/^Basic (.+)$/', $header, $auth_parts) === 1) {
135
            if ($auth_parts[1] !== base64_encode("{$username}:{$password}")) {
136
                error_response(['message' => 'Error: Invalid or Missing Basic Authorization Credentials'], 401);
137 138
            }
        } else {
139
            error_response(['message' => 'Error: Invalid or Missing Basic Authorization Credentials'], 401);
140 141
        }
    } else {
142
        error_response(['message' => 'Error: Missing Basic Authorization Header'], 401);
143 144
    }

145
    return true;
146 147
}

148 149 150 151 152
/**
 * 
 */
switch ($params['operation']) {
    case 'queryID':
153
        check_authentication_header($params['secure_endpoint_username'], $params['secure_endpoint_password']);
154
        header("Content-Type: application/json");
155 156 157
        $result = wscall($params);
        break;
    case 'queryIDnoCD':
158 159
        check_authentication_header($params['secure_endpoint_username'], $params['secure_endpoint_password']);
        check_input($params['identity']);
160 161 162 163 164 165 166 167 168
        header("Content-Type: text/plain");
        $result = json_decode(wscall($params), true);
        $IDis = $result !== null &&
            isset($result['response']) && $result['response'] == 'SUCCESS' &&
            isset($result['inspectionResult']['webServiceSuccess']) && 
            $result['inspectionResult']['webServiceSuccess'] == true;
        $result = "isStudent:" . ($IDis ? 'true' : 'false');
        break;
    case 'testServiceStatus':
169
        check_authentication_header($params['secure_endpoint_username'], $params['secure_endpoint_password']);
170 171 172 173 174 175 176 177 178 179 180 181 182
        header("Content-Type: text/plain");
        $result = "StudentID sent was:" . trim(filter_input(INPUT_GET, 'id'));
        break;
    case 'echo':
    default:
        header("Content-Type: text/plain");
        unset($_GET['operation']);
        $result = http_build_query($_GET);
        break;
}

echo $result;
exit(0);