00001 <?PHP
00021
00022
00023
00024 ob_start();
00025 header('Content-Type: text/html; charset=utf-8');
00026 include_once("sysheader_inc.php");
00027
00028
00029 BizSystem::sessionContext();
00030
00031 $bizCtrller = new BizController();
00032 if($bizCtrller->processSecurityFilters()===true){
00033 $bizCtrller->dispatchRequest();
00034 }
00035
00044 class BizController
00045 {
00046 private $_userTimeoutView = USER_TIMEOUT_VIEW;
00047 private $_accessDeniedView = ACCESS_DENIED_VIEW;
00048 private $_securityDeniedView = SECURITY_DENIED_VIEW;
00049
00055 public function processSecurityFilters()
00056 {
00057 $securityObj = BizSystem::getService(SECURITY_SERVICE);
00058 $securityObj->processFilters();
00059 if($err_msg = $securityObj->getErrorMessage())
00060 {
00061 if($this->_securityDeniedView){
00062 $view = $this->_securityDeniedView;
00063 }else{
00064 $view = $this->_accessDeniedView;
00065 }
00066 $this->renderView($view);
00067 return false;
00068 }
00069 return true;
00070 }
00071
00077 public function dispatchRequest()
00078 {
00079 if ($this->_checkSessionTimeout())
00080 {
00081 BizSystem::sessionContext()->destroy();
00082 return $this->renderView($this->_userTimeoutView);
00083 }
00084
00085
00086
00087
00088 if (isset($_GET['view']))
00089 {
00090 $form = isset($_GET['form']) ? $_GET['form'] : "";
00091 $rule = isset($_GET['rule']) ? $_GET['rule'] : "";
00092 $hist = isset($_GET['hist']) ? $_GET['hist'] : "";
00093 $viewName = $_GET['view'];
00094 $params = $this->_getParameters();
00095
00096 if(defined('NOTFOUND_VIEW'))
00097 {
00098 if(!RESOURCE::getXmlFileWithPath($viewName)){
00099 return $this->renderView(NOTFOUND_VIEW, $form, $rule, $params, $hist);
00100 exit;
00101 }
00102 }
00103
00104 if (!$this->_checkViewAccess($viewName))
00105 return $this->renderView($this->_accessDeniedView);
00106
00107 return $this->renderView($viewName, $form, $rule, $params, $hist);
00108 }
00109 else if (isset($_REQUEST['_thisView']) && !empty($_REQUEST['_thisView'])) {
00110 BizSystem::instance()->setCurrentViewName($_REQUEST['_thisView']);
00111 }
00112
00113 $retval = $this->invoke();
00114
00115 print($retval." ");
00116 exit();
00117 }
00118
00124 private function _getParameters()
00125 {
00126 $getKeys = array_keys($_GET);
00127 $params = null;
00128
00129 foreach ($getKeys as $key)
00130 {
00131 if (substr($key, 0, 6) == "param:")
00132 {
00133 $paramName = substr($key, 6);
00134 $paramValue = $_GET[$key];
00135 $params[$paramName] = $paramValue;
00136 }
00137 }
00138 return $params;
00139 }
00140
00146 private function _getUserProfile()
00147 {
00148 return BizSystem::getUserProfile();
00149 }
00150
00156 private function _checkSessionTimeout()
00157 {
00158 return BizSystem::sessionContext()->isTimeout();
00159 }
00160
00167 private function _checkViewAccess($viewName)
00168 {
00169
00170 $svcobj = BizSystem::getService(ACCESS_SERVICE);
00171 return $svcobj->allowViewAccess($viewName);
00172 }
00173
00181 public function renderView($viewName, $form="", $rule="", $params=null, $hist="")
00182 {
00183 $bizSystem = BizSystem::instance();
00184
00185
00186 if ($viewName == "__DynPopup")
00187 {
00188 $viewObj = BizSystem::getObject($viewName);
00189 $viewObj->render();
00190 return;
00191 }
00192
00193
00194 $prevViewName = $bizSystem->getCurrentViewName();
00195 $prevViewSet = $bizSystem->getCurrentViewSet();
00196
00197
00198 $bizSystem->setCurrentViewName($viewName);
00199
00200 $viewObj = BizSystem::getObject($viewName);
00201 if(!$viewObj)
00202 return;
00203 $viewSet = $viewObj->getViewSet();
00204 $bizSystem->setCurrentViewSet($viewSet);
00205
00206
00207
00208
00209
00210
00211
00212 BizSystem::sessionContext()->clearSessionObjects(true);
00213
00214 if ($hist == "N")
00215 $viewObj->CleanViewHistory();
00216
00217 if ($form != "" && $rule != "")
00218 $viewObj->processRule($form, $rule, TRUE);
00219
00220 if ($params)
00221 $viewObj->setParameters($params);
00222
00223 if (isset($_GET['mode']))
00224 $viewObj->SetFormMode($form, $_GET['mode']);
00225
00226 $viewObj->render();
00227
00228 }
00229
00235 protected function invoke()
00236 {
00237
00238 if(isset($_POST['__url']))
00239 {
00240 $getUrl=parse_url($_POST['__url']);
00241 $query=$getUrl['query'];
00242 $parameter=explode('&',$query);
00243 foreach($parameter as $param)
00244 {
00245 $data=explode('=',$param);
00246 $name=$data[0];
00247 $value=$data[1];
00248 $_GET[$name]=$value;
00249 }
00250 }
00251
00252 $func = (isset($_REQUEST['F']) ? $_REQUEST['F'] : "");
00253 $arg_list = array();
00254 $i = 0;
00255
00256 if ($func != "")
00257 {
00258 eval("\$P$i = (isset(\$_REQUEST['P$i']) ? \$_REQUEST['P$i']:'');");
00259 $Ptmp = "P". $i;
00260
00261 if (strstr($P0, Popup_Suffix))
00262 {
00263 $name_len = strlen($P0);
00264 $suffix_len = strlen(Popup_Suffix);
00265 $P0 = substr($P0, 0, $name_len - $suffix_len - 1) . "]";
00266 }
00267
00268 while ($$Ptmp != "")
00269 {
00270 $parm = $$Ptmp;
00271 $parm = substr($parm, 1, strlen($parm) - 2);
00272 $arg_list[] = $parm;
00273 $i++;
00274 eval("\$P$i = (isset(\$_REQUEST['P$i']) ? \$_REQUEST['P$i']:'');");
00275 $Ptmp = "P". $i;
00276 }
00277 }
00278 else
00279 return;
00280
00281 if ($func != "RPCInvoke" && $func != "Invoke")
00282 {
00283 trigger_error("$func is not a valid invocation", E_USER_ERROR);
00284 return;
00285 }
00286 if ($func == "RPCInvoke")
00287 BizSystem::clientProxy()->setRPCFlag(true);
00288
00289
00290 $num_arg = count($arg_list);
00291 if ($num_arg < 2)
00292 {
00293 $errmsg = BizSystem::getMessage("SYS_ERROR_RPCARG", array($class));
00294 trigger_error($errmsg, E_USER_ERROR);
00295 }
00296 else
00297 {
00298 $objName = array_shift($arg_list);
00299 $methodName = array_shift($arg_list);
00300
00301 $obj= BizSystem::getObject($objName);
00302
00303 if ($obj)
00304 {
00305 if (method_exists($obj, $methodName))
00306 {
00307 if (!$this->validateRequest($obj, $methodName))
00308 {
00309 $errmsg = BizSystem::getMessage("SYS_ERROR_REQUEST_REJECT", array($obj->m_Name, $methodName));
00310 trigger_error($errmsg, E_USER_ERROR);
00311 }
00312 switch (count($arg_list))
00313 {
00314 case 0: $rt_val = $obj->$methodName(); break;
00315 case 1: $rt_val = $obj->$methodName($arg_list[0]); break;
00316 case 2: $rt_val = $obj->$methodName($arg_list[0], $arg_list[1]); break;
00317 case 3: $rt_val = $obj->$methodName($arg_list[0], $arg_list[1], $arg_list[2]); break;
00318 default: $rt_val = call_user_func_array(array($obj, $methodName), $arg_list);
00319 }
00320 }
00321 else
00322 {
00323 $errmsg = BizSystem::getMessage("SYS_ERROR_METHODNOTFOUND",array($objName, $methodName));
00324 trigger_error($errmsg, E_USER_ERROR);
00325 }
00326 }
00327 else
00328 {
00329 $errmsg = BizSystem::getMessage("SYS_ERROR_CLASSNOTFOUND", array($objName));
00330 trigger_error($errmsg, E_USER_ERROR);
00331 }
00332
00333 if ($func == "Invoke")
00334 {
00335 if (BizSystem::clientProxy()->hasOutput())
00336 BizSystem::clientProxy()->printOutput();
00337 }
00338 else if ($func == "RPCInvoke")
00339 {
00340 if (BizSystem::clientProxy()->hasOutput())
00341 {
00342 if ($_REQUEST['jsrs'] == 1)
00343 echo "<html><body><form name=\"jsrs_Form\"><textarea name=\"jsrs_Payload\" id=\"jsrs_Payload\">";
00344 BizSystem::clientProxy()->printOutput();
00345 if ($_REQUEST['jsrs'] == 1)
00346 echo "</textarea></form></body></html>";
00347 }
00348 else
00349 return $rt_val;
00350 }
00351 }
00352 }
00353
00361 protected function validateRequest($obj, $methodName)
00362 {
00363 if (!is_a($obj,"EasyForm") && !is_a($obj,"BizForm"))
00364 {
00365 return false;
00366 }
00367 if (is_a($obj,"EasyForm"))
00368 {
00369 if (!$obj->validateRequest($methodName))
00370 {
00371 return false;
00372 }
00373 }
00374 return true;
00375 }
00376 }
00377 ?>