Beschreibung fuer Webservices, XSS Lücken geschlossen

This commit is contained in:
Andreas Österreicher
2012-07-17 09:11:07 +00:00
parent ce6380a385
commit 71084eee40
10 changed files with 262 additions and 113 deletions
+20 -3
View File
@@ -1,7 +1,24 @@
<html>
<body>
<h1>FH Technikum Wien - STIP Soap Service</h1>
<a href="stip_client.php">STIP Test Client</a><br><br>
<a href="stip.wsdl.php">STIP WSDL</a>
<h1>FH Complete - Webservices</h1>
<h2>Studienbetrieb</h2>
<ul>
<li><a href="soap_test_lv.php">Lehrveranstaltungen</a></li>
<li><a href="soap_test_mitarbeiter.php">Mitarbeiter</a></li>
<li><a href="soap_test_ort.php">Ort / Raum</a></li>
<li><a href="soap_test_student.php">Studierendendaten</a></li>
</ul>
<h2>Sonstiges</h2>
<ul>
<li><a href="test_client.php">Soap Test Client</a></li>
<li><a href="stip_client.php">STIP Schnittstelle</a></li>
<li><a href="semesterticket_client.php">Semesterticket Wiener Linien</a></li>
</ul>
<ul>
<li>Projekte</li>
<li>Notizen</li>
<li>Projektressource</li>
<li>Ressource</li>
</ul>
</body>
</html>
+1 -1
View File
@@ -160,7 +160,7 @@ function getRaeume($raumtyp_kurzbz=null, $authentifizierung)
/**
*
* Funktion searchRaum Sucht einen Raum
* Funktion searchRaum - Sucht einen freien Raum
*
* @param date $datum
* @param time $zeit_von
+4 -1
View File
@@ -3,9 +3,11 @@ require_once('../config/vilesci.config.inc.php');
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<script type="text/javascript" language="JavaScript" src="../include/js/jquery.js"></script>
<script type="text/javascript" language="JavaScript" src="../include/js/jqSOAPClient.js"></script>
<script type="text/javascript" language="JavaScript" src="../include/js/jqXMLUtils.js"></script>
<script type="text/javascript" language="JavaScript" src="../include/js/jqSOAPClient.js"></script>
<script type="text/javascript">
function send()
@@ -21,6 +23,7 @@ require_once('../config/vilesci.config.inc.php');
function clb_insert(respObj)
{
alert('obj:'+respObj);
try
{
var msg = respObj.Body[0].saveProjektDatenResponse[0].message[0].Text;
+16 -9
View File
@@ -1,10 +1,13 @@
<?php
require_once('../config/vilesci.config.inc.php');
require_once('../include/functions.inc.php');
require_once('../include/basis_db.class.php');
$getuid = get_uid();
if(!check_lektor($getuid))
die('Sie haben keine Berechtigung für diese Seite');
$db = new basis_db();
?>
<html>
<head>
@@ -14,36 +17,38 @@ if(!check_lektor($getuid))
<title>Semesterticket-Client</title>
</head>
<body>
<h1>Testclient für Webservice Wiener Linien</h1>
<a href="semesterticket.wsdl.php">Show WSDL</a>
<br><br>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0" cellpadding="5" cellspacing="0" bgcolor="#E0E0E0">
<tr>
<td align="right">token:</td>
<td><input name="token" type="text" size="30" maxlength="15" value="<?php echo (isset($_REQUEST['token']) ? $_REQUEST['token'] : "");?>"></td>
<td><input name="token" type="text" size="30" maxlength="15" value="<?php echo $db->convert_html_chars((isset($_REQUEST['token']) ? $_REQUEST['token'] : ""));?>"></td>
</tr>
<tr>
<td align="right">Matrikelnummer:</td>
<td><input name="matrikelnummer" type="text" size="30" maxlength="15" value="<?php echo (isset($_REQUEST['matrikelnummer']) ? $_REQUEST['matrikelnummer'] : "");?>"></td>
<td><input name="matrikelnummer" type="text" size="30" maxlength="15" value="<?php echo $db->convert_html_chars((isset($_REQUEST['matrikelnummer']) ? $_REQUEST['matrikelnummer'] : ""));?>"></td>
</tr>
<tr>
<td align="right">Familienname:</td>
<td><input name="name" type="text" size="30" maxlength="255" value="<?php echo (isset($_REQUEST['familienname']) ? $_REQUEST['familienname'] : "");?>"></td>
<td><input name="name" type="text" size="30" maxlength="255" value="<?php echo $db->convert_html_chars((isset($_REQUEST['name']) ? $_REQUEST['name'] : ""));?>"></td>
</tr>
<tr>
<td align="right">Vorname:</td>
<td><input name="vorname" type="text" size="30" maxlength="255" value="<?php echo (isset($_REQUEST['vorname']) ? $_REQUEST['vorname'] : "");?>"></td>
<td><input name="vorname" type="text" size="30" maxlength="255" value="<?php echo $db->convert_html_chars((isset($_REQUEST['vorname']) ? $_REQUEST['vorname'] : ""));?>"></td>
</tr>
<tr>
<td align="right">Geburtsdatum:</td>
<td><input name="geburtsdatum" type="text" size="30" maxlength="10" value="<?php echo (isset($_REQUEST['geburtsdatum']) ? $_REQUEST['geburtsdatum'] : "");?>"></td>
<td><input name="geburtsdatum" type="text" size="30" maxlength="10" value="<?php echo $db->convert_html_chars((isset($_REQUEST['geburtsdatum']) ? $_REQUEST['geburtsdatum'] : ""));?>"></td>
</tr>
<tr>
<td align="right">Postleitzahl:</td>
<td><input name="postleitzahl" type="text" size="30" maxlength="10" value="<?php echo (isset($_REQUEST['postleitzahl']) ? $_REQUEST['postleitzahl'] : "");?>"></td>
<td><input name="postleitzahl" type="text" size="30" maxlength="10" value="<?php echo $db->convert_html_chars((isset($_REQUEST['postleitzahl']) ? $_REQUEST['postleitzahl'] : ""));?>"></td>
</tr>
<tr>
<td align="right">Semesterkuerzel:</td>
<td><input name="semesterkuerzel" type="text" size="30" maxlength="3" value="<?php echo (isset($_REQUEST['semester']) ? $_REQUEST['semester'] : "11W");?>"></td>
<td><input name="semesterkuerzel" type="text" size="30" maxlength="3" value="<?php echo $db->convert_html_chars((isset($_REQUEST['semester']) ? $_REQUEST['semester'] : "11W"));?>"></td>
</tr>
<tr>
<td align="right"></td>
@@ -85,4 +90,6 @@ if(isset($_REQUEST['submit']))
}
?>
?>
</body>
</html>
+49 -20
View File
@@ -1,12 +1,36 @@
<?php
/* Copyright (C) 2012 Technikum-Wien
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
*
* Authors: Karl Burkhart <burkhart@technikum-wien.at>.
*/
/**
* Testclient für Lehrveranstaltung Webservice
*/
require_once('../config/vilesci.config.inc.php');
require_once('../include/functions.inc.php');
require_once('../include/functions.inc.php');
require_once('../include/basis_db.class.php');
$method = (isset($_GET['method'])?$_GET['method']:'studiengang');
$getuid = get_uid();
if(!check_lektor($getuid))
die('Sie haben keine Berechtigung für diese Seite');
$db = new basis_db();
?>
<html>
<head>
@@ -17,10 +41,17 @@ if(!check_lektor($getuid))
<title>SOAP TestClient für Lehrveranstaltungen</title>
</head>
<body>
<a href ="<?php echo $_SERVER['PHP_SELF'].'?method=studiengang'?>">GetLehrveranstaltungFromStudiengang</a><br>
<a href ="<?php echo $_SERVER['PHP_SELF'].'?method=id'?>">GetLehrveranstaltungFromId</a><br><br>
<a href ="<?php echo APP_ROOT.'soap/lehrveranstaltung.wsdl.php'?>">Show WSDL </a><br><br>
<h1>Lehrveranstaltung Webservice</h1>
Liefert Informationen über Lehrveranstaltungen
<h2>Funktionen</h2>
<ul>
<li><a href ="<?php echo $_SERVER['PHP_SELF'].'?method=studiengang'?>">GetLehrveranstaltungFromStudiengang</a> - Laedt die Lehrveranstaltungen eines Studienganges</li>
<li><a href ="<?php echo $_SERVER['PHP_SELF'].'?method=id'?>">GetLehrveranstaltungFromId</a> - Laedt eine Lehrveranstaltung anhand der LehrveranstaltungsID</li>
</ul>
<br>
<a href ="<?php echo APP_ROOT.'soap/lehrveranstaltung.wsdl.php'?>">Show WSDL </a>
<br>
<h2>Testformular</h2>
<?php if($method=='studiengang')
{
echo'
@@ -28,23 +59,23 @@ if(!check_lektor($getuid))
<table border="0" cellpadding="5" cellspacing="0" bgcolor="#E0E0E0">
<tr>
<td align="right">Name* :</td>
<td><input name="username" type="text" size="30" maxlength="255" value="'.(isset($_REQUEST['username']) ? $_REQUEST['username'] : "").'"></td>
<td><input name="username" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['username']) ? $_REQUEST['username'] : "")).'"></td>
</tr>
<tr>
<td align="right">Passwort* :</td>
<td><input name="passwort" type="password" size="30" maxlength="255" value="'.(isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "").'"></td>
<td><input name="passwort" type="password" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "")).'"></td>
</tr>
<tr>
<td align="right">Studiengang* :</td>
<td><input name="studiengang" type="text" size="30" maxlength="10" value="'.(isset($_REQUEST['studiengang']) ? $_REQUEST['studiengang'] : "").'"></td>
<td><input name="studiengang" type="text" size="30" maxlength="10" value="'.$db->convert_html_chars((isset($_REQUEST['studiengang']) ? $_REQUEST['studiengang'] : "")).'"></td>
</tr>
<tr>
<td align="right">Semester* :</td>
<td><input name="semester" type="text" size="30" maxlength="10" value="'.(isset($_REQUEST['semester']) ? $_REQUEST['semester'] : "").'"></td>
<td align="right">Studiensemester* :</td>
<td><input name="semester" type="text" size="30" maxlength="10" value="'.$db->convert_html_chars((isset($_REQUEST['semester']) ? $_REQUEST['semester'] : "")).'"></td>
</tr>
<tr>
<td align="right">Ausbildungssemester :</td>
<td><input name="aussemester" type="text" size="30" maxlength="10" value="'.(isset($_REQUEST['aussemester']) ? $_REQUEST['aussemester'] : "").'"></td>
<td><input name="aussemester" type="text" size="30" maxlength="10" value="'.$db->convert_html_chars((isset($_REQUEST['aussemester']) ? $_REQUEST['aussemester'] : "")).'"></td>
</tr>
<tr>
<td align="right"></td>
@@ -110,19 +141,19 @@ if(!check_lektor($getuid))
<table border="0" cellpadding="5" cellspacing="0" bgcolor="#E0E0E0">
<tr>
<td align="right">Name* :</td>
<td><input name="username" type="text" size="30" maxlength="255" value="'.(isset($_REQUEST['username']) ? $_REQUEST['username'] : "").'"></td>
<td><input name="username" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['username']) ? $_REQUEST['username'] : "")).'"></td>
</tr>
<tr>
<td align="right">Passwort* :</td>
<td><input name="passwort" type="password" size="30" maxlength="255" value="'.(isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "").'"></td>
<td><input name="passwort" type="password" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "")).'"></td>
</tr>
<tr>
<td align="right">Lehrveranstaltung_id* :</td>
<td><input name="lv_id" type="text" size="30" maxlength="10" value="'.(isset($_REQUEST['lv_id']) ? $_REQUEST['lv_id'] : "").'"></td>
<td><input name="lv_id" type="text" size="30" maxlength="10" value="'.$db->convert_html_chars((isset($_REQUEST['lv_id']) ? $_REQUEST['lv_id'] : "")).'"></td>
</tr>
<tr>
<td align="right">Semester:</td>
<td><input name="semester" type="text" size="30" maxlength="10" value="'.(isset($_REQUEST['semester']) ? $_REQUEST['semester'] : "").'"></td>
<td align="right">Studiensemester :</td>
<td><input name="semester" type="text" size="30" maxlength="10" value="'.$db->convert_html_chars((isset($_REQUEST['semester']) ? $_REQUEST['semester'] : "")).'"></td>
</tr>
<tr>
<td align="right"></td>
@@ -227,8 +258,6 @@ if(isset($_REQUEST['submit']) && $_GET['method']=='id')
}
}
?>
</body>
</html>
+41 -13
View File
@@ -1,4 +1,25 @@
<?php
/* Copyright (C) 2012 FH Technikum-Wien
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
*
* Authors: Andreas Oesterreicher <andreas.oesterreicher@technikum-wien.at> and
*/
/**
* Test Client fuer Mitarbeiter Webservice
*/
require_once('../config/vilesci.config.inc.php');
require_once('../include/functions.inc.php');
require_once('../include/basis_db.class.php');
@@ -19,11 +40,18 @@ if(!check_lektor($getuid))
<title>SOAP TestClient für Mitarbeiter</title>
</head>
<body>
<a href ="<?php echo $_SERVER['PHP_SELF'].'?method=getMitarbeiterFromUID'?>">getMitarbeiterFromUID</a><br>
<a href ="<?php echo $_SERVER['PHP_SELF'].'?method=getMitarbeiter'?>">getMitarbeiter</a><br>
<a href ="<?php echo $_SERVER['PHP_SELF'].'?method=SearchMitarbeiter'?>">SearchMitarbeiter</a><br>
<a href ="<?php echo APP_ROOT.'soap/mitarbeiter.wsdl.php'?>">Show WSDL </a><br><br>
<h1>Mitarbeiter Webservice</h1>
Liefert Informationen über Mitarbeiter
<h2>Funktionen</h2>
<ul>
<li><a href ="<?php echo $_SERVER['PHP_SELF'].'?method=getMitarbeiterFromUID'?>">getMitarbeiterFromUID</a> - Mitarbeiterdaten anhand der UID laden</li>
<li><a href ="<?php echo $_SERVER['PHP_SELF'].'?method=getMitarbeiter'?>">getMitarbeiter</a> - Liefert eine Liste aller Mitarbeiter</li>
<li><a href ="<?php echo $_SERVER['PHP_SELF'].'?method=SearchMitarbeiter'?>">SearchMitarbeiter</a> - Sucht einen Mitarbeiter</li>
</ul>
<br>
<a href ="<?php echo APP_ROOT.'soap/mitarbeiter.wsdl.php'?>">Show WSDL </a>
<br>
<h2>Testformular</h2>
<?php
if($method=='getMitarbeiterFromUID')
{
@@ -31,15 +59,15 @@ if(!check_lektor($getuid))
<form action="'.$_SERVER["PHP_SELF"].'?method=getMitarbeiterFromUID" method="post">
<table border="0" cellpadding="5" cellspacing="0" bgcolor="#E0E0E0">
<tr>
<td align="right">Username:</td>
<td align="right">Username* :</td>
<td><input id="username" name="username" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['username']) ? $_REQUEST['username'] : "")).'"></td>
</tr>
<tr>
<td align="right">Passwort:</td>
<td align="right">Passwort* :</td>
<td><input id="passwort" name="passwort" type="password" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "")).'"></td>
</tr>
<tr>
<td align="right">UID:</td>
<td align="right">UID* :</td>
<td><input id="uid" name="uid" type="text" size="30" maxlength="10" value="'.$db->convert_html_chars((isset($_REQUEST['uid']) ? $_REQUEST['uid'] : "")).'"></td>
</tr>
<tr>
@@ -108,11 +136,11 @@ if(!check_lektor($getuid))
<form action="'.$_SERVER["PHP_SELF"].'?method=getMitarbeiter" method="post">
<table border="0" cellpadding="5" cellspacing="0" bgcolor="#E0E0E0">
<tr>
<td align="right">Username:</td>
<td align="right">Username* :</td>
<td><input id="username" name="username" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['username']) ? $_REQUEST['username'] : "")).'"></td>
</tr>
<tr>
<td align="right">Passwort:</td>
<td align="right">Passwort* :</td>
<td><input id="passwort" name="passwort" type="password" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "")).'"></td>
</tr>
<tr>
@@ -178,15 +206,15 @@ if(!check_lektor($getuid))
<form action="'.$_SERVER["PHP_SELF"].'?method=SearchMitarbeiter" method="post">
<table border="0" cellpadding="5" cellspacing="0" bgcolor="#E0E0E0">
<tr>
<td align="right">Username:</td>
<td align="right">Username* :</td>
<td><input id="username" name="username" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['username']) ? $_REQUEST['username'] : "")).'"></td>
</tr>
<tr>
<td align="right">Passwort:</td>
<td align="right">Passwort* :</td>
<td><input id="passwort" name="passwort" type="password" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "")).'"></td>
</tr>
<tr>
<td align="right">Suchfilter:</td>
<td align="right">Suchfilter* :</td>
<td><input id="filter" name="filter" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['filter']) ? $_REQUEST['filter'] : "")).'"></td>
</tr>
<tr>
+60 -31
View File
@@ -1,12 +1,35 @@
<?php
/* Copyright (C) 2012 FH Technikum-Wien
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
*
* Authors: Andreas Oesterreicher <andreas.oesterreicher@technikum-wien.at> and
*/
/**
* Test Client fuer Ort Webservice
*/
require_once('../config/vilesci.config.inc.php');
require_once('../include/functions.inc.php');
require_once('../include/basis_db.class.php');
$method = (isset($_GET['method'])?$_GET['method']:'getOrtFromKurzbz');
$getuid = get_uid();
if(!check_lektor($getuid))
die('Sie haben keine Berechtigung für diese Seite');
$db = new basis_db();
?>
<html>
<head>
@@ -17,11 +40,17 @@ if(!check_lektor($getuid))
<title>SOAP TestClient für Orte</title>
</head>
<body>
<a href ="<?php echo $_SERVER['PHP_SELF'].'?method=getOrtFromKurzbz'?>">getOrtFromKurzbz</a><br>
<a href ="<?php echo $_SERVER['PHP_SELF'].'?method=getRaeume'?>">getRaeume</a><br>
<a href ="<?php echo $_SERVER['PHP_SELF'].'?method=searchRaum'?>">searchRaum</a><br>
<a href ="<?php echo APP_ROOT.'soap/ort.wsdl.php'?>">Show WSDL </a><br><br>
<h1>Ort/Raum WebService</h1>
Webservice für die Abfrage der Rauminformationen
<h2>Funktionen</h2>
<ul>
<li><a href ="<?php echo $_SERVER['PHP_SELF'].'?method=getOrtFromKurzbz'?>">getOrtFromKurzbz</a> - Laedt Rauminformation anhandd der Kurzbezeichnung</li>
<li><a href ="<?php echo $_SERVER['PHP_SELF'].'?method=getRaeume'?>">getRaeume</a> - Liefert alle Räume (optional nach Raumtyp gefiltert)</li>
<li><a href ="<?php echo $_SERVER['PHP_SELF'].'?method=searchRaum'?>">searchRaum</a> - Sucht einen freien Raum</li>
</ul>
<a href ="<?php echo APP_ROOT.'soap/ort.wsdl.php'?>">Show WSDL </a></li>
<br>
<h2>Testformular</h2>
<?php
if($method=='getOrtFromKurzbz')
{
@@ -29,16 +58,16 @@ if(!check_lektor($getuid))
<form action="'.$_SERVER["PHP_SELF"].'?method=getOrtFromKurzbz" method="post">
<table border="0" cellpadding="5" cellspacing="0" bgcolor="#E0E0E0">
<tr>
<td align="right">Username:</td>
<td><input id="username" name="username" type="text" size="30" maxlength="255" value="'.(isset($_REQUEST['username']) ? $_REQUEST['username'] : "").'"></td>
<td align="right">Username* :</td>
<td><input id="username" name="username" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['username']) ? $_REQUEST['username'] : "")).'"></td>
</tr>
<tr>
<td align="right">Passwort:</td>
<td><input id="passwort" name="passwort" type="password" size="30" maxlength="255" value="'.(isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "").'"></td>
<td align="right">Passwort* :</td>
<td><input id="passwort" name="passwort" type="password" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "")).'"></td>
</tr>
<tr>
<td align="right">Ort_Kurzbz:</td>
<td><input id="ort_kurzbz" name="ort_kurzbz" type="text" size="30" maxlength="10" value="'.(isset($_REQUEST['ort_kurzbz']) ? $_REQUEST['ort_kurzbz'] : "").'"></td>
<td align="right">Ort_Kurzbz* :</td>
<td><input id="ort_kurzbz" name="ort_kurzbz" type="text" size="30" maxlength="10" value="'.$db->convert_html_chars((isset($_REQUEST['ort_kurzbz']) ? $_REQUEST['ort_kurzbz'] : "")).'"></td>
</tr>
<tr>
<td align="right"></td>
@@ -110,16 +139,16 @@ if(!check_lektor($getuid))
<form action="'.$_SERVER["PHP_SELF"].'?method=getRaeume" method="post">
<table border="0" cellpadding="5" cellspacing="0" bgcolor="#E0E0E0">
<tr>
<td align="right">Username:</td>
<td><input id="username" name="username" type="text" size="30" maxlength="255" value="'.(isset($_REQUEST['username']) ? $_REQUEST['username'] : "").'"></td>
<td align="right">Username* :</td>
<td><input id="username" name="username" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['username']) ? $_REQUEST['username'] : "")).'"></td>
</tr>
<tr>
<td align="right">Passwort:</td>
<td><input id="passwort" name="passwort" type="password" size="30" maxlength="255" value="'.(isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "").'"></td>
<td align="right">Passwort* :</td>
<td><input id="passwort" name="passwort" type="password" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "")).'"></td>
</tr>
<tr>
<td align="right">Raumtyp:</td>
<td><input id="raumtyp_kurzbz" name="raumtyp_kurzbz" type="text" size="30" maxlength="255" value="'.(isset($_REQUEST['raumtyp_kurzbz']) ? $_REQUEST['raumtyp_kurzbz'] : "").'"></td>
<td><input id="raumtyp_kurzbz" name="raumtyp_kurzbz" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['raumtyp_kurzbz']) ? $_REQUEST['raumtyp_kurzbz'] : "")).'"></td>
</tr>
<tr>
<td align="right"></td>
@@ -188,36 +217,36 @@ if(!check_lektor($getuid))
<form action="'.$_SERVER["PHP_SELF"].'?method=searchRaum" method="post">
<table border="0" cellpadding="5" cellspacing="0" bgcolor="#E0E0E0">
<tr>
<td align="right">Datum:</td>
<td><input id="datum" name="datum" type="text" size="30" maxlength="255" value="'.(isset($_REQUEST['datum']) ? $_REQUEST['datum'] : "").'"></td>
<td align="right">Datum*:</td>
<td><input id="datum" name="datum" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['datum']) ? $_REQUEST['datum'] : "")).'"></td>
</tr>
<tr>
<td align="right">Zeit-Von:</td>
<td><input id="zeit_von" name="zeit_von" type="text" size="30" maxlength="255" value="'.(isset($_REQUEST['zeit_von']) ? $_REQUEST['zeit_von'] : "").'"></td>
<td align="right">Zeit-Von*:</td>
<td><input id="zeit_von" name="zeit_von" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['zeit_von']) ? $_REQUEST['zeit_von'] : "")).'"></td>
</tr>
<tr>
<td align="right">Zeit-Bis:</td>
<td><input id="zeit_bis" name="zeit_bis" type="text" size="30" maxlength="255" value="'.(isset($_REQUEST['zeit_bis']) ? $_REQUEST['zeit_bis'] : "").'"></td>
<td align="right">Zeit-Bis*:</td>
<td><input id="zeit_bis" name="zeit_bis" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['zeit_bis']) ? $_REQUEST['zeit_bis'] : "")).'"></td>
</tr>
<tr>
<td align="right">Raumtyp:</td>
<td><input id="raumtyp" name="raumtyp" type="text" size="30" maxlength="255" value="'.(isset($_REQUEST['raumtyp']) ? $_REQUEST['raumtyp'] : "").'"></td>
<td><input id="raumtyp" name="raumtyp" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['raumtyp']) ? $_REQUEST['raumtyp'] : "")).'"></td>
</tr>
<tr>
<td align="right">Anzahl Personen</td>
<td><input id="anzahl_personen" name="anzahl_personen" type="text" size="30" maxlength="255" value="'.(isset($_REQUEST['anzahl_personen']) ? $_REQUEST['anzahl_personen'] : "").'"></td>
<td align="right">Anzahl Personen:</td>
<td><input id="anzahl_personen" name="anzahl_personen" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['anzahl_personen']) ? $_REQUEST['anzahl_personen'] : "")).'"></td>
</tr>
<tr>
<td align="right">Reservierung</td>
<td><input id="reservierung" name="reservierung" type="checkbox" size="30" maxlength="255" '.(isset($_REQUEST['reservierung']) ? 'checked' : "").'></td>
<td align="right">Reservierung*:</td>
<td><input id="reservierung" name="reservierung" type="checkbox" size="30" maxlength="255" '.$db->convert_html_chars((isset($_REQUEST['reservierung']) ? 'checked' : "")).'></td>
</tr>
<tr>
<td align="right">Username:</td>
<td><input id="username" name="username" type="text" size="30" maxlength="255" value="'.(isset($_REQUEST['username']) ? $_REQUEST['username'] : "").'"></td>
<td align="right">Username* :</td>
<td><input id="username" name="username" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['username']) ? $_REQUEST['username'] : "")).'"></td>
</tr>
<tr>
<td align="right">Passwort:</td>
<td><input id="passwort" name="passwort" type="password" size="30" maxlength="255" value="'.(isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "").'"></td>
<td align="right">Passwort* :</td>
<td><input id="passwort" name="passwort" type="password" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "")).'"></td>
</tr>
<tr>
<td align="right"></td>
+33 -21
View File
@@ -1,5 +1,4 @@
<?php
/* Copyright (C) 2012 Technikum-Wien
*
* This program is free software; you can redistribute it and/or modify
@@ -18,29 +17,40 @@
*
* Authors: Karl Burkhart <burkhart@technikum-wien.at>.
*/
/**
* Test Client für Studierenden Webservice
*/
require_once('../config/vilesci.config.inc.php');
require_once('../include/functions.inc.php');
require_once('../include/basis_db.class.php');
$method = (isset($_GET['method'])?$_GET['method']:'uid');
$getuid = get_uid();
if(!check_lektor($getuid))
die('Sie haben keine Berechtigung für diese Seite');
$db = new basis_db();
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<script type="text/javascript" src="../include/js/jqSOAPClient.js"></script>
<script type="text/javascript" src="../include/js/jquery.js"></script>
<script type="text/javascript" src="../include/js/jquery.js"></script>
<script type="text/javascript" src="../include/js/jqXMLUtils.js"></script>
<script type="text/javascript" src="../include/js/jqSOAPClient.js"></script>
<title>SOAP TestClient für Studenten</title>
</head>
<body>
<a href ="<?php echo $_SERVER['PHP_SELF'].'?method=uid'?>">GetLehrveranstaltungFromUid</a><br>
<a href ="<?php echo $_SERVER['PHP_SELF'].'?method=matrikelnummer'?>">GetLehrveranstaltungFromMatrikelnummer</a><br>
<a href ="<?php echo $_SERVER['PHP_SELF'].'?method=studiengang'?>">GetLehrveranstaltungFromStudiengang</a><br><br>
<a href ="<?php echo APP_ROOT.'soap/student.wsdl.php'?>">Show WSDL </a><br><br>
<h1>Studierenden Webservice</h1>
Liefert Informationen ueber Studierende
<h2>Funktionen</h2>
<ul>
<li><a href ="<?php echo $_SERVER['PHP_SELF'].'?method=uid'?>">getStudentFromUid</a> - Liefert einen Studierenden anhand der UID</li>
<li><a href ="<?php echo $_SERVER['PHP_SELF'].'?method=matrikelnummer'?>">getStudentFromMatrikelnummer</a> - Liefert einen Studierenden anhand der Matrikelnummer</li>
<li><a href ="<?php echo $_SERVER['PHP_SELF'].'?method=studiengang'?>">getStudentFromStudiengang</a> - Liefert alle Studierende eines Studienganges / Semesters / Verbandes</li>
</ul>
<a href ="<?php echo APP_ROOT.'soap/student.wsdl.php'?>">Show WSDL </a>
<br>
<h2>Testformular</h2>
<?php
if($method =='uid')
@@ -50,15 +60,15 @@ if(!check_lektor($getuid))
<table border="0" cellpadding="5" cellspacing="0" bgcolor="#E0E0E0">
<tr>
<td align="right">Name* :</td>
<td><input name="username" type="text" size="30" maxlength="255" value="'.(isset($_REQUEST['username']) ? $_REQUEST['username'] : "").'"></td>
<td><input name="username" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['username']) ? $_REQUEST['username'] : "")).'"></td>
</tr>
<tr>
<td align="right">Passwort* :</td>
<td><input name="passwort" type="password" size="30" maxlength="255" value="'.(isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "").'"></td>
<td><input name="passwort" type="password" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "")).'"></td>
</tr>
<tr>
<td align="right">Student_uid* :</td>
<td><input name="student_uid" type="text" size="30" maxlength="10" value="'.(isset($_REQUEST['student_uid']) ? $_REQUEST['student_uid'] : "").'"></td>
<td><input name="student_uid" type="text" size="30" maxlength="10" value="'.$db->convert_html_chars((isset($_REQUEST['student_uid']) ? $_REQUEST['student_uid'] : "")).'"></td>
</tr>
<tr>
<td align="right"></td>
@@ -123,15 +133,15 @@ if(!check_lektor($getuid))
<table border="0" cellpadding="5" cellspacing="0" bgcolor="#E0E0E0">
<tr>
<td align="right">Name* :</td>
<td><input name="username" type="text" size="30" maxlength="255" value="'.(isset($_REQUEST['username']) ? $_REQUEST['username'] : "").'"></td>
<td><input name="username" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['username']) ? $_REQUEST['username'] : "")).'"></td>
</tr>
<tr>
<td align="right">Passwort* :</td>
<td><input name="passwort" type="password" size="30" maxlength="255" value="'.(isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "").'"></td>
<td><input name="passwort" type="password" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "")).'"></td>
</tr>
<tr>
<td align="right">Matrikelnummer* :</td>
<td><input name="matrikelnummer" type="text" size="30" maxlength="10" value="'.(isset($_REQUEST['matrikelnummer']) ? $_REQUEST['matrikelnummer'] : "").'"></td>
<td><input name="matrikelnummer" type="text" size="30" maxlength="10" value="'.$db->convert_html_chars((isset($_REQUEST['matrikelnummer']) ? $_REQUEST['matrikelnummer'] : "")).'"></td>
</tr>
<tr>
<td align="right"></td>
@@ -196,27 +206,27 @@ if(!check_lektor($getuid))
<table border="0" cellpadding="5" cellspacing="0" bgcolor="#E0E0E0">
<tr>
<td align="right">Name* :</td>
<td><input name="username" type="text" size="30" maxlength="255" value="'.(isset($_REQUEST['username']) ? $_REQUEST['username'] : "").'"></td>
<td><input name="username" type="text" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['username']) ? $_REQUEST['username'] : "")).'"></td>
</tr>
<tr>
<td align="right">Passwort* :</td>
<td><input name="passwort" type="password" size="30" maxlength="255" value="'.(isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "").'"></td>
<td><input name="passwort" type="password" size="30" maxlength="255" value="'.$db->convert_html_chars((isset($_REQUEST['passwort']) ? $_REQUEST['passwort'] : "")).'"></td>
</tr>
<tr>
<td align="right">Studiengang* :</td>
<td><input name="studiengang" type="text" size="30" maxlength="10" value="'.(isset($_REQUEST['studiengang']) ? $_REQUEST['studiengang'] : "").'"></td>
<td><input name="studiengang" type="text" size="30" maxlength="10" value="'.$db->convert_html_chars((isset($_REQUEST['studiengang']) ? $_REQUEST['studiengang'] : "")).'"></td>
</tr>
<tr>
<td align="right">Ausbildungssemester :</td>
<td><input name="semester" type="text" size="30" maxlength="10" value="'.(isset($_REQUEST['semester']) ? $_REQUEST['semester'] : "").'"></td>
<td><input name="semester" type="text" size="30" maxlength="10" value="'.$db->convert_html_chars((isset($_REQUEST['semester']) ? $_REQUEST['semester'] : "")).'"></td>
</tr>
<tr>
<td align="right">Verband :</td>
<td><input name="verband" type="text" size="30" maxlength="10" value="'.(isset($_REQUEST['verband']) ? $_REQUEST['verband'] : "").'"></td>
<td><input name="verband" type="text" size="30" maxlength="10" value="'.$db->convert_html_chars((isset($_REQUEST['verband']) ? $_REQUEST['verband'] : "")).'"></td>
</tr>
<tr>
<td align="right">Gruppe :</td>
<td><input name="gruppe" type="text" size="30" maxlength="10" value="'.(isset($_REQUEST['gruppe']) ? $_REQUEST['gruppe'] : "").'"></td>
<td><input name="gruppe" type="text" size="30" maxlength="10" value="'.$db->convert_html_chars((isset($_REQUEST['gruppe']) ? $_REQUEST['gruppe'] : "")).'"></td>
</tr>
<tr>
<td align="right"></td>
@@ -336,4 +346,6 @@ if(isset($_REQUEST['submit_studiengang']))
}
class foo{}
?> </body>
?>
</body>
</html>
+34 -11
View File
@@ -1,10 +1,30 @@
<?php
/* Copyright (C) 2012 FH Technikum-Wien
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
*
* Authors: Karl Burkhart <burkhart@technikum-wien.at>.
*/
require_once('../config/vilesci.config.inc.php');
require_once('../include/functions.inc.php');
require_once('../include/basis_db.class.php');
require_once('stip.class.php');
$getuid=get_uid();
if(!check_lektor($getuid))
die('Sie haben keine Berechtigung für diese Seite.');
$db = new basis_db();
?>
<html>
<head>
@@ -14,44 +34,46 @@ if(!check_lektor($getuid))
<title>STIP-Client</title>
</head>
<body>
<h1>Testclient für Webservice Stipendienstelle</h1>
<a href="stip.wsdl.php">Show WSDL</a>
<br><br>
<form action="stip_client.php" method="post">
<table border="0" cellpadding="5" cellspacing="0" bgcolor="#E0E0E0">
<tr>
<td align="right">ErhKz:</td>
<td><input name="ErhKz" type="text" size="30" maxlength="3" value="<?php echo (isset($_REQUEST['ErhKz']) ? $_REQUEST['ErhKz'] : "");?>"></td>
<td><input name="ErhKz" type="text" size="30" maxlength="3" value="<?php echo $db->convert_html_chars((isset($_REQUEST['ErhKz']) ? $_REQUEST['ErhKz'] : ""));?>"></td>
</tr>
<tr>
<td align="right">AnfragedatenID:</td>
<td><input name="AnfragedatenID" type="text" size="30" maxlength="40" value="<?php echo (isset($_REQUEST['AnfragedatenID']) ? $_REQUEST['AnfragedatenID'] : "");?>"></td>
<td><input name="AnfragedatenID" type="text" size="30" maxlength="40" value="<?php echo $db->convert_html_chars((isset($_REQUEST['AnfragedatenID']) ? $_REQUEST['AnfragedatenID'] : ""));?>"></td>
</tr>
<tr>
<td align="right">Semester:</td>
<td><input name="Semester" type="text" size="30" maxlength="2" value="<?php echo (isset($_REQUEST['Semester']) ? $_REQUEST['Semester'] : "");?>"></td>
<td><input name="Semester" type="text" size="30" maxlength="2" value="<?php echo $db->convert_html_chars((isset($_REQUEST['Semester']) ? $_REQUEST['Semester'] : ""));?>"></td>
</tr>
<tr>
<td align="right">Studienjahr:</td>
<td><input name="Studienjahr" type="text" size="30" maxlength="7" value="<?php echo (isset($_REQUEST['Studienjahr']) ? $_REQUEST['Studienjahr'] : "");?>"></td>
<td><input name="Studienjahr" type="text" size="30" maxlength="7" value="<?php echo $db->convert_html_chars((isset($_REQUEST['Studienjahr']) ? $_REQUEST['Studienjahr'] : ""));?>"></td>
</tr>
<tr>
<td align="right">PersKz:</td>
<td><input name="PersKz" type="text" size="30" maxlength="11" value="<?php echo (isset($_REQUEST['PersKz']) ? $_REQUEST['PersKz'] : "");?>"></td>
<td><input name="PersKz" type="text" size="30" maxlength="11" value="<?php echo $db->convert_html_chars((isset($_REQUEST['PersKz']) ? $_REQUEST['PersKz'] : ""));?>"></td>
</tr>
<tr>
<td align="right">SVNR:</td>
<td><input name="Svnr" type="text" size="30" maxlength="10" value="<?php echo (isset($_REQUEST['Svnr']) ? $_REQUEST['Svnr'] : "");?>"></td>
<td><input name="Svnr" type="text" size="30" maxlength="10" value="<?php echo $db->convert_html_chars((isset($_REQUEST['Svnr']) ? $_REQUEST['Svnr'] : ""));?>"></td>
</tr>
<tr>
<td align="right">Familienname:</td>
<td><input name="Familienname" type="text" size="30" maxlength="255" value="<?php echo (isset($_REQUEST['Familienname']) ? $_REQUEST['Familienname'] : "");?>"></td>
<td><input name="Familienname" type="text" size="30" maxlength="255" value="<?php echo $db->convert_html_chars((isset($_REQUEST['Familienname']) ? $_REQUEST['Familienname'] : ""));?>"></td>
</tr>
<tr>
<td align="right">Vorname:</td>
<td><input name="Vorname" type="text" size="30" maxlength="255" value="<?php echo (isset($_REQUEST['Vorname']) ? $_REQUEST['Vorname'] : "");?>"></td>
<td><input name="Vorname" type="text" size="30" maxlength="255" value="<?php echo $db->convert_html_chars((isset($_REQUEST['Vorname']) ? $_REQUEST['Vorname'] : ""));?>"></td>
</tr>
<tr>
<td align="right">Typ:</td>
<td><input name="Typ" type="text" size="30" maxlength="2" value="<?php echo (isset($_REQUEST['Typ']) ? $_REQUEST['Typ'] : "");?>"></td>
<td><input name="Typ" type="text" size="30" maxlength="2" value="<?php echo $db->convert_html_chars((isset($_REQUEST['Typ']) ? $_REQUEST['Typ'] : ""));?>"></td>
</tr>
<tr>
<td align="right"></td>
@@ -68,7 +90,6 @@ if(!check_lektor($getuid))
if(isset($_REQUEST['submit']))
{
//$client = new SoapClient("https://cis.technikum-wien.at/soap/stip.wsdl.php?".microtime());
$client = new SoapClient(APP_ROOT."/soap/stip.wsdl.php?".microtime());
$username = "test";
@@ -199,3 +220,5 @@ catch(e)
}
</script>
</body>
</html>
+4 -3
View File
@@ -51,10 +51,11 @@ if(!check_lektor($uid))
</script>
</head>
<body>
<h1>Testclient für Webservices</h1>
<form action="test_client.php" method="post">
<input type="submit" value="Test PHP" name="submit">
<input type="button" onclick="sendSoap();" value="Test JS">
<input type="submit" value="Test PHP" name="submit">
<input type="button" onclick="sendSoap();" value="Test JS">
</form>
<?php