From 98a9c680c5661b8ee2243abee1fae6665c05601b Mon Sep 17 00:00:00 2001
From: Eric <eric.espie@combodo.com>
Date: Tue, 18 Feb 2020 17:02:13 +0100
Subject: [PATCH] :bug: Updated rest example

---
 webservices/itoprest.examples.php | 181 +++++++++++++++++++++---------
 1 file changed, 128 insertions(+), 53 deletions(-)

diff --git a/webservices/itoprest.examples.php b/webservices/itoprest.examples.php
index d2d9dc8210..64a8315ab3 100644
--- a/webservices/itoprest.examples.php
+++ b/webservices/itoprest.examples.php
@@ -26,58 +26,129 @@
 
 /**
  * Helper to execute an HTTP POST request
- * Source: http://netevil.org/blog/2006/nov/http-post-from-php-without-curl
- *         originaly named after do_post_request
- */ 
-function DoPostRequest($sUrl, $aData, $sOptionnalHeaders = null)
+ *
+ * @param $sUrl
+ * @param $aData
+ * @param null $sOptionnalHeaders
+ * @param null $aResponseHeaders
+ * @param array $aCurlOptions
+ *
+ * @return bool|false|string
+ * @throws \Exception
+ */
+function DoPostRequest($sUrl, $aData, $sOptionnalHeaders = null, &$aResponseHeaders = null, $aCurlOptions = array())
 {
 	// $sOptionnalHeaders is a string containing additional HTTP headers that you would like to send in your request.
 
-	$sData = http_build_query($aData);
-
-	$aParams = array('http' => array(
-							'method' => 'POST',
-							'content' => $sData,
-							'header'=> "Content-type: application/x-www-form-urlencoded\r\nContent-Length: ".strlen($sData)."\r\n",
-							));
-	if ($sOptionnalHeaders !== null)
+	if (function_exists('curl_init'))
 	{
-		$aParams['http']['header'] .= $sOptionnalHeaders;
-	}
-	$ctx = stream_context_create($aParams);
-
-	$fp = @fopen($sUrl, 'rb', false, $ctx);
-	if (!$fp)
-	{
-		global $php_errormsg;
-		if (isset($php_errormsg))
+		// If cURL is available, let's use it, since it provides a greater control over the various HTTP/SSL options
+		// For instance fopen does not allow to work around the bug: http://stackoverflow.com/questions/18191672/php-curl-ssl-routinesssl23-get-server-helloreason1112
+		// by setting the SSLVERSION to 3 as done below.
+		$aHTTPHeaders = array();
+		if ($sOptionnalHeaders !== null)
 		{
-			throw new Exception("Problem with $sUrl, $php_errormsg");
+			$aHeaders = explode("\n", $sOptionnalHeaders);
+			foreach($aHeaders as $sHeaderString)
+			{
+				if(preg_match('/^([^:]): (.+)$/', $sHeaderString, $aMatches))
+				{
+					$aHTTPHeaders[$aMatches[1]] = $aMatches[2];
+				}
+			}
 		}
-		else
+		// Default options, can be overloaded/extended with the 4th parameter of this method, see above $aCurlOptions
+		$aOptions = array(
+			CURLOPT_RETURNTRANSFER	=> true,     // return the content of the request
+			CURLOPT_HEADER			=> false,    // don't return the headers in the output
+			CURLOPT_FOLLOWLOCATION	=> true,     // follow redirects
+			CURLOPT_ENCODING		=> "",       // handle all encodings
+			CURLOPT_USERAGENT		=> "spider", // who am i
+			CURLOPT_AUTOREFERER		=> true,     // set referer on redirect
+			CURLOPT_CONNECTTIMEOUT	=> 120,      // timeout on connect
+			CURLOPT_TIMEOUT			=> 120,      // timeout on response
+			CURLOPT_MAXREDIRS		=> 10,       // stop after 10 redirects
+			CURLOPT_SSL_VERIFYHOST	=> 0,   	 // Disabled SSL Cert checks
+			CURLOPT_SSL_VERIFYPEER	=> 0,   	 // Disabled SSL Cert checks
+			// SSLV3 (CURL_SSLVERSION_SSLv3 = 3) is now considered as obsolete/dangerous: http://disablessl3.com/#why
+			// but it used to be a MUST to prevent a strange SSL error: http://stackoverflow.com/questions/18191672/php-curl-ssl-routinesssl23-get-server-helloreason1112
+			// CURLOPT_SSLVERSION		=> 3,
+			CURLOPT_POST			=> count($aData),
+			CURLOPT_POSTFIELDS		=> http_build_query($aData),
+			CURLOPT_HTTPHEADER		=> $aHTTPHeaders,
+		);
+		$aAllOptions = $aCurlOptions + $aOptions;
+		$ch = curl_init($sUrl);
+		curl_setopt_array($ch, $aAllOptions);
+		$response = curl_exec($ch);
+		$iErr = curl_errno($ch);
+		$sErrMsg = curl_error( $ch );
+		if ($iErr !== 0)
 		{
-			throw new Exception("Problem with $sUrl");
+			throw new Exception("Problem opening URL: $sUrl, $sErrMsg");
+		}
+		if (is_array($aResponseHeaders))
+		{
+			$aHeaders = curl_getinfo($ch);
+			foreach($aHeaders as $sCode => $sValue)
+			{
+				$sName = str_replace(' ' , '-', ucwords(str_replace('_', ' ', $sCode))); // Transform "content_type" into "Content-Type"
+				$aResponseHeaders[$sName] = $sValue;
+			}
+		}
+		curl_close( $ch );
+	}
+	else
+	{
+		// cURL is not available let's try with streams and fopen...
+
+		$sData = http_build_query($aData);
+		$aParams = array('http' => array(
+			'method' => 'POST',
+			'content' => $sData,
+			'header'=> "Content-type: application/x-www-form-urlencoded\r\nContent-Length: ".strlen($sData)."\r\n",
+		));
+		if ($sOptionnalHeaders !== null)
+		{
+			$aParams['http']['header'] .= $sOptionnalHeaders;
+		}
+		$ctx = stream_context_create($aParams);
+
+		$fp = @fopen($sUrl, 'rb', false, $ctx);
+		if (!$fp)
+		{
+			global $php_errormsg;
+			if (isset($php_errormsg))
+			{
+				throw new Exception("Wrong URL: $sUrl, $php_errormsg");
+			}
+			elseif ((strtolower(substr($sUrl, 0, 5)) == 'https') && !extension_loaded('openssl'))
+			{
+				throw new Exception("Cannot connect to $sUrl: missing module 'openssl'");
+			}
+			else
+			{
+				throw new Exception("Wrong URL: $sUrl");
+			}
+		}
+		$response = @stream_get_contents($fp);
+		if ($response === false)
+		{
+			throw new Exception("Problem reading data from $sUrl, $php_errormsg");
+		}
+		if (is_array($aResponseHeaders))
+		{
+			$aMeta = stream_get_meta_data($fp);
+			$aHeaders = $aMeta['wrapper_data'];
+			foreach($aHeaders as $sHeaderString)
+			{
+				if(preg_match('/^([^:]+): (.+)$/', $sHeaderString, $aMatches))
+				{
+					$aResponseHeaders[$aMatches[1]] = trim($aMatches[2]);
+				}
+			}
 		}
 	}
-	$response = @stream_get_contents($fp);
-	if ($response === false)
-	{
-		throw new Exception("Problem reading data from $sUrl, $php_errormsg");
-	}
-	return $response;
-}
-
-// If the library curl is installed.... use this function
-//
-function DoPostRequest_curl($sUrl, $aData)
-{
-	$curl = curl_init($sUrl);
-	curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
-	curl_setopt($curl, CURLOPT_POST, true);
-	curl_setopt($curl, CURLOPT_POSTFIELDS, $aData);
-	$response = curl_exec($curl);
-	curl_close($curl);
-
 	return $response;
 }
 
@@ -265,7 +336,7 @@ $aXXXOperations = array(
 		'password' => 'admin',
 	),
 );
-$aOperations = array(
+$aDeleteOperations = array(
 	array(
 		'operation' => 'core/delete', // operation code
 		'comment' => 'Cleanup for synchro with...', // comment recorded in the change tracking log
@@ -282,14 +353,12 @@ if (false)
 }
 else
 {
-	$sUrl = "http://localhost/trunk/webservices/rest.php?version=1.1";
+	$sUrl = "https://localhost/itop/webservices/rest.php?version=1.3";
 }
 
 $aData = array();
-$aData['auth_user'] = 'no-export';
-$aData['auth_pwd'] = 'no-export';
-//$aData['auth_user'] = 'admin';
-//$aData['auth_pwd'] = 'admin';
+$aData['auth_user'] = 'rest';
+$aData['auth_pwd'] = 'rest';
 
 
 foreach ($aOperations as $iOp => $aOperation)
@@ -301,9 +370,16 @@ foreach ($aOperations as $iOp => $aOperation)
 	echo "--------------------------------------\n";
 	echo "Input:\n";
 	print_r($aOperation);
-
-	$response = DoPostRequest($sUrl, $aData);
-	$aResults = json_decode($response);
+	$aResults = null;
+	try
+	{
+		$response = DoPostRequest($sUrl, $aData);
+		$aResults = json_decode($response);
+	}
+	catch (Exception $e)
+	{
+		$response = $e->getMessage();
+	}
 	if ($aResults)
 	{
 		echo "--------------------------------------\n";
@@ -317,4 +393,3 @@ foreach ($aOperations as $iOp => $aOperation)
 	}
 }
 
-?>