egroupware_official/xmlrpc.php

<?php
	/**************************************************************************\
	* eGroupWare xmlrpc server                                                 *
	* http://www.egroupware.org                                                *
	* This file written by Miles Lott <milos@groupwhere.org>                   *
	* --------------------------------------------                             *
	*  This program is free software; you can redistribute it and/or modify it *
	*  under the terms of the GNU General Public License as published by the   *
	*  Free Software Foundation; either version 2 of the License, or (at your  *
	*  option) any later version.                                              *
	\**************************************************************************/

	/* $Id$ */
	/* $Source$ */
	/*list($usec, $sec) = explode(" ", microtime());
	$GLOBALS['concisus']['script_start'] = ((float)$usec + (float)$sec);*/

	$GLOBALS['egw_info'] = array(
		'flags' => array(
			'currentapp'            => 'login',
			'noheader'              => True,
			'disable_Template_class' => True
		)
	);
	include('./header.inc.php');

	include_once(EGW_API_INC . '/xml_functions.inc.php');
	include_once(EGW_API_INC . '/soap_functions.inc.php');	// not sure that's neccessary, but I have no way to test

	//viniciuscb: a secure way to know if we're in a xmlrpc call...
	$GLOBALS['egw_info']['server']['xmlrpc'] = true;

	$server = CreateObject('phpgwapi.xmlrpc_server');

	/* uncomment here if you want to show all of the testing functions for compatibility */
	//include(EGW_API_INC . '/xmlrpc.interop.php');

	if (!$GLOBALS['egw_info']['server']['xmlrpc_enabled'])
	{
		$server->xmlrpc_error(9999,'xmlrpc service is not enabled in the eGroupWare system configuration');
		exit;
	}

	/* Note: this command only available natively in Apache (Netscape/iPlanet/SunONE in php >= 4.3.3) */
	if(!function_exists('getallheaders'))
	{
		function getallheaders()
		{
			settype($headers,'array');
			foreach($_SERVER as $h => $v)
			{
				if(preg_match('/HTTP_(.+)/',$h,$hp))
				{
					$headers[$hp[1]] = $v;
				}
			}
			return $headers;
		}
	}
	$headers = getallheaders();

	//print_r($headers);
	$isodate = $headers['isoDate'] ? $headers['isoDate'] : $headers['isodate'];
	$isodate = ($isodate == 'simple') ? True : False;
	$server->setSimpleDate($isodate);
	$auth_header = $headers['Authorization'] ? $headers['Authorization'] : $headers['authorization'];

	if(preg_match('/Basic *([^ ]*)/i',$auth_header,$auth))
	{
		list($sessionid,$kp3) = explode(':',base64_decode($auth[1]));
		//echo "auth='$auth[1]', sessionid='$sessionid', kp3='$kp3'\n";
	}
	else
	{
		$sessionid = get_var('sessionid',array('COOKIE','GET'));
		$kp3 = get_var('kp3',array('COOKIE','GET'));
	}
	$server->authed = $GLOBALS['egw']->session->verify($sessionid,$kp3);

	if (!$server->authed and isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW']))
	{
		$authed = $GLOBALS['egw']->session->create($login.'@'.$domain, $_SERVER['PHP_AUTH_PW'], 'text');

		if ($authed)
		{
			$server->authed = true;
		}
	}

	$server->service($_SERVER['HTTP_RAW_POST_DATA']);
Update header to include xml/soap functions... this needs to be ironed out 2001-08-08 01:04:49 +02:00			`<?php`
make the phpgw Version-0_9_16-branch HEAD 2003-08-28 16:16:30 +02:00			`/**************************************************************************\`
Update banner 2003-10-21 02:06:44 +02:00			`* eGroupWare xmlrpc server *`
ereg_replaced 2004-01-01 16:38:15 +01:00			`* http://www.egroupware.org *`
Update banner 2003-10-21 02:06:44 +02:00			`* This file written by Miles Lott <milos@groupwhere.org> *`
make the phpgw Version-0_9_16-branch HEAD 2003-08-28 16:16:30 +02:00			`* -------------------------------------------- *`
			`* This program is free software; you can redistribute it and/or modify it *`
			`* under the terms of the GNU General Public License as published by the *`
			`* Free Software Foundation; either version 2 of the License, or (at your *`
			`* option) any later version. *`
			`\**************************************************************************/`

			`/* $Id$ */`
			`/* $Source$ */`
XMLRPC: included support for on-browser xmlrpc authentication About Screen: support for image and url in description 2005-06-18 22:29:17 +02:00			`/*list($usec, $sec) = explode(" ", microtime());`
			`$GLOBALS['concisus']['script_start'] = ((float)$usec + (float)$sec);*/`
make the phpgw Version-0_9_16-branch HEAD 2003-08-28 16:16:30 +02:00
always initialising $GLOBALS['egw_info'] 2006-10-03 17:18:03 +02:00			`$GLOBALS['egw_info'] = array(`
			`'flags' => array(`
			`'currentapp' => 'login',`
			`'noheader' => True,`
			`'disable_Template_class' => True`
			`)`
Update header to include xml/soap functions... this needs to be ironed out 2001-08-08 01:04:49 +02:00			`);`
New header.inc.php template - I dont force the update (updating version in phpgwapi/setup/setup.inc.php), as the old one still works through diverse defaults and I want to wait for the rewrite of a db-based session handler and making mcrpyt available for sessions again (currently not used) - required includes for xmlrpc and soap are moved to the callbacks of this services, as they are NOT required by the rest of eGroupware 2008-08-21 08:21:32 +02:00			`include('./header.inc.php');`

			`include_once(EGW_API_INC . '/xml_functions.inc.php');`
			`include_once(EGW_API_INC . '/soap_functions.inc.php'); // not sure that's neccessary, but I have no way to test`
Update header to include xml/soap functions... this needs to be ironed out 2001-08-08 01:04:49 +02:00
XMLRPC: included support for on-browser xmlrpc authentication About Screen: support for image and url in description 2005-06-18 22:29:17 +02:00			`//viniciuscb: a secure way to know if we're in a xmlrpc call...`
Formatting cleanup; Removed stray whitespace, especially from the end of some files; Convert api arrays to egw/egw_info 2005-07-08 07:00:14 +02:00			`$GLOBALS['egw_info']['server']['xmlrpc'] = true;`
XMLRPC: included support for on-browser xmlrpc authentication About Screen: support for image and url in description 2005-06-18 22:29:17 +02:00
Restored old, working xmlrpc.php which uses the api classes; Moved more recent version to .old for now 2003-10-21 02:04:56 +02:00			`$server = CreateObject('phpgwapi.xmlrpc_server');`
Formatting cleanup; Removed stray whitespace, especially from the end of some files; Convert api arrays to egw/egw_info 2005-07-08 07:00:14 +02:00
Restored old, working xmlrpc.php which uses the api classes; Moved more recent version to .old for now 2003-10-21 02:04:56 +02:00			`/* uncomment here if you want to show all of the testing functions for compatibility */`
Formatting cleanup; Removed stray whitespace, especially from the end of some files; Convert api arrays to egw/egw_info 2005-07-08 07:00:14 +02:00			`//include(EGW_API_INC . '/xmlrpc.interop.php');`
Add getallheaders() function if not natively available 2005-09-19 05:37:07 +02:00
added configuration switch for xmlrpc and soap services (default off) 2005-09-10 12:39:36 +02:00			`if (!$GLOBALS['egw_info']['server']['xmlrpc_enabled'])`
			`{`
			`$server->xmlrpc_error(9999,'xmlrpc service is not enabled in the eGroupWare system configuration');`
			`exit;`
			`}`
Restored old, working xmlrpc.php which uses the api classes; Moved more recent version to .old for now 2003-10-21 02:04:56 +02:00
Add getallheaders() function if not natively available 2005-09-19 05:37:07 +02:00			`/* Note: this command only available natively in Apache (Netscape/iPlanet/SunONE in php >= 4.3.3) */`
			`if(!function_exists('getallheaders'))`
			`{`
			`function getallheaders()`
			`{`
			`settype($headers,'array');`
			`foreach($_SERVER as $h => $v)`
			`{`
patch fixing many depricated functions (eg. posix regular expressions) and features, which fill up the error_log under php5.3 (and will no longer be available under php6). Patch is mostly created by script in egroupware/doc/fix_depricated.php in separate commit. I do NOT advice to apply this patch to a production system (it's commited to trunk!), as the automatic modified regular expressions have a good change to break something ... 2009-06-08 18:21:14 +02:00			`if(preg_match('/HTTP_(.+)/',$h,$hp))`
Add getallheaders() function if not natively available 2005-09-19 05:37:07 +02:00			`{`
			`$headers[$hp[1]] = $v;`
			`}`
			`}`
			`return $headers;`
			`}`
			`}`
make the phpgw Version-0_9_16-branch HEAD 2003-08-28 16:16:30 +02:00			`$headers = getallheaders();`
Add getallheaders() function if not natively available 2005-09-19 05:37:07 +02:00
make the name of the Authorization header and the Basic in it case-insensitive 2004-03-12 18:58:55 +01:00			`//print_r($headers);`
another shot at datetime.iso8601: - accept both simple and extended format from input - output simple format, if the client sends a HTTP-header "isoDate: simple". This should maybe extended by another possibility, where the information is stored in the session on login. Then there is a good way for all clients, regardless of the use of any combination of Auth-headers, login/cookies and webservers. 2005-06-30 21:01:19 +02:00			`$isodate = $headers['isoDate'] ? $headers['isoDate'] : $headers['isodate'];`
			`$isodate = ($isodate == 'simple') ? True : False;`
			`$server->setSimpleDate($isodate);`
make the name of the Authorization header and the Basic in it case-insensitive 2004-03-12 18:58:55 +01:00			`$auth_header = $headers['Authorization'] ? $headers['Authorization'] : $headers['authorization'];`

patch fixing many depricated functions (eg. posix regular expressions) and features, which fill up the error_log under php5.3 (and will no longer be available under php6). Patch is mostly created by script in egroupware/doc/fix_depricated.php in separate commit. I do NOT advice to apply this patch to a production system (it's commited to trunk!), as the automatic modified regular expressions have a good change to break something ... 2009-06-08 18:21:14 +02:00			`if(preg_match('/Basic ([^ ])/i',$auth_header,$auth))`
Trying a new way of handling login and subsequent verification 2001-08-20 01:55:58 +02:00			`{`
make the name of the Authorization header and the Basic in it case-insensitive 2004-03-12 18:58:55 +01:00			`list($sessionid,$kp3) = explode(':',base64_decode($auth[1]));`
			`//echo "auth='$auth[1]', sessionid='$sessionid', kp3='$kp3'\n";`
make the phpgw Version-0_9_16-branch HEAD 2003-08-28 16:16:30 +02:00			`}`
added use of cookie or url to pass session id 2004-03-13 18:54:26 +01:00			`else`
			`{`
			`$sessionid = get_var('sessionid',array('COOKIE','GET'));`
			`$kp3 = get_var('kp3',array('COOKIE','GET'));`
			`}`
Formatting cleanup; Removed stray whitespace, especially from the end of some files; Convert api arrays to egw/egw_info 2005-07-08 07:00:14 +02:00			`$server->authed = $GLOBALS['egw']->session->verify($sessionid,$kp3);`
make the phpgw Version-0_9_16-branch HEAD 2003-08-28 16:16:30 +02:00
XMLRPC: included support for on-browser xmlrpc authentication About Screen: support for image and url in description 2005-06-18 22:29:17 +02:00			`if (!$server->authed and isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW']))`
			`{`
Formatting cleanup; Removed stray whitespace, especially from the end of some files; Convert api arrays to egw/egw_info 2005-07-08 07:00:14 +02:00			`$authed = $GLOBALS['egw']->session->create($login.'@'.$domain, $_SERVER['PHP_AUTH_PW'], 'text');`
XMLRPC: included support for on-browser xmlrpc authentication About Screen: support for image and url in description 2005-06-18 22:29:17 +02:00
			`if ($authed)`
			`{`
			`$server->authed = true;`
			`}`
			`}`

added use of cookie or url to pass session id 2004-03-13 18:54:26 +01:00			`$server->service($_SERVER['HTTP_RAW_POST_DATA']);`