Fix auth check on xmlrpc.php, modify sessions verify/destroy to optionally

accept sessionid/kp3
This commit is contained in:
Miles Lott 2001-08-23 02:54:25 +00:00
parent 822b956b80
commit 51fd39fac2
3 changed files with 42 additions and 28 deletions

View File

@ -73,10 +73,13 @@
} }
} }
function verify() function verify($sessionid='',$kp3='')
{
if(empty($sessionid) || !$sessionid)
{ {
$sessionid = $GLOBALS['HTTP_GET_VARS']['sessionid'] ? $GLOBALS['HTTP_GET_VARS']['sessionid'] : $GLOBALS['HTTP_COOKIE_VARS']['sessionid']; $sessionid = $GLOBALS['HTTP_GET_VARS']['sessionid'] ? $GLOBALS['HTTP_GET_VARS']['sessionid'] : $GLOBALS['HTTP_COOKIE_VARS']['sessionid'];
$kp3 = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3']; $kp3 = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3'];
}
$db = $GLOBALS['phpgw']->db; $db = $GLOBALS['phpgw']->db;
$db2 = $GLOBALS['phpgw']->db; $db2 = $GLOBALS['phpgw']->db;
@ -490,39 +493,40 @@
. "where sessionid='" . $this->sessionid."'",__LINE__,__FILE__); . "where sessionid='" . $this->sessionid."'",__LINE__,__FILE__);
} }
function destroy() function destroy($sessionid='',$kp3='')
{
if(empty($sessionid) || !$sessionid)
{ {
global $phpgw, $phpgw_info;
$sessionid = $GLOBALS['HTTP_GET_VARS']['sessionid'] ? $GLOBALS['HTTP_GET_VARS']['sessionid'] : $GLOBALS['HTTP_COOKIE_VARS']['sessionid']; $sessionid = $GLOBALS['HTTP_GET_VARS']['sessionid'] ? $GLOBALS['HTTP_GET_VARS']['sessionid'] : $GLOBALS['HTTP_COOKIE_VARS']['sessionid'];
$kp3 = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3']; $kp3 = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3'];
}
if(!$sessionid && $kp3) if(!$sessionid && $kp3)
{ {
return False; return False;
} }
$phpgw_info['user']['sessionid'] = $sessionid; $GLOBALS['phpgw_info']['user']['sessionid'] = $sessionid;
$phpgw_info['user']['kp3'] = $kp3; $GLOBALS['phpgw_info']['user']['kp3'] = $kp3;
$phpgw->db->transaction_begin(); $GLOBALS['phpgw']->db->transaction_begin();
$phpgw->db->query("delete from phpgw_sessions where session_id='" $GLOBALS['phpgw']->db->query("delete from phpgw_sessions where session_id='"
. $phpgw_info['user']['sessionid'] . "'",__LINE__,__FILE__); . $sessionid . "'",__LINE__,__FILE__);
$phpgw->db->query("delete from phpgw_app_sessions where sessionid='" $GLOBALS['phpgw']->db->query("delete from phpgw_app_sessions where sessionid='"
. $phpgw_info['user']['sessionid'] . "'",__LINE__,__FILE__); . $sessionid . "'",__LINE__,__FILE__);
$phpgw->db->query("update phpgw_access_log set lo='" . time() . "' where sessionid='" $GLOBALS['phpgw']->db->query("update phpgw_access_log set lo='" . time() . "' where sessionid='"
. $phpgw_info['user']['sessionid'] . "'",__LINE__,__FILE__); . $sessionid . "'",__LINE__,__FILE__);
if ($phpgw_info['server']['usecookies']) if ($GLOBALS['phpgw_info']['server']['usecookies'])
{ {
Setcookie('sessionid'); Setcookie('sessionid');
Setcookie('kp3'); Setcookie('kp3');
if ($phpgw_info['multiable_domains']) if ($GLOBALS['phpgw_info']['multiable_domains'])
{ {
Setcookie('domain'); Setcookie('domain');
} }
} }
$this->clean_sessions(); $this->clean_sessions();
$phpgw->db->transaction_commit(); $GLOBALS['phpgw']->db->transaction_commit();
return True; return True;
} }

View File

@ -728,7 +728,7 @@
$sessionid = $data['sessionid']->scalarval(); $sessionid = $data['sessionid']->scalarval();
$kp3 = $data['kp3']->scalarval(); $kp3 = $data['kp3']->scalarval();
$later = $GLOBALS['phpgw']->session->destroy(); $later = $GLOBALS['phpgw']->session->destroy($sessionid,$kp3);
if($later) if($later)
{ {

View File

@ -12,7 +12,7 @@
/* $Id$ */ /* $Id$ */
$phpgw_info['flags'] = array( $GLOBALS['phpgw_info']['flags'] = array(
'currentapp' => 'login', 'currentapp' => 'login',
'noheader' => True 'noheader' => True
); );
@ -20,25 +20,35 @@
include('./header.inc.php'); include('./header.inc.php');
$server = CreateObject('phpgwapi.xmlrpc_server'); $server = CreateObject('phpgwapi.xmlrpc_server');
$server->authed = False;
/* _debug_array($server);exit; */ /* _debug_array($server);exit; */
//include(PHPGW_API_INC . '/xmlrpc.interop.php'); //include(PHPGW_API_INC . '/xmlrpc.interop.php');
if($PHP_AUTH_USER && $PHP_AUTH_PW) $headers = getallheaders();
if(ereg('Basic',$headers['Authorization']))
{ {
if($HTTP_X_PHPGW_SERVER) $tmp = $headers['Authorization'];
$tmp = ereg_replace(' ','',$tmp);
$tmp = ereg_replace('Basic','',$tmp);
$auth = base64_decode(trim($tmp));
list($sessionid,$kp3) = split(':',$auth);
if($HTTP_SERVER_VARS['HTTP_X_PHPGW_SERVER'])
{ {
if(!@$phpgw->session->verify_server($PHP_AUTH_USER,$PHP_AUTH_PW)) if($GLOBALS['phpgw']->session->verify_server($sessionid,$kp3))
{ {
exit; $server->authed = True;
} }
} }
else else
{ {
if(!@$phpgw->session->verify($PHP_AUTH_USER,$PHP_AUTH_PW)) if($GLOBALS['phpgw']->session->verify($sessionid,$kp3))
{ {
exit; $server->authed = True;
} }
} }
} }
$server->service($HTTP_RAW_POST_DATA); $server->service($HTTP_RAW_POST_DATA);
?> ?>