mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-22 23:00:56 +01:00
Fix auth check on xmlrpc.php, modify sessions verify/destroy to optionally
accept sessionid/kp3
This commit is contained in:
parent
822b956b80
commit
51fd39fac2
@ -73,10 +73,13 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function verify()
|
function verify($sessionid='',$kp3='')
|
||||||
|
{
|
||||||
|
if(empty($sessionid) || !$sessionid)
|
||||||
{
|
{
|
||||||
$sessionid = $GLOBALS['HTTP_GET_VARS']['sessionid'] ? $GLOBALS['HTTP_GET_VARS']['sessionid'] : $GLOBALS['HTTP_COOKIE_VARS']['sessionid'];
|
$sessionid = $GLOBALS['HTTP_GET_VARS']['sessionid'] ? $GLOBALS['HTTP_GET_VARS']['sessionid'] : $GLOBALS['HTTP_COOKIE_VARS']['sessionid'];
|
||||||
$kp3 = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3'];
|
$kp3 = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3'];
|
||||||
|
}
|
||||||
|
|
||||||
$db = $GLOBALS['phpgw']->db;
|
$db = $GLOBALS['phpgw']->db;
|
||||||
$db2 = $GLOBALS['phpgw']->db;
|
$db2 = $GLOBALS['phpgw']->db;
|
||||||
@ -490,39 +493,40 @@
|
|||||||
. "where sessionid='" . $this->sessionid."'",__LINE__,__FILE__);
|
. "where sessionid='" . $this->sessionid."'",__LINE__,__FILE__);
|
||||||
}
|
}
|
||||||
|
|
||||||
function destroy()
|
function destroy($sessionid='',$kp3='')
|
||||||
|
{
|
||||||
|
if(empty($sessionid) || !$sessionid)
|
||||||
{
|
{
|
||||||
global $phpgw, $phpgw_info;
|
|
||||||
|
|
||||||
$sessionid = $GLOBALS['HTTP_GET_VARS']['sessionid'] ? $GLOBALS['HTTP_GET_VARS']['sessionid'] : $GLOBALS['HTTP_COOKIE_VARS']['sessionid'];
|
$sessionid = $GLOBALS['HTTP_GET_VARS']['sessionid'] ? $GLOBALS['HTTP_GET_VARS']['sessionid'] : $GLOBALS['HTTP_COOKIE_VARS']['sessionid'];
|
||||||
$kp3 = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3'];
|
$kp3 = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3'];
|
||||||
|
}
|
||||||
|
|
||||||
if(!$sessionid && $kp3)
|
if(!$sessionid && $kp3)
|
||||||
{
|
{
|
||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
|
|
||||||
$phpgw_info['user']['sessionid'] = $sessionid;
|
$GLOBALS['phpgw_info']['user']['sessionid'] = $sessionid;
|
||||||
$phpgw_info['user']['kp3'] = $kp3;
|
$GLOBALS['phpgw_info']['user']['kp3'] = $kp3;
|
||||||
|
|
||||||
$phpgw->db->transaction_begin();
|
$GLOBALS['phpgw']->db->transaction_begin();
|
||||||
$phpgw->db->query("delete from phpgw_sessions where session_id='"
|
$GLOBALS['phpgw']->db->query("delete from phpgw_sessions where session_id='"
|
||||||
. $phpgw_info['user']['sessionid'] . "'",__LINE__,__FILE__);
|
. $sessionid . "'",__LINE__,__FILE__);
|
||||||
$phpgw->db->query("delete from phpgw_app_sessions where sessionid='"
|
$GLOBALS['phpgw']->db->query("delete from phpgw_app_sessions where sessionid='"
|
||||||
. $phpgw_info['user']['sessionid'] . "'",__LINE__,__FILE__);
|
. $sessionid . "'",__LINE__,__FILE__);
|
||||||
$phpgw->db->query("update phpgw_access_log set lo='" . time() . "' where sessionid='"
|
$GLOBALS['phpgw']->db->query("update phpgw_access_log set lo='" . time() . "' where sessionid='"
|
||||||
. $phpgw_info['user']['sessionid'] . "'",__LINE__,__FILE__);
|
. $sessionid . "'",__LINE__,__FILE__);
|
||||||
if ($phpgw_info['server']['usecookies'])
|
if ($GLOBALS['phpgw_info']['server']['usecookies'])
|
||||||
{
|
{
|
||||||
Setcookie('sessionid');
|
Setcookie('sessionid');
|
||||||
Setcookie('kp3');
|
Setcookie('kp3');
|
||||||
if ($phpgw_info['multiable_domains'])
|
if ($GLOBALS['phpgw_info']['multiable_domains'])
|
||||||
{
|
{
|
||||||
Setcookie('domain');
|
Setcookie('domain');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$this->clean_sessions();
|
$this->clean_sessions();
|
||||||
$phpgw->db->transaction_commit();
|
$GLOBALS['phpgw']->db->transaction_commit();
|
||||||
|
|
||||||
return True;
|
return True;
|
||||||
}
|
}
|
||||||
|
@ -728,7 +728,7 @@
|
|||||||
$sessionid = $data['sessionid']->scalarval();
|
$sessionid = $data['sessionid']->scalarval();
|
||||||
$kp3 = $data['kp3']->scalarval();
|
$kp3 = $data['kp3']->scalarval();
|
||||||
|
|
||||||
$later = $GLOBALS['phpgw']->session->destroy();
|
$later = $GLOBALS['phpgw']->session->destroy($sessionid,$kp3);
|
||||||
|
|
||||||
if($later)
|
if($later)
|
||||||
{
|
{
|
||||||
|
24
xmlrpc.php
24
xmlrpc.php
@ -12,7 +12,7 @@
|
|||||||
|
|
||||||
/* $Id$ */
|
/* $Id$ */
|
||||||
|
|
||||||
$phpgw_info['flags'] = array(
|
$GLOBALS['phpgw_info']['flags'] = array(
|
||||||
'currentapp' => 'login',
|
'currentapp' => 'login',
|
||||||
'noheader' => True
|
'noheader' => True
|
||||||
);
|
);
|
||||||
@ -20,25 +20,35 @@
|
|||||||
include('./header.inc.php');
|
include('./header.inc.php');
|
||||||
|
|
||||||
$server = CreateObject('phpgwapi.xmlrpc_server');
|
$server = CreateObject('phpgwapi.xmlrpc_server');
|
||||||
|
$server->authed = False;
|
||||||
/* _debug_array($server);exit; */
|
/* _debug_array($server);exit; */
|
||||||
//include(PHPGW_API_INC . '/xmlrpc.interop.php');
|
//include(PHPGW_API_INC . '/xmlrpc.interop.php');
|
||||||
|
|
||||||
if($PHP_AUTH_USER && $PHP_AUTH_PW)
|
$headers = getallheaders();
|
||||||
|
|
||||||
|
if(ereg('Basic',$headers['Authorization']))
|
||||||
{
|
{
|
||||||
if($HTTP_X_PHPGW_SERVER)
|
$tmp = $headers['Authorization'];
|
||||||
|
$tmp = ereg_replace(' ','',$tmp);
|
||||||
|
$tmp = ereg_replace('Basic','',$tmp);
|
||||||
|
$auth = base64_decode(trim($tmp));
|
||||||
|
list($sessionid,$kp3) = split(':',$auth);
|
||||||
|
|
||||||
|
if($HTTP_SERVER_VARS['HTTP_X_PHPGW_SERVER'])
|
||||||
{
|
{
|
||||||
if(!@$phpgw->session->verify_server($PHP_AUTH_USER,$PHP_AUTH_PW))
|
if($GLOBALS['phpgw']->session->verify_server($sessionid,$kp3))
|
||||||
{
|
{
|
||||||
exit;
|
$server->authed = True;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if(!@$phpgw->session->verify($PHP_AUTH_USER,$PHP_AUTH_PW))
|
if($GLOBALS['phpgw']->session->verify($sessionid,$kp3))
|
||||||
{
|
{
|
||||||
exit;
|
$server->authed = True;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$server->service($HTTP_RAW_POST_DATA);
|
$server->service($HTTP_RAW_POST_DATA);
|
||||||
?>
|
?>
|
||||||
|
Loading…
Reference in New Issue
Block a user