extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-02-23 22:01:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

added a log-file and a 401 header if unauthorized to the xmlrpc-server

Browse Source
This commit is contained in:
Ralf Becker 2003-10-21 21:05:23 +00:00
parent 8d2125b502
commit 7cc899861d
1 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
phpgwapi/inc/class.xmlrpc_server.inc.php
View File

@ -42,6 +42,7 @@
var $resp_struct = array(); var $resp_struct = array();
var $debug = False; var $debug = False;
var $method_requested; var $method_requested;
var $log = False; //'/tmp/xmlrpc.log';
function xmlrpc_server($dispMap='', $serviceNow=0) function xmlrpc_server($dispMap='', $serviceNow=0)
{ {
@ -79,9 +80,31 @@
global $HTTP_RAW_POST_DATA; global $HTTP_RAW_POST_DATA;
$r = $this->parseRequest(); $r = $this->parseRequest();
$payload = "<?xml version=\"1.0\"?>\n" . $this->serializeDebug() . $r->serialize(); if (!$r)
Header("Content-type: text/xml\r\nContent-length: " . strlen($payload)); {
print $payload; header('WWW-Authenticate: Basic realm="eGroupWare xmlrpc"');
header('HTTP/1.0 401 Unauthorized');
// for the log:
$payload = "WWW-Authenticate: Basic realm=\"eGroupWare xmlrpc\"\nHTTP/1.0 401 Unauthorized\n";
}
else
{
$payload = "<?xml version=\"1.0\"?>\n" . $this->serializeDebug() . $r->serialize();
Header("Content-type: text/xml\r\nContent-length: " . strlen($payload));
print $payload;
}
if ($this->log)
{
$fp = fopen($this->log,'a+');
fwrite($fp,"\n\n".date('Y-m-d H:i:s')." authorized=".
($this->authed?$GLOBALS['phpgw_info']['user']['account_lid']:'False').
", method='$this->last_method'\n");
fwrite($fp,"==== GOT ============================\n".$HTTP_RAW_POST_DATA.
"\n==== RETURNED =======================\n");
fputs($fp,$payload);
fclose($fp);
}
if ($this->debug) if ($this->debug)
{ {
@ -288,6 +311,7 @@
// now to deal with the method // now to deal with the method
$methName = $GLOBALS['_xh'][$parser]['method']; $methName = $GLOBALS['_xh'][$parser]['method'];
$_methName = $GLOBALS['_xh'][$parser]['method']; $_methName = $GLOBALS['_xh'][$parser]['method'];
$this->last_method = $methName;
if (ereg("^system\.", $methName)) if (ereg("^system\.", $methName))
{ {
@ -423,12 +447,13 @@
// else prepare error response // else prepare error response
if(!$this->authed) if(!$this->authed)
{ {
$r = CreateObject('phpgwapi.xmlrpcresp', $r = False; // send 401 header to force authorization
/*CreateObject('phpgwapi.xmlrpcresp',
CreateObject('phpgwapi.xmlrpcval', CreateObject('phpgwapi.xmlrpcval',
'UNAUTHORIZED', 'UNAUTHORIZED',
'string' 'string'
) )
); );*/
} }
else else
{ {