remote.php 11.1 KB
Newer Older
1
<?php
changi67's avatar
changi67 committed
2
/**
3 4 5
 * Used by Tiki's InterTiki feature
 *
 * @package Tiki
6
 * @copyright (c) Copyright 2002-2016 by authors of the Tiki Wiki CMS Groupware Project. All Rights Reserved. See copyright.txt for details and a complete list of authors.
7
 * @licence LGPL-2.1. See license.txt for details.
changi67's avatar
changi67 committed
8
 */
changi67's avatar
changi67 committed
9
// $Id$
10

11
$version = '0.2';
12 13 14 15 16 17 18 19 20 21

include 'tiki-setup.php';

if ($prefs['feature_intertiki'] != 'y' || $prefs['feature_intertiki_server'] != 'y' || $prefs['feature_intertiki_mymaster']) {

	echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<methodResponse><fault><value><struct><member><name>faultCode</name><value><int>403</int></value></member>";
	echo "<member><name>faultString</name><value><string>Server is not configured</string></value></member></struct></value></fault></methodResponse>";
	exit;
}

22 23 24 25
/**
 * @param $file
 * @param $line
 */
26 27 28 29
function lograw($file, $line)
{
	$fp = fopen($file, 'a+');
	fputs($fp, "$line\n");
30 31 32
	fclose($fp);
}

33 34 35 36 37 38 39
/**
 * @param $file
 * @param $txt
 * @param $user
 * @param $code
 * @param $from
 */
40 41
function logit($file, $txt, $user, $code, $from)
{
lphuberdeau's avatar
lphuberdeau committed
42
	$tikilib = TikiLib::lib('tiki');
43 44
	$line = $tikilib->get_ip_address() . " - $user - " . date('[m/d/Y:H:i:s]') . " \"$txt\" $code \"$from\"";
	lograw($file, $line);
45 46
}

47 48 49
define('INTERTIKI_OK', 200);
define('INTERTIKI_BADKEY', 401);
define('INTERTIKI_BADUSER', 404);
50 51

$map = array(
52 53 54 55 56 57 58 59
		'intertiki.validate' => array('function'=>'validate'),
		'intertiki.setUserInfo' => array('function' => 'set_user_info'),
		'intertiki.logout' => array('function'=>'logout'),
		'intertiki.cookiecheck' => array('function'=>'cookie_check'),
		'intertiki.version' => array('function'=>'get_version'),
		'intertiki.getUserInfo' => array('function' => 'get_user_info'),
		'intertiki.getRegistrationPrefs' => array('function' => 'get_registration_prefs'),
		'intertiki.registerUser' => array('function' => 'register_user')
60
);
61

62 63
$s = new XML_RPC_Server($map);

64 65 66 67
/**
 * @param $params
 * @return XML_RPC_Response
 */
68 69
function validate($params)
{
70 71 72 73
	global $prefs;
	$userlib = TikiLib::lib('user');
	$tikilib = TikiLib::lib('tiki');
	$logslib = TikiLib::lib('logs');
74

75 76 77 78 79
	$key = $params->getParam(0);
	$key = $key->scalarval(); 

	$login = $params->getParam(1); 
	$login = $login->scalarval(); 
80
	
81 82 83 84 85 86 87 88 89
	$pass = $params->getParam(2); 
	$pass = $pass->scalarval(); 
	
	$slave = $params->getParam(3); 
	$slave = $slave->scalarval();
	
	$hashkey = $params->getParam(4); 
	$hashkey = $hashkey->scalarval();

90
	if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
91
		$msg = tra('Invalid server key');
92

sylvieg's avatar
sylvieg committed
93
		if (!empty($prefs['intertiki_errfile']))
94 95 96
			logit($prefs['intertiki_errfile'], $msg, $key, INTERTIKI_BADKEY, $prefs['known_hosts'][$key]['name']);

		$logslib->add_log('intertiki', $msg . ' from ' . $prefs['known_hosts'][$key]['name'], $login);
97 98
		return new XML_RPC_Response(0, 101, $msg);
	}
99 100 101

	list($isvalid, $dummy, $error) = $userlib->validate_user($login, $pass, '', '');

102
	if (!$isvalid) {
103
		$msg = tra('Invalid username or password');
104 105 106 107 108 109

		if ($prefs['intertiki_errfile'])
			logit($prefs['intertiki_errfile'], $msg, $login, INTERTIKI_BADUSER, $prefs['known_hosts'][$key]['name']);

		$logslib->add_log('intertiki', $msg . ' from ' . $prefs['known_hosts'][$key]['name'], $login);

110
		if (!$userlib->user_exists($login)) {
111 112 113 114
			// slave client is supposed to disguise 102 code as 101 not to show
			// crackers that user does not exists. 102 is required for telling slave
			// to delete user there
			return new XML_RPC_Response(0, 102, $msg);
115
		} else {
116
			return new XML_RPC_Response(0, 101, $msg);
117 118
		}
	} 
119 120 121 122

	if ($prefs['intertiki_logfile']) 
		logit($prefs['intertiki_logfile'], 'logged', $login, INTERTIKI_OK, $prefs['known_hosts'][$key]['name']);

123 124
	$userInfo = $userlib->get_user_info($login);
	$userlib->create_user_cookie($userInfo['userId'], $hashkey);
125 126

	if ($slave) {
127 128
		$logslib->add_log('intertiki', 'auth granted from ' . $prefs['known_hosts'][$key]['name'], $login);

129 130
		$user_details = $userlib->get_user_details($login);
		$user_info = $userlib->get_user_info($login);
131 132 133 134
		$ret['avatarData'] = new XML_RPC_Value($user_info['avatarData'], 'base64');
		$ret['user_details'] = new XML_RPC_Value(serialize($user_details), 'string');
		
		return new XML_RPC_Response(new XML_RPC_Value($ret, 'struct'));
135
	} else {
136 137
		$logslib->add_log('intertiki', 'auth granted from ' . $prefs['known_hosts'][$key]['name'], $login);
		return new XML_RPC_Response(new XML_RPC_Value(1, 'boolean'));
138 139 140
	}
}

141 142 143 144
/**
 * @param $params
 * @return XML_RPC_Response
 */
145 146
function set_user_info($params)
{
147 148 149
	global $prefs;
	$userlib = TikiLib::lib('user');
	$tikilib = TikiLib::lib('tiki');
150

151 152 153
	if ($prefs['feature_userPreferences'] != 'y') {
		return new XML_RPC_Response(new XML_RPC_Value(1, 'boolean'));
	}
154

155
	$key = $params->getParam(0); $key = $key->scalarval(); 
156
	$login = $params->getParam(1); $login = $login->scalarval();
157

158
	if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
159
		$msg = tra('Invalid server key');
160 161 162 163

		if ($prefs['intertiki_errfile'])
			logit($prefs['intertiki_errfile'], $msg, $key, INTERTIKI_BADKEY, $prefs['known_hosts'][$key]['name']);

164
		TikiLib::lib('logs')->add_log('intertiki', $msg . ' from ' . $prefs['known_hosts'][$key]['name'], $login);
165 166
		return new XML_RPC_Response(0, 101, $msg);
	}
167

168
	$userlib->interSetUserInfo($login, $params->getParam(2));
169

170 171 172
	return new XML_RPC_Response(new XML_RPC_Value(1, 'boolean'));
}

173 174 175 176
/**
 * @param $params
 * @return XML_RPC_Response
 */
177 178
function logout($params)
{
179 180 181 182
	global $prefs;
	$userlib = TikiLib::lib('user');
	$tikilib = TikiLib::lib('tiki');
	$logslib = TikiLib::lib('logs');
183 184 185 186 187 188 189

	$key = $params->getParam(0); 
	$key = $key->scalarval();

	$login = $params->getParam(1); 
	$login = $login->scalarval();

190
	if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
191
		$msg = tra('Invalid server key');
192 193 194 195 196 197

		if ($prefs['intertiki_errfile'])
			logit($prefs['intertiki_errfile'], $msg, $key, INTERTIKI_BADKEY, $prefs['known_hosts'][$key]['name']);

		$logslib->add_log('intertiki', $msg . ' from ' . $prefs['known_hosts'][$key]['name'], $login);

198 199
		return new XML_RPC_Response(0, 101, $msg);
	}
200

201
	$userlib->user_logout($login, true);
202 203
	$userInfo = $this->get_user_info($login);
	$userlib->delete_user_cookie($userInfo['userId']);
204 205 206 207 208 209

	if ($prefs['intertiki_logfile'])
		logit($prefs['intertiki_logfile'], 'logout', $login, INTERTIKI_OK, $prefs['known_hosts'][$key]['name']);

	$logslib->add_log('intertiki', 'auth revoked from ' . $prefs['known_hosts'][$key]['name'], $login);
	return new XML_RPC_Response(new XML_RPC_Value(1, 'boolean'));
210 211
}

212 213 214 215
/**
 * @param $params
 * @return XML_RPC_Response
 */
216 217
function cookie_check($params)
{
218 219 220
	global $prefs;
	$userlib = TikiLib::lib('user');
	$tikilib = TikiLib::lib('tiki');
221 222 223 224 225 226

	$key = $params->getParam(0); 
	$key = $key->scalarval();
	$hash = $params->getParam(1);
	$hash = $hash->scalarval();

227
	if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
228
		$msg = tra('Invalid server key');
229 230 231 232

		if ($prefs['intertiki_errfile']) 
			logit($prefs['intertiki_errfile'], $msg, $key, INTERTIKI_BADKEY, $prefs['known_hosts'][$key]['name']);

233 234
		$hash = substr($hash, strpos($hash, '.'));
		TikiLib::lib('logs')->add_log('intertiki', $msg . ' from ' . $prefs['known_hosts'][$key]['name'], $hash);
235 236
		return new XML_RPC_Response(0, 101, $msg);
	}
237
	$result = $userlib->get_user_by_cookie($hash);
238

239
	if ($result) {
240
		return new XML_RPC_Response(new XML_RPC_Value($result, 'string'));
241
	}
242

243 244 245 246
	$msg = tra('Cookie not found');
	return new XML_RPC_Response(0, 101, $msg);
}

247 248 249 250
/**
 * @param $params
 * @return XML_RPC_Response
 */
251 252
function get_version($params)
{
253
	global $version;
254
	return new XML_RPC_Response(new XML_RPC_Value($version, 'int'));
255 256
}

257 258 259 260
/**
 * @param $params
 * @return XML_RPC_Response
 */
261 262
function get_user_info($params)
{
263 264 265
	global $prefs;
	$userlib = TikiLib::lib('user');
	$tikilib = TikiLib::lib('tiki');
266 267 268

	$key = $params->getParam(0);
	$key = $key->scalarval(); 
269
	$login = $params->getParam(1); $login = $login->scalarval();
270

271
	if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
272
		$msg = tra('Invalid server key');
273 274 275 276

		if ($prefs['intertiki_errfile']) 
			logit($prefs['intertiki_errfile'], $msg, $key, INTERTIKI_BADKEY, $prefs['known_hosts'][$key]['name']);

277
		TikiLib::lib('logs')->add_log('intertiki', $msg . ' from ' . $prefs['known_hosts'][$key]['name'], $login);
278 279 280
		return new XML_RPC_Response(0, 101, $msg);
	}
	$email = $params->getParam(2); $email = $email->scalarval();
281

282 283 284
	if (empty($login)) {
		$login = empty($email)?'': $userlib->get_user_by_email($email);
	}
285

286
	if (empty($login)) {
287
		$msg = 'Invalid username';
288 289
		return new XML_RPC_Response(0, 102, $msg);
	}
290

291 292 293
	if (empty($email)) {
		$email = $userlib->get_user_email($login);
	}
294 295 296 297

	$ret['login'] = new XML_RPC_Value($login, 'string');
	$ret['email'] = new XML_RPC_Value($email, 'string');
	return new XML_RPC_Response(new XML_RPC_Value($ret, 'struct'));
298
}
299

300 301 302 303
/**
 * @param $params
 * @return XML_RPC_Response
 */
304 305
function get_registration_prefs($params)
{
lphuberdeau's avatar
lphuberdeau committed
306 307 308 309
	global $prefs;
	$logslib = TikiLib::lib('logs');
	$tikilib = TikiLib::lib('tiki');
	$registrationlib = TikiLib::lib('registration');
310

311 312
	$key = $params->getParam(0);
	$key = $key->scalarval();
313
	$login = $params->getParam(1); $login = $login->scalarval();
314

315 316
	if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
		$msg = tra('Invalid server key');
317 318 319 320 321

		if ($prefs['intertiki_errfile'])
			logit($prefs['intertiki_errfile'], $msg, $key, INTERTIKI_BADKEY, $prefs['known_hosts'][$key]['name']);

		$logslib->add_log('intertiki', $msg . ' from ' . $prefs['known_hosts'][$key]['name'], $login);
322 323 324
		return new XML_RPC_Response(0, 101, $msg);
	}

325 326 327 328
	if ( !isset($prefs['known_hosts'][$key]['allowusersregister']) 
				|| ($prefs['known_hosts'][$key]['allowusersregister'] != 'y')
	)
		return new XML_RPC_Response(0, 101, 'Users are not allowed to register via intertiki on this master.');
329 330 331 332

	return new XML_RPC_Response(XML_RPC_encode($registrationlib->merged_prefs));
}

333 334 335 336
/**
 * @param $params
 * @return XML_RPC_Response
 */
337 338
function register_user($params)
{
lphuberdeau's avatar
lphuberdeau committed
339 340 341 342
	global $prefs;
	$logslib = TikiLib::lib('logs');
	$tikilib = TikiLib::lib('tiki');
	$registrationlib = TikiLib::lib('registration');
343

344 345
	$key = $params->getParam(0);
	$key = $key->scalarval(); 
346
	$login = $params->getParam(1); $login = $login->scalarval();
347

348 349
	if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
		$msg = tra('Invalid server key');
350 351 352 353 354

		if ($prefs['intertiki_errfile'])
			logit($prefs['intertiki_errfile'], $msg, $key, INTERTIKI_BADKEY, $prefs['known_hosts'][$key]['name']);

		$logslib->add_log('intertiki', $msg . ' from ' . $prefs['known_hosts'][$key]['name'], $login);
355 356 357
		return new XML_RPC_Response(0, 101, $msg);
	}

358 359 360 361
	if ( !isset($prefs['known_hosts'][$key]['allowusersregister']) 
			|| ($prefs['known_hosts'][$key]['allowusersregister'] != 'y')
	)
		return new XML_RPC_Response(0, 101, 'Users are not allowed to register via intertiki on this master.');
362 363 364 365 366 367

	$result=$registrationlib->register_new_user_from_intertiki(XML_RPC_decode($params->getParam(1)));

	return new XML_RPC_Response(XML_RPC_encode($result));
}