remote.php 9.98 KB
Newer Older
1
<?php
2
// (c) Copyright 2002-2011 by authors of the Tiki Wiki CMS Groupware Project
changi67's avatar
changi67 committed
3
// 
4 5
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
changi67's avatar
changi67 committed
6
// $Id$
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

$version = "0.2";

include 'tiki-setup.php';
require_once("XML/Server.php");

if ($prefs['feature_intertiki'] != 'y' || $prefs['feature_intertiki_server'] != 'y' || $prefs['feature_intertiki_mymaster']) {

	echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<methodResponse><fault><value><struct><member><name>faultCode</name><value><int>403</int></value></member>";
	echo "<member><name>faultString</name><value><string>Server is not configured</string></value></member></struct></value></fault></methodResponse>";
	exit;
}

function lograw($file,$line) {
	$fp = fopen($file,'a+');
	fputs($fp,"$line\n");
	fclose($fp);
}

function logit($file,$txt,$user,$code,$from) {
sylvieg's avatar
sylvieg committed
27
	global $tikilib;
28
	$line = $tikilib->get_ip_address()." - $user - ". date('[m/d/Y:H:i:s]')." \"$txt\" $code \"$from\"";
29 30 31 32 33 34 35 36 37 38 39 40 41
	lograw($file,$line);
}

define('INTERTIKI_OK',200);
define('INTERTIKI_BADKEY',401);
define('INTERTIKI_BADUSER',404);

$map = array(
	"intertiki.validate" => array("function"=>"validate"),
	'intertiki.setUserInfo' => array('function' => 'set_user_info'),
	"intertiki.logout" => array("function"=>"logout"),
	"intertiki.cookiecheck" => array("function"=>"cookie_check"),
	"intertiki.version" => array("function"=>"get_version"),
42 43 44
	'intertiki.getUserInfo' => array('function' => 'get_user_info'),
	'intertiki.getRegistrationPrefs' => array('function' => 'get_registration_prefs'),
	'intertiki.registerUser' => array('function' => 'register_user')
45 46 47 48 49 50 51 52 53 54 55 56
);
$s = new XML_RPC_Server($map);

function validate($params) {
	global $tikilib,$userlib,$prefs,$logslib;

	$key = $params->getParam(0); $key = $key->scalarval(); 
	$login = $params->getParam(1); $login = $login->scalarval(); 
	$pass = $params->getParam(2); $pass = $pass->scalarval(); 
	$slave = $params->getParam(3); $slave = $slave->scalarval();
	$hashkey = $params->getParam(4); $hashkey = $hashkey->scalarval();
	
57
	if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
58
		$msg = tra('Invalid server key');
sylvieg's avatar
sylvieg committed
59 60
		if (!empty($prefs['intertiki_errfile']))
			logit($prefs['intertiki_errfile'],$msg,$key,INTERTIKI_BADKEY,$prefs['known_hosts'][$key]['name']);
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79
		$logslib->add_log('intertiki',$msg.' from '.$prefs['known_hosts'][$key]['name'],$login);
		return new XML_RPC_Response(0, 101, $msg);
	}
	
	list($isvalid, $dummy, $error) = $userlib->validate_user($login,$pass,'','');
	if(!$isvalid) {
		$msg = tra('Invalid username or password');
		if ($prefs['intertiki_errfile']) logit($prefs['intertiki_errfile'],$msg,$login,INTERTIKI_BADUSER,$prefs['known_hosts'][$key]['name']);
		$logslib->add_log('intertiki',$msg.' from '.$prefs['known_hosts'][$key]['name'],$login);
		if (!$userlib->user_exists($login)) {
		    // slave client is supposed to disguise 102 code as 101 not to show
		    // crackers that user does not exists. 102 is required for telling slave
		    // to delete user there
		    return new XML_RPC_Response(0, 102, $msg);
		} else {
		    return new XML_RPC_Response(0, 101, $msg);
		}
	} 
	if ($prefs['intertiki_logfile']) logit($prefs['intertiki_logfile'],"logged",$login,INTERTIKI_OK,$prefs['known_hosts'][$key]['name']);
80 81
	$userInfo = $userlib->get_user_info($login);
	$userlib->create_user_cookie($userInfo['userId'], $hashkey);
82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98

	if ($slave) {
	    $logslib->add_log('intertiki','auth granted from '.$prefs['known_hosts'][$key]['name'],$login);
	    global $userlib;
		$user_details = $userlib->get_user_details($login);
		$user_info = $userlib->get_user_info($login);
		$ret['avatarData'] = new XML_RPC_Value($user_info['avatarData'], "base64");
		$ret['user_details'] = new XML_RPC_Value(serialize($user_details), "string");
		//$fp=fopen('temp/toto', 'w+');fwrite($fp, var_export($ret, true));fclose($fp);
		return new XML_RPC_Response(new XML_RPC_Value($ret, "struct"));
	} else {
	    $logslib->add_log('intertiki','auth granted from '.$prefs['known_hosts'][$key]['name'],$login);
	    return new XML_RPC_Response(new XML_RPC_Value(1, "boolean"));
	}
}

function set_user_info($params) {
99
	global $tikilib, $userlib, $prefs;
100 101 102 103
	if ($prefs['feature_userPreferences'] != 'y') {
		return new XML_RPC_Response(new XML_RPC_Value(1, 'boolean'));
	}
	$key = $params->getParam(0); $key = $key->scalarval(); 
104
	if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
105 106 107 108 109 110 111 112 113 114 115
		$msg = tra('Invalid server key');
		if ($prefs['intertiki_errfile']) logit($prefs['intertiki_errfile'],$msg,$key,INTERTIKI_BADKEY,$prefs['known_hosts'][$key]['name']);
		$logslib->add_log('intertiki',$msg.' from '.$prefs['known_hosts'][$key]['name'],$login);
		return new XML_RPC_Response(0, 101, $msg);
	}
	$login = $params->getParam(1); $login = $login->scalarval(); 
	$userlib->interSetUserInfo($login, $params->getParam(2));
	return new XML_RPC_Response(new XML_RPC_Value(1, 'boolean'));
}

function logout($params) {
116
	global $tikilib, $userlib,$logslib,$prefs;
117 118
	$key = $params->getParam(0); $key = $key->scalarval();
	$login = $params->getParam(1); $login = $login->scalarval();
119
	if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
120 121 122 123 124
		$msg = tra('Invalid server key');
		if ($prefs['intertiki_errfile']) logit($prefs['intertiki_errfile'],$msg,$key,INTERTIKI_BADKEY,$prefs['known_hosts'][$key]['name']);
		$logslib->add_log('intertiki',$msg.' from '.$prefs['known_hosts'][$key]['name'],$login);
		return new XML_RPC_Response(0, 101, $msg);
	}
125
	$userlib->user_logout($login, true);
126 127
	$userInfo = $this->get_user_info($login);
	$userlib->delete_user_cookie($userInfo['userId']);
128 129 130 131 132 133
	if ($prefs['intertiki_logfile']) logit($prefs['intertiki_logfile'],"logout",$login,INTERTIKI_OK,$prefs['known_hosts'][$key]['name']);
	$logslib->add_log('intertiki','auth revoked from '.$prefs['known_hosts'][$key]['name'],$login);
	return new XML_RPC_Response(new XML_RPC_Value(1, "boolean"));
}

function cookie_check($params) {
134
	global $tikilib, $userlib,$prefs;
135 136
	$key = $params->getParam(0); $key = $key->scalarval();
	$hash = $params->getParam(1); $hash = $hash->scalarval();
137
	if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
138 139 140 141 142
		$msg = tra('Invalid server key');
		if ($prefs['intertiki_errfile']) logit($prefs['intertiki_errfile'],$msg,$key,INTERTIKI_BADKEY,$prefs['known_hosts'][$key]['name']);
		$logslib->add_log('intertiki',$msg.' from '.$prefs['known_hosts'][$key]['name'],$login);
		return new XML_RPC_Response(0, 101, $msg);
	}
143
	$result = $userlib->get_user_by_cookie($hash);
144 145 146 147 148 149 150 151 152 153 154 155 156 157
	// $fp=fopen('temp/interlogtest','a+');fputs($fp,"main      -- ".$hash."\n");fclose($fp);
	if ($result) {
		return new XML_RPC_Response(new XML_RPC_Value($result, "string"));
	}
	$msg = tra('Cookie not found');
	return new XML_RPC_Response(0, 101, $msg);
}

function get_version($params) {
	global $version;
	return new XML_RPC_Response(new XML_RPC_Value($version, "int"));
}

function get_user_info($params) {
158
	global $tikilib, $prefs, $userlib;
159
	$key = $params->getParam(0); $key = $key->scalarval(); 
160
	if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181
		$msg = tra('Invalid server key');
		if ($prefs['intertiki_errfile']) logit($prefs['intertiki_errfile'],$msg,$key,INTERTIKI_BADKEY,$prefs['known_hosts'][$key]['name']);
		$logslib->add_log('intertiki',$msg.' from '.$prefs['known_hosts'][$key]['name'],$login);
		return new XML_RPC_Response(0, 101, $msg);
	}
	$login = $params->getParam(1); $login = $login->scalarval(); 
	$email = $params->getParam(2); $email = $email->scalarval();
	if (empty($login)) {
		$login = empty($email)?'': $userlib->get_user_by_email($email);
	}
	if (empty($login)) {
		$msg = "Invalid username";
		return new XML_RPC_Response(0, 102, $msg);
	}
	if (empty($email)) {
		$email = $userlib->get_user_email($login);
	}
	$ret['login'] = new XML_RPC_Value($login, "string");
	$ret['email'] = new XML_RPC_Value($email, "string");
	return new XML_RPC_Response(new XML_RPC_Value($ret, "struct"));
}
182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222

function get_registration_prefs($params) {
	global $tikilib, $prefs, $registrationlib, $logslib;

	$key = $params->getParam(0); $key = $key->scalarval();
	if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
		$msg = tra('Invalid server key');
		if ($prefs['intertiki_errfile']) logit($prefs['intertiki_errfile'],$msg,$key,INTERTIKI_BADKEY,$prefs['known_hosts'][$key]['name']);
		$logslib->add_log('intertiki',$msg.' from '.$prefs['known_hosts'][$key]['name'],$login);
		return new XML_RPC_Response(0, 101, $msg);
	}

	if (!isset($prefs['known_hosts'][$key]['allowusersregister']) || ($prefs['known_hosts'][$key]['allowusersregister'] != 'y'))
		return new XML_RPC_Response(0, 101, "Users are not allowed to register via intertiki on this master.");

	require_once 'lib/registration/registrationlib.php';

	return new XML_RPC_Response(XML_RPC_encode($registrationlib->merged_prefs));
}

function register_user($params) {
	global $tikilib, $prefs, $registrationlib, $logslib;

	$key = $params->getParam(0); $key = $key->scalarval(); 
	if (!isset($prefs['known_hosts'][$key]) or $prefs['known_hosts'][$key]['ip'] != $tikilib->get_ip_address()) {
		$msg = tra('Invalid server key');
		if ($prefs['intertiki_errfile']) logit($prefs['intertiki_errfile'],$msg,$key,INTERTIKI_BADKEY,$prefs['known_hosts'][$key]['name']);
		$logslib->add_log('intertiki',$msg.' from '.$prefs['known_hosts'][$key]['name'],$login);
		return new XML_RPC_Response(0, 101, $msg);
	}

	if (!isset($prefs['known_hosts'][$key]['allowusersregister']) || ($prefs['known_hosts'][$key]['allowusersregister'] != 'y'))
		return new XML_RPC_Response(0, 101, "Users are not allowed to register via intertiki on this master.");

	require_once 'lib/registration/registrationlib.php';

	$result=$registrationlib->register_new_user_from_intertiki(XML_RPC_decode($params->getParam(1)));

	return new XML_RPC_Response(XML_RPC_encode($result));
}