xmlrpc.php 2.75 KB
Newer Older
Ad Schellevis's avatar
Ad Schellevis committed
1
<?php
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
/**
 *    Copyright (C) 2015 Deciso B.V.
 *
 *    All rights reserved.
 *
 *    Redistribution and use in source and binary forms, with or without
 *    modification, are permitted provided that the following conditions are met:
 *
 *    1. Redistributions of source code must retain the above copyright notice,
 *       this list of conditions and the following disclaimer.
 *
 *    2. Redistributions in binary form must reproduce the above copyright
 *       notice, this list of conditions and the following disclaimer in the
 *       documentation and/or other materials provided with the distribution.
 *
 *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
 *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
 *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
 *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 *    POSSIBILITY OF SUCH DAMAGE.
 *
 */
29
require_once("config.inc");
30
require_once("auth.inc");
31
require_once("xmlrpc.inc");
Ad Schellevis's avatar
Ad Schellevis committed
32

33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
/**
 * do a basic authentication, uses $_SERVER['HTTP_AUTHORIZATION'] to validate user.
 * @param $http_auth_header http_authorization header content
 * @return bool
 */
function http_basic_auth($http_auth_header)
{
    $tags=explode(" ", $http_auth_header) ;
    if (count($tags) >= 2) {
        $userinfo= explode(":", base64_decode($tags[1])) ;
        if (count($userinfo)>=2) {
            return authenticate_user($userinfo[0], $userinfo[1]);
        }
    }

    // not authenticated
    return false;
}

Ad Schellevis's avatar
Ad Schellevis committed
52

53 54
/**
 *   Simple XML-RPC server using IXR_Library
Ad Schellevis's avatar
Ad Schellevis committed
55
 */
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
if (!isset($_SERVER['HTTP_AUTHORIZATION']) ||               // check for a auth header
    !http_basic_auth($_SERVER['HTTP_AUTHORIZATION']) ||     // user authentication failure (basic auth)
    $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']      // do not accept request from servers own address
) {
    // Authentication failure, bail out.
    $xml = <<<EOD
<methodResponse>
<params>
    <param>
      <value>Authentication failed</value>
    </param>
  </params>
</methodResponse>
EOD;

    $xml = '<?xml version="1.0"?>'."\n".$xml;
    $length = strlen($xml);
    header('Connection: close');
    header('Content-Length: '.$length);
    header('Content-Type: text/xml');
    header('Date: '.date('r'));
    echo $xml;
} else {
    $server = new XMLRPCServer();
    $server->start();
Ad Schellevis's avatar
Ad Schellevis committed
81
}