Beispiel #1
0
function xmldb_enrol_authorize_upgrade($oldversion)
{
    global $CFG, $DB, $OUTPUT;
    $dbman = $DB->get_manager();
    $result = true;
    //===== 1.9.0 upgrade line ======//
    if ($result && $oldversion < 2008020500 && is_enabled_enrol('authorize')) {
        require_once $CFG->dirroot . '/enrol/authorize/localfuncs.php';
        if (!check_curl_available()) {
            echo $OUTPUT->notification("You are using the authorize.net enrolment plugin for payment handling but cUrl is not available.\n                    PHP must be compiled with cURL+SSL support (--with-curl --with-openssl)");
        }
        /// authorize savepoint reached
        upgrade_plugin_savepoint($result, 2008020500, 'enrol', 'authorize');
    }
    if ($result && $oldversion < 2008092700) {
        /// enrol_authorize.transid
        /// Define index transid (not unique) to be dropped form enrol_authorize
        $table = new xmldb_table('enrol_authorize');
        $index = new xmldb_index('transid', XMLDB_INDEX_NOTUNIQUE, array('transid'));
        if ($dbman->index_exists($table, $index)) {
            $dbman->drop_index($table, $index);
        }
        /// Changing precision of field transid on table enrol_authorize to (20)
        $table = new xmldb_table('enrol_authorize');
        $field = new xmldb_field('transid', XMLDB_TYPE_INTEGER, '20', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, '0', 'userid');
        $dbman->change_field_precision($table, $field);
        /// Launch add index transid again
        $table = new xmldb_table('enrol_authorize');
        $index = new xmldb_index('transid', XMLDB_INDEX_NOTUNIQUE, array('transid'));
        $dbman->add_index($table, $index);
        /// enrol_authorize_refunds.transid
        /// Define index transid (not unique) to be dropped form enrol_authorize_refunds
        $table = new xmldb_table('enrol_authorize_refunds');
        $index = new xmldb_index('transid', XMLDB_INDEX_NOTUNIQUE, array('transid'));
        if ($dbman->index_exists($table, $index)) {
            $dbman->drop_index($table, $index);
        }
        /// Changing precision of field transid on table enrol_authorize_refunds to (20)
        $table = new xmldb_table('enrol_authorize_refunds');
        $field = new xmldb_field('transid', XMLDB_TYPE_INTEGER, '20', XMLDB_UNSIGNED, null, null, '0', 'amount');
        $dbman->change_field_precision($table, $field);
        /// Launch add index transid again
        $table = new xmldb_table('enrol_authorize_refunds');
        $index = new xmldb_index('transid', XMLDB_INDEX_NOTUNIQUE, array('transid'));
        $dbman->add_index($table, $index);
        /// authorize savepoint reached
        upgrade_plugin_savepoint($result, 2008092700, 'enrol', 'authorize');
    }
    /// Dropping all enums/check contraints from core. MDL-18577
    if ($result && $oldversion < 2009042700) {
        /// Changing list of values (enum) of field paymentmethod on table enrol_authorize to none
        $table = new xmldb_table('enrol_authorize');
        $field = new xmldb_field('paymentmethod', XMLDB_TYPE_CHAR, '6', null, XMLDB_NOTNULL, null, 'cc', 'id');
        /// Launch change of list of values for field paymentmethod
        $dbman->drop_enum_from_field($table, $field);
        /// authorize savepoint reached
        upgrade_plugin_savepoint($result, 2009042700, 'enrol', 'authorize');
    }
    return $result;
}
Beispiel #2
0
/**
 * If security checks are passed, dispatch the request to the function/method
 *
 * The config variable 'mnet_dispatcher_mode' can be:
 * strict:      Only execute functions that are in specific files
 * off:         The default - don't execute anything
 *
 * @param  string  $payload    The XML-RPC request
 * @return                     No return val - just echo the response
 */
function mnet_server_dispatch($payload)
{
    global $CFG, $MNET_REMOTE_CLIENT;
    // xmlrpc_decode_request returns an array of parameters, and the $method
    // variable (which is passed by reference) is instantiated with the value from
    // the methodName tag in the xml payload
    //            xmlrpc_decode_request($xml,                   &$method)
    $params = xmlrpc_decode_request($payload, $method);
    // $method is something like: "mod/forum/lib.php/forum_add_instance"
    // $params is an array of parameters. A parameter might itself be an array.
    // Whitelist characters that are permitted in a method name
    // The method name must not begin with a / - avoid absolute paths
    // A dot character . is only allowed in the filename, i.e. something.php
    if (0 == preg_match("@^[A-Za-z0-9]+/[A-Za-z0-9/_-]+(\\.php/)?[A-Za-z0-9_-]+\$@", $method)) {
        exit(mnet_server_fault(713, 'nosuchfunction'));
    }
    if (preg_match("/^system\\./", $method)) {
        $callstack = explode('.', $method);
    } else {
        $callstack = explode('/', $method);
        // callstack will look like array('mod', 'forum', 'lib.php', 'forum_add_instance');
    }
    /**
     * What has the site administrator chosen as his dispatcher setting?
     * strict:      Only execute functions that are in specific files
     * off:         The default - don't execute anything
     */
    ////////////////////////////////////// OFF
    if (!isset($CFG->mnet_dispatcher_mode)) {
        set_config('mnet_dispatcher_mode', 'off');
        exit(mnet_server_fault(704, 'nosuchservice'));
    } elseif ('off' == $CFG->mnet_dispatcher_mode) {
        exit(mnet_server_fault(704, 'nosuchservice'));
        ////////////////////////////////////// SYSTEM METHODS
    } elseif ($callstack[0] == 'system') {
        $functionname = $callstack[1];
        $xmlrpcserver = xmlrpc_server_create();
        // I'm adding the canonical xmlrpc references here, however we've
        // already forbidden that the period (.) should be allowed in the call
        // stack, so if someone tries to access our XMLRPC in the normal way,
        // they'll already have received a RPC server fault message.
        // Maybe we should allow an easement so that regular XMLRPC clients can
        // call our system methods, and find out what we have to offer?
        xmlrpc_server_register_method($xmlrpcserver, 'system.listMethods', 'mnet_system');
        xmlrpc_server_register_method($xmlrpcserver, 'system/listMethods', 'mnet_system');
        xmlrpc_server_register_method($xmlrpcserver, 'system.methodSignature', 'mnet_system');
        xmlrpc_server_register_method($xmlrpcserver, 'system/methodSignature', 'mnet_system');
        xmlrpc_server_register_method($xmlrpcserver, 'system.methodHelp', 'mnet_system');
        xmlrpc_server_register_method($xmlrpcserver, 'system/methodHelp', 'mnet_system');
        xmlrpc_server_register_method($xmlrpcserver, 'system.listServices', 'mnet_system');
        xmlrpc_server_register_method($xmlrpcserver, 'system/listServices', 'mnet_system');
        xmlrpc_server_register_method($xmlrpcserver, 'system.keyswap', 'mnet_keyswap');
        xmlrpc_server_register_method($xmlrpcserver, 'system/keyswap', 'mnet_keyswap');
        if ($method == 'system.listMethods' || $method == 'system/listMethods' || $method == 'system.methodSignature' || $method == 'system/methodSignature' || $method == 'system.methodHelp' || $method == 'system/methodHelp' || $method == 'system.listServices' || $method == 'system/listServices' || $method == 'system.keyswap' || $method == 'system/keyswap') {
            $response = xmlrpc_server_call_method($xmlrpcserver, $payload, $MNET_REMOTE_CLIENT, array("encoding" => "utf-8"));
            $response = mnet_server_prepare_response($response);
        } else {
            exit(mnet_server_fault(7018, 'nosuchfunction'));
        }
        xmlrpc_server_destroy($xmlrpcserver);
        echo $response;
        ////////////////////////////////////// STRICT AUTH
    } elseif ($callstack[0] == 'auth') {
        // Break out the callstack into its elements
        list($base, $plugin, $filename, $methodname) = $callstack;
        // We refuse to include anything that is not auth.php
        if ($filename == 'auth.php' && is_enabled_auth($plugin)) {
            $authclass = 'auth_plugin_' . $plugin;
            $includefile = '/auth/' . $plugin . '/auth.php';
            $response = mnet_server_invoke_method($includefile, $methodname, $method, $payload, $authclass);
            $response = mnet_server_prepare_response($response);
            echo $response;
        } else {
            // Generate error response - unable to locate function
            exit(mnet_server_fault(702, 'nosuchfunction'));
        }
        ////////////////////////////////////// STRICT ENROL
    } elseif ($callstack[0] == 'enrol') {
        // Break out the callstack into its elements
        list($base, $plugin, $filename, $methodname) = $callstack;
        if ($filename == 'enrol.php' && is_enabled_enrol($plugin)) {
            $enrolclass = 'enrolment_plugin_' . $plugin;
            $includefile = '/enrol/' . $plugin . '/enrol.php';
            $response = mnet_server_invoke_method($includefile, $methodname, $method, $payload, $enrolclass);
            $response = mnet_server_prepare_response($response);
            echo $response;
        } else {
            // Generate error response - unable to locate function
            exit(mnet_server_fault(703, 'nosuchfunction'));
        }
        ////////////////////////////////////// STRICT MOD/*
    } elseif ($callstack[0] == 'mod' || 'dangerous' == $CFG->mnet_dispatcher_mode) {
        list($base, $module, $filename, $functionname) = $callstack;
        ////////////////////////////////////// STRICT MOD/*
        if ($base == 'mod' && $filename == 'rpclib.php') {
            $includefile = '/mod/' . $module . '/rpclib.php';
            $response = mnet_server_invoke_method($includefile, $functionname, $method, $payload);
            $response = mnet_server_prepare_response($response);
            echo $response;
            ////////////////////////////////////// DANGEROUS
        } elseif ('dangerous' == $CFG->mnet_dispatcher_mode && $MNET_REMOTE_CLIENT->plaintext_is_ok()) {
            $functionname = array_pop($callstack);
            if ($MNET_REMOTE_CLIENT->plaintext_is_ok()) {
                $filename = clean_param(implode('/', $callstack), PARAM_PATH);
                if (0 == preg_match("/php\$/", $filename)) {
                    // Filename doesn't end in 'php'; possible attack?
                    // Generate error response - unable to locate function
                    exit(mnet_server_fault(7012, 'nosuchfunction'));
                }
                // The call stack holds the path to any include file
                $includefile = $CFG->dirroot . '/' . $filename;
                $response = mnet_server_invoke_method($includefile, $functionname, $method, $payload);
                echo $response;
            }
        } else {
            // Generate error response - unable to locate function
            exit(mnet_server_fault(7012, 'nosuchfunction'));
        }
    } else {
        // Generate error response - unable to locate function
        exit(mnet_server_fault(7012, 'nosuchfunction'));
    }
}
<?php

// $Id: enrol_database_sync.php,v 1.10 2009/05/06 09:13:18 tjhunt Exp $
if (!empty($_SERVER['GATEWAY_INTERFACE'])) {
    error_log("should not be called from apache!");
    exit;
}
error_reporting(E_ALL);
require_once dirname(dirname(dirname(__FILE__))) . '/config.php';
// global moodle config file.
require_once $CFG->dirroot . '/course/lib.php';
require_once $CFG->dirroot . '/enrol/database/enrol.php';
// ensure errors are well explained
$CFG->debug = E_ALL;
if (!is_enabled_enrol('database')) {
    error_log("Database enrol plugin not enabled!");
    die;
}
// update enrolments -- these handlers should autocreate courses if required
$enrol = new enrolment_plugin_database();
// If we have settings to handle roles individually, through each type of
// role and update it.  Otherwise, just got through once (with no role
// specified).
$roles = !empty($CFG->enrol_db_remoterolefield) && !empty($CFG->enrol_db_localrolefield) ? get_all_roles() : array(null);
foreach ($roles as $role) {
    $enrol->sync_enrolments($role);
}
// sync metacourses
if (function_exists('sync_metacourses')) {
    sync_metacourses();
}