require_once $CFG->dirroot . '/mnet/lib.php'; require_once $CFG->dirroot . '/mnet/remote_client.php'; // Content type for output is not html: header('Content-type: text/xml; charset=utf-8'); // PHP 5.2.2: $HTTP_RAW_POST_DATA not populated bug: // http://bugs.php.net/bug.php?id=41293 if (empty($HTTP_RAW_POST_DATA)) { $HTTP_RAW_POST_DATA = file_get_contents('php://input'); } if (!empty($CFG->mnet_rpcdebug)) { trigger_error("HTTP_RAW_POST_DATA"); trigger_error($HTTP_RAW_POST_DATA); } // New global variable which ONLY gets set in this server page, so you know that // if you've been called by a remote Moodle, this should be set: $MNET_REMOTE_CLIENT = new mnet_remote_client(); // Peek at the message to see if it's an XML-ENC document. If it is, note that // the client connection was encrypted, and strip the xml-encryption and // xml-signature wrappers from the XML-RPC payload if (strpos(substr($HTTP_RAW_POST_DATA, 0, 100), '<encryptedMessage>')) { $MNET_REMOTE_CLIENT->was_encrypted(); // Extract the XML-RPC payload from the XML-ENC and XML-SIG wrappers. $payload = mnet_server_strip_wrappers($HTTP_RAW_POST_DATA); } else { $params = xmlrpc_decode_request($HTTP_RAW_POST_DATA, $method); if ($method == 'system.keyswap' || $method == 'system/keyswap') { // OK } elseif ($MNET_REMOTE_CLIENT->plaintext_is_ok() == false) { exit(mnet_server_fault(7021, 'forbidden-transport')); } // Looks like plaintext is ok. It is assumed that a plaintext call:
header('Content-type: text/xml; charset=utf-8'); // PHP 5.2.2: $HTTP_RAW_POST_DATA not populated bug: // http://bugs.php.net/bug.php?id=41293 if (empty($HTTP_RAW_POST_DATA)) { $HTTP_RAW_POST_DATA = file_get_contents('php://input'); } if (!empty($CFG->mnet_rpcdebug)) { trigger_error("HTTP_RAW_POST_DATA"); trigger_error($HTTP_RAW_POST_DATA); } if (!isset($_SERVER)) { exit(mnet_server_fault(712, "phperror")); } // New global variable which ONLY gets set in this server page, so you know that // if you've been called by a remote Moodle, this should be set: $MNET_REMOTE_CLIENT = new mnet_remote_client(); $plaintextmessage = mnet_server_strip_encryption($HTTP_RAW_POST_DATA); $xmlrpcrequest = mnet_server_strip_signature($plaintextmessage); if ($MNET_REMOTE_CLIENT->pushkey == true) { // The peer used one of our older public keys, we will return a // signed/encrypted error message containing our new public key // Sign message with our old key, and encrypt to the peer's private key. exit(mnet_server_fault_xml(7025, $MNET->public_key, $MNET_REMOTE_CLIENT->useprivatekey)); } // Have a peek at what the request would be if we were to process it $params = xmlrpc_decode_request($xmlrpcrequest, $method); // One of three conditions need to be met before we continue processing this request: // 1. Request is properly encrypted and signed // 2. Request is for a keyswap (we don't mind enencrypted or unsigned requests for a public key) // 3. Request is properly signed and we're happy with it being unencrypted if ($MNET_REMOTE_CLIENT->request_was_encrypted == true && $MNET_REMOTE_CLIENT->signatureok == true || ($method == 'system.keyswap' || $method == 'system/keyswap') || $MNET_REMOTE_CLIENT->signatureok == true && $MNET_REMOTE_CLIENT->plaintext_is_ok() == true) {