/** * Initialize the object (if necessary), execute the method or function, and * return the response * * @param string $includefile The file that contains the object definition * @param string $methodname The name of the method to execute * @param string $method The full path to the method * @param string $payload The XML-RPC request payload * @param string $class The name of the class to instantiate (or false) * @return string The XML-RPC response */ function mnet_server_invoke_method($includefile, $methodname, $method, $payload, $class = false) { $permission = mnet_permit_rpc_call($includefile, $methodname, $class); if (RPC_NOSUCHFILE == $permission) { // Generate error response - unable to locate function exit(mnet_server_fault(705, 'nosuchfile', $includefile)); } if (RPC_NOSUCHFUNCTION == $permission) { // Generate error response - unable to locate function exit(mnet_server_fault(706, 'nosuchfunction')); } if (RPC_FORBIDDENFUNCTION == $permission) { // Generate error response - unable to locate function exit(mnet_server_fault(707, 'forbidden-function')); } if (RPC_NOSUCHCLASS == $permission) { // Generate error response - unable to locate function exit(mnet_server_fault(7013, 'nosuchfunction')); } if (RPC_NOSUCHMETHOD == $permission) { // Generate error response - unable to locate function exit(mnet_server_fault(7014, 'nosuchmethod')); } if (RPC_NOSUCHFUNCTION == $permission) { // Generate error response - unable to locate function exit(mnet_server_fault(7014, 'nosuchmethod')); } if (RPC_FORBIDDENMETHOD == $permission) { // Generate error response - unable to locate function exit(mnet_server_fault(7015, 'nosuchfunction')); } if (0 < $permission) { // Generate error response - unable to locate function exit(mnet_server_fault(7019, 'unknownerror')); } if (RPC_OK == $permission) { $xmlrpcserver = xmlrpc_server_create(); $bool = xmlrpc_server_register_method($xmlrpcserver, $method, 'mnet_server_dummy_method'); $response = xmlrpc_server_call_method($xmlrpcserver, $payload, $methodname, array("encoding" => "utf-8")); $bool = xmlrpc_server_destroy($xmlrpcserver); return $response; } }
/** * Dummy function for the XML-RPC dispatcher - use to call a method on an object * or to call a function * * Translate XML-RPC's strange function call syntax into a more straightforward * PHP-friendly alternative. This dummy function will be called by the * dispatcher, and can be used to call a method on an object, or just a function * * The methodName argument (eg. mnet/testlib/mnet_concatenate_strings) * is ignored. * * @throws mnet_server_exception * * @param string $methodname We discard this - see 'functionname' * @param array $argsarray Each element is an argument to the real * function * @param string $functionname The name of the PHP function you want to call * @return mixed The return value will be that of the real * function, whatever it may be. */ function mnet_server_dummy_method($methodname, $argsarray, $functionname) { $remoteclient = get_mnet_remote_client(); try { if (is_object($remoteclient->object_to_call)) { return @call_user_func_array(array($remoteclient->object_to_call,$functionname), $argsarray); } else if (!empty($remoteclient->static_location)) { return @call_user_func_array(array($remoteclient->static_location, $functionname), $argsarray); } else { return @call_user_func_array($functionname, $argsarray); } } catch (Exception $e) { exit(mnet_server_fault($e->getCode(), $e->getMessage())); } }
/** * Retrieve file list for a user of the Moodle client calling this function * @global <type> $DB * @global <type> $USER * @global <type> $MNET_REMOTE_CLIENT * @global <type> $CFG * @param <type> $username * @param <type> $search * @return <type> */ public function getFileList($username, $search) { global $DB, $USER, $MNET_REMOTE_CLIENT, $CFG; ///check the the user is known ///he has to be previously connected to the server site in order to be in the database //TODO: this seems weird - is it executed from cron or what? Please review $USER = $DB->get_record('user', array('username' => $username, 'mnethostid' => $MNET_REMOTE_CLIENT->id)); if (empty($USER)) { exit(mnet_server_fault(9016, get_string('usernotfound', 'repository_remotemoodle', $username))); } try { return repository::get_user_file_tree($search); } catch (Exception $e) { exit(mnet_server_fault(9016, get_string('failtoretrievelist', 'repository_remotemoodle'))); } }
/** * Return user data for the provided token, compare with user_agent string. * * @param string $token The unique ID provided by remotehost. * @param string $UA User Agent string. * @return array $userdata Array of user info for remote host */ function user_authorise($token, $useragent) { global $CFG, $MNET, $SITE, $MNET_REMOTE_CLIENT, $DB; require_once $CFG->dirroot . '/mnet/xmlrpc/server.php'; $mnet_session = $DB->get_record('mnet_session', array('token' => $token, 'useragent' => $useragent)); if (empty($mnet_session)) { echo mnet_server_fault(1, get_string('authfail_nosessionexists', 'mnet')); exit; } // check session confirm timeout if ($mnet_session->confirm_timeout < time()) { echo mnet_server_fault(2, get_string('authfail_sessiontimedout', 'mnet')); exit; } // session okay, try getting the user if (!($user = $DB->get_record('user', array('id' => $mnet_session->userid)))) { echo mnet_server_fault(3, get_string('authfail_usermismatch', 'mnet')); exit; } $userdata = array(); $userdata['username'] = $user->username; $userdata['email'] = $user->email; $userdata['auth'] = 'mnet'; $userdata['confirmed'] = $user->confirmed; $userdata['deleted'] = $user->deleted; $userdata['firstname'] = $user->firstname; $userdata['lastname'] = $user->lastname; $userdata['city'] = $user->city; $userdata['country'] = $user->country; $userdata['lang'] = $user->lang; $userdata['timezone'] = $user->timezone; $userdata['description'] = $user->description; $userdata['mailformat'] = $user->mailformat; $userdata['maildigest'] = $user->maildigest; $userdata['maildisplay'] = $user->maildisplay; $userdata['htmleditor'] = $user->htmleditor; $userdata['wwwroot'] = $MNET->wwwroot; $userdata['session.gc_maxlifetime'] = ini_get('session.gc_maxlifetime'); $userdata['picture'] = $user->picture; if (!empty($user->picture)) { $imagefile = make_user_directory($user->id, true) . "/f1.jpg"; if (file_exists($imagefile)) { $userdata['imagehash'] = sha1(file_get_contents($imagefile)); } } $userdata['myhosts'] = array(); if ($courses = get_my_courses($user->id, 'id', 'id, visible')) { $userdata['myhosts'][] = array('name' => $SITE->shortname, 'url' => $CFG->wwwroot, 'count' => count($courses)); } $sql = "\n SELECT\n h.name as hostname,\n h.wwwroot,\n h.id as hostid,\n count(c.id) as count\n FROM\n {mnet_enrol_course} c,\n {mnet_enrol_assignments} a,\n {mnet_host} h\n WHERE\n c.id = a.courseid AND\n c.hostid = h.id AND\n a.userid = ? AND\n c.hostid != ?\n GROUP BY\n h.name,\n h.id,\n h.wwwroot"; if ($courses = $DB->get_records_sql($sql, array($user->id, $MNET_REMOTE_CLIENT->id))) { foreach ($courses as $course) { $userdata['myhosts'][] = array('name' => $course->hostname, 'url' => $CFG->wwwroot . '/auth/mnet/jump.php?hostid=' . $course->hostid, 'count' => $course->count); } } return $userdata; }
/** * Return user data for the provided token, compare with user_agent string. * * @param string $token The unique ID provided by remotehost. * @param string $UA User Agent string. * @return array $userdata Array of user info for remote host */ function user_authorise($token, $useragent) { global $CFG, $MNET, $SITE, $MNET_REMOTE_CLIENT; require_once $CFG->dirroot . '/mnet/xmlrpc/server.php'; $mnet_session = get_record('mnet_session', 'token', $token, 'useragent', $useragent); if (empty($mnet_session)) { echo mnet_server_fault(1, get_string('authfail_nosessionexists', 'mnet')); exit; } // check session confirm timeout if ($mnet_session->confirm_timeout < time()) { echo mnet_server_fault(2, get_string('authfail_sessiontimedout', 'mnet')); exit; } // session okay, try getting the user if (!($user = get_record('user', 'id', $mnet_session->userid))) { echo mnet_server_fault(3, get_string('authfail_usermismatch', 'mnet')); exit; } $userdata = array(); $userdata['username'] = $user->username; $userdata['email'] = $user->email; $userdata['auth'] = 'mnet'; $userdata['wwwroot'] = $MNET->wwwroot; $userdata['session.gc_maxlifetime'] = ini_get('session.gc_maxlifetime'); $userdata['picture'] = $user->picture; if (!empty($user->picture)) { $imagefile = make_user_directory($user->id, true) . "/f1.jpg"; if (file_exists($imagefile)) { $userdata['imagehash'] = sha1(file_get_contents($imagefile)); } } //now pull in user profile field settings. $mnetconfig = get_records_menu('config_plugins', 'plugin', 'mnet_userprofile_' . $mnet_session->mnethostid, '', 'name, value'); foreach ($mnetconfig as $field => $value) { if (!empty($value) && !empty($user->{$field})) { $userdata[$value] = $user->{$field}; } } $userdata['myhosts'] = array(); if ($courses = get_my_courses($user->id, 'id', 'id, visible')) { $userdata['myhosts'][] = array('name' => $SITE->shortname, 'url' => $CFG->wwwroot, 'count' => count($courses)); } $sql = "\n SELECT\n h.name as hostname,\n h.wwwroot,\n h.id as hostid,\n count(c.id) as count\n FROM\n {$CFG->prefix}mnet_enrol_course c,\n {$CFG->prefix}mnet_enrol_assignments a,\n {$CFG->prefix}mnet_host h\n WHERE\n c.id = a.courseid AND\n c.hostid = h.id AND\n a.userid = '{$user->id}' AND\n c.hostid != '{$MNET_REMOTE_CLIENT->id}'\n GROUP BY\n h.name,\n h.id,\n h.wwwroot"; if ($courses = get_records_sql($sql)) { foreach ($courses as $course) { $userdata['myhosts'][] = array('name' => $course->hostname, 'url' => $CFG->wwwroot . '/auth/mnet/jump.php?hostid=' . $course->hostid, 'count' => $course->count); } } return $userdata; }
// 3. Request is properly signed and we're happy with it being unencrypted if ($remoteclient->request_was_encrypted == true && $remoteclient->signatureok == true || ($method == 'system.keyswap' || $method == 'system/keyswap') || $remoteclient->signatureok == true && $remoteclient->plaintext_is_ok() == true) { try { // main dispatch call. will echo the response directly mnet_server_dispatch($xmlrpcrequest); mnet_debug('exiting cleanly'); exit; } catch (Exception $e) { mnet_debug('dispatch exception thrown: ' . $e->getMessage()); exit(mnet_server_fault($e->getCode(), $e->getMessage(), $e->a)); } } // if we get to here, something is wrong // so detect a few common cases and send appropriate errors if ($remoteclient->request_was_encrypted == false && $remoteclient->plaintext_is_ok() == false) { mnet_debug('non encrypted request'); exit(mnet_server_fault(7021, get_string('forbidden-transport', 'mnet'))); } if ($remoteclient->request_was_signed == false) { // Request was not signed mnet_debug('non signed request'); exit(mnet_server_fault(711, get_string('verifysignature-error', 'mnet'))); } if ($remoteclient->signatureok == false) { // We were unable to verify the signature mnet_debug('non verified signature'); exit(mnet_server_fault(710, get_string('verifysignature-invalid', 'mnet'))); } mnet_debug('unknown error'); exit(mnet_server_fault(7000, get_string('unknownerror', 'mnet')));
/** * xmlrpc (mnet) function to get the file. * reads in the file and returns it base_64 encoded * so that it can be enrypted by mnet. * * @param string $token the token recieved previously during send_content_intent */ public static function fetch_file($token) { global $DB, $MNET_REMOTE_CLIENT; try { if (!($transferid = $DB->get_field('portfolio_mahara_queue', 'transferid', array('token' => $token)))) { exit(mnet_server_fault(8009, get_string('mnet_notoken', 'portfolio_mahara'))); } $exporter = portfolio_exporter::rewaken_object($transferid); } catch (portfolio_exception $e) { exit(mnet_server_fault(8010, get_string('mnet_noid', 'portfolio_mahara'))); } if ($exporter->get('instance')->get_config('mnethostid') != $MNET_REMOTE_CLIENT->id) { exit(mnet_server_fault(8011, get_string('mnet_wronghost', 'portfolio_mahara'))); } global $CFG; try { $i = $exporter->get('instance'); $f = $i->get('file'); if (empty($f) || !$f instanceof stored_file) { exit(mnet_server_fault(8012, get_string('mnet_nofile', 'portfolio_mahara'))); } try { $c = $f->get_content(); } catch (file_exception $e) { exit(mnet_server_fault(8013, get_string('mnet_nofilecontents', 'portfolio_mahara', $e->getMessage()))); } $contents = base64_encode($c); } catch (Exception $e) { exit(mnet_server_fault(8013, get_string('mnet_nofile', 'portfolio_mahara'))); } $exporter->log_transfer(); $exporter->process_stage_cleanup(true); return $contents; }