function metaWeblog_newMediaObject($message)
{
global $serendipity;
$val = $message->params[0];
$postid = $val->getval();
$val = $message->params[1];
$username = $val->getval();
$val = $message->params[2];
$password = $val->getval();
$val = $message->params[3];
$struct = $val->getval();
if (!serendipity_authenticate_author($username, $password)) {
return new XML_RPC_Response('', XMLRPC_ERR_CODE_AUTHFAILED, XMLRPC_ERR_NAME_AUTHFAILED);
}
$full = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['xmlrpc_uploadreldir'] . $struct['name'];
universal_debug("path: " . $full);
if (!is_dir(dirname($full))) {
@mkdir(dirname($full));
@umask(00);
@chmod(dirname($full), 0755);
}
# some tools are broken and don't base64_encode() the data before submitting;
# Quoting http://www.xmlrpc.com/metaWeblogApi#metaweblognewmediaobject:
# "bits is a base64-encoded binary value containing the content of the object."
if (preg_match('#^[a-zA-Z0-9/+]*={0,2}$#', $struct['bits'])) {
if ($decoded = base64_decode($struct['bits'])) {
$struct['bits'] = $decoded;
}
}
$fp = fopen($full, 'w');
fwrite($fp, $struct['bits']);
fclose($fp);
@umask(00);
@chmod($full, 0664);
$path = $serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $serendipity['xmlrpc_uploadreldir'] . $struct['name'];
universal_debug("url: " . $path);
return new XML_RPC_Response(new XML_RPC_Value(array('url' => new XML_RPC_Value($path, 'string')), 'struct'));
}
/**
* Perform login to Serendipity
*
* @access public
* @param boolean If set to true, external plugins will be queried for getting a login
* @return boolean Return true, if the user is logged in. False if not.
*/
function serendipity_login($use_external = true)
{
global $serendipity;
if (serendipity_authenticate_author('', '', false, $use_external)) {
#The session has this data already
#we previously just checked the value of $_SESSION['serendipityAuthedUser'] but
#we need the authorid still, so call serendipity_authenticate_author with blank
#params
return true;
}
// First try login via POST data. If true, the userinformation will be stored in a cookie (optionally)
if (serendipity_authenticate_author($serendipity['POST']['user'], $serendipity['POST']['pass'], false, $use_external)) {
if (empty($serendipity['POST']['auto'])) {
serendipity_deleteCookie('author_information');
serendipity_deleteCookie('author_information_iv');
return false;
} else {
serendipity_issueAutologin(array('username' => $serendipity['POST']['user'], 'password' => $serendipity['POST']['pass']));
return true;
}
// Now try login via COOKIE data
} elseif (isset($serendipity['COOKIE']['author_information'])) {
$cookie = serendipity_checkAutologin($serendipity['COOKIE']['author_information'], $serendipity['COOKIE']['author_information_iv']);
$data = array('ext' => $use_external, 'mode' => 1, 'user' => $cookie['username'], 'pass' => $cookie['password']);
serendipity_plugin_api::hook_event('backend_loginfail', $data);
if (is_array($cookie) && serendipity_authenticate_author($cookie['username'], $cookie['password'], false, $use_external)) {
return true;
} else {
serendipity_deleteCookie('author_information');
serendipity_deleteCookie('author_information_iv');
return false;
}
}
$data = array('ext' => $use_external, 'mode' => 2, 'user' => $serendipity['POST']['user'], 'pass' => $serendipity['POST']['pass']);
serendipity_plugin_api::hook_event('backend_loginfail', $data);
}
function performLogin($exit = true)
{
global $serendipity;
$this->debug('PerformLogin called.');
if ($this->skip) {
return true;
}
$this->skip = true;
if (serendipity_db_bool($this->get_config('remoteuser')) && !empty($_SERVER['REMOTE_USER'])) {
$this->debug('Checking RemoteUser value: ' . $_SERVER['REMOTE_USER']);
if ($pass = $this->getPassword($_SERVER['REMOTE_USER'])) {
$this->debug('Retrieved password for user. Now authenticating.');
serendipity_authenticate_author($_SERVER['REMOTE_USER'], $pass, true, true);
return true;
} elseif (serendipity_db_bool($this->get_config('wildcard'))) {
$this->debug('Password retrieval failed. Using wildcard auth.');
$this->wildcard_auth($_SERVER['REMOTE_USER']);
return true;
} else {
$this->debug('Password retrieval failed, wildcard auth disabled.');
}
} else {
$this->debug('RemoteUser not enabled or empty: ' . $_SERVER['REMOTE_USER']);
}
$this->debug('Authenticating ' . $_SERVER['PHP_AUTH_USER']);
if (!isset($_SERVER['PHP_AUTH_USER']) || !serendipity_authenticate_author($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], false, false)) {
header('WWW-Authenticate: Basic realm="' . $serendipity['blogTitle'] . '"');
header('HTTP/1.0 401 Unauthorized');
header('Status: 401 Unauthorized');
if ($exit) {
$this->debug('Authentication failed. Exiting.');
exit;
}
} else {
header('X-Authentication: HTTP-AUTH@' . $_SERVER['PHP_AUTH_USER']);
}
}
