/** * @param string $email * @param string $password * @return bool * @access public */ public function isValidLogin($email, $password) { if (!Auth::isCorrectPassword($email, $password) && !APIAuthToken::isTokenValidForEmail($password, $email)) { $is_valid = false; } else { $is_valid = true; } return $is_valid; }
/** * NOTE: this needs to be public for PHP 5.3 compatibility * * @param ReflectionMethod $method * @param array $params Method parameters in already decoded into PHP types * @param bool $public true if method should not be protected with login/password * @param array $pdesc Parameter descriptions * @return string */ public function handle($method, $params, $public, $pdesc) { // there's method to set this via $client->setAutoBase64(true); // but nothing at server side. where we actually need it $GLOBALS['XML_RPC_auto_base64'] = true; try { if (!$public) { list($email, $password) = $this->getAuthParams($params); if (!Auth::isCorrectPassword($email, $password) && !APIAuthToken::isTokenValidForEmail($password, $email)) { // FIXME: role is not checked here throw new RemoteApiException("Authentication failed for {$email}. Your login/password/api key is invalid or you do not have the proper role."); } AuthCookie::setAuthCookie($email); } if ($pdesc) { $this->decodeParams($params, $pdesc); } $res = $method->invokeArgs($this->api, $params); } catch (Exception $e) { global $XML_RPC_erruser; $code = $e->getCode() ?: 1; $res = new XML_RPC_Response(0, $XML_RPC_erruser + $code, $e->getMessage()); } if (!$res instanceof XML_RPC_Response) { $res = new XML_RPC_Response(XML_RPC_Encode($res)); } return $res; }