function auth(stdClass $JSONdata)
{
// in the stdObject the following properties need to be present:
// the user name
// the password (encrypted or not)
// the authentication type (id of the $ORIONDBCFG_authserver array in the config file)
if (is_object($JSONdata)) {
//print_r($JSONdata);
//logmessage("processing auth action");
global $ORIONDBCFG_auth_server;
global $OrionDB_SessionPresent;
$authserverpresent = property_exists($JSONdata, 'auth_server_id');
$usernamepresent = property_exists($JSONdata, 'user_name');
$passwordpresent = property_exists($JSONdata, 'passwd');
if ($authserverpresent && $usernamepresent && $passwordpresent) {
// get the type of the server
$authserver = $ORIONDBCFG_auth_server[$JSONdata->auth_server_id];
$type = $authserver["type"];
// no further checking of $type needed, as this data comes from the config file.
$tmpObject = eval("return new OrionDB_authmodule_" . $type . ";");
if ($tmpObject) {
$authserver["user_name"] = $JSONdata->user_name;
$authserver["passwd"] = $JSONdata->passwd;
$authresult = $tmpObject->auth($authserver);
//return $authresult;
if ($authresult) {
if (!$OrionDB_SessionPresent) {
require_once 'includes/OrionDB_Session.php';
OrionDB_Session_start($authresult);
}
// now return the proper data
// first get the temp guid for the posted record as we need to return it
$tmpSystemState = new OrionDB_SystemState();
$tmpSystemState->id = 1;
$tmpSystemState->user_name = $JSONdata->user_name;
$tmpSystemState->login_status = true;
$tmpSystemState->preferred_client = 'admissionexam';
// hardcoding the client for the moment
echo json_encode($tmpSystemState);
// setting the session data
OrionDB_Session_set_information($tmpSystemState);
return true;
} else {
$this->return_logged_out_system_state();
return false;
}
}
}
}
}
if (!$ORIONDBCFG_allow_non_sc_clients) {
$xmlHttpRequestPresent = array_key_exists('HTTP_X_REQUESTED_WITH', $_SERVER);
$SCPresent = array_key_exists('HTTP_X_SPROUTCORE_VERSION', $_SERVER);
if (!$xmlHttpRequestPresent && !$SCPresent) {
echo "You do not have permission to access this resource!";
logmessage('Attempted access to OrionDB from a non-SC client while this is not allowed in the configuration');
die;
}
}
//check whether session support is turned on or authorisation is activated.
if ($ORIONDBCFG_sessions_active || $ORIONDBCFG_auth_module_active) {
// load session support
require_once 'includes/OrionDB_Session.php';
// start session (will fail if authentication is turned on and the user has not authenticated yet)
logmessage("Trying to start session");
$result = OrionDB_Session_start();
if ($result) {
$OrionDB_SessionPresent = true;
}
logmessage("session start trial result: " . $result);
}
// process the call
if (isset($_SERVER['REQUEST_URI']) && isset($_SERVER['REQUEST_METHOD'])) {
//global $ORIONDBCFG_baseURI;
$tmpbaseURI = $ORIONDBCFG_baseURI . "/";
$ORION_actualRequest = substr($_SERVER['REQUEST_URI'], strlen($tmpbaseURI));
//logmessage("Getting request: " . $ORION_actualRequest);
// now we have our actual request
// next find out whether a specific item is being called for, say : student/25 which would be student with id 25
// it could also be that a different request has been made, for example student?order=id.
// this is a collection retrieval
