function metaWeblog_newMediaObject($message) { global $serendipity; $val = $message->params[0]; $postid = $val->getval(); $val = $message->params[1]; $username = $val->getval(); $val = $message->params[2]; $password = $val->getval(); $val = $message->params[3]; $struct = $val->getval(); if (!serendipity_authenticate_author($username, $password)) { return new XML_RPC_Response('', XMLRPC_ERR_CODE_AUTHFAILED, XMLRPC_ERR_NAME_AUTHFAILED); } $full = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['xmlrpc_uploadreldir'] . $struct['name']; universal_debug("path: " . $full); if (!is_dir(dirname($full))) { @mkdir(dirname($full)); @umask(00); @chmod(dirname($full), 0755); } # some tools are broken and don't base64_encode() the data before submitting; # Quoting http://www.xmlrpc.com/metaWeblogApi#metaweblognewmediaobject: # "bits is a base64-encoded binary value containing the content of the object." if (preg_match('#^[a-zA-Z0-9/+]*={0,2}$#', $struct['bits'])) { if ($decoded = base64_decode($struct['bits'])) { $struct['bits'] = $decoded; } } $fp = fopen($full, 'w'); fwrite($fp, $struct['bits']); fclose($fp); @umask(00); @chmod($full, 0664); $path = $serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $serendipity['xmlrpc_uploadreldir'] . $struct['name']; universal_debug("url: " . $path); return new XML_RPC_Response(new XML_RPC_Value(array('url' => new XML_RPC_Value($path, 'string')), 'struct')); }
/** * Perform login to Serendipity * * @access public * @param boolean If set to true, external plugins will be queried for getting a login * @return boolean Return true, if the user is logged in. False if not. */ function serendipity_login($use_external = true) { global $serendipity; if (serendipity_authenticate_author('', '', false, $use_external)) { #The session has this data already #we previously just checked the value of $_SESSION['serendipityAuthedUser'] but #we need the authorid still, so call serendipity_authenticate_author with blank #params return true; } // First try login via POST data. If true, the userinformation will be stored in a cookie (optionally) if (serendipity_authenticate_author($serendipity['POST']['user'], $serendipity['POST']['pass'], false, $use_external)) { if (empty($serendipity['POST']['auto'])) { serendipity_deleteCookie('author_information'); serendipity_deleteCookie('author_information_iv'); return false; } else { serendipity_issueAutologin(array('username' => $serendipity['POST']['user'], 'password' => $serendipity['POST']['pass'])); return true; } // Now try login via COOKIE data } elseif (isset($serendipity['COOKIE']['author_information'])) { $cookie = serendipity_checkAutologin($serendipity['COOKIE']['author_information'], $serendipity['COOKIE']['author_information_iv']); $data = array('ext' => $use_external, 'mode' => 1, 'user' => $cookie['username'], 'pass' => $cookie['password']); serendipity_plugin_api::hook_event('backend_loginfail', $data); if (is_array($cookie) && serendipity_authenticate_author($cookie['username'], $cookie['password'], false, $use_external)) { return true; } else { serendipity_deleteCookie('author_information'); serendipity_deleteCookie('author_information_iv'); return false; } } $data = array('ext' => $use_external, 'mode' => 2, 'user' => $serendipity['POST']['user'], 'pass' => $serendipity['POST']['pass']); serendipity_plugin_api::hook_event('backend_loginfail', $data); }
function performLogin($exit = true) { global $serendipity; $this->debug('PerformLogin called.'); if ($this->skip) { return true; } $this->skip = true; if (serendipity_db_bool($this->get_config('remoteuser')) && !empty($_SERVER['REMOTE_USER'])) { $this->debug('Checking RemoteUser value: ' . $_SERVER['REMOTE_USER']); if ($pass = $this->getPassword($_SERVER['REMOTE_USER'])) { $this->debug('Retrieved password for user. Now authenticating.'); serendipity_authenticate_author($_SERVER['REMOTE_USER'], $pass, true, true); return true; } elseif (serendipity_db_bool($this->get_config('wildcard'))) { $this->debug('Password retrieval failed. Using wildcard auth.'); $this->wildcard_auth($_SERVER['REMOTE_USER']); return true; } else { $this->debug('Password retrieval failed, wildcard auth disabled.'); } } else { $this->debug('RemoteUser not enabled or empty: ' . $_SERVER['REMOTE_USER']); } $this->debug('Authenticating ' . $_SERVER['PHP_AUTH_USER']); if (!isset($_SERVER['PHP_AUTH_USER']) || !serendipity_authenticate_author($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], false, false)) { header('WWW-Authenticate: Basic realm="' . $serendipity['blogTitle'] . '"'); header('HTTP/1.0 401 Unauthorized'); header('Status: 401 Unauthorized'); if ($exit) { $this->debug('Authentication failed. Exiting.'); exit; } } else { header('X-Authentication: HTTP-AUTH@' . $_SERVER['PHP_AUTH_USER']); } }