Esempio n. 1
0
function WSHelperVerifyKey($params)
{
    global $debug;
    $securityFromConfiguration = api_get_configuration_value('security_key');
    if (is_array($params)) {
        $secret_key = $params['secret_key'];
    } else {
        $secret_key = $params;
    }
    //error_log(print_r($params,1));
    $check_ip = false;
    $ip_matches = false;
    $ip = trim($_SERVER['REMOTE_ADDR']);
    // if we are behind a reverse proxy, assume it will send the
    // HTTP_X_FORWARDED_FOR header and use this IP instead
    if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        list($ip1) = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
        $ip = trim($ip1);
    }
    if ($debug) {
        error_log("ip: {$ip}");
    }
    // Check if a file that limits access from webservices exists and contains
    // the restraining check
    if (is_file('webservice-auth-ip.conf.php')) {
        include 'webservice-auth-ip.conf.php';
        if ($debug) {
            error_log("webservice-auth-ip.conf.php file included");
        }
        if (!empty($ws_auth_ip)) {
            $check_ip = true;
            $ip_matches = api_check_ip_in_range($ip, $ws_auth_ip);
            if ($debug) {
                error_log("ip_matches: {$ip_matches}");
            }
        }
    }
    if ($debug) {
        error_log("checkip " . intval($check_ip));
    }
    if ($check_ip) {
        $security_key = $securityFromConfiguration;
    } else {
        $security_key = $ip . $securityFromConfiguration;
        //error_log($secret_key.'-'.$security_key);
    }
    $result = api_is_valid_secret_key($secret_key, $security_key);
    //error_log($secret_key.'-'.$security_key);
    if ($debug) {
        error_log('WSHelperVerifyKey result: ' . intval($result));
    }
    return $result;
}
Esempio n. 2
0
/**
 * Get a list of courses (code, url, title, teacher, language) and return to caller
 * Function registered as service. Returns strings in UTF-8.
 * @param string User name in Chamilo
 * @param string Signature (composed of the sha1(username+apikey)
 * @param mixed  Array or string. Type of visibility of course (public, public-registered, private, closed)
 * @return array Courses list (code=>[title=>'title',url='http://...',teacher=>'...',language=>''],code=>[...],...)
 */
function WSCourseList($username, $signature, $visibilities = 'public')
{
    if (empty($username) or empty($signature)) {
        return -1;
    }
    global $_configuration;
    $info = api_get_user_info_from_username($username);
    $user_id = $info['user_id'];
    if (!UserManager::is_admin($user_id)) {
        return -1;
    }
    $list = UserManager::get_api_keys($user_id, 'dokeos');
    $key = '';
    foreach ($list as $key) {
        break;
    }
    $local_key = $username . $key;
    if (!api_is_valid_secret_key($signature, $local_key) && !api_is_valid_secret_key($signature, $username . $_configuration['security_key'])) {
        return -1;
        // The secret key is incorrect.
    }
    //public-registered = open
    $vis = array('public' => '3', 'public-registered' => '2', 'private' => '1', 'closed' => '0');
    $courses_list = array();
    if (!is_array($visibilities)) {
        $visibilities = split(',', $visibilities);
    }
    foreach ($visibilities as $visibility) {
        if (!in_array($visibility, array_keys($vis))) {
            return array('error_msg' => 'Security check failed');
        }
        $courses_list_tmp = CourseManager::get_courses_list(null, null, null, null, $vis[$visibility]);
        foreach ($courses_list_tmp as $index => $course) {
            $course_info = CourseManager::get_course_information($course['code']);
            $courses_list[] = array('code' => $course['code'], 'title' => api_utf8_encode($course_info['title']), 'url' => api_get_path(WEB_COURSE_PATH) . $course_info['directory'] . '/', 'teacher' => api_utf8_encode($course_info['tutor_name']), 'language' => $course_info['course_language']);
        }
    }
    return $courses_list;
}
Esempio n. 3
0
/**
 * Get a list of events between two dates for the given username
 * Function registered as service. Returns strings in UTF-8.
 * @param string Username
 * @param string User's API key (the user's API key)
 * @param int    Start date, in YYYYMMDD format
 * @param int    End date, in YYYYMMDD format
 * @return array Events list
 */
function WSEventsList($username, $signature, $datestart = 0, $dateend = 0)
{
    if (empty($username) or empty($signature)) {
        return -1;
    }
    global $_configuration;
    $info = api_get_user_info_from_username($username);
    $user_id = $info['user_id'];
    $list = UserManager::get_api_keys($user_id, 'dokeos');
    $key = '';
    foreach ($list as $key) {
        break;
    }
    $local_key = $username . $key;
    if (!api_is_valid_secret_key($signature, $local_key)) {
        return -1;
        // The secret key is incorrect.
    }
    $events_list = array();
    $user_id = UserManager::get_user_id_from_username($username);
    if ($user_id === false) {
        return $events_list;
    }
    // Error in user id recovery.
    $ds = substr($datestart, 0, 4) . '-' . substr($datestart, 4, 2) . '-' . substr($datestart, 6, 2) . ' 00:00:00';
    $de = substr($dateend, 0, 4) . '-' . substr($dateend, 4, 2) . '-' . substr($dateend, 6, 2) . ' 00:00:00';
    $events_list = Agenda::get_personal_agenda_items_between_dates($user_id, $ds, $de);
    return $events_list;
}
Esempio n. 4
0
 /**
  * Verifies the API key
  * 
  * @param string Secret key
  * @return mixed WSError in case of failure, null in case of success
  */
 protected function verifyKey($secret_key)
 {
     $ip = trim($_SERVER['REMOTE_ADDR']);
     // if we are behind a reverse proxy, assume it will send the
     // HTTP_X_FORWARDED_FOR header and use this IP instead
     if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
         list($ip1, $ip2) = split(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
         $ip = trim($ip1);
     }
     $security_key = $ip . $this->_configuration['security_key'];
     if (!api_is_valid_secret_key($secret_key, $security_key)) {
         return new WSError(1, "API key is invalid");
     } else {
         return null;
     }
 }