/**
* Security action checks that the caller has the credentials to run the remote methods
*/
function securityAction(&$amfbody)
{
$check = true;
if (!$amfbody->noExec) {
$classConstruct =& $amfbody->getClassConstruct();
$methodName = $amfbody->methodName;
$className = $amfbody->className;
if ($methodName == "_authenticate") {
if (method_exists($classConstruct, "_authenticate")) {
$credentials = $amfbody->getValue();
//Fix for error in _authenticate
//Pass throught the executive
$roles = Executive::doMethodCall($amfbody, $classConstruct, '_authenticate', array($credentials['userid'], $credentials['password']));
if ($roles !== '__amfphp_error' && $roles !== false && $roles !== "") {
Authenticate::login($credentials['userid'], $roles);
return false;
} else {
Authenticate::logout();
return false;
}
} else {
$ex = new AMFException(E_USER_ERROR, "The _authenticate method was not found in the " . $className . " class", __FILE__, __LINE__, "AMFPHP_AUTHENTICATE_NOT_FOUND");
AMFException::throwException($amfbody, $ex);
return false;
}
}
//else
//Check for gateway restrictions
$methodRecord = $classConstruct->methodTable[$methodName];
// create a shortcut for the ugly path
$instanceName = $GLOBALS['amfphp']['instanceName'];
if (isset($instanceName) && isset($methodRecord['instance'])) {
// see if we have an instance defined
if ($instanceName != $methodRecord['instance']) {
// if the names don't match die
$ex = new AMFException(E_USER_ERROR, "The method {" . $methodName . "} instance name does not match this gateway's instance name.", __FILE__, __LINE__, "AMFPHP_INSTANCE_NAME_MISMATCH");
AMFException::throwException($amfbody, $ex);
return false;
}
} else {
if (isset($methodRecord['instance'])) {
// see if the method has an instance defined
if ($instanceName != $methodRecord['instance']) {
// if the names don't match die
$ex = new AMFException(E_USER_ERROR, "The restricted method {" . $methodName . "} is not allowed through a non-restricted gateway.", __FILE__, __LINE__, "AMFPHP_INSTANCE_NAME_RESTRICTION");
AMFException::throwException($amfbody, $ex);
return false;
}
}
}
if (!isset($methodRecord['access']) || strtolower($methodRecord['access']) != "remote") {
// make sure we can remotely call it
$ex = new AMFException(E_USER_ERROR, "ACCESS DENIED: The method {" . $methodName . "} has not been declared a remote method.", __FILE__, __LINE__, "AMFPHP_METHOD_NOT_REMOTE");
AMFException::throwException($amfbody, $ex);
return false;
}
if (isset($methodRecord['roles']) && !Authenticate::isUserInRole($methodRecord['roles'])) {
$ex = new AMFException(E_USER_ERROR, "This user is not does not have access to {" . $methodName . "}.", __FILE__, __LINE__, "AMFPHP_AUTH_MISMATCH");
AMFException::throwException($amfbody, $ex);
return false;
}
}
return true;
}
