function WSHelperVerifyKey($params)
{
global $debug;
$securityFromConfiguration = api_get_configuration_value('security_key');
if (is_array($params)) {
$secret_key = $params['secret_key'];
} else {
$secret_key = $params;
}
//error_log(print_r($params,1));
$check_ip = false;
$ip_matches = false;
$ip = trim($_SERVER['REMOTE_ADDR']);
// if we are behind a reverse proxy, assume it will send the
// HTTP_X_FORWARDED_FOR header and use this IP instead
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
list($ip1) = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
$ip = trim($ip1);
}
if ($debug) {
error_log("ip: {$ip}");
}
// Check if a file that limits access from webservices exists and contains
// the restraining check
if (is_file('webservice-auth-ip.conf.php')) {
include 'webservice-auth-ip.conf.php';
if ($debug) {
error_log("webservice-auth-ip.conf.php file included");
}
if (!empty($ws_auth_ip)) {
$check_ip = true;
$ip_matches = api_check_ip_in_range($ip, $ws_auth_ip);
if ($debug) {
error_log("ip_matches: {$ip_matches}");
}
}
}
if ($debug) {
error_log("checkip " . intval($check_ip));
}
if ($check_ip) {
$security_key = $securityFromConfiguration;
} else {
$security_key = $ip . $securityFromConfiguration;
//error_log($secret_key.'-'.$security_key);
}
$result = api_is_valid_secret_key($secret_key, $security_key);
//error_log($secret_key.'-'.$security_key);
if ($debug) {
error_log('WSHelperVerifyKey result: ' . intval($result));
}
return $result;
}
/**
* Get a list of courses (code, url, title, teacher, language) and return to caller
* Function registered as service. Returns strings in UTF-8.
* @param string User name in Chamilo
* @param string Signature (composed of the sha1(username+apikey)
* @param mixed Array or string. Type of visibility of course (public, public-registered, private, closed)
* @return array Courses list (code=>[title=>'title',url='http://...',teacher=>'...',language=>''],code=>[...],...)
*/
function WSCourseList($username, $signature, $visibilities = 'public')
{
if (empty($username) or empty($signature)) {
return -1;
}
global $_configuration;
$info = api_get_user_info_from_username($username);
$user_id = $info['user_id'];
if (!UserManager::is_admin($user_id)) {
return -1;
}
$list = UserManager::get_api_keys($user_id, 'dokeos');
$key = '';
foreach ($list as $key) {
break;
}
$local_key = $username . $key;
if (!api_is_valid_secret_key($signature, $local_key) && !api_is_valid_secret_key($signature, $username . $_configuration['security_key'])) {
return -1;
// The secret key is incorrect.
}
//public-registered = open
$vis = array('public' => '3', 'public-registered' => '2', 'private' => '1', 'closed' => '0');
$courses_list = array();
if (!is_array($visibilities)) {
$visibilities = split(',', $visibilities);
}
foreach ($visibilities as $visibility) {
if (!in_array($visibility, array_keys($vis))) {
return array('error_msg' => 'Security check failed');
}
$courses_list_tmp = CourseManager::get_courses_list(null, null, null, null, $vis[$visibility]);
foreach ($courses_list_tmp as $index => $course) {
$course_info = CourseManager::get_course_information($course['code']);
$courses_list[] = array('code' => $course['code'], 'title' => api_utf8_encode($course_info['title']), 'url' => api_get_path(WEB_COURSE_PATH) . $course_info['directory'] . '/', 'teacher' => api_utf8_encode($course_info['tutor_name']), 'language' => $course_info['course_language']);
}
}
return $courses_list;
}
/**
* Get a list of events between two dates for the given username
* Function registered as service. Returns strings in UTF-8.
* @param string Username
* @param string User's API key (the user's API key)
* @param int Start date, in YYYYMMDD format
* @param int End date, in YYYYMMDD format
* @return array Events list
*/
function WSEventsList($username, $signature, $datestart = 0, $dateend = 0)
{
if (empty($username) or empty($signature)) {
return -1;
}
global $_configuration;
$info = api_get_user_info_from_username($username);
$user_id = $info['user_id'];
$list = UserManager::get_api_keys($user_id, 'dokeos');
$key = '';
foreach ($list as $key) {
break;
}
$local_key = $username . $key;
if (!api_is_valid_secret_key($signature, $local_key)) {
return -1;
// The secret key is incorrect.
}
$events_list = array();
$user_id = UserManager::get_user_id_from_username($username);
if ($user_id === false) {
return $events_list;
}
// Error in user id recovery.
$ds = substr($datestart, 0, 4) . '-' . substr($datestart, 4, 2) . '-' . substr($datestart, 6, 2) . ' 00:00:00';
$de = substr($dateend, 0, 4) . '-' . substr($dateend, 4, 2) . '-' . substr($dateend, 6, 2) . ' 00:00:00';
$events_list = Agenda::get_personal_agenda_items_between_dates($user_id, $ds, $de);
return $events_list;
}
/**
* Verifies the API key
*
* @param string Secret key
* @return mixed WSError in case of failure, null in case of success
*/
protected function verifyKey($secret_key)
{
$ip = trim($_SERVER['REMOTE_ADDR']);
// if we are behind a reverse proxy, assume it will send the
// HTTP_X_FORWARDED_FOR header and use this IP instead
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
list($ip1, $ip2) = split(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
$ip = trim($ip1);
}
$security_key = $ip . $this->_configuration['security_key'];
if (!api_is_valid_secret_key($secret_key, $security_key)) {
return new WSError(1, "API key is invalid");
} else {
return null;
}
}
