require_once $CFG->dirroot . '/mnet/lib.php';
require_once $CFG->dirroot . '/mnet/remote_client.php';
// Content type for output is not html:
header('Content-type: text/xml; charset=utf-8');
// PHP 5.2.2: $HTTP_RAW_POST_DATA not populated bug:
// http://bugs.php.net/bug.php?id=41293
if (empty($HTTP_RAW_POST_DATA)) {
$HTTP_RAW_POST_DATA = file_get_contents('php://input');
}
if (!empty($CFG->mnet_rpcdebug)) {
trigger_error("HTTP_RAW_POST_DATA");
trigger_error($HTTP_RAW_POST_DATA);
}
// New global variable which ONLY gets set in this server page, so you know that
// if you've been called by a remote Moodle, this should be set:
$MNET_REMOTE_CLIENT = new mnet_remote_client();
// Peek at the message to see if it's an XML-ENC document. If it is, note that
// the client connection was encrypted, and strip the xml-encryption and
// xml-signature wrappers from the XML-RPC payload
if (strpos(substr($HTTP_RAW_POST_DATA, 0, 100), '<encryptedMessage>')) {
$MNET_REMOTE_CLIENT->was_encrypted();
// Extract the XML-RPC payload from the XML-ENC and XML-SIG wrappers.
$payload = mnet_server_strip_wrappers($HTTP_RAW_POST_DATA);
} else {
$params = xmlrpc_decode_request($HTTP_RAW_POST_DATA, $method);
if ($method == 'system.keyswap' || $method == 'system/keyswap') {
// OK
} elseif ($MNET_REMOTE_CLIENT->plaintext_is_ok() == false) {
exit(mnet_server_fault(7021, 'forbidden-transport'));
}
// Looks like plaintext is ok. It is assumed that a plaintext call:
header('Content-type: text/xml; charset=utf-8');
// PHP 5.2.2: $HTTP_RAW_POST_DATA not populated bug:
// http://bugs.php.net/bug.php?id=41293
if (empty($HTTP_RAW_POST_DATA)) {
$HTTP_RAW_POST_DATA = file_get_contents('php://input');
}
if (!empty($CFG->mnet_rpcdebug)) {
trigger_error("HTTP_RAW_POST_DATA");
trigger_error($HTTP_RAW_POST_DATA);
}
if (!isset($_SERVER)) {
exit(mnet_server_fault(712, "phperror"));
}
// New global variable which ONLY gets set in this server page, so you know that
// if you've been called by a remote Moodle, this should be set:
$MNET_REMOTE_CLIENT = new mnet_remote_client();
$plaintextmessage = mnet_server_strip_encryption($HTTP_RAW_POST_DATA);
$xmlrpcrequest = mnet_server_strip_signature($plaintextmessage);
if ($MNET_REMOTE_CLIENT->pushkey == true) {
// The peer used one of our older public keys, we will return a
// signed/encrypted error message containing our new public key
// Sign message with our old key, and encrypt to the peer's private key.
exit(mnet_server_fault_xml(7025, $MNET->public_key, $MNET_REMOTE_CLIENT->useprivatekey));
}
// Have a peek at what the request would be if we were to process it
$params = xmlrpc_decode_request($xmlrpcrequest, $method);
// One of three conditions need to be met before we continue processing this request:
// 1. Request is properly encrypted and signed
// 2. Request is for a keyswap (we don't mind enencrypted or unsigned requests for a public key)
// 3. Request is properly signed and we're happy with it being unencrypted
if ($MNET_REMOTE_CLIENT->request_was_encrypted == true && $MNET_REMOTE_CLIENT->signatureok == true || ($method == 'system.keyswap' || $method == 'system/keyswap') || $MNET_REMOTE_CLIENT->signatureok == true && $MNET_REMOTE_CLIENT->plaintext_is_ok() == true) {
