Пример #1
0
/**
 * Security action checks that the caller has the credentials to run the remote methods
 */
function securityAction(&$amfbody)
{
    $check = true;
    if (!$amfbody->noExec) {
        $classConstruct =& $amfbody->getClassConstruct();
        $methodName = $amfbody->methodName;
        $className = $amfbody->className;
        if ($methodName == "_authenticate") {
            if (method_exists($classConstruct, "_authenticate")) {
                $credentials = $amfbody->getValue();
                //Fix for error in _authenticate
                //Pass throught the executive
                $roles = Executive::doMethodCall($amfbody, $classConstruct, '_authenticate', array($credentials['userid'], $credentials['password']));
                if ($roles !== '__amfphp_error' && $roles !== false && $roles !== "") {
                    Authenticate::login($credentials['userid'], $roles);
                    return false;
                } else {
                    Authenticate::logout();
                    return false;
                }
            } else {
                $ex = new AMFException(E_USER_ERROR, "The _authenticate method was not found in the " . $className . " class", __FILE__, __LINE__, "AMFPHP_AUTHENTICATE_NOT_FOUND");
                AMFException::throwException($amfbody, $ex);
                return false;
            }
        }
        //else
        //Check for gateway restrictions
        $methodRecord = $classConstruct->methodTable[$methodName];
        // create a shortcut for the ugly path
        $instanceName = $GLOBALS['amfphp']['instanceName'];
        if (isset($instanceName) && isset($methodRecord['instance'])) {
            // see if we have an instance defined
            if ($instanceName != $methodRecord['instance']) {
                // if the names don't match die
                $ex = new AMFException(E_USER_ERROR, "The method {" . $methodName . "} instance name does not match this gateway's instance name.", __FILE__, __LINE__, "AMFPHP_INSTANCE_NAME_MISMATCH");
                AMFException::throwException($amfbody, $ex);
                return false;
            }
        } else {
            if (isset($methodRecord['instance'])) {
                // see if the method has an instance defined
                if ($instanceName != $methodRecord['instance']) {
                    // if the names don't match die
                    $ex = new AMFException(E_USER_ERROR, "The restricted method {" . $methodName . "} is not allowed through a non-restricted gateway.", __FILE__, __LINE__, "AMFPHP_INSTANCE_NAME_RESTRICTION");
                    AMFException::throwException($amfbody, $ex);
                    return false;
                }
            }
        }
        if (!isset($methodRecord['access']) || strtolower($methodRecord['access']) != "remote") {
            // make sure we can remotely call it
            $ex = new AMFException(E_USER_ERROR, "ACCESS DENIED: The method {" . $methodName . "} has not been declared a remote method.", __FILE__, __LINE__, "AMFPHP_METHOD_NOT_REMOTE");
            AMFException::throwException($amfbody, $ex);
            return false;
        }
        if (isset($methodRecord['roles']) && !Authenticate::isUserInRole($methodRecord['roles'])) {
            $ex = new AMFException(E_USER_ERROR, "This user is not does not have access to {" . $methodName . "}.", __FILE__, __LINE__, "AMFPHP_AUTH_MISMATCH");
            AMFException::throwException($amfbody, $ex);
            return false;
        }
    }
    return true;
}