function auth(stdClass $JSONdata) { // in the stdObject the following properties need to be present: // the user name // the password (encrypted or not) // the authentication type (id of the $ORIONDBCFG_authserver array in the config file) if (is_object($JSONdata)) { //print_r($JSONdata); //logmessage("processing auth action"); global $ORIONDBCFG_auth_server; global $OrionDB_SessionPresent; $authserverpresent = property_exists($JSONdata, 'auth_server_id'); $usernamepresent = property_exists($JSONdata, 'user_name'); $passwordpresent = property_exists($JSONdata, 'passwd'); if ($authserverpresent && $usernamepresent && $passwordpresent) { // get the type of the server $authserver = $ORIONDBCFG_auth_server[$JSONdata->auth_server_id]; $type = $authserver["type"]; // no further checking of $type needed, as this data comes from the config file. $tmpObject = eval("return new OrionDB_authmodule_" . $type . ";"); if ($tmpObject) { $authserver["user_name"] = $JSONdata->user_name; $authserver["passwd"] = $JSONdata->passwd; $authresult = $tmpObject->auth($authserver); //return $authresult; if ($authresult) { if (!$OrionDB_SessionPresent) { require_once 'includes/OrionDB_Session.php'; OrionDB_Session_start($authresult); } // now return the proper data // first get the temp guid for the posted record as we need to return it $tmpSystemState = new OrionDB_SystemState(); $tmpSystemState->id = 1; $tmpSystemState->user_name = $JSONdata->user_name; $tmpSystemState->login_status = true; $tmpSystemState->preferred_client = 'admissionexam'; // hardcoding the client for the moment echo json_encode($tmpSystemState); // setting the session data OrionDB_Session_set_information($tmpSystemState); return true; } else { $this->return_logged_out_system_state(); return false; } } } } }
if (!$ORIONDBCFG_allow_non_sc_clients) { $xmlHttpRequestPresent = array_key_exists('HTTP_X_REQUESTED_WITH', $_SERVER); $SCPresent = array_key_exists('HTTP_X_SPROUTCORE_VERSION', $_SERVER); if (!$xmlHttpRequestPresent && !$SCPresent) { echo "You do not have permission to access this resource!"; logmessage('Attempted access to OrionDB from a non-SC client while this is not allowed in the configuration'); die; } } //check whether session support is turned on or authorisation is activated. if ($ORIONDBCFG_sessions_active || $ORIONDBCFG_auth_module_active) { // load session support require_once 'includes/OrionDB_Session.php'; // start session (will fail if authentication is turned on and the user has not authenticated yet) logmessage("Trying to start session"); $result = OrionDB_Session_start(); if ($result) { $OrionDB_SessionPresent = true; } logmessage("session start trial result: " . $result); } // process the call if (isset($_SERVER['REQUEST_URI']) && isset($_SERVER['REQUEST_METHOD'])) { //global $ORIONDBCFG_baseURI; $tmpbaseURI = $ORIONDBCFG_baseURI . "/"; $ORION_actualRequest = substr($_SERVER['REQUEST_URI'], strlen($tmpbaseURI)); //logmessage("Getting request: " . $ORION_actualRequest); // now we have our actual request // next find out whether a specific item is being called for, say : student/25 which would be student with id 25 // it could also be that a different request has been made, for example student?order=id. // this is a collection retrieval