See Release Notes
Long Term Support Release
Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401] [Versions 400 and 401]
1 <?php 2 /** 3 * An XML-RPC server 4 * 5 * @author Donal McMullan donal@catalyst.net.nz 6 * @version 0.0.1 7 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License 8 * @package mnet 9 */ 10 11 // Make certain that config.php doesn't display any errors, and that it doesn't 12 // override our do-not-display-errors setting: 13 // disable moodle specific debug messages and any errors in output 14 define('NO_DEBUG_DISPLAY', true); 15 // cookies are not used, makes sure there is empty global $USER 16 define('NO_MOODLE_COOKIES', true); 17 18 define('MNET_SERVER', true); 19 20 require(__DIR__.'/../../config.php'); 21 22 $mnet = get_mnet_environment(); 23 // Include MNET stuff: 24 require_once $CFG->dirroot.'/mnet/lib.php'; 25 require_once $CFG->dirroot.'/mnet/remote_client.php'; 26 require_once $CFG->dirroot.'/mnet/xmlrpc/serverlib.php'; 27 28 29 if ($CFG->mnet_dispatcher_mode === 'off') { 30 throw new \moodle_exception('mnetdisabled', 'mnet'); 31 } 32 33 // Content type for output is not html: 34 header('Content-type: text/xml; charset=utf-8'); 35 36 $rawpostdata = file_get_contents("php://input"); 37 mnet_debug("RAW POST DATA", 2); 38 mnet_debug($rawpostdata, 2); 39 40 if (!isset($_SERVER)) { 41 exit(mnet_server_fault(712, get_string('phperror', 'mnet'))); 42 } 43 44 45 // New global variable which ONLY gets set in this server page, so you know that 46 // if you've been called by a remote Moodle, this should be set: 47 $remoteclient = new mnet_remote_client(); 48 set_mnet_remote_client($remoteclient); 49 50 try { 51 $plaintextmessage = mnet_server_strip_encryption($rawpostdata); 52 $xmlrpcrequest = mnet_server_strip_signature($plaintextmessage); 53 } catch (Exception $e) { 54 mnet_debug('encryption strip exception thrown: ' . $e->getMessage()); 55 exit(mnet_server_fault($e->getCode(), $e->getMessage(), $e->a)); 56 } 57 58 mnet_debug('XMLRPC Payload', 2); 59 mnet_debug($xmlrpcrequest, 2); 60 61 if($remoteclient->pushkey == true) { 62 // The peer used one of our older public keys, we will return a 63 // signed/encrypted error message containing our new public key 64 // Sign message with our old key, and encrypt to the peer's private key. 65 mnet_debug('sending back new key'); 66 exit(mnet_server_fault_xml(7025, $mnet->public_key, $remoteclient->useprivatekey)); 67 } 68 // Have a peek at what the request would be if we were to process it 69 $encoder = new \PhpXmlRpc\Encoder(); 70 $orequest = $encoder->decodeXML($xmlrpcrequest); // First, to internal. 71 $method = $orequest->method(); // We just need the method. 72 mnet_debug("incoming mnet request $method"); 73 74 // One of three conditions need to be met before we continue processing this request: 75 // 1. Request is properly encrypted and signed 76 // 2. Request is for a keyswap (we don't mind enencrypted or unsigned requests for a public key) 77 // 3. Request is properly signed and we're happy with it being unencrypted 78 if ((($remoteclient->request_was_encrypted == true) && ($remoteclient->signatureok == true)) 79 || (($method == 'system.keyswap') || ($method == 'system/keyswap')) 80 || (($remoteclient->signatureok == true) && ($remoteclient->plaintext_is_ok() == true))) { 81 try { 82 // main dispatch call. will echo the response directly 83 mnet_server_dispatch($xmlrpcrequest); 84 mnet_debug('exiting cleanly'); 85 exit; 86 } catch (Exception $e) { 87 mnet_debug('dispatch exception thrown: ' . $e->getMessage()); 88 exit(mnet_server_fault($e->getCode(), $e->getMessage(), $e->a)); 89 } 90 } 91 // if we get to here, something is wrong 92 // so detect a few common cases and send appropriate errors 93 if (($remoteclient->request_was_encrypted == false) && ($remoteclient->plaintext_is_ok() == false)) { 94 mnet_debug('non encrypted request'); 95 exit(mnet_server_fault(7021, get_string('forbidden-transport', 'mnet'))); 96 } 97 98 if ($remoteclient->request_was_signed == false) { 99 // Request was not signed 100 mnet_debug('non signed request'); 101 exit(mnet_server_fault(711, get_string('verifysignature-error', 'mnet'))); 102 } 103 104 if ($remoteclient->signatureok == false) { 105 // We were unable to verify the signature 106 mnet_debug('non verified signature'); 107 exit(mnet_server_fault(710, get_string('verifysignature-invalid', 'mnet'))); 108 } 109 mnet_debug('unknown error'); 110 exit(mnet_server_fault(7000, get_string('unknownerror', 'mnet')));
title
Description
Body
title
Description
Body
title
Description
Body
title
Body