diff options
| -rw-r--r-- | lib/class/xmldata.class.php | 5 | ||||
| -rw-r--r-- | server/xml.server.php | 22 |
2 files changed, 13 insertions, 14 deletions
diff --git a/lib/class/xmldata.class.php b/lib/class/xmldata.class.php index 21608b3d..7f2e33f6 100644 --- a/lib/class/xmldata.class.php +++ b/lib/class/xmldata.class.php @@ -70,9 +70,10 @@ class xmlData { * This generates a standard XML Error message * nothing fancy here... */ - public static function error($string) { + public static function error($code,$string) { - $string = self::_header() . "\t<error><![CDATA[$string]]></error>" . self::_footer(); + + $string = self::_header() . "\t<error code=\"$code\"><![CDATA[$string]]></error>" . self::_footer(); return $string; } // error diff --git a/server/xml.server.php b/server/xml.server.php index aeae5798..5bb3ead3 100644 --- a/server/xml.server.php +++ b/server/xml.server.php @@ -39,7 +39,7 @@ header("Content-Disposition: attachment; filename=information.xml"); // If we don't even have access control on then we can't use this! if (!Config::get('access_control')) { ob_end_clean(); - echo xmlData::error('Access Control not Enabled'); + echo xmlData::error('501','Access Control not Enabled'); exit; } @@ -47,19 +47,17 @@ if (!Config::get('access_control')) { * Verify the existance of the Session they passed in we do allow them to * login via this interface so we do have an exception for action=login */ - -if ((!vauth::session_exists('api', $_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake')) { - debug_event('Access Denied','Invalid Session attempt to API [' . $_REQUEST['action'] . ']','5'); +if (!Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { + debug_event('Access Denied','Unathorized access attempt to API [' . $_SERVER['REMOTE_ADDR'] . ']', '5'); ob_end_clean(); - echo xmlData::error('Session Expired'); + echo xmlData::error('403','ACL Error'); exit(); -} - +} -if (!Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { - debug_event('Access Denied','Unathorized access attempt to API [' . $_SERVER['REMOTE_ADDR'] . ']', '5'); +if ((!vauth::session_exists('api', $_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake')) { + debug_event('Access Denied','Invalid Session attempt to API [' . $_REQUEST['action'] . ']','5'); ob_end_clean(); - echo xmlData::error('ACL Error'); + echo xmlData::error('401','Session Expired'); exit(); } @@ -77,7 +75,7 @@ switch ($_REQUEST['action']) { if (!$token) { ob_end_clean(); - echo xmlData::error('Error Invalid Handshake, attempt logged'); + echo xmlData::error('401','Error Invalid Handshake, attempt logged'); } else { ob_end_clean(); @@ -273,7 +271,7 @@ switch ($_REQUEST['action']) { break; default: ob_end_clean(); - echo xmlData::error('Invalid Request'); + echo xmlData::error('405','Invalid Request'); break; } // end switch action ?> |