diff options
Diffstat (limited to 'lib/class/xmlrpcserver.class.php')
| -rw-r--r-- | lib/class/xmlrpcserver.class.php | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/lib/class/xmlrpcserver.class.php b/lib/class/xmlrpcserver.class.php index 97f0208b..abb8076e 100644 --- a/lib/class/xmlrpcserver.class.php +++ b/lib/class/xmlrpcserver.class.php @@ -136,6 +136,34 @@ class xmlRpcServer { $encoded_key = $xmlrpc_object->params['0']->me['string']; $timestamp = $xmlrpc_object->params['0']->me['int']; + // Check the timestamp make sure it's recent + if ($timestamp < (time() - 14400)) { + debug_event('XMLSERVER','Handshake failure, timestamp too old','1'); + return new xmlrpcresp(php_xmlrpc_encoded("Handshake failure")); + } + + // Log the attempt + debug_event('XMLSERVER','Login Attempt, IP: ' . $_SERVER['REMOTE_ADDR'] . ' Time: ' . $timestamp . ' Hash:' . $encoded_key,'5'); + + // Convert the IP Address to an int + $ip = ip2int($_SERVER['REMOTE_ADDR']); + + // Run the query and return the key's for ACLs of type RPC that would match this IP + $sql = "SELECT * FROM `access_list` WHERE `type`='rpc' AND `start` <= '$ip' AND `end` >= '$ip'"; + $db_results = Dba::query($sql); + + while ($row = Dba::fetch_assoc($db_results)) { + + // Build our encoded passphrase + $md5pass = md5($timestamp . $row['key']); + + if ($md5pass == $encoded_key) { + $token = ''; + } + + } // end while rows + + } // handshake } // xmlRpcServer |