From 592ff4f03c57c317ca153298d239099e43aeea5b Mon Sep 17 00:00:00 2001 From: Yannick Warnier Date: Mon, 9 Mar 2009 21:17:29 +0100 Subject: [PATCH] [svn r18892] Updated web service to check IP+secret_key hash --- .../registration/WSRegistration.php | 29 +++++++++---------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/main/webservices/registration/WSRegistration.php b/main/webservices/registration/WSRegistration.php index ca43cefdc6..08434dd2b8 100755 --- a/main/webservices/registration/WSRegistration.php +++ b/main/webservices/registration/WSRegistration.php @@ -3,7 +3,7 @@ require ('../../inc/global.inc.php'); $libpath = api_get_path(LIBRARY_PATH); require_once($libpath.'nusoap/nusoap.php'); require_once ($libpath.'fileManage.lib.php'); -include_once ($libpath.'usermanager.lib.php'); +require_once ($libpath.'usermanager.lib.php'); require_once ($libpath.'fileUpload.lib.php'); require_once(api_get_path(INCLUDE_PATH).'lib/mail.lib.inc.php'); require_once ($libpath.'add_course.lib.inc.php'); @@ -57,7 +57,7 @@ function DokeosWebServiceCreateUser($params) { $secret_key = $params['secret_key']; - if ( $secret_key != $_configuration['security_key']) { + if ( $secret_key != sha1($_SERVER['REMOTE_ADDR'].$_configuration['security_key'])) { return -1; // secret key is incorrect } @@ -224,7 +224,7 @@ function DokeosWebServiceEditUser($params) $secret_key = $params['secret_key']; - if ( $secret_key != $_configuration['security_key']) { + if ( $secret_key != sha1($_SERVER['REMOTE_ADDR'].$_configuration['security_key'])) { return -1; // secret key is incorrect } @@ -334,7 +334,7 @@ function DokeosWebServiceDeleteUser($params) $secret_key = $params['secret_key']; - if ( $secret_key != $_configuration['security_key'] ) { + if ( $secret_key != sha1($_SERVER['REMOTE_ADDR'].$_configuration['security_key'])) { return -1; } $original_user_id_name = $params['original_user_id_name']; @@ -406,7 +406,7 @@ function DokeosWebServiceCreateCourse($params) { $secret_key = $params['secret_key']; - if ( $secret_key != $_configuration['security_key']) { + if ( $secret_key != sha1($_SERVER['REMOTE_ADDR'].$_configuration['security_key'])) { return -1; //secret key is incorrect } @@ -563,7 +563,7 @@ function DokeosWebServiceEditCourse($params){ $secret_key = $params['secret_key']; - if ( $secret_key != $_configuration['security_key']) { + if ( $secret_key != sha1($_SERVER['REMOTE_ADDR'].$_configuration['security_key'])) { return -1; // secret key is incorrect } @@ -662,7 +662,7 @@ function DokeosWebServiceDeleteCourse($params) { $secret_key = $params['secret_key']; - if ( $secret_key != $_configuration['security_key']) { + if ( $secret_key != sha1($_SERVER['REMOTE_ADDR'].$_configuration['security_key'])) { return -1; // secret key is incorrect } @@ -741,7 +741,7 @@ function DokeosWebServiceCreateSession($params) { $secret_key = $params['secret_key']; - if ( $secret_key != $_configuration['security_key'] ) { + if ( $secret_key != sha1($_SERVER['REMOTE_ADDR'].$_configuration['security_key'])) { return -1; } @@ -877,7 +877,7 @@ function DokeosWebServiceEditSession($params) { $secret_key = $params['secret_key']; - if ( $secret_key != $_configuration['security_key']) { + if ( $secret_key != sha1($_SERVER['REMOTE_ADDR'].$_configuration['security_key'])) { return -1; } @@ -975,7 +975,7 @@ function DokeosWebServiceDeleteSession($params) { $secret_key = $params['secret_key']; - if ( $secret_key != $_configuration['security_key'] ) { + if ( $secret_key != sha1($_SERVER['REMOTE_ADDR'].$_configuration['security_key'])) { return -1; } @@ -1056,7 +1056,7 @@ function DokeosWebServiceSubscribeUserToCourse($params) { $secret_key = $params['secret_key']; - if ( $secret_key != $_configuration['security_key']) { + if ( $secret_key != sha1($_SERVER['REMOTE_ADDR'].$_configuration['security_key'])) { return -1; } @@ -1235,7 +1235,7 @@ function DokeosWebServiceUnsubscribeUserFromCourse($params) global $_configuration; $secret_key = $params['secret_key']; - if ( $secret_key != $_configuration['security_key']) { + if ( $secret_key != sha1($_SERVER['REMOTE_ADDR'].$_configuration['security_key'])) { return -1; } @@ -1349,7 +1349,7 @@ function DokeosWebServiceSuscribeUsersToSession($params){ $secret_key = $params['secret_key']; - if ( $secret_key != $_configuration['security_key']) { + if ( $secret_key != sha1($_SERVER['REMOTE_ADDR'].$_configuration['security_key'])) { return -1; } @@ -1485,5 +1485,4 @@ function DokeosWebServiceSuscribeUsersToSession($params){ // Use the request to (try to) invoke the service $HTTP_RAW_POST_DATA = isset($HTTP_RAW_POST_DATA) ? $HTTP_RAW_POST_DATA : ''; -$server->service($HTTP_RAW_POST_DATA); -?> \ No newline at end of file +$server->service($HTTP_RAW_POST_DATA); \ No newline at end of file