| [ Index ] |
PHP Cross Reference of Drupal 6 (gatewave) |
[Summary view] [Print] [Text view]
1 <?php 2 // $Id: mollom.inc,v 1.1.2.7 2010/09/13 23:52:36 sun Exp $ 3 4 /** 5 * @file 6 * Mollom client/server interaction functions. 7 */ 8 9 /** 10 * Generate authentication data for XML-RPC communication with Mollom servers. 11 * 12 * This function generates an array with all information required to 13 * authenticate against Mollom. To prevent forged requests where you are 14 * impersonated, each request is signed with a hash based on a private 15 * key and a timestamp. 16 * 17 * Both the client and the server share the secret key used to create 18 * the authentication hash. They both hash a timestamp with the secret 19 * key, and if the hashes match, the authenticity of the message is 20 * validated. 21 * 22 * To avoid someone intercepting a (hash, timestamp)-pair and using it 23 * to impersonate a client, Mollom reject any request where the timestamp 24 * is more than 15 minutes off. 25 * 26 * Make sure your server's time is synchronized with the world clocks, 27 * and that you don't share your private key with anyone else. 28 * 29 * @param $public_key 30 * (optional) The public key to use for authentication. Only used internally. 31 * @param $private_key 32 * (optional) The private key to use for authentication. Only used internally. 33 */ 34 function _mollom_authentication($public_key = NULL, $private_key = NULL) { 35 if (!isset($public_key)) { 36 $public_key = variable_get('mollom_public_key', ''); 37 } 38 if (!isset($private_key)) { 39 $private_key = variable_get('mollom_private_key', ''); 40 } 41 42 // Generate a timestamp according to the dateTime format (http://www.w3.org/TR/xmlschema-2/#dateTime): 43 $time = gmdate("Y-m-d\TH:i:s.\\0\\0\\0O", time()); 44 45 // Generate a random number: 46 $nonce = md5(mt_rand()); 47 48 // Calculate a HMAC-SHA1 according to RFC2104 (http://www.ietf.org/rfc/rfc2104.txt): 49 $hash = base64_encode( 50 pack('H*', sha1((str_pad($private_key, 64, chr(0x00)) ^ (str_repeat(chr(0x5c), 64))) . 51 pack('H*', sha1((str_pad($private_key, 64, chr(0x00)) ^ (str_repeat(chr(0x36), 64))) . 52 $time . ':' . $nonce . ':' . $private_key)))) 53 ); 54 55 // Store everything in an array. Elsewhere in the code, we'll add the 56 // actual data before we pass it onto the XML-RPC library: 57 $data['public_key'] = $public_key; 58 $data['time'] = $time; 59 $data['hash'] = $hash; 60 $data['nonce'] = $nonce; 61 62 return $data; 63 } 64 65 /** 66 * Refreshes the list of Mollom's XML-RPC servers. 67 */ 68 function _mollom_retrieve_server_list() { 69 // Start from a hard-coded list of servers. 70 $servers = array('http://xmlrpc1.mollom.com', 'http://xmlrpc2.mollom.com', 'http://xmlrpc3.mollom.com'); 71 $messages = array(); 72 73 // mollom.getServerList cannot use mollom() as we need to prevent infinite 74 // recursion. In addition, we handle returned error codes differently here, 75 // since MOLLOM_REDIRECT and MOLLOM_REFRESH, as well as any other 76 // communication error requires us to skip to the next server to retrieve a 77 // new server list. We only ever abort, if a server returns MOLLOM_ERROR, in 78 // which case there must be a configuration error (e.g., invalid API keys). 79 $method = 'mollom.getServerList'; 80 foreach ($servers as $server) { 81 $result = xmlrpc($server . '/' . MOLLOM_API_VERSION, $method, _mollom_authentication()); 82 if ($result === FALSE && ($error = xmlrpc_error())) { 83 // In any case, log the error. 84 $messages[] = array( 85 'Error @errno from %server for %method: %message' => array( 86 '@errno' => $error->code, 87 '%server' => $server, 88 '%method' => $method, 89 '%message' => $error->message, 90 ), 91 ); 92 // Skip to the next server in case of any error, except if we have a 93 // MOLLOM_ERROR, which indicates a bogus configuration. In this case, stop 94 // trying, since all servers will fail. 95 if ($error->code === MOLLOM_ERROR) { 96 break; 97 } 98 } 99 // Otherwise, we have a valid result. 100 else { 101 break; 102 } 103 } 104 if (is_array($result)) { 105 _mollom_watchdog_multiple($messages, WATCHDOG_DEBUG); 106 return $result; 107 } 108 else { 109 _mollom_watchdog_multiple($messages, WATCHDOG_ERROR); 110 return xmlrpc_errno(); 111 } 112 } 113
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Mar 24 11:18:33 2011 | Cross-referenced by PHPXref 0.7 |