XML-RPC uses now a sha256 digest

2025-10-04 18:29:40 +02:00 · 2008-12-11 16:53:14 +00:00 · 2008-12-11 16:53:14 +00:00 · f3bb93b2bf
commit f3bb93b2bf
parent 93f3c4e929
2 changed files with 30 additions and 30 deletions
--- a/lib/class/xmlrpcclient.class.php
+++ b/lib/class/xmlrpcclient.class.php
@ -45,31 +45,31 @@ class xmlRpcClient {
 		// Generate the client
 		$client = self::create_client($target_url); 

-                // 6 that's right, the secret level because if you do have debug on most likely you're 
-                // going to just crash your browser... sorry folks
-                if (Config::get('debug') AND Config::get('debug_level') == '6') { $client->setDebug(1); }  
+		// 6 that's right, the secret level because if you do have debug on most likely you're 
+		// going to just crash your browser... sorry folks
+		if (Config::get('debug') AND Config::get('debug_level') == '6') { $client->setDebug(1); }  

 		// Build our key
-                $timestamp      = time();
-                $handshake_key  = md5($timestamp . $key);
+		$timestamp      = time();
+        $handshake_key  = hash('sha256',$timestamp . hash('sha256',$key)); 

-                $encoded_key    = new XML_RPC_Value($handshake_key,'string');
-                $timestamp      = new XML_RPC_Value($timestamp,'int');
-				$xmlrpc_message = new XML_RPC_Message('xmlrpcserver.handshake',array($encoded_key,$timestamp));
+		$encoded_key    = new XML_RPC_Value($handshake_key,'string');
+		$timestamp      = new XML_RPC_Value($timestamp,'int');
+		$xmlrpc_message = new XML_RPC_Message('xmlrpcserver.handshake',array($encoded_key,$timestamp));
 				
-                // Send it off
-                $response = $client->send($xmlrpc_message,10);
+		// Send it off
+		$response = $client->send($xmlrpc_message,10);
                
-                if ($response->faultCode()) {
-                        $error_msg = _('Error connecting to') . " " . $server . " " . _("Code") . ": " . $response->faultCode() . " " . _("Reason") . ": " . $response->faultString();
-                        debug_event('XMLCLIENT',$error_msg,'1');
-						Error::add('general',$error_msg); 
-                        return;
-                }
+		if ($response->faultCode()) {
+			$error_msg = _('Error connecting to') . " " . $client->server . " " . _("Code") . ": " . $response->faultCode() . " " . _("Reason") . ": " . $response->faultString();
+			debug_event('XMLCLIENT',$error_msg,'1');
+			Error::add('general',$error_msg); 
+			return;
+		}

-                $token = XML_RPC_Decode($response->value());
+		$token = XML_RPC_Decode($response->value());

-		debug_event('XML-RPC',$token . ' returned from ' . $server,'3'); 
+		debug_event('XML-RPC',$token . ' returned from ' . $client->server,'3'); 

 		return $token; 

@ -84,24 +84,24 @@ class xmlRpcClient {

 		$client = self::create_client($target_url); 

-                // 6 that's right, the secret level because if you do have debug on most likely you're 
-                // going to just crash your browser... sorry folks
-                if (Config::get('debug') AND Config::get('debug_level') == '6') { $client->setDebug(1); }
+		// 6 that's right, the secret level because if you do have debug on most likely you're 
+		// going to just crash your browser... sorry folks
+		if (Config::get('debug') AND Config::get('debug_level') == '6') { $client->setDebug(1); }
 	
 		$encoded_key    = new XML_RPC_Value($token,'string');
 		$xmlrpc_message = new XML_RPC_Message('xmlrpcserver.create_stream_session',array($encoded_key)); 
 		
 		$response = $client->send($xmlrpc_message,4);

-                if ($response->faultCode() ) {
-                        $error_msg = _("Error connecting to") . " " . $server . " " . _("Code") . ": " . $response->faultCode() . " " .
-                        debug_event('XMLCLIENT',$error_msg,'1');
-                        return false; 
-                }
+		if ($response->faultCode() ) {
+			$error_msg = _("Error connecting to") . " " . $client->server . " " . _("Code") . ": " . $response->faultCode() . " " .
+			debug_event('XMLCLIENT',$error_msg,'1');
+			return false; 
+		}

 		$sid = XML_RPC_Decode($response->value());

-		debug_event('XML-RPC', $sid . ' stream session ID returned from ' . $server,'3'); 
+		debug_event('XML-RPC', $sid . ' stream session ID returned from ' . $client->server,'3'); 

 		return $sid; 

--- a/lib/class/xmlrpcserver.class.php
+++ b/lib/class/xmlrpcserver.class.php
@ -222,8 +222,8 @@ class xmlRpcServer {
 		while ($row = Dba::fetch_assoc($db_results)) { 
 			
 			// Build our encoded passphrase
-			$md5pass = md5($timestamp . $row['key']); 
-			if ($md5pass == $encoded_key) { 
+			$sha256pass = hash('sha256',$timestamp . hash('sha256',$row['key']));
+			if ($sha256pass == $encoded_key) { 
 				$data['type'] = 'xml-rpc';
 				$data['username'] = 'System'; 
 				$data['value'] = 'Handshake';