XML-RPC using HTTP Basic Authentification

XML-RPC using HTTP Basic Authentification - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: XML-RPC using HTTP Basic Authentification (/showthread.php?tid=12935)

XML-RPC using HTTP Basic Authentification - El Forum - 11-05-2008

[eluser]sramage[/eluser]
Hi !

I'm new in CI and I'm trying to replace a XML-RPC server and client written using this lib http://phpxmlrpc.sourceforge.net by CI XML-RPC classes.

I need some security around this server so I have implemented a little HTTP Basic authentication on the server by adding this on the server controler :

Code:
$user = $this->input->server('PHP_AUTH_USER');

    $password = $this->input->server('PHP_AUTH_PW');

    if ($user != $RPC_USER OR $password != $RPC_PASSWORD){

      Header('WWW-Authenticate: Basic realm="rpc"');

      Header('HTTP/1.0 401 Unauthorized');

      exit();

    }

it's works !

now I'm trying to make a client working, but it can't connect using something like "http://username:[email protected]/index.php/rpc"

How can I secure my server? is HTTP Authentification the solution? How make it to work ?

Thank you

XML-RPC using HTTP Basic Authentification - El Forum - 11-06-2008

[eluser]sramage[/eluser]
Finally I solve my problem by writing a new XML-RPC library for CI based on the lib found at http://phpxmlrpc.sourceforge.net
It works good and now I have more functionalities like gzip compression, HTTP Authentification.

Writing a new lib is very easy, CI is really powerful !

XML-RPC using HTTP Basic Authentification - El Forum - 11-06-2008

[eluser]johnwbaxter[/eluser]
Why don't you contribute your new libraries to the wiki?

XML-RPC using HTTP Basic Authentification - El Forum - 11-06-2008

[eluser]Leonard Yulianus[/eluser]
[quote author="sramage" date="1226000130"]Finally I solve my problem by writing a new XML-RPC library for CI based on the lib found at http://phpxmlrpc.sourceforge.net
It works good and now I have more functionalities like gzip compression, HTTP Authentification.

Writing a new lib is very easy, CI is really powerful ![/quote]

yeah i really want to see your approach to this problem...

XML-RPC using HTTP Basic Authentification - El Forum - 11-07-2008

[eluser]sramage[/eluser]
I don't know how put it on the wiki so I post here:

XML-RPC client library:

Code:
&lt;?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

/*

Client xml-rpc utilisant la bibliothèque xmlrpc de sourceforge

http://phpxmlrpc.sourceforge.net

*/

include(APPPATH.'libraries/xmlrpc/xmlrpc.inc');

class Xmlrpc_sf extends xmlrpc_client{

  var $method_name;

  var $request_val;

  var $fault_code;

  var $fault_string;

  var $response;

  function Xmlrpc_sf($params)

  {

    $server_url = $params[0];

    parent::xmlrpc_client($server_url);

  }

  function method($method) #indique la methode à utiliser

  {

    $this->method_name = $method;

  }

  function request($request=null) #indique les paramètres à envoyer pour la méthode

  {

    $this->request_val = php_xmlrpc_encode($request);

  }

  function send_request()

  {

    $message = new xmlrpcmsg($this->method_name,array($this->request_val));

    $response = $this->send($message);

    $this->fault_code = $response->faultCode();

    $this->fault_string = 'Error : '.$this->fault_code.' '.$response->faultString();

    if ($this->fault_code == 0){

      $this->response = $response->value();

    }

    return $this->fault_code == 0;

  }

  function display_error()

  {

    return $this->fault_string;

  }

  function display_response()

  {

    return php_xmlrpc_decode($this->response);

  }

}

?&gt;

XML-RPC server library

Code:
&lt;?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

/*

Serveur xml-rpc utilisant la bibliothèque xmlrpc de sourceforge

http://phpxmlrpc.sourceforge.net

*/

include(APPPATH.'libraries/xmlrpc/xmlrpc.inc');

include(APPPATH.'libraries/xmlrpc/xmlrpcs.inc');

class Xmlrpcs_sf extends xmlrpc_server{

  function Xmlrpcs_sf($functions)

  {

    $functions['test.test'] = array('function' => array($this,'test'));

    $functions['test.echo_test'] = array('function' => array($this,'echo_test'));

    parent::xmlrpc_server($functions,0);

  }

  function send_response($resp)

  {

    $val_resp = php_xmlrpc_encode($resp);

    return new xmlrpcresp($val_resp);

  }

  #test functions

  function test()

  {

    #$response = array(date('d/m/Y H:i:s'),'string');

    $response = date('d/m/Y H:i:s');

    return $this->send_response($response);

  }

  function echo_test($request)

  {

    $params = php_xmlrpc_decode($request);

    $response = 'you said : "'.$params[0].'"';

    return $this->send_response($response);

  }

}

?&gt;

the folder APPPATH/libraries/xmlrpc contain the xmlrpc files.

usage example :
client :

Code:

$server_url = 'http://username:[email protected]/index.php?/rpc/xmlrpc_srv';

$this->load->library('xmlrpc_sf',array($server_url));

    

$this->xmlrpc_sf->setRequestCompression('gzip');

$this->xmlrpc_sf->setAcceptedCompression('gzip');

$this->xmlrpc_sf->request_charset_encoding = 'UTF-8';



$this->xmlrpc_sf->request();

$this->xmlrpc_sf->method('test.test');

$response = $this->xmlrpc_sf->send_request();

echo $this->xmlrpc_sf->display_response();



$this->xmlrpc_sf->request('this is a string');

$this->xmlrpc_sf->method('my.function');

$response = $this->xmlrpc_sf->send_request();

echo $this->xmlrpc_sf->display_response();

server:

Code:
&lt;?php

class Xmlrpc_srv extends Controller {

    function Xmlrpc_srv()

    {

        parent::Controller();    

        $RPC_USER = "username";

    $RPC_PASSWORD = "password";

      #Authentification

    $user = $this->input->server('PHP_AUTH_USER');

    $password = $this->input->server('PHP_AUTH_PW');

    if ($user != $RPC_USER OR $password != $RPC_PASSWORD){

      Header('WWW-Authenticate: Basic realm="rpc"');

      Header('HTTP/1.0 401 Unauthorized');

      exit();

    }

    }

        function index()

    {

    $functions = array();

$functions['my.function'] = array('function' => array($this,'sample_function'));

    $this->load->library('xmlrpcs_sf',$functions);

        $this->xmlrpcs_sf->service();

    }

function sample_function($request)

  {

    $params = php_xmlrpc_decode($request);

    $response = 'you said : "'.$params[0].'"';

    return $this->send_response($response);

  }

?&gt;

XML-RPC using HTTP Basic Authentification - El Forum - 06-04-2009

[eluser]iDVB[/eluser]
Is this really a reliable/secure way to authenticate? Can't someone just sniff your user name and pass?

I'm also currently looking for an XML-RPC authentication method.

XML-RPC using HTTP Basic Authentification - El Forum - 06-05-2009

[eluser]sramage[/eluser]
Hi !
it's just an HTTP Basic Authentification so someone can sniff the username and password just like a website that use basic HTTP Authentification.
If you want an more secure system, maybe you need to use ssl.

XML-RPC using HTTP Basic Authentification - El Forum - 07-28-2011

[eluser]WebMada[/eluser]
I don't understand the problem in this topic: Why don't using the XML RPC library coming with CI?

In fact, is not there a system of session, token and authentication in XML RPC?