Index: xmlrpc.php =================================================================== --- xmlrpc.php (revision 192) +++ xmlrpc.php (working copy) @@ -5,10 +5,18 @@ * @file * PHP page for handling incoming XML-RPC requests from clients. */ - include_once './includes/bootstrap.inc'; drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); include_once './includes/xmlrpc.inc'; include_once './includes/xmlrpcs.inc'; -xmlrpc_server(module_invoke_all('xmlrpc')); +if (isset($_GET['token'])) { + $token = trim($_GET['token']); + if (db_result(db_query("SELECT 1 FROM {sessions} WHERE sid='%s'",$token))) { + sess_destroy(session_id()); // destroy the current anonymous session id + sess_read($token); + session_id($token); + } +} + +xmlrpc_server(module_invoke_all('xmlrpc')); \ No newline at end of file Index: includes/xmlrpcs.inc =================================================================== --- includes/xmlrpcs.inc (revision 192) +++ includes/xmlrpcs.inc (working copy) @@ -2,6 +2,8 @@ // $Id: xmlrpcs.inc,v 1.18 2005/12/10 19:26:47 dries Exp $ function xmlrpc_server($callbacks) { + global $user; + $xmlrpc_server = new stdClass(); $defaults = array( 'system.multicall' => 'xmlrpc_server_multicall', @@ -26,7 +28,18 @@ 'system.methodHelp', 'xmlrpc_server_method_help', array('string', 'string'), - 'Returns a documentation string for the specified method') + 'Returns a documentation string for the specified method'), + array( + 'system.getToken', + 'xmlrpc_server_get_token', + array('string','string','string'), + 'Returns an authentication token'), + 'system.destroyToken' => 'xmlrpc_server_destroy_token', + array( + 'system.whoAmI', + 'xmlrpc_server_whoami', + array('string'), + 'Returns information about who you are') ); // the order matters in the next line. which is the best? foreach (array_merge($defaults, (array)$callbacks) as $key => $callback) { @@ -76,7 +89,11 @@ '; - // Send it + // Remove Anonymous sessions + if ($user->uid == 0) + session_destroy(); + + // Send it xmlrpc_server_output($xml); } @@ -288,4 +305,19 @@ return $xmlrpc_server->help[$method]; } +function xmlrpc_server_get_token($username,$password) { + global $user; + $user = user_authenticate($username,$password); + if ($user->uid) + return session_id(); +} +function xmlrpc_server_destroy_token() { + sess_destroy(session_id()); +} +function xmlrpc_server_whoami() { + global $user; + if ($user->uid == 0) + return variable_get('anonymous', 'Anonymous'); + return $user->name; +} \ No newline at end of file