?

Log in

No account? Create an account
I could really use some help with 'challenge-response'. I'm just… - LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

[Dec. 1st, 2004|04:35 pm]
LiveJournal Client Discussions

lj_clients

[forked]
I could really use some help with 'challenge-response'. I'm just trying to get a simple cross-post plugin working- using php and The Inutio XML-RPC Library. I surfed around enough to patch together a simple php script that posts- but I want to use the challenge-response method. Problem is, xml-rpc completely baffles me. Reading this post helped- at least in terms of what I know I need to add in:

"You need to send the user name, auth_method='challenge', auth_challenge=$challenge, and of course the auth_response." And generate the response via: md5($challenge . md5($password))

However, I've no clue how to put it all together. Here's what I have so far- it works to post, but as soon as I start playing with the 'challenge-response' stuff it breaks- I can't even get a challenge!


require_once('/lj/IXR_Library.inc.php');

$lj_userid = "username";
$lj_passwd = "password";
$lineendings = "pc";
$event = "Hm what to say";
$subject = "Subject what subject";
$timenow = getdate();
$year = date('Y');
$month = date('m');
$day = date('d');
$hour = date('H');
$minute = date('i');
$client = new IXR_client("www.journalfen.net", "/interface/xmlrpc", 80);
$client->debug = true;
$x_params_r = array( "username" => utf8_encode( $lj_userid ),
"password" => utf8_encode( $lj_passwd ),
"lineendings" => $lineendings,
"event" => utf8_encode( $event ),
"subject" => utf8_encode( $subject ),
"year" => utf8_encode( $year ),
"mon" => utf8_encode( $month ),
"day" => utf8_encode( $day ),
"hour" => utf8_encode( $hour ),
"min" => utf8_encode( $minute ));


$client->query('LJ.XMLRPC.postevent', $x_params_r);

Now when I used: LJ.XMLRPC.getchallenge, I do get the correct challenge, but I'm just not sure how to put it all together (or reply to the challenge!).

Anyway, if someone doesn't mind helping out an xml-rpc newbie, I'd be grateful. I've about hit the limit of my ability to figure this out, and I'd really rather use the challenge-response approach.
linkReply

Comments:
[User Picture]From: vanbeast
2004-12-01 10:32 pm (UTC)
Check out http://www.livejournal.com/doc/server/ljp.csp.auth.challresp.html, which describes how it all works.

Once you've got the challenge, you need to take a hex-encoded MD5 of the challenge + the md5 of the password:

$resp = md5( $challenge . md5($password) );


Then, in the struct you pass to the XML-RPC method, pass username, auth_method (== 'challenge'), auth_challenge (the challenge you received), and auth_response (the response you calculated).

Do that instead of any usual username/password stuff you send, and (as far as I can tell) it should work.
(Reply) (Thread)
[User Picture]From: forked
2004-12-02 04:17 am (UTC)
Whew! Finally got it working! Thanks.
(Reply) (Parent) (Thread)
[User Picture]From: forked
2004-12-03 09:16 am (UTC)
Thought I'd post back the working code now that I've got everything hashed out- challenge-response method works, this is all in php, and it allows pretty much any of the variables for posting (props took me a little while). Not beautiful code, but may be useful to someone else. Note- it's set up for passing variables from a form, probably mostly useful to those who are wanting to tie it into another blog ap. Also, it's obviously tweeked a bit for my needs- but code is pretty general. Needed library can be found at the link in the post.


require_once('/home/you/public_html/IXR_Library.inc.php');

$username = $_POST['username'];
$password = $_POST['password'];
$subject = $_POST['subject'];
$event = $_POST['event'];
$event =stripslashes($event);
$nocomment = $_POST['comments'];
$picture = $_POST['picture'];
$current_mood = $_POST['mood'];
$current_moodid = $_POST['mood_id'];
$current_music = $_POST['music'];
$usejournal = $_POST['journal'];
$security = $_POST['security'];
$allowmask = $_POST['mask'];

$client = new IXR_client("www.journalfen.net", "/interface/xmlrpc", 80);

// Run a query for PHP
if (!$client->query('LJ.XMLRPC.getchallenge')) {
die('Something went wrong - '.$client->getErrorCode().' : '.$client->getErrorMessage());
}

extract($client->getResponse());

$preformat ="1";
$props = array ( "picture_keyword" => utf8_encode($picture), "opt_preformatted" => utf8_encode($preformat), "opt_nocomments" => utf8_encode($nocomment), "current_mood" => utf8_encode($current_mood), "current_moodid" => utf8_encode($current_moodid), "current_music" => utf8_encode($current_music));
$lineendings = "unix";
$timenow = getdate();
$year = date('Y');
$month = date('m');
$day = date('d');
$hour = date('H');
$minute = date('i');
$client->debug = true;
$auth_method = "challenge";
$auth_response = md5($challenge . md5($password));
$auth_challenge = $challenge;

$x_params_r = array(
"username" => utf8_encode( $username ),
"auth_method" => $auth_method,
"auth_challenge" => $auth_challenge,
"auth_response" => $auth_response,
"usejournal" => utf8_encode( $usejournal ),
"lineendings" => $lineendings,
"event" => utf8_encode( $event ),
"subject" => utf8_encode( $subject ),
"year" => utf8_encode( $year ),
"mon" => utf8_encode( $month ),
"day" => utf8_encode( $day ),
"hour" => utf8_encode( $hour ),
"min" => utf8_encode( $minute ),
"security" => utf8_encode( $security ),
"allowmask" => utf8_encode( $allowmask ),
"props" => $props);

if (!$client->query('LJ.XMLRPC.postevent', $x_params_r)) {
die('Something went wrong - '.$client->getErrorCode().' : '.$client->getErrorMessage());
echo "There was an error posting. This may be due to Livejournal being down or slow.";
}
(Reply) (Thread)
[User Picture]From: repalviglator
2005-05-30 03:49 am (UTC)

Thanks

That code helped me out. I hadn't heard of that library before, but it helped me since I was getting weird errors when I tried to use PEAR::XML_RPC. The built-in XML-RPC functions didn't look too friendly either.
(Reply) (Parent) (Thread)