diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-24 01:28:07 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-24 01:28:07 +0000 |
| commit | 34b92d2dd5da0298f9d27a230ca3ffa2da061d36 (patch) | |
| tree | ba4a2bf5b17c093a8127317087272e2117fcff45 | |
| parent | 3d8ff28ac56f30075bd9c485e2ee94f486717e6f (diff) | |
| download | ampache-34b92d2dd5da0298f9d27a230ca3ffa2da061d36.tar.gz ampache-34b92d2dd5da0298f9d27a230ca3ffa2da061d36.tar.bz2 ampache-34b92d2dd5da0298f9d27a230ca3ffa2da061d36.zip | |
fixed now playing for the API and lack of session extend when using the API
| -rw-r--r-- | lib/class/api.class.php | 4 | ||||
| -rw-r--r-- | lib/class/stream.class.php | 6 | ||||
| -rw-r--r-- | lib/class/vauth.class.php | 20 | ||||
| -rw-r--r-- | play/index.php | 4 | ||||
| -rw-r--r-- | server/xml.server.php | 4 |
5 files changed, 33 insertions, 5 deletions
diff --git a/lib/class/api.class.php b/lib/class/api.class.php index 06b5fd2e..8e15c136 100644 --- a/lib/class/api.class.php +++ b/lib/class/api.class.php @@ -86,6 +86,10 @@ class Api { $data['type'] = 'api'; $data['value'] = $timestamp; $token = vauth::session_create($data); + // Insert the token into the streamer + $stream = new Stream(); + $stream->user_id = $client->id; + $stream->insert_session($token); debug_event('API','Login Success, passphrase matched','1'); return array('auth'=>$token,'api'=>self::$version); diff --git a/lib/class/stream.class.php b/lib/class/stream.class.php index 7a925daa..179e9eed 100644 --- a/lib/class/stream.class.php +++ b/lib/class/stream.class.php @@ -114,12 +114,14 @@ class Stream { * insert_session * This inserts a row into the session_stream table */ - private function insert_session() { + public function insert_session($sid='') { + + $sid = $sid ? Dba::escape($sid) : Dba::escape(self::$session); $expire = time() + Config::get('stream_length'); $sql = "INSERT INTO `session_stream` (`id`,`expire`,`user`) " . - "VALUES('" . self::$session . "','$expire','$this->user_id')"; + "VALUES('$sid','$expire','$this->user_id')"; $db_results = Dba::query($sql); if (!$db_results) { return false; } diff --git a/lib/class/vauth.class.php b/lib/class/vauth.class.php index 8fa547d9..94210381 100644 --- a/lib/class/vauth.class.php +++ b/lib/class/vauth.class.php @@ -354,7 +354,6 @@ class vauth { $key = Dba::escape($key); $time = time(); $sql = "SELECT * FROM `session` WHERE `id`='$key' AND `expire` > '$time' AND `type`!='api' AND `type`!='xml-rpc'"; -debug_event('testo',$sql,'1'); $db_results = Dba::query($sql); if (Dba::num_rows($db_results)) { @@ -384,6 +383,25 @@ debug_event('testo',$sql,'1'); } // session_exists /** + * session_extend + * This should really be extend_session but hey you gotta go with the flow + * this takes a SID and extends it's expire + */ + public static function session_extend($sid) { + + $sid = Dba::escape($sid); + $expire = isset($_COOKIE[Config::get('session_name') . '_remember']) ? time() + Config::get('remember_length') : time() + Config::get('session_length'); + + $sql = "UPDATE `session` SET `expire`='$expire' WHERE `id`='$sid'"; + $db_results = Dba::query($sql); + + debug_event('SESSION','Session:' . $sid . ' Has been Extended to ' . $expire,'5'); + + return $db_results; + + } // session_extend + + /** * _auto_init * This function is called when the object is included, this sets up the session_save_handler */ diff --git a/play/index.php b/play/index.php index 0a378be0..e47c78ab 100644 --- a/play/index.php +++ b/play/index.php @@ -67,7 +67,7 @@ if (Config::get('xml_rpc')) { // If require session is set then we need to make sure we're legit if (Config::get('require_session')) { - if(!Stream::session_exists($sid) && !Access::session_exists(array(),$sid,'api')) { + if(!Stream::session_exists($sid)) { debug_event('session_expired',"Streaming Access Denied: " . $GLOBALS['user']->username . "'s session has expired",'3'); die(_("Session Expired: please log in again at") . " " . Config::get('web_path') . "/login.php"); } @@ -82,7 +82,7 @@ if (Config::get('require_session')) { $user->update_last_seen(); /* If we are in demo mode.. die here */ -if (Config::get('demo_mode') || (!$GLOBALS['user']->has_access('25') && !$xml_rpc) ) { +if (Config::get('demo_mode') || (!Access::check('interface','25') && !$xml_rpc) ) { debug_event('access_denied',"Streaming Access Denied:" .Config::get('demo_mode') . "is the value of demo_mode. Current user level is " . $GLOBALS['user']->access,'3'); access_denied(); exit; diff --git a/server/xml.server.php b/server/xml.server.php index b4309e9d..18bf91df 100644 --- a/server/xml.server.php +++ b/server/xml.server.php @@ -54,6 +54,10 @@ if ((!vauth::session_exists('api',$_REQUEST['auth']) AND $_REQUEST['action'] != exit(); } +// If we make it past the check and we're not a hand-shaking then we should extend the session +if ($_REQUEST['action'] != 'handshake') { + vauth::session_extend($_REQUEST['auth']); +} switch ($_REQUEST['action']) { case 'handshake': |