diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2006-09-25 02:51:03 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2006-09-25 02:51:03 +0000 |
| commit | 81b0dff16654dd67bc15937bd653fc3f65475359 (patch) | |
| tree | 7996b36b04f8a831b051142c251ad0b522e5b200 | |
| parent | e32557bf900153c5cfb0d2f28640aa9091ef7488 (diff) | |
| download | ampache-81b0dff16654dd67bc15937bd653fc3f65475359.tar.gz ampache-81b0dff16654dd67bc15937bd653fc3f65475359.tar.bz2 ampache-81b0dff16654dd67bc15937bd653fc3f65475359.zip | |
track ip history, fix pagination on admin/user and fix some acl stuff that I forgot about
| -rw-r--r-- | config/ampache.cfg.php.dist | 22 | ||||
| -rwxr-xr-x | docs/CHANGELOG | 5 | ||||
| -rw-r--r-- | download/index.php | 5 | ||||
| -rw-r--r-- | lib/class/user.class.php | 18 | ||||
| -rw-r--r-- | lib/ui.lib.php | 3 | ||||
| -rw-r--r-- | login.php | 11 | ||||
| -rw-r--r-- | templates/list_header.inc | 2 |
7 files changed, 55 insertions, 11 deletions
diff --git a/config/ampache.cfg.php.dist b/config/ampache.cfg.php.dist index f91d3be8..839631b8 100644 --- a/config/ampache.cfg.php.dist +++ b/config/ampache.cfg.php.dist @@ -85,6 +85,20 @@ site_title = "Ampache :: For The Love Of Music" # DEFAULT: true require_session = "true" +# Track User IPs +# If this is enabled Ampache will log the IP of every completed login +# it will store user,ip,time at one row per login. The results are +# displayed in Admin --> Users +# DEFAULT: false +#track_user_ip = "false" + +# User IP Cardinality +# This defines how many days worth of IP history Ampache will track +# As it is one row per login on high volume sites you will want to +# clear it every now and then. +# DEFAULT: 42 days +#user_ip_cardinality = "42" + # Use XML-RPC # Allow XML-RPC connections, if you don't want _any_ possibility of your # catalog being streamed from another location comment this out @@ -332,12 +346,6 @@ allow_stream_playback = true # DEFAULT: false #allow_downsample_playback = false -# LocalPlay Playback -# Disable this if you don't want to allow people to pick the -# local playback method -# DEFAULT: false -#allow_local_playback = false - ######################################################### # These options control the dynamic down-sampling based # # on current usage # @@ -422,7 +430,7 @@ transcode_m4a = true # These are the commands that will be run to transcode the file #stream_cmd_flac = flac -dc %FILE% | lame -r -b 128 -S - - -#stream_cmd_m4a = faad -f 2 -w "%FILE%" | lame -r -b 128 -S - - +stream_cmd_m4a = faad -f 2 -w "%FILE%" | lame -r -b 128 -S - - #stream_cmd_mpc = ####################################################### diff --git a/docs/CHANGELOG b/docs/CHANGELOG index f1692980..4d603864 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -4,6 +4,11 @@ -------------------------------------------------------------------------- v.3.3.2 + - Fixed a problem with pagination on the admin/users.php page + - Added ability to turn on User/IP/Date Login history tracking + viewable only by Administrators + - Fixed issue with IE not being able to download files with ? or + / or \ in their filenames, replaced with _ - Added New ACL system which allows user based ACL's and introduces shared keys for xml-rpc communication and local/remote network definitions for auto-downsampling diff --git a/download/index.php b/download/index.php index 5375cce1..b3158ed3 100644 --- a/download/index.php +++ b/download/index.php @@ -43,7 +43,8 @@ if (conf('demo_mode') || !$GLOBALS['user']->has_access('25') || !$GLOBALS['user' */ if (conf('access_control')) { $access = new Access(0); - if (!$access->check('50', $_SERVER['REMOTE_ADDR'])) { + if (!$access->check('stream', $_SERVER['REMOTE_ADDR'],$GLOBALS['user']->id,'50') || + !$access->check('network', $_SERVER['REMOTE_ADDR'],$GLOBALS['user']->id,'50')) { debug_event('access_denied', "Download Access Denied, " . $_SERVER['REMOTE_ADDR'] . " does not have download level",'3'); access_denied(); } @@ -71,6 +72,8 @@ if ($_REQUEST['action'] == 'download') { $song->format_type(); $song_name = str_replace('"'," ",$song->f_artist_full . " - " . $song->title . "." . $song->type); + /* Because of some issues with IE remove ? and / from the filename */ + $song_name = str_replace(array('?','/','\\'),"_",$song_name); // Use Horde's Browser class to send the right headers for different browsers // Should get the mime-type from the song rather than hard-coding it. diff --git a/lib/class/user.class.php b/lib/class/user.class.php index 09f1c3dc..01617595 100644 --- a/lib/class/user.class.php +++ b/lib/class/user.class.php @@ -497,6 +497,24 @@ class User { } // update_stats /** + * insert_ip_history + * This inserts a row into the IP History recording this user at this + * address at this time in this place, doing this thing.. you get the point + */ + function insert_ip_history() { + + $ip = ip2int($_SERVER['REMOTE_ADDR']); + $date = time(); + $user = $this->id; + + $sql = "INSERT INTO ip_history (`ip`,`user`,`date`) VALUES ('$ip','$user','$date')"; + $db_results = mysql_query($sql, dbh()); + + return true; + + } // insert_ip_history + + /** * create * inserts a new user into ampache */ diff --git a/lib/ui.lib.php b/lib/ui.lib.php index 88f050ec..7eec5525 100644 --- a/lib/ui.lib.php +++ b/lib/ui.lib.php @@ -169,7 +169,8 @@ function show_users () { } $db_result = mysql_query($view->sql, $dbh); - + // wow this is stupid + $GLOBALS['view'] = $view; require(conf('prefix') . "/templates/show_users.inc"); } // show_users() @@ -42,7 +42,7 @@ init_preferences(); */ if (conf('access_control')) { $access = new Access(0); - if (!$access->check("25", $_SERVER['REMOTE_ADDR'])) { + if (!$access->check('interface',$_SERVER['REMOTE_ADDR'],'','25')) { debug_event('access_denied','Access Denied:' . $_SERVER['REMOTE_ADDR'] . ' is not in the Access list','3'); access_denied(); } @@ -92,6 +92,15 @@ if ($auth['success']) { // $_SESSION['userdata'] = $auth; + // + // Record the IP of this person! + // + if (conf('track_user_ip')) { + $user = new User($_POST['username']); + $user->insert_ip_history(); + unset($user); + } + /* Make sure they are actually trying to get to this site and don't try to redirect them back into * an admin section **/ diff --git a/templates/list_header.inc b/templates/list_header.inc index 7be4ca35..32ef6b76 100644 --- a/templates/list_header.inc +++ b/templates/list_header.inc @@ -45,7 +45,7 @@ if ($prev_offset < 0) { $prev_offset = '0'; } $pages = ceil($total_items/$GLOBALS['view']->offset_limit); /* Calculate current page and how many we have on each side */ -$page_data = array(); +$page_data = array('up'=>array(),'down'=>array()); // Can't Divide by 0 if ($GLOBALS['view']->offset > 0) { |