really fixed image, and put in a quick hack on play for api access

3 files changed, 3 insertions, 3 deletions

diff --git a/image.php b/image.php
index 8ea39ecd..e8bb7606 100644
--- a/image.php
+++ b/image.php
@@ -31,7 +31,7 @@ define('NO_SESSION','1');
 require 'lib/init.php';
 
 // Check their session manually
-if (!session_exists(session_id()) && !Access::session_exists(array(),$_REQUEST['auth'],'api')) { 
+if (!vauth_check_session() && !Access::session_exists(array(),$_REQUEST['auth'],'api')) { 
 	exit; 
 } 
 
diff --git a/lib/class/xmldata.class.php b/lib/class/xmldata.class.php
index ddce5228..ea5fb9bd 100644
--- a/lib/class/xmldata.class.php
+++ b/lib/class/xmldata.class.php
@@ -187,7 +187,7 @@ class xmlData {
 					"\t<genre id=\"$song->genre\"><![CDATA[$song->genre]]></genre>\n" . 
 					"\t<track>$song->track</track>\n" . 
 					"\t<time>$song->time</time>\n" . 
-					"\t<url></url>\n" . 
+					"\t<url><![CDATA[" . $song->get_url($_REQUEST['auth']) . "]]></url>\n" . 
 					"</song>\n"; 
 
 		} // end foreach
diff --git a/play/index.php b/play/index.php
index 72bd18e0..1efd36ef 100644
--- a/play/index.php
+++ b/play/index.php
@@ -74,7 +74,7 @@ if (Config::get('xml_rpc')) {
 
 // If require session is set then we need to make sure we're legit
 if (Config::get('require_session')) { 
-	if(!Stream::session_exists($sid)) {	
+	if(!Stream::session_exists($sid) && !Access::session_exists(array(),$sid,'api')) {	
 		debug_event('session_expired',"Streaming Access Denied: " . $GLOBALS['user']->username . "'s session has expired",'3');
     		die(_("Session Expired: please log in again at") . " " . Config::get('web_path') . "/login.php");
 	}