diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2008-03-07 06:51:52 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2008-03-07 06:51:52 +0000 |
| commit | bd270b02274b4e43a887e86805a44cf456f2da38 (patch) | |
| tree | 8accb5ce9cbccd2f051eb271f9daa30c589e0fc2 | |
| parent | 84b483c99a32452dc53b9b77fdf818c710bcd5d3 (diff) | |
| download | ampache-bd270b02274b4e43a887e86805a44cf456f2da38.tar.gz ampache-bd270b02274b4e43a887e86805a44cf456f2da38.tar.bz2 ampache-bd270b02274b4e43a887e86805a44cf456f2da38.zip | |
fixed the acl issue... sigh
| -rw-r--r-- | democratic.php | 13 | ||||
| -rw-r--r-- | lib/class/access.class.php | 15 | ||||
| -rw-r--r-- | lib/class/api.class.php | 2 | ||||
| -rw-r--r-- | lib/class/democratic.class.php | 69 | ||||
| -rw-r--r-- | lib/class/stream.class.php | 2 | ||||
| -rw-r--r-- | lib/class/update.class.php | 14 | ||||
| -rw-r--r-- | lib/class/user.class.php | 15 | ||||
| -rw-r--r-- | lib/class/vauth.class.php | 6 | ||||
| -rw-r--r-- | lib/class/xmlrpcserver.class.php | 2 | ||||
| -rw-r--r-- | templates/show_create_democratic.inc.php | 16 | ||||
| -rw-r--r-- | templates/show_manage_democratic.inc.php | 14 |
11 files changed, 138 insertions, 30 deletions
diff --git a/democratic.php b/democratic.php index bf208e5b..6cca46c4 100644 --- a/democratic.php +++ b/democratic.php @@ -32,24 +32,23 @@ show_header(); // Switch on their action switch ($_REQUEST['action']) { case 'show_create': - if (!$GLOBALS['user']->has_access('75')) { + if (!Access::check('interface','75')) { access_denied(); break; } // Show the create page require_once Config::get('prefix') . '/templates/show_create_democratic.inc.php'; - break; case 'create': // Only power users here - if (!$GLOBALS['user']->has_access('75')) { + if (!Access::check('interface','75')) { access_denied(); break; } + // Create the playlist - //FIXME: don't use hardcoded id value here, needs db rework to fix this - Democratic::create('-1','vote','song',$_REQUEST['democratic']); + Democratic::create($_POST); header("Location: " . Config::get('web_path') . "/democratic.php?action=manage_playlists"); break; case 'create_playlist': @@ -92,7 +91,7 @@ switch ($_REQUEST['action']) { exit; break; case 'manage_playlists': - if (!$GLOBALS['user']->has_access('75')) { + if (!Access::check('interface','75')) { access_denied(); break; } @@ -104,7 +103,7 @@ switch ($_REQUEST['action']) { break; case 'update_playlist': /* Only Admins Here */ - if (!$GLOBALS['user']->has_access(100)) { + if (!Access::check('interface','100')) { access_denied(); break; } diff --git a/lib/class/access.class.php b/lib/class/access.class.php index bfc7beb9..b899342c 100644 --- a/lib/class/access.class.php +++ b/lib/class/access.class.php @@ -80,8 +80,8 @@ class Access { $name = Dba::escape($data['name']); $type = self::validate_type($data['type']); - $start = ip2long($data['start']); - $end = ip2long($data['end']); + $start = sprintf("%u",ip2long($data['start'])); + $end = springf("%u",ip2long($data['end'])); $level = Dba::escape($data['level']); $user = $data['user'] ? Dba::escape($data['user']) : '-1'; $key = Dba::escape($data['key']); @@ -104,16 +104,17 @@ class Access { /* We need to verify the incomming data a littlebit */ - $start = ip2long($data['start']); - $end = ip2long($data['end']); + $start = sprintf("%u",ip2long($data['start'])); + $end = sprintf("%u",ip2long($data['end'])); $name = Dba::escape($data['name']); $key = Dba::escape($data['key']); $user = $data['user'] ? Dba::escape($data['user']) : '-1'; $level = intval($data['level']); $type = self::validate_type($data['type']); + $dns = ' '; - $sql = "INSERT INTO `access_list` (`name`,`level`,`start`,`end`,`key`,`user`,`type`) " . - "VALUES ('$name','$level','$start','$end','$key','$user','$type')"; + $sql = "INSERT INTO `access_list` (`name`,`level`,`start`,`end`,`key`,`user`,`type`,`dns`) " . + "VALUES ('$name','$level','$start','$end','$key','$user','$type','$dns')"; $db_results = Dba::query($sql); return true; @@ -170,7 +171,7 @@ class Access { } // Clean incomming variables - $ip = ip2long($ip); + $ip = sprintf("%u",ip2long($ip)); $user = Dba::escape($user); $key = Dba::escape($key); $level = Dba::escape($level); diff --git a/lib/class/api.class.php b/lib/class/api.class.php index bd1b7ce0..2d55aad5 100644 --- a/lib/class/api.class.php +++ b/lib/class/api.class.php @@ -65,7 +65,7 @@ class Api { // Clean incomming variables $user_id = Dba::escape($user_id); $timestamp = intval($timestamp); - $ip = ip2long($ip); + $ip = sprintf("%u",ip2long($ip)); // Log this attempt debug_event('API','Login Attempt, IP:' . long2ip($ip) . ' Time:' . $timestamp . ' User:' . $user_id . ' Auth:' . $passphrase,'1'); diff --git a/lib/class/democratic.class.php b/lib/class/democratic.class.php index bc9429fb..32ecbee2 100644 --- a/lib/class/democratic.class.php +++ b/lib/class/democratic.class.php @@ -27,6 +27,51 @@ class Democratic extends tmpPlaylist { /** + * constructor + * We need a constructor for this class. It does it's own thing now + */ + public function __construct($id='') { + + if (!$id) { return false; } + + $info = $this->get_info($id); + + foreach ($info as $key=>$value) { + $this->$key = $value; + } + + } // constructor + + + /** + * get_info + * This returns the data from the database + */ + private function get_info($id) { + + $id = Dba::escape($id); + + $sql = "SELECT * FROM `democratic` WHERE `id`='$id'"; + $db_results = Dba::query($sql); + + $row = Dba::fetch_assoc($db_results); + + return $row; + + } // get_info + + /** + * format + * This makes the objects variables all purrty so that they can be displayed + */ + public function format() { + + $this->f_cooldown = $this->cooldown . ' ' . _('minutes'); + $this->f_primary = $this->primary ? _('Primary') : ''; + + } // format + + /** * get_playlists * This returns all of the current valid 'Democratic' Playlists * that have been created. @@ -36,7 +81,7 @@ class Democratic extends tmpPlaylist { // Pull all tmp playlsits with a session of < 0 (as those are fake) // This is kind of hackish, should really think about tweaking the db // and doing this right. - $sql = "SELECT `id` FROM `tmp_playlist` WHERE `session`< '0'"; + $sql = "SELECT `id` FROM `democratic` ORDER BY `name`"; $db_results = Dba::query($sql); $results = array(); @@ -329,6 +374,28 @@ class Democratic extends tmpPlaylist { } // delete_votes /** + * create + * This is the democratic play create function it inserts this into the democratic table + */ + public static function create($data) { + + // Clean up the input + $name = Dba::escape($data['name']); + $base = Dba::escape($data['democratic']); + $cool = Dba::escape($data['cooldown']); + $level = Dba::escape($data['level']); + $default = Dba::escape($data['make_default']); + $user = Dba::escape($GLOBALS['user']->id); + + $sql = "INSERT INTO `democratic` (`name`,`cooldown`,`level`,`user`,`primary`) " . + "VALUES ('$name','$cool','$level','$user','$default')"; + $db_results = Dba::query($sql); + + return $db_results; + + } // create + + /** * prune_tracks * This replaces the normal prune tracks and correctly removes the votes * as well diff --git a/lib/class/stream.class.php b/lib/class/stream.class.php index fee74523..10ad2044 100644 --- a/lib/class/stream.class.php +++ b/lib/class/stream.class.php @@ -188,7 +188,7 @@ class Stream { $expire = time() + Config::get('stream_length'); $sid = Dba::escape($sid); $agent = Dba::escape($_SERVER['HTTP_USER_AGENT']); - $ip = ip2long($_SERVER['REMOTE_ADDR']); + $ip = sprintf("%u",ip2long($_SERVER['REMOTE_ADDR'])); $uid = Dba::escape($uid); $sql = "UPDATE `session_stream` SET `expire`='$expire', `agent`='$agent', `ip`='$ip' " . diff --git a/lib/class/update.class.php b/lib/class/update.class.php index 66322cd7..924e87e7 100644 --- a/lib/class/update.class.php +++ b/lib/class/update.class.php @@ -1144,5 +1144,19 @@ class Update { } // update_340015 + /** + * update_340016 + * This adds in the base_playlist to the democratic table... should have + * done this in the previous one but I screwed up... sigh + */ + public static function update_340016() { + + $sql = "ALTER TABLE `democratic` ADD `base_playlist` INT ( 11 ) UNSIGNED NOT NULL"; + $db_results = Dba::query($sql); + + self::set_version('db_version','340016'); + + } // update_340016 + } // end update class ?> diff --git a/lib/class/user.class.php b/lib/class/user.class.php index ad5c20f3..ceeb7332 100644 --- a/lib/class/user.class.php +++ b/lib/class/user.class.php @@ -547,14 +547,17 @@ class User { * address at this time in this place, doing this thing.. you get the point */ public function insert_ip_history() { + if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])){ - $sip = $_SERVER['HTTP_X_FORWARDED_FOR']; - debug_event('User Ip', 'Login from ip adress: ' . $sip,'3'); - } else { - $sip = $_SERVER['REMOTE_ADDR']; - debug_event('User Ip', 'Login from ip adress: ' . $sip,'3'); + $sip = $_SERVER['HTTP_X_FORWARDED_FOR']; + debug_event('User Ip', 'Login from ip adress: ' . $sip,'3'); + } + else { + $sip = $_SERVER['REMOTE_ADDR']; + debug_event('User Ip', 'Login from ip adress: ' . $sip,'3'); } - $ip = ip2long($sip); + + $ip = sprintf("%u",ip2long($sip)); $date = time(); $user = $this->id; diff --git a/lib/class/vauth.class.php b/lib/class/vauth.class.php index b670db2d..14f8b40d 100644 --- a/lib/class/vauth.class.php +++ b/lib/class/vauth.class.php @@ -264,7 +264,7 @@ class vauth { } // end switch on data type $username = Dba::escape($data['username']); - $ip = $_SERVER['REMOTE_ADDR'] ? Dba::escape(ip2long($_SERVER['REMOTE_ADDR'])) : '0'; + $ip = $_SERVER['REMOTE_ADDR'] ? Dba::escape(sprintf("%u",ip2long($_SERVER['REMOTE_ADDR']))) : '0'; $type = Dba::escape($data['type']); $value = Dba::escape($data['value']); $agent = Dba::escape(substr($_SERVER['HTTP_USER_AGENT'],0,254)); @@ -358,7 +358,7 @@ class vauth { break; case 'stream': $key = Dba::escape($key); - $ip = ip2long($data['ip']); + $ip = sprintf("%u",ip2long($data['ip'])); $agent = Dba::escape($data['agent']); $sql = "SELECT * FROM `session_stream` WHERE `id`='$key' AND `expire` > '$time' AND `ip`='$ip' AND `agent`='$agent'"; $db_results = Dba::query($sql); @@ -504,7 +504,7 @@ class vauth { if (Config::get('prevent_multiple_logins')) { $client = new User($results['id']); $current_ip = $client->is_logged_in(); - if ($current_ip != ip2long($_SERVER['REMOTE_ADDR'])) { + if ($current_ip != sprintf("%u",ip2long($_SERVER['REMOTE_ADDR']))) { Error::add('general','User Already Logged in'); return false; } diff --git a/lib/class/xmlrpcserver.class.php b/lib/class/xmlrpcserver.class.php index 6cb08451..5b6b3892 100644 --- a/lib/class/xmlrpcserver.class.php +++ b/lib/class/xmlrpcserver.class.php @@ -146,7 +146,7 @@ class xmlRpcServer { debug_event('XMLSERVER','Login Attempt, IP: ' . $_SERVER['REMOTE_ADDR'] . ' Time: ' . $timestamp . ' Hash:' . $encoded_key,'5'); // Convert the IP Address to an int - $ip = ip2long($_SERVER['REMOTE_ADDR']); + $ip = sprintf("%u",ip2long($_SERVER['REMOTE_ADDR'])); // Run the query and return the key's for ACLs of type RPC that would match this IP $sql = "SELECT * FROM `access_list` WHERE `type`='rpc' AND `start` <= '$ip' AND `end` >= '$ip'"; diff --git a/templates/show_create_democratic.inc.php b/templates/show_create_democratic.inc.php index cce0857d..7059cebe 100644 --- a/templates/show_create_democratic.inc.php +++ b/templates/show_create_democratic.inc.php @@ -1,7 +1,7 @@ <?php /* - Copyright (c) 2001 - 2007 Ampache.org + Copyright (c) 2001 - 2008 Ampache.org All rights reserved. This program is free software; you can redistribute it and/or @@ -31,6 +31,20 @@ show_box_top(_('Create Democratic Playlist')); ?> <td><?php show_playlist_select('democratic'); ?></td> </tr> <tr> + <td><?php echo _('Cooldown Time'); ?></td> + <td><input type="textbox" size="4" maxlength="6" name="cooldown" value="5" /><?php echo _('minutes'); ?></td> +</tr> +<tr> + <td><?php echo _('Level'); ?></td> + <td> + <select name="level"> + <option value="25"><?php echo _('User'); ?></option> + <option value="50"><?php echo _('Content Manager'); ?></option> + <option value="75"><?php echo _('Catalog Manager'); ?></option> + <option value="100"><?php echo _('Admin'); ?></option> + </select> + +<tr> <td><?php echo _('Make Default'); ?></td> <td><input type="checkbox" name="make_default" value="1" /></td> </tr> diff --git a/templates/show_manage_democratic.inc.php b/templates/show_manage_democratic.inc.php index 8c5a88c0..8361e525 100644 --- a/templates/show_manage_democratic.inc.php +++ b/templates/show_manage_democratic.inc.php @@ -25,23 +25,33 @@ show_box_top(_('Manage Democratic Playlists')); ?> <col id="col_number" /> <col id="col_base_playlist" /> <col id="col_vote_count" /> + <col id="col_cooldown" /> + <col id="col_level" /> + <col id="col_default" /> <col id="col_action" /> </colgroup> <tr class="th-top"> <th class="cel_number"><?php echo _('Playlist'); ?></th> <th class="cel_base_playlist"><?php echo _('Base Playlist'); ?></th> + <th class="cel_cooldown"><?php echo _('Cooldown'); ?></th> + <th class="cel_level"><?php echo _('Level'); ?></th> + <th class="cel_default"><?php echo _('Default'); ?></th> <th class="cel_vote_count"><?php echo _('Songs'); ?></th> <th class="cel_action"><?php echo _('Action'); ?></th> </tr> <?php foreach ($playlists as $democratic_id) { $democratic = new Democratic($democratic_id); + $democratic->format(); $playlist = new Playlist($democratic->base_playlist); $playlist->format(); ?> <tr class="<?php echo flip_class(); ?>"> - <td><?php echo abs($democratic->id); ?></td> + <td><?php echo scrub_out($democratic->name); ?></td> <td><?php echo $playlist->f_link; ?></td> + <td><?php echo $democratic->f_cooldown; ?></td> + <td><?php echo $democratic->f_level; ?></td> + <td><?php echo $democratic->f_primary; ?></td> <td><?php echo $democratic->count_items(); ?></td> <td> <?php echo Ajax::button('?page=democratic&action=send_playlist','all',_('Play'),'play_democratic'); ?> @@ -49,7 +59,7 @@ show_box_top(_('Manage Democratic Playlists')); ?> </tr> <?php } if (!count($playlists)) { ?> <tr> - <td colspan="4"><span class="fatalerror"><?php echo _('Not Enough Data'); ?></span></td> + <td colspan="7"><span class="fatalerror"><?php echo _('Not Enough Data'); ?></span></td> </tr> <?php } ?> </table> |