diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-23 09:01:09 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-23 09:01:09 +0000 |
| commit | ea8f3e685b85074d55b88a3c2ef9d6a536c173ca (patch) | |
| tree | 801d4289a88dbe92d7c9bb27e038fad9242cf71e | |
| parent | be699cab75c8993175a4994316b9665105c86696 (diff) | |
| download | ampache-ea8f3e685b85074d55b88a3c2ef9d6a536c173ca.tar.gz ampache-ea8f3e685b85074d55b88a3c2ef9d6a536c173ca.tar.bz2 ampache-ea8f3e685b85074d55b88a3c2ef9d6a536c173ca.zip | |
fixed API calls, cleaned up old functions that are no longer needed
| -rw-r--r-- | lib/class/api.class.php | 30 | ||||
| -rw-r--r-- | lib/class/vauth.class.php | 27 | ||||
| -rw-r--r-- | lib/general.lib.php | 38 | ||||
| -rw-r--r-- | server/xml.server.php | 2 |
4 files changed, 24 insertions, 73 deletions
diff --git a/lib/class/api.class.php b/lib/class/api.class.php index 6a1707ab..06b5fd2e 100644 --- a/lib/class/api.class.php +++ b/lib/class/api.class.php @@ -82,7 +82,10 @@ class Api { if ($md5pass === $passphrase) { // Create the Session, in this class for now needs to be moved - $token = self::create_session($row['level'],$ip,$user_id); + $data['username'] = $client->username; + $data['type'] = 'api'; + $data['value'] = $timestamp; + $token = vauth::session_create($data); debug_event('API','Login Success, passphrase matched','1'); return array('auth'=>$token,'api'=>self::$version); @@ -94,30 +97,5 @@ class Api { } // handhsake - /** - * create_session - * This actually creates the new session it takes the level, ip and user - * and figures out the agent and expire then returns the token - */ - public static function create_session($level,$ip,$user_id) { - - // Generate the token - $token = md5(uniqid(rand(), true)); - $level = Dba::escape($level); - $agent = Dba::escape($_SERVER['HTTP_USER_AGENT']); - $expire = time() + Config::get('session_length'); - - $sql = "REPLACE INTO `session_api` (`id`,`user`,`agent`,`level`,`expire`,`ip`) " . - "VALUES ('$token','$user_id','$agent','$level','$expire','$ip')"; - $db_results = Dba::query($sql); - - if ($db_results) { - return $token; - } - - return false; - - } // create_session - } // API class ?> diff --git a/lib/class/vauth.class.php b/lib/class/vauth.class.php index 2eb6c8fe..bafceab0 100644 --- a/lib/class/vauth.class.php +++ b/lib/class/vauth.class.php @@ -243,13 +243,21 @@ class vauth { public static function session_create($data) { // Regenerate the session ID to prevent fixation - session_regenerate_id(); - - // Create our cookie! - self::create_cookie(); - - // Before refresh we don't have the cookie so we have to use session ID - $key = session_id(); + switch ($data['type']) { + case 'xml-rpc': + case 'api': + $key = md5(uniqid(rand(), true)); + break; + case 'mysql': + default: + // Create our cookie! + self::create_cookie(); + + // Before refresh we don't have the cookie so we have to use session ID + $key = session_id(); + session_regenerate_id(); + break; + } $username = Dba::escape($data['username']); $ip = Dba::escape(ip2int($_SERVER['REMOTE_ADDR'])); @@ -268,9 +276,12 @@ class vauth { if (!$db_results) { debug_event('SESSION',"Session Creation Failed with Query: $sql and " . Dba::error(),'1'); + return false; } - return $db_results; + debug_event('SESSION','Session Created:' . $key,'1'); + + return $key; } // session_create diff --git a/lib/general.lib.php b/lib/general.lib.php index 417ca483..fcf69e32 100644 --- a/lib/general.lib.php +++ b/lib/general.lib.php @@ -456,44 +456,6 @@ function get_languages() { } // get_languages /** - * logout - * This is the function that is called to log a user out! - */ -function logout() { - - // Do a quick check to see if this is an AJAX'd logout request - // if so use the iframe to redirect - if (AJAX_INCLUDE == '1') { - ob_end_clean(); - ob_start(); - - /* Set the correct headers */ - header("Content-type: text/xml; charset=" . Config::get('site_charset')); - header("Content-Disposition: attachment; filename=ajax.xml"); - header("Expires: Tuesday, 27 Mar 1984 05:00:00 GMT"); - header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); - header("Cache-Control: no-store, no-cache, must-revalidate"); - header("Pragma: no-cache"); - - $target = Config::get('web_path') . '/login.php'; - $results['rfc3514'] = '<script type="text/javascript">reload_logout("'.$target.'")</script>'; - echo xml_from_array($results); - } - - /* First destory their session */ - vauth_logout(session_id()); - - - /* Redirect them to the login page */ - if (AJAX_INCLUDE != '1') { - header ('Location: ' . Config::get('web_path') . '/login.php'); - } - - return true; - -} // logout - -/** * format_time * This formats seconds into minutes:seconds */ diff --git a/server/xml.server.php b/server/xml.server.php index e800af2e..b4309e9d 100644 --- a/server/xml.server.php +++ b/server/xml.server.php @@ -47,7 +47,7 @@ if (!Config::get('access_control')) { * Verify the existance of the Session they passed in we do allow them to * login via this interface so we do have an exception for action=login */ -if ((!Access::session_exists(array(),$_REQUEST['auth'],'api') AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { +if ((!vauth::session_exists('api',$_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { debug_event('Access Denied','Invalid Session or unathorized access attempt to API','5'); ob_end_clean(); echo xmlData::error('Access Denied due to ACL or unauthorized access attempt to API, attempt logged'); |