fixed xml-rpc now uses handshake method properly

5 files changed, 69 insertions, 52 deletions

diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index d876b3a0..d529f30a 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,6 +4,7 @@
 
 --------------------------------------------------------------------------
   v.3.4-Alpha4 
+	- Fixed XML-RPC, now uses handshake method properly
 	- Fixed bug where stream would start even with no songs
 	- Upgraded to Prototype 1.6
 	- Added playlists and playlist_songs methods to API
diff --git a/lib/class/catalog.class.php b/lib/class/catalog.class.php
index d0388477..6c93e549 100644
--- a/lib/class/catalog.class.php
+++ b/lib/class/catalog.class.php
@@ -1274,40 +1274,57 @@ class Catalog {
 	        else {
 	                $client = new xmlrpc_client("/$path/server/xmlrpc.server.php", $server, 80);
 	        }
+
+		// 6 that's right, the secret level because if you do have debug on most likely you're 
+		// going to just crash your browser... sorry folks
+	        if (Config::get('debug') AND Config::get('debug_level') == '6') { $client->setDebug(1); }
+
+		// Before we do anything else we need to do a handshake with the remote server
+		$timestamp 	= time(); 
+		$handshake_key	= md5($timestamp . $this->key);
+
+		$encoded_key	= new xmlrpcval($handshake_key,"string"); 
+		$timestamp	= new xmlrpcval($timestamp,"int");
+		$xmlrpc_message = new xmlrpcmsg('xmlrpcserver.handshake',array($encoded_key,$timestamp));
+
+		// Send it off
+		$response = $client->send($xmlrpc_message,10); 
+		if ($response->faultCode()) { 
+			$error_msg = _("Error connecting to") . " " . $server . " " . _("Code") . ": " . $response->faultCode() . " " . _("Reason") . ": " . $response->faultString();
+			debug_event('XMLCLIENT',$error_msg,'1');
+			echo "<p class=\"error\">$error_msg</p>";
+			return;
+		} 
+			
+		$token = php_xmlrpc_decode($response->value()); 
 	        
 		/* encode the variables we need to send over */
-		$encoded_key	= new xmlrpcval($this->key,"string");
+		$encoded_key	= new xmlrpcval($token,"string");
 		$encoded_path	= new xmlrpcval(Config::get('web_path'),"string");
 		
 		$xmlrpc_message = new xmlrpcmsg('xmlrpcserver.get_catalogs', array($encoded_key,$encoded_path));
-		
-		// 6 that's right, the secret level because if you do have debug on most likely you're 
-		// going to just crash your browser... sorry folks
-	        if (Config::get('debug') AND Config::get('debug_level') == '6') { $client->setDebug(1); }
-		
 	        $response = $client->send($xmlrpc_message,30);
-	        $value = $response->value();
 
-	        if ( !$response->faultCode() ) {
-	                $data = php_xmlrpc_decode($value);
-			
-			// Print out the catalogs we are going to sync
-	                foreach ($data as $vars) { 
-				$catalog_name 	= $vars['name'];
-				$count		= $vars['count'];
-	                        print("<b>Reading Remote Catalog: $catalog_name ($count Songs)</b> [$this->path]<br />\n");
-				$total += $count;
-	                } 
-			// Flush the output
-			flush();
-
-	        } // if we didn't get an error
-	        else {
+	        if ($response->faultCode() ) {
 			$error_msg = _("Error connecting to") . " " . $server . " " . _("Code") . ": " . $response->faultCode() . " " . _("Reason") . ": " . $response->faultString();
 			debug_event('XMLCLIENT',$error_msg,'1');
 			echo "<p class=\"error\">$error_msg</p>";
 	                return;
-	        }
+		} 
+	        
+
+		$data = php_xmlrpc_decode($response->value());
+			
+		// Print out the catalogs we are going to sync
+	        foreach ($data as $vars) { 
+			$catalog_name 	= $vars['name'];
+			$count		= $vars['count'];
+	                print("<b>Reading Remote Catalog: $catalog_name ($count Songs)</b> [$this->path]<br />\n");
+			$total += $count;
+		} 
+		
+		// Flush the output
+		flush();
 
 		// Hardcoded for now
 		$step = '500';
@@ -1316,7 +1333,7 @@ class Catalog {
 		while ($total > $current) { 
 			$start 	= $current;
 			$current += $step;
-			$this->get_remote_song($client,$start,$step);
+			$this->get_remote_song($client,$token,$start,$step);
 		}
 
 	        echo "<p>" . _('Completed updating remote catalog(s)') . ".</p><hr />\n";
@@ -1331,11 +1348,11 @@ class Catalog {
 	 * This functions takes a start and end point for gathering songs from a remote server. It is broken up
 	 * in attempt to get around the problem of very large target catalogs
 	 */
-	public function get_remote_song($client,$start,$end) { 
+	public function get_remote_song($client,$token,$start,$end) { 
 
 		$encoded_start 	= new xmlrpcval($start,"int");
 		$encoded_end	= new xmlrpcval($end,"int");
-		$encoded_key	= new xmlrpcval($this->key,"string");
+		$encoded_key	= new xmlrpcval($token,"string");
 
 		$query_array = array($encoded_key,$encoded_start,$encoded_end); 
 
diff --git a/lib/class/xmlrpcserver.class.php b/lib/class/xmlrpcserver.class.php
index abb8076e..e5f3eff3 100644
--- a/lib/class/xmlrpcserver.class.php
+++ b/lib/class/xmlrpcserver.class.php
@@ -41,7 +41,7 @@ class xmlRpcServer {
 		$key = $variable->scalarval(); 
 
 		// Check it and make sure we're super green
-		if (!Access::check_network('rpc',$_SERVER['REMOTE_ADDR'],'','5',$key)) { 
+		if (!vauth::session_exists('xml-rpc',$key)) { 
 			debug_event('XMLSERVER','Error ' . $_SERVER['REMOTE_ADDR'] . ' with key ' . $key . ' does not match any ACLs','1'); 
 			return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied'); 
 		} 
@@ -85,7 +85,7 @@ class xmlRpcServer {
                 $key = $variable->scalarval();
 
                 // Check it and make sure we're super green
-                if (!Access::check_network('rpc',$_SERVER['REMOTE_ADDR'],'','5',$key)) {
+                if (!vauth::session_exists('xml-rpc',$key)) {
                         debug_event('XMLSERVER','Error ' . $_SERVER['REMOTE_ADDR'] . ' with key ' . $key . ' does not match any ACLs','1');
                         return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied');
                 }
@@ -134,12 +134,12 @@ class xmlRpcServer {
 
 		// Pull out the params
 		$encoded_key 	= $xmlrpc_object->params['0']->me['string']; 
-		$timestamp	= $xmlrpc_object->params['0']->me['int'];
+		$timestamp	= $xmlrpc_object->params['1']->me['int'];
 
 		// Check the timestamp make sure it's recent
 		if ($timestamp < (time() - 14400)) { 
 			debug_event('XMLSERVER','Handshake failure, timestamp too old','1'); 
-			return new xmlrpcresp(php_xmlrpc_encoded("Handshake failure")); 
+			return new xmlrpcresp(0,'503','Handshaek failure, timestamp too old');
 		} 
 
 		// Log the attempt
@@ -158,11 +158,16 @@ class xmlRpcServer {
 			$md5pass = md5($timestamp . $row['key']); 
 
 			if ($md5pass == $encoded_key) { 
-				$token = ''; 
+				$data['type'] = 'xml-rpc';
+				$data['username'] = 'System'; 
+				$data['value'] = 'Handshake'; 
+				$token = vauth::session_create($data); 
+				return new xmlrpcresp(php_xmlrpc_encode($token));
 			} 
 
 		} // end while rows
 
+		return new xmlrpcresp(0,'503','Handshaek failure, Key/IP Incorrect');
 
 	} // handshake
 
diff --git a/modules/xmlrpc/xmlrpc.inc b/modules/xmlrpc/xmlrpc.inc
index da096c1b..d4b384be 100644
--- a/modules/xmlrpc/xmlrpc.inc
+++ b/modules/xmlrpc/xmlrpc.inc
@@ -1317,8 +1317,7 @@ $cp1252_to_xmlent =
 
 			if($this->debug > 1)
 			{
-				print "<PRE>\n---SENDING---\n" . htmlentities($op) . "\n---END---\n</PRE>";
-				// let the client see this now in case http times out...
+				debug_event('XMLRPC',"\n---SENDING---\n" . htmlentities($op) . "\n---END---\n</PRE>",'1','xmlrpc');
 				flush();
 			}
 
@@ -1458,11 +1457,8 @@ $cp1252_to_xmlent =
 				$encoding_hdr = '';
 			}
 
-			if($this->debug > 1)
-			{
-				print "<PRE>\n---SENDING---\n" . htmlentities($payload) . "\n---END---\n</PRE>";
-				// let the client see this now in case http times out...
-				flush();
+			if($this->debug > 1) {
+				debug_event('XMLRPC',"\n---SENDING---\n" . htmlentities($payload) . "\n---END---\n</PRE>",'1','xmlrpc');
 			}
 
 			if(!$keepalive || !$this->xmlrpc_curl_handle)
@@ -2338,18 +2334,17 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 
 				$data = substr($data, $bd);
 
-				if($this->debug && count($GLOBALS['_xh']['headers']))
-				{
-					print '<PRE>';
-					foreach($GLOBALS['_xh']['headers'] as $header => $value)
-					{
-						print htmlentities("HEADER: $header: $value\n");
+				// If we're debuging and we've got some headers
+				if($this->debug && count($GLOBALS['_xh']['headers'])) {
+					$debug_string = ''; 
+
+					foreach($GLOBALS['_xh']['headers'] as $header => $value) {
+						$debug_string .= "HEADER: $header: $value\n";
 					}
-					foreach($GLOBALS['_xh']['cookies'] as $header => $value)
-					{
-						print htmlentities("COOKIE: $header={$value['value']}\n");
+					foreach($GLOBALS['_xh']['cookies'] as $header => $value) {
+						$debug_string .= "COOKIE: $header={$value['value']}\n";
 					}
-					print "</PRE>\n";
+					debug_event('XMLRPC',"\n---SENDING---\n" . htmlentities($debug_string) . "\n---END---\n",'1','xmlrpc');
 				}
 
 				// if CURL was used for the call, http headers have been processed,
@@ -2381,13 +2376,13 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 								{
 									$data = $degzdata;
 									if($this->debug)
-									print "<PRE>---INFLATED RESPONSE---[".strlen($data)." chars]---\n" . htmlentities($data) . "\n---END---</PRE>";
+									debug_event('XMLRPC',"\n---RESPONSE---\n" . $data . "\n---END---\n",'1','xmlrpc');
 								}
 								elseif($GLOBALS['_xh']['headers']['content-encoding'] == 'gzip' && $degzdata = @gzinflate(substr($data, 10)))
 								{
 									$data = $degzdata;
 									if($this->debug)
-									print "<PRE>---INFLATED RESPONSE---[".strlen($data)." chars]---\n" . htmlentities($data) . "\n---END---</PRE>";
+									debug_event('XMLRPC',"\n---RESPONSE---\n" . $data . "\n---END---\n",'1','xmlrpc');
 								}
 								else
 								{
@@ -2425,7 +2420,7 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
 			if($this->debug)
 			{
 				//by maHo, replaced htmlspecialchars with htmlentities
-				print "<PRE>---GOT---\n" . htmlentities($data) . "\n---END---\n</PRE>";
+				debug_event('XMLRPC',"\n---GOT---\n" . $data . "\n---END---\n",'1','xmlrpc');
 			}
 
 			if($data == '')
diff --git a/templates/show_get_albumart.inc.php b/templates/show_get_albumart.inc.php
index bf831436..a9cf2f37 100644
--- a/templates/show_get_albumart.inc.php
+++ b/templates/show_get_albumart.inc.php
@@ -21,7 +21,6 @@
 */
 ?>
 <?php show_box_top(_('Customize Search')); ?>
-<?php print_r($_GET); ?>
 <form enctype="multipart/form-data" name="coverart" method="post" action="<?php echo Config::get('web_path'); ?>/albums.php?action=find_art&amp;album_id=<?php echo $album->id; ?>&amp;artist_name=<?php echo urlencode($_REQUEST['artist_name']);?>&amp;album_name=<?php echo urlencode($_REQUEST['album_name']); ?>&amp;cover=<?php echo urlencode($_REQUEST['cover']); ?>" style="Display:inline;">
 <table>
 <tr>