slight format fix on now playing and xmlrpc key fixes

8 files changed, 46 insertions, 32 deletions

diff --git a/lib/class/access.class.php b/lib/class/access.class.php
index 5ad5a219..95fc0b26 100644
--- a/lib/class/access.class.php
+++ b/lib/class/access.class.php
@@ -158,7 +158,7 @@ class Access {
 		} 
 
 		// Clean incomming variables
-		$ip 	= ip2int(intval($ip));
+		$ip 	= ip2int($ip);
 		$user 	= sql_escape($user);
 		$key 	= sql_escape($key);
 		$level	= sql_escape($level);
@@ -187,7 +187,7 @@ class Access {
 				else { $sql .= " AND `user` = '-1'"; }
 			break;
 		} // end switch on type
-
+		
 		$db_results = mysql_query($sql, dbh());
 
 		// Yah they have access they can use the mojo
diff --git a/lib/general.lib.php b/lib/general.lib.php
index 13951642..ab28eebb 100644
--- a/lib/general.lib.php
+++ b/lib/general.lib.php
@@ -299,11 +299,16 @@ function session_exists($sid,$xml_rpc=0) {
 
 		$path = str_replace("//","/",$path);
 		
+		/* Create the XMLRPC client */
 		$client = new xmlrpc_client($path,$server,$port);
 
-		$query = new xmlrpcmsg('remote_session_verify',array(new xmlrpcval($sid,"string")) );
-	
-		if (conf('debug')) { log_event($_SESSION['userdata']['username'],' xmlrpc-client ',"Checking for Valid Remote Session:$sid"); }
+		/* Encode the SID of the incomming client */
+		$encoded_sid 		= new xmlrpcval($sid,"string");
+
+		$query = new xmlrpcmsg('remote_session_verify',array($encoded_sid) );
+
+		/* Log this event */	
+		debug_event('xmlrpc-client',"Checking for Valid Remote Session:$sid",'3'); 
 
 		$response = $client->send($query,30);
 
diff --git a/lib/log.lib.php b/lib/log.lib.php
index ed19984c..01a56be1 100644
--- a/lib/log.lib.php
+++ b/lib/log.lib.php
@@ -89,6 +89,13 @@ function ampache_error_handler($errno, $errstr, $errfile, $errline) {
 		return false; 
 	}
 
+	/* The XML-RPC lib is broken, well kind of 
+	 * shut your pie hole 
+	 */
+	if (strstr($errstr,"used as offset, casting to integer")) { 
+		return false; 
+	}
+
 	$log_line = "[$error_name] $errstr on line $errline in $errfile";
 	debug_event('error',$log_line,$level);
 	
diff --git a/lib/xmlrpc.php b/lib/xmlrpc.php
index 7dc09f01..5c47c377 100644
--- a/lib/xmlrpc.php
+++ b/lib/xmlrpc.php
@@ -37,6 +37,7 @@
  * @catagory Server
  */
 function remote_catalog_query($m) {
+	
 
 	$var = $m->getParam(0);
 	$key = $var->scalarval();
@@ -79,7 +80,7 @@ function remote_catalog_query($m) {
  */
 function remote_song_query($params) { 
 
-        $var = $parms->getParam(0);
+        $var = $params->getParam(0);
         $key = $var->scalarval();
 
         /* Verify the KEY */
@@ -90,6 +91,7 @@ function remote_song_query($params) {
 	$start	= $params->params['1']->me['int'];
 	$step 	= $params->params['2']->me['int'];
 	
+
 	// Get me a list of all local catalogs
 	$sql = "SELECT catalog.id FROM catalog WHERE catalog_type='local'";
 	$db_results = mysql_query($sql, dbh());
@@ -133,7 +135,9 @@ function remote_song_query($params) {
 
 	set_time_limit(0);
 	$encoded_array = php_xmlrpc_encode($results);
-	if (conf('debug')) { log_event($_SESSION['userdata']['username'],' xmlrpc-server ',"Encoded Song Query Results ($start,$step) : " . count($results)); }
+
+	debug_event('xmlrpc-server',"Encoded Song Query Results ($start,$step):" . count($results),'3');
+
 	return new xmlrpcresp($encoded_array);
 
 } // remote_song_query
@@ -141,23 +145,16 @@ function remote_song_query($params) {
 /**
  * remote_session_verify
  * This checks the session on THIS server and returns a true false 
+ * The problem with this funcion is that we don't have the key from 
+ * the other server... this needs to be fixed potential security flaw
+ * Other server still needs read xml-rpc permissions, but no key
  * @package XMLRPC
  * @catagory Server
- * @todo Public/Private Key handshake? 
  */
 function remote_session_verify($params) { 
 
-        $var = $parms->getParam(0);
-        $key = $var->scalarval();
-
-        /* Verify the KEY */
-        if (!remote_key_verify($key,$_SERVER['REMOTE_ADDR'],'5')) {           
-                return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied');
-        }
-
-
 	/* We may need to do this correctly.. :S */
-	$var	= $params->getParam(1);
+	$var	= $params->getParam(0);
 	$sid	= $var->scalarval();
 
 	if (session_exists($sid)) { 
@@ -201,10 +198,10 @@ function remote_server_denied() {
  * passed key and makes sure the IP+KEY+LEVEL 
  * matches in the local ACL
  */
-function remote_key_verify($ip,$key,$level) { 
+function remote_key_verify($key,$ip,$level) { 
 
 	$access = new Access();
-	if ($access->check('xml-rpc',$ip,'',$key,$level)) { 
+	if ($access->check('xml-rpc',$ip,'',$level,$key)) { 
 		return true;
 	}
 
diff --git a/play/index.php b/play/index.php
index c84545b1..9878af0b 100644
--- a/play/index.php
+++ b/play/index.php
@@ -129,8 +129,12 @@ if ($catalog->catalog_type == 'remote') {
 	preg_match("/http:\/\/([^\/]+)\/*(.*)/", conf('web_path'), $match);
 	$server = rawurlencode($match[1]);
 	$path	= rawurlencode($match[2]);
+	$port 	= $_SERVER['SERVER_PORT'];
+	if ($_SERVER['HTTPS'] == 'on') { $ssl='1'; }
+	else { $ssl = '0'; }  
+	$catalog = $catalog->id;
 	
-	$extra_info = "&xml_rpc=1&xml_path=$path&xml_server=$server&xml_port=80&sid=$sid";
+	$extra_info = "&xml_rpc=1&xml_path=$path&xml_server=$server&xml_port=$port&ssl=$ssl&catalog=$catalog&sid=$sid";
 	header("Location: " . $song->file . $extra_info);
 	debug_event('xmlrpc-stream',"Start XML-RPC Stream - " . $song->file . $extra_info,'5');
 	exit;
diff --git a/server/xmlrpc.server.php b/server/xmlrpc.server.php
index ebf5416b..99226262 100644
--- a/server/xmlrpc.server.php
+++ b/server/xmlrpc.server.php
@@ -34,7 +34,7 @@ else { exit(); }
 $access = new Access();
 
 // ** check that the remote server has access to this catalog
-if ($access->check('init-xml-rpc',$_SERVER['REMOTE_ADDR'],'','','5')) {
+if ($access->check('init-xml-rpc',$_SERVER['REMOTE_ADDR'],'','5','')) {
 
 	/* Setup Possible Actions */
 	$methods['remote_catalog_query'] 	= array('function' => 'remote_catalog_query');
diff --git a/templates/default.css b/templates/default.css
index 9bcac5a1..cb013347 100644
--- a/templates/default.css
+++ b/templates/default.css
@@ -594,7 +594,6 @@ li.current-rating{
 	display: block;
 }
 .np_cell {
-	display: inline;
 	margin: 10px;
 }
 #tablist {
diff --git a/templates/show_now_playing_row.inc.php b/templates/show_now_playing_row.inc.php
index bedca730..9046b719 100644
--- a/templates/show_now_playing_row.inc.php
+++ b/templates/show_now_playing_row.inc.php
@@ -20,24 +20,26 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 
 */
 ?>
-<span class="np_row">
-	<span class="np_cell"><?php echo scrub_out($np_user->fullname); ?></span>
-	<span class="np_cell">
+<table class="np_row">
+<tr>
+	<td class="np_cell"><?php echo scrub_out($np_user->fullname); ?></td>
+	<td class="np_cell">
 	<a title="<?php echo scrub_out($song->f_title); ?>" href="<?php echo $web_path; ?>/song.php?action=single_song&amp;song_id=<?php echo $song->id; ?>">
 		<?php echo scrub_out($song->f_title); ?>
 	</a>
-	</span>
-	<span class="np_cell">
+	</td>
+	<td class="np_cell">
 	<a title="<?php echo scrub_out($song->f_album); ?>" href="<?php echo $web_path; ?>/albums.php?action=show&amp;album=<?php echo $song->album; ?>">
 		<?php echo scrub_out($song->f_album); ?></a> /
 	<a title="<?php echo scrub_out($song->f_artist); ?>" href="<?php echo $web_path; ?>/artists.php?action=show&amp;artist=<?php echo $song->artist; ?>">
 		<?php echo scrub_out($song->f_artist); ?>
 	</a>
-	</span>
+	</td>
 	<?php if (conf('play_album_art')) { ?>
-	<span class="np_cell">
+	<td class="np_cell">
 	<a target="_blank" href="<?php echo $web_path; ?>/albumart.php?id=<?php echo $song->album; ?>&amp;type=popup" onclick="popup_art('<?php echo $web_path; ?>/albumart.php?id=<?php echo $song->album; ?>&amp;type=popup'); return false;">
 	<img align="middle" border="0" src="<?php echo $web_path; ?>/albumart.php?id=<?php echo $song->album; ?>&amp;fast=1&amp;thumb=1" alt="Album Art" height="75" /></a>
-	</span>
+	</td>
 	<?php } // end play album art ?>
-</span>
+</tr>
+</table>