diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2006-09-25 01:05:23 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2006-09-25 01:05:23 +0000 |
| commit | e32557bf900153c5cfb0d2f28640aa9091ef7488 (patch) | |
| tree | 56e2d9b722c582d536a6b3e8065914851894db72 | |
| parent | 3ad79fc4c9a6718a336fd929e33b6a0ac9bbf173 (diff) | |
| download | ampache-e32557bf900153c5cfb0d2f28640aa9091ef7488.tar.gz ampache-e32557bf900153c5cfb0d2f28640aa9091ef7488.tar.bz2 ampache-e32557bf900153c5cfb0d2f28640aa9091ef7488.zip | |
finished up ACL work
| -rwxr-xr-x | docs/CHANGELOG | 7 | ||||
| -rw-r--r-- | lib/class/access.class.php | 49 | ||||
| -rw-r--r-- | lib/class/update.class.php | 33 | ||||
| -rw-r--r-- | lib/init.php | 2 | ||||
| -rw-r--r-- | lib/ui.lib.php | 40 | ||||
| -rw-r--r-- | play/index.php | 12 | ||||
| -rw-r--r-- | templates/default.css | 1 | ||||
| -rw-r--r-- | templates/show_access_list.inc | 5 | ||||
| -rw-r--r-- | templates/show_add_access.inc | 50 | ||||
| -rw-r--r-- | templates/show_edit_access.inc | 34 |
10 files changed, 175 insertions, 58 deletions
diff --git a/docs/CHANGELOG b/docs/CHANGELOG index 55e82e5a..f1692980 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -4,11 +4,14 @@ -------------------------------------------------------------------------- v.3.3.2 + - Added New ACL system which allows user based ACL's and + introduces shared keys for xml-rpc communication and + local/remote network definitions for auto-downsampling - Introduced new Theming method and 'migrated' all old themes in /contrib results may vary. (Thx Ros) - Added ability to search by Rating, requires MySQL 4.0 or above - - Page headers now limited to 20 pages with [....] between top - and bottom 10. + - Page headers now limited to 30 pages with [....] between top + and bottom 15. - Added Browse by Title functionality (Thx Rubin) - Added Min Album size as preference, defaults to 0 (Thx Rubin) - Fixed a problem with the automatic registration sorting on user diff --git a/lib/class/access.class.php b/lib/class/access.class.php index 330156b7..5e664741 100644 --- a/lib/class/access.class.php +++ b/lib/class/access.class.php @@ -89,8 +89,13 @@ class Access { $start = ip2int($data['start']); $end = ip2int($data['end']); $level = sql_escape($data['level']); - - $sql = "UPDATE access_list SET start='$start', end='$end', level='$level' WHERE id='" . sql_escape($this->id) . "'"; + $user = sql_escape($data['user']); + $key = sql_escape($data['key']); + + $sql = "UPDATE access_list " . + "SET start='$start', end='$end', level='$level', user='$user' " . + "WHERE id='" . sql_escape($this->id) . "'"; + $db_results = mysql_query($sql, dbh()); return true; @@ -115,10 +120,12 @@ class Access { $level = intval($level); $type = $this->validate_type($type); - $sql = "INSERT INTO access_list (`name`,`level`,`start`,`end`) VALUES ". - "('$name','$level','$start','$end')"; + $sql = "INSERT INTO access_list (`name`,`level`,`start`,`end`,`key`,`user`,`type`) " . + "VALUES ('$name','$level','$start','$end','$key','$user','$type')"; $db_results = mysql_query($sql, dbh()); + return true; + } // create /*! @@ -140,7 +147,7 @@ class Access { @function check @discussion check to see if they have rights */ - function check($needed, $ip) { + function check($type,$ip,$user,$level,$key='') { // They aren't using access control // lets just keep on trucking @@ -148,9 +155,29 @@ class Access { return true; } - $ip = ip2int($ip); + // Clean incomming variables + $ip = ip2int(intval($ip)); + $user = sql_escape($user); + $key = sql_escape($key); + $level = sql_escape($level); - $sql = "SELECT id FROM access_list WHERE start<='$ip' AND end>='$ip' AND level>='$needed'"; + switch ($type) { + case 'xml-rpc': + $sql = "SELECT id FROM access_list" . + " WHERE `start` <= '$ip' AND `end` >= '$ip'" . + " AND `key` = '$key' AND `level` >= '$level'"; + break; + case 'network': + case 'interface': + case 'stream': + default: + $sql = "SELECT id FROM access_list" . + " WHERE `start` <= '$ip' AND `end` >= '$ip'" . + " AND `level` >= '$level' AND `type` = '$type'"; + if (strlen($user)) { $sql .= " AND (`user` = '$user' OR `user` IS NULL)"; } + else { $sql .= " AND `user` IS NULL"; } + break; + } // end switch on type $db_results = mysql_query($sql, dbh()); // Yah they have access they can use the mojo @@ -240,9 +267,13 @@ class Access { * Take a user and return their full name */ function get_user_name() { - + $user = new User($this->user); - return $user->name; + if ($user->username) { + return $user->fullname . " (" . $user->username . ")"; + } + + return false; } // get_user_name diff --git a/lib/class/update.class.php b/lib/class/update.class.php index ca5b4d6e..e505ea87 100644 --- a/lib/class/update.class.php +++ b/lib/class/update.class.php @@ -281,12 +281,13 @@ class Update { $version[] = array('version' => '332011','description' => $update_string); $update_string = '- Reworked All Indexes on tables, hopefully leading to performance improvements.<br />' . - '- Added live_stream table for radio station support.<br />' . '- Added id int(11) UNSIGNED fields to a few tables missing it.<br />' . '- Removed DB Based color/font preferences and Theme preferences catagory.<br />'; $version[] = array('version' => '332012','description' => $update_string); + $update_string = '- Added live_stream table for radio station support.<br />'; + return $version; @@ -1643,17 +1644,6 @@ class Update { */ function update_332012() { - $sql = "CREATE TABLE `live_stream` (" . - "`id` INT( 11 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY ," . - "`name` VARCHAR( 128 ) NOT NULL ," . - "`site_url` VARCHAR( 255 ) NOT NULL ," . - "`url` VARCHAR( 255 ) NOT NULL ," . - "`genre` INT( 11 ) UNSIGNED NOT NULL ," . - "`catalog` INT( 11 ) UNSIGNED NOT NULL ," . - "`frequency` VARCHAR( 32 ) NOT NULL ," . - "`call_sign` VARCHAR( 32 ) NOT NULL" . - ") ENGINE = MYISAM"; - /* Clean Up Indexes */ // Access List @@ -1785,6 +1775,25 @@ class Update { $this->set_version('db_version','332012'); } // update_332012 + + /** + * update_332013 + * OMG BeatingsForVollmer++ + */ + function update_332013() { + + $sql = "CREATE TABLE `live_stream` (" . + "`id` INT( 11 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY ," . + "`name` VARCHAR( 128 ) NOT NULL ," . + "`site_url` VARCHAR( 255 ) NOT NULL ," . + "`url` VARCHAR( 255 ) NOT NULL ," . + "`genre` INT( 11 ) UNSIGNED NOT NULL ," . + "`catalog` INT( 11 ) UNSIGNED NOT NULL ," . + "`frequency` VARCHAR( 32 ) NOT NULL ," . + "`call_sign` VARCHAR( 32 ) NOT NULL" . + ")"; + + } // update_332013 } // end update class ?> diff --git a/lib/init.php b/lib/init.php index f3be960e..703f6bbe 100644 --- a/lib/init.php +++ b/lib/init.php @@ -80,7 +80,7 @@ if (!$results['allow_stream_playback']) { /** This is the version.... fluf nothing more... **/ -$results['version'] = '3.3.2 Build (003)'; +$results['version'] = '3.3.2 Build (004)'; $results['raw_web_path'] = $results['web_path']; $results['web_path'] = $http_type . $_SERVER['HTTP_HOST'] . $results['web_path']; diff --git a/lib/ui.lib.php b/lib/ui.lib.php index f4783b53..88f050ec 100644 --- a/lib/ui.lib.php +++ b/lib/ui.lib.php @@ -888,31 +888,31 @@ function get_location() { case 'preferences.php': $location['title'] = 'Preferences'; break; - case 'admin/index.php': + case 'adminindex.php': $location['title'] = 'Admin'; $location['section'] = 'admin'; break; - case 'admin/catalog.php': + case 'admincatalog.php': $location['title'] = 'Catalog'; $location['section'] = 'admin'; break; - case 'admin/users.php': + case 'adminusers.php': $location['title'] = 'User Management'; $location['section'] = 'admin'; break; - case 'admin/mail.php': + case 'adminmail.php': $location['title'] = 'Mail Users'; $location['section'] = 'admin'; break; - case 'admin/access.php': + case 'adminaccess.php': $location['title'] = 'Manage Access Lists'; $location['section'] = 'admin'; break; - case 'admin/preferences.php': + case 'adminpreferences.php': $location['title'] = 'Site Preferences'; $location['section'] = 'admin'; break; - case 'admin/modules.php': + case 'adminmodules.php': $location['title'] = 'Manage Modules'; $location['section'] = 'admin'; break; @@ -1263,6 +1263,32 @@ function show_catalog_select($name='catalog',$catalog_id=0,$style='') { } // show_catalog_select + +/** + * show_user_select + * This one is for users! shows a select/option statement so you can pick a user + * to blame + */ +function show_user_select($name,$selected='',$style='') { + + echo "<select name=\"$name\" style=\"$style\">\n"; + echo "\t<option value=\"\">" . _('None') . "</option>\n"; + + $sql = "SELECT username as id,fullname FROM user ORDER BY fullname"; + $db_results = mysql_query($sql, dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + $select_txt = ''; + if ($r['id'] == $selected) { + $select_txt = 'selected="selected"'; + } + + echo "\t<option value=\"" . $r['id'] . "\" $select_txt>" . scrub_out($r['fullname']) . "</option>\n"; + + } // end while users + +} // show_user_select + /** * show_box_top * This function requires the top part of the box diff --git a/play/index.php b/play/index.php index 91f1323f..1dbf8ef1 100644 --- a/play/index.php +++ b/play/index.php @@ -74,7 +74,8 @@ if (conf('demo_mode') || (!$GLOBALS['user']->has_access('25') && !$xml_rpc) ) { */ if (conf('access_control')) { $access = new Access(0); - if (!$access->check("25", $_SERVER['REMOTE_ADDR'])) { + if (!$access->check('stream',$_SERVER['REMOTE_ADDR'],$GLOBALS['user']->username,'25') AND + !$access->check('network',$_SERVER['REMOTE_ADDR'],$GLOBALS['user']->username,'25')) { debug_event('access_denied', "Streaming Access Denied: " . $_SERVER['REMOTE_ADDR'] . " does not have stream level access",'3'); access_denied(); } @@ -189,8 +190,15 @@ header("Accept-Ranges: bytes" ); // Prevent the script from timing out set_time_limit(0); + +/* If access control is on and they aren't local, downsample! */ +if (conf('access_control')) { + if (!$access->check('network',$_SERVER['REMOTE_ADDR'],$GLOBALS['user']->username,'25')) { + $not_local = true; + } +} // if access_control -if ($GLOBALS['user']->prefs['play_type'] == 'downsample' || !$song->native_stream()) { +if ($GLOBALS['user']->prefs['play_type'] == 'downsample' || !$song->native_stream() || $not_local) { $results = start_downsample($song,$lastid,$song_name); $fp = $results['handle']; $song->size = $results['size']; diff --git a/templates/default.css b/templates/default.css index 5939425a..d6bd5b98 100644 --- a/templates/default.css +++ b/templates/default.css @@ -506,6 +506,7 @@ li.current-rating{ } .box-title { border-bottom: solid 1px; #000000; + font-size: 1.05em; font-weight: bold; } .box-left-top { diff --git a/templates/show_access_list.inc b/templates/show_access_list.inc index 13a24fbd..20dddab0 100644 --- a/templates/show_access_list.inc +++ b/templates/show_access_list.inc @@ -44,7 +44,7 @@ stream from this server.</p> <a href="<?php echo $web_path; ?>/admin/access.php?action=show_add_host"><?php echo _('Add Entry'); ?></a> </span> </p> - +<?php if (count($list)) { ?> <table cellspacing="1" cellpadding="3" class="border"> <tr class="table-header" align="center"> <td><?php echo _('Name'); ?></td> @@ -57,7 +57,6 @@ stream from this server.</p> <td><?php echo _('Action'); ?></td> </tr> <?php -if (count($list)) { /* Start foreach List Item */ foreach ($list as $access) { ?> @@ -77,7 +76,7 @@ if (count($list)) { </tr> <?php $row_classes = array_reverse($row_classes); ?> <?php } // end foreach ?> -<?php } // end if count ?> </table> +<?php } // end if count ?> <?php show_box_bottom(); ?> diff --git a/templates/show_add_access.inc b/templates/show_add_access.inc index 9c878365..237f0c6f 100644 --- a/templates/show_add_access.inc +++ b/templates/show_add_access.inc @@ -19,10 +19,6 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -/*! - @header Add Access List Entry -*/ ?> <?php show_box_top(_('Add Access for a Host')); ?> <p><?php echo _('Use the form below to add a host that you want to have access to your Ampache catalog.'); ?></p> @@ -31,39 +27,65 @@ <form name="update_catalog" method="post" enctype="multipart/form-data" action="<?php echo conf('web_path'); ?>/admin/access.php"> <table cellpadding="5" cellspacing="0" border="0"> <tr> - <td><?php echo _('Name'); ?>: </td> + <td><?php echo _('Name'); ?>:</td> <td> - <input type="text" name="name" value="<?php echo $_REQUEST['name']; ?>" size="30" /> + <input type="text" name="name" value="<?php echo scrub_out($_REQUEST['name']); ?>" size="20" /> </td> </tr> <tr> <td><?php echo _('Start IP Address'); ?>:</td> <td> - <input type="text" name="start" value="<?php echo $_REQUEST['start']; ?>" size="20" maxlength="15" /> + <input type="text" name="start" value="<?php echo scrub_out($_REQUEST['start']); ?>" size="20" maxlength="15" /> </td> </tr> <tr> <td><?php echo _('End IP Address'); ?>:</td> <td> - <input type="text" name="end" value="<?php echo $_REQUEST['end']; ?>" size="20" maxlength="15" /> + <input type="text" name="end" value="<?php echo scrub_out($_REQUEST['end']); ?>" size="20" maxlength="15" /> + </td> +</tr> +<tr> + <td><?php echo _('User'); ?>:</td> + <td> + <?php show_user_select('user'); ?> </td> </tr> <tr> <td><?php echo _('Level'); ?>:</td> <td> <select name="level"> - <option selected="selected" value="5" ><?php echo _('Demo'); ?></option> - <option value="25"><?php echo _('Stream'); ?></option> - <option value="50"><?php echo _('Stream/Download'); ?></option> - <option value="75"><?php echo _('XML-RPC'); ?></option> + <option selected="selected" value="5" ><?php echo _('View'); ?></option> + <option value="25"><?php echo _('Read'); ?></option> + <option value="50"><?php echo _('Read/Write'); ?></option> + <option value="75"><?php echo _('All'); ?></option> + </select> + </td> +</tr> +<tr> + <td><?php echo _('ACL Type'); ?>:</td> + <td> + <select name="type"> + <option selected="selected" value="stream"><?php echo _('Stream Access'); ?></option> + <option value="interface"><?php echo _('Web Interface'); ?></option> + <option value="network"><?php echo _('Local Network Definition'); ?></option> + <option vlaue="xml-rpc"><?php echo _('XML-RPC'); ?></option> </select> </td> </tr> <tr> - <td> </td> + <td colspan="2"><br /><?php echo _('XML-RPC Options'); ?>:</td> +</tr> +<tr> + <td><?php echo _('Remote Key'); ?>:</td> <td> + <input type="text" name="key" value="<?php echo scrub_out($_REQUEST['end']); ?>" size="32" maxlength="32" /> + </td> +</tr> +<tr> + <td colspan="2"> + <br /> <input type="hidden" name="action" value="add_host" /> - <input type="submit" value="<?php echo _('Add Host'); ?>" /> + <input type="submit" value="<?php echo _('Create ACL'); ?>" /> </td> </tr> </table> diff --git a/templates/show_edit_access.inc b/templates/show_edit_access.inc index 95adad9e..21794aaf 100644 --- a/templates/show_edit_access.inc +++ b/templates/show_edit_access.inc @@ -20,16 +20,18 @@ */ ?> - -<p class="header1"><?php echo _('Edit Access List'); ?></p> - +<?php show_box_top(_('Edit Access List')); ?> <form name="edit_access" method="post" enctype="multipart/form-data" action="<?php echo conf('web_path'); ?>/admin/access.php"> -<table class="text-box"> +<table> <tr> <td><?php echo _('Name'); ?>: </td> <td><?php echo scrub_out($access->name); ?></td> </tr> <tr> + <td><?php echo _('ACL Type'); ?>: </td> + <td><?php echo scrub_out($access->get_type_name()); ?></td> +</tr> +<tr> <td><?php echo _('Start IP Address'); ?>:</td> <td> <input type="text" name="start" value="<?php echo int2ip($access->start); ?>" size="20" maxlength="15" /> @@ -42,14 +44,29 @@ </td> </tr> <tr> + <td><?php echo _('User'); ?>:</td> + <td> + <?php show_user_select('user',$access->user); ?> + </td> +</tr> +<?php if ($access->type == 'xml-rpc') { ?> +<tr> + <td><?php echo _('Remote Key'); ?></td> + <td> + <input type="text" name="key" value="<?php echo scrub_out($access->key); ?>" size="32" maxlength="32" /> + </td> +</tr> +<?php } ?> +</tr> +<tr> <td><?php echo _('Level'); ?>:</td> <td> <select name="level"> <?php $name = 'level_' . $access->level; ${$name} = 'selected="selected"'; ?> - <option value="5" <?php echo $level_5; ?>><?php echo _('Demo'); ?></option> - <option value="25" <?php echo $level_25; ?>><?php echo _('Stream'); ?></option> - <option value="50" <?php echo $level_50; ?>><?php echo _('Stream/Download'); ?></option> - <option value="75" <?php echo $level_75; ?>><?php echo _('XML-RPC'); ?></option> + <option value="5" <?php echo $level_5; ?>><?php echo _('View'); ?></option> + <option value="25" <?php echo $level_25; ?>><?php echo _('Read'); ?></option> + <option value="50" <?php echo $level_50; ?>><?php echo _('Read/Write'); ?></option> + <option value="75" <?php echo $level_75; ?>><?php echo _('All'); ?></option> </select> </td> </tr> @@ -63,3 +80,4 @@ </tr> </table> </form> +<?php show_box_bottom(); ?> |