diff options
| author | Paul Arthur <paul.arthur@flowerysong.com> | 2013-01-28 18:42:14 -0500 |
|---|---|---|
| committer | Paul Arthur <paul.arthur@flowerysong.com> | 2013-01-28 21:46:00 -0500 |
| commit | fbbb015950cbac84e423d55a2bb6910ddfc10df6 (patch) | |
| tree | a0fe4c38c462e25575c3af2a216b85acaad4bd73 | |
| parent | 0451840fa34dfcffd86a00be8dbda9e4abd3f4d3 (diff) | |
| download | ampache-fbbb015950cbac84e423d55a2bb6910ddfc10df6.tar.gz ampache-fbbb015950cbac84e423d55a2bb6910ddfc10df6.tar.bz2 ampache-fbbb015950cbac84e423d55a2bb6910ddfc10df6.zip | |
Use Session for stream sessions
| -rw-r--r-- | lib/class/api.class.php | 2 | ||||
| -rw-r--r-- | lib/class/session.class.php | 41 | ||||
| -rw-r--r-- | lib/class/stream.class.php | 118 | ||||
| -rw-r--r-- | lib/class/stream_playlist.class.php | 14 | ||||
| -rw-r--r-- | lib/ui.lib.php | 2 | ||||
| -rw-r--r-- | play/index.php | 4 |
6 files changed, 39 insertions, 142 deletions
diff --git a/lib/class/api.class.php b/lib/class/api.class.php index 840e4c07..ddd7bbbc 100644 --- a/lib/class/api.class.php +++ b/lib/class/api.class.php @@ -173,8 +173,6 @@ class Api { $data['value'] = $timestamp; $token = Session::create($data); - // Insert the token into the streamer - Stream::insert_session($token,$client->id); debug_event('API', 'Login Success, passphrase matched', 1); // We need to also get the 'last update' of the diff --git a/lib/class/session.class.php b/lib/class/session.class.php index 1afa47bf..af63dbda 100644 --- a/lib/class/session.class.php +++ b/lib/class/session.class.php @@ -113,13 +113,13 @@ class Session { * This function is randomly called and it cleans up the spoo */ public static function gc($maxlifetime) { - $sql = "DELETE FROM `session` WHERE `expire` < '" . time() . "'"; $db_results = Dba::write($sql); // Also clean up things that use sessions as keys Query::gc(); Tmp_Playlist::gc(); + Stream_Playlist::gc(); return true; } @@ -173,7 +173,10 @@ class Session { // Regenerate the session ID to prevent fixation switch ($data['type']) { case 'api': - $key = md5(uniqid(rand(), true)); + case 'stream': + $key = isset($data['sid']) + ? $data['sid'] + : md5(uniqid(rand(), true)); break; case 'mysql': default: @@ -192,7 +195,13 @@ class Session { $type = Dba::escape($data['type']); $value = Dba::escape($data['value']); $agent = Dba::escape(substr($_SERVER['HTTP_USER_AGENT'], 0, 254)); - $expire = Dba::escape(time() + Config::get('session_length')); + + if ($type == 'stream') { + $expire = time() + Config::get('stream_length'); + } + else { + $expire = time() + Config::get('session_length'); + } if (!strlen($value)) { $value = ' '; } @@ -258,11 +267,11 @@ class Session { // Switch on the type they pass switch ($type) { case 'api': + case 'stream': $key = Dba::escape($key); $time = time(); - $sql = "SELECT * FROM `session` WHERE " . - "`id`='$key' AND `expire` > '$time' " . - "AND `type`='$type'"; + $sql = "SELECT * FROM `session` WHERE `id`='$key' AND " . + "`expire` > '$time' AND `type` IN ('api', 'stream')"; $db_results = Dba::read($sql); if (Dba::num_rows($db_results)) { @@ -287,20 +296,6 @@ class Session { return true; } break; - case 'stream': - $key = Dba::escape($key); - $ip = Dba::escape(inet_pton($data['ip'])); - $agent = Dba::escape($data['agent']); - $sql = "SELECT * FROM `session_stream` WHERE " . - "`id`='$key' AND `expire` > '$time' " . - "AND `ip`='$ip' AND `agent`='$agent'"; - $db_results = Dba::read($sql); - - if (Dba::num_rows($db_results)) { - return true; - } - - break; default: return false; break; @@ -316,13 +311,17 @@ class Session { * * This takes a SID and extends its expiration. */ - public static function extend($sid) { + public static function extend($sid, $type = null) { $time = time(); $sid = Dba::escape($sid); $expire = isset($_COOKIE[Config::get('session_name') . '_remember']) ? $time + Config::get('remember_length') : $time + Config::get('session_length'); + if ($type == 'stream') { + $expire = $time + Config::get('stream_length'); + } + $sql = "UPDATE `session` SET `expire`='$expire' WHERE `id`='$sid'"; if ($db_results = Dba::write($sql)) { debug_event('session', $sid . ' has been extended to ' . date('r', $expire) . ' extension length ' . ($expire - $time), 5); diff --git a/lib/class/stream.class.php b/lib/class/stream.class.php index c2d77e95..35d4eb64 100644 --- a/lib/class/stream.class.php +++ b/lib/class/stream.class.php @@ -24,121 +24,23 @@ class Stream { public static $session; - private static $session_inserted; private function __construct() { // Static class, do nothing. } /** - * get_session - * This returns the current stream session - */ - public static function get_session() { - - if (!self::$session_inserted) { - self::insert_session(self::$session); - } - - return self::$session; - - } // get_session - - /** * set_session + * * This overrides the normal session value, without adding * an additional session into the database, should be called * with care */ public static function set_session($sid) { - - self::$session_inserted = true; self::$session=$sid; - } // set_session /** - * insert_session - * This inserts a row into the session_stream table - */ - public static function insert_session($sid='',$uid='') { - - $sid = $sid ? Dba::escape($sid) : Dba::escape(self::$session); - $uid = $uid ? Dba::escape($uid) : Dba::escape($GLOBALS['user']->id); - - $expire = time() + Config::get('stream_length'); - - $sql = "INSERT INTO `session_stream` (`id`,`expire`,`user`) " . - "VALUES('$sid','$expire','$uid')"; - $db_results = Dba::write($sql); - - if (!$db_results) { return false; } - - self::$session_inserted = true; - - return true; - - } // insert_session - - /** - * session_exists - * This checks to see if the passed stream session exists and is valid - */ - public static function session_exists($sid) { - - $sid = Dba::escape($sid); - $time = time(); - - $sql = "SELECT * FROM `session_stream` WHERE `id`='$sid' AND `expire` > '$time'"; - $db_results = Dba::write($sql); - - if ($row = Dba::fetch_assoc($db_results)) { - return true; - } - - return false; - - } // session_exists - - /** - * gc - * This function performes the garbage collection stuff, run on extend - * and on now playing refresh. - */ - public static function gc() { - - $time = time(); - $sql = "DELETE FROM `session_stream` WHERE `expire` < '$time'"; - $db_results = Dba::write($sql); - - Stream_Playlist::gc(); - - } - - /** - * extend_session - * This takes the passed sid and does a replace into also setting the user - * agent and IP also do a little GC in this function - */ - public static function extend_session($sid,$uid) { - - $expire = time() + Config::get('stream_length'); - $sid = Dba::escape($sid); - $agent = Dba::escape($_SERVER['HTTP_USER_AGENT']); - $ip = Dba::escape(inet_pton($_SERVER['REMOTE_ADDR'])); - $uid = Dba::escape($uid); - - $sql = "UPDATE `session_stream` SET `expire`='$expire', `agent`='$agent', `ip`='$ip' " . - "WHERE `id`='$sid'"; - $db_results = Dba::write($sql); - - self::gc(); - - return true; - - } // extend_session - - /** * start_transcode * * This is a rather complex function that starts the transcoding or @@ -261,10 +163,10 @@ class Stream { */ public static function gc_now_playing() { - // Remove any now playing entries for session_streams that have been GC'd + // Remove any now playing entries for sessions that have been GC'd $sql = "DELETE FROM `now_playing` USING `now_playing` " . - "LEFT JOIN `session_stream` ON `session_stream`.`id`=`now_playing`.`id` " . - "WHERE `session_stream`.`id` IS NULL OR `now_playing`.`expire` < '" . time() . "'"; + "LEFT JOIN `session` ON `session`.`id`=`now_playing`.`id` " . + "WHERE `session`.`id` IS NULL OR `now_playing`.`expire` < '" . time() . "'"; $db_results = Dba::write($sql); } // gc_now_playing @@ -308,9 +210,9 @@ class Stream { */ public static function get_now_playing($filter=NULL) { - $sql = "SELECT `session_stream`.`agent`,`now_playing`.* " . + $sql = "SELECT `session`.`agent`,`now_playing`.* " . "FROM `now_playing` " . - "LEFT JOIN `session_stream` ON `session_stream`.`id`=`now_playing`.`id` " . + "LEFT JOIN `session` ON `session`.`id`=`now_playing`.`id` " . "ORDER BY `now_playing`.`expire` DESC"; $db_results = Dba::read($sql); @@ -355,11 +257,9 @@ class Stream { * This is called on class load it sets the session */ public static function _auto_init() { - // Generate the session ID - self::$session = md5(uniqid(rand(), true)); - - } // auto_init + self::$session = Session::create(array('type' => 'stream')); + } /** * run_playlist_method @@ -401,7 +301,7 @@ class Stream { public static function get_base_url() { if (Config::get('require_session')) { - $session_string = 'ssid=' . Stream::get_session() . '&'; + $session_string = 'ssid=' . self::$session . '&'; } $web_path = Config::get('web_path'); diff --git a/lib/class/stream_playlist.class.php b/lib/class/stream_playlist.class.php index 6ddb158e..b442bd4b 100644 --- a/lib/class/stream_playlist.class.php +++ b/lib/class/stream_playlist.class.php @@ -40,14 +40,14 @@ class Stream_Playlist { */ public function __construct($id = null) { - if($id) { + if ($id) { Stream::set_session($id); } - $this->id = Dba::escape(Stream::get_session()); + $this->id = Dba::escape(Stream::$session); - if (!Stream::session_exists($this->id)) { - debug_event('stream_playlist', 'Stream::session_exists failed', 2); + if (!Session::exists('stream', $this->id)) { + debug_event('stream_playlist', 'Session::exists failed', 2); return false; } @@ -87,9 +87,9 @@ class Stream_Playlist { public static function gc() { $sql = 'DELETE FROM `stream_playlist` ' . - 'USING `stream_playlist` LEFT JOIN `session_stream` ' . - 'ON `session_stream`.`id`=`stream_playlist`.`sid` ' . - 'WHERE `session_stream`.`id` IS NULL'; + 'USING `stream_playlist` LEFT JOIN `session` ' . + 'ON `session`.`id`=`stream_playlist`.`sid` ' . + 'WHERE `session`.`id` IS NULL'; return Dba::write($sql); } diff --git a/lib/ui.lib.php b/lib/ui.lib.php index 1ac4159d..3769881a 100644 --- a/lib/ui.lib.php +++ b/lib/ui.lib.php @@ -538,7 +538,7 @@ function print_bool($value) { */ function show_now_playing() { - Stream::gc(); + Session::gc(); Stream::gc_now_playing(); $web_path = Config::get('web_path'); diff --git a/play/index.php b/play/index.php index 9c22f909..a6638e0c 100644 --- a/play/index.php +++ b/play/index.php @@ -86,7 +86,7 @@ if (Config::get('require_session')) { if (!Config::get('require_localnet_session') AND Access::check_network('network',$GLOBALS['user']->id,'5')) { debug_event('play', 'Streaming access allowed for local network IP ' . $_SERVER['REMOTE_ADDR'],'5'); } - elseif(!Stream::session_exists($sid)) { + else if(!Session::exists('stream', $sid)) { debug_event('UI::access_denied', 'Streaming access denied: ' . $GLOBALS['user']->username . "'s session has expired", 3); header('HTTP/1.1 403 Session Expired'); exit; @@ -94,7 +94,7 @@ if (Config::get('require_session')) { // Now that we've confirmed the session is valid // extend it - Stream::extend_session($sid,$uid); + Session::extend($sid, 'stream'); } |