API and XML-RPC are still broken, but moved to new session code, sleep time

author: Karl 'vollmerk' Vollmer <vollmer@ampache.org> 2007-12-20 09:12:04 +0000
committer: Karl 'vollmerk' Vollmer <vollmer@ampache.org> 2007-12-20 09:12:04 +0000
commit: 7e1432273ab146abfcce8f226a9bc79eb1f25393 (patch)
tree: 3f804a8849b31a1fa237754c026f81d60973b5da /image.php
parent: 897b35aeddd117409af95b270ec8309c2a564aaa (diff)
download: ampache-7e1432273ab146abfcce8f226a9bc79eb1f25393.tar.gz
ampache-7e1432273ab146abfcce8f226a9bc79eb1f25393.tar.bz2
ampache-7e1432273ab146abfcce8f226a9bc79eb1f25393.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/image.php b/image.php
index e8bb7606..2157a6f5 100644
--- a/image.php
+++ b/image.php
@@ -30,8 +30,9 @@
 define('NO_SESSION','1'); 
 require 'lib/init.php';
 
-// Check their session manually
-if (!vauth_check_session() && !Access::session_exists(array(),$_REQUEST['auth'],'api')) { 
+// Check to see if they've got an interface session or a valid API session, if not GTFO
+if (!vauth::session_exists('interface',$_COOKIE[Config::get('session_name')]) AND !vauth::session_exists('api',$_REQUEST['auth'])) { 
+	debug_event('DENIED','Image Access from Sid:' . $_REQUEST['sid'] . ' OR Auth:' . $_REQUEST['auth'],'1');
 	exit; 
 }
author	Karl 'vollmerk' Vollmer <vollmer@ampache.org>	2007-12-20 09:12:04 +0000
committer	Karl 'vollmerk' Vollmer <vollmer@ampache.org>	2007-12-20 09:12:04 +0000
commit	7e1432273ab146abfcce8f226a9bc79eb1f25393 (patch)
tree	3f804a8849b31a1fa237754c026f81d60973b5da /image.php
parent	897b35aeddd117409af95b270ec8309c2a564aaa (diff)
download	ampache-7e1432273ab146abfcce8f226a9bc79eb1f25393.tar.gz ampache-7e1432273ab146abfcce8f226a9bc79eb1f25393.tar.bz2 ampache-7e1432273ab146abfcce8f226a9bc79eb1f25393.zip