diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-23 23:13:38 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-23 23:13:38 +0000 |
| commit | 4ea4de9def83a38fb34cf6a3dcefc29059954c69 (patch) | |
| tree | 6392b3aac06f9b136c98f15fc73e8605879be453 /lib/class/xmlrpcserver.class.php | |
| parent | d3423e0e37a6608edb82a7f6b6aa69d55aafec7d (diff) | |
| download | ampache-4ea4de9def83a38fb34cf6a3dcefc29059954c69.tar.gz ampache-4ea4de9def83a38fb34cf6a3dcefc29059954c69.tar.bz2 ampache-4ea4de9def83a38fb34cf6a3dcefc29059954c69.zip | |
fixed xml-rpc now uses handshake method properly
Diffstat (limited to 'lib/class/xmlrpcserver.class.php')
| -rw-r--r-- | lib/class/xmlrpcserver.class.php | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/lib/class/xmlrpcserver.class.php b/lib/class/xmlrpcserver.class.php index abb8076e..e5f3eff3 100644 --- a/lib/class/xmlrpcserver.class.php +++ b/lib/class/xmlrpcserver.class.php @@ -41,7 +41,7 @@ class xmlRpcServer { $key = $variable->scalarval(); // Check it and make sure we're super green - if (!Access::check_network('rpc',$_SERVER['REMOTE_ADDR'],'','5',$key)) { + if (!vauth::session_exists('xml-rpc',$key)) { debug_event('XMLSERVER','Error ' . $_SERVER['REMOTE_ADDR'] . ' with key ' . $key . ' does not match any ACLs','1'); return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied'); } @@ -85,7 +85,7 @@ class xmlRpcServer { $key = $variable->scalarval(); // Check it and make sure we're super green - if (!Access::check_network('rpc',$_SERVER['REMOTE_ADDR'],'','5',$key)) { + if (!vauth::session_exists('xml-rpc',$key)) { debug_event('XMLSERVER','Error ' . $_SERVER['REMOTE_ADDR'] . ' with key ' . $key . ' does not match any ACLs','1'); return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied'); } @@ -134,12 +134,12 @@ class xmlRpcServer { // Pull out the params $encoded_key = $xmlrpc_object->params['0']->me['string']; - $timestamp = $xmlrpc_object->params['0']->me['int']; + $timestamp = $xmlrpc_object->params['1']->me['int']; // Check the timestamp make sure it's recent if ($timestamp < (time() - 14400)) { debug_event('XMLSERVER','Handshake failure, timestamp too old','1'); - return new xmlrpcresp(php_xmlrpc_encoded("Handshake failure")); + return new xmlrpcresp(0,'503','Handshaek failure, timestamp too old'); } // Log the attempt @@ -158,11 +158,16 @@ class xmlRpcServer { $md5pass = md5($timestamp . $row['key']); if ($md5pass == $encoded_key) { - $token = ''; + $data['type'] = 'xml-rpc'; + $data['username'] = 'System'; + $data['value'] = 'Handshake'; + $token = vauth::session_create($data); + return new xmlrpcresp(php_xmlrpc_encode($token)); } } // end while rows + return new xmlrpcresp(0,'503','Handshaek failure, Key/IP Incorrect'); } // handshake |