switched to sha() password encryption not using sha2 because of limitations of amarok, also added some caching and fixed some misc bugs

author: Karl 'vollmerk' Vollmer <vollmer@ampache.org> 2008-07-26 07:43:18 +0000
committer: Karl 'vollmerk' Vollmer <vollmer@ampache.org> 2008-07-26 07:43:18 +0000
commit: 392354df0a4f2c21aabad2f1b527448251a60f99 (patch)
tree: ab34820cef4990e4139326ccd2e507c5731d216c /lib/class
parent: 975af37b254ebc74533f1562005dccf75ef0f021 (diff)
download: ampache-392354df0a4f2c21aabad2f1b527448251a60f99.tar.gz
ampache-392354df0a4f2c21aabad2f1b527448251a60f99.tar.bz2
ampache-392354df0a4f2c21aabad2f1b527448251a60f99.zip
8 files changed, 107 insertions, 27 deletions
diff --git a/lib/class/browse.class.php b/lib/class/browse.class.php
index 3cb06b5b..750ea4c7 100644
--- a/lib/class/browse.class.php
+++ b/lib/class/browse.class.php
@@ -195,7 +195,7 @@ class Browse {
 			case 'catalog':
 			case 'album':
 			case 'artist':
-			case 'genre':
+			case 'tag':
 			case 'shoutbox': 
 			case 'live_stream':
 				// Set it
diff --git a/lib/class/catalog.class.php b/lib/class/catalog.class.php
index e518c5b8..723d7c55 100644
--- a/lib/class/catalog.class.php
+++ b/lib/class/catalog.class.php
@@ -502,7 +502,7 @@ class Catalog {
 
 				// Check to make sure the filename is of the expected charset
 				if (function_exists('iconv')) { 
-					if (strcmp($full_file,iconv(Config::get('site_charset'),Config::get('site_charset') . '//IGNORE',$full_file)) != '0') { 
+					if (strcmp($full_file,iconv(Config::get('site_charset'),Config::get('site_charset'),$full_file)) != '0') { 
 						debug_event('read',$full_file . ' has non-' . Config::get('site_charset') . ' characters and can not be indexed','1'); 
 						Error::add('catalog_add',$full_file . ' ' . _('does not match site charset')); 
 						continue; 
diff --git a/lib/class/dba.class.php b/lib/class/dba.class.php
index 4f97f6db..7cee79ed 100644
--- a/lib/class/dba.class.php
+++ b/lib/class/dba.class.php
@@ -68,6 +68,28 @@ class Dba {
 	} // query
 
 	/**
+	 * read
+	 * This is a wrapper for query, it's so that in the future if we ever wanted
+	 * to split reads and writes we could
+	 */
+	public static function read($sql) { 
+
+		return self::query($sql); 
+
+	} // read
+
+	/**
+	 * write
+	 * This is a wrapper for a write query, it is so that we can split out reads and
+	 * writes if we want to 
+	 */
+	public static function write($sql) { 
+
+		return self::query($sql); 
+
+	} // write
+
+	/**
 	 * escape
 	 * This runs a escape on a variable so that it can be safely inserted
 	 * into the sql 
diff --git a/lib/class/error.class.php b/lib/class/error.class.php
index 13f96882..2c4679ec 100644
--- a/lib/class/error.class.php
+++ b/lib/class/error.class.php
@@ -27,8 +27,8 @@
  */
 class Error { 
 
-	public static $state = false; // set to one when an error occurs
-	public static $errors = array(); // Errors array key'd array with errors that have occured
+	private static $state = false; // set to one when an error occurs
+	private static $errors = array(); // Errors array key'd array with errors that have occured
 
 	/**
 	 * __constructor
@@ -81,6 +81,18 @@ class Error {
 
 	} // add
 
+	/**	
+	 * occurred
+	 * This returns true / false if an error has occured anywhere
+	 */
+	public static function occurred() { 
+
+		if (self::$state == '1') { return true; } 
+
+		return false; 
+
+	} // occurred
+
 	/**
 	 * get
 	 * This returns an error by name
diff --git a/lib/class/rating.class.php b/lib/class/rating.class.php
index 6d89b8fb..5d2f9bf2 100644
--- a/lib/class/rating.class.php
+++ b/lib/class/rating.class.php
@@ -64,26 +64,26 @@ class Rating extends database_object {
 	 * //FIXME: Improve logic so that misses get cached as average
 	 */
 	public static function build_cache($type, $ids) {
-	
+		
 		$user_id = Dba::escape($GLOBALS['user']->id); 
 
 		$idlist = '(' . implode(',', $ids) . ')';
 		$sql = "SELECT `rating`, `object_id`,`rating`.`rating` FROM `rating` WHERE `user`='$user_id' AND `object_id` IN $idlist " . 
 			"AND `object_type`='$type'";
-		$db_results = Dba::query($sql);
+		$db_results = Dba::read($sql);
 
 		while ($row = Dba::fetch_assoc($db_results)) {
 			$user[$row['object_id']] = $row['rating']; 
 		}
 		
 		$sql = "SELECT `rating`,`object_id` FROM `rating` WHERE `object_id` IN $idlist AND `object_type`='$type'"; 
-		$db_results = Dba::query($sql); 
+		$db_results = Dba::read($sql); 
 		
 		while ($row = Dba::fetch_assoc($db_results)) { 
 			$rating[$row['object_id']]['rating'] += $row['rating']; 
 			$rating[$row['object_id']]['total']++; 
   		} 
-		
+
 		foreach ($ids as $id) { 
 			parent::add_to_cache('rating_' . $type . '_user',$id,intval($user[$id])); 
 
diff --git a/lib/class/song.class.php b/lib/class/song.class.php
index 806a81f9..b73ab1e8 100644
--- a/lib/class/song.class.php
+++ b/lib/class/song.class.php
@@ -86,7 +86,7 @@ class Song extends database_object {
 				"addition_time FROM `song` " .
 				"LEFT JOIN `tag_map` ON `tag_map`.`object_id`=`song`.`id` AND `tag_map`.`object_type`='song' " . 
 				"WHERE `song`.`id` IN $idlist";
-		$db_results = Dba::query($sql);
+		$db_results = Dba::read($sql);
 	  
 		while ($row = Dba::fetch_assoc($db_results)) {
 			parent::add_to_cache('song',$row['id'],$row); 
@@ -100,9 +100,14 @@ class Song extends database_object {
 		Tag::build_cache($tags); 
 		Tag::build_map_cache('song',$song_ids); 
 
+		// If we're rating this then cache them as well
+		if (Config::get('ratings')) { 
+			Rating::build_cache('song',$song_ids); 
+		} 
+
 		// Build a cache for the song's extended table
 		$sql = "SELECT * FROM `song_data` WHERE `song_id` IN $idlist"; 
-		$db_results = Dba::query($sql); 
+		$db_results = Dba::read($sql); 
 
 		while ($row = Dba::fetch_assoc($db_results)) { 
 			parent::add_to_cache('song_data',$row['song_id'],$row); 
diff --git a/lib/class/user.class.php b/lib/class/user.class.php
index 2cdcf251..4d50f5ba 100644
--- a/lib/class/user.class.php
+++ b/lib/class/user.class.php
@@ -360,7 +360,7 @@ class User extends database_object {
 			Error::add('password',_("Error Passwords don't match")); 
 		} 
 
-		if (Error::$state) { 
+		if (Error::occurred()) { 
 			return false; 
 		} 
 		
@@ -593,7 +593,7 @@ class User extends database_object {
 		/* Now Insert this new user */
 		$sql = "INSERT INTO `user` (`username`, `fullname`, `email`, `password`, `access`, `create_date`) VALUES" .
 			" ('$username','$fullname','$email',PASSWORD('$password'),'$access','" . time() ."')";
-		$db_results = Dba::query($sql);
+		$db_results = Dba::write($sql);
 		
 		if (!$db_results) { return false; }
 
@@ -613,9 +613,11 @@ class User extends database_object {
 	 */
 	public function update_password($new_password) { 
 
+		$new_password = hash('sha1',$new_password); 
+
 		$new_password = Dba::escape($new_password);
-		$sql = "UPDATE `user` SET `password`=PASSWORD('$new_password') WHERE `id`='$this->id'";
-		$db_results = Dba::query($sql);
+		$sql = "UPDATE `user` SET `password`='$new_password' WHERE `id`='$this->id'";
+		$db_results = Dba::write($sql);
 
 	} // update_password 
 
@@ -641,7 +643,7 @@ class User extends database_object {
 		/* Calculate their total Bandwidth Useage */
 		$sql = "SELECT `song`.`size` FROM `song` LEFT JOIN `object_count` ON `song`.`id`=`object_count`.`object_id` " . 
 			"WHERE `object_count`.`user`='$this->id' AND `object_count`.`object_type`='song'";
-		$db_results = Dba::query($sql);
+		$db_results = Dba::read($sql);
 
 		while ($r = Dba::fetch_assoc($db_results)) { 
 			$total = $total + $r['size'];
diff --git a/lib/class/vauth.class.php b/lib/class/vauth.class.php
index 400edf6d..c6189250 100644
--- a/lib/class/vauth.class.php
+++ b/lib/class/vauth.class.php
@@ -462,21 +462,59 @@ class vauth {
 	} // authenticate
 
 	/**
- 	 * mysql_auth
-	 * This is a private function, it should only be called by authenticate
+	 * mysql_auth
+	 * This is the core function of authentication by ampache. It checks their current password
+	 * and then tries to figure out if it can use the new SHA password hash or if it needs to fall
+	 * back on the mysql method
 	 */
 	private static function mysql_auth($username,$password) { 
 
-	        $username = Dba::escape($username);
-	        $password = Dba::escape($password);
+		$username = Dba::escape($username); 
+		$password = Dba::escape($password); 
 
-	        $password_check_sql = "PASSWORD('$password')";
+		if (!strlen($password) OR !strlen($username)) { 
+			Error::add('general',_('Error Username or Password incorrect, please try again')); 
+			return false; 
+		} 
 
-	        // If they don't have a password kick em ou
-	        if (!strlen($password)) {
-	                Error::add('general','Error Username or Password incorrect, please try again');
-	                return false;
-	        }
+		// We have to pull the password in order to figure out how to handle it *cry*
+		$sql = "SELECT `password` FROM `user` WHERE `username`='$username'"; 
+		$db_results = Dba::read($sql); 
+		$row = Dba::fetch_assoc($db_results); 
+
+		// If it's using the old method then roll with that
+		if (substr($row['password'],0,1) == '*' OR strlen($row['password']) < 32) { 
+			$response = self::vieux_mysql_auth($username,$password); 
+			return $response; 
+		} 
+
+		// Use SHA1 for the password, we aren't using SHA2 because Amarok can't handle it *cry*
+		$password = hash('sha1',$password); 
+	
+		$sql = "SELECT `username`,`id` FROM `user` WHERE `password`='$password' AND `username`='$username'"; 	
+		$db_results = Dba::read($sql); 
+
+		$row = Dba::fetch_assoc($db_results); 
+
+		if (!count($row)) { 
+			Error::add('general',_('Error Username or Password incorrect, please try again')); 
+			return false; 
+		} 
+
+                $row['type']        = 'mysql';
+                $row['success']     = true;
+
+		return $row;
+
+	} // mysql_auth
+
+	/**
+ 	 * vieux_mysql_auth
+	 * This is a private function, it should only be called by authenticate
+	 */
+	private static function vieux_mysql_auth($username,$password) { 
+
+		$password_check_sql = "PASSWORD('$password')";
 
 		// This has to still be here because lots of people use old_password in their config file
 		$sql = "SELECT `password` FROM `user` WHERE `username`='$username'"; 
@@ -498,7 +536,7 @@ class vauth {
 	        $results = Dba::fetch_assoc($db_results);
 
 	        if (!$results) {
-	                Error::add('general','Error Username or Password incorrect, please try again');
+	                Error::add('general',_('Error Username or Password incorrect, please try again'));
 	                return false;
 	        }
 
@@ -512,11 +550,12 @@ class vauth {
 	        } // if prevent_multiple_logins
 
 	        $results['type']        = 'mysql';
+		$results['password']	= 'old'; 
 	        $results['success']     = true;
 
 	        return $results;
 
-	} // mysql_auth
+	} // vieux_mysql_auth
 
 	/**
 	 * ldap_auth
author	Karl 'vollmerk' Vollmer <vollmer@ampache.org>	2008-07-26 07:43:18 +0000
committer	Karl 'vollmerk' Vollmer <vollmer@ampache.org>	2008-07-26 07:43:18 +0000
commit	392354df0a4f2c21aabad2f1b527448251a60f99 (patch)
tree	ab34820cef4990e4139326ccd2e507c5731d216c /lib/class
parent	975af37b254ebc74533f1562005dccf75ef0f021 (diff)
download	ampache-392354df0a4f2c21aabad2f1b527448251a60f99.tar.gz ampache-392354df0a4f2c21aabad2f1b527448251a60f99.tar.bz2 ampache-392354df0a4f2c21aabad2f1b527448251a60f99.zip