fixed the acl issue... sigh

8 files changed, 105 insertions, 20 deletions

diff --git a/lib/class/access.class.php b/lib/class/access.class.php
index bfc7beb9..b899342c 100644
--- a/lib/class/access.class.php
+++ b/lib/class/access.class.php
@@ -80,8 +80,8 @@ class Access {
 
 		$name	= Dba::escape($data['name']); 
 		$type	= self::validate_type($data['type']); 
-		$start 	= ip2long($data['start']);
-		$end	= ip2long($data['end']);
+		$start 	= sprintf("%u",ip2long($data['start']));
+		$end	= springf("%u",ip2long($data['end'])); 
 		$level	= Dba::escape($data['level']);
 		$user	= $data['user'] ? Dba::escape($data['user']) : '-1'; 
 		$key	= Dba::escape($data['key']);
@@ -104,16 +104,17 @@ class Access {
 
 		/* We need to verify the incomming data a littlebit */
 
-		$start 	= ip2long($data['start']);
-		$end 	= ip2long($data['end']);
+		$start 	= sprintf("%u",ip2long($data['start'])); 
+		$end 	= sprintf("%u",ip2long($data['end'])); 
 		$name	= Dba::escape($data['name']);
 		$key	= Dba::escape($data['key']);
 		$user	= $data['user'] ? Dba::escape($data['user']) : '-1'; 
 		$level	= intval($data['level']);
 		$type	= self::validate_type($data['type']);
+		$dns	= ' '; 
 
-		$sql = "INSERT INTO `access_list` (`name`,`level`,`start`,`end`,`key`,`user`,`type`) " . 
-			"VALUES ('$name','$level','$start','$end','$key','$user','$type')";
+		$sql = "INSERT INTO `access_list` (`name`,`level`,`start`,`end`,`key`,`user`,`type`,`dns`) " . 
+			"VALUES ('$name','$level','$start','$end','$key','$user','$type','$dns')";
 		$db_results = Dba::query($sql);
 
 		return true;
@@ -170,7 +171,7 @@ class Access {
 		} 
 
 		// Clean incomming variables
-		$ip 	= ip2long($ip);
+		$ip 	= sprintf("%u",ip2long($ip)); 
 		$user 	= Dba::escape($user);
 		$key 	= Dba::escape($key);
 		$level	= Dba::escape($level);
diff --git a/lib/class/api.class.php b/lib/class/api.class.php
index bd1b7ce0..2d55aad5 100644
--- a/lib/class/api.class.php
+++ b/lib/class/api.class.php
@@ -65,7 +65,7 @@ class Api {
 		// Clean incomming variables
 		$user_id 	= Dba::escape($user_id); 
 		$timestamp 	= intval($timestamp); 
-		$ip 		= ip2long($ip); 
+		$ip 		= sprintf("%u",ip2long($ip)); 
 
 		// Log this attempt
 		debug_event('API','Login Attempt, IP:' . long2ip($ip) . ' Time:' . $timestamp . ' User:' . $user_id . ' Auth:' . $passphrase,'1'); 
diff --git a/lib/class/democratic.class.php b/lib/class/democratic.class.php
index bc9429fb..32ecbee2 100644
--- a/lib/class/democratic.class.php
+++ b/lib/class/democratic.class.php
@@ -27,6 +27,51 @@
 class Democratic extends tmpPlaylist {
 
 	/**
+	 * constructor
+	 * We need a constructor for this class. It does it's own thing now
+	 */
+	public function __construct($id='') { 
+
+		if (!$id) { return false; } 
+
+		$info = $this->get_info($id); 
+		
+		foreach ($info as $key=>$value) { 
+			$this->$key = $value; 
+		} 
+
+	} // constructor
+
+
+	/**
+ 	 * get_info
+	 * This returns the data from the database
+	 */
+	private function get_info($id) { 
+
+		$id = Dba::escape($id); 
+
+		$sql = "SELECT * FROM `democratic` WHERE `id`='$id'"; 
+		$db_results = Dba::query($sql); 
+
+		$row = Dba::fetch_assoc($db_results); 
+
+		return $row; 
+
+	} // get_info
+
+	/**
+	 * format
+	 * This makes the objects variables all purrty so that they can be displayed
+	 */
+	public function format() { 
+
+		$this->f_cooldown	= $this->cooldown . ' ' . _('minutes'); 
+		$this->f_primary	= $this->primary ? _('Primary') : ''; 
+
+	} // format
+
+	/**
 	 * get_playlists
 	 * This returns all of the current valid 'Democratic' Playlists
 	 * that have been created.
@@ -36,7 +81,7 @@ class Democratic extends tmpPlaylist {
 		// Pull all tmp playlsits with a session of < 0 (as those are fake) 
 		// This is kind of hackish, should really think about tweaking the db
 		// and doing this right. 
-		$sql = "SELECT `id` FROM `tmp_playlist` WHERE `session`< '0'"; 
+		$sql = "SELECT `id` FROM `democratic` ORDER BY `name`"; 
 		$db_results = Dba::query($sql);  
 
 		$results = array(); 
@@ -329,6 +374,28 @@ class Democratic extends tmpPlaylist {
 	} // delete_votes
 
 	/**
+	 * create
+	 * This is the democratic play create function it inserts this into the democratic table
+	 */
+	public static function create($data) { 
+
+		// Clean up the input
+		$name 	= Dba::escape($data['name']); 
+		$base 	= Dba::escape($data['democratic']); 
+		$cool	= Dba::escape($data['cooldown']); 
+		$level	= Dba::escape($data['level']); 
+		$default = Dba::escape($data['make_default']); 
+		$user	= Dba::escape($GLOBALS['user']->id); 
+
+		$sql = "INSERT INTO `democratic` (`name`,`cooldown`,`level`,`user`,`primary`) " . 
+			"VALUES ('$name','$cool','$level','$user','$default')"; 
+		$db_results = Dba::query($sql); 
+
+		return $db_results; 
+
+	} // create
+
+	/**
 	 * prune_tracks
 	 * This replaces the normal prune tracks and correctly removes the votes
 	 * as well
diff --git a/lib/class/stream.class.php b/lib/class/stream.class.php
index fee74523..10ad2044 100644
--- a/lib/class/stream.class.php
+++ b/lib/class/stream.class.php
@@ -188,7 +188,7 @@ class Stream {
 		$expire = time() + Config::get('stream_length'); 
 		$sid 	= Dba::escape($sid); 
 		$agent	= Dba::escape($_SERVER['HTTP_USER_AGENT']); 
-		$ip	= ip2long($_SERVER['REMOTE_ADDR']); 
+		$ip	= sprintf("%u",ip2long($_SERVER['REMOTE_ADDR'])); 
 		$uid	= Dba::escape($uid); 
 
 		$sql = "UPDATE `session_stream` SET `expire`='$expire', `agent`='$agent', `ip`='$ip' " . 
diff --git a/lib/class/update.class.php b/lib/class/update.class.php
index 66322cd7..924e87e7 100644
--- a/lib/class/update.class.php
+++ b/lib/class/update.class.php
@@ -1144,5 +1144,19 @@ class Update {
 		
 	} // update_340015
 
+	/** 
+	 * update_340016
+	 * This adds in the base_playlist to the democratic table... should have
+ 	 * done this in the previous one but I screwed up... sigh
+	 */
+	public static function update_340016() { 
+
+		$sql = "ALTER TABLE `democratic` ADD `base_playlist` INT ( 11 ) UNSIGNED NOT NULL"; 
+		$db_results = Dba::query($sql); 
+
+		self::set_version('db_version','340016'); 
+
+	} // update_340016
+
 } // end update class
 ?>
diff --git a/lib/class/user.class.php b/lib/class/user.class.php
index ad5c20f3..ceeb7332 100644
--- a/lib/class/user.class.php
+++ b/lib/class/user.class.php
@@ -547,14 +547,17 @@ class User {
 	 * address at this time in this place, doing this thing.. you get the point
 	 */
 	public function insert_ip_history() { 
+
 		if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
-		    $sip = $_SERVER['HTTP_X_FORWARDED_FOR'];
-		    debug_event('User Ip', 'Login from ip adress: ' . $sip,'3');
-		} else {
-		    $sip = $_SERVER['REMOTE_ADDR'];
-		    debug_event('User Ip', 'Login from ip adress: ' . $sip,'3');
+			$sip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+			debug_event('User Ip', 'Login from ip adress: ' . $sip,'3');
+		} 
+		else {
+			$sip = $_SERVER['REMOTE_ADDR'];
+			debug_event('User Ip', 'Login from ip adress: ' . $sip,'3');
 		}
-		$ip = ip2long($sip);
+
+		$ip = sprintf("%u",ip2long($sip)); 
 		$date = time(); 
 		$user = $this->id;
 
diff --git a/lib/class/vauth.class.php b/lib/class/vauth.class.php
index b670db2d..14f8b40d 100644
--- a/lib/class/vauth.class.php
+++ b/lib/class/vauth.class.php
@@ -264,7 +264,7 @@ class vauth {
 		} // end switch on data type 
 		
 	        $username       = Dba::escape($data['username']);
-	        $ip             = $_SERVER['REMOTE_ADDR'] ? Dba::escape(ip2long($_SERVER['REMOTE_ADDR'])) : '0'; 
+	        $ip             = $_SERVER['REMOTE_ADDR'] ? Dba::escape(sprintf("%u",ip2long($_SERVER['REMOTE_ADDR']))) : '0'; 
 	        $type           = Dba::escape($data['type']);
 	        $value          = Dba::escape($data['value']);
 		$agent		= Dba::escape(substr($_SERVER['HTTP_USER_AGENT'],0,254)); 
@@ -358,7 +358,7 @@ class vauth {
 			break; 
 			case 'stream': 
 				$key	= Dba::escape($key); 
-				$ip	= ip2long($data['ip']);
+				$ip	= sprintf("%u",ip2long($data['ip'])); 
 				$agent	= Dba::escape($data['agent']); 
 				$sql = "SELECT * FROM `session_stream` WHERE `id`='$key' AND `expire` > '$time' AND `ip`='$ip' AND `agent`='$agent'"; 
 				$db_results = Dba::query($sql); 
@@ -504,7 +504,7 @@ class vauth {
 	        if (Config::get('prevent_multiple_logins')) {
 	                $client = new User($results['id']);
 	                $current_ip = $client->is_logged_in();
-	                if ($current_ip != ip2long($_SERVER['REMOTE_ADDR'])) {
+	                if ($current_ip != sprintf("%u",ip2long($_SERVER['REMOTE_ADDR']))) {
 	                        Error::add('general','User Already Logged in');
 	                        return false;
 	                }
diff --git a/lib/class/xmlrpcserver.class.php b/lib/class/xmlrpcserver.class.php
index 6cb08451..5b6b3892 100644
--- a/lib/class/xmlrpcserver.class.php
+++ b/lib/class/xmlrpcserver.class.php
@@ -146,7 +146,7 @@ class xmlRpcServer {
 		debug_event('XMLSERVER','Login Attempt, IP: ' . $_SERVER['REMOTE_ADDR'] . ' Time: ' . $timestamp . ' Hash:' . $encoded_key,'5'); 
 
 		// Convert the IP Address to an int
-		$ip = ip2long($_SERVER['REMOTE_ADDR']); 
+		$ip = sprintf("%u",ip2long($_SERVER['REMOTE_ADDR']));
 
 		// Run the query and return the key's for ACLs of type RPC that would match this IP 
 		$sql = "SELECT * FROM `access_list` WHERE `type`='rpc' AND `start` <= '$ip' AND `end` >= '$ip'";