diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-23 09:01:09 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-23 09:01:09 +0000 |
| commit | ea8f3e685b85074d55b88a3c2ef9d6a536c173ca (patch) | |
| tree | 801d4289a88dbe92d7c9bb27e038fad9242cf71e /lib/class | |
| parent | be699cab75c8993175a4994316b9665105c86696 (diff) | |
| download | ampache-ea8f3e685b85074d55b88a3c2ef9d6a536c173ca.tar.gz ampache-ea8f3e685b85074d55b88a3c2ef9d6a536c173ca.tar.bz2 ampache-ea8f3e685b85074d55b88a3c2ef9d6a536c173ca.zip | |
fixed API calls, cleaned up old functions that are no longer needed
Diffstat (limited to 'lib/class')
| -rw-r--r-- | lib/class/api.class.php | 30 | ||||
| -rw-r--r-- | lib/class/vauth.class.php | 27 |
2 files changed, 23 insertions, 34 deletions
diff --git a/lib/class/api.class.php b/lib/class/api.class.php index 6a1707ab..06b5fd2e 100644 --- a/lib/class/api.class.php +++ b/lib/class/api.class.php @@ -82,7 +82,10 @@ class Api { if ($md5pass === $passphrase) { // Create the Session, in this class for now needs to be moved - $token = self::create_session($row['level'],$ip,$user_id); + $data['username'] = $client->username; + $data['type'] = 'api'; + $data['value'] = $timestamp; + $token = vauth::session_create($data); debug_event('API','Login Success, passphrase matched','1'); return array('auth'=>$token,'api'=>self::$version); @@ -94,30 +97,5 @@ class Api { } // handhsake - /** - * create_session - * This actually creates the new session it takes the level, ip and user - * and figures out the agent and expire then returns the token - */ - public static function create_session($level,$ip,$user_id) { - - // Generate the token - $token = md5(uniqid(rand(), true)); - $level = Dba::escape($level); - $agent = Dba::escape($_SERVER['HTTP_USER_AGENT']); - $expire = time() + Config::get('session_length'); - - $sql = "REPLACE INTO `session_api` (`id`,`user`,`agent`,`level`,`expire`,`ip`) " . - "VALUES ('$token','$user_id','$agent','$level','$expire','$ip')"; - $db_results = Dba::query($sql); - - if ($db_results) { - return $token; - } - - return false; - - } // create_session - } // API class ?> diff --git a/lib/class/vauth.class.php b/lib/class/vauth.class.php index 2eb6c8fe..bafceab0 100644 --- a/lib/class/vauth.class.php +++ b/lib/class/vauth.class.php @@ -243,13 +243,21 @@ class vauth { public static function session_create($data) { // Regenerate the session ID to prevent fixation - session_regenerate_id(); - - // Create our cookie! - self::create_cookie(); - - // Before refresh we don't have the cookie so we have to use session ID - $key = session_id(); + switch ($data['type']) { + case 'xml-rpc': + case 'api': + $key = md5(uniqid(rand(), true)); + break; + case 'mysql': + default: + // Create our cookie! + self::create_cookie(); + + // Before refresh we don't have the cookie so we have to use session ID + $key = session_id(); + session_regenerate_id(); + break; + } $username = Dba::escape($data['username']); $ip = Dba::escape(ip2int($_SERVER['REMOTE_ADDR'])); @@ -268,9 +276,12 @@ class vauth { if (!$db_results) { debug_event('SESSION',"Session Creation Failed with Query: $sql and " . Dba::error(),'1'); + return false; } - return $db_results; + debug_event('SESSION','Session Created:' . $key,'1'); + + return $key; } // session_create |