fixed xml-rpc now uses handshake method properly

author: Karl 'vollmerk' Vollmer <vollmer@ampache.org> 2007-12-23 23:13:38 +0000
committer: Karl 'vollmerk' Vollmer <vollmer@ampache.org> 2007-12-23 23:13:38 +0000
commit: 4ea4de9def83a38fb34cf6a3dcefc29059954c69 (patch)
tree: 6392b3aac06f9b136c98f15fc73e8605879be453 /lib
parent: d3423e0e37a6608edb82a7f6b6aa69d55aafec7d (diff)
download: ampache-4ea4de9def83a38fb34cf6a3dcefc29059954c69.tar.gz
ampache-4ea4de9def83a38fb34cf6a3dcefc29059954c69.tar.bz2
ampache-4ea4de9def83a38fb34cf6a3dcefc29059954c69.zip
2 files changed, 53 insertions, 31 deletions
diff --git a/lib/class/catalog.class.php b/lib/class/catalog.class.php
index d0388477..6c93e549 100644
--- a/lib/class/catalog.class.php
+++ b/lib/class/catalog.class.php
@@ -1274,40 +1274,57 @@ class Catalog {
 	        else {
 	                $client = new xmlrpc_client("/$path/server/xmlrpc.server.php", $server, 80);
 	        }
+
+		// 6 that's right, the secret level because if you do have debug on most likely you're 
+		// going to just crash your browser... sorry folks
+	        if (Config::get('debug') AND Config::get('debug_level') == '6') { $client->setDebug(1); }
+
+		// Before we do anything else we need to do a handshake with the remote server
+		$timestamp 	= time(); 
+		$handshake_key	= md5($timestamp . $this->key);
+
+		$encoded_key	= new xmlrpcval($handshake_key,"string"); 
+		$timestamp	= new xmlrpcval($timestamp,"int");
+		$xmlrpc_message = new xmlrpcmsg('xmlrpcserver.handshake',array($encoded_key,$timestamp));
+
+		// Send it off
+		$response = $client->send($xmlrpc_message,10); 
+		if ($response->faultCode()) { 
+			$error_msg = _("Error connecting to") . " " . $server . " " . _("Code") . ": " . $response->faultCode() . " " . _("Reason") . ": " . $response->faultString();
+			debug_event('XMLCLIENT',$error_msg,'1');
+			echo "<p class=\"error\">$error_msg</p>";
+			return;
+		} 
+			
+		$token = php_xmlrpc_decode($response->value()); 
 	        
 		/* encode the variables we need to send over */
-		$encoded_key	= new xmlrpcval($this->key,"string");
+		$encoded_key	= new xmlrpcval($token,"string");
 		$encoded_path	= new xmlrpcval(Config::get('web_path'),"string");
 		
 		$xmlrpc_message = new xmlrpcmsg('xmlrpcserver.get_catalogs', array($encoded_key,$encoded_path));
-		
-		// 6 that's right, the secret level because if you do have debug on most likely you're 
-		// going to just crash your browser... sorry folks
-	        if (Config::get('debug') AND Config::get('debug_level') == '6') { $client->setDebug(1); }
-		
 	        $response = $client->send($xmlrpc_message,30);
-	        $value = $response->value();
 
-	        if ( !$response->faultCode() ) {
-	                $data = php_xmlrpc_decode($value);
-			
-			// Print out the catalogs we are going to sync
-	                foreach ($data as $vars) { 
-				$catalog_name 	= $vars['name'];
-				$count		= $vars['count'];
-	                        print("<b>Reading Remote Catalog: $catalog_name ($count Songs)</b> [$this->path]<br />\n");
-				$total += $count;
-	                } 
-			// Flush the output
-			flush();
-
-	        } // if we didn't get an error
-	        else {
+	        if ($response->faultCode() ) {
 			$error_msg = _("Error connecting to") . " " . $server . " " . _("Code") . ": " . $response->faultCode() . " " . _("Reason") . ": " . $response->faultString();
 			debug_event('XMLCLIENT',$error_msg,'1');
 			echo "<p class=\"error\">$error_msg</p>";
 	                return;
-	        }
+		} 
+	        
+
+		$data = php_xmlrpc_decode($response->value());
+			
+		// Print out the catalogs we are going to sync
+	        foreach ($data as $vars) { 
+			$catalog_name 	= $vars['name'];
+			$count		= $vars['count'];
+	                print("<b>Reading Remote Catalog: $catalog_name ($count Songs)</b> [$this->path]<br />\n");
+			$total += $count;
+		} 
+		
+		// Flush the output
+		flush();
 
 		// Hardcoded for now
 		$step = '500';
@@ -1316,7 +1333,7 @@ class Catalog {
 		while ($total > $current) { 
 			$start 	= $current;
 			$current += $step;
-			$this->get_remote_song($client,$start,$step);
+			$this->get_remote_song($client,$token,$start,$step);
 		}
 
 	        echo "<p>" . _('Completed updating remote catalog(s)') . ".</p><hr />\n";
@@ -1331,11 +1348,11 @@ class Catalog {
 	 * This functions takes a start and end point for gathering songs from a remote server. It is broken up
 	 * in attempt to get around the problem of very large target catalogs
 	 */
-	public function get_remote_song($client,$start,$end) { 
+	public function get_remote_song($client,$token,$start,$end) { 
 
 		$encoded_start 	= new xmlrpcval($start,"int");
 		$encoded_end	= new xmlrpcval($end,"int");
-		$encoded_key	= new xmlrpcval($this->key,"string");
+		$encoded_key	= new xmlrpcval($token,"string");
 
 		$query_array = array($encoded_key,$encoded_start,$encoded_end); 
 
diff --git a/lib/class/xmlrpcserver.class.php b/lib/class/xmlrpcserver.class.php
index abb8076e..e5f3eff3 100644
--- a/lib/class/xmlrpcserver.class.php
+++ b/lib/class/xmlrpcserver.class.php
@@ -41,7 +41,7 @@ class xmlRpcServer {
 		$key = $variable->scalarval(); 
 
 		// Check it and make sure we're super green
-		if (!Access::check_network('rpc',$_SERVER['REMOTE_ADDR'],'','5',$key)) { 
+		if (!vauth::session_exists('xml-rpc',$key)) { 
 			debug_event('XMLSERVER','Error ' . $_SERVER['REMOTE_ADDR'] . ' with key ' . $key . ' does not match any ACLs','1'); 
 			return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied'); 
 		} 
@@ -85,7 +85,7 @@ class xmlRpcServer {
                 $key = $variable->scalarval();
 
                 // Check it and make sure we're super green
-                if (!Access::check_network('rpc',$_SERVER['REMOTE_ADDR'],'','5',$key)) {
+                if (!vauth::session_exists('xml-rpc',$key)) {
                         debug_event('XMLSERVER','Error ' . $_SERVER['REMOTE_ADDR'] . ' with key ' . $key . ' does not match any ACLs','1');
                         return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied');
                 }
@@ -134,12 +134,12 @@ class xmlRpcServer {
 
 		// Pull out the params
 		$encoded_key 	= $xmlrpc_object->params['0']->me['string']; 
-		$timestamp	= $xmlrpc_object->params['0']->me['int'];
+		$timestamp	= $xmlrpc_object->params['1']->me['int'];
 
 		// Check the timestamp make sure it's recent
 		if ($timestamp < (time() - 14400)) { 
 			debug_event('XMLSERVER','Handshake failure, timestamp too old','1'); 
-			return new xmlrpcresp(php_xmlrpc_encoded("Handshake failure")); 
+			return new xmlrpcresp(0,'503','Handshaek failure, timestamp too old');
 		} 
 
 		// Log the attempt
@@ -158,11 +158,16 @@ class xmlRpcServer {
 			$md5pass = md5($timestamp . $row['key']); 
 
 			if ($md5pass == $encoded_key) { 
-				$token = ''; 
+				$data['type'] = 'xml-rpc';
+				$data['username'] = 'System'; 
+				$data['value'] = 'Handshake'; 
+				$token = vauth::session_create($data); 
+				return new xmlrpcresp(php_xmlrpc_encode($token));
 			} 
 
 		} // end while rows
 
+		return new xmlrpcresp(0,'503','Handshaek failure, Key/IP Incorrect');
 
 	} // handshake
author	Karl 'vollmerk' Vollmer <vollmer@ampache.org>	2007-12-23 23:13:38 +0000
committer	Karl 'vollmerk' Vollmer <vollmer@ampache.org>	2007-12-23 23:13:38 +0000
commit	4ea4de9def83a38fb34cf6a3dcefc29059954c69 (patch)
tree	6392b3aac06f9b136c98f15fc73e8605879be453 /lib
parent	d3423e0e37a6608edb82a7f6b6aa69d55aafec7d (diff)
download	ampache-4ea4de9def83a38fb34cf6a3dcefc29059954c69.tar.gz ampache-4ea4de9def83a38fb34cf6a3dcefc29059954c69.tar.bz2 ampache-4ea4de9def83a38fb34cf6a3dcefc29059954c69.zip