API and XML-RPC are still broken, but moved to new session code, sleep time

3 files changed, 0 insertions, 703 deletions

diff --git a/modules/vauth/auth.lib.php b/modules/vauth/auth.lib.php
deleted file mode 100644
index f877cea8..00000000
--- a/modules/vauth/auth.lib.php
+++ /dev/null
@@ -1,226 +0,0 @@
-<?php
-/*
-
- Copyright (c) 2006 - 2007 Karl Vollmer
- All rights reserved.
-
- This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License v2
- as published by the Free Software Foundation.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
-
-*/
-
-/**
- * Authenticate library
- * Yup!
- */
-
-/**
- * authenticate
- * This takes a username and passwords and returns false on failure
- * on success it returns true, and the username + type in an array
- */
-function authenticate($username,$password) { 
-
-	/* Don't even try if stop auth is in place */
-	if (file_exists(vauth_conf('stop_auth'))) { 
-		return false;
-	}
-
-	/* Foreach Through the methods we are allowed to use */
-	foreach (vauth_conf('auth_methods') as $method) { 
-
-		/* Build Function name and call custom function */
-		$function = 'vauth_' . $method . '_auth';	
-		$results = $function($username,$password);
-
-		/* If we find something break */
-		if ($results['success']) { break; } 
-	} // end foreach
-
-	return $results;
-
-} // authenticate
-
-
-/**
- * vauth_mysql_auth
- * This functions does mysql authentication againsts a user table
- * That has a username and a password field change it if you don't like it! 
- */
-function vauth_mysql_auth($username,$password) { 
-
-	$username = Dba::escape($username);
-	$password = Dba::escape($password);
-
-        $password_check_sql = "PASSWORD('$password')";
-
-	$sql = "SELECT `user`.`password`,`session`.`ip`,`user`.`id` FROM `user` " . 
-		"LEFT JOIN `session` ON `session`.`username`=`user`.`username` " . 
-		"WHERE `user`.`username`='$username'";
-	$db_results = Dba::query($sql);
-	$row = Dba::fetch_assoc($db_results);
-
-	// If they don't have a password kick em ou
-	if (!$row['password']) { 
-		Error::add('general','Error Username or Password incorrect, please try again'); 
-		return false; 
-	} 
-
-	if (Config::get('prevent_multiple_logins')) { 
-		$client = new User($row['id']); 
-		$ip = $client->is_logged_in(); 
-		if ($current_ip != ip2int($_SERVER['REMOTE_ADDR'])) { 
-			Error::add('general','User Already Logged in'); 
-			return false; 
-		} 
-	} // if prevent_multiple_logins
-
-        $sql = "SELECT version()";
-        $db_results = Dba::query($sql);
-        $version = Dba::fetch_row($db_results);
-        $mysql_version = substr(preg_replace("/(\d+)\.(\d+)\.(\d+).*/","$1$2$3",$version[0]),0,3);
-	
-	if ($mysql_version > "409" AND substr($row['password'],0,1) !== "*") {
-	        $password_check_sql = "OLD_PASSWORD('$password')";
-        }
-
-	$sql = "SELECT username FROM user WHERE username='$username' AND password=$password_check_sql";
-	$db_results = Dba::query($sql);
-
-	$results = Dba::fetch_assoc($db_results);
-
-	if (!$results) { 
-		Error::add('general','Error Username or Password incorrect, please try again'); 
-		return false; 
-	}
-
-	$results['type'] 	= 'mysql';
-	$results['success']	= true;
-	
-	return $results;
-
-} // vauth_mysql_auth
-
-/**
- * vauth_ldap_auth
- * Step one, connect to the LDAP server and perform a search for teh username provided. 
- * If its found, attempt to bind using that username and the password provided.
- * Step two, figure out if they are authorized to use ampache:
- * TODO: need implimented still:
- * 	* require-group "The DN fetched from the LDAP directory (or the username passed by the client) occurs in the LDAP group"
- *      * require-dn "Grant access if the DN in the directive matches the DN fetched from the LDAP directory"
- *      * require-attribute "an attribute fetched from the LDAP directory matches the given value"
- */
-function vauth_ldap_auth($username, $password) {
-
-	$ldap_username	= vauth_conf('ldap_username');
-	$ldap_password	= vauth_conf('ldap_password');
-
-	/* Currently not implemented */
-	$require_group	= vauth_conf('ldap_require_group'); 
-
-	// This is the DN for the users (required)
-    	$ldap_dn	= vauth_conf('ldap_search_dn');
-    
-	// This is the server url (required)
-    	$ldap_url	= vauth_conf('ldap_url');
-
-	// This is the ldap filter string (required)
-	$ldap_filter	= vauth_conf('ldap_filter');
-    	
-	//This is the ldap objectclass (required)
-	$ldap_class	= vauth_conf('ldap_objectclass');
-
-	$ldap_name_field	= vauth_conf('ldap_name_field');
-	$ldap_email_field	= vauth_conf('ldap_email_field');
-
-	if ($ldap_link = ldap_connect($ldap_url) ) {
-
-		/* Set to Protocol 3 */
-		ldap_set_option($ldap_link, LDAP_OPT_PROTOCOL_VERSION, 3);
-
-        	// bind using our auth, if we need to, for initial search for username
-          	if (!ldap_bind($ldap_link, $ldap_username, $ldap_password)) {
-                	$results['success'] = false;
-                	$results['error'] = "Could not bind to LDAP server.";
-                	return $results;
-            	} // If bind fails
-	
-	        $sr = ldap_search($ldap_link, $ldap_dn, "(&(objectclass=$ldap_class)($ldap_filter=$username))");
-        	$info = ldap_get_entries($ldap_link, $sr);
-
-        	if ($info["count"] == 1) {
-            		$user_entry = ldap_first_entry($ldap_link, $sr);
-            		$user_dn    = ldap_get_dn($ldap_link, $user_entry);
-            		// bind using the user..
-            		$retval = ldap_bind($ldap_link, $user_dn, $password);
-
-            		if ($retval) {
-                		ldap_close($ldap_link);
-                		$results['success'] = true;
-                		$results['type'] = "ldap";
-                		$results['username'] = $username;
-                		$results['name'] = $info[0][$ldap_name_field][0];
-                		$results['email'] = $info[0][$ldap_email_field][0]; 
-
-                		return $results;
-
-            		} // if we get something good back
-        	} // if something was sent back 
-	} // if failed connect 
-
-	/* Default to bad news */
-        $results['success'] = false;
-        $results['error'] = "LDAP login attempt failed";
-        return $results;
-
-
-} // vauth_ldap_auth
-
-
-/**
- * vauth_http_auth
- * This auth method relies on HTTP auth from Apache
- * This is not a very secure method of authentication
- * defaulted to off. Because if they can load the page they
- * are considered to be authenticated we need to look and
- * see if their user exists and if not, by golly we just 
- * go ahead and created it. NOT SECURE!!!!!
- */
-function vauth_http_auth($username) { 
-
-	/* Check if the user exists */
-	if ($user = new User($username)) { 
-		$results['success'] 	= true;
-		$results['type'] 	= 'mysql';
-		$results['username'] 	= $username;
-		$results['name']	= $user->fullname;
-		$results['email']	= $user->email;
-		return $results;
-	}
-
-
-	/* If not then we auto-create the entry as a user.. :S */
-	$user->create($username,$username,'',md5(rand()),'25');
-	$user = new User($username);	
-
-	$results['success'] 	= true;
-	$results['type'] 	= 'mysql';
-	$results['username'] 	= $username;
-	$results['name']	= $user->fullname;
-	$results['email']	= $user->email;
-	return $results;	
-
-} // vauth_http_auth
-
-?>
diff --git a/modules/vauth/init.php b/modules/vauth/init.php
deleted file mode 100644
index 7392b480..00000000
--- a/modules/vauth/init.php
+++ /dev/null
@@ -1,172 +0,0 @@
-<?php
-/*
-
- Copyright (c) 2007 Karl Vollmer
- All rights reserved.
-
- This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License v2
- as published by the Free Software Foundation.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
-
-*/
-/**
- * init script
- * This script requires all of the additional libraries and does a little error checking to 
- * make sure that we've got the variables we need to make everything work. 
- * Be default you should include this file then call the vauth_init() function
- * passing in an array of the elements we need (see more docs that in theory I'll write)
- */
-
-/**
- * vauth_init
- * This function loads in the extra lib files and checks the data we've got
- * If it doesn't find everything it needs it will return use PHP's Error method
- * to throw an exception and return false
- */
-function vauth_init($data) { 
-	/* Check for the variables we are going to need first */
-	if (isset($data['auth_methods']['mysql'])) { 	
-		if (!isset($data['mysql_hostname'])) { 
-			vauth_error('No Mysql Hostname Defined [mysql_hostname]');
-			$error_status = true;
-		}
-		if (!isset($data['mysql_db'])) { 
-			vauth_error('No Mysql Database Defined [mysql_db]');
-			$error_status = true;
-		}
-		if (!isset($data['mysql_username'])) { 
-			vauth_error('No Mysql Username Defined [mysql_username]');
-			$error_status = true;
-		}
-		if (!isset($data['mysql_password'])) { 
-			vauth_error('No Mysql Password Defined [mysql_password]');
-			$error_status = true;
-		}
-	} // if we're doing mysql auth
-
-	if (isset($data['auth_methods']['ldap'])) { 
-		
-		if (!isset($data['ldap_url'])) { 
-			vauth_error('No LDAP server defined [ldap_url]');
-			$error_status = true;
-		}
-		if (!isset($data['ldap_name_field'])) { 
-			vauth_error('No Name Field defined [ldap_name_field]');
-		}
-		if (!isset($data['ldap_email_field'])) { 
-			vauth_error('No E-mail Field defined [ldap_email_field]');
-		}
-		if (!isset($data['ldap_username'])) { 
-			vauth_error('No Bind Username defined [ldap_username]');
-		}
-		if (!isset($data['ldap_password'])) { 
-			vauth_error('No Bind Password defined [ldap_password]');
-		}
-
-	} // if we're doing ldap auth
-
-	if (isset($data['auth_methods']['http'])) { 
-	
-
-	} // if we're doing http auth
-
-	if (!isset($data['session_length'])) { 
-		vauth_error('No Session Length Defined [session_length]');
-		$error_status = true;
-	}
-
-	if (!isset($data['session_name'])) { 
-		vauth_error('No Session Name Defined [session_name]');
-		$error_status = true;
-	}
-
-	if (!isset($data['cookie_life'])) { 
-		vauth_error('No Cookie Life Defined [cookie_life]');
-		$error_status = true;
-	}
-
-	if (!isset($data['cookie_secure'])) { 
-		vauth_error('Cookie Secure Not Defined [cookie_secure]');
-		$error_status = true;
-	}
-
-	if (!isset($data['cookie_path'])) { 
-		vauth_error('Cookie Path Not Defined [cookie_path]');
-		$error_status = true;
-	}
-	
-	if (!isset($data['cookie_domain'])) { 
-		vauth_error('Cookie Domain Not Defined [cookie_domain]');
-		$error_status = true;
-	}
-
-	/* For now we won't require it */
-	if (!isset($data['remember_length'])) { 
-		$data['remember_length'] = '900';
-	}
-	
-	/* If an error has occured then return false */
-	if (isset($error_status)) { return false; }
-
-	/* Load the additional libraries that we may or may not need... */
-	require_once 'session.lib.php';
-	require_once 'auth.lib.php';
-
-	vauth_conf($data);
-	
-	return true;
-
-} // vauth_init
-
-/**
- * vauth_error
- * This function throws a PHP error with whatever went wrong. If you don't use a custom
- * Error handler this will get spit out the screen, otherwise well whatever you do with it
- * is what is going to happen to it... amazing huh!
- */
-function vauth_error($string) { 
-	
-	trigger_error($string,E_USER_WARNING);
-	return true;
-
-} // vauth_error
-
-
-/**
- * vauth_conf
- * This is a function with a static array that we store the configuration variables in
- * So we don't have to worry about globalizing anything
- */
-function vauth_conf($param,$clobber=0) { 
-
-        static $params = array();
-	
-	// We are trying to set variables
-	if(is_array($param)) {
-                foreach ($param as $key=>$val) {
-			if(!$clobber && isset($params[$key])) {
-                                vauth_error("Attempting to clobber $key = $val");
-                                return false;
-                        }
-                        $params[$key] = $val;
-                }
-                return true;
-        }
-	// We are attempting to retrive a variable
-        else {
-                if(isset($params[$param])) return $params[$param];
-                else return;
-        }
-
-} // vauth_conf
-
-?>
diff --git a/modules/vauth/session.lib.php b/modules/vauth/session.lib.php
deleted file mode 100644
index ef91a473..00000000
--- a/modules/vauth/session.lib.php
+++ /dev/null
@@ -1,305 +0,0 @@
-<?php
-/*
-
- Copyright (c) 2006 - 2007 Karl Vollmer
- All rights reserved.
-
- This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License v2
- as published by the Free Software Foundation.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
-
-*/
-
-/**
- * Session Library
- * This sets up the custom session handler mojo
- * and then contains the functions that the session handler references
- */
-
-// Quick check for the session functions if they don't exist redirect to /test.php
-if (!function_exists('session_set_save_handler')) { 
-	header("Location: " . Config::get('web_path') . "/test.php"); 
-	debug_event('ERROR','Missing PHP Session Module','1');
-	exit; 
-} 
-
-/* Always register the customer handler */
-session_set_save_handler(
-	'vauth_sess_open',
-	'vauth_sess_close',
-	'vauth_sess_read',
-	'vauth_sess_write',
-	'vauth_sess_destory',
-	'vauth_sess_gc');
-
-/** 
- * vauth_sess_open
- * This is the function for opening a new session, we just verify that we have a 
- * database connection, nothing more (since this is a dbh session handler 
- */
-function vauth_sess_open($save_path,$session_name) { 
-
-	if (!is_resource(Dba::dbh())) { 
-		vauth_error('Session open failed, no database handle');
-		return false;
-	}
-
-	return true;
-
-} // vauth_sess_open
-
-/**
- * vauth_sess_close
- * Placeholder function, don't have anything to do in this one for now
- */
-function vauth_sess_close() { 
-	return true;
-} // vauth_sess_close
-
-/**
- * vauth_sess_read
- * Takes a Key and looks in the database, and returns the value
- */
-function vauth_sess_read($key) { 
-
-	$results = vauth_get_session($key);
-	if (isset($results['value']) AND strlen($results['value']) < 1) { 
-		vauth_error('Unable to read session data');
-		return '';
-	}
-	
-	/* Return the value column from the db */
-	return $results['value'];
-
-} // vauth_sess_read
-
-/**
- * vauth_sess_write
- * Saves the session information to the database
- */
-function vauth_sess_write($key,$value) { 
-
-	$length 	= vauth_conf('session_length');
-	$expire 	= time() + intval($length);
-	$value 		= Dba::escape($value);
-	$key		= Dba::escape($key);
-
-        /* Check for Rememeber Me */
-        $cookie_name = vauth_conf('session_name') . "_remember";
-        if (isset($_COOKIE[$cookie_name])) {
-		$expire = time() + vauth_conf('remember_length');		
-	}
-
-	$sql = "UPDATE session SET value='$value', expire='$expire'" . 
-		" WHERE id='$key'";
-	$db_results = Dba::query($sql);
-
-	return $db_results;
-
-} // vauth_sess_write
-
-/**
- * vauth_sess_destory
- * This removes the specified session from the database
- */
-function vauth_sess_destory($key) { 
-
-	$key = Dba::escape($key);
-
-	/* Remove any database entries */
-	$sql = "DELETE FROM `session` WHERE `id`='$key'";
-	$db_results = Dba::query($sql);
-
-	/* Destory the Cookie */
-	setcookie (vauth_conf('session_name'),'',time() - 86400);
-
-	return true;
-
-} // vauth_sess_destory
-
-/**
- * vauth_sess_gc
- * This is the randomly called garbage collection function
- */
-function vauth_sess_gc($maxlifetime) { 
-
-	$sql = "DELETE FROM `session` WHERE `expire` < '" . time() . "'";
-	$db_results = Dba::query($sql);
-
-	// Randomly collect the api session table
-	$sql = "DELETE FROM `session_api` WHERE `expire` < '" . time() . "'"; 
-	$db_results = Dba::query($sql); 
-
-	return true;
-
-} // vauth_sess_gc
-
-/**
- * vauth_logout
- * This logs you out of your vauth session
- */
-function vauth_logout($key) { 
-
-	vauth_sess_destory($key);
-	return true;
-
-} // vauth_logout
-
-/**
- * vauth_get_session
- * This returns the data for the specified session
- */
-function vauth_get_session($key) { 
-
-	$key	= Dba::escape($key);
-
-	$sql = "SELECT * FROM `session` WHERE `id`='$key' AND `expire` > '" . time() . "'";
-	$db_results = Dba::query($sql);
-
-	$results = Dba::fetch_assoc($db_results);
-
-	if (!count($results)) { 
-		return false; 
-	}
-
-	return $results;
-
-} // vauth_get_session
-
-/**
- * vauth_session_cookie
- * This is seperated into it's own cookie because of some flaws in specific
- * webservers *cough* IIS *cough* which prevent us from setting at cookie
- * at the same time as a header redirect. As such on login view a cookie is set
- */
-function vauth_session_cookie() { 
-
-        /* Set the Cookies Paramaters, this is very very important */
-        $cookie_life    = vauth_conf('cookie_life');
-        $cookie_path    = vauth_conf('cookie_path');
-	$cookie_domain	= false;
-        $cookie_secure  = vauth_conf('cookie_secure');
-        
-        session_set_cookie_params($cookie_life,$cookie_path,$cookie_domain,$cookie_secure);
-
-        session_name(vauth_conf('session_name'));
-
-        /* Start the Session */
-	vauth_ungimp_ie();
-        session_start(); 	
-
-} // vauth_session_cookie
-
-/**
- * vauth_session_create
- * This is called when you want to create a new session
- * It takes care of setting the initial cookie, and inserting the first chunk
- * of data
- */
-function vauth_session_create($data) { 
-	
-	// Regenerate the session ID to prevent fixation
-	session_regenerate_id();
-
-	/* function that creates the cookie for us */
-	vauth_session_cookie();
-
-	/* Before a refresh we don't have the cookie, so use session_id() */
-	$key = session_id();
-
-	$username 	= Dba::escape($data['username']);
-	$ip		= Dba::escape(ip2int($_SERVER['REMOTE_ADDR'])); 
-	$type		= Dba::escape($data['type']);
-	$value		= Dba::escape($data['value']);
-	$expire		= Dba::escape(time() + vauth_conf('session_length'));
-
-	/* We can't have null things here people */
-	if (!strlen($value)) { $value = ' '; } 
-
-	/* Insert the row */
-	$sql = "INSERT INTO session (`id`,`username`,`ip`,`type`,`value`,`expire`) " . 
-		" VALUES ('$key','$username','$ip','$type','$value','$expire')";
-	$db_results = Dba::query($sql);
-
-	if (!$db_results) { 
-		vauth_error("Session Creation Failed with Query: $sql and " . mysql_error());
-	}
-
-	return $db_results;
-
-} // vauth_session_create
-
-/**
- * vauth_check_session
- * This checks for an existing session, and if it's still there starts it and returns true 
- */
-function vauth_check_session() { 
-
-	/* Make sure we're still valid */
-	$session_name = vauth_conf('session_name');
-	
-	if (!isset($_COOKIE[$session_name])) { return false; } 
-	
-	$key = scrub_in($_COOKIE[$session_name]);
-	$results = vauth_get_session($key);
-	
-	if (!is_array($results)) { 
-		return false;
-	}
-
-	/* Check for Rememeber Me */
-	$cookie_name = vauth_conf('session_name') . "_remember";
-	if (isset($_COOKIE[$cookie_name])) { 
-		$extended = vauth_conf('remember_length');
-		vauth_conf(array('cookie_life'=>$extended),1);
-		setcookie($cookie_name, '1', time() + $extended,'/',vauth_conf('cookie_domain'));
-	}
-
-	/* Set the Cookie Paramaters */
-        session_set_cookie_params(
-                vauth_conf('cookie_life'),
-                vauth_conf('cookie_path'),
-                vauth_conf('cookie_domain'),
-                vauth_conf('cookie_secure'));
-	
-	/* Set Session name so it knows what cookie to get */
-	session_name($session_name);
-
-	vauth_ungimp_ie();
-	session_start();
-	
-	return true;
-
-} // vauth_check_session
-
-/**
- * vauth_ungimp_ie
- * This function sets the cache limiting to public if you are running 
- * some flavor of IE. The detection used here is very conservative so feel free
- * to fix it. This only has to be done if we're rolling HTTPS
- */
-function vauth_ungimp_ie() { 
-
-	if ($_SERVER['HTTPS'] != 'on') { return true; } 
-
-	/* Now try to detect IE */
-	$agent = trim($_SERVER['HTTP_USER_AGENT']);
-	
-	if ((preg_match('|MSIE ([0-9.]+)|', $agent)) || (preg_match('|Internet Explorer/([0-9.]+)|', $agent))) {
-		session_cache_limiter('public');
-	}
-		      
-	return true;
-
-} // vauth_ungimp_ie
-
-?>