diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2008-10-30 15:12:55 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2008-10-30 15:12:55 +0000 |
| commit | 9a251be9a6e99e781725064062a391fdd708bbd3 (patch) | |
| tree | 4b1b45597b59a8a33ac79d643127ae3aac6a3aea /server/xml.server.php | |
| parent | e8559dd683eba762b2bd374c731e7f7e8116bf70 (diff) | |
| download | ampache-9a251be9a6e99e781725064062a391fdd708bbd3.tar.gz ampache-9a251be9a6e99e781725064062a391fdd708bbd3.tar.bz2 ampache-9a251be9a6e99e781725064062a391fdd708bbd3.zip | |
switched to sha1() api authentication method
Diffstat (limited to 'server/xml.server.php')
| -rw-r--r-- | server/xml.server.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/server/xml.server.php b/server/xml.server.php index f8b3f563..2b6aa883 100644 --- a/server/xml.server.php +++ b/server/xml.server.php @@ -44,6 +44,7 @@ if (!Config::get('access_control')) { exit; } + /** * Verify the existance of the Session they passed in we do allow them to * login via this interface so we do have an exception for action=login @@ -59,6 +60,7 @@ if ((!vauth::session_exists('api', $_REQUEST['auth']) AND $_REQUEST['action'] != $session = vauth::get_session_data($_REQUEST['auth']); $username = ($_REQUEST['action'] == 'handshake') ? $_REQUEST['user'] : $session['username']; + if (!Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$username,'5')) { debug_event('Access Denied','Unathorized access attempt to API [' . $_SERVER['REMOTE_ADDR'] . ']', '3'); ob_end_clean(); @@ -66,6 +68,7 @@ if (!Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$username,'5')) { exit(); } + if (!$_REQUEST['action'] != 'handshake') { vauth::session_extend($_REQUEST['auth']); $GLOBALS['user'] = User::get_from_username($session['username']); @@ -73,6 +76,7 @@ if (!$_REQUEST['action'] != 'handshake') { switch ($_REQUEST['action']) { case 'handshake': + // Send the data we were sent to the API class so it can be chewed on $token = Api::handshake($_REQUEST['timestamp'],$_REQUEST['auth'],$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],$_REQUEST['version']); |