User authentication fix for xml.server, when logged in as a user, it will now display that user as listening instead of the 'System User'

1 files changed, 7 insertions, 3 deletions

diff --git a/server/xml.server.php b/server/xml.server.php
index d8749c20..b7bab785 100644
--- a/server/xml.server.php
+++ b/server/xml.server.php
@@ -47,8 +47,10 @@ if (!Config::get('access_control')) {
  * Verify the existance of the Session they passed in we do allow them to
  * login via this interface so we do have an exception for action=login
  */
-if ((!vauth::session_exists('api',$_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { 
-	debug_event('Access Denied','Invalid Session or unathorized access attempt to API','5'); 
+
+
+if ((!vauth::session_exists('api', $_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { 
+	debug_event('Access Denied','Invalid Session or unathorized access attempt to API [' . $_REQUEST['action'] . ']', '5');
 	ob_end_clean(); 
         echo xmlData::error('Access Denied due to ACL or unauthorized access attempt to API, attempt logged');
 	exit(); 
@@ -57,6 +59,8 @@ if ((!vauth::session_exists('api',$_REQUEST['auth']) AND $_REQUEST['action'] !=
 // If we make it past the check and we're not a hand-shaking then we should extend the session
 if ($_REQUEST['action'] != 'handshake') { 
 	vauth::session_extend($_REQUEST['auth']); 
+	$session = vauth::get_session_data($_REQUEST['auth']);
+	$GLOBALS['user'] = User::get_from_username($session['username']);
 } 
 
 switch ($_REQUEST['action']) { 
@@ -90,7 +94,7 @@ switch ($_REQUEST['action']) {
 		$artists = Browse::get_objects(); 
 		// echo out the resulting xml document
 		ob_end_clean(); 
-		echo xmlData::artists($artists); 
+		echo xmlData::artists($artists);
 	break; 
 	case 'artist_albums': 
 		$artist = new Artist($_REQUEST['filter']);