diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2008-03-18 02:25:38 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2008-03-18 02:25:38 +0000 |
| commit | ea0eeca2d3e4bdd5379d9102d7fbc6ab2524ec31 (patch) | |
| tree | fcf5cdd55d65b254193503af018520aabc8df4b8 /server | |
| parent | 6e23458ab0bdfd415b2de38a1ad03dbb03644410 (diff) | |
| download | ampache-ea0eeca2d3e4bdd5379d9102d7fbc6ab2524ec31.tar.gz ampache-ea0eeca2d3e4bdd5379d9102d7fbc6ab2524ec31.tar.bz2 ampache-ea0eeca2d3e4bdd5379d9102d7fbc6ab2524ec31.zip | |
split out the api errors so that it is easier to tell when you should do a new handshake
Diffstat (limited to 'server')
| -rw-r--r-- | server/xml.server.php | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/server/xml.server.php b/server/xml.server.php index 3da772d1..aeae5798 100644 --- a/server/xml.server.php +++ b/server/xml.server.php @@ -48,11 +48,18 @@ if (!Config::get('access_control')) { * login via this interface so we do have an exception for action=login */ +if ((!vauth::session_exists('api', $_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake')) { + debug_event('Access Denied','Invalid Session attempt to API [' . $_REQUEST['action'] . ']','5'); + ob_end_clean(); + echo xmlData::error('Session Expired'); + exit(); +} + -if ((!vauth::session_exists('api', $_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { - debug_event('Access Denied','Invalid Session or unathorized access attempt to API [' . $_REQUEST['action'] . ']', '5'); +if (!Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { + debug_event('Access Denied','Unathorized access attempt to API [' . $_SERVER['REMOTE_ADDR'] . ']', '5'); ob_end_clean(); - echo xmlData::error('Access Denied due to ACL or unauthorized access attempt to API, attempt logged'); + echo xmlData::error('ACL Error'); exit(); } |