diff options
| -rw-r--r-- | admin/preferences.php | 38 | ||||
| -rwxr-xr-x | docs/CHANGELOG | 7 | ||||
| -rw-r--r-- | lib/class/song.class.php | 3 | ||||
| -rw-r--r-- | lib/general.lib.php | 1 | ||||
| -rw-r--r-- | lib/init.php | 2 | ||||
| -rw-r--r-- | lib/preferences.php | 59 | ||||
| -rw-r--r-- | templates/show_admin_tools.inc.php | 1 | ||||
| -rw-r--r-- | templates/show_preference_admin.inc.php | 51 |
8 files changed, 130 insertions, 32 deletions
diff --git a/admin/preferences.php b/admin/preferences.php index 94f940f3..4454faaa 100644 --- a/admin/preferences.php +++ b/admin/preferences.php @@ -5,9 +5,8 @@ All rights reserved. This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. + modify it under the terms of the GNU General Public License v2 + as published by the Free Software Foundation This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -31,19 +30,20 @@ require('../lib/init.php'); - -if (!$user->has_access(100)) { +if (!$GLOBALS['user']->has_access(100)) { access_denied(); } $user_id = scrub_in($_REQUEST['user_id']); +$action = scrub_in($_REQUEST['action']); if (!$user_id) { $user_id ='-1'; } $temp_user = new User($user_id); $temp_user->username = $user_id; -switch(scrub_in($_REQUEST['action'])) { +show_template('header'); +switch($action) { case 'user': $fullname = "ADMIN - " . $temp_user->fullname; $preferences = $temp_user->get_preferences(); @@ -66,6 +66,16 @@ switch(scrub_in($_REQUEST['action'])) { $temp_user->fix_preferences($user_id); $preferences = $temp_user->get_preferences($user_id); break; + case 'set_preferences': + /* Update the preferences */ + foreach ($_REQUEST['prefs'] as $name=>$leve) { + update_preference_level($name,$level); + } // end foreach preferences + case 'show_set_preferences': + /* Get all preferences */ + $preferences = get_preferences(); + require_once(conf('prefix') . '/templates/show_preference_admin.inc.php'); + break; default: $preferences = $temp_user->get_preferences(); $fullname = "Site"; @@ -74,16 +84,14 @@ switch(scrub_in($_REQUEST['action'])) { } // End Switch Action -// HEADER -show_template('header'); -// HEADER - -// Set Target -$target = "/admin/preferences.php"; - -// Show the default preferences page -require (conf('prefix') . "/templates/show_preferences.inc"); +// OMG HORRIBLE HACK Beatings for the programmer +if ($action != 'show_set_preferences' AND $action != 'set_preferences') { + // Set Target + $target = "/admin/preferences.php"; + // Show the default preferences page + require (conf('prefix') . "/templates/show_preferences.inc"); +} // FOOTER show_footer(); diff --git a/docs/CHANGELOG b/docs/CHANGELOG index 4852ffd6..d350b09a 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -4,7 +4,10 @@ -------------------------------------------------------------------------- v.3.3.3-Alpha2 - - Foced a sane Post Size had some people with 32 byte post sizes + - Added ability for Admins to define the required permission level + for individual preferences + - Added WavPack support + - Forced a sane Post Size had some people with 32 byte post sizes which will not work with Ampache. - Fixed a logic error with the MPD controller. - Fixed a problem were invalid bitrates below the set downsample @@ -41,7 +44,7 @@ tags were found - Added new version of getid3() library which will hopefully resolve some PHP5 related issues - - Fixed security issue that allowed users to gain gues access to + - Fixed security issue that allowed users to gain guest access to ampache if register globals is enabled. - Added xml based query for artists,genre,albums and search see /server/xml.server.php diff --git a/lib/class/song.class.php b/lib/class/song.class.php index f72506f8..69a7b9a6 100644 --- a/lib/class/song.class.php +++ b/lib/class/song.class.php @@ -148,6 +148,9 @@ class Song { case 'flac'; $this->mime = "audio/x-flac"; break; + case 'wv': + $this->mime = 'audio/x-wavpack'; + break; case 'aac': case 'mp4': case 'm4a': diff --git a/lib/general.lib.php b/lib/general.lib.php index fc60db3e..6cce88b8 100644 --- a/lib/general.lib.php +++ b/lib/general.lib.php @@ -988,5 +988,4 @@ function get_user_from_username($username) { } // get_user_from_username - ?> diff --git a/lib/init.php b/lib/init.php index 3cd54d46..5458ce43 100644 --- a/lib/init.php +++ b/lib/init.php @@ -77,7 +77,7 @@ $results['version'] = '3.3.3-Alpha2 Build (002)'; $results['raw_web_path'] = $results['web_path']; $results['web_path'] = $http_type . $_SERVER['HTTP_HOST'] . $results['web_path']; -$results['catalog_file_pattern']= 'mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn'; +$results['catalog_file_pattern']= 'mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn|wv'; $results['http_port'] = $_SERVER['SERVER_PORT']; if (!$results['prefix']) { $results['prefix'] = $prefix; diff --git a/lib/preferences.php b/lib/preferences.php index d3c8ce63..e46ad8e0 100644 --- a/lib/preferences.php +++ b/lib/preferences.php @@ -179,25 +179,21 @@ function update_preference($username,$name,$pref_id,$value) { */ function has_preference_access($name) { + /* If it's a demo they don't get jack */ if (conf('demo_mode')) { return false; } - switch($name) { + $name = sql_escape($name); - case 'download': - case 'upload': - case 'quarantine': - case 'upload_dir': - case 'sample_rate': - case 'direct_link': - $level = 100; - break; - default: - $level = 25; - break; - } // end switch key + /* Check Against the Database Row */ + $sql = "SELECT level FROM preferences " . + "WHERE name='$name'"; + $db_results = mysql_query($sql, dbh()); + $data = mysql_fetch_assoc($db_results); + + $level = $data['level']; if ($GLOBALS['user']->has_access($level)) { return true; @@ -454,4 +450,41 @@ function show_import_playlist() { } // show_import_playlist +/** + * get_preferences + * This returns an array of all current preferences in the + * preferences table, this isn't a users preferences + */ +function get_preferences() { + + $sql = "SELECT * FROM preferences"; + $db_results = mysql_query($sql, dbh()); + + $results = array(); + + while ($r = mysql_fetch_assoc($db_results)) { + $results[] = $r; + } + + return $results; + +} // get_preferences + +/** + * update_preference_level + * This function updates the level field in the preferences table + * this has nothing to do with a users actuall preferences + */ +function update_preference_level($name,$level) { + + $name = sql_escape($name); + $level = sql_escape($level); + + $sql = "UPDATE preferences SET `level`='$level' WHERE `name`='$name'"; + $db_results = mysql_query($sql,dbh()); + + return true; + +} // update_preference_level + ?> diff --git a/templates/show_admin_tools.inc.php b/templates/show_admin_tools.inc.php index e2734f7f..6a5ed497 100644 --- a/templates/show_admin_tools.inc.php +++ b/templates/show_admin_tools.inc.php @@ -77,6 +77,7 @@ $users = $GLOBALS['user']->get_recent(10); <a href="<?php echo $web_path; ?>/admin/catalog.php?action=clear_now_playing"><?php echo _('Clear Now Playing'); ?></a> <hr noshade="noshade" size="3" /> <a href="<?php echo $web_path; ?>/admin/system.php?action=generate_config"><?php echo _('Generate New Config'); ?></a> + <a href="<?php echo $web_path; ?>/admin/preferences.php?action=show_set_preferences"><?php echo _('Preferences Permissions'); ?></a> <!-- <a href="<?php echo $web_path; ?>/admin/system.php?action=check_version"><?php echo _('Check for New Version'); ?></a> --> </div> diff --git a/templates/show_preference_admin.inc.php b/templates/show_preference_admin.inc.php new file mode 100644 index 00000000..203ffe57 --- /dev/null +++ b/templates/show_preference_admin.inc.php @@ -0,0 +1,51 @@ +<?php +/* + + Copyright (c) 2001 - 2006 Ampache.org + All rights reserved. + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License v2 + as published by the Free Software Foundation + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +*/ +?> +<?php show_box_top(_('Preference Administration')); ?> +<form method="post" action="<?php echo conf('web_path'); ?>/admin/preferences.php" enctype="multipart/form-data"> +<table cellspacing="0"> +<tr class="table-header"> + <td><?php echo _('Preference'); ?></td> + <td><?php echo _('Level'); ?></td> +</tr> +<?php foreach ($preferences as $preference) { + unset($is_25,$is_5,$is_100); +?> +<tr class="<?php echo flip_class(); ?>"> + <td><?php echo scrub_out($preference['description']); ?></td> + <td> + <?php $level_name = "is_" . $preference['level']; ${$level_name} = 'selected="selected"'; ?> + <select name="prefs[<?php echo scrub_out($preference['name']); ?>]"> + <option value="5" <?php echo $is_5; ?>><?php echo _('Guest'); ?></option> + <option value="25" <?php echo $is_25; ?>><?php echo _('User'); ?></option> + <option value="100" <?php echo $is_100; ?>><?php echo _('Admin'); ?></option> + </select> + </td> +</tr> +<?php } ?> +<tr> + <td colspan="2"> + <input type="hidden" name="action" value="set_preferences" /> + <input type="submit" value="<?php echo _('Update'); ?>" /> + </td> +</table> +</form> +<?php show_box_bottom(); ?> |