diff options
| -rw-r--r-- | server/xml.server.php | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/server/xml.server.php b/server/xml.server.php index d8749c20..b7bab785 100644 --- a/server/xml.server.php +++ b/server/xml.server.php @@ -47,8 +47,10 @@ if (!Config::get('access_control')) { * Verify the existance of the Session they passed in we do allow them to * login via this interface so we do have an exception for action=login */ -if ((!vauth::session_exists('api',$_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { - debug_event('Access Denied','Invalid Session or unathorized access attempt to API','5'); + + +if ((!vauth::session_exists('api', $_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { + debug_event('Access Denied','Invalid Session or unathorized access attempt to API [' . $_REQUEST['action'] . ']', '5'); ob_end_clean(); echo xmlData::error('Access Denied due to ACL or unauthorized access attempt to API, attempt logged'); exit(); @@ -57,6 +59,8 @@ if ((!vauth::session_exists('api',$_REQUEST['auth']) AND $_REQUEST['action'] != // If we make it past the check and we're not a hand-shaking then we should extend the session if ($_REQUEST['action'] != 'handshake') { vauth::session_extend($_REQUEST['auth']); + $session = vauth::get_session_data($_REQUEST['auth']); + $GLOBALS['user'] = User::get_from_username($session['username']); } switch ($_REQUEST['action']) { @@ -90,7 +94,7 @@ switch ($_REQUEST['action']) { $artists = Browse::get_objects(); // echo out the resulting xml document ob_end_clean(); - echo xmlData::artists($artists); + echo xmlData::artists($artists); break; case 'artist_albums': $artist = new Artist($_REQUEST['filter']); |