9 files changed, 82 insertions, 66 deletions

diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index d989cbe6..2b5e8e27 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,6 +4,10 @@
 
 --------------------------------------------------------------------------
   v.3.3.2-Beta3
+  	- Fixed Access Control List so that it prevents Login if you are
+		not inside the allowed range. 
+  	- Fixed Localplay/Stream Buttons so that they also work if you
+		have use_auth disabled
   	- Added Icecast Controller (Thx Nikk)
   	- Added Clear Playlist Functionality to Localplay
   	- Added Language selection to Installer (Thx Ros)
diff --git a/lib/class/user.class.php b/lib/class/user.class.php
index 5e28d2b5..09f1c3dc 100644
--- a/lib/class/user.class.php
+++ b/lib/class/user.class.php
@@ -266,6 +266,8 @@ class User {
 			$username = $this->username;
 		}
 
+		if (!conf('use_auth')) { $username = '-1'; }
+
 		$value = sql_escape($value);
 		$sql = "UPDATE user_preference SET value='$value' WHERE user='$username' AND preference='$preference_id'";
 
diff --git a/lib/preferences.php b/lib/preferences.php
index 66996e40..371c5d92 100644
--- a/lib/preferences.php
+++ b/lib/preferences.php
@@ -383,4 +383,49 @@ function insert_preference($name,$description,$default,$level,$type,$catagory) {
 
 } // insert_preference
 
+/**
+ * init_preferences
+ * Third times the charm, why rename a function once when you can do it three times :(
+ * This grabs the preferences and then loads them into conf it should be run on page load
+ * to initialize the needed variables
+ */
+function init_preferences() {
+
+
+        /* Get Global Preferences */
+        $sql = "SELECT preferences.name,user_preference.value FROM preferences,user_preference WHERE user_preference.user='-1' " .
+                " AND user_preference.preference = preferences.id AND preferences.catagory='system'";
+        $db_results = mysql_query($sql, dbh());
+
+        while ($r = mysql_fetch_assoc($db_results)) {
+                $name = $r['name'];
+                $results[$name] = $r['value'];
+        } // end while sys prefs
+
+        /* Now we need to allow the user to override some stuff that's been set by the above */
+        $user_id = '-1';
+        if ($GLOBALS['user']->username) {
+                $user_id = sql_escape($GLOBALS['user']->id);
+        }
+
+        $sql = "SELECT preferences.name,user_preference.value FROM preferences,user_preference WHERE user_preference.user='$user_id' " .
+                " AND user_preference.preference = preferences.id AND preferences.catagory != 'system'";
+        $db_results = mysql_query($sql, dbh());
+
+        while ($r = mysql_fetch_assoc($db_results)) {
+                $name = $r['name'];
+                $results[$name] = $r['value'];
+        } // end while
+
+        /* Set the Theme mojo */
+        if (strlen($results['theme_name']) > 0) {
+                $results['theme_path'] = '/themes/' . $results['theme_name'];
+        }
+
+        conf($results,1);
+
+        return true;
+
+} // init_preferences
+
 ?>
diff --git a/lib/ui.lib.php b/lib/ui.lib.php
index ec5a1b28..e1f3c663 100644
--- a/lib/ui.lib.php
+++ b/lib/ui.lib.php
@@ -50,51 +50,6 @@ function show_confirmation($title,$text,$next_url,$cancel=0) {
 } // show_confirmation
 
 /**
- * init_preferences
- * Third times the charm, why rename a function once when you can do it three times :( 
- * This grabs the preferences and then loads them into conf it should be run on page load
- * to initialize the needed variables
- */
-function init_preferences() { 
-
-
-	/* Get Global Preferences */
-	$sql = "SELECT preferences.name,user_preference.value FROM preferences,user_preference WHERE user_preference.user='-1' " .
-		" AND user_preference.preference = preferences.id AND preferences.catagory='system'";
-	$db_results = mysql_query($sql, dbh());
-
-	while ($r = mysql_fetch_assoc($db_results)) {
-		$name = $r['name'];
-		$results[$name] = $r['value'];
-	} // end while sys prefs
-
-	/* Now we need to allow the user to override some stuff that's been set by the above */
-	$user_id = '-1';
-	if ($GLOBALS['user']->username) { 
-		$user_id = sql_escape($GLOBALS['user']->id);
-	}
-
-	$sql = "SELECT preferences.name,user_preference.value FROM preferences,user_preference WHERE user_preference.user='$user_id' " . 
-		" AND user_preference.preference = preferences.id AND preferences.catagory != 'system'";
-	$db_results = mysql_query($sql, dbh());
-
-	while ($r = mysql_fetch_assoc($db_results)) { 
-		$name = $r['name'];
-		$results[$name] = $r['value'];
-	} // end while
-
-	/* Set the Theme mojo */
-	if (strlen($results['theme_name']) > 0) { 
-		$results['theme_path'] = '/themes/' . $results['theme_name'];
-	}
-	
-	conf($results,1);
-
-	return true;
-
-} // init_preferences
-
-/**
  *  flip_class
  * takes an array of 2 class names
  *		and flips them back and forth and
diff --git a/login.php b/login.php
index 0311dc76..e03e40d4 100644
--- a/login.php
+++ b/login.php
@@ -31,6 +31,20 @@ require_once('modules/init.php');
 vauth_session_cookie();
 init_preferences();
 
+/**
+ * If Access Control is turned on then we don't
+ * even want them to be able to get to the login 
+ * page if they aren't in the ACL
+ */
+if (conf('access_control')) { 
+        $access = new Access(0);
+        if (!$access->check("25", $_SERVER['REMOTE_ADDR'])) {
+                debug_event('access_denied','Access Denied:' . $_SERVER['REMOTE_ADDR'] . ' is not in the Access list','3');
+                access_denied();
+        }
+} // access_control is enabled
+
+
 /* Check for posted username and password */
 if ($_POST['username'] && $_POST['password']) {
 
diff --git a/modules/init.php b/modules/init.php
index 51bc367e..7bca6a29 100644
--- a/modules/init.php
+++ b/modules/init.php
@@ -154,11 +154,12 @@ require_once(conf('prefix') . '/lib/upload.php');
 require_once(conf('prefix') . '/modules/lib.php');
 require_once(conf('prefix') . '/modules/admin.php');
 require_once(conf('prefix') . '/modules/catalog.php');
-require_once(conf('prefix') . "/modules/id3/audioinfo.class.php");
-require_once(conf('prefix') . "/modules/amazon/Snoopy.class.php");
-require_once(conf('prefix') . "/modules/amazon/AmazonSearchEngine.class.php");
-require_once(conf('prefix') . "/lib/xmlrpc.php");
-require_once(conf('prefix') . "/modules/xmlrpc/xmlrpc.inc");
+require_once(conf('prefix') . '/modules/id3/audioinfo.class.php');
+require_once(conf('prefix') . '/modules/id3/vainfo.class.php');
+require_once(conf('prefix') . '/modules/amazon/Snoopy.class.php');
+require_once(conf('prefix') . '/modules/amazon/AmazonSearchEngine.class.php');
+require_once(conf('prefix') . '/lib/xmlrpc.php');
+require_once(conf('prefix') . '/modules/xmlrpc/xmlrpc.inc');
 
 // Modules (These are conditionaly included depending upon config values)
 if (conf('ratings')) { 
@@ -241,9 +242,9 @@ elseif (!conf('use_auth')) {
 	$auth['offset_limit'] = 50;
 	if (!vauth_check_session()) { vauth_session_create($auth); }
 	$user 			= new User(-1);
-	$user->fullname 	= $auth['fullname'];
+	$user->fullname 	= 'Ampache User';
 	$user->offset_limit 	= $auth['offset_limit'];
-	$user->username 	= $auth['username'];
+	$user->username 	= '-1';
 	$user->access 		= $auth['access'];
 	$_SESSION['userdata']['username'] 	= $auth['username'];
 	$user->set_preferences();
diff --git a/server/ajax.server.php b/server/ajax.server.php
index b40b0446..fc691045 100644
--- a/server/ajax.server.php
+++ b/server/ajax.server.php
@@ -54,14 +54,8 @@ switch ($action) {
 		$ajax_url       = conf('web_path') . '/server/ajax.server.php';
 		$required_info  = "&user_id=" . $GLOBALS['user']->id . "&sessid=" . session_id();
 		${$_GET['type']} = 'id="pt_active"';
-		?>
-                <span <?php echo $stream; ?> onclick="ajaxPut('<?php echo $ajax_url; ?>','action=change_play_type&type=stream<?php echo $required_info; ?>','play_type');return true;">
-                        <?php echo _('Stream') ?>
-                </span>&nbsp;&nbsp;
-                <span <?php echo $localplay; ?> onclick="ajaxPut('<?php echo $ajax_url; ?>','action=change_play_type&type=localplay<?php echo $required_info; ?>','play_type');return true;">
-                        <?php echo _('Localplay'); ?>
-                </span>
-		<?php 
+		
+		require_once(conf('prefix') . '/templates/show_localplay_switch.inc.php'); 
 	break;
 	default:
 		echo "Default Action";
diff --git a/templates/show_localplay_switch.inc.php b/templates/show_localplay_switch.inc.php
new file mode 100644
index 00000000..18129ba1
--- /dev/null
+++ b/templates/show_localplay_switch.inc.php
@@ -0,0 +1,6 @@
+<span <?php echo $stream; ?> onclick="ajaxPut('<?php echo $ajax_url; ?>','action=change_play_type&amp;type=stream<?php echo $required_info; ?>','play_type');return true;">
+	<?php echo _('Stream') ?>
+</span><br /><br />
+<span <?php echo $localplay; ?> onclick="ajaxPut('<?php echo $ajax_url; ?>','action=change_play_type&amp;type=localplay<?php echo $required_info; ?>','play_type');return true;">
+	<?php echo _('Localplay'); ?>
+</span>
diff --git a/templates/sidebar.inc.php b/templates/sidebar.inc.php
index 83ff2c54..8520f863 100644
--- a/templates/sidebar.inc.php
+++ b/templates/sidebar.inc.php
@@ -191,12 +191,7 @@ $web_path = conf('web_path');
 			$ajax_url       = $web_path . '/server/ajax.server.php'; 
 		?>
 		<span class="text-action" style="cursor:pointer;" id="play_type">
-		<span <?php echo $stream; ?> onclick="ajaxPut('<?php echo $ajax_url; ?>','action=change_play_type&amp;type=stream<?php echo $required_info; ?>','play_type');return true;">
-        		<?php echo _('Stream') ?>
-		</span>&nbsp;&nbsp;
-		<span <?php echo $localplay; ?> onclick="ajaxPut('<?php echo $ajax_url; ?>','action=change_play_type&amp;type=localplay<?php echo $required_info; ?>','play_type');return true;">
-		        <?php echo _('Localplay'); ?>
-		</span>
+		<?php require_once(conf('prefix') . '/templates/show_localplay_switch.inc.php'); ?>
 		</span>
 	</li>
 <?php } // if horizontal orientation ?>