summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--admin/catalog.php9
-rw-r--r--lib/class/access.class.php9
-rw-r--r--lib/class/catalog.class.php32
-rw-r--r--lib/class/update.class.php32
-rw-r--r--lib/duplicates.php18
-rw-r--r--lib/xmlrpc.php55
-rw-r--r--server/xmlrpc.server.php2
-rw-r--r--templates/list_duplicates.inc3
-rw-r--r--templates/show_add_catalog.inc.php6
-rw-r--r--templates/show_edit_catalog.inc.php (renamed from templates/customize_catalog.inc)23
10 files changed, 135 insertions, 54 deletions
diff --git a/admin/catalog.php b/admin/catalog.php
index 87b5d383..cc57bd3f 100644
--- a/admin/catalog.php
+++ b/admin/catalog.php
@@ -188,7 +188,8 @@ switch ($_REQUEST['action']) {
if (conf('demo_mode')) { break; }
/* Update the catalog */
- Catalog::update_settings($_REQUEST);
+ $catalog = new Catalog();
+ $catalog->update_settings($_REQUEST);
$url = conf('web_path') . '/admin/index.php';
$title = _('Catalog Updated');
@@ -210,7 +211,7 @@ switch ($_REQUEST['action']) {
/* Create the Catalog */
$catalog->new_catalog($_REQUEST['path'],
$_REQUEST['name'],
- $_REQUEST['id3set_command'],
+ $_REQUEST['key'],
$_REQUEST['rename_pattern'],
$_REQUEST['sort_pattern'],
$_REQUEST['type'],
@@ -227,7 +228,7 @@ switch ($_REQUEST['action']) {
}
else {
$error = "Please complete the form.";
- include(conf('prefix') . '/templates/add_catalog.inc');
+ include(conf('prefix') . '/templates/show_add_catalog.inc.php');
}
break;
case 'clear_stats':
@@ -275,7 +276,7 @@ switch ($_REQUEST['action']) {
show_confirmation(_('Delete Catalog'),_('Do you really want to delete this catalog?'),$nexturl,1);
break;
case 'show_customize_catalog':
- include(conf('prefix') . '/templates/customize_catalog.inc');
+ include(conf('prefix') . '/templates/show_edit_catalog.inc.php');
break;
case 'gather_album_art':
flush();
diff --git a/lib/class/access.class.php b/lib/class/access.class.php
index b8a6c72c..5ad5a219 100644
--- a/lib/class/access.class.php
+++ b/lib/class/access.class.php
@@ -164,10 +164,17 @@ class Access {
$level = sql_escape($level);
switch ($type) {
+ /* This is here because we want to at least check IP before even creating the xml-rpc server
+ * however we don't have the key that was passed yet so we've got to do just ip
+ */
+ case 'init-xml-rpc':
+ $sql = "SELECT id FROM access_list" .
+ " WHERE `start` <= '$ip' AND `end` >= '$ip' AND `type`='xml-rpc' AND `level` >= '$level'";
+ break;
case 'xml-rpc':
$sql = "SELECT id FROM access_list" .
" WHERE `start` <= '$ip' AND `end` >= '$ip'" .
- " AND `key` = '$key' AND `level` >= '$level'";
+ " AND `key` = '$key' AND `level` >= '$level' AND `type`='xml-rpc'";
break;
case 'network':
case 'interface':
diff --git a/lib/class/catalog.class.php b/lib/class/catalog.class.php
index 9f782d46..55d45717 100644
--- a/lib/class/catalog.class.php
+++ b/lib/class/catalog.class.php
@@ -30,7 +30,7 @@ class Catalog {
var $name;
var $last_update;
var $last_add;
- var $id3_set_command;
+ var $key;
var $rename_pattern;
var $sort_pattern;
var $catalog_type;
@@ -64,7 +64,7 @@ class Catalog {
$this->name = $info->name;
$this->last_update = $info->last_update;
$this->last_add = $info->last_add;
- $this->id3_set_command = $info->id3_set_command;
+ $this->key = $info->key;
$this->rename_pattern = $info->rename_pattern;
$this->sort_pattern = $info->sort_pattern;
$this->catalog_type = $info->catalog_type;
@@ -725,11 +725,11 @@ class Catalog {
$id = sql_escape($data['catalog_id']);
$name = sql_escape($data['name']);
- $id3cmd = sql_escape($data['id3cmd']);
+ $key = sql_escape($data['key']);
$rename = sql_escape($data['rename_pattern']);
$sort = sql_escape($data['sort_pattern']);
- $sql = "UPDATE catalog SET name='$name', id3_set_command='$id3cmd', rename_pattern='$rename', " .
+ $sql = "UPDATE catalog SET name='$name', `key`='$key', rename_pattern='$rename', " .
"sort_pattern='$sort' WHERE id = '$id'";
$db_results = mysql_query($sql, dbh());
@@ -745,7 +745,7 @@ class Catalog {
* @param $path Root path to start from for catalog
* @param $name Name of the new catalog
*/
- function new_catalog($path,$name, $id3cmd=0, $ren=0, $sort=0, $type=0,$gather_art=0,$parse_m3u=0,$art=array()) {
+ function new_catalog($path,$name, $key=0, $ren=0, $sort=0, $type=0,$gather_art=0,$parse_m3u=0,$art=array()) {
/* Record the time.. time the catalog gen */
$start_time = time();
@@ -760,17 +760,17 @@ class Catalog {
$catalog_id = $this->check_catalog($path);
if (!$catalog_id) {
- $catalog_id = $this->create_catalog_entry($path,$name,$id3cmd, $ren, $sort, $type);
+ $catalog_id = $this->create_catalog_entry($path,$name,$key, $ren, $sort, $type);
}
/* Setup the $this with the new information */
- $this->id = $catalog_id;
- $this->path = $path;
- $this->name = $name;
- $this->id3_set_command = ($id3cmd)?$id3cmd:'';
- $this->rename_pattern = ($ren)?$ren:'';
- $this->sort_pattern = ($sort)?$sort:'';
- $this->catalog_type = $type;
+ $this->id = $catalog_id;
+ $this->path = $path;
+ $this->name = $name;
+ $this->key = $key;
+ $this->rename_pattern = ($ren)?$ren:'';
+ $this->sort_pattern = ($sort)?$sort:'';
+ $this->catalog_type = $type;
/* Fluf */
echo _('Starting Catalog Build') . " [$name]<br />\n";
@@ -1704,7 +1704,7 @@ class Catalog {
@param $path The root path for this catalog
@param $name The name of the new catalog
*/
- function create_catalog_entry($path,$name,$id3cmd=0,$ren=0,$sort=0, $type='local') {
+ function create_catalog_entry($path,$name,$key=0,$ren=0,$sort=0, $type='local') {
// Current time
$date = time();
@@ -1713,8 +1713,8 @@ class Catalog {
$name = sql_escape($name);
if($id3cmd && $ren && $sort) {
- $sql = "INSERT INTO catalog (path,name,last_update,id3_set_command,rename_pattern,sort_pattern,catalog_type) " .
- " VALUES ('$path','$name','$date', '$id3cmd', '$ren', '$sort','$type')";
+ $sql = "INSERT INTO catalog (path,name,last_update,`key`,rename_pattern,sort_pattern,catalog_type) " .
+ " VALUES ('$path','$name','$date', '$key', '$ren', '$sort','$type')";
}
else {
$sql = "INSERT INTO catalog (path,name,last_update) VALUES ('$path','$name','$date')";
diff --git a/lib/class/update.class.php b/lib/class/update.class.php
index e505ea87..fc13ef44 100644
--- a/lib/class/update.class.php
+++ b/lib/class/update.class.php
@@ -282,11 +282,16 @@ class Update {
$update_string = '- Reworked All Indexes on tables, hopefully leading to performance improvements.<br />' .
'- Added id int(11) UNSIGNED fields to a few tables missing it.<br />' .
+ '- Reworked Access Lists, adding type based ACL\'s and a key for xml-rpc communication.<br />' .
'- Removed DB Based color/font preferences and Theme preferences catagory.<br />';
$version[] = array('version' => '332012','description' => $update_string);
- $update_string = '- Added live_stream table for radio station support.<br />';
+ $update_string = '- Added live_stream table for radio station support.<br />' .
+ '- Removed id3_set_command from catalog and added xml-rpc key for remote catalogs.<br />' .
+ '- Added stream/video to enum of object_count for future support.<br />';
+
+ $version[] = array('version' => '332013','description' => $update_string);
return $version;
@@ -1782,6 +1787,7 @@ class Update {
*/
function update_332013() {
+ /* Add Live Stream Table */
$sql = "CREATE TABLE `live_stream` (" .
"`id` INT( 11 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY ," .
"`name` VARCHAR( 128 ) NOT NULL ," .
@@ -1792,6 +1798,30 @@ class Update {
"`frequency` VARCHAR( 32 ) NOT NULL ," .
"`call_sign` VARCHAR( 32 ) NOT NULL" .
")";
+ $db_results = mysql_query($sql, dbh());
+
+ /* Add Indexes for this new table */
+ $sql = "ALTER TABLE `live_stream` ADD INDEX `catalog` (`catalog`)";
+ $db_results = mysql_query($sql, dbh());
+
+ $sql = "ALTER TABLE `live_stream` ADD INDEX `genre` (`genre`)";
+ $db_results = mysql_query($sql, dbh());
+
+ $sql = "ALTER TABLE `live_stream` ADD INDEX `name` (`name`)";
+ $db_results = mysql_query($sql,dbh());
+
+ /* Drop id3 set command */
+ $sql = "ALTER TABLE `catalog` DROP `id3_set_command`";
+ $db_results = mysql_query($sql, dbh());
+
+ $sql = "ALTER TABLE `catalog` ADD `key` VARCHAR( 255 ) NOT NULL";
+ $db_results = mysql_query($sql, dbh());
+
+ /* Prepare for Video and Stream (comming in next version) */
+ $sql = "ALTER TABLE `ratings` CHANGE `object_type` `object_type` ENUM( 'artist', 'album', 'song', 'steam', 'video' ) NOT NULL DEFAULT 'artist'";
+ $db_results = mysql_query($sql, dbh());
+
+ $this->set_version('db_version','332013');
} // update_332013
diff --git a/lib/duplicates.php b/lib/duplicates.php
index 1d03a3da..3fe56ed1 100644
--- a/lib/duplicates.php
+++ b/lib/duplicates.php
@@ -92,15 +92,13 @@ function show_duplicate_songs($flags,$search_type) {
@discussion
*/
function show_duplicate_searchbox($search_type) {
+// OMFG KillingVollmer++ needs to be fixed in a desperate way
?>
-<br />
+<?php show_box_top(_('Find Duplicates')); ?>
<form name="songs" action="<?php echo conf('web_path'); ?>/admin/duplicates.php" method="post" enctype="multipart/form-data" >
-<table class="border" cellspacing="0" cellpadding="3" border="0" width="450">
- <tr class="table-header">
- <td colspan="2"><b><?php echo _("Find Duplicates"); ?></b></td>
- </tr>
- <tr class="even">
- <td><?php echo _("Search Type"); ?>:</td>
+<table cellspacing="0" cellpadding="3" border="0" width="450">
+ <tr>
+ <td valign="top"><?php echo _('Search Type'); ?>:</td>
<td>
<?php
@@ -123,16 +121,16 @@ function show_duplicate_searchbox($search_type) {
?>
</td>
</tr>
- <tr class="odd">
+ <tr>
<td></td>
<td>
<input type="hidden" name="action" value="search" />
- <input type="submit" value="<?php echo _("Search"); ?>" />
+ <input type="submit" value="<?php echo _('Search'); ?>" />
</td>
</tr>
</table>
</form>
-<br />
+<?php show_box_bottom(); ?>
<?php
} // show_duplicate_searchbox
?>
diff --git a/lib/xmlrpc.php b/lib/xmlrpc.php
index cd6c3e70..7dc09f01 100644
--- a/lib/xmlrpc.php
+++ b/lib/xmlrpc.php
@@ -26,7 +26,7 @@
* @package XMLRPC
* @catagory Server
* @author Karl Vollmer
- * @copyright Ampache.org 2001 - 2005
+ * @copyright Ampache.org 2001 - 2006
*/
/**
@@ -38,6 +38,14 @@
*/
function remote_catalog_query($m) {
+ $var = $m->getParam(0);
+ $key = $var->scalarval();
+
+ /* Verify the KEY */
+ if (!remote_key_verify($key,$_SERVER['REMOTE_ADDR'],'5')) {
+ return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied');
+ }
+
$result = array();
// we only want to send the local entries
@@ -53,7 +61,7 @@ function remote_catalog_query($m) {
set_time_limit(0);
$encoded_array = php_xmlrpc_encode($result);
- if (conf('debug')) { log_event($_SESSION['userdata']['username'],' xmlrpc-server ',"Encoded Catalogs: " . count($result)); }
+ debug_event('xmlrpc-server',"Encoded Catalogs: " . count($result),'3');
return new xmlrpcresp($encoded_array);
@@ -71,8 +79,16 @@ function remote_catalog_query($m) {
*/
function remote_song_query($params) {
- $start = $params->params['0']->me['int'];
- $step = $params->params['1']->me['int'];
+ $var = $parms->getParam(0);
+ $key = $var->scalarval();
+
+ /* Verify the KEY */
+ if (!remote_key_verify($key,$_SERVER['REMOTE_ADDR'],'5')) {
+ return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied');
+ }
+
+ $start = $params->params['1']->me['int'];
+ $step = $params->params['2']->me['int'];
// Get me a list of all local catalogs
$sql = "SELECT catalog.id FROM catalog WHERE catalog_type='local'";
@@ -131,8 +147,18 @@ function remote_song_query($params) {
*/
function remote_session_verify($params) {
+ $var = $parms->getParam(0);
+ $key = $var->scalarval();
+
+ /* Verify the KEY */
+ if (!remote_key_verify($key,$_SERVER['REMOTE_ADDR'],'5')) {
+ return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied');
+ }
+
+
/* We may need to do this correctly.. :S */
- $sid = $params->params['0']->me['string'];
+ $var = $params->getParam(1);
+ $sid = $var->scalarval();
if (session_exists($sid)) {
$data = true;
@@ -168,4 +194,23 @@ function remote_server_denied() {
} // remote_server_denied
+/**
+ * remote_key_verify
+ * This does a ACCESS control check against
+ * the incomming xml-rpc request. it takes the
+ * passed key and makes sure the IP+KEY+LEVEL
+ * matches in the local ACL
+ */
+function remote_key_verify($ip,$key,$level) {
+
+ $access = new Access();
+ if ($access->check('xml-rpc',$ip,'',$key,$level)) {
+ return true;
+ }
+
+ return false;
+
+} // remote_key_verify
+
+
?>
diff --git a/server/xmlrpc.server.php b/server/xmlrpc.server.php
index a0d71cc0..ebf5416b 100644
--- a/server/xmlrpc.server.php
+++ b/server/xmlrpc.server.php
@@ -34,7 +34,7 @@ else { exit(); }
$access = new Access();
// ** check that the remote server has access to this catalog
-if ($access->check('75',$_SERVER['REMOTE_ADDR'])) {
+if ($access->check('init-xml-rpc',$_SERVER['REMOTE_ADDR'],'','','5')) {
/* Setup Possible Actions */
$methods['remote_catalog_query'] = array('function' => 'remote_catalog_query');
diff --git a/templates/list_duplicates.inc b/templates/list_duplicates.inc
index f694c332..54617c92 100644
--- a/templates/list_duplicates.inc
+++ b/templates/list_duplicates.inc
@@ -25,8 +25,8 @@
$web_path = conf('web_path');
show_duplicate_searchbox($search_type);
if ($flags) { ?>
+ <?php show_box_top(_('Duplicate Songs')); ?>
<form method="post" enctype="multipart/form-data" action="<?php echo $web_path . "/admin/song.php?action=disable"; ?>">
- <p class="header1"><?php echo _('Duplicate Songs'); ?></p>
<table class="tabledata" cellspacing="0" cellpadding="0" >
<tr class="table-header">
<td><?php echo _('Disable'); ?></td>
@@ -66,6 +66,7 @@ if ($flags) { ?>
</tr>
</table>
</form>
+ <?php show_box_bottom(); ?>
<?php } else { ?>
<p><?php _('You don\'t have any duplicate songs.'); ?></p>
<?php } // end if ($flags) and else ?>
diff --git a/templates/show_add_catalog.inc.php b/templates/show_add_catalog.inc.php
index bdd7c97a..2bf02283 100644
--- a/templates/show_add_catalog.inc.php
+++ b/templates/show_add_catalog.inc.php
@@ -20,7 +20,6 @@
*/
-$default_id3 = "/usr/bin/id3v2 -a &quot;%a&quot; -A &quot;%A&quot; -t &quot;%t&quot; -g %g -y %y -T %T -c &quot;%c&quot; %filename";
$default_rename = "%a - %T - %t";
$default_sort = "%a/%A";
@@ -61,7 +60,10 @@ $default_sort = "%a/%A";
</select>
</td>
</tr>
-
+<tr>
+ <td><?php echo _('XML-RPC Key'); ?>: </td>
+ <td><input size="30" type="text" name="key" value="" /><span class="error">*<?php echo _('Required for Remote Catalogs'); ?></span></td>
+</tr>
<tr>
<td><?php echo _("Filename Pattern"); ?>: </td>
<td><input size="60" type="text" name="rename_pattern" value="<?php echo $default_rename; ?>" /></td>
diff --git a/templates/customize_catalog.inc b/templates/show_edit_catalog.inc.php
index 4bd09746..7a31de6a 100644
--- a/templates/customize_catalog.inc
+++ b/templates/show_edit_catalog.inc.php
@@ -20,14 +20,11 @@
*/
?>
-
-<br />
-<div class="header2"><?php echo _("Settings for catalog in"); echo $catalog->path; ?></div><br />
-<div class="text-box">
-<form method="get" action="<?php echo conf('web_path'); ?>/admin/catalog.php" enctype="multipart/form-data">
-<table class="tabledata" cellspacing="0" cellpadding="0" border="0">
+<?php show_box_top(_('Settings for') . ' ' . $catalog->name . ' (' . $catalog->path . ')'); ?>
+<form method="post" action="<?php echo conf('web_path'); ?>/admin/catalog.php" enctype="multipart/form-data">
+<table cellspacing="0" cellpadding="0" border="0">
<tr>
- <td><?php echo _("Name"); ?>:</td>
+ <td><?php echo _('Name'); ?>:</td>
<td><input size="60" type="text" name="name" value="<?php echo scrub_out($catalog->name); ?>"></input></td>
<td style="vertical-align:top; font-family: monospace;" rowspan="5">
<strong><?php echo _("Auto-inserted Fields"); ?>:</strong><br />
@@ -43,20 +40,20 @@
</td>
</tr>
<tr>
- <td><?php echo _("ID3 set command"); ?>:</td>
+ <td><?php echo _('XML-RPC Key'); ?>:</td>
<td>
- <input size="60" type="text" name="id3_set_command" value="<?php echo scrub_out($catalog->id3_set_command); ?>" />
+ <input size="30" type="text" name="key" value="<?php echo scrub_out($catalog->key); ?>" />*<span class="error">Required for Remote Catalogs</span>
</td>
</tr>
<tr>
- <td><?php echo _("Filename pattern"); ?>:</td>
+ <td><?php echo _('Filename pattern'); ?>:</td>
<td>
<input size="60" type="text" name="rename_pattern" value="<?php echo scrub_out($catalog->rename_pattern); ?>" />
</td>
</tr>
<tr>
<td>
- <?php echo _("Folder Pattern"); ?>:<br /><?php echo _("(no leading or ending '/')"); ?>
+ <?php echo _('Folder Pattern'); ?>:<br /><?php echo _('(no leading or ending \'/\')'); ?>
</td>
<td>
<input size="60" type="text" name="sort_pattern" value="<?php echo scrub_out($catalog->sort_pattern);?>" />
@@ -67,9 +64,9 @@
<td>
<input type="hidden" name="catalog_id" value="<?php echo $catalog->id; ?>" />
<input type="hidden" name="action" value="update_catalog_settings" />
- <input type="submit" value="<?php echo _("Save Catalog Settings"); ?>" />
+ <input type="submit" value="<?php echo _('Save Catalog Settings'); ?>" />
</td>
</tr>
</table>
</form>
-</div>
+<?php show_box_bottom(); ?>
generated by cgit (git 2.34.1) at 2025-08-13 09:49:27 +0000