diff options
| -rwxr-xr-x | docs/CHANGELOG | 2 | ||||
| -rw-r--r-- | lib/class/api.class.php | 49 | ||||
| -rw-r--r-- | lib/class/catalog.class.php | 7 | ||||
| -rw-r--r-- | lib/class/preference.class.php | 22 | ||||
| -rw-r--r-- | lib/class/stream.class.php | 2 | ||||
| -rw-r--r-- | lib/class/update.class.php | 2 | ||||
| -rw-r--r-- | lib/class/xmldata.class.php | 12 | ||||
| -rw-r--r-- | lib/init.php | 10 | ||||
| -rw-r--r-- | lib/preferences.php | 21 | ||||
| -rw-r--r-- | server/xml.server.php | 10 |
10 files changed, 104 insertions, 33 deletions
diff --git a/docs/CHANGELOG b/docs/CHANGELOG index eee6d4a9..a18079fa 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -4,6 +4,8 @@ -------------------------------------------------------------------------- v.3.4-Alpha3 + - Fixed by where Ampache would incorrectly search for album art + when config option was empty (Thx Karl Hungus) - Enabling a Localplay Method will now set Allow Localplay to true - Fixed all playlist methods, send, send and clear and clear on send now work correctly diff --git a/lib/class/api.class.php b/lib/class/api.class.php index fd34ff93..fb0fd2f9 100644 --- a/lib/class/api.class.php +++ b/lib/class/api.class.php @@ -24,7 +24,7 @@ * This handles functions relating to the API written for ampache, initially this is very focused * on providing functionality for Amarok so it can integrate with Ampache */ -class AmpacheApi { +class Api { /** * constructor @@ -47,12 +47,22 @@ class AmpacheApi { public static function handshake($timesamp,$passphrase,$ip,$username='') { // First we'll filter by username and IP - $username = $username ? Dba::escape($username) : '-1'; - $ip = ip2int($ip); + if (!$username) { + $user_id = '-1'; + } + else { + $client = User::get_from_username($username); + $user_id =$client->id; + } + + // Clean incomming variables + $user_id = Dba::escape($user_id); + $timestampe = intval($timestamp); + $ip = ip2int($ip); // Run the query and return the passphrases as we'll have to mangle them // to figure out if they match what we've got - $sql = "SELECT * FROM `access_list` WHERE `user`='$username' AND `start` >= '$ip' AND `end` <= '$ip'"; + $sql = "SELECT * FROM `access_list` WHERE `user`='$user_id' AND `start` >= '$ip' AND `end` <= '$ip'"; $db_results = Dba::query($sql); while ($row = Dba::fetch_assoc($db_results)) { @@ -60,9 +70,40 @@ class AmpacheApi { // Combine and MD5 this mofo $md5pass = md5($timestamp . $row); + if ($md5pass === $passphrase) { + // Create the Session, in this class for now needs to be moved + $token = self::create_session($row['level'],$ip,$user_id); + return $token; + } // match + } // end while } // handhsake + /** + * create_session + * This actually creates the new session it takes the level, ip and user + * and figures out the agent and expire then returns the token + */ + public static function create_session($level,$ip,$user_id) { + + // Generate the token + $token = md5(uniqid(rand(), true)); + $level = Dba::escape($level); + $agent = Dba::escape($_SERVER['HTTP_USER_AGENT']); + $expire = time() + 3600; + + $sql = "REPLACE INTO `session_api` (`id`,`user`,`agent`,`level`,`expire`,`ip`) " . + "VALUES ('$token','$user_id','$agent','$level','$expire','$ip')"; + $db_results = Dba::query($sql); + + if (Dba::affected_rows($db_results)) { + return $token; + } + + return false; + + } // create_session + } // API class ?> diff --git a/lib/class/catalog.class.php b/lib/class/catalog.class.php index 31d7d7c6..a6dabbbe 100644 --- a/lib/class/catalog.class.php +++ b/lib/class/catalog.class.php @@ -545,6 +545,13 @@ class Catalog { */ public function get_album_art($catalog_id=0,$all='') { + + // Make sure they've actually got methods + $album_art_order = Config::get('album_art_order'); + if (empty($album_art_order)) { + return true; + } + // Prevent the script from timing out set_time_limit(0); diff --git a/lib/class/preference.class.php b/lib/class/preference.class.php index ef8a0a05..e2dc57d5 100644 --- a/lib/class/preference.class.php +++ b/lib/class/preference.class.php @@ -217,4 +217,26 @@ class Preference { } // rebuild_preferences + /** + * fix_preferences + * This takes the preferences, explodes what needs to + * become an array and boolean everythings + */ + public static function fix_preferences($results) { + + $results['auth_methods'] = trim($results['auth_methods']) ? explode(",",$results['auth_methods']) : array(); + $results['tag_order'] = trim($results['tag_order']) ? explode(",",$results['tag_order']) : array(); + $results['album_art_order'] = trim($results['album_art_order']) ? explode(",",$results['album_art_order']) : array(); + $results['amazon_base_urls'] = trim($results['amazin_base_urls']) ? explode(",",$results['amazon_base_urls']) : array(); + + foreach ($results as $key=>$data) { + if (strcasecmp($data,"true") == "0") { $results[$key] = 1; } + if (strcasecmp($data,"false") == "0") { $results[$key] = 0; } + } + + return $results; + + } // fix_preferences + + } // end Preference class diff --git a/lib/class/stream.class.php b/lib/class/stream.class.php index c661b351..def353d5 100644 --- a/lib/class/stream.class.php +++ b/lib/class/stream.class.php @@ -623,7 +623,7 @@ class Stream { public static function _auto_init() { // Generate the session ID - self::$session = md5(uniqid(rand(), true));; + self::$session = md5(uniqid(rand(), true)); } // auto_init diff --git a/lib/class/update.class.php b/lib/class/update.class.php index 2db1a0e2..c51886c8 100644 --- a/lib/class/update.class.php +++ b/lib/class/update.class.php @@ -1004,6 +1004,8 @@ class Update { "PRIMARY KEY ( `id` ) " . ") ENGINE = MYISAM"; $db_results = Dba::query($sql); + + } // 340011 diff --git a/lib/class/xmldata.class.php b/lib/class/xmldata.class.php index 16eaeaeb..2fea98db 100644 --- a/lib/class/xmldata.class.php +++ b/lib/class/xmldata.class.php @@ -39,6 +39,18 @@ class xmlData { } // constructor + /** + * error + * This generates a standard XML Error message + * nothing fancy here... + */ + public static function error($string) { + + $string = "<root>\n\t<error><![CDATA[$string]]></error>\n</root>"; + return $string; + + } // error + } // xmlData ?> diff --git a/lib/init.php b/lib/init.php index 69b3fc2c..6cf2c422 100644 --- a/lib/init.php +++ b/lib/init.php @@ -44,6 +44,10 @@ $configfile = "$prefix/config/ampache.cfg.php"; require_once $prefix . '/lib/general.lib.php'; require_once $prefix . '/lib/class/config.class.php'; +// Define some base level config options +Config::set('prefix',$prefix); + + /* Check to see if this is Http or https */ @@ -77,13 +81,12 @@ if (!count($results)) { } /** This is the version.... fluf nothing more... **/ -$results['version'] = '3.4-Alpha3 Build (003)'; +$results['version'] = '3.4-Alpha3 Build (004)'; $results['int_config_version'] = '5'; $results['raw_web_path'] = $results['web_path']; $results['web_path'] = $http_type . $_SERVER['HTTP_HOST'] . $results['web_path']; $results['http_port'] = $_SERVER['SERVER_PORT']; -$results['prefix'] = $prefix; $results['stop_auth'] = $results['prefix'] . "/modules/vauth/gone.fishing"; if (!$results['http_port']) { $results['http_port'] = '80'; @@ -142,9 +145,8 @@ require_once $prefix . '/modules/infotools/openstrands.class.php'; //require_once $prefix . '/modules/infotools/jamendoSearch.class.php'; /* Temp Fixes */ -$results = fix_preferences($results); +$results = Preference::fix_preferences($results); -// Setup Static Arrays Config::set_by_array($results,1); // Modules (These are conditionaly included depending upon config values) diff --git a/lib/preferences.php b/lib/preferences.php index c7f503c1..89468242 100644 --- a/lib/preferences.php +++ b/lib/preferences.php @@ -510,25 +510,4 @@ function update_preference_level($pref_id,$level) { } // update_preference_level -/** - * fix_preferences - * This takes the preferences, explodes what needs to - * become an array and boolean everythings - */ -function fix_preferences($results) { - - $results['auth_methods'] = explode(",",$results['auth_methods']); - $results['tag_order'] = explode(",",$results['tag_order']); - $results['album_art_order'] = explode(",",$results['album_art_order']); - $results['amazon_base_urls'] = explode(",",$results['amazon_base_urls']); - - foreach ($results as $key=>$data) { - if (strcasecmp($data,"true") == "0") { $results[$key] = 1; } - if (strcasecmp($data,"false") == "0") { $results[$key] = 0; } - } - - return $results; - -} // fix_preferences - ?> diff --git a/server/xml.server.php b/server/xml.server.php index 484c874c..79082f43 100644 --- a/server/xml.server.php +++ b/server/xml.server.php @@ -37,13 +37,17 @@ if (!Access::session_exists(array(),$_REQUEST['auth'],'api') AND $_REQUEST['acti } /* Set the correct headers */ -header("Content-type: text/xml; charset=utf-8"); - +header("Content-type: text/xml; charset=" . Config::get('site_charset')); +header("Content-Disposition: attachment; filename=information.xml"); switch ($_REQUEST['action']) { case 'handshake': - // Send the data we were sent to the API class so it can be chewed on + $token = Api::handshake($_REQUEST['timestamp'],$_REQUEST['auth'],$_SERVER['REMOTE_ADDR'],$_REQUEST['user']); + + if (!$token) { + echo xmlData::error('Error Invalid Handshake, attempt logged'); + } break; default: |