summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--admin/mail.php22
-rw-r--r--admin/preferences.php21
-rw-r--r--admin/users.php8
-rw-r--r--amp-mpd.php4
-rw-r--r--lib/class/catalog.class.php58
-rw-r--r--lib/class/playlist.class.php16
-rw-r--r--lib/class/stream.class.php2
-rw-r--r--lib/class/update.class.php26
-rw-r--r--lib/class/user.class.php148
-rw-r--r--lib/flag.php8
-rw-r--r--lib/general.lib.php2
-rw-r--r--lib/mpd.php6
-rw-r--r--lib/preferences.php18
-rw-r--r--lib/ui.lib.php4
-rw-r--r--lib/xmlrpc.php2
-rw-r--r--modules/admin.php4
-rw-r--r--modules/init.php7
-rw-r--r--modules/lib.php26
-rw-r--r--play/index.php11
-rw-r--r--play/pupload.php8
-rw-r--r--playlist.php8
-rw-r--r--preferences.php2
-rw-r--r--song.php2
-rw-r--r--stats.php2
-rw-r--r--templates/show_songs.inc8
-rw-r--r--templates/show_users.inc2
-rw-r--r--templates/userform.inc1
-rw-r--r--upload.php4
28 files changed, 241 insertions, 189 deletions
diff --git a/admin/mail.php b/admin/mail.php
index 78d257a8..2d5a0802 100644
--- a/admin/mail.php
+++ b/admin/mail.php
@@ -39,17 +39,17 @@ $subject = stripslashes(scrub_in($_POST['subject']));
$message = stripslashes(scrub_in($_POST['message']));
if ( $action == 'send_mail' && !conf('demo_mode')) {
- $user = new User(0,$_SESSION['userdata']['id']);
- // do the mail mojo here
- if ( $to == 'all' ) {
- $sql = "SELECT * FROM user WHERE email IS NOT NULL";
- }
- elseif ( $to == 'users' ) {
- $sql = "SELECT * FROM user WHERE access='users' AND email IS NOT NULL";
- }
- elseif ( $to == 'admins' ) {
- $sql = "SELECT * FROM user WHERE access='admin' AND email IS NOT NULL";
- }
+ $user = $GLOBALS['user'];
+ // do the mail mojo here
+ if ( $to == 'all' ) {
+ $sql = "SELECT * FROM user WHERE email IS NOT NULL";
+ }
+ elseif ( $to == 'users' ) {
+ $sql = "SELECT * FROM user WHERE access='users' OR access='25' AND email IS NOT NULL";
+ }
+ elseif ( $to == 'admins' ) {
+ $sql = "SELECT * FROM user WHERE access='admin' OR access='100' AND email IS NOT NULL";
+ }
$db_result = mysql_query($sql, dbh());
diff --git a/admin/preferences.php b/admin/preferences.php
index ba381f44..c83f690e 100644
--- a/admin/preferences.php
+++ b/admin/preferences.php
@@ -20,12 +20,14 @@
*/
-/*!
- @header Preferences page
- Preferences page for whole site, and where
- the admins do editing of other users preferences
-
-*/
+/**
+ * Preferences page
+ * Preferences page for whole site, and where
+ * the admins do editing of other users preferences
+ * @package Preferences
+ * @catagory Admin
+ * @author Karl Vollmer
+ */
require('../modules/init.php');
@@ -40,8 +42,7 @@ $user_id = intval(scrub_in($_REQUEST['user_id']));
switch(scrub_in($_REQUEST['action'])) {
case 'user':
- $temp_user = new User(0,$user_id);
- $user_id = $temp_user->id;
+ $temp_user = new User($user_id);
$fullname = "ADMIN - " . $temp_user->fullname;
$preferences = $temp_user->get_preferences();
break;
@@ -49,7 +50,7 @@ switch(scrub_in($_REQUEST['action'])) {
if (conf('demo_mode')) { break; }
update_preferences($user_id);
if ($user_id != '0') {
- $temp_user = new User(0,$user_id);
+ $temp_user = new User($user_id);
$fullname = "ADMIN - " . $temp_user->fullname;
$preferences = $temp_user->get_preferences();
}
@@ -58,7 +59,7 @@ switch(scrub_in($_REQUEST['action'])) {
}
break;
case 'fix_preferences':
- $temp_user = new User(0,$user_id);
+ $temp_user = new User($user_id);
$temp_user->fix_preferences();
$preferences = $temp_user->get_preferences();
break;
diff --git a/admin/users.php b/admin/users.php
index fddf5333..c42c0844 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -49,8 +49,7 @@ $temp_user = new User($user_id);
switch ($action) {
case 'edit':
if (conf('demo_mode')) { break; }
- show_user_form($temp_user->id,
- $temp_user->username,
+ show_user_form($temp_user->username,
$temp_user->fullname,
$temp_user->email,
$temp_user->access,
@@ -82,8 +81,7 @@ switch ($action) {
/* If we've got an error then break! */
if ($GLOBALS['error']->error_state) {
- show_user_form($temp_user->id,
- $thisuser->username,
+ show_user_form($thisuser->username,
$thisuser->fullname,
$thisuser->email,
$thisuser->access,
@@ -152,7 +150,7 @@ switch ($action) {
break;
case 'show_add_user':
if (conf('demo_mode')) { break; }
- show_user_form('','','','','','new_user','');
+ show_user_form('','','','','new_user','');
break;
case 'update':
diff --git a/amp-mpd.php b/amp-mpd.php
index c77f8ef8..bc4d59f0 100644
--- a/amp-mpd.php
+++ b/amp-mpd.php
@@ -147,8 +147,8 @@ else {
if (!$user->has_access(25)) { break; }
$condPL = (conf('condPL')==1 ? 0 : 1);
conf(array('condPL' => $condPL),1);
- $db_results = mysql_query("UPDATE user_preference, preferences SET user_preference.value='$condPL' ".
- "WHERE preferences.name='condPL' AND preferences.id=user_preference.preference AND user ='$user->id'", dbh());
+ $pref_id = get_preference_id('condPL');
+ $user->update_preference($pref_id,$condPL);
mpd_redirect();
break;
case "crop":
diff --git a/lib/class/catalog.class.php b/lib/class/catalog.class.php
index b8907d0a..01ca1a6f 100644
--- a/lib/class/catalog.class.php
+++ b/lib/class/catalog.class.php
@@ -891,19 +891,26 @@ class Catalog {
} // add_to_catalog
- /*!
- @function get_remote_catalog
- @discussion get a remote catalog and runs update if needed
- */
+ /**
+ * get_remote_catalog
+ * get a remote catalog and runs update if needed
+ * @package XMLRPC
+ * @catagory Client
+ * @author Karl Vollmer
+ * @todo Add support for something besides port 80
+ * @todo Add a Pub/Private Key swap in here for extra security
+ */
function get_remote_catalog($type=0) {
+ /* Make sure the xmlrpc lib is loaded */
if (!class_exists('xmlrpc_client')) {
if (conf('debug')) { log_event($_SESSION['userdata']['username'],'xmlrpc',"Unable to load XMLRPC library"); }
echo "<font class=\"error\"><b>" . _("Error") . "</b>: " . _("Unable to load XMLRPC library, make sure XML-RPC is enabled") . "<br />\n";
return false;
- }
+ } // end check for class
// first, glean out the information from the path about the server and remote path
+ // this can't contain the http
preg_match("/http:\/\/([^\/]+)\/*(.*)/", $this->path, $match);
$server = $match[1];
$path = $match[2];
@@ -914,30 +921,40 @@ class Catalog {
else {
$client = new xmlrpc_client("/$path/server.php", $server, 80);
}
-
- $f = new xmlrpcmsg('remote_server_query', array(new xmlrpcval( conf('web_path'), "string")) );
- //if (conf('debug')) { $client->setDebug(1); }
- $response = $client->send($f);
+
+ $f = new xmlrpcmsg('remote_server_query', array(new xmlrpcval( conf('web_path'), "string")) );
+
+ if (conf('debug')) { $client->setDebug(1); }
+
+ $response = $client->send($f,30);
$value = $response->value();
if ( !$response->faultCode() ) {
$data = php_xmlrpc_decode($value);
// Print out the catalogs we are going to sync
- //FIXME: We should add catalog level access control
foreach ($data as $vars) {
- $catalog_name = $vars[0];
- print("<b>Reading Remote Catalog: $catalog_name</b> [$this->path]<br />\n");
+ $catalog_name = $vars[0];
+ $count = $vars[1];
+ print("<b>Reading Remote Catalog: $catalog_name ($count Songs)</b> [$this->path]<br />\n");
}
- }
+ // Flush the output
+ flush();
+
+ } // if we didn't get an error
else {
$error_msg = _("Error connecting to") . " " . $server . " " . _("Code") . ": " . $response->faultCode() . " " . _("Reason") . ": " . $response->faultString();
- log_event($_SESSION['userdata']['username'],'xmlrpc',$error_msg);
+ if (conf('debug')) { log_event($_SESSION['userdata']['username'],'xmlrpc',$error_msg); }
echo "<p class=\"error\">$error_msg</p>";
return;
}
- $f = new xmlrpcmsg('remote_song_query', array(new xmlrpcval( 'song', "string")) );
+ $f = new xmlrpcmsg('remote_song_query');
+
+ /* Depending upon the size of the target catalog this can be a very slow/long process */
+ set_time_limit(0);
+
+ // No Timeout on this one because it can be flipping huge
$response = $client->send($f);
$value = $response->value();
@@ -956,10 +973,13 @@ class Catalog {
} // get_remote_catalog
- /*!
- @function update_remote_catalog
- @discussion actually updates from the remote data
- */
+ /**
+ * update_remote_catalog
+ * actually updates from the remote data, takes an array of songs that are base64 encoded and parses them
+ * @package XMLRPC
+ * @catagory Client
+ * @todo This should be based off of seralize
+ */
function update_remote_catalog($songs,$root_path) {
global $settings, $dbh, $artists;
diff --git a/lib/class/playlist.class.php b/lib/class/playlist.class.php
index 130537af..b17eadc6 100644
--- a/lib/class/playlist.class.php
+++ b/lib/class/playlist.class.php
@@ -30,7 +30,7 @@ class Playlist {
// Variables from DB
var $id;
var $name;
- var $owner;
+ var $user;
var $type;
var $time;
var $items;
@@ -64,13 +64,13 @@ class Playlist {
$dbh = dbh();
if ($this->id) {
- $sql = "SELECT name, owner, type, date FROM playlist" .
+ $sql = "SELECT name, user, type, date FROM playlist" .
" WHERE id = '$this->id'";
$db_results = mysql_query($sql, $dbh);
if ($r = mysql_fetch_object($db_results)) {
$this->name = $r->name;
- $this->owner = $r->owner;
+ $this->user = $r->user;
$this->type = $r->type;
$this->time = $r->date;
$this->items = array();
@@ -96,17 +96,17 @@ class Playlist {
/*!
@function create_playlist
- @discussion Creates an empty playlist, given a name, owner_id, and type.
+ @discussion Creates an empty playlist, given a name, user_id, and type.
*/
- function create_playlist($name, $owner_id, $type) {
+ function create_playlist($name, $user, $type) {
$dbh = dbh();
- if (isset($name) && isset($owner_id) && isset($type) && $this->check_type($type)) {
+ if (isset($name) && isset($user) && isset($type) && $this->check_type($type)) {
$name = sql_escape($name);
$sql = "INSERT INTO playlist" .
- " (name, owner, type)" .
- " VALUES ('$name', '$owner_id', '$type')";
+ " (name, user, type)" .
+ " VALUES ('$name', '$user', '$type')";
$db_results = mysql_query($sql, $dbh);
if ($this->id = mysql_insert_id($dbh)) {
$this->refresh_object();
diff --git a/lib/class/stream.class.php b/lib/class/stream.class.php
index 999dcbca..d550366c 100644
--- a/lib/class/stream.class.php
+++ b/lib/class/stream.class.php
@@ -49,7 +49,7 @@ class Stream {
}
$this->sess = session_id();
- $this->user_id = $_SESSION['userdata']['id'];
+ $this->user_id = $_SESSION['userdata']['username'];
} //constructor
diff --git a/lib/class/update.class.php b/lib/class/update.class.php
index 5612eb0d..f077daef 100644
--- a/lib/class/update.class.php
+++ b/lib/class/update.class.php
@@ -229,13 +229,13 @@ class Update {
$version[] = array('version' => '332001', 'description' => $update_string);
- return $version;
-
$update_string = "- Removed every Instance of User->ID *Note* This update clears Now Playing.<br />" .
"- Added field allowing for Dynamic Playlists.<br />" .
"- Added required table/fields for security related IP Tracking.<br />";
- //$version[] = array('version' => '332002', 'description' => $update_string);
+ $version[] = array('version' => '332002', 'description' => $update_string);
+
+ return $version;
} // populate_version
@@ -960,8 +960,18 @@ class Update {
function update_332002() {
-// $sql = "CREATE TABLE `ip_history` (`username` VARCHAR(128), `ip` INT(11) UNSIGNED NOT NULL DEFAULT '0', " .
-// "`connections` INT(11) UNSIGNED NOT NULL DEFAULT '1', `date` INT(11) UNSIGNED NOT NULL DEFAULT '0')";
+ $sql = "CREATE TABLE `ip_history` (`username` VARCHAR(128), `ip` INT(11) UNSIGNED NOT NULL DEFAULT '0', " .
+ "`connections` INT(11) UNSIGNED NOT NULL DEFAULT '1', `date` INT(11) UNSIGNED NOT NULL DEFAULT '0')";
+ $db_results = mysql_query($sql, dbh());
+
+ $sql = "ALTER TABLE `ip_history` ADD INDEX ( `username` )";
+ $db_results = mysql_query($sql, dbh());
+
+ $sql = "ALTER TABLE `ip_history` ADD INDEX ( `date` )";
+ $db_results = mysql_query($sql, dbh());
+
+ $sql = "ALTER TABLE `session` ADD `ip` INT( 11 ) UNSIGNED AFTER `value`";
+ $db_results = mysql_query($sql, dbh());
$sql = "ALTER TABLE `object_count` CHANGE `object_type` `object_type` ENUM( 'album', 'artist', 'song', 'playlist', 'genre', 'catalog' ) NOT NULL DEFAULT 'song'";
$db_results = mysql_query($sql, dbh());
@@ -982,10 +992,10 @@ class Update {
}
/* It's time for some serious DB Clean Up. Nuke this stuff from Orbit! */
- $sql = "ALTER TABLE `catalog DROP `private`";
+ $sql = "ALTER TABLE `catalog` DROP `private`";
$db_results = mysql_query($sql, dbh());
- $sql = "ALTER TABLE `catalog` CHANGE `enabled` `enabled` TINYINT UNSIGNED NOT NULL DEFAULT '1'";
+ $sql = "ALTER TABLE `catalog` CHANGE `enabled` `enabled` TINYINT ( 1 ) UNSIGNED NOT NULL DEFAULT '1'";
$db_results = mysql_query($sql, dbh());
/*
@@ -1158,6 +1168,8 @@ class Update {
$sql = "ALTER TABLE `user` DROP `id`";
$db_results = mysql_query($sql, dbh());
+ $this->set_version('db_version', '332002');
+
} // update_332002
diff --git a/lib/class/user.class.php b/lib/class/user.class.php
index c3736c78..70271e41 100644
--- a/lib/class/user.class.php
+++ b/lib/class/user.class.php
@@ -30,7 +30,6 @@ class User {
//Basic Componets
var $username;
- var $id=0;
var $fullname;
var $access;
var $disabled;
@@ -38,18 +37,15 @@ class User {
var $email;
var $last_seen;
- function User($username=0,$uid=0) {
+ function User($username=0) {
- if (!$username && !$uid) {
+ if (!$username) {
return true;
}
$this->username = $username;
- $this->id = $uid;
$info = $this->get_info();
$this->username = $info->username;
- $this->id = $info->id;
- $this->id = $info->id;
$this->fullname = $info->fullname;
$this->access = $info->access;
$this->disabled = $info->disabled;
@@ -70,12 +66,8 @@ class User {
*/
function get_info() {
- if ($this->username) {
- $sql = "SELECT * FROM user WHERE username='$this->username'";
- }
- else {
- $sql = "SELECT * FROM user WHERE id='$this->id'";
- }
+ $sql = "SELECT * FROM user WHERE username='$this->username'";
+
$db_results = mysql_query($sql, dbh());
return mysql_fetch_object($db_results);
@@ -89,7 +81,8 @@ class User {
*/
function get_preferences() {
- $sql = "SELECT preferences.name, preferences.description, preferences.type, user_preference.value FROM preferences,user_preference WHERE user_preference.user='$this->id' AND user_preference.preference=preferences.id AND preferences.type='user'";
+ $sql = "SELECT preferences.name, preferences.description, preferences.type, user_preference.value FROM preferences,user_preference " .
+ "WHERE user_preference.user='$this->username' AND user_preference.preference=preferences.id AND preferences.type='user'";
$db_results = mysql_query($sql, dbh());
while ($r = mysql_fetch_object($db_results)) {
@@ -107,7 +100,7 @@ class User {
*/
function set_preferences() {
- $sql = "SELECT preferences.name,user_preference.value FROM preferences,user_preference WHERE user_preference.user='$this->id' " .
+ $sql = "SELECT preferences.name,user_preference.value FROM preferences,user_preference WHERE user_preference.user='$this->username' " .
"AND user_preference.preference=preferences.id AND preferences.type='user'";
$db_results = mysql_query($sql, dbh());
@@ -126,7 +119,7 @@ class User {
$sql = "SELECT * FROM object_count" .
" WHERE count > 0" .
" AND object_type = '$type'" .
- " AND userid = '" . $this->id . "'" .
+ " AND userid = '" . $this->username . "'" .
" ORDER BY count DESC LIMIT " . conf('popular_threshold');
$db_result = mysql_query($sql, dbh());
@@ -189,7 +182,7 @@ class User {
*/
function is_logged_in() {
- $sql = "SELECT id FROM session WHERE username='$this->id'" .
+ $sql = "SELECT id FROM session WHERE username='$this->username'" .
" AND expire > ". time();
$db_results = mysql_query($sql,dbh());
@@ -220,37 +213,40 @@ class User {
} // has_access
- /*!
- @function update_preference
- @discussion updates a single preference if the query fails
- it attempts to insert the preference instead
- */
- function update_preference($preference_id, $value, $id=0) {
-
- if (!$id) {
- $id = $this->id;
- }
+ /**
+ * update_preference
+ * updates a single preference if the query fails
+ * it attempts to insert the preference instead
+ * @package User
+ * @catagory Class
+ * @todo Do a has_preference_access check
+ */
+ function update_preference($preference_id, $value, $username=0) {
+
+ if (!$username) {
+ $username = $this->username;
+ }
$value = sql_escape($value);
- //FIXME:
- // Do a has_access check here...
+ $sql = "UPDATE user_preference SET value='$value' WHERE user='$username' AND preference='$preference_id'";
- $sql = "UPDATE user_preference SET value='$value' WHERE user='$id' AND preference='$preference_id'";
$db_results = @mysql_query($sql, dbh());
} // update_preference
- /*!
- @function add_preference
- @discussion adds a new preference
- @param $key preference name
- @param $value preference value
- @param $id user is
- */
- function add_preference($preference_id, $value, $id=0) {
+ /**
+ * add_preference
+ * adds a new preference
+ * @package User
+ * @catagory Class
+ * @param $key preference name
+ * @param $value preference value
+ * @param $id user is
+ */
+ function add_preference($preference_id, $value, $username=0) {
- if (!$id) {
- $id = $this->id;
+ if (!$username) {
+ $username = $this->username;
}
$value = sql_escape($value);
@@ -262,7 +258,7 @@ class User {
$preference_id = $r[0];
} // end if it's not numeric
- $sql = "INSERT user_preference SET `user`='$id' , `value`='$value' , `preference`='$preference_id'";
+ $sql = "INSERT user_preference SET `user`='$username' , `value`='$value' , `preference`='$preference_id'";
$db_results = mysql_query($sql, dbh());
} // add_preference
@@ -274,7 +270,8 @@ class User {
function update_username($new_username) {
$new_username = sql_escape($new_username);
- $sql = "UPDATE user SET username='$new_username' WHERE id='$this->id'";
+ $sql = "UPDATE user SET username='$new_username' WHERE username='$this->username'";
+ $this->username = $new_username;
$db_results = mysql_query($sql, dbh());
} // update_username
@@ -286,7 +283,7 @@ class User {
function update_fullname($new_fullname) {
$new_fullname = sql_escape($new_fullname);
- $sql = "UPDATE user SET fullname='$new_fullname' WHERE id='$this->id'";
+ $sql = "UPDATE user SET fullname='$new_fullname' WHERE username='$this->username'";
$db_results = mysql_query($sql, dbh());
} // update_username
@@ -298,7 +295,7 @@ class User {
function update_email($new_email) {
$new_email = sql_escape($new_email);
- $sql = "UPDATE user SET email='$new_email' WHERE id='$this->id'";
+ $sql = "UPDATE user SET email='$new_email' WHERE username='$this->username'";
$db_results = mysql_query($sql, dbh());
} // update_email
@@ -310,44 +307,47 @@ class User {
function update_offset($new_offset) {
$new_offset = sql_escape($new_offset);
- $sql = "UPDATE user SET offset_limit='$new_offset' WHERE id='$this->id'";
+ $sql = "UPDATE user SET offset_limit='$new_offset' WHERE username='$this->username'";
$db_results = mysql_query($sql, dbh());
} // update_offset
- /*!
- @function update_access
- @discussion updates their access level
- */
+ /**
+ * update_access
+ * updates their access level
+ * @todo Remove References to the named version of access
+ */
function update_access($new_access) {
/* Check for all disable */
if ($new_access == 'disabled') {
- $sql = "SELECT id FROM user WHERE disabled != '1' AND id != '$this->id'";
+ $sql = "SELECT username FROM user WHERE disabled != '1' AND username != '$this->username'";
$db_results = mysql_query($sql,dbh());
if (!mysql_num_rows($db_results)) { return false; }
}
/* Prevent Only User accounts */
if ($new_access == 'user') {
- $sql = "SELECT id FROM user WHERE (access='admin' OR access='100') AND id != '$this->id'";
+ $sql = "SELECT username FROM user WHERE (access='admin' OR access='100') AND username != '$this->username'";
$db_results = mysql_query($sql, dbh());
if (!mysql_num_rows($db_results)) { return false; }
}
if ($new_access == 'enabled') {
$new_access = sql_escape($new_access);
- $sql = "UPDATE user SET disabled='0' WHERE id='$this->id'";
+ $sql = "UPDATE user SET disabled='0' WHERE username='$this->username'";
$db_results = mysql_query($sql, dbh());
- } elseif ($new_access == 'disabled') {
+
+ }
+ elseif ($new_access == 'disabled') {
$new_access = sql_escape($new_access);
- $sql = "UPDATE user SET disabled='1' WHERE id='$this->id'";
+ $sql = "UPDATE user SET disabled='1' WHERE username='$this->username'";
$db_results = mysql_query($sql, dbh());
$sql = "DELETE FROM session WHERE username='" . sql_escape($this->username) . "'";
$db_results = mysql_query($sql, dbh());
} else {
$new_access = sql_escape($new_access);
- $sql = "UPDATE user SET access='$new_access' WHERE id='$this->id'";
+ $sql = "UPDATE user SET access='$new_access' WHERE username='$this->username'";
$db_results = mysql_query($sql, dbh());
}
@@ -359,7 +359,7 @@ class User {
*/
function update_last_seen() {
- $sql = "UPDATE user SET last_seen='" . time() . "' WHERE id='$this->id'";
+ $sql = "UPDATE user SET last_seen='" . time() . "' WHERE username='$this->username'";
$db_results = mysql_query($sql, dbh());
} // update_last_seen
@@ -372,7 +372,7 @@ class User {
function update_stats($song_id) {
$song_info = new Song($song_id);
- $user = $this->id;
+ $user = $this->username;
$dbh = dbh();
if (!$song_info->file) { return false; }
@@ -454,12 +454,11 @@ class User {
" ('$username','$fullname','$email',PASSWORD('$password'),'$access')";
$db_results = mysql_query($sql, dbh());
if (!$db_results) { return false; }
- $user_id = mysql_insert_id(dbh());
/* Populates any missing preferences, in this case all of them */
- $this->fix_preferences($user_id);
+ $this->fix_preferences($username);
- return $user_id;
+ return $username;
} // new
@@ -469,7 +468,7 @@ class User {
*/
function update_password($new_password) {
- $sql = "UPDATE user SET password=PASSWORD('$new_password') WHERE id='$this->id'";
+ $sql = "UPDATE user SET password=PASSWORD('$new_password') WHERE username='$this->username'";
$db_results = mysql_query($sql, dbh());
return true;
@@ -505,16 +504,19 @@ class User {
} // format_favorites
/*!
- @function fix_preferences
- @discussion this makes sure that the specified user
- has all the correct preferences. This function
- should be run whenever a system preference is run
- it's a cop out... FIXME!
- */
+ * fix_preferences
+ * this makes sure that the specified user
+ * has all the correct preferences. This function
+ * should be run whenever a system preference is run
+ * it's a cop out... FIXME!
+ * @todo Fix it so this isn't a hack
+ * @pacakge User
+ * @catagory Class
+ */
function fix_preferences($user_id = 0) {
if (!$user_id) {
- $user_id = $this->id;
+ $user_id = $this->username;
}
/* Get All Preferences */
@@ -575,7 +577,7 @@ class User {
*/
function delete_stats() {
- $sql = "DELETE FROM object_count WHERE userid='" . $this->id . "'";
+ $sql = "DELETE FROM object_count WHERE userid='" . $this->username . "'";
$db_results = mysql_query($sql, dbh());
} // delete_stats
@@ -591,7 +593,7 @@ class User {
admin
*/
if ($this->has_access(100)) {
- $sql = "SELECT * FROM user WHERE (level='admin' OR level='100') AND id!='" . $this->id . "'";
+ $sql = "SELECT * FROM user WHERE (level='admin' OR level='100') AND username!='" . $this->username . "'";
$db_results = mysql_query($sql, dbh());
if (!mysql_num_rows($db_results)) {
return false;
@@ -599,19 +601,19 @@ class User {
} // if this is an admin check for others
// Delete their playlists
- $sql = "DELETE FROM playlist WHERE owner='$this->id'";
+ $sql = "DELETE FROM playlist WHERE user='$this->username'";
$db_results = mysql_query($sql, dbh());
// Delete any stats they have
- $sql = "DELETE FROM object_count WHERE userid='$this->id'";
+ $sql = "DELETE FROM object_count WHERE userid='$this->username'";
$db_results = mysql_query($sql, dbh());
// Delete their preferences
- $sql = "DELETE FROM preferences WHERE user='$this->id'";
+ $sql = "DELETE FROM preferences WHERE user='$this->username'";
$db_results = mysql_query($sql, dbh());
// Delete the user itself
- $sql = "DELETE FROM user WHERE id='$this->id'";
+ $sql = "DELETE FROM user WHERE username='$this->username'";
$db_results = mysql_query($sql, dbh());
return true;
diff --git a/lib/flag.php b/lib/flag.php
index 01b3ba9f..da371793 100644
--- a/lib/flag.php
+++ b/lib/flag.php
@@ -87,7 +87,7 @@ function get_flag($id)
$results = array();
$newid = array_pop($id);
$sql = "SELECT flagged.id,user.username,type,song,date,comment" .
- " FROM flagged,user WHERE flagged.user = user.id AND (flagged.song = '$newid'";
+ " FROM flagged,user WHERE flagged.user = user.username AND (flagged.song = '$newid'";
foreach($id as $num)
{
$sql .= " OR flagged.song = '$num'";
@@ -106,18 +106,18 @@ function get_flag($id)
function get_flagged_songs($user = 0)
{
$sql = "SELECT flagged.id,user.username,type,song,date,comment" .
- " FROM flagged,user WHERE flagged.user = user.id AND flagged.type <> 'notify' AND flagged.type <> 'done'";
+ " FROM flagged,user WHERE flagged.user = user.username AND flagged.type <> 'notify' AND flagged.type <> 'done'";
// If the user is not an admin, they can only see songs they've flagged
if($user)
{
if($_SESSION['userdata']['access'] === 'admin')
{
- $sql .= " AND user.id = '$user'";
+ $sql .= " AND user.username = '$user'";
}
else
{
- $sql .= " AND user.id = '".$_SESSION['userdata']['id']."'";
+ $sql .= " AND user.username = '".$_SESSION['userdata']['username']."'";
}
}
diff --git a/lib/general.lib.php b/lib/general.lib.php
index 38afb2e8..ee32d328 100644
--- a/lib/general.lib.php
+++ b/lib/general.lib.php
@@ -514,7 +514,7 @@ function get_random_songs( $options, $matchlist) {
$query = "SELECT song.id FROM song WHERE $artists_where ORDER BY RAND()";
}
elseif ($options['unplayed'] == 1) {
- $uid = $_SESSION['userdata']['id'];
+ $uid = $_SESSION['userdata']['username'];
$query = "SELECT song.id FROM song LEFT JOIN object_count ON song.id = object_count.object_id " .
"WHERE ($where) AND ((object_count.object_type='song' AND userid = '$uid') OR object_count.count IS NULL ) " .
"ORDER BY CASE WHEN object_count.count IS NULL THEN RAND() WHEN object_count.count > 4 THEN RAND()*RAND()*object_count.count " .
diff --git a/lib/mpd.php b/lib/mpd.php
index 376bbedc..232fc892 100644
--- a/lib/mpd.php
+++ b/lib/mpd.php
@@ -35,11 +35,11 @@ function addToPlaylist( $myMpd, $song_ids=array()) {
if ($GLOBALS['user']->prefs['play_type'] == 'downsample') {
$ds = $GLOBALS['user']->prefs['sample_rate'];
}
- $song_url = conf('web_path') . "/play/index.php?song=$song_id&uid=" . $GLOBALS['user']->id . "&sid=$sess_id&ds=$ds&name=." . $song->type;
+ $song_url = conf('web_path') . "/play/index.php?song=$song_id&uid=" . $GLOBALS['user']->username . "&sid=$sess_id&ds=$ds&name=." . $song->type;
if (is_null( $myMpd->PlAdd($song_url) ) ) {
$log_line = _("Error") . ": " . _("Could not add") . ": " . $song_url . " : " . $myMpd->errStr;
echo "<font class=\"error\">$log_line</font><br />\n";
- log_event($GLOBALS['user']->username,'add',$log_line);
+ if (conf('debug')) { log_event($GLOBALS['user']->username,'add',$log_line); }
} // if it's null
} // if we want urls
else {
@@ -48,7 +48,7 @@ function addToPlaylist( $myMpd, $song_ids=array()) {
if( is_null( $myMpd->PLAdd( $song_filename ) ) ) {
$log_line = _("Error") . ": " . _("Could not add") . ": " . $song_filename . " : " . $myMpd->errStr;
echo "<font class=\"error\">$log_line</font><br />\n";
- log_event($_SESSION['userdata']['username'],'add',$log_line);
+ if (conf('debug')) { log_event($_SESSION['userdata']['username'],'add',$log_line); }
} // end if it's null
// We still need to count if they use the file method
else {
diff --git a/lib/preferences.php b/lib/preferences.php
index 183bcf6f..a9920703 100644
--- a/lib/preferences.php
+++ b/lib/preferences.php
@@ -281,4 +281,22 @@ function create_preference_input($name,$value) {
} // create_preference_input
+/**
+ * get_preference_id
+ * This takes the name of a preference and returns it's id this is usefull for calling
+ * the user classes update_preference function
+ * @package Preferences
+ * @catagory Get
+ */
+function get_preference_id($name) {
+
+ $sql = "SELECT id FROM preferences WHERE name='" . sql_escape($name) . "'";
+ $db_results = mysql_query($sql, dbh());
+
+ $results = mysql_fetch_assoc($db_results);
+
+ return $results['id'];
+
+} // get_preference_id
+
?>
diff --git a/lib/ui.lib.php b/lib/ui.lib.php
index 1f23fd2a..126aa5d0 100644
--- a/lib/ui.lib.php
+++ b/lib/ui.lib.php
@@ -84,7 +84,7 @@ function get_preferences($username=0) {
$user = new User($username);
- $sql = "SELECT preferences.name,user_preference.value FROM preferences,user_preference WHERE user_preference.user='$user->id'" .
+ $sql = "SELECT preferences.name,user_preference.value FROM preferences,user_preference WHERE user_preference.user='$user->username'" .
" AND user_preference.preference=preferences.id";
$db_results = mysql_query($sql, dbh());
@@ -457,7 +457,7 @@ function get_now_playing() {
while ($r = mysql_fetch_assoc($db_results)) {
$song = new Song($r['song_id']);
$song->format_song();
- $np_user = new User(0,$r['user_id']);
+ $np_user = new User($r['user_id']);
$results[] = array('song'=>$song,'user'=>$np_user);
} // end while
return $results;
diff --git a/lib/xmlrpc.php b/lib/xmlrpc.php
index 63473dc6..a9d71bc7 100644
--- a/lib/xmlrpc.php
+++ b/lib/xmlrpc.php
@@ -41,7 +41,7 @@ function remote_server_query($m) {
$result = array();
// we only want to send the local entries
- $sql = "SELECT name FROM catalog WHERE catalog_type='local'";
+ $sql = "SELECT name,COUNT(song.id) FROM catalog LEFT JOIN song ON catalog.id = song.catalog WHERE catalog_type='local' GROUP BY catalog.id";
$db_result = mysql_query($sql, dbh());
while ( $i = mysql_fetch_row($db_result) ) {
diff --git a/modules/admin.php b/modules/admin.php
index 5ce7bf6d..7385d9fd 100644
--- a/modules/admin.php
+++ b/modules/admin.php
@@ -56,7 +56,7 @@ function show_manage_users () {
@function show_user_form
@discussion shows the user form
*/
-function show_user_form ($id, $username, $fullname, $email, $access, $type, $error) {
+function show_user_form ($username, $fullname, $email, $access, $type, $error) {
require(conf('prefix').'/templates/userform.inc');
@@ -238,7 +238,7 @@ function delete_user ($username) {
$db_result = mysql_query($sql, dbh());
// also delete playlists for user
- $sql = "DELETE FROM playlist WHERE owner='$username'";
+ $sql = "DELETE FROM playlist WHERE username='$username'";
$db_result = mysql_query($sql, dbh());
delete_user_stats('all');
diff --git a/modules/init.php b/modules/init.php
index 9699e96e..a98b9045 100644
--- a/modules/init.php
+++ b/modules/init.php
@@ -83,7 +83,7 @@ if (!$results['conf']['allow_stream_playback']) {
}
$results['conf']['web_path'] = $http_type . $_SERVER['HTTP_HOST'] . $results['conf']['web_path'];
-$results['conf']['version'] = '3.3.2-Alpha1 (Build 002)';
+$results['conf']['version'] = '3.3.2-Alpha1 (Build 003)';
$results['conf']['catalog_file_pattern']= 'mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx';
$results['libglue']['local_table'] = 'session';
$results['libglue']['local_sid'] = 'id';
@@ -96,7 +96,8 @@ $results['libglue']['mysql_usercol'] = 'username';
$results['libglue']['mysql_passwdcol'] = 'password';
$results['libglue']['local_dbh_name'] = 'local_dbh';
$results['libglue']['auth_methods'] = 'mysql';
-$results['libglue']['mysql_fields'] = 'id,username,fullname,email,access,offset_limit';
+$results['libglue']['user_username'] = 'username';
+$results['libglue']['mysql_fields'] = 'username,fullname,email,access,offset_limit';
$results['libglue']['mysql_host'] = $results['libglue']['local_host'];
$results['libglue']['mysql_db'] = $results['libglue']['local_db'];
$results['libglue']['mysql_username'] = $results['libglue']['local_username'];
@@ -259,14 +260,12 @@ if (!conf('use_auth')) {
if (!check_session()) { make_local_session_only($auth); }
$user = new User(0);
$user->fullname = $auth['info']['fullname'];
- $user->id = $auth['info']['id'];
$user->offset_limit = $auth['info']['offset_limit'];
$user->username = $auth['info']['username'];
$user->access = $auth['info']['access'];
$_SESSION['userdata']['access'] = $auth['info']['access'];
$_SESSION['userdata']['username'] = $auth['info']['username'];
$_SESSION['userdata']['offset_limit'] = $auth['info']['offset_limit'];
- $_SESSION['userdata']['id'] = $auth['info']['id'];
$user->set_preferences();
get_preferences();
set_theme();
diff --git a/modules/lib.php b/modules/lib.php
index 6ba1d956..2d8adef8 100644
--- a/modules/lib.php
+++ b/modules/lib.php
@@ -483,7 +483,7 @@ function get_flagged() {
$sql = "SELECT flagged.id, user.username, type, song, date, comment" .
" FROM flagged, user" .
- " WHERE flagged.user = user.id" .
+ " WHERE flagged.user = user.username" .
" ORDER BY date";
$db_result = mysql_query($sql, $dbh);
@@ -679,7 +679,7 @@ function show_songs ($song_ids, $playlist_id=0, $album=0) {
// Get info about playlist owner
if (isset($playlist_id) && $playlist_id != 0) {
- $sql = "SELECT owner FROM playlist WHERE id = '$playlist_id'";
+ $sql = "SELECT user FROM playlist WHERE id = '$playlist_id'";
$db_result = mysql_query($sql, $dbh);
if ($r = mysql_fetch_array($db_result)) {
$pluser = get_user_byid($r[0]);
@@ -923,25 +923,25 @@ function show_playlists ($type = 'all') {
return true;
}
elseif ($type == 'public') {
- $sql = "SELECT id,name,owner,date ".
+ $sql = "SELECT id,name,user,date ".
" FROM playlist ".
" WHERE type='public'".
" ORDER BY name";
}
elseif ($type == 'private') {
- $sql = "SELECT id,name,owner,date ".
+ $sql = "SELECT id,name,user,date ".
" FROM playlist ".
" WHERE type='private'" .
- " AND owner = '$user->id'" .
+ " AND user = '$user->username'" .
" AND name <> 'Temporary'".
" ORDER BY name";
}
elseif ($type == 'adminprivate') {
if ( $user->access === 'admin' ) {
- $sql = "SELECT id,name,owner,date ".
+ $sql = "SELECT id,name,user,date ".
" FROM playlist ".
" WHERE type='private'" .
- " AND owner != '$user->id'" .
+ " AND username != '$user->username'" .
" AND name <> 'Temporary'".
" ORDER BY name";
}
@@ -977,7 +977,7 @@ ECHO;
while ( $r = mysql_fetch_array($db_result) ) {
$plname = $r['name'];
$plid = $r['id'];
- $pluser = get_user_byid($r['owner']);
+ $pluser = new User($r['user']);
$plfullname = $pluser->fullname;
$plowner = $pluser->username;
@@ -994,7 +994,7 @@ ECHO;
echo " <td>$plfullname</td>\n";
echo " <td><a href=\"$web_path/playlist.php?playlist_id=$plid&amp;action=view_list\">" . _("View") . "</a></td>\n";
- if ($user->id == $pluser->id || $user->access === 'admin') {
+ if ($user->username == $pluser->username || $user->has_access(100)) {
echo " <td><a href=\"$web_path/playlist.php?playlist_id=$plid&amp;action=edit\">" . _("Edit") . "</a></td>\n";
echo " <td><a href=\"$web_path/playlist.php?playlist_id=$plid&amp;action=delete_playlist\">" . _("Delete") . "</a></td>\n";
}
@@ -1157,7 +1157,7 @@ function check_playlist_access ($playlist_id, $username) {
$sql = "SELECT playlist.id FROM playlist, user" .
" WHERE playlist.id = '$playlist_id'" .
- " AND playlist.owner = user.id" .
+ " AND playlist.user = user.username" .
" AND user.username = '$username'";
$db_result = mysql_query($sql, $dbh);
@@ -1187,9 +1187,9 @@ function show_playlist_dropdown ($playlist_id=0) {
global $settings;
$dbh = dbh();
- $userid = scrub_in($_SESSION['userdata']['id']);
+ $userid = scrub_in($_SESSION['userdata']['username']);
$sql = "SELECT * FROM playlist" .
- " WHERE owner = '$userid'" .
+ " WHERE user = '$userid'" .
" AND name <> 'Temporary'" .
" ORDER BY name";
$db_result = @mysql_query($sql, $dbh);
@@ -1216,7 +1216,7 @@ ECHO;
function show_playlist_access_error ($playlist, $username) {
$plname = $playlist->name;
- $pluser = new User($playlist->owner);
+ $pluser = new User($playlist->user);
$plowner = $pluser->username;
print <<<ECHO
diff --git a/play/index.php b/play/index.php
index 8555f444..3772d8de 100644
--- a/play/index.php
+++ b/play/index.php
@@ -39,7 +39,7 @@ $sid = htmlspecialchars($_REQUEST['sid']);
/* Misc Housework */
$dbh = dbh();
-$user = new User(0,$uid);
+$user = new User($uid);
if (conf('require_session') && !conf('xml_rpc')) {
if(!session_exists($sid)) {
@@ -90,7 +90,10 @@ if ( isset( $uid ) ) {
echo "Error: No Song";
exit;
}
- if ($song->status === 'disabled') {
+ if ($song->status == '0') {
+ if (conf('debug')) {
+ log_event($user->username,' song_disabled ',"Error: $song->file is currently disabled, song skipped");
+ }
exit;
}
if ($user->disabled == '1') {
@@ -100,9 +103,9 @@ if ( isset( $uid ) ) {
echo "Error: User Disabled";
exit;
}
- if (!$user->id && !$user->is_xmlrpc()) {
+ if (!$user->username && !$user->is_xmlrpc()) {
if (conf('debug')) {
- log_event($user->username,' user_not_found ',"Error $user->id not found, stream access denied");
+ log_event($user->username,' user_not_found ',"Error $user->username not found, stream access denied");
}
echo "Error: No User Found";
exit;
diff --git a/play/pupload.php b/play/pupload.php
index 2290a59d..e7de7a6c 100644
--- a/play/pupload.php
+++ b/play/pupload.php
@@ -78,13 +78,13 @@ $site->get_preferences();
// require a uid and valid song
if ( isset( $uid ) ) {
// Create the user object if possible
- $user = new User(0,$uid);
+ $user = new User($uid);
$song = $site->prefs['upload_dir'] . $song;
if (!file_exists ( $song )) { echo "Error: No Song"; exit; }
if ($user->access === 'disabled') { echo "Error: User Disabled"; exit; }
- if (!$user->id && !$user->is_xmlrpc()) { echo "Error: No User Found"; exit; }
+ if (!$user->username && !$user->is_xmlrpc()) { echo "Error: No User Found"; exit; }
}
else {
@@ -136,7 +136,7 @@ if ( $_REQUEST['action'] == 'm3u' ) {
$song_name = $artist . " - " . $title . "." . $type;
$sess = $_COOKIE[libglue_param('sess_name')];
//echo "Song Name: $song_name<BR>\n";
- $url = escapeshellarg("$web_path/play/pupload.php?song=$song_nm&uid=$user->id&sid=$sess");
+ $url = escapeshellarg("$web_path/play/pupload.php?song=$song_nm&uid=$user->username&sid=$sess");
$localplay_add = conf('localplay_add');
$localplay_add = str_replace("%URL%", $url, $localplay_add);
//echo "Executing: $localplay_add<BR>";
@@ -165,7 +165,7 @@ if ( $_REQUEST['action'] == 'm3u' ) {
$sess = $_COOKIE[libglue_param('sess_name')];
if($temp_user->prefs['down-sample'] == 'true')
$ds = $temp_user->prefs['sample_rate'];
- echo "$web_path/play/pupload.php?song=" . rawurlencode($song_nm) . "&uid=$user->id&sid=$sess";
+ echo "$web_path/play/pupload.php?song=" . rawurlencode($song_nm) . "&uid=$user->username&sid=$sess";
}
exit;
diff --git a/playlist.php b/playlist.php
index 34393f21..912058cb 100644
--- a/playlist.php
+++ b/playlist.php
@@ -104,7 +104,7 @@ $playlist = new Playlist($playlist_id);
if ( isset($playlist_id) && ($playlist_id != 0) && $_REQUEST['action'] != 'delete_playlist' ) {
// Get the playlist and check access
- $pluser = new User(0,$playlist->owner);
+ $pluser = new User($playlist->user);
if (! isset($playlist->id)) {
show_playlist_access_error($playlist_id, $pluser->username);
@@ -114,7 +114,7 @@ if ( isset($playlist_id) && ($playlist_id != 0) && $_REQUEST['action'] != 'delet
echo "<span class=\"header2\">$playlist->name</span><br />";
echo "&nbsp;&nbsp;&nbsp;" . _("owned by") . " $pluser->fullname ($pluser->username)<br />";
echo "<ul>";
- if ($pluser->id == $user->id || $user->access === 'admin') {
+ if ($pluser->username == $user->username || $user->access === 'admin') {
echo "<li><a href=\"" . conf('web_path') . "/playlist.php?action=edit&amp;playlist_id=$playlist->id\">" . _("Edit Playlist") . "</a></li>\n";
}
if (count($playlist->get_songs()) > 0) {
@@ -133,7 +133,7 @@ switch($action) {
if ($playlist_id == 0) {
// Creating a new playlist
$playlist_name = _("New Playlist") . " - " . date("m/j/y, g:i a");
- $playlist->create_playlist($playlist_name, $user->id, 'private');
+ $playlist->create_playlist($playlist_name, $user->username, 'private');
}
if ($type === 'album') {
@@ -150,7 +150,7 @@ switch($action) {
break;
case 'Create':
- $playlist->create_playlist($playlist_name, $user->id, $type);
+ $playlist->create_playlist($playlist_name, $user->username, $type);
show_playlists();
break;
diff --git a/preferences.php b/preferences.php
index f1974efa..732805d4 100644
--- a/preferences.php
+++ b/preferences.php
@@ -39,7 +39,7 @@ switch(scrub_in($_REQUEST['action'])) {
set_theme();
break;
default:
- $user_id = $user->id;
+ $user_id = $user->username;
$preferences = $user->get_preferences();
break;
diff --git a/song.php b/song.php
index 88dc31d7..96a3e096 100644
--- a/song.php
+++ b/song.php
@@ -112,7 +112,7 @@ elseif ( $_REQUEST['popular_songs'] ) {
$song_ids = get_popular_songs($_REQUEST['popular_songs'], 'global');
}
elseif ( $_REQUEST['your_popular_songs'] ) {
- $song_ids = get_popular_songs($_REQUEST['your_popular_songs'], 'your', $user->id);
+ $song_ids = get_popular_songs($_REQUEST['your_popular_songs'], 'your', $user->username);
}
diff --git a/stats.php b/stats.php
index 1e7f11f1..78c68903 100644
--- a/stats.php
+++ b/stats.php
@@ -25,7 +25,7 @@
require_once("modules/init.php");
//FIXME: Remove references
-$uid = $user->id;
+$uid = $GLOBALS['user']->username;
show_template('header');
show_menu_items('Stats');
diff --git a/templates/show_songs.inc b/templates/show_songs.inc
index 447956e8..5eb809c5 100644
--- a/templates/show_songs.inc
+++ b/templates/show_songs.inc
@@ -29,7 +29,7 @@ $web_path = conf('web_path');
<table class="border" cellspacing="0" cellpadding="0" border="0">
<tr class="table-header">
<th>&nbsp;&nbsp;<a href="#" onclick="check_songs(); return false;">Select</a></th>
- <?php if (isset($playlist_id) && $playlist_id != 0 && ($user->id == $pluser->id || $user->has_access('100'))) { $tab = 1; ?> <th><?php echo _("Track"); ?></th> <?php } ?>
+ <?php if (isset($playlist_id) && $playlist_id != 0 && ($user->username == $pluser->username || $user->has_access('100'))) { $tab = 1; ?> <th><?php echo _("Track"); ?></th> <?php } ?>
<th><?php echo _("Song title"); ?></th>
<th><?php echo _("Artist"); ?></th>
<th><?php echo _("Album"); ?></th>
@@ -58,7 +58,7 @@ $web_path = conf('web_path');
<input type="checkbox" name="song[]" value="<?php echo $song->id; ?>" id="song_<?php echo $song->id; ?>"></input>
</td>
<?php
- if (isset($playlist_id) && $playlist_id != 0 && ($user->id == $pluser->id || $user->has_access('100'))) {
+ if (isset($playlist_id) && $playlist_id != 0 && ($user->username == $pluser->username || $user->has_access('100'))) {
$tracknum = get_playlist_track_from_song($playlist_id, $song->id);
?>
<td>
@@ -110,7 +110,7 @@ $web_path = conf('web_path');
| <a href="<?php echo $web_path; ?>/download/index.php?action=download&amp;song_id=<?php echo $song->id; ?>&amp;fn=<?php echo rawurlencode($song->f_artist_full . " - " . $song->title . "." . $song->type); ?>"><?php echo _("Download"); ?></a>
<?php } ?>
<?php if ($user->prefs['direct_link']) { ?>
- | <a href="<?php echo $web_path; ?>/play/index.php?song=<?php echo $song->id; ?>&amp;uid=<?php echo $user->id . "&amp;sid=" . session_id(); ?>&amp;fn=<?php echo rawurlencode($song->f_artist_full . " - " . $song->title . "." . $song->type); ?>"><?php echo _("Direct Link"); ?></a>
+ | <a href="<?php echo $web_path; ?>/play/index.php?song=<?php echo $song->id; ?>&amp;uid=<?php echo $user->username . "&amp;sid=" . session_id(); ?>&amp;fn=<?php echo rawurlencode($song->f_artist_full . " - " . $song->title . "." . $song->type); ?>"><?php echo _("Direct Link"); ?></a>
<?php } ?>
</td>
</tr>
@@ -127,7 +127,7 @@ $web_path = conf('web_path');
?>
<tr class="table-header">
<td></td>
- <?php if (isset($playlist_id) && $playlist_id != 0 && ($user->id == $pluser->id || $user->access === 'admin')) { ?> <td></td> <?php } ?>
+ <?php if (isset($playlist_id) && $playlist_id != 0 && ($user->username == $pluser->username || $user->access === 'admin')) { ?> <td></td> <?php } ?>
<td><?php echo _("Total"); ?>:</td>
<td nowrap="nowrap"><?php echo $num; ?> song(s)</td>
<td></td>
diff --git a/templates/show_users.inc b/templates/show_users.inc
index 8ef7048a..759ba458 100644
--- a/templates/show_users.inc
+++ b/templates/show_users.inc
@@ -87,7 +87,7 @@ while ( $results = mysql_fetch_object($db_result) ) {
</a>
</td>
<td>
- <a href="<?php echo conf('web_path'); ?>/admin/preferences.php?action=user&amp;user_id=<?php echo $user->id; ?>">
+ <a href="<?php echo conf('web_path'); ?>/admin/preferences.php?action=user&amp;user_id=<?php echo $user->username; ?>">
<?php echo _("Prefs"); ?>
</a>
</td>
diff --git a/templates/userform.inc b/templates/userform.inc
index 6ff5bfc9..59af787c 100644
--- a/templates/userform.inc
+++ b/templates/userform.inc
@@ -35,7 +35,6 @@ else {
<?php $GLOBALS['error']->print_error('general'); ?>
<form name="update_user" method="post" action="<?php echo conf('web_path') . "/admin/users.php"; ?>">
<table class="text-box" cellspacing="0" cellpadding="0" border="0">
-
<tr>
<td>
<?php echo _("Username"); ; ?>:
diff --git a/upload.php b/upload.php
index 0c784473..f6cbf3ce 100644
--- a/upload.php
+++ b/upload.php
@@ -157,7 +157,7 @@ switch ($action) {
$message[$music] .= _("Successfully-Quarantined");
/* Log the upload */
$sql = "INSERT INTO upload (`user`,`file`,`addition_time`)" .
- " VALUES ('$user->id','" . sql_escape($fullpath) . "','" . time() . "')";
+ " VALUES ('$user->username','" . sql_escape($fullpath) . "','" . time() . "')";
$db_results = mysql_query($sql, dbh());
} // if quarantine
@@ -296,7 +296,7 @@ if ( $handle = @opendir($user->prefs['upload_dir'] ) ){
echo " <td><a href='" . $web_path .
- "/play/pupload.php?action=m3u&song=$file&uid=$user->id'>" .
+ "/play/pupload.php?action=m3u&song=$file&uid=$user->username'>" .
$results[$key][title] . "</a></td>\n";
generated by cgit (git 2.34.1) at 2025-08-13 13:31:50 +0000