diff options
| -rw-r--r-- | lib/class/access.class.php | 27 | ||||
| -rw-r--r-- | lib/class/api.class.php | 68 | ||||
| -rw-r--r-- | lib/class/update.class.php | 29 | ||||
| -rw-r--r-- | lib/class/xmldata.class.php | 44 | ||||
| -rw-r--r-- | server/stream.ajax.php | 2 | ||||
| -rw-r--r-- | server/xml.server.php | 103 |
6 files changed, 179 insertions, 94 deletions
diff --git a/lib/class/access.class.php b/lib/class/access.class.php index e814ade6..379ee626 100644 --- a/lib/class/access.class.php +++ b/lib/class/access.class.php @@ -314,6 +314,33 @@ class Access { } // get_type_name + /** + * session_exists + * This checks to see if the specified session of the specified type + * exists, it also provides an array of key'd data that may be required + * based on the type + */ + public static function session_exists($data,$key,$type) { + + // Switch on the type they pass + switch ($type) { + case 'api': + + break; + case 'stream': + + break; + case 'interface': + + break; + default: + return false; + break; + } // type + + + } // session_exists + } //end of access class ?> diff --git a/lib/class/api.class.php b/lib/class/api.class.php new file mode 100644 index 00000000..fd34ff93 --- /dev/null +++ b/lib/class/api.class.php @@ -0,0 +1,68 @@ +<?php +/* + + Copyright (c) 2001 - 2007 Ampache.org + All rights reserved. + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License v2 + as published by the Free Software Foundation. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +*/ + +/** + * API Class + * This handles functions relating to the API written for ampache, initially this is very focused + * on providing functionality for Amarok so it can integrate with Ampache + */ +class AmpacheApi { + + /** + * constructor + * This really isn't anything to do here, so it's private + */ + private function __construct() { + + // Rien a faire + + } // constructor + + + /** + * handshake + * This is the function that handles the verifying a new handshake + * this takes a timestamp, auth key, and client IP. Optionally it + * can take a username, if non is passed the ACL must be non-use + * specific + */ + public static function handshake($timesamp,$passphrase,$ip,$username='') { + + // First we'll filter by username and IP + $username = $username ? Dba::escape($username) : '-1'; + $ip = ip2int($ip); + + // Run the query and return the passphrases as we'll have to mangle them + // to figure out if they match what we've got + $sql = "SELECT * FROM `access_list` WHERE `user`='$username' AND `start` >= '$ip' AND `end` <= '$ip'"; + $db_results = Dba::query($sql); + + while ($row = Dba::fetch_assoc($db_results)) { + + // Combine and MD5 this mofo + $md5pass = md5($timestamp . $row); + + } // end while + + } // handhsake + +} // API class +?> diff --git a/lib/class/update.class.php b/lib/class/update.class.php index e7b3a03c..2db1a0e2 100644 --- a/lib/class/update.class.php +++ b/lib/class/update.class.php @@ -238,6 +238,12 @@ class Update { '- Change wording on Localplay preferences.<br />'; $version[] = array('version' => '340010','description'=>$update_string); + $update_string = '- Adjusted Tables to new democratic play methods.<br />' . + '- Added api session table, will eventually recombine.<br />'; + + //$version[] = array('version' => '340011','description'=>$update_string); + + return $version; } // populate_version @@ -979,5 +985,28 @@ class Update { } // update_340010 + /** + * update_340011 + * This updates the democratic play stuff so that can handle a little more complext mojo + * It also adds yet another table to the db to handle the sessions for API access. Eventually + * should combine all of the session tables, but I'll do that later + */ + public static function update_340011() { + + // First add the new table for the new session stuff + $sql = "CREATE TABLE `session_api` ( " . + "`id` VARCHAR( 64 ) NOT NULL , " . + "`user` INT( 11 ) UNSIGNED NOT NULL , " . + "`agent` VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL , " . + "`level` INT( 11 ) UNSIGNED NOT NULL DEFAULT '0', " . + "`expire` INT( 11 ) UNSIGNED NOT NULL , " . + "`ip` INT( 11 ) UNSIGNED NULL , " . + "PRIMARY KEY ( `id` ) " . + ") ENGINE = MYISAM"; + $db_results = Dba::query($sql); + + + } // 340011 + } // end update class ?> diff --git a/lib/class/xmldata.class.php b/lib/class/xmldata.class.php new file mode 100644 index 00000000..16eaeaeb --- /dev/null +++ b/lib/class/xmldata.class.php @@ -0,0 +1,44 @@ +<?php +/* + + Copyright 2001 - 2007 Ampache.org + All Rights Reserved + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; version 2 + of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +*/ + +/** + * xmlData + * This class takes care of all of the xml document stuff in Ampache these + * are all static calls + */ +class xmlData { + + public static $version = '340001'; + + /** + * constructor + * We don't use this, as its really a static class + */ + private function __construct() { + + // Rien a faire + + } // constructor + +} // xmlData + +?> diff --git a/server/stream.ajax.php b/server/stream.ajax.php index 7996b676..c3f58ac4 100644 --- a/server/stream.ajax.php +++ b/server/stream.ajax.php @@ -37,7 +37,7 @@ switch ($_REQUEST['action']) { break; case 'basket': // We need to set the basket up! - $_SESSION['iframe']['target'] = Config::get('web_path') . '/stream.php?action=basket'; + $_SESSION['iframe']['target'] = Config::get('web_path') . '/stream.php?action=basket&playlist_method=' . scrub_out($_REQUEST['playlist_method']); $results['rfc3514'] = '<script type="text/javascript">reload_util()</script>'; break; default: diff --git a/server/xml.server.php b/server/xml.server.php index b42b8ea4..484c874c 100644 --- a/server/xml.server.php +++ b/server/xml.server.php @@ -1,7 +1,7 @@ <?php /* - Copyright (c) 2001 - 2006 Ampache.org + Copyright (c) 2001 - 2007 Ampache.org All rights reserved. This program is free software; you can redistribute it and/or @@ -25,110 +25,27 @@ */ define('NO_SESSION','1'); -require_once('../lib/init.php'); +require_once '../lib/init.php'; /** * Verify the existance of the Session they passed in we do allow them to * login via this interface so we do have an exception for action=login */ -if (!session_exists($_REQUEST['sessid']) AND $_REQUEST['action'] !== 'login') { exit(); } - -$GLOBALS['user'] = new User($_REQUEST['user_id']); -$action = scrub_in($_REQUEST['action']); +if (!Access::session_exists(array(),$_REQUEST['auth'],'api') AND $_REQUEST['action'] != 'handshake') { + debug_event('Access Denied','Invalid Session or unthorized access attempt to API','5'); + exit(); +} /* Set the correct headers */ header("Content-type: text/xml; charset=utf-8"); -switch ($action) { - /* Returns an array of artist information */ - case 'get_artists': - $sql = "SELECT id FROM artist ORDER BY name"; - $db_results = mysql_query($sql,dbh()); - - while ($r = mysql_fetch_assoc($db_results)) { - $artist = new Artist($r['id']); - $artist->format_artist(); - $results[] = array('id'=>$artist->id,'name'=>$artist->full_name); - } // end while results - - $xml_doc = xml_from_array($results); - echo $xml_doc; - break; - case 'get_albums': - $sql = "SELECT id FROM album ORDER BY name"; - $db_results = mysql_query($sql,dbh()); - - while ($r = mysql_fetch_assoc($db_results)) { - $album = new Album($r['id']); - $results[] = array('id'=>$r['id'],'year'=>$album->year,'name'=>$album->name); - } // end while results - - $xml_doc = xml_from_array($results); - echo $xml_doc; - break; - case 'get_genres': - $sql = "SELECT id FROM genre ORDER BY name"; - $db_results = mysql_query($sql,dbh()); - - while ($r = mysql_fetch_assoc($db_results)) { - $genre = new Genre($r['id']); - $results[] = array('id'=>$r['id'],'name'=>$genre->name); - } - - $xml_doc = xml_from_array($results); - echo $xml_doc; - break; - /* Return results of a quick search */ - case 'search': - /* We need search string */ - $_REQUEST['s_all'] = $_REQUEST['search_string']; - if (strlen($_REQUEST['s_all']) < 1) { break; } - $data = run_search($_REQUEST); - /* Unfortuantly these are song objects, which are not good for - * xml.. turn it into an array - */ - foreach ($data as $song) { - $genre = $song->get_genre_name(); - $artist = $song->get_artist_name(); - $album = $song->get_album_name(); - $results[] = array('id'=>$song->id, - 'title'=>$song->title, - 'genre'=>$genre, - 'artist'=>$artist, - 'album'=>$album); - } // end foreach song +switch ($_REQUEST['action']) { + case 'handshake': - $xml_doc = xml_from_array($results); - echo $xml_doc; + // Send the data we were sent to the API class so it can be chewed on - break; - /* This takes a object_id/object_type and returns the correct PLAY url for it */ - case 'play_url': - /* We need the type and id */ - $object_type = scrub_in($_REQUEST['object_type']); - $object_id = scrub_in($_REQUEST['object_id']); - - switch ($object_type) { - case 'song': - $song = new Song($object_id); - $url = $song->get_url($_REQUEST['sessid']); - $results[] = $url; - break; - default: - // Rien a faire - break; - } // end switch on object_type - - $xml_doc = xml_from_array($results); - echo $xml_doc; - - break; - /* This allows you to login via the xml mojo */ - case 'login': - - - break; + break; default: // Rien a faire break; |