summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/class/access.class.php9
-rw-r--r--lib/class/catalog.class.php32
-rw-r--r--lib/class/update.class.php32
-rw-r--r--lib/duplicates.php18
-rw-r--r--lib/xmlrpc.php55
5 files changed, 113 insertions, 33 deletions
diff --git a/lib/class/access.class.php b/lib/class/access.class.php
index b8a6c72c..5ad5a219 100644
--- a/lib/class/access.class.php
+++ b/lib/class/access.class.php
@@ -164,10 +164,17 @@ class Access {
$level = sql_escape($level);
switch ($type) {
+ /* This is here because we want to at least check IP before even creating the xml-rpc server
+ * however we don't have the key that was passed yet so we've got to do just ip
+ */
+ case 'init-xml-rpc':
+ $sql = "SELECT id FROM access_list" .
+ " WHERE `start` <= '$ip' AND `end` >= '$ip' AND `type`='xml-rpc' AND `level` >= '$level'";
+ break;
case 'xml-rpc':
$sql = "SELECT id FROM access_list" .
" WHERE `start` <= '$ip' AND `end` >= '$ip'" .
- " AND `key` = '$key' AND `level` >= '$level'";
+ " AND `key` = '$key' AND `level` >= '$level' AND `type`='xml-rpc'";
break;
case 'network':
case 'interface':
diff --git a/lib/class/catalog.class.php b/lib/class/catalog.class.php
index 9f782d46..55d45717 100644
--- a/lib/class/catalog.class.php
+++ b/lib/class/catalog.class.php
@@ -30,7 +30,7 @@ class Catalog {
var $name;
var $last_update;
var $last_add;
- var $id3_set_command;
+ var $key;
var $rename_pattern;
var $sort_pattern;
var $catalog_type;
@@ -64,7 +64,7 @@ class Catalog {
$this->name = $info->name;
$this->last_update = $info->last_update;
$this->last_add = $info->last_add;
- $this->id3_set_command = $info->id3_set_command;
+ $this->key = $info->key;
$this->rename_pattern = $info->rename_pattern;
$this->sort_pattern = $info->sort_pattern;
$this->catalog_type = $info->catalog_type;
@@ -725,11 +725,11 @@ class Catalog {
$id = sql_escape($data['catalog_id']);
$name = sql_escape($data['name']);
- $id3cmd = sql_escape($data['id3cmd']);
+ $key = sql_escape($data['key']);
$rename = sql_escape($data['rename_pattern']);
$sort = sql_escape($data['sort_pattern']);
- $sql = "UPDATE catalog SET name='$name', id3_set_command='$id3cmd', rename_pattern='$rename', " .
+ $sql = "UPDATE catalog SET name='$name', `key`='$key', rename_pattern='$rename', " .
"sort_pattern='$sort' WHERE id = '$id'";
$db_results = mysql_query($sql, dbh());
@@ -745,7 +745,7 @@ class Catalog {
* @param $path Root path to start from for catalog
* @param $name Name of the new catalog
*/
- function new_catalog($path,$name, $id3cmd=0, $ren=0, $sort=0, $type=0,$gather_art=0,$parse_m3u=0,$art=array()) {
+ function new_catalog($path,$name, $key=0, $ren=0, $sort=0, $type=0,$gather_art=0,$parse_m3u=0,$art=array()) {
/* Record the time.. time the catalog gen */
$start_time = time();
@@ -760,17 +760,17 @@ class Catalog {
$catalog_id = $this->check_catalog($path);
if (!$catalog_id) {
- $catalog_id = $this->create_catalog_entry($path,$name,$id3cmd, $ren, $sort, $type);
+ $catalog_id = $this->create_catalog_entry($path,$name,$key, $ren, $sort, $type);
}
/* Setup the $this with the new information */
- $this->id = $catalog_id;
- $this->path = $path;
- $this->name = $name;
- $this->id3_set_command = ($id3cmd)?$id3cmd:'';
- $this->rename_pattern = ($ren)?$ren:'';
- $this->sort_pattern = ($sort)?$sort:'';
- $this->catalog_type = $type;
+ $this->id = $catalog_id;
+ $this->path = $path;
+ $this->name = $name;
+ $this->key = $key;
+ $this->rename_pattern = ($ren)?$ren:'';
+ $this->sort_pattern = ($sort)?$sort:'';
+ $this->catalog_type = $type;
/* Fluf */
echo _('Starting Catalog Build') . " [$name]<br />\n";
@@ -1704,7 +1704,7 @@ class Catalog {
@param $path The root path for this catalog
@param $name The name of the new catalog
*/
- function create_catalog_entry($path,$name,$id3cmd=0,$ren=0,$sort=0, $type='local') {
+ function create_catalog_entry($path,$name,$key=0,$ren=0,$sort=0, $type='local') {
// Current time
$date = time();
@@ -1713,8 +1713,8 @@ class Catalog {
$name = sql_escape($name);
if($id3cmd && $ren && $sort) {
- $sql = "INSERT INTO catalog (path,name,last_update,id3_set_command,rename_pattern,sort_pattern,catalog_type) " .
- " VALUES ('$path','$name','$date', '$id3cmd', '$ren', '$sort','$type')";
+ $sql = "INSERT INTO catalog (path,name,last_update,`key`,rename_pattern,sort_pattern,catalog_type) " .
+ " VALUES ('$path','$name','$date', '$key', '$ren', '$sort','$type')";
}
else {
$sql = "INSERT INTO catalog (path,name,last_update) VALUES ('$path','$name','$date')";
diff --git a/lib/class/update.class.php b/lib/class/update.class.php
index e505ea87..fc13ef44 100644
--- a/lib/class/update.class.php
+++ b/lib/class/update.class.php
@@ -282,11 +282,16 @@ class Update {
$update_string = '- Reworked All Indexes on tables, hopefully leading to performance improvements.<br />' .
'- Added id int(11) UNSIGNED fields to a few tables missing it.<br />' .
+ '- Reworked Access Lists, adding type based ACL\'s and a key for xml-rpc communication.<br />' .
'- Removed DB Based color/font preferences and Theme preferences catagory.<br />';
$version[] = array('version' => '332012','description' => $update_string);
- $update_string = '- Added live_stream table for radio station support.<br />';
+ $update_string = '- Added live_stream table for radio station support.<br />' .
+ '- Removed id3_set_command from catalog and added xml-rpc key for remote catalogs.<br />' .
+ '- Added stream/video to enum of object_count for future support.<br />';
+
+ $version[] = array('version' => '332013','description' => $update_string);
return $version;
@@ -1782,6 +1787,7 @@ class Update {
*/
function update_332013() {
+ /* Add Live Stream Table */
$sql = "CREATE TABLE `live_stream` (" .
"`id` INT( 11 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY ," .
"`name` VARCHAR( 128 ) NOT NULL ," .
@@ -1792,6 +1798,30 @@ class Update {
"`frequency` VARCHAR( 32 ) NOT NULL ," .
"`call_sign` VARCHAR( 32 ) NOT NULL" .
")";
+ $db_results = mysql_query($sql, dbh());
+
+ /* Add Indexes for this new table */
+ $sql = "ALTER TABLE `live_stream` ADD INDEX `catalog` (`catalog`)";
+ $db_results = mysql_query($sql, dbh());
+
+ $sql = "ALTER TABLE `live_stream` ADD INDEX `genre` (`genre`)";
+ $db_results = mysql_query($sql, dbh());
+
+ $sql = "ALTER TABLE `live_stream` ADD INDEX `name` (`name`)";
+ $db_results = mysql_query($sql,dbh());
+
+ /* Drop id3 set command */
+ $sql = "ALTER TABLE `catalog` DROP `id3_set_command`";
+ $db_results = mysql_query($sql, dbh());
+
+ $sql = "ALTER TABLE `catalog` ADD `key` VARCHAR( 255 ) NOT NULL";
+ $db_results = mysql_query($sql, dbh());
+
+ /* Prepare for Video and Stream (comming in next version) */
+ $sql = "ALTER TABLE `ratings` CHANGE `object_type` `object_type` ENUM( 'artist', 'album', 'song', 'steam', 'video' ) NOT NULL DEFAULT 'artist'";
+ $db_results = mysql_query($sql, dbh());
+
+ $this->set_version('db_version','332013');
} // update_332013
diff --git a/lib/duplicates.php b/lib/duplicates.php
index 1d03a3da..3fe56ed1 100644
--- a/lib/duplicates.php
+++ b/lib/duplicates.php
@@ -92,15 +92,13 @@ function show_duplicate_songs($flags,$search_type) {
@discussion
*/
function show_duplicate_searchbox($search_type) {
+// OMFG KillingVollmer++ needs to be fixed in a desperate way
?>
-<br />
+<?php show_box_top(_('Find Duplicates')); ?>
<form name="songs" action="<?php echo conf('web_path'); ?>/admin/duplicates.php" method="post" enctype="multipart/form-data" >
-<table class="border" cellspacing="0" cellpadding="3" border="0" width="450">
- <tr class="table-header">
- <td colspan="2"><b><?php echo _("Find Duplicates"); ?></b></td>
- </tr>
- <tr class="even">
- <td><?php echo _("Search Type"); ?>:</td>
+<table cellspacing="0" cellpadding="3" border="0" width="450">
+ <tr>
+ <td valign="top"><?php echo _('Search Type'); ?>:</td>
<td>
<?php
@@ -123,16 +121,16 @@ function show_duplicate_searchbox($search_type) {
?>
</td>
</tr>
- <tr class="odd">
+ <tr>
<td></td>
<td>
<input type="hidden" name="action" value="search" />
- <input type="submit" value="<?php echo _("Search"); ?>" />
+ <input type="submit" value="<?php echo _('Search'); ?>" />
</td>
</tr>
</table>
</form>
-<br />
+<?php show_box_bottom(); ?>
<?php
} // show_duplicate_searchbox
?>
diff --git a/lib/xmlrpc.php b/lib/xmlrpc.php
index cd6c3e70..7dc09f01 100644
--- a/lib/xmlrpc.php
+++ b/lib/xmlrpc.php
@@ -26,7 +26,7 @@
* @package XMLRPC
* @catagory Server
* @author Karl Vollmer
- * @copyright Ampache.org 2001 - 2005
+ * @copyright Ampache.org 2001 - 2006
*/
/**
@@ -38,6 +38,14 @@
*/
function remote_catalog_query($m) {
+ $var = $m->getParam(0);
+ $key = $var->scalarval();
+
+ /* Verify the KEY */
+ if (!remote_key_verify($key,$_SERVER['REMOTE_ADDR'],'5')) {
+ return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied');
+ }
+
$result = array();
// we only want to send the local entries
@@ -53,7 +61,7 @@ function remote_catalog_query($m) {
set_time_limit(0);
$encoded_array = php_xmlrpc_encode($result);
- if (conf('debug')) { log_event($_SESSION['userdata']['username'],' xmlrpc-server ',"Encoded Catalogs: " . count($result)); }
+ debug_event('xmlrpc-server',"Encoded Catalogs: " . count($result),'3');
return new xmlrpcresp($encoded_array);
@@ -71,8 +79,16 @@ function remote_catalog_query($m) {
*/
function remote_song_query($params) {
- $start = $params->params['0']->me['int'];
- $step = $params->params['1']->me['int'];
+ $var = $parms->getParam(0);
+ $key = $var->scalarval();
+
+ /* Verify the KEY */
+ if (!remote_key_verify($key,$_SERVER['REMOTE_ADDR'],'5')) {
+ return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied');
+ }
+
+ $start = $params->params['1']->me['int'];
+ $step = $params->params['2']->me['int'];
// Get me a list of all local catalogs
$sql = "SELECT catalog.id FROM catalog WHERE catalog_type='local'";
@@ -131,8 +147,18 @@ function remote_song_query($params) {
*/
function remote_session_verify($params) {
+ $var = $parms->getParam(0);
+ $key = $var->scalarval();
+
+ /* Verify the KEY */
+ if (!remote_key_verify($key,$_SERVER['REMOTE_ADDR'],'5')) {
+ return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied');
+ }
+
+
/* We may need to do this correctly.. :S */
- $sid = $params->params['0']->me['string'];
+ $var = $params->getParam(1);
+ $sid = $var->scalarval();
if (session_exists($sid)) {
$data = true;
@@ -168,4 +194,23 @@ function remote_server_denied() {
} // remote_server_denied
+/**
+ * remote_key_verify
+ * This does a ACCESS control check against
+ * the incomming xml-rpc request. it takes the
+ * passed key and makes sure the IP+KEY+LEVEL
+ * matches in the local ACL
+ */
+function remote_key_verify($ip,$key,$level) {
+
+ $access = new Access();
+ if ($access->check('xml-rpc',$ip,'',$key,$level)) {
+ return true;
+ }
+
+ return false;
+
+} // remote_key_verify
+
+
?>
generated by cgit (git 2.34.1) at 2025-08-13 09:49:12 +0000