From a8b94b78da50c9dc4fd272a88de0bb11ecaa15ff Mon Sep 17 00:00:00 2001 From: Karl 'vollmerk' Vollmer Date: Fri, 29 Sep 2006 06:53:41 +0000 Subject: continued to work on xml-rpc in conjuction with new acls xml-rpc is broken in this svn release.. sorry will fix asap --- admin/catalog.php | 9 +++-- lib/class/access.class.php | 9 ++++- lib/class/catalog.class.php | 32 ++++++++-------- lib/class/update.class.php | 32 +++++++++++++++- lib/duplicates.php | 18 ++++----- lib/xmlrpc.php | 55 ++++++++++++++++++++++++--- server/xmlrpc.server.php | 2 +- templates/customize_catalog.inc | 75 ------------------------------------- templates/list_duplicates.inc | 3 +- templates/show_add_catalog.inc.php | 6 ++- templates/show_edit_catalog.inc.php | 72 +++++++++++++++++++++++++++++++++++ 11 files changed, 197 insertions(+), 116 deletions(-) delete mode 100644 templates/customize_catalog.inc create mode 100644 templates/show_edit_catalog.inc.php diff --git a/admin/catalog.php b/admin/catalog.php index 87b5d383..cc57bd3f 100644 --- a/admin/catalog.php +++ b/admin/catalog.php @@ -188,7 +188,8 @@ switch ($_REQUEST['action']) { if (conf('demo_mode')) { break; } /* Update the catalog */ - Catalog::update_settings($_REQUEST); + $catalog = new Catalog(); + $catalog->update_settings($_REQUEST); $url = conf('web_path') . '/admin/index.php'; $title = _('Catalog Updated'); @@ -210,7 +211,7 @@ switch ($_REQUEST['action']) { /* Create the Catalog */ $catalog->new_catalog($_REQUEST['path'], $_REQUEST['name'], - $_REQUEST['id3set_command'], + $_REQUEST['key'], $_REQUEST['rename_pattern'], $_REQUEST['sort_pattern'], $_REQUEST['type'], @@ -227,7 +228,7 @@ switch ($_REQUEST['action']) { } else { $error = "Please complete the form."; - include(conf('prefix') . '/templates/add_catalog.inc'); + include(conf('prefix') . '/templates/show_add_catalog.inc.php'); } break; case 'clear_stats': @@ -275,7 +276,7 @@ switch ($_REQUEST['action']) { show_confirmation(_('Delete Catalog'),_('Do you really want to delete this catalog?'),$nexturl,1); break; case 'show_customize_catalog': - include(conf('prefix') . '/templates/customize_catalog.inc'); + include(conf('prefix') . '/templates/show_edit_catalog.inc.php'); break; case 'gather_album_art': flush(); diff --git a/lib/class/access.class.php b/lib/class/access.class.php index b8a6c72c..5ad5a219 100644 --- a/lib/class/access.class.php +++ b/lib/class/access.class.php @@ -164,10 +164,17 @@ class Access { $level = sql_escape($level); switch ($type) { + /* This is here because we want to at least check IP before even creating the xml-rpc server + * however we don't have the key that was passed yet so we've got to do just ip + */ + case 'init-xml-rpc': + $sql = "SELECT id FROM access_list" . + " WHERE `start` <= '$ip' AND `end` >= '$ip' AND `type`='xml-rpc' AND `level` >= '$level'"; + break; case 'xml-rpc': $sql = "SELECT id FROM access_list" . " WHERE `start` <= '$ip' AND `end` >= '$ip'" . - " AND `key` = '$key' AND `level` >= '$level'"; + " AND `key` = '$key' AND `level` >= '$level' AND `type`='xml-rpc'"; break; case 'network': case 'interface': diff --git a/lib/class/catalog.class.php b/lib/class/catalog.class.php index 9f782d46..55d45717 100644 --- a/lib/class/catalog.class.php +++ b/lib/class/catalog.class.php @@ -30,7 +30,7 @@ class Catalog { var $name; var $last_update; var $last_add; - var $id3_set_command; + var $key; var $rename_pattern; var $sort_pattern; var $catalog_type; @@ -64,7 +64,7 @@ class Catalog { $this->name = $info->name; $this->last_update = $info->last_update; $this->last_add = $info->last_add; - $this->id3_set_command = $info->id3_set_command; + $this->key = $info->key; $this->rename_pattern = $info->rename_pattern; $this->sort_pattern = $info->sort_pattern; $this->catalog_type = $info->catalog_type; @@ -725,11 +725,11 @@ class Catalog { $id = sql_escape($data['catalog_id']); $name = sql_escape($data['name']); - $id3cmd = sql_escape($data['id3cmd']); + $key = sql_escape($data['key']); $rename = sql_escape($data['rename_pattern']); $sort = sql_escape($data['sort_pattern']); - $sql = "UPDATE catalog SET name='$name', id3_set_command='$id3cmd', rename_pattern='$rename', " . + $sql = "UPDATE catalog SET name='$name', `key`='$key', rename_pattern='$rename', " . "sort_pattern='$sort' WHERE id = '$id'"; $db_results = mysql_query($sql, dbh()); @@ -745,7 +745,7 @@ class Catalog { * @param $path Root path to start from for catalog * @param $name Name of the new catalog */ - function new_catalog($path,$name, $id3cmd=0, $ren=0, $sort=0, $type=0,$gather_art=0,$parse_m3u=0,$art=array()) { + function new_catalog($path,$name, $key=0, $ren=0, $sort=0, $type=0,$gather_art=0,$parse_m3u=0,$art=array()) { /* Record the time.. time the catalog gen */ $start_time = time(); @@ -760,17 +760,17 @@ class Catalog { $catalog_id = $this->check_catalog($path); if (!$catalog_id) { - $catalog_id = $this->create_catalog_entry($path,$name,$id3cmd, $ren, $sort, $type); + $catalog_id = $this->create_catalog_entry($path,$name,$key, $ren, $sort, $type); } /* Setup the $this with the new information */ - $this->id = $catalog_id; - $this->path = $path; - $this->name = $name; - $this->id3_set_command = ($id3cmd)?$id3cmd:''; - $this->rename_pattern = ($ren)?$ren:''; - $this->sort_pattern = ($sort)?$sort:''; - $this->catalog_type = $type; + $this->id = $catalog_id; + $this->path = $path; + $this->name = $name; + $this->key = $key; + $this->rename_pattern = ($ren)?$ren:''; + $this->sort_pattern = ($sort)?$sort:''; + $this->catalog_type = $type; /* Fluf */ echo _('Starting Catalog Build') . " [$name]
\n"; @@ -1704,7 +1704,7 @@ class Catalog { @param $path The root path for this catalog @param $name The name of the new catalog */ - function create_catalog_entry($path,$name,$id3cmd=0,$ren=0,$sort=0, $type='local') { + function create_catalog_entry($path,$name,$key=0,$ren=0,$sort=0, $type='local') { // Current time $date = time(); @@ -1713,8 +1713,8 @@ class Catalog { $name = sql_escape($name); if($id3cmd && $ren && $sort) { - $sql = "INSERT INTO catalog (path,name,last_update,id3_set_command,rename_pattern,sort_pattern,catalog_type) " . - " VALUES ('$path','$name','$date', '$id3cmd', '$ren', '$sort','$type')"; + $sql = "INSERT INTO catalog (path,name,last_update,`key`,rename_pattern,sort_pattern,catalog_type) " . + " VALUES ('$path','$name','$date', '$key', '$ren', '$sort','$type')"; } else { $sql = "INSERT INTO catalog (path,name,last_update) VALUES ('$path','$name','$date')"; diff --git a/lib/class/update.class.php b/lib/class/update.class.php index e505ea87..fc13ef44 100644 --- a/lib/class/update.class.php +++ b/lib/class/update.class.php @@ -282,11 +282,16 @@ class Update { $update_string = '- Reworked All Indexes on tables, hopefully leading to performance improvements.
' . '- Added id int(11) UNSIGNED fields to a few tables missing it.
' . + '- Reworked Access Lists, adding type based ACL\'s and a key for xml-rpc communication.
' . '- Removed DB Based color/font preferences and Theme preferences catagory.
'; $version[] = array('version' => '332012','description' => $update_string); - $update_string = '- Added live_stream table for radio station support.
'; + $update_string = '- Added live_stream table for radio station support.
' . + '- Removed id3_set_command from catalog and added xml-rpc key for remote catalogs.
' . + '- Added stream/video to enum of object_count for future support.
'; + + $version[] = array('version' => '332013','description' => $update_string); return $version; @@ -1782,6 +1787,7 @@ class Update { */ function update_332013() { + /* Add Live Stream Table */ $sql = "CREATE TABLE `live_stream` (" . "`id` INT( 11 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY ," . "`name` VARCHAR( 128 ) NOT NULL ," . @@ -1792,6 +1798,30 @@ class Update { "`frequency` VARCHAR( 32 ) NOT NULL ," . "`call_sign` VARCHAR( 32 ) NOT NULL" . ")"; + $db_results = mysql_query($sql, dbh()); + + /* Add Indexes for this new table */ + $sql = "ALTER TABLE `live_stream` ADD INDEX `catalog` (`catalog`)"; + $db_results = mysql_query($sql, dbh()); + + $sql = "ALTER TABLE `live_stream` ADD INDEX `genre` (`genre`)"; + $db_results = mysql_query($sql, dbh()); + + $sql = "ALTER TABLE `live_stream` ADD INDEX `name` (`name`)"; + $db_results = mysql_query($sql,dbh()); + + /* Drop id3 set command */ + $sql = "ALTER TABLE `catalog` DROP `id3_set_command`"; + $db_results = mysql_query($sql, dbh()); + + $sql = "ALTER TABLE `catalog` ADD `key` VARCHAR( 255 ) NOT NULL"; + $db_results = mysql_query($sql, dbh()); + + /* Prepare for Video and Stream (comming in next version) */ + $sql = "ALTER TABLE `ratings` CHANGE `object_type` `object_type` ENUM( 'artist', 'album', 'song', 'steam', 'video' ) NOT NULL DEFAULT 'artist'"; + $db_results = mysql_query($sql, dbh()); + + $this->set_version('db_version','332013'); } // update_332013 diff --git a/lib/duplicates.php b/lib/duplicates.php index 1d03a3da..3fe56ed1 100644 --- a/lib/duplicates.php +++ b/lib/duplicates.php @@ -92,15 +92,13 @@ function show_duplicate_songs($flags,$search_type) { @discussion */ function show_duplicate_searchbox($search_type) { +// OMFG KillingVollmer++ needs to be fixed in a desperate way ?> -
+
- - - - - - +
:
+ + - +
:
- " /> +
-
+ diff --git a/lib/xmlrpc.php b/lib/xmlrpc.php index cd6c3e70..7dc09f01 100644 --- a/lib/xmlrpc.php +++ b/lib/xmlrpc.php @@ -26,7 +26,7 @@ * @package XMLRPC * @catagory Server * @author Karl Vollmer - * @copyright Ampache.org 2001 - 2005 + * @copyright Ampache.org 2001 - 2006 */ /** @@ -38,6 +38,14 @@ */ function remote_catalog_query($m) { + $var = $m->getParam(0); + $key = $var->scalarval(); + + /* Verify the KEY */ + if (!remote_key_verify($key,$_SERVER['REMOTE_ADDR'],'5')) { + return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied'); + } + $result = array(); // we only want to send the local entries @@ -53,7 +61,7 @@ function remote_catalog_query($m) { set_time_limit(0); $encoded_array = php_xmlrpc_encode($result); - if (conf('debug')) { log_event($_SESSION['userdata']['username'],' xmlrpc-server ',"Encoded Catalogs: " . count($result)); } + debug_event('xmlrpc-server',"Encoded Catalogs: " . count($result),'3'); return new xmlrpcresp($encoded_array); @@ -71,8 +79,16 @@ function remote_catalog_query($m) { */ function remote_song_query($params) { - $start = $params->params['0']->me['int']; - $step = $params->params['1']->me['int']; + $var = $parms->getParam(0); + $key = $var->scalarval(); + + /* Verify the KEY */ + if (!remote_key_verify($key,$_SERVER['REMOTE_ADDR'],'5')) { + return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied'); + } + + $start = $params->params['1']->me['int']; + $step = $params->params['2']->me['int']; // Get me a list of all local catalogs $sql = "SELECT catalog.id FROM catalog WHERE catalog_type='local'"; @@ -131,8 +147,18 @@ function remote_song_query($params) { */ function remote_session_verify($params) { + $var = $parms->getParam(0); + $key = $var->scalarval(); + + /* Verify the KEY */ + if (!remote_key_verify($key,$_SERVER['REMOTE_ADDR'],'5')) { + return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied'); + } + + /* We may need to do this correctly.. :S */ - $sid = $params->params['0']->me['string']; + $var = $params->getParam(1); + $sid = $var->scalarval(); if (session_exists($sid)) { $data = true; @@ -168,4 +194,23 @@ function remote_server_denied() { } // remote_server_denied +/** + * remote_key_verify + * This does a ACCESS control check against + * the incomming xml-rpc request. it takes the + * passed key and makes sure the IP+KEY+LEVEL + * matches in the local ACL + */ +function remote_key_verify($ip,$key,$level) { + + $access = new Access(); + if ($access->check('xml-rpc',$ip,'',$key,$level)) { + return true; + } + + return false; + +} // remote_key_verify + + ?> diff --git a/server/xmlrpc.server.php b/server/xmlrpc.server.php index a0d71cc0..ebf5416b 100644 --- a/server/xmlrpc.server.php +++ b/server/xmlrpc.server.php @@ -34,7 +34,7 @@ else { exit(); } $access = new Access(); // ** check that the remote server has access to this catalog -if ($access->check('75',$_SERVER['REMOTE_ADDR'])) { +if ($access->check('init-xml-rpc',$_SERVER['REMOTE_ADDR'],'','','5')) { /* Setup Possible Actions */ $methods['remote_catalog_query'] = array('function' => 'remote_catalog_query'); diff --git a/templates/customize_catalog.inc b/templates/customize_catalog.inc deleted file mode 100644 index 4bd09746..00000000 --- a/templates/customize_catalog.inc +++ /dev/null @@ -1,75 +0,0 @@ - - -
-
path; ?>

-
-
- - - - - - - - - - - - - - - - - - - - - - -
: - :
- %A =
- %a =
- %C =
- %c =
- %g =
- %T =
- %t =
- %y =
- %o =
-
: - -
: - -
- :
- 		- -
  - - - " /> -
-
-
diff --git a/templates/list_duplicates.inc b/templates/list_duplicates.inc index f694c332..54617c92 100644 --- a/templates/list_duplicates.inc +++ b/templates/list_duplicates.inc @@ -25,8 +25,8 @@ $web_path = conf('web_path'); show_duplicate_searchbox($search_type); if ($flags) { ?> +
"> -

@@ -66,6 +66,7 @@ if ($flags) { ?>
+

diff --git a/templates/show_add_catalog.inc.php b/templates/show_add_catalog.inc.php index bdd7c97a..2bf02283 100644 --- a/templates/show_add_catalog.inc.php +++ b/templates/show_add_catalog.inc.php @@ -20,7 +20,6 @@ */ -$default_id3 = "/usr/bin/id3v2 -a "%a" -A "%A" -t "%t" -g %g -y %y -T %T -c "%c" %filename"; $default_rename = "%a - %T - %t"; $default_sort = "%a/%A"; @@ -61,7 +60,10 @@ $default_sort = "%a/%A"; - + + : + * + : diff --git a/templates/show_edit_catalog.inc.php b/templates/show_edit_catalog.inc.php new file mode 100644 index 00000000..7a31de6a --- /dev/null +++ b/templates/show_edit_catalog.inc.php @@ -0,0 +1,72 @@ + +name . ' (' . $catalog->path . ')'); ?> +
+ + + + + + + + + + + + + + + + + + + + + + +
: + :
+ %A =
+ %a =
+ %C =
+ %c =
+ %g =
+ %T =
+ %t =
+ %y =
+ %o =
+
: + *Required for Remote Catalogs +
: + +
+ :
+ 		+ +
  + + + +
+
+ -- cgit