From e32557bf900153c5cfb0d2f28640aa9091ef7488 Mon Sep 17 00:00:00 2001
From: Karl 'vollmerk' Vollmer <vollmer@ampache.org>
Date: Mon, 25 Sep 2006 01:05:23 +0000
Subject: finished up ACL work

---
 lib/class/access.class.php | 49 +++++++++++++++++++++++++++++++++++++---------
 lib/class/update.class.php | 33 +++++++++++++++++++------------
 lib/init.php               |  2 +-
 lib/ui.lib.php             | 40 ++++++++++++++++++++++++++++++-------
 4 files changed, 95 insertions(+), 29 deletions(-)

(limited to 'lib')

diff --git a/lib/class/access.class.php b/lib/class/access.class.php
index 330156b7..5e664741 100644
--- a/lib/class/access.class.php
+++ b/lib/class/access.class.php
@@ -89,8 +89,13 @@ class Access {
 		$start 	= ip2int($data['start']);
 		$end	= ip2int($data['end']);
 		$level	= sql_escape($data['level']);
-		
-		$sql = "UPDATE access_list SET start='$start', end='$end', level='$level' WHERE id='" . sql_escape($this->id) . "'";
+		$user	= sql_escape($data['user']);
+		$key	= sql_escape($data['key']);
+			
+		$sql = "UPDATE access_list " . 
+			"SET start='$start', end='$end', level='$level', user='$user' " . 
+			"WHERE id='" . sql_escape($this->id) . "'";
+
 		$db_results = mysql_query($sql, dbh());
 
 		return true;
@@ -115,10 +120,12 @@ class Access {
 		$level	= intval($level);
 		$type	= $this->validate_type($type);
 
-		$sql = "INSERT INTO access_list (`name`,`level`,`start`,`end`) VALUES ".
-			"('$name','$level','$start','$end')";
+		$sql = "INSERT INTO access_list (`name`,`level`,`start`,`end`,`key`,`user`,`type`) " . 
+			"VALUES ('$name','$level','$start','$end','$key','$user','$type')";
 		$db_results = mysql_query($sql, dbh());
 
+		return true;
+
 	} // create
 
 	/*!
@@ -140,7 +147,7 @@ class Access {
 		@function check
 		@discussion check to see if they have rights
 	*/
-	function check($needed, $ip) { 
+	function check($type,$ip,$user,$level,$key='') { 
 
 		// They aren't using access control 
 		// lets just keep on trucking
@@ -148,9 +155,29 @@ class Access {
 			return true;
 		} 
 
-		$ip = ip2int($ip);
+		// Clean incomming variables
+		$ip 	= ip2int(intval($ip));
+		$user 	= sql_escape($user);
+		$key 	= sql_escape($key);
+		$level	= sql_escape($level);
 
-		$sql = "SELECT id FROM access_list WHERE start<='$ip' AND end>='$ip' AND level>='$needed'";
+		switch ($type) { 
+			case 'xml-rpc':
+				$sql = "SELECT id FROM access_list" . 
+					" WHERE `start` <= '$ip' AND `end` >= '$ip'" . 
+					" AND  `key` = '$key' AND `level` >= '$level'";
+			break;
+			case 'network':
+			case 'interface':
+			case 'stream':
+			default:
+				$sql = "SELECT id FROM access_list" . 
+					" WHERE `start` <= '$ip' AND `end` >= '$ip'" .
+					" AND `level` >= '$level' AND `type` = '$type'";
+				if (strlen($user)) { $sql .= " AND (`user` = '$user' OR `user` IS NULL)"; }
+				else { $sql .= " AND `user` IS NULL"; }
+			break;
+		} // end switch on type
 		$db_results = mysql_query($sql, dbh());
 
 		// Yah they have access they can use the mojo
@@ -240,9 +267,13 @@ class Access {
 	 * Take a user and return their full name
 	 */
 	function get_user_name() { 
-
+		
 		$user = new User($this->user);
-		return $user->name;
+		if ($user->username) { 
+			return $user->fullname . " (" . $user->username . ")";
+		}
+		
+		return false;
 
 	} // get_user_name
 
diff --git a/lib/class/update.class.php b/lib/class/update.class.php
index ca5b4d6e..e505ea87 100644
--- a/lib/class/update.class.php
+++ b/lib/class/update.class.php
@@ -281,12 +281,13 @@ class Update {
 		$version[] = array('version' => '332011','description' => $update_string);
 
 		$update_string = '- Reworked All Indexes on tables, hopefully leading to performance improvements.<br />' .
-				'- Added live_stream table for radio station support.<br />' . 
 				'- Added id int(11) UNSIGNED fields to a few tables missing it.<br />' . 
 				'- Removed DB Based color/font preferences and Theme preferences catagory.<br />';
 
 		$version[] = array('version' => '332012','description' => $update_string);
 
+		$update_string = '- Added live_stream table for radio station support.<br />';
+
 
 		return $version;
 
@@ -1643,17 +1644,6 @@ class Update {
 	 */
 	function update_332012() { 
 
-		$sql = "CREATE TABLE `live_stream` (" . 
-		"`id` INT( 11 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY ," . 
-		"`name` VARCHAR( 128 ) NOT NULL ," . 
-		"`site_url` VARCHAR( 255 ) NOT NULL ," . 
-		"`url` VARCHAR( 255 ) NOT NULL ," . 
-		"`genre` INT( 11 ) UNSIGNED NOT NULL ," . 
-		"`catalog` INT( 11 ) UNSIGNED NOT NULL ," . 
-		"`frequency` VARCHAR( 32 ) NOT NULL ," . 
-		"`call_sign` VARCHAR( 32 ) NOT NULL" . 
-		") ENGINE = MYISAM";
-
 		/* Clean Up Indexes */
 
 		// Access List
@@ -1785,6 +1775,25 @@ class Update {
 		$this->set_version('db_version','332012');
 
 	} // update_332012
+	
+	/**
+ 	 * update_332013
+	 * OMG BeatingsForVollmer++
+	 */
+	function update_332013() { 
+
+                $sql = "CREATE TABLE `live_stream` (" .
+                "`id` INT( 11 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY ," .
+                "`name` VARCHAR( 128 ) NOT NULL ," .
+                "`site_url` VARCHAR( 255 ) NOT NULL ," .
+                "`url` VARCHAR( 255 ) NOT NULL ," .
+                "`genre` INT( 11 ) UNSIGNED NOT NULL ," .
+                "`catalog` INT( 11 ) UNSIGNED NOT NULL ," .
+                "`frequency` VARCHAR( 32 ) NOT NULL ," .
+                "`call_sign` VARCHAR( 32 ) NOT NULL" .
+                ")";
+
+	} // update_332013
 
 } // end update class
 ?>
diff --git a/lib/init.php b/lib/init.php
index f3be960e..703f6bbe 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -80,7 +80,7 @@ if (!$results['allow_stream_playback']) {
 
 
 /** This is the version.... fluf nothing more... **/
-$results['version']		= '3.3.2 Build (003)';
+$results['version']		= '3.3.2 Build (004)';
 
 $results['raw_web_path']	= $results['web_path'];
 $results['web_path']		= $http_type . $_SERVER['HTTP_HOST'] . $results['web_path'];
diff --git a/lib/ui.lib.php b/lib/ui.lib.php
index f4783b53..88f050ec 100644
--- a/lib/ui.lib.php
+++ b/lib/ui.lib.php
@@ -888,31 +888,31 @@ function get_location() {
 		case 'preferences.php':
 			$location['title'] 	= 'Preferences';
 			break;
-		case 'admin/index.php':
+		case 'adminindex.php':
 			$location['title'] 	= 'Admin';
 			$location['section']	= 'admin';
 			break;
-		case 'admin/catalog.php':
+		case 'admincatalog.php':
 			$location['title'] 	= 'Catalog';
 			$location['section']	= 'admin';
 			break;
-		case 'admin/users.php':
+		case 'adminusers.php':
 			$location['title']	= 'User Management';
 			$location['section']	= 'admin';
 			break;
-		case 'admin/mail.php':
+		case 'adminmail.php':
 			$location['title']	= 'Mail Users';
 			$location['section']	= 'admin';
 			break;
-		case 'admin/access.php':
+		case 'adminaccess.php':
 			$location['title']	= 'Manage Access Lists';
 			$location['section']	= 'admin';
 			break;
-		case 'admin/preferences.php':
+		case 'adminpreferences.php':
 			$location['title']	= 'Site Preferences';
 			$location['section']	= 'admin';
 			break;
-		case 'admin/modules.php':
+		case 'adminmodules.php':
 			$location['title']	= 'Manage Modules';
 			$location['section']	= 'admin';
 			break;
@@ -1263,6 +1263,32 @@ function show_catalog_select($name='catalog',$catalog_id=0,$style='') {
 
 } // show_catalog_select
 
+
+/**
+ * show_user_select
+ * This one is for users! shows a select/option statement so you can pick a user
+ * to blame
+ */
+function show_user_select($name,$selected='',$style='') { 
+
+	echo "<select name=\"$name\" style=\"$style\">\n";
+	echo "\t<option value=\"\">" . _('None') . "</option>\n";
+
+	$sql = "SELECT username as id,fullname FROM user ORDER BY fullname";
+	$db_results = mysql_query($sql, dbh());
+
+	while ($r = mysql_fetch_assoc($db_results)) { 
+		$select_txt = '';
+		if ($r['id'] == $selected) { 
+			$select_txt = 'selected="selected"';
+		}
+
+		echo "\t<option value=\"" . $r['id'] . "\" $select_txt>" . scrub_out($r['fullname']) . "</option>\n";
+		
+	} // end while users
+
+} // show_user_select
+
 /**
  * show_box_top
  * This function requires the top part of the box
-- 
cgit