diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index d876b3a0..d529f30a 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,6 +4,7 @@
--------------------------------------------------------------------------
v.3.4-Alpha4
+ - Fixed XML-RPC, now uses handshake method properly
- Fixed bug where stream would start even with no songs
- Upgraded to Prototype 1.6
- Added playlists and playlist_songs methods to API
diff --git a/lib/class/catalog.class.php b/lib/class/catalog.class.php
index d0388477..6c93e549 100644
--- a/lib/class/catalog.class.php
+++ b/lib/class/catalog.class.php
@@ -1274,40 +1274,57 @@ class Catalog {
else {
$client = new xmlrpc_client("/$path/server/xmlrpc.server.php", $server, 80);
}
-
- /* encode the variables we need to send over */
- $encoded_key = new xmlrpcval($this->key,"string");
- $encoded_path = new xmlrpcval(Config::get('web_path'),"string");
-
- $xmlrpc_message = new xmlrpcmsg('xmlrpcserver.get_catalogs', array($encoded_key,$encoded_path));
-
+
// 6 that's right, the secret level because if you do have debug on most likely you're
// going to just crash your browser... sorry folks
if (Config::get('debug') AND Config::get('debug_level') == '6') { $client->setDebug(1); }
-
- $response = $client->send($xmlrpc_message,30);
- $value = $response->value();
- if ( !$response->faultCode() ) {
- $data = php_xmlrpc_decode($value);
+ // Before we do anything else we need to do a handshake with the remote server
+ $timestamp = time();
+ $handshake_key = md5($timestamp . $this->key);
+
+ $encoded_key = new xmlrpcval($handshake_key,"string");
+ $timestamp = new xmlrpcval($timestamp,"int");
+ $xmlrpc_message = new xmlrpcmsg('xmlrpcserver.handshake',array($encoded_key,$timestamp));
+
+ // Send it off
+ $response = $client->send($xmlrpc_message,10);
+ if ($response->faultCode()) {
+ $error_msg = _("Error connecting to") . " " . $server . " " . _("Code") . ": " . $response->faultCode() . " " . _("Reason") . ": " . $response->faultString();
+ debug_event('XMLCLIENT',$error_msg,'1');
+ echo "$error_msg
";
+ return;
+ }
- // Print out the catalogs we are going to sync
- foreach ($data as $vars) {
- $catalog_name = $vars['name'];
- $count = $vars['count'];
- print("Reading Remote Catalog: $catalog_name ($count Songs) [$this->path]
\n");
- $total += $count;
- }
- // Flush the output
- flush();
+ $token = php_xmlrpc_decode($response->value());
+
+ /* encode the variables we need to send over */
+ $encoded_key = new xmlrpcval($token,"string");
+ $encoded_path = new xmlrpcval(Config::get('web_path'),"string");
+
+ $xmlrpc_message = new xmlrpcmsg('xmlrpcserver.get_catalogs', array($encoded_key,$encoded_path));
+ $response = $client->send($xmlrpc_message,30);
- } // if we didn't get an error
- else {
+ if ($response->faultCode() ) {
$error_msg = _("Error connecting to") . " " . $server . " " . _("Code") . ": " . $response->faultCode() . " " . _("Reason") . ": " . $response->faultString();
debug_event('XMLCLIENT',$error_msg,'1');
echo "$error_msg
";
return;
- }
+ }
+
+
+ $data = php_xmlrpc_decode($response->value());
+
+ // Print out the catalogs we are going to sync
+ foreach ($data as $vars) {
+ $catalog_name = $vars['name'];
+ $count = $vars['count'];
+ print("Reading Remote Catalog: $catalog_name ($count Songs) [$this->path]
\n");
+ $total += $count;
+ }
+
+ // Flush the output
+ flush();
// Hardcoded for now
$step = '500';
@@ -1316,7 +1333,7 @@ class Catalog {
while ($total > $current) {
$start = $current;
$current += $step;
- $this->get_remote_song($client,$start,$step);
+ $this->get_remote_song($client,$token,$start,$step);
}
echo "" . _('Completed updating remote catalog(s)') . ".
\n";
@@ -1331,11 +1348,11 @@ class Catalog {
* This functions takes a start and end point for gathering songs from a remote server. It is broken up
* in attempt to get around the problem of very large target catalogs
*/
- public function get_remote_song($client,$start,$end) {
+ public function get_remote_song($client,$token,$start,$end) {
$encoded_start = new xmlrpcval($start,"int");
$encoded_end = new xmlrpcval($end,"int");
- $encoded_key = new xmlrpcval($this->key,"string");
+ $encoded_key = new xmlrpcval($token,"string");
$query_array = array($encoded_key,$encoded_start,$encoded_end);
diff --git a/lib/class/xmlrpcserver.class.php b/lib/class/xmlrpcserver.class.php
index abb8076e..e5f3eff3 100644
--- a/lib/class/xmlrpcserver.class.php
+++ b/lib/class/xmlrpcserver.class.php
@@ -41,7 +41,7 @@ class xmlRpcServer {
$key = $variable->scalarval();
// Check it and make sure we're super green
- if (!Access::check_network('rpc',$_SERVER['REMOTE_ADDR'],'','5',$key)) {
+ if (!vauth::session_exists('xml-rpc',$key)) {
debug_event('XMLSERVER','Error ' . $_SERVER['REMOTE_ADDR'] . ' with key ' . $key . ' does not match any ACLs','1');
return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied');
}
@@ -85,7 +85,7 @@ class xmlRpcServer {
$key = $variable->scalarval();
// Check it and make sure we're super green
- if (!Access::check_network('rpc',$_SERVER['REMOTE_ADDR'],'','5',$key)) {
+ if (!vauth::session_exists('xml-rpc',$key)) {
debug_event('XMLSERVER','Error ' . $_SERVER['REMOTE_ADDR'] . ' with key ' . $key . ' does not match any ACLs','1');
return new xmlrpcresp(0,'503','Key/IP Mis-match Access Denied');
}
@@ -134,12 +134,12 @@ class xmlRpcServer {
// Pull out the params
$encoded_key = $xmlrpc_object->params['0']->me['string'];
- $timestamp = $xmlrpc_object->params['0']->me['int'];
+ $timestamp = $xmlrpc_object->params['1']->me['int'];
// Check the timestamp make sure it's recent
if ($timestamp < (time() - 14400)) {
debug_event('XMLSERVER','Handshake failure, timestamp too old','1');
- return new xmlrpcresp(php_xmlrpc_encoded("Handshake failure"));
+ return new xmlrpcresp(0,'503','Handshaek failure, timestamp too old');
}
// Log the attempt
@@ -158,11 +158,16 @@ class xmlRpcServer {
$md5pass = md5($timestamp . $row['key']);
if ($md5pass == $encoded_key) {
- $token = '';
+ $data['type'] = 'xml-rpc';
+ $data['username'] = 'System';
+ $data['value'] = 'Handshake';
+ $token = vauth::session_create($data);
+ return new xmlrpcresp(php_xmlrpc_encode($token));
}
} // end while rows
+ return new xmlrpcresp(0,'503','Handshaek failure, Key/IP Incorrect');
} // handshake
diff --git a/modules/xmlrpc/xmlrpc.inc b/modules/xmlrpc/xmlrpc.inc
index da096c1b..d4b384be 100644
--- a/modules/xmlrpc/xmlrpc.inc
+++ b/modules/xmlrpc/xmlrpc.inc
@@ -1317,8 +1317,7 @@ $cp1252_to_xmlent =
if($this->debug > 1)
{
- print "\n---SENDING---\n" . htmlentities($op) . "\n---END---\n
";
- // let the client see this now in case http times out...
+ debug_event('XMLRPC',"\n---SENDING---\n" . htmlentities($op) . "\n---END---\n",'1','xmlrpc');
flush();
}
@@ -1458,11 +1457,8 @@ $cp1252_to_xmlent =
$encoding_hdr = '';
}
- if($this->debug > 1)
- {
- print "\n---SENDING---\n" . htmlentities($payload) . "\n---END---\n
";
- // let the client see this now in case http times out...
- flush();
+ if($this->debug > 1) {
+ debug_event('XMLRPC',"\n---SENDING---\n" . htmlentities($payload) . "\n---END---\n",'1','xmlrpc');
}
if(!$keepalive || !$this->xmlrpc_curl_handle)
@@ -2338,18 +2334,17 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
$data = substr($data, $bd);
- if($this->debug && count($GLOBALS['_xh']['headers']))
- {
- print '';
- foreach($GLOBALS['_xh']['headers'] as $header => $value)
- {
- print htmlentities("HEADER: $header: $value\n");
+ // If we're debuging and we've got some headers
+ if($this->debug && count($GLOBALS['_xh']['headers'])) {
+ $debug_string = '';
+
+ foreach($GLOBALS['_xh']['headers'] as $header => $value) {
+ $debug_string .= "HEADER: $header: $value\n";
}
- foreach($GLOBALS['_xh']['cookies'] as $header => $value)
- {
- print htmlentities("COOKIE: $header={$value['value']}\n");
+ foreach($GLOBALS['_xh']['cookies'] as $header => $value) {
+ $debug_string .= "COOKIE: $header={$value['value']}\n";
}
- print "\n";
+ debug_event('XMLRPC',"\n---SENDING---\n" . htmlentities($debug_string) . "\n---END---\n",'1','xmlrpc');
}
// if CURL was used for the call, http headers have been processed,
@@ -2381,13 +2376,13 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
{
$data = $degzdata;
if($this->debug)
- print "---INFLATED RESPONSE---[".strlen($data)." chars]---\n" . htmlentities($data) . "\n---END---
";
+ debug_event('XMLRPC',"\n---RESPONSE---\n" . $data . "\n---END---\n",'1','xmlrpc');
}
elseif($GLOBALS['_xh']['headers']['content-encoding'] == 'gzip' && $degzdata = @gzinflate(substr($data, 10)))
{
$data = $degzdata;
if($this->debug)
- print "---INFLATED RESPONSE---[".strlen($data)." chars]---\n" . htmlentities($data) . "\n---END---
";
+ debug_event('XMLRPC',"\n---RESPONSE---\n" . $data . "\n---END---\n",'1','xmlrpc');
}
else
{
@@ -2425,7 +2420,7 @@ xmlrpc_encode_entitites($this->errstr, $GLOBALS['xmlrpc_internalencoding'], $cha
if($this->debug)
{
//by maHo, replaced htmlspecialchars with htmlentities
- print "---GOT---\n" . htmlentities($data) . "\n---END---\n
";
+ debug_event('XMLRPC',"\n---GOT---\n" . $data . "\n---END---\n",'1','xmlrpc');
}
if($data == '')
diff --git a/templates/show_get_albumart.inc.php b/templates/show_get_albumart.inc.php
index bf831436..a9cf2f37 100644
--- a/templates/show_get_albumart.inc.php
+++ b/templates/show_get_albumart.inc.php
@@ -21,7 +21,6 @@
*/
?>
-