From 6906bb43c6635ece5150c9abffe8e9bb16a03f6c Mon Sep 17 00:00:00 2001
From: Karl 'vollmerk' Vollmer <vollmer@ampache.org>
Date: Mon, 9 Jan 2006 04:46:16 +0000
Subject: [PATCH] updated acess mojo

---
 admin/access.php               | 62 +++++++++++++++-----------------
 docs/CHANGELOG                 |  1 +
 lib/class/access.class.php     | 52 +++++++++++++++++----------
 templates/list_duplicates.inc  |  2 +-
 templates/show_access_list.inc |  9 ++---
 templates/show_edit_access.inc | 65 ++++++++++++++++++++++++++++++++++
 6 files changed, 133 insertions(+), 58 deletions(-)
 create mode 100644 templates/show_edit_access.inc

diff --git a/admin/access.php b/admin/access.php
index 45896950..c16a125e 100644
--- a/admin/access.php
+++ b/admin/access.php
@@ -36,40 +36,34 @@ if (!$user->has_access(100)) {
 
 show_template('header');
 
-if ( $action == 'show_confirm_delete' ) {
-        show_confirm_action(_("Do you really want to delete this Access Record?"), "admin/access.php", "access_id=" . $_REQUEST['access_id'] . "&amp;action=delete_host");
-}
-/*!
-	@action delete_host
-	@discussion deletes an access list entry
-*/
-elseif ( $action == 'delete_host' ) {
-	$access->delete($_REQUEST['access_id']);
-	show_confirmation(_("Entry Deleted"),_("Your Access List Entry has been removed"),"admin/access.php");
-
-} // delete_host
-/*!
-	@action add_host
-	@discussion add a new access list entry
-*/
-elseif ($action == 'add_host') { 
-
-	$access->create($_REQUEST['name'], $_REQUEST['start'],$_REQUEST['end'],$_REQUEST['level']);
-	show_confirmation(_("Entry Added"),_("Your new Access List Entry has been created"),"admin/access.php");
-
-} // add_host
-/*!
-	@action show_add_host
-	@discussion show the add host box
-*/
-elseif ( $action == 'show_add_host' ) {
-	include(conf('prefix') . "/templates/show_add_access.inc");
-}
-else { 
-	$list = array();
-	$list = $access->get_access_list();
-	include(conf('prefix') ."/templates/show_access_list.inc");
-}
 
+switch ($action ) { 
+	case 'show_confirm_delete':
+		show_confim_action(_('Do you really want to delete this Access Reocrd?'),'admin/access.php','access_id=' . scrub_out($_REQUEST['access_id']) . '&amp;action=delete_host');
+	break;
+	case 'delete_host':
+		$access->delete($_REQUEST['access_id']);
+		show_confirmation(_('Entry Deleted'),_('Your Access List Entry has been removed'),'admin/access.php');
+	break;
+	case 'add_host':
+		$access->create($_REQUEST['name'],$_REQUEST['start'],$_REQUEST['end'],$_REQUEST['level']);
+		show_confirmation(_('Entry Added'),_('Your new Access List Entry has been created'),'admin/access.php');
+	break;
+	case 'update_host':
+		$access->update($_REQUEST);
+		show_confirmation(_('Entry Updated'),_('Access List Entry updated'),'admin/access.php');
+	break;
+	case 'show_add_host':
+		include(conf('prefix') . '/templates/show_add_access.inc');
+	break;
+	case 'show_edit_host':
+		include(conf('prefix') . '/templates/show_edit_access.inc');
+	break;
+	default:
+		$list = array();
+		$list = $access->get_access_list();
+		include(conf('prefix') ."/templates/show_access_list.inc");
+	break;
+} // end switch on action
 show_footer();
 ?>
diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index 2e2bf0d6..8bec4031 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,6 +4,7 @@
 
 --------------------------------------------------------------------------
   v.3.3.2-Beta1
+  	- Fixed Access List so that you can edit existing records
   	- Fixed counting error when using the /bin/catalog_update.php.inc
 		script
   	- Fixed some minor theme issues with the built in themes
diff --git a/lib/class/access.class.php b/lib/class/access.class.php
index 8a0ad168..a49d23e2 100644
--- a/lib/class/access.class.php
+++ b/lib/class/access.class.php
@@ -19,9 +19,10 @@
  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA. 
 
 */
-
-/*!
-	@header Access Class
+/** 
+ * Access Class
+ * This class handles the access list mojo for Ampache, it is ment to restrict
+ * access based on IP and maybe something else in the future
 */
 
 class Access {
@@ -40,25 +41,21 @@ class Access {
 	 */
 	function Access($access_id = 0) {
 
-		/* If we have passed an id then do something */
-		if ($access_id) { 
+		if (!$access_id) { return false; }
 
-			/* Assign id for use in get_info() */
-			$this->id = $access_id;
 
-			/* Get the information from the db */
-			if ($info = $this->get_info()) {
+		/* Assign id for use in get_info() */
+		$this->id = $access_id;
 
-				/* Assign Vars */
-				$this->name 	= $info->name;
-				$this->start 	= $info->start;
-				$this->end	= $info->end;
-				$this->level	= $info->level;
-			} // if info
+		$info = $this->get_info();
+		$this->name 	= $info->name;
+		$this->start 	= $info->start;
+		$this->end	= $info->end;
+		$this->level	= $info->level;
 
-		} // if access_id
+		return true;
 
-	} //constructor
+	} //Access
 
 	/*!
 		@function get_info
@@ -68,7 +65,7 @@ class Access {
 	function get_info() {
 
 		/* Grab the basic information from the catalog and return it */
-		$sql = "SELECT * FROM access_list WHERE id='$this->id'";
+		$sql = "SELECT * FROM access_list WHERE id='" . sql_escape($this->id) . "'";
 		$db_results = mysql_query($sql, dbh());
 
 		$results = mysql_fetch_object($db_results);
@@ -77,6 +74,23 @@ class Access {
 
 	} //get_info
 
+	/**
+	 * update
+	 * This function takes a named array as a datasource and updates the current access list entry
+	 */
+	function update($data) { 
+
+		$start 	= ip2int($data['start']);
+		$end	= ip2int($data['end']);
+		$level	= sql_escape($data['level']);
+		
+		$sql = "UPDATE access_list SET start='$start', end='$end', level='$level' WHERE id='" . sql_escape($this->id) . "'";
+		$db_results = mysql_query($sql, dbh());
+
+		return true;
+
+	} // update
+
 	/*!
 		@function create
 		@discussion creates a new entry
@@ -104,7 +118,7 @@ class Access {
 			$access_id = $this->id;
 		}
 
-		$sql = "DELETE FROM access_list WHERE id='$access_id'";
+		$sql = "DELETE FROM access_list WHERE id='" . sql_escape($access_id) . "'";
 		$db_results = mysql_query($sql, dbh());
 
 	} // delete
diff --git a/templates/list_duplicates.inc b/templates/list_duplicates.inc
index 8bf052dc..620d0ee9 100644
--- a/templates/list_duplicates.inc
+++ b/templates/list_duplicates.inc
@@ -71,6 +71,6 @@
 </tr>
 </table>
 <?php  } else { ?>
-<p><?php _('You don't have any duplicate songs.'); ?></p>
+<p><?php _('You don\'t have any duplicate songs.'); ?></p>
 <?php  } ?>
 </form>
diff --git a/templates/show_access_list.inc b/templates/show_access_list.inc
index b5c7207b..a2aa79d0 100644
--- a/templates/show_access_list.inc
+++ b/templates/show_access_list.inc
@@ -31,7 +31,7 @@
 $row_classes = array('even','odd');
 ?>
 
-<p style="font-size: 10pt; font-weight: bold;"><?php print _("Host Access to Your Catalog"); ?></p>
+<p class="header1"><?php print _("Host Access to Your Catalog"); ?></p>
 
 <p>Since your catalog can be accessed remotely you may want to limit the access from
 remote sources so you are not in violation of copyright laws.  By default your
@@ -56,13 +56,14 @@ if (count($list)) {
 foreach ($list as $access) { 
 ?>
 <tr class="<?php print $row_classes[0]; ?>">
-	<td><?php print $access->name; ?></td>
+	<td><?php print scrub_out($access->name); ?></td>
 	<td><?php print int2ip($access->start); ?></td>
 	<td><?php print int2ip($access->end); ?></td>
 	<td><?php print $access->get_level_name(); ?></td>
 	<td>
-		Edit | 
-		<a href="<?php print conf('web_path'); ?>/admin/access.php?action=show_confirm_delete&amp;access_id=<?php print $access->id; ?>"><?php print _("Revoke"); ?></a>
+		<a href="<?php echo conf('web_path'); ?>/admin/access.php?action=show_edit_host&amp;access_id=<?php echo scrub_out($access->id); ?>"><?php echo _('Edit'); ?></a>
+		| 
+		<a href="<?php echo conf('web_path'); ?>/admin/access.php?action=show_confirm_delete&amp;access_id=<?php print scrub_out($access->id); ?>"><?php print _("Revoke"); ?></a>
 	</td>
 </tr>
 <?php  $row_classes = array_reverse($row_classes); ?>
diff --git a/templates/show_edit_access.inc b/templates/show_edit_access.inc
new file mode 100644
index 00000000..93c32999
--- /dev/null
+++ b/templates/show_edit_access.inc
@@ -0,0 +1,65 @@
+<?php
+/*
+
+ Copyright (c) 2001 - 2006 Ampache.org
+ All rights reserved.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+*/
+?>
+
+<p class="header1"><?php print _('Edit Access List'); ?></p>
+
+<form name="edit_access" method="post" enctype="multipart/form-data" action="<?php echo conf('web_path'); ?>/admin/access.php">
+<table class="text-box">
+        <tr>
+                <td><?php print _('Name'); ?>: </td>
+		<td><?php echo scrub_out($access->name); ?></td>
+        </tr>
+        <tr>
+                <td><?php print _('Start IP Address'); ?>:</td>
+		<td>
+			<input type="text" name="start" value="<?php echo int2ip($access->start); ?>" size="20" maxlength="15" />
+		</td>
+        </tr>
+	<tr>
+		<td><?php print _('End IP Address'); ?>:</td>
+		<td>
+			<input type="text" name="end" value="<?php echo int2ip($access->end); ?>" size="20" maxlength="15" />
+		</td>
+	</tr>
+	<tr>
+		<td><?php print _('Level'); ?>:</td>
+		<td>
+			<select name="level">
+				<?php $name = 'level_' . $access->level; ${$name} = 'selected="selected"'; ?>
+				<option value="5" <?php echo $level_5; ?>><?php echo _('Demo'); ?></option>
+				<option value="25" <?php echo $level_25; ?>><?php echo _('Stream'); ?></option>
+				<option value="50" <?php echo $level_50; ?>><?php echo _('Stream/Download'); ?></option>
+				<option value="75" <?php echo $level_75; ?>><?php echo _('XML-RPC'); ?></option>
+			</select>
+		</td>
+	</tr>
+        <tr>
+                <td>&nbsp;</td>
+		<td>
+			<input type="hidden" name="access_id" value="<?php echo scrub_out($access->id); ?>" />
+			<input type="hidden" name="action" value="update_host" />
+			<input type="submit" value="<?php print _('Update'); ?>" />
+		</td>
+        </tr>
+</table>
+</form>