yetangitu/ampache
1
0
Fork 0
mirror of https://github.com/Yetangitu/ampache synced 2025-10-03 09:49:30 +02:00
Code Issues Releases Wiki Activity

Use Session for stream sessions

Browse source
This commit is contained in:
Paul Arthur 2013-01-28 18:42:14 -05:00
parent 0451840fa3
commit fbbb015950
6 changed files with 39 additions and 142 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/class/api.class.php
View file

@ -173,8 +173,6 @@ class Api {
$data['value'] = $timestamp; $data['value'] = $timestamp;
$token = Session::create($data); $token = Session::create($data);
// Insert the token into the streamer
Stream::insert_session($token,$client->id);
debug_event('API', 'Login Success, passphrase matched', 1); debug_event('API', 'Login Success, passphrase matched', 1);
// We need to also get the 'last update' of the // We need to also get the 'last update' of the

41
lib/class/session.class.php
View file

@ -113,13 +113,13 @@ class Session {
* This function is randomly called and it cleans up the spoo * This function is randomly called and it cleans up the spoo
*/ */
public static function gc($maxlifetime) { public static function gc($maxlifetime) {
$sql = "DELETE FROM `session` WHERE `expire` < '" . time() . "'"; $sql = "DELETE FROM `session` WHERE `expire` < '" . time() . "'";
$db_results = Dba::write($sql); $db_results = Dba::write($sql);
// Also clean up things that use sessions as keys // Also clean up things that use sessions as keys
Query::gc(); Query::gc();
Tmp_Playlist::gc(); Tmp_Playlist::gc();
Stream_Playlist::gc();
return true; return true;
} }
@ -173,7 +173,10 @@ class Session {
// Regenerate the session ID to prevent fixation // Regenerate the session ID to prevent fixation
switch ($data['type']) { switch ($data['type']) {
case 'api': case 'api':
$key = md5(uniqid(rand(), true)); case 'stream':
$key = isset($data['sid'])
? $data['sid']
: md5(uniqid(rand(), true));
break; break;
case 'mysql': case 'mysql':
default: default:
@ -192,7 +195,13 @@ class Session {
$type = Dba::escape($data['type']); $type = Dba::escape($data['type']);
$value = Dba::escape($data['value']); $value = Dba::escape($data['value']);
$agent = Dba::escape(substr($_SERVER['HTTP_USER_AGENT'], 0, 254)); $agent = Dba::escape(substr($_SERVER['HTTP_USER_AGENT'], 0, 254));
$expire = Dba::escape(time() + Config::get('session_length'));
if ($type == 'stream') {
$expire = time() + Config::get('stream_length');
}
else {
$expire = time() + Config::get('session_length');
}
if (!strlen($value)) { $value = ' '; } if (!strlen($value)) { $value = ' '; }
@ -258,11 +267,11 @@ class Session {
// Switch on the type they pass // Switch on the type they pass
switch ($type) { switch ($type) {
case 'api': case 'api':
case 'stream':
$key = Dba::escape($key); $key = Dba::escape($key);
$time = time(); $time = time();
$sql = "SELECT * FROM `session` WHERE " . $sql = "SELECT * FROM `session` WHERE `id`='$key' AND " .
"`id`='$key' AND `expire` > '$time' " . "`expire` > '$time' AND `type` IN ('api', 'stream')";
"AND `type`='$type'";
$db_results = Dba::read($sql); $db_results = Dba::read($sql);
if (Dba::num_rows($db_results)) { if (Dba::num_rows($db_results)) {
@ -287,20 +296,6 @@ class Session {
return true; return true;
} }
break; break;
case 'stream':
$key = Dba::escape($key);
$ip = Dba::escape(inet_pton($data['ip']));
$agent = Dba::escape($data['agent']);
$sql = "SELECT * FROM `session_stream` WHERE " .
"`id`='$key' AND `expire` > '$time' " .
"AND `ip`='$ip' AND `agent`='$agent'";
$db_results = Dba::read($sql);
if (Dba::num_rows($db_results)) {
return true;
}
break;
default: default:
return false; return false;
break; break;
@ -316,13 +311,17 @@ class Session {
* *
* This takes a SID and extends its expiration. * This takes a SID and extends its expiration.
*/ */
public static function extend($sid) { public static function extend($sid, $type = null) {
$time = time(); $time = time();
$sid = Dba::escape($sid); $sid = Dba::escape($sid);
$expire = isset($_COOKIE[Config::get('session_name') . '_remember']) $expire = isset($_COOKIE[Config::get('session_name') . '_remember'])
? $time + Config::get('remember_length') ? $time + Config::get('remember_length')
: $time + Config::get('session_length'); : $time + Config::get('session_length');
if ($type == 'stream') {
$expire = $time + Config::get('stream_length');
}
$sql = "UPDATE `session` SET `expire`='$expire' WHERE `id`='$sid'"; $sql = "UPDATE `session` SET `expire`='$expire' WHERE `id`='$sid'";
if ($db_results = Dba::write($sql)) { if ($db_results = Dba::write($sql)) {
debug_event('session', $sid . ' has been extended to ' . date('r', $expire) . ' extension length ' . ($expire - $time), 5); debug_event('session', $sid . ' has been extended to ' . date('r', $expire) . ' extension length ' . ($expire - $time), 5);

118
lib/class/stream.class.php
View file

@ -24,120 +24,22 @@
class Stream { class Stream {
public static $session; public static $session;
private static $session_inserted;
private function __construct() { private function __construct() {
// Static class, do nothing. // Static class, do nothing.
} }
/**
* get_session
* This returns the current stream session
*/
public static function get_session() {
if (!self::$session_inserted) {
self::insert_session(self::$session);
}
return self::$session;
} // get_session
/** /**
* set_session * set_session
*
* This overrides the normal session value, without adding * This overrides the normal session value, without adding
* an additional session into the database, should be called * an additional session into the database, should be called
* with care * with care
*/ */
public static function set_session($sid) { public static function set_session($sid) {
self::$session_inserted = true;
self::$session=$sid; self::$session=$sid;
} // set_session } // set_session
/**
* insert_session
* This inserts a row into the session_stream table
*/
public static function insert_session($sid='',$uid='') {
$sid = $sid ? Dba::escape($sid) : Dba::escape(self::$session);
$uid = $uid ? Dba::escape($uid) : Dba::escape($GLOBALS['user']->id);
$expire = time() + Config::get('stream_length');
$sql = "INSERT INTO `session_stream` (`id`,`expire`,`user`) " .
"VALUES('$sid','$expire','$uid')";
$db_results = Dba::write($sql);
if (!$db_results) { return false; }
self::$session_inserted = true;
return true;
} // insert_session
/**
* session_exists
* This checks to see if the passed stream session exists and is valid
*/
public static function session_exists($sid) {
$sid = Dba::escape($sid);
$time = time();
$sql = "SELECT * FROM `session_stream` WHERE `id`='$sid' AND `expire` > '$time'";
$db_results = Dba::write($sql);
if ($row = Dba::fetch_assoc($db_results)) {
return true;
}
return false;
} // session_exists
/**
* gc
* This function performes the garbage collection stuff, run on extend
* and on now playing refresh.
*/
public static function gc() {
$time = time();
$sql = "DELETE FROM `session_stream` WHERE `expire` < '$time'";
$db_results = Dba::write($sql);
Stream_Playlist::gc();
}
/**
* extend_session
* This takes the passed sid and does a replace into also setting the user
* agent and IP also do a little GC in this function
*/
public static function extend_session($sid,$uid) {
$expire = time() + Config::get('stream_length');
$sid = Dba::escape($sid);
$agent = Dba::escape($_SERVER['HTTP_USER_AGENT']);
$ip = Dba::escape(inet_pton($_SERVER['REMOTE_ADDR']));
$uid = Dba::escape($uid);
$sql = "UPDATE `session_stream` SET `expire`='$expire', `agent`='$agent', `ip`='$ip' " .
"WHERE `id`='$sid'";
$db_results = Dba::write($sql);
self::gc();
return true;
} // extend_session
/** /**
* start_transcode * start_transcode
* *
@ -261,10 +163,10 @@ class Stream {
*/ */
public static function gc_now_playing() { public static function gc_now_playing() {
// Remove any now playing entries for session_streams that have been GC'd // Remove any now playing entries for sessions that have been GC'd
$sql = "DELETE FROM `now_playing` USING `now_playing` " . $sql = "DELETE FROM `now_playing` USING `now_playing` " .
"LEFT JOIN `session_stream` ON `session_stream`.`id`=`now_playing`.`id` " . "LEFT JOIN `session` ON `session`.`id`=`now_playing`.`id` " .
"WHERE `session_stream`.`id` IS NULL OR `now_playing`.`expire` < '" . time() . "'"; "WHERE `session`.`id` IS NULL OR `now_playing`.`expire` < '" . time() . "'";
$db_results = Dba::write($sql); $db_results = Dba::write($sql);
} // gc_now_playing } // gc_now_playing
@ -308,9 +210,9 @@ class Stream {
*/ */
public static function get_now_playing($filter=NULL) { public static function get_now_playing($filter=NULL) {
$sql = "SELECT `session_stream`.`agent`,`now_playing`.* " . $sql = "SELECT `session`.`agent`,`now_playing`.* " .
"FROM `now_playing` " . "FROM `now_playing` " .
"LEFT JOIN `session_stream` ON `session_stream`.`id`=`now_playing`.`id` " . "LEFT JOIN `session` ON `session`.`id`=`now_playing`.`id` " .
"ORDER BY `now_playing`.`expire` DESC"; "ORDER BY `now_playing`.`expire` DESC";
$db_results = Dba::read($sql); $db_results = Dba::read($sql);
@ -355,11 +257,9 @@ class Stream {
* This is called on class load it sets the session * This is called on class load it sets the session
*/ */
public static function _auto_init() { public static function _auto_init() {
// Generate the session ID // Generate the session ID
self::$session = md5(uniqid(rand(), true)); self::$session = Session::create(array('type' => 'stream'));
}
} // auto_init
/** /**
* run_playlist_method * run_playlist_method
@ -401,7 +301,7 @@ class Stream {
public static function get_base_url() { public static function get_base_url() {
if (Config::get('require_session')) { if (Config::get('require_session')) {
$session_string = 'ssid=' . Stream::get_session() . '&'; $session_string = 'ssid=' . self::$session . '&';
} }
$web_path = Config::get('web_path'); $web_path = Config::get('web_path');

14
lib/class/stream_playlist.class.php
View file

@ -40,14 +40,14 @@ class Stream_Playlist {
*/ */
public function __construct($id = null) { public function __construct($id = null) {
if($id) { if ($id) {
Stream::set_session($id); Stream::set_session($id);
} }
$this->id = Dba::escape(Stream::get_session()); $this->id = Dba::escape(Stream::$session);
if (!Stream::session_exists($this->id)) { if (!Session::exists('stream', $this->id)) {
debug_event('stream_playlist', 'Stream::session_exists failed', 2); debug_event('stream_playlist', 'Session::exists failed', 2);
return false; return false;
} }
@ -87,9 +87,9 @@ class Stream_Playlist {
public static function gc() { public static function gc() {
$sql = 'DELETE FROM `stream_playlist` ' . $sql = 'DELETE FROM `stream_playlist` ' .
'USING `stream_playlist` LEFT JOIN `session_stream` ' . 'USING `stream_playlist` LEFT JOIN `session` ' .
'ON `session_stream`.`id`=`stream_playlist`.`sid` ' . 'ON `session`.`id`=`stream_playlist`.`sid` ' .
'WHERE `session_stream`.`id` IS NULL'; 'WHERE `session`.`id` IS NULL';
return Dba::write($sql); return Dba::write($sql);
} }

2
lib/ui.lib.php
View file

@ -538,7 +538,7 @@ function print_bool($value) {
*/ */
function show_now_playing() { function show_now_playing() {
Stream::gc(); Session::gc();
Stream::gc_now_playing(); Stream::gc_now_playing();
$web_path = Config::get('web_path'); $web_path = Config::get('web_path');

4
play/index.php
View file

@ -86,7 +86,7 @@ if (Config::get('require_session')) {
if (!Config::get('require_localnet_session') AND Access::check_network('network',$GLOBALS['user']->id,'5')) { if (!Config::get('require_localnet_session') AND Access::check_network('network',$GLOBALS['user']->id,'5')) {
debug_event('play', 'Streaming access allowed for local network IP ' . $_SERVER['REMOTE_ADDR'],'5'); debug_event('play', 'Streaming access allowed for local network IP ' . $_SERVER['REMOTE_ADDR'],'5');
} }
elseif(!Stream::session_exists($sid)) { else if(!Session::exists('stream', $sid)) {
debug_event('UI::access_denied', 'Streaming access denied: ' . $GLOBALS['user']->username . "'s session has expired", 3); debug_event('UI::access_denied', 'Streaming access denied: ' . $GLOBALS['user']->username . "'s session has expired", 3);
header('HTTP/1.1 403 Session Expired'); header('HTTP/1.1 403 Session Expired');
exit; exit;
@ -94,7 +94,7 @@ if (Config::get('require_session')) {
// Now that we've confirmed the session is valid // Now that we've confirmed the session is valid
// extend it // extend it
Stream::extend_session($sid,$uid); Session::extend($sid, 'stream');
} }