yetangitu/ampache
1
0
Fork 0
mirror of https://github.com/Yetangitu/ampache synced 2025-10-03 09:49:30 +02:00
Code Issues Releases Wiki Activity

Use Session for stream sessions

Browse source
This commit is contained in:
Paul Arthur 2013-01-28 18:42:14 -05:00
parent 0451840fa3
commit fbbb015950
6 changed files with 39 additions and 142 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/class/api.class.php
View file

@ -173,8 +173,6 @@ class Api {
$data['value'] = $timestamp;
$token = Session::create($data);
// Insert the token into the streamer
Stream::insert_session($token,$client->id);
debug_event('API', 'Login Success, passphrase matched', 1);
// We need to also get the 'last update' of the

41
lib/class/session.class.php
View file

@ -113,13 +113,13 @@ class Session {
* This function is randomly called and it cleans up the spoo
*/
public static function gc($maxlifetime) {
$sql = "DELETE FROM `session` WHERE `expire` < '" . time() . "'";
$db_results = Dba::write($sql);
// Also clean up things that use sessions as keys
Query::gc();
Tmp_Playlist::gc();
Stream_Playlist::gc();
return true;
}
@ -173,7 +173,10 @@ class Session {
// Regenerate the session ID to prevent fixation
switch ($data['type']) {
case 'api':
$key = md5(uniqid(rand(), true));
case 'stream':
$key = isset($data['sid'])
? $data['sid']
: md5(uniqid(rand(), true));
break;
case 'mysql':
default:
@ -192,7 +195,13 @@ class Session {
$type = Dba::escape($data['type']);
$value = Dba::escape($data['value']);
$agent = Dba::escape(substr($_SERVER['HTTP_USER_AGENT'], 0, 254));
$expire = Dba::escape(time() + Config::get('session_length'));
if ($type == 'stream') {
$expire = time() + Config::get('stream_length');
}
else {
$expire = time() + Config::get('session_length');
}
if (!strlen($value)) { $value = ' '; }
@ -258,11 +267,11 @@ class Session {
// Switch on the type they pass
switch ($type) {
case 'api':
case 'stream':
$key = Dba::escape($key);
$time = time();
$sql = "SELECT * FROM `session` WHERE " .
"`id`='$key' AND `expire` > '$time' " .
"AND `type`='$type'";
$sql = "SELECT * FROM `session` WHERE `id`='$key' AND " .
"`expire` > '$time' AND `type` IN ('api', 'stream')";
$db_results = Dba::read($sql);
if (Dba::num_rows($db_results)) {
@ -287,20 +296,6 @@ class Session {
return true;
}
break;
case 'stream':
$key = Dba::escape($key);
$ip = Dba::escape(inet_pton($data['ip']));
$agent = Dba::escape($data['agent']);
$sql = "SELECT * FROM `session_stream` WHERE " .
"`id`='$key' AND `expire` > '$time' " .
"AND `ip`='$ip' AND `agent`='$agent'";
$db_results = Dba::read($sql);
if (Dba::num_rows($db_results)) {
return true;
}
break;
default:
return false;
break;
@ -316,13 +311,17 @@ class Session {
*
* This takes a SID and extends its expiration.
*/
public static function extend($sid) {
public static function extend($sid, $type = null) {
$time = time();
$sid = Dba::escape($sid);
$expire = isset($_COOKIE[Config::get('session_name') . '_remember'])
? $time + Config::get('remember_length')
: $time + Config::get('session_length');
if ($type == 'stream') {
$expire = $time + Config::get('stream_length');
}
$sql = "UPDATE `session` SET `expire`='$expire' WHERE `id`='$sid'";
if ($db_results = Dba::write($sql)) {
debug_event('session', $sid . ' has been extended to ' . date('r', $expire) . ' extension length ' . ($expire - $time), 5);

118
lib/class/stream.class.php
View file

@ -24,120 +24,22 @@
class Stream {
public static $session;
private static $session_inserted;
private function __construct() {
// Static class, do nothing.
}
/**
* get_session
* This returns the current stream session
*/
public static function get_session() {
if (!self::$session_inserted) {
self::insert_session(self::$session);
}
return self::$session;
} // get_session
/**
* set_session
*
* This overrides the normal session value, without adding
* an additional session into the database, should be called
* with care
*/
public static function set_session($sid) {
self::$session_inserted = true;
self::$session=$sid;
} // set_session
/**
* insert_session
* This inserts a row into the session_stream table
*/
public static function insert_session($sid='',$uid='') {
$sid = $sid ? Dba::escape($sid) : Dba::escape(self::$session);
$uid = $uid ? Dba::escape($uid) : Dba::escape($GLOBALS['user']->id);
$expire = time() + Config::get('stream_length');
$sql = "INSERT INTO `session_stream` (`id`,`expire`,`user`) " .
"VALUES('$sid','$expire','$uid')";
$db_results = Dba::write($sql);
if (!$db_results) { return false; }
self::$session_inserted = true;
return true;
} // insert_session
/**
* session_exists
* This checks to see if the passed stream session exists and is valid
*/
public static function session_exists($sid) {
$sid = Dba::escape($sid);
$time = time();
$sql = "SELECT * FROM `session_stream` WHERE `id`='$sid' AND `expire` > '$time'";
$db_results = Dba::write($sql);
if ($row = Dba::fetch_assoc($db_results)) {
return true;
}
return false;
} // session_exists
/**
* gc
* This function performes the garbage collection stuff, run on extend
* and on now playing refresh.
*/
public static function gc() {
$time = time();
$sql = "DELETE FROM `session_stream` WHERE `expire` < '$time'";
$db_results = Dba::write($sql);
Stream_Playlist::gc();
}
/**
* extend_session
* This takes the passed sid and does a replace into also setting the user
* agent and IP also do a little GC in this function
*/
public static function extend_session($sid,$uid) {
$expire = time() + Config::get('stream_length');
$sid = Dba::escape($sid);
$agent = Dba::escape($_SERVER['HTTP_USER_AGENT']);
$ip = Dba::escape(inet_pton($_SERVER['REMOTE_ADDR']));
$uid = Dba::escape($uid);
$sql = "UPDATE `session_stream` SET `expire`='$expire', `agent`='$agent', `ip`='$ip' " .
"WHERE `id`='$sid'";
$db_results = Dba::write($sql);
self::gc();
return true;
} // extend_session
/**
* start_transcode
*
@ -261,10 +163,10 @@ class Stream {
*/
public static function gc_now_playing() {
// Remove any now playing entries for session_streams that have been GC'd
// Remove any now playing entries for sessions that have been GC'd
$sql = "DELETE FROM `now_playing` USING `now_playing` " .
"LEFT JOIN `session_stream` ON `session_stream`.`id`=`now_playing`.`id` " .
"WHERE `session_stream`.`id` IS NULL OR `now_playing`.`expire` < '" . time() . "'";
"LEFT JOIN `session` ON `session`.`id`=`now_playing`.`id` " .
"WHERE `session`.`id` IS NULL OR `now_playing`.`expire` < '" . time() . "'";
$db_results = Dba::write($sql);
} // gc_now_playing
@ -308,9 +210,9 @@ class Stream {
*/
public static function get_now_playing($filter=NULL) {
$sql = "SELECT `session_stream`.`agent`,`now_playing`.* " .
$sql = "SELECT `session`.`agent`,`now_playing`.* " .
"FROM `now_playing` " .
"LEFT JOIN `session_stream` ON `session_stream`.`id`=`now_playing`.`id` " .
"LEFT JOIN `session` ON `session`.`id`=`now_playing`.`id` " .
"ORDER BY `now_playing`.`expire` DESC";
$db_results = Dba::read($sql);
@ -355,11 +257,9 @@ class Stream {
* This is called on class load it sets the session
*/
public static function _auto_init() {
// Generate the session ID
self::$session = md5(uniqid(rand(), true));
} // auto_init
self::$session = Session::create(array('type' => 'stream'));
}
/**
* run_playlist_method
@ -401,7 +301,7 @@ class Stream {
public static function get_base_url() {
if (Config::get('require_session')) {
$session_string = 'ssid=' . Stream::get_session() . '&';
$session_string = 'ssid=' . self::$session . '&';
}
$web_path = Config::get('web_path');

14
lib/class/stream_playlist.class.php
View file

@ -40,14 +40,14 @@ class Stream_Playlist {
*/
public function __construct($id = null) {
if($id) {
if ($id) {
Stream::set_session($id);
}
$this->id = Dba::escape(Stream::get_session());
$this->id = Dba::escape(Stream::$session);
if (!Stream::session_exists($this->id)) {
debug_event('stream_playlist', 'Stream::session_exists failed', 2);
if (!Session::exists('stream', $this->id)) {
debug_event('stream_playlist', 'Session::exists failed', 2);
return false;
}
@ -87,9 +87,9 @@ class Stream_Playlist {
public static function gc() {
$sql = 'DELETE FROM `stream_playlist` ' .
'USING `stream_playlist` LEFT JOIN `session_stream` ' .
'ON `session_stream`.`id`=`stream_playlist`.`sid` ' .
'WHERE `session_stream`.`id` IS NULL';
'USING `stream_playlist` LEFT JOIN `session` ' .
'ON `session`.`id`=`stream_playlist`.`sid` ' .
'WHERE `session`.`id` IS NULL';
return Dba::write($sql);
}

2
lib/ui.lib.php
View file

@ -538,7 +538,7 @@ function print_bool($value) {
*/
function show_now_playing() {
Stream::gc();
Session::gc();
Stream::gc_now_playing();
$web_path = Config::get('web_path');

4
play/index.php
View file

@ -86,7 +86,7 @@ if (Config::get('require_session')) {
if (!Config::get('require_localnet_session') AND Access::check_network('network',$GLOBALS['user']->id,'5')) {
debug_event('play', 'Streaming access allowed for local network IP ' . $_SERVER['REMOTE_ADDR'],'5');
}
elseif(!Stream::session_exists($sid)) {
else if(!Session::exists('stream', $sid)) {
debug_event('UI::access_denied', 'Streaming access denied: ' . $GLOBALS['user']->username . "'s session has expired", 3);
header('HTTP/1.1 403 Session Expired');
exit;
@ -94,7 +94,7 @@ if (Config::get('require_session')) {
// Now that we've confirmed the session is valid
// extend it
Stream::extend_session($sid,$uid);
Session::extend($sid, 'stream');
}