mirror of
https://github.com/Yetangitu/ampache
synced 2025-10-03 17:59:21 +02:00
ef4d366060
The refactoring I've been doing has reminded me of my strong preference for spaces, and I feel inclined to impose my will on the tree.
569 lines
15 KiB
PHP
569 lines
15 KiB
PHP
<?php
|
|
/* vim:set softtabstop=4 shiftwidth=4 expandtab: */
|
|
/**
|
|
*
|
|
* LICENSE: GNU General Public License, version 2 (GPLv2)
|
|
* Copyright 2001 - 2013 Ampache.org
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License v2
|
|
* as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
*
|
|
*/
|
|
|
|
/**
|
|
* Access Class
|
|
*
|
|
* This class handles the access list mojo for Ampache, it is meant to restrict
|
|
* access based on IP and maybe something else in the future
|
|
*
|
|
*/
|
|
class Access {
|
|
|
|
// Variables from DB
|
|
|
|
/**
|
|
* User ID
|
|
*
|
|
* @var integer
|
|
*/
|
|
public $id;
|
|
|
|
/**
|
|
*
|
|
*/
|
|
public $name;
|
|
|
|
/**
|
|
*
|
|
*/
|
|
public $start;
|
|
|
|
/**
|
|
*
|
|
*/
|
|
public $end;
|
|
|
|
/**
|
|
*
|
|
*/
|
|
public $level;
|
|
|
|
/**
|
|
*
|
|
*/
|
|
public $user;
|
|
|
|
/**
|
|
*
|
|
*/
|
|
public $type;
|
|
|
|
/**
|
|
*
|
|
*/
|
|
public $enabled;
|
|
|
|
/**
|
|
* constructor
|
|
*
|
|
* Takes an ID of the access_id dealie :)
|
|
*
|
|
* @param integer $access_id ID of the access_id
|
|
* @return boolean
|
|
*/
|
|
public function __construct($access_id='') {
|
|
|
|
if (!$access_id) { return false; }
|
|
|
|
/* Assign id for use in get_info() */
|
|
$this->id = intval($access_id);
|
|
|
|
$info = $this->_get_info();
|
|
foreach ($info as $key=>$value) {
|
|
$this->$key = $value;
|
|
}
|
|
|
|
return true;
|
|
|
|
} // Constructor
|
|
|
|
/**
|
|
* _get_info
|
|
*
|
|
* get's the vars for $this out of the database
|
|
* Taken from the object
|
|
*
|
|
* @return resource
|
|
*/
|
|
private function _get_info() {
|
|
|
|
/* Grab the basic information from the catalog and return it */
|
|
$sql = "SELECT * FROM `access_list` WHERE `id`='" . Dba::escape($this->id) . "'";
|
|
$db_results = Dba::read($sql);
|
|
|
|
$results = Dba::fetch_assoc($db_results);
|
|
|
|
return $results;
|
|
|
|
} // _get_info
|
|
|
|
/**
|
|
* format
|
|
*
|
|
* This makes the Access object a nice fuzzy human readable object, spiffy ain't it.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function format() {
|
|
|
|
$this->f_start = inet_ntop($this->start);
|
|
$this->f_end = inet_ntop($this->end);
|
|
|
|
$this->f_user = $this->get_user_name();
|
|
$this->f_level = $this->get_level_name();
|
|
$this->f_type = $this->get_type_name();
|
|
|
|
} // format
|
|
|
|
/**
|
|
* update
|
|
*
|
|
* This function takes a named array as a datasource and updates the current access list entry
|
|
*
|
|
* @param array $data xxx
|
|
* @return boolean
|
|
*/
|
|
public function update($data) {
|
|
|
|
/* We need to verify the incomming data a littlebit */
|
|
$start = @inet_pton($data['start']);
|
|
$end = @inet_pton($data['end']);
|
|
|
|
if (!$start AND $data['start'] != '0.0.0.0' AND $data['start'] != '::') {
|
|
Error::add('start', T_('Invalid IPv4 / IPv6 Address Entered'));
|
|
return false;
|
|
}
|
|
if (!$end) {
|
|
Error::add('end', T_('Invalid IPv4 / IPv6 Address Entered'));
|
|
return false;
|
|
}
|
|
|
|
if (strlen(bin2hex($start)) != strlen(bin2hex($end))) {
|
|
Error::add('start', T_('IP Address Version Mismatch'));
|
|
Error::add('end', T_('IP Address Version Mismatch'));
|
|
return false;
|
|
}
|
|
|
|
$name = Dba::escape($data['name']);
|
|
$type = self::validate_type($data['type']);
|
|
$start = Dba::escape(inet_pton($data['start']));
|
|
$end = Dba::escape(inet_pton($data['end']));
|
|
$level = Dba::escape($data['level']);
|
|
$user = $data['user'] ? Dba::escape($data['user']) : '-1';
|
|
$enabled = make_bool($data['enabled']) ? 1 : 0;
|
|
|
|
$sql = "UPDATE `access_list` " .
|
|
"SET `start`='$start', `end`='$end', `level`='$level', `user`='$user', " .
|
|
"`name`='$name', `type`='$type',`enabled`='$enabled' WHERE `id`='" . Dba::escape($this->id) . "'";
|
|
$db_results = Dba::write($sql);
|
|
|
|
return true;
|
|
|
|
} // update
|
|
|
|
/**
|
|
* create
|
|
*
|
|
* This takes a key'd array of data and trys to insert it as a
|
|
* new ACL entry
|
|
*
|
|
* @param array $data xxx
|
|
* @return boolean
|
|
*/
|
|
public static function create($data) {
|
|
|
|
/* We need to verify the incomming data a littlebit */
|
|
$start = @inet_pton($data['start']);
|
|
$end = @inet_pton($data['end']);
|
|
|
|
if (!$start AND $data['start'] != '0.0.0.0' AND $data['start'] != '::') {
|
|
Error::add('start', T_('Invalid IPv4 / IPv6 Address Entered'));
|
|
return false;
|
|
}
|
|
if (!$end) {
|
|
Error::add('end', T_('Invalid IPv4 / IPv6 Address Entered'));
|
|
return false;
|
|
}
|
|
|
|
if (strlen(bin2hex($start)) != strlen(bin2hex($end))) {
|
|
Error::add('start', T_('IP Address Version Mismatch'));
|
|
Error::add('end', T_('IP Address Version Mismatch'));
|
|
return false;
|
|
}
|
|
|
|
// Check existing ACL's to make sure we're not duplicating values here
|
|
if (self::exists($data)) {
|
|
debug_event('ACL Create','Error: An ACL equal to the created one does already exist. Not adding another one: ' . $data['start'] . ' - ' . $data['end'],'1');
|
|
Error::add('general', T_('Duplicate ACL defined'));
|
|
return false;
|
|
}
|
|
|
|
$start = Dba::escape($start);
|
|
$end = Dba::escape($end);
|
|
$name = Dba::escape($data['name']);
|
|
$user = $data['user'] ? Dba::escape($data['user']) : '-1';
|
|
$level = intval($data['level']);
|
|
$type = self::validate_type($data['type']);
|
|
$enabled = make_bool($data['enabled']) ? 1 : 0;
|
|
|
|
$sql = "INSERT INTO `access_list` (`name`,`level`,`start`,`end`,`user`,`type`,`enabled`) " .
|
|
"VALUES ('$name','$level','$start','$end','$user','$type','$enabled')";
|
|
$db_results = Dba::write($sql);
|
|
|
|
return true;
|
|
|
|
} // create
|
|
|
|
/**
|
|
* exists
|
|
*
|
|
* this sees if the ACL that we've specified already exists, prevent duplicates. This ignores the name
|
|
*
|
|
* @param array $data xxx
|
|
* @return boolean
|
|
*/
|
|
public static function exists($data) {
|
|
|
|
$start = Dba::escape(inet_pton($data['start']));
|
|
$end = Dba::escape(inet_pton($data['end']));
|
|
$type = self::validate_type($data['type']);
|
|
$user = $data['user'] ? Dba::escape($data['user']) : '-1';
|
|
|
|
$sql = "SELECT * FROM `access_list` WHERE `start`='$start' AND `end` = '$end' " .
|
|
"AND `type`='$type' AND `user`='$user'";
|
|
$db_results = Dba::read($sql);
|
|
|
|
if (Dba::fetch_assoc($db_results)) {
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
|
|
} // exists
|
|
|
|
/**
|
|
* delete
|
|
*
|
|
* deletes the specified access_list entry
|
|
*
|
|
* @param integer $access_id xxx
|
|
* @return void
|
|
*/
|
|
public static function delete($access_id) {
|
|
|
|
$sql = "DELETE FROM `access_list` WHERE `id`='" . Dba::escape($access_id) . "'";
|
|
$db_results = Dba::write($sql);
|
|
|
|
} // delete
|
|
|
|
/**
|
|
* check_function
|
|
*
|
|
* This checks if a specific functionality is enabled
|
|
* it takes a type only
|
|
*
|
|
* @param string $type check type xxx
|
|
* @return mixed boolean or config
|
|
*/
|
|
public static function check_function($type) {
|
|
|
|
switch ($type) {
|
|
case 'download':
|
|
return Config::get('download');
|
|
break ;
|
|
case 'batch_download':
|
|
if (!function_exists('gzcompress')) {
|
|
debug_event('gzcompress','ZLIB Extensions not loaded, batch download disabled','3');
|
|
return false;
|
|
}
|
|
if (Config::get('allow_zip_download') AND $GLOBALS['user']->has_access('25')) {
|
|
return Config::get('download');
|
|
}
|
|
break;
|
|
default:
|
|
return false;
|
|
break;
|
|
} // end switch
|
|
|
|
} // check_function
|
|
|
|
/**
|
|
* check_network
|
|
*
|
|
* This takes a type, ip, user, level and key
|
|
* and then returns true or false if they have access to this
|
|
* the IP is passed as a dotted quad
|
|
*
|
|
* @param string $type Check type.
|
|
* @param string $user User name.
|
|
* @param integer $level Access level.
|
|
* @param string $ip IP Address.
|
|
* @return boolean
|
|
*/
|
|
public static function check_network($type, $user, $level, $ip=null) {
|
|
|
|
if (!Config::get('access_control')) {
|
|
switch ($type) {
|
|
case 'interface':
|
|
case 'stream':
|
|
return true;
|
|
break;
|
|
default:
|
|
return false;
|
|
} // end switch
|
|
} // end if access control is turned off
|
|
|
|
// Clean incoming variables
|
|
$ip = $ip
|
|
? Dba::escape(inet_pton($ip))
|
|
: Dba::escape(inet_pton($_SERVER['REMOTE_ADDR']));
|
|
$user = Dba::escape($user);
|
|
$level = Dba::escape($level);
|
|
|
|
switch ($type) {
|
|
case 'init-api':
|
|
if ($user) {
|
|
$user = User::get_from_username($user);
|
|
$user = $user->id;
|
|
}
|
|
case 'api':
|
|
$type = 'rpc';
|
|
case 'network':
|
|
case 'interface':
|
|
case 'stream':
|
|
break;
|
|
default:
|
|
return false;
|
|
break;
|
|
} // end switch on type
|
|
|
|
$sql = 'SELECT `id` FROM `access_list` ' .
|
|
"WHERE `start` <= '$ip' AND `end` >= '$ip' " .
|
|
"AND `level` >= '$level' AND `type` = '$type'";
|
|
|
|
if (strlen($user) && $user != '-1') {
|
|
$sql .= " AND `user` IN('$user', '-1')";
|
|
}
|
|
else {
|
|
$sql .= " AND `user` = '-1'";
|
|
}
|
|
|
|
$db_results = Dba::read($sql);
|
|
|
|
if (Dba::fetch_row($db_results)) {
|
|
// Yah they have access they can use the mojo
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
} // check_network
|
|
|
|
/**
|
|
* check_access
|
|
* This is the global 'has_access' function it can check for any 'type'
|
|
* of object.
|
|
* Everything uses the global 0,5,25,50,75,100 stuff. GLOBALS['user'] is
|
|
* always used.
|
|
*/
|
|
public static function check($type,$level) {
|
|
|
|
if (Config::get('demo_mode')) { return true; }
|
|
if (defined('INSTALL')) { return true; }
|
|
|
|
$level = intval($level);
|
|
|
|
// Switch on the type
|
|
switch ($type) {
|
|
case 'localplay':
|
|
// Check their localplay_level
|
|
if (Config::get('localplay_level') >= $level OR $GLOBALS['user']->access >= '100') {
|
|
return true;
|
|
}
|
|
else {
|
|
return false;
|
|
}
|
|
break;
|
|
case 'interface':
|
|
// Check their standard user level
|
|
if ($GLOBALS['user']->access >= $level) {
|
|
return true;
|
|
}
|
|
else {
|
|
return false;
|
|
}
|
|
break;
|
|
default:
|
|
return false;
|
|
break;
|
|
} // end switch on type
|
|
|
|
// Default false
|
|
return false;
|
|
|
|
} // check
|
|
|
|
/**
|
|
* validate_type
|
|
* This cleans up and validates the specified type
|
|
*/
|
|
public static function validate_type($type) {
|
|
|
|
switch($type) {
|
|
case 'rpc':
|
|
case 'interface':
|
|
case 'network':
|
|
return $type;
|
|
break;
|
|
case 'xml-rpc':
|
|
return 'rpc';
|
|
break;
|
|
default:
|
|
return 'stream';
|
|
break;
|
|
} // end switch
|
|
|
|
} // validate_type
|
|
|
|
/**
|
|
* get_access_lists
|
|
* returns a full listing of all access rules on this server
|
|
*/
|
|
public static function get_access_lists() {
|
|
|
|
$sql = "SELECT `id` FROM `access_list`";
|
|
$db_results = Dba::read($sql);
|
|
|
|
$results = array();
|
|
|
|
// Man this is the wrong way to do it...
|
|
while ($row = Dba::fetch_assoc($db_results)) {
|
|
$results[] = $row['id'];
|
|
} // end while access list mojo
|
|
|
|
return $results;
|
|
|
|
} // get_access_lists
|
|
|
|
|
|
/**
|
|
* get_level_name
|
|
* take the int level and return a named level
|
|
*/
|
|
public function get_level_name() {
|
|
|
|
if ($this->level >= '75') {
|
|
return T_('All');
|
|
}
|
|
if ($this->level == '5') {
|
|
return T_('View');
|
|
}
|
|
if ($this->level == '25') {
|
|
return T_('Read');
|
|
}
|
|
if ($this->level == '50') {
|
|
return T_('Read/Write');
|
|
}
|
|
|
|
} // get_level_name
|
|
|
|
/**
|
|
* get_user_name
|
|
* Take a user and return their full name
|
|
*/
|
|
public function get_user_name() {
|
|
|
|
if ($this->user == '-1') { return T_('All'); }
|
|
|
|
$user = new User($this->user);
|
|
return $user->fullname . " (" . $user->username . ")";
|
|
|
|
} // get_user_name
|
|
|
|
/**
|
|
* get_type_name
|
|
* This function returns the pretty name for our current type
|
|
*/
|
|
public function get_type_name() {
|
|
|
|
switch ($this->type) {
|
|
case 'xml-rpc':
|
|
case 'rpc':
|
|
return T_('API/RPC');
|
|
break;
|
|
case 'network':
|
|
return T_('Local Network Definition');
|
|
break;
|
|
case 'interface':
|
|
return T_('Web Interface');
|
|
break;
|
|
case 'stream':
|
|
default:
|
|
return T_('Stream Access');
|
|
break;
|
|
} // end switch
|
|
|
|
} // get_type_name
|
|
|
|
/**
|
|
* session_exists
|
|
* This checks to see if the specified session of the specified type
|
|
* exists, it also provides an array of key'd data that may be required
|
|
* based on the type
|
|
*/
|
|
public static function session_exists($data,$key,$type) {
|
|
|
|
// Switch on the type they pass
|
|
switch ($type) {
|
|
case 'api':
|
|
$key = Dba::escape($key);
|
|
$time = time();
|
|
$sql = "SELECT * FROM `session_api` WHERE `id`='$key' AND `expire` > '$time'";
|
|
$db_results = Dba::read($sql);
|
|
|
|
if (Dba::num_rows($db_results)) {
|
|
$time = $time + 3600;
|
|
$sql = "UPDATE `session_api` WHERE `id`='$key' SET `expire`='$time'";
|
|
$db_results = Dba::write($sql);
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
|
|
break;
|
|
case 'stream':
|
|
|
|
break;
|
|
case 'interface':
|
|
|
|
break;
|
|
default:
|
|
return false;
|
|
break;
|
|
} // type
|
|
|
|
|
|
} // session_exists
|
|
|
|
} //end of access class
|
|
|
|
?>
|