[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Librefm-commits] [1567] Fix for bug #bug #26569, added function to chec
From: |
Jørgen Bøhnsdalen |
Subject: |
[Librefm-commits] [1567] Fix for bug #bug #26569, added function to check if session is valid |
Date: |
Thu, 14 May 2009 15:42:21 +0000 |
Revision: 1567
http://svn.sv.gnu.org/viewvc/?view=rev&root=librefm&revision=1567
Author: jurgbohn
Date: 2009-05-14 15:42:20 +0000 (Thu, 14 May 2009)
Log Message:
-----------
Fix for bug #bug #26569, added function to check if session is valid
and added check to nowplaying.
Ticket Links:
:-----------
http://savannah.gnu.org/bugs/?26569
Modified Paths:
--------------
trunk/gnukebox/auth-utils.php
trunk/gnukebox/nowplaying/1.2/index.php
Modified: trunk/gnukebox/auth-utils.php
===================================================================
--- trunk/gnukebox/auth-utils.php 2009-05-14 14:37:51 UTC (rev 1566)
+++ trunk/gnukebox/auth-utils.php 2009-05-14 15:42:20 UTC (rev 1567)
@@ -46,7 +46,7 @@
// Validates authentication using a standard authentication token
global $adodb;
- $pass = $adodb->GetOne("SELECT password FROM Users WHERE username =" .
$adodb->qstr($username));
+ $pass = $adodb->GetOne('SELECT password FROM Users WHERE username =' .
$adodb->qstr($username));
if (!$pass) {
// TODO: Log failures somewhere
return false;
@@ -56,3 +56,17 @@
return $check_token == $token;
}
+
+/**
+ * Checks if the session is still valid. Assumes $sessionID is already quoted.
+ */
+function check_session($sessionID) {
+ global $adodb;
+
+ $session = $adodb->GetOne('SELECT expires from Scrobble_Sessions WHERE
sessionid = ' . $sessionID);
+ if (!$session) {
+ return(false);
+ }
+
+ return($session <= time());
+}
Modified: trunk/gnukebox/nowplaying/1.2/index.php
===================================================================
--- trunk/gnukebox/nowplaying/1.2/index.php 2009-05-14 14:37:51 UTC (rev
1566)
+++ trunk/gnukebox/nowplaying/1.2/index.php 2009-05-14 15:42:20 UTC (rev
1567)
@@ -20,6 +20,7 @@
require_once('../../database.php');
require_once('../../scrobble-utils.php');
+require_once('../../auth-utils.php');
if(!isset($_POST['s']) || !isset($_POST['a']) || !isset($_POST['t'])) {
die("FAILED Required POST parameters are not set\n");
@@ -56,6 +57,10 @@
//Delete this user's last playing song (if any)
$adodb->Execute("DELETE FROM Now_Playing WHERE sessionid = " . ($MQsess));
+if (!check_session($MQsess)) {
+ die("BADSESSION");
+}
+
try {
$adodb->Execute("INSERT INTO Now_Playing (sessionid, artist, album,
track, expires, mbid) VALUES ("
. $MQsess . ", "
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Librefm-commits] [1567] Fix for bug #bug #26569, added function to check if session is valid,
Jørgen Bøhnsdalen <=