librefm-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Librefm-commits] [1567] Fix for bug #bug #26569, added function to chec


From: Jørgen Bøhnsdalen
Subject: [Librefm-commits] [1567] Fix for bug #bug #26569, added function to check if session is valid
Date: Thu, 14 May 2009 15:42:21 +0000

Revision: 1567
          http://svn.sv.gnu.org/viewvc/?view=rev&root=librefm&revision=1567
Author:   jurgbohn
Date:     2009-05-14 15:42:20 +0000 (Thu, 14 May 2009)
Log Message:
-----------
Fix for bug #bug #26569, added function to check if session is valid
and added check to nowplaying.

Ticket Links:
:-----------
    http://savannah.gnu.org/bugs/?26569

Modified Paths:
--------------
    trunk/gnukebox/auth-utils.php
    trunk/gnukebox/nowplaying/1.2/index.php

Modified: trunk/gnukebox/auth-utils.php
===================================================================
--- trunk/gnukebox/auth-utils.php       2009-05-14 14:37:51 UTC (rev 1566)
+++ trunk/gnukebox/auth-utils.php       2009-05-14 15:42:20 UTC (rev 1567)
@@ -46,7 +46,7 @@
        // Validates authentication using a standard authentication token
        global $adodb;
 
-       $pass = $adodb->GetOne("SELECT password FROM Users WHERE username =" . 
$adodb->qstr($username));
+       $pass = $adodb->GetOne('SELECT password FROM Users WHERE username =' . 
$adodb->qstr($username));
        if (!$pass) {
                // TODO: Log failures somewhere
                return false;
@@ -56,3 +56,17 @@
 
        return $check_token == $token;
 }
+
+/**
+ * Checks if the session is still valid. Assumes $sessionID is already quoted.
+ */
+function check_session($sessionID) {
+       global $adodb;
+
+       $session = $adodb->GetOne('SELECT expires from Scrobble_Sessions WHERE 
sessionid = ' . $sessionID);
+       if (!$session) {
+               return(false);
+       }
+
+       return($session <= time());
+}

Modified: trunk/gnukebox/nowplaying/1.2/index.php
===================================================================
--- trunk/gnukebox/nowplaying/1.2/index.php     2009-05-14 14:37:51 UTC (rev 
1566)
+++ trunk/gnukebox/nowplaying/1.2/index.php     2009-05-14 15:42:20 UTC (rev 
1567)
@@ -20,6 +20,7 @@
 
 require_once('../../database.php');
 require_once('../../scrobble-utils.php');
+require_once('../../auth-utils.php');
 
 if(!isset($_POST['s']) || !isset($_POST['a']) || !isset($_POST['t'])) {
        die("FAILED Required POST parameters are not set\n");
@@ -56,6 +57,10 @@
 //Delete this user's last playing song (if any)
 $adodb->Execute("DELETE FROM Now_Playing WHERE sessionid = " . ($MQsess));
 
+if (!check_session($MQsess)) {
+       die("BADSESSION");
+}
+
 try {
        $adodb->Execute("INSERT INTO Now_Playing (sessionid, artist, album, 
track, expires, mbid) VALUES ("
                        . $MQsess . ", "





reply via email to

[Prev in Thread] Current Thread [Next in Thread]