/* If the user ID doesn't exist deny them */ if (!$GLOBALS['user']->id && !AmpConfig::get('demo_mode')) { Auth::logout(session_id()); exit; } /* Load preferences and theme */ $GLOBALS['user']->update_last_seen(); } elseif (!AmpConfig::get('use_auth')) { $auth['success'] = 1; $auth['username'] = '******'; $auth['fullname'] = "Ampache User"; $auth['id'] = -1; $auth['offset_limit'] = 50; $auth['access'] = AmpConfig::get('default_auth_level') ? User::access_name_to_level(AmpConfig::get('default_auth_level')) : '100'; if (!Session::exists('interface', $_COOKIE[AmpConfig::get('session_name')])) { Session::create_cookie(); Session::create($auth); Session::check(); $GLOBALS['user'] = new User($auth['username']); $GLOBALS['user']->username = $auth['username']; $GLOBALS['user']->fullname = $auth['fullname']; $GLOBALS['user']->access = $auth['access']; } else { Session::check(); if ($_SESSION['userdata']['username']) { $GLOBALS['user'] = User::get_from_username($_SESSION['userdata']['username']); } else { $GLOBALS['user'] = new User($auth['username']); $GLOBALS['user']->id = '-1'; $GLOBALS['user']->username = $auth['username']; $GLOBALS['user']->fullname = $auth['fullname'];
public static function auth_user() { $isLocal = self::is_local(); $headers = apache_request_headers(); $myplex_token = $headers['X-Plex-Token']; if (empty($myplex_token)) { $myplex_token = $_REQUEST['X-Plex-Token']; } if (!$isLocal) { $match_users = AmpConfig::get('plex_match_email'); $myplex_username = $headers['X-Plex-Username']; if (empty($myplex_token)) { // Never fail OPTIONS requests if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { self::setPlexHeader($headers); exit; } else { debug_event('Access Control', 'Authentication token is missing.', '3'); self::createError(401); } } $createSession = false; Session::gc(); $username = ""; $email = trim(Session::read((string) $myplex_token)); if (empty($email)) { $createSession = true; $xml = self::get_server_authtokens(); $validToken = false; foreach ($xml->access_token as $tk) { if ((string) $tk['token'] == $myplex_token) { $username = (string) $tk['username']; // We should apply filter and access restriction to shared sections only, but that's not easily possible with current Ampache architecture $validToken = true; break; } } if (!$validToken) { debug_event('Access Control', 'Auth-Token ' . $myplex_token . ' invalid for this server.', '3'); self::createError(401); } } // Need to get a match between Plex and Ampache users if ($match_users) { if (!AmpConfig::get('access_control')) { debug_event('Access Control', 'Error Attempted to use Plex with Access Control turned off and plex/ampache link enabled.', '3'); self::createError(401); } if (empty($email)) { $xml = self::get_users_account(); if ((string) $xml->username == $username) { $email = (string) $xml->email; } else { $xml = self::get_server_friends(); foreach ($xml->User as $xuser) { if ((string) $xuser['username'] == $username) { $email = (string) $xuser['email']; } } } } if (!empty($email)) { $user = User::get_from_email($email); } if (!isset($user) || !$user->id) { debug_event('Access Denied', 'Unable to get an Ampache user match for email ' . $email, '3'); self::createError(401); } else { $username = $user->username; if (!Access::check_network('init-api', $username, 5)) { debug_event('Access Denied', 'Unauthorized access attempt to Plex [' . $_SERVER['REMOTE_ADDR'] . ']', '3'); self::createError(401); } else { $GLOBALS['user'] = $user; $GLOBALS['user']->load_playlist(); } } } else { $email = $username; $username = null; $GLOBALS['user'] = new User(); $GLOBALS['user']->load_playlist(); } if ($createSession) { // Create an Ampache session from Plex authtoken Session::create(array('type' => 'api', 'sid' => $myplex_token, 'username' => $username, 'value' => $email)); } } else { AmpConfig::set('cookie_path', '/', true); $sid = $_COOKIE[AmpConfig::get('session_name')]; if (!$sid) { $sid = $myplex_token; if ($sid) { session_id($sid); Session::create_cookie(); } } if (!empty($sid) && Session::exists('api', $sid)) { Session::check(); $GLOBALS['user'] = User::get_from_username($_SESSION['userdata']['username']); } else { $GLOBALS['user'] = new User(); $data = array('type' => 'api', 'sid' => $sid); Session::create($data); Session::check(); } $GLOBALS['user']->load_playlist(); } }
public static function auth_remember() { $auth = false; $cname = AmpConfig::get('session_name') . '_remember'; if (isset($_COOKIE[$cname])) { list($username, $token, $mac) = explode(':', $_COOKIE[$cname]); if ($mac === hash_hmac('sha256', $username . ':' . $token, AmpConfig::get('secret_key'))) { $sql = "SELECT * FROM `session_remember` WHERE `username` = ? AND `token` = ? AND `expire` >= ?"; $db_results = Dba::read($sql, array($username, $token, time())); if (Dba::num_rows($db_results) > 0) { Session::create_cookie(); self::create(array('type' => 'mysql', 'username' => $username)); $_SESSION['userdata']['username'] = $username; $auth = true; } } } return $auth; }