debug_event('Access Control', 'Error Attempted to use XML API with Access Control turned off', '3');
echo XML_Data::error('501', T_('Access Control not Enabled'));
exit;
}
/**
* Verify the existance of the Session they passed in we do allow them to
* login via this interface so we do have an exception for action=login
*/
if (!Session::exists('api', $_REQUEST['auth']) and $_REQUEST['action'] != 'handshake' and $_REQUEST['action'] != 'ping') {
debug_event('Access Denied', 'Invalid Session attempt to API [' . $_REQUEST['action'] . ']', '3');
ob_end_clean();
echo XML_Data::error('401', T_('Session Expired'));
exit;
}
// If the session exists then let's try to pull some data from it to see if we're still allowed to do this
$username = $_REQUEST['action'] == 'handshake' || $_REQUEST['action'] == 'ping' ? $_REQUEST['user'] : Session::username($_REQUEST['auth']);
if (!Access::check_network('init-api', $username, 5)) {
debug_event('Access Denied', 'Unauthorized access attempt to API [' . $_SERVER['REMOTE_ADDR'] . ']', '3');
ob_end_clean();
echo XML_Data::error('403', T_('Unauthorized access attempt to API - ACL Error'));
exit;
}
if ($_REQUEST['action'] != 'handshake' and $_REQUEST['action'] != 'ping') {
Session::extend($_REQUEST['auth']);
$GLOBALS['user'] = User::get_from_username($username);
}
// Get the list of possible methods for the Ampache API
$methods = get_class_methods('api');
// Define list of internal functions that should be skipped
$internal_functions = array('set_filter');
// Recurse through them and see if we're calling one of them
