function send_newpassword($email, $current_ip) { /* get the Client and set the new password */ $client = User::get_from_email($email); if ($client && $client->email == $email) { $newpassword = generate_password(6); $client->update_password($newpassword); $mailer = new Mailer(); $mailer->set_default_sender(); $mailer->subject = T_("Lost Password"); $mailer->recipient_name = $client->fullname; $mailer->recipient = $client->email; $message = sprintf(T_("A user from %s has requested a password reset for '%s'."), $current_ip, $client->username); $message .= "\n"; $message .= sprintf(T_("The password has been set to: %s"), $newpassword); $mailer->message = $message; return $mailer->send(); } return false; }
public static function auth_user() { $isLocal = self::is_local(); $headers = apache_request_headers(); $myplex_token = $headers['X-Plex-Token']; if (empty($myplex_token)) { $myplex_token = $_REQUEST['X-Plex-Token']; } if (!$isLocal) { $match_users = AmpConfig::get('plex_match_email'); $myplex_username = $headers['X-Plex-Username']; if (empty($myplex_token)) { // Never fail OPTIONS requests if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { self::setPlexHeader($headers); exit; } else { debug_event('Access Control', 'Authentication token is missing.', '3'); self::createError(401); } } $createSession = false; Session::gc(); $username = ""; $email = trim(Session::read((string) $myplex_token)); if (empty($email)) { $createSession = true; $xml = self::get_server_authtokens(); $validToken = false; foreach ($xml->access_token as $tk) { if ((string) $tk['token'] == $myplex_token) { $username = (string) $tk['username']; // We should apply filter and access restriction to shared sections only, but that's not easily possible with current Ampache architecture $validToken = true; break; } } if (!$validToken) { debug_event('Access Control', 'Auth-Token ' . $myplex_token . ' invalid for this server.', '3'); self::createError(401); } } // Need to get a match between Plex and Ampache users if ($match_users) { if (!AmpConfig::get('access_control')) { debug_event('Access Control', 'Error Attempted to use Plex with Access Control turned off and plex/ampache link enabled.', '3'); self::createError(401); } if (empty($email)) { $xml = self::get_users_account(); if ((string) $xml->username == $username) { $email = (string) $xml->email; } else { $xml = self::get_server_friends(); foreach ($xml->User as $xuser) { if ((string) $xuser['username'] == $username) { $email = (string) $xuser['email']; } } } } if (!empty($email)) { $user = User::get_from_email($email); } if (!isset($user) || !$user->id) { debug_event('Access Denied', 'Unable to get an Ampache user match for email ' . $email, '3'); self::createError(401); } else { $username = $user->username; if (!Access::check_network('init-api', $username, 5)) { debug_event('Access Denied', 'Unauthorized access attempt to Plex [' . $_SERVER['REMOTE_ADDR'] . ']', '3'); self::createError(401); } else { $GLOBALS['user'] = $user; $GLOBALS['user']->load_playlist(); } } } else { $email = $username; $username = null; $GLOBALS['user'] = new User(); $GLOBALS['user']->load_playlist(); } if ($createSession) { // Create an Ampache session from Plex authtoken Session::create(array('type' => 'api', 'sid' => $myplex_token, 'username' => $username, 'value' => $email)); } } else { AmpConfig::set('cookie_path', '/', true); $sid = $_COOKIE[AmpConfig::get('session_name')]; if (!$sid) { $sid = $myplex_token; if ($sid) { session_id($sid); Session::create_cookie(); } } if (!empty($sid) && Session::exists('api', $sid)) { Session::check(); $GLOBALS['user'] = User::get_from_username($_SESSION['userdata']['username']); } else { $GLOBALS['user'] = new User(); $data = array('type' => 'api', 'sid' => $sid); Session::create($data); Session::check(); } $GLOBALS['user']->load_playlist(); } }
/** * _cleanup_id3v2 * * Whee, v2! */ private function _cleanup_id3v2($tags) { $parsed = array(); foreach ($tags as $tag => $data) { switch ($tag) { case 'genre': $parsed['genre'] = $this->parseGenres($data); break; case 'part_of_a_set': $elements = explode('/', $data[0]); $parsed['disk'] = $elements[0]; $parsed['totaldisks'] = $elements[1]; break; case 'track_number': $parsed['track'] = $data[0]; break; case 'comment': // First array key can be xFF\xFE in case of UTF-8, better to get it this way $parsed['comment'] = reset($data); break; case 'comments': $parsed['comment'] = $data[0]; break; case 'unsynchronised_lyric': $parsed['lyrics'] = $data[0]; break; default: $parsed[$tag] = $data[0]; break; } } // getID3 doesn't do all the parsing we need, so grab the raw data $id3v2 = $this->_raw['id3v2']; if (!empty($id3v2['UFID'])) { // Find the MBID for the track foreach ($id3v2['UFID'] as $ufid) { if ($ufid['ownerid'] == 'http://musicbrainz.org') { $parsed['mb_trackid'] = $ufid['data']; } } if (!empty($id3v2['TXXX'])) { // Find the MBIDs for the album and artist // Use trimAscii to remove noise (see #225 and #438 issues). Is this a GetID3 bug? foreach ($id3v2['TXXX'] as $txxx) { switch (strtolower($this->trimAscii($txxx['description']))) { case 'musicbrainz album id': $parsed['mb_albumid'] = $this->trimAscii($txxx['data']); break; case 'musicbrainz release group id': $parsed['mb_albumid_group'] = $this->trimAscii($txxx['data']); break; case 'musicbrainz artist id': $parsed['mb_artistid'] = $this->trimAscii($txxx['data']); break; case 'musicbrainz album artist id': $parsed['mb_albumartistid'] = $this->trimAscii($txxx['data']); break; case 'musicbrainz album type': $parsed['release_type'] = $this->trimAscii($txxx['data']); break; case 'catalognumber': $parsed['catalog_number'] = $this->trimAscii($txxx['data']); break; case 'replaygain_track_gain': $parsed['replaygain_track_gain'] = floatval($txxx['data']); break; case 'replaygain_track_peak': $parsed['replaygain_track_peak'] = floatval($txxx['data']); break; case 'replaygain_album_gain': $parsed['replaygain_album_gain'] = floatval($txxx['data']); break; case 'replaygain_album_peak': $parsed['replaygain_album_peak'] = floatval($txxx['data']); break; } } } } // Find the rating if (is_array($id3v2['POPM'])) { foreach ($id3v2['POPM'] as $popm) { if (array_key_exists('email', $popm) && ($user = User::get_from_email($popm['email']))) { if ($user) { // Ratings are out of 255; scale it $parsed['rating'][$user->id] = $popm['rating'] / 255 * 5; } } else { $parsed['rating'][-1] = $popm['rating'] / 255 * 5; } } } return $parsed; }
public static function authenticate($email, $client_pwd, $cnonce) { $user = User::get_from_email($email); if ($user == null) { return false; } $nonce = $_SESSION['nonce']; $server_pwd = sha1($user->password . $nonce . $cnonce); return $server_pwd == $client_pwd; }