function send_newpassword($email, $current_ip)
{
/* get the Client and set the new password */
$client = User::get_from_email($email);
if ($client && $client->email == $email) {
$newpassword = generate_password(6);
$client->update_password($newpassword);
$mailer = new Mailer();
$mailer->set_default_sender();
$mailer->subject = T_("Lost Password");
$mailer->recipient_name = $client->fullname;
$mailer->recipient = $client->email;
$message = sprintf(T_("A user from %s has requested a password reset for '%s'."), $current_ip, $client->username);
$message .= "\n";
$message .= sprintf(T_("The password has been set to: %s"), $newpassword);
$mailer->message = $message;
return $mailer->send();
}
return false;
}
public static function auth_user()
{
$isLocal = self::is_local();
$headers = apache_request_headers();
$myplex_token = $headers['X-Plex-Token'];
if (empty($myplex_token)) {
$myplex_token = $_REQUEST['X-Plex-Token'];
}
if (!$isLocal) {
$match_users = AmpConfig::get('plex_match_email');
$myplex_username = $headers['X-Plex-Username'];
if (empty($myplex_token)) {
// Never fail OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
self::setPlexHeader($headers);
exit;
} else {
debug_event('Access Control', 'Authentication token is missing.', '3');
self::createError(401);
}
}
$createSession = false;
Session::gc();
$username = "";
$email = trim(Session::read((string) $myplex_token));
if (empty($email)) {
$createSession = true;
$xml = self::get_server_authtokens();
$validToken = false;
foreach ($xml->access_token as $tk) {
if ((string) $tk['token'] == $myplex_token) {
$username = (string) $tk['username'];
// We should apply filter and access restriction to shared sections only, but that's not easily possible with current Ampache architecture
$validToken = true;
break;
}
}
if (!$validToken) {
debug_event('Access Control', 'Auth-Token ' . $myplex_token . ' invalid for this server.', '3');
self::createError(401);
}
}
// Need to get a match between Plex and Ampache users
if ($match_users) {
if (!AmpConfig::get('access_control')) {
debug_event('Access Control', 'Error Attempted to use Plex with Access Control turned off and plex/ampache link enabled.', '3');
self::createError(401);
}
if (empty($email)) {
$xml = self::get_users_account();
if ((string) $xml->username == $username) {
$email = (string) $xml->email;
} else {
$xml = self::get_server_friends();
foreach ($xml->User as $xuser) {
if ((string) $xuser['username'] == $username) {
$email = (string) $xuser['email'];
}
}
}
}
if (!empty($email)) {
$user = User::get_from_email($email);
}
if (!isset($user) || !$user->id) {
debug_event('Access Denied', 'Unable to get an Ampache user match for email ' . $email, '3');
self::createError(401);
} else {
$username = $user->username;
if (!Access::check_network('init-api', $username, 5)) {
debug_event('Access Denied', 'Unauthorized access attempt to Plex [' . $_SERVER['REMOTE_ADDR'] . ']', '3');
self::createError(401);
} else {
$GLOBALS['user'] = $user;
$GLOBALS['user']->load_playlist();
}
}
} else {
$email = $username;
$username = null;
$GLOBALS['user'] = new User();
$GLOBALS['user']->load_playlist();
}
if ($createSession) {
// Create an Ampache session from Plex authtoken
Session::create(array('type' => 'api', 'sid' => $myplex_token, 'username' => $username, 'value' => $email));
}
} else {
AmpConfig::set('cookie_path', '/', true);
$sid = $_COOKIE[AmpConfig::get('session_name')];
if (!$sid) {
$sid = $myplex_token;
if ($sid) {
session_id($sid);
Session::create_cookie();
}
}
if (!empty($sid) && Session::exists('api', $sid)) {
Session::check();
$GLOBALS['user'] = User::get_from_username($_SESSION['userdata']['username']);
} else {
$GLOBALS['user'] = new User();
$data = array('type' => 'api', 'sid' => $sid);
Session::create($data);
Session::check();
}
$GLOBALS['user']->load_playlist();
}
}
/**
* _cleanup_id3v2
*
* Whee, v2!
*/
private function _cleanup_id3v2($tags)
{
$parsed = array();
foreach ($tags as $tag => $data) {
switch ($tag) {
case 'genre':
$parsed['genre'] = $this->parseGenres($data);
break;
case 'part_of_a_set':
$elements = explode('/', $data[0]);
$parsed['disk'] = $elements[0];
$parsed['totaldisks'] = $elements[1];
break;
case 'track_number':
$parsed['track'] = $data[0];
break;
case 'comment':
// First array key can be xFF\xFE in case of UTF-8, better to get it this way
$parsed['comment'] = reset($data);
break;
case 'comments':
$parsed['comment'] = $data[0];
break;
case 'unsynchronised_lyric':
$parsed['lyrics'] = $data[0];
break;
default:
$parsed[$tag] = $data[0];
break;
}
}
// getID3 doesn't do all the parsing we need, so grab the raw data
$id3v2 = $this->_raw['id3v2'];
if (!empty($id3v2['UFID'])) {
// Find the MBID for the track
foreach ($id3v2['UFID'] as $ufid) {
if ($ufid['ownerid'] == 'http://musicbrainz.org') {
$parsed['mb_trackid'] = $ufid['data'];
}
}
if (!empty($id3v2['TXXX'])) {
// Find the MBIDs for the album and artist
// Use trimAscii to remove noise (see #225 and #438 issues). Is this a GetID3 bug?
foreach ($id3v2['TXXX'] as $txxx) {
switch (strtolower($this->trimAscii($txxx['description']))) {
case 'musicbrainz album id':
$parsed['mb_albumid'] = $this->trimAscii($txxx['data']);
break;
case 'musicbrainz release group id':
$parsed['mb_albumid_group'] = $this->trimAscii($txxx['data']);
break;
case 'musicbrainz artist id':
$parsed['mb_artistid'] = $this->trimAscii($txxx['data']);
break;
case 'musicbrainz album artist id':
$parsed['mb_albumartistid'] = $this->trimAscii($txxx['data']);
break;
case 'musicbrainz album type':
$parsed['release_type'] = $this->trimAscii($txxx['data']);
break;
case 'catalognumber':
$parsed['catalog_number'] = $this->trimAscii($txxx['data']);
break;
case 'replaygain_track_gain':
$parsed['replaygain_track_gain'] = floatval($txxx['data']);
break;
case 'replaygain_track_peak':
$parsed['replaygain_track_peak'] = floatval($txxx['data']);
break;
case 'replaygain_album_gain':
$parsed['replaygain_album_gain'] = floatval($txxx['data']);
break;
case 'replaygain_album_peak':
$parsed['replaygain_album_peak'] = floatval($txxx['data']);
break;
}
}
}
}
// Find the rating
if (is_array($id3v2['POPM'])) {
foreach ($id3v2['POPM'] as $popm) {
if (array_key_exists('email', $popm) && ($user = User::get_from_email($popm['email']))) {
if ($user) {
// Ratings are out of 255; scale it
$parsed['rating'][$user->id] = $popm['rating'] / 255 * 5;
}
} else {
$parsed['rating'][-1] = $popm['rating'] / 255 * 5;
}
}
}
return $parsed;
}
public static function authenticate($email, $client_pwd, $cnonce)
{
$user = User::get_from_email($email);
if ($user == null) {
return false;
}
$nonce = $_SESSION['nonce'];
$server_pwd = sha1($user->password . $nonce . $cnonce);
return $server_pwd == $client_pwd;
}
