function checkAuth() { global $settings; require_once "./models/users.php"; $username = $_POST["username"]; $passw = $_POST["passw"]; //echo sha1($passw)."<br />\n"; //echo "$username<br />\n"; $mUsers = new UsersModel(); if ($mUsers->verifyPassw($username, $passw)) { $authDataArr = json_decode($mUsers->getAuthInfo_json($username), true); if (!$authDataArr['isError']) { $key = $authDataArr['resultStr']['last_key']; //last key stored $last_key_date = $authDataArr['resultStr']['last_key_date']; //last key date //echo "<br/>last key date: $last_key_date<br/>"; //echo "current date: ".time()."<br/>"; if ($last_key_date == "" or time() - $last_key_date > $settings->get('keyLastsFor')) { $key = sha1($username . "@" . $passw . ":" . time()); $mUsers->updateKey($username, $key); } //session_name("Mandolin"); //session_start(); session_regenerate_id(); $_SESSION["key"] = $key; $_SESSION["username"] = $username; $_SESSION["userAdminLevel"] = $mUsers->isAdmin($username); $_SESSION["id"] = sha1(session_id()); //print_r($_SESSION); header("Location: ."); exit; } } header("Location: ./?p=login&passw=false"); }
if (isset($_GET["k"]) and $_GET["k"] != "") { $key = $_GET["k"]; } else { exit("Malformed URL."); } if (isset($_GET["s"]) and $_GET["s"] != "") { $song_id = $_GET["s"]; } else { exit("You must provide a valid song ID."); } //check the key is valid and current require_once "../models/users.php"; $mUsers = new UsersModel(); require_once "../models/settings.php"; $settings = new Settings(); $userAuthInfo = json_decode($mUsers->getAuthInfo_json("", $key), true); $bitrate = json_decode($mUsers->loadSettings("", array('bitrate'), $key), true); $mUsers->__destruct(); unset($mUsers); if ($userAuthInfo['isError']) { echo "The key provided is old or invalid<br/><br/>\n"; exit($userAuthInfo['resultStr']); } else { if (time() - $userAuthInfo['resultStr']['last_key_date'] > $settings->get("keyLastsFor")) { die("The key provided is old. This song url is not valid anymore. Login to to Mandolin and get a new one."); } } if ($bitrate['isError']) { echo "ERROR: Retrieving the user settings. <br />"; exit($bitrate['resultStr']); } else {