Example #1
0
    /* If the user ID doesn't exist deny them */
    if (!$GLOBALS['user']->id && !AmpConfig::get('demo_mode')) {
        Auth::logout(session_id());
        exit;
    }
    /* Load preferences and theme */
    $GLOBALS['user']->update_last_seen();
} elseif (!AmpConfig::get('use_auth')) {
    $auth['success'] = 1;
    $auth['username'] = '-1';
    $auth['fullname'] = "Ampache User";
    $auth['id'] = -1;
    $auth['offset_limit'] = 50;
    $auth['access'] = AmpConfig::get('default_auth_level') ? User::access_name_to_level(AmpConfig::get('default_auth_level')) : '100';
    if (!Session::exists('interface', $_COOKIE[AmpConfig::get('session_name')])) {
        Session::create_cookie();
        Session::create($auth);
        Session::check();
        $GLOBALS['user'] = new User($auth['username']);
        $GLOBALS['user']->username = $auth['username'];
        $GLOBALS['user']->fullname = $auth['fullname'];
        $GLOBALS['user']->access = $auth['access'];
    } else {
        Session::check();
        if ($_SESSION['userdata']['username']) {
            $GLOBALS['user'] = User::get_from_username($_SESSION['userdata']['username']);
        } else {
            $GLOBALS['user'] = new User($auth['username']);
            $GLOBALS['user']->id = '-1';
            $GLOBALS['user']->username = $auth['username'];
            $GLOBALS['user']->fullname = $auth['fullname'];
Example #2
0
 public static function auth_user()
 {
     $isLocal = self::is_local();
     $headers = apache_request_headers();
     $myplex_token = $headers['X-Plex-Token'];
     if (empty($myplex_token)) {
         $myplex_token = $_REQUEST['X-Plex-Token'];
     }
     if (!$isLocal) {
         $match_users = AmpConfig::get('plex_match_email');
         $myplex_username = $headers['X-Plex-Username'];
         if (empty($myplex_token)) {
             // Never fail OPTIONS requests
             if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
                 self::setPlexHeader($headers);
                 exit;
             } else {
                 debug_event('Access Control', 'Authentication token is missing.', '3');
                 self::createError(401);
             }
         }
         $createSession = false;
         Session::gc();
         $username = "";
         $email = trim(Session::read((string) $myplex_token));
         if (empty($email)) {
             $createSession = true;
             $xml = self::get_server_authtokens();
             $validToken = false;
             foreach ($xml->access_token as $tk) {
                 if ((string) $tk['token'] == $myplex_token) {
                     $username = (string) $tk['username'];
                     // We should apply filter and access restriction to shared sections only, but that's not easily possible with current Ampache architecture
                     $validToken = true;
                     break;
                 }
             }
             if (!$validToken) {
                 debug_event('Access Control', 'Auth-Token ' . $myplex_token . ' invalid for this server.', '3');
                 self::createError(401);
             }
         }
         // Need to get a match between Plex and Ampache users
         if ($match_users) {
             if (!AmpConfig::get('access_control')) {
                 debug_event('Access Control', 'Error Attempted to use Plex with Access Control turned off and plex/ampache link enabled.', '3');
                 self::createError(401);
             }
             if (empty($email)) {
                 $xml = self::get_users_account();
                 if ((string) $xml->username == $username) {
                     $email = (string) $xml->email;
                 } else {
                     $xml = self::get_server_friends();
                     foreach ($xml->User as $xuser) {
                         if ((string) $xuser['username'] == $username) {
                             $email = (string) $xuser['email'];
                         }
                     }
                 }
             }
             if (!empty($email)) {
                 $user = User::get_from_email($email);
             }
             if (!isset($user) || !$user->id) {
                 debug_event('Access Denied', 'Unable to get an Ampache user match for email ' . $email, '3');
                 self::createError(401);
             } else {
                 $username = $user->username;
                 if (!Access::check_network('init-api', $username, 5)) {
                     debug_event('Access Denied', 'Unauthorized access attempt to Plex [' . $_SERVER['REMOTE_ADDR'] . ']', '3');
                     self::createError(401);
                 } else {
                     $GLOBALS['user'] = $user;
                     $GLOBALS['user']->load_playlist();
                 }
             }
         } else {
             $email = $username;
             $username = null;
             $GLOBALS['user'] = new User();
             $GLOBALS['user']->load_playlist();
         }
         if ($createSession) {
             // Create an Ampache session from Plex authtoken
             Session::create(array('type' => 'api', 'sid' => $myplex_token, 'username' => $username, 'value' => $email));
         }
     } else {
         AmpConfig::set('cookie_path', '/', true);
         $sid = $_COOKIE[AmpConfig::get('session_name')];
         if (!$sid) {
             $sid = $myplex_token;
             if ($sid) {
                 session_id($sid);
                 Session::create_cookie();
             }
         }
         if (!empty($sid) && Session::exists('api', $sid)) {
             Session::check();
             $GLOBALS['user'] = User::get_from_username($_SESSION['userdata']['username']);
         } else {
             $GLOBALS['user'] = new User();
             $data = array('type' => 'api', 'sid' => $sid);
             Session::create($data);
             Session::check();
         }
         $GLOBALS['user']->load_playlist();
     }
 }
Example #3
0
 public static function auth_remember()
 {
     $auth = false;
     $cname = AmpConfig::get('session_name') . '_remember';
     if (isset($_COOKIE[$cname])) {
         list($username, $token, $mac) = explode(':', $_COOKIE[$cname]);
         if ($mac === hash_hmac('sha256', $username . ':' . $token, AmpConfig::get('secret_key'))) {
             $sql = "SELECT * FROM `session_remember` WHERE `username` = ? AND `token` = ? AND `expire` >= ?";
             $db_results = Dba::read($sql, array($username, $token, time()));
             if (Dba::num_rows($db_results) > 0) {
                 Session::create_cookie();
                 self::create(array('type' => 'mysql', 'username' => $username));
                 $_SESSION['userdata']['username'] = $username;
                 $auth = true;
             }
         }
     }
     return $auth;
 }