/** * Register the service provider. * * @return void */ public function register() { // // register a Custom Session SP at startup \Session::extend('custom-memcached', function ($app) { $minutes = $this->app['config']['session.lifetime']; $memcached = $app['config']['memcached.instance']; if (is_callable($memcached)) { $memcached = $memcached(); } else { throw new \RuntimeException("Could not find memcached instance closure in config memcached.instance."); } $repo = new Repository(new \Illuminate\Cache\MemcachedStore($memcached, $app['config']['cache.prefix'])); return new CacheBasedSessionHandler($repo, $minutes); }); }
protected function broadcastMessage($clients, $cmd, $value = '') { $msg = $cmd . ':' . $value . ';'; foreach ($clients as $client) { $sid = $this->sids[$client->resourceId]; if ($sid) { Session::extend($sid, 'stream'); } $client->send($msg); } }
} } else { if (isset($_REQUEST['sid'])) { session_name(AmpConfig::get('session_name')); session_id(scrub_in($_REQUEST['sid'])); session_start(); $GLOBALS['user'] = new User($_SESSION['userdata']['uid']); } else { $GLOBALS['user'] = new User(); } } // If NO_SESSION passed // Load the Preferences from the database Preference::init(); if (session_id()) { Session::extend(session_id()); // We only need to create the tmp playlist if we have a session $GLOBALS['user']->load_playlist(); } /* Add in some variables for ajax done here because we need the user */ AmpConfig::set('ajax_url', AmpConfig::get('web_path') . '/server/ajax.server.php', true); AmpConfig::set('ajax_server', AmpConfig::get('web_path') . '/server', true); // Load gettext mojo load_gettext(); /* Set CHARSET */ header("Content-Type: text/html; charset=" . AmpConfig::get('site_charset')); /* Clean up a bit */ unset($array); unset($results); /* Check to see if we need to perform an update */ if (!defined('OUTDATED_DATABASE_OK')) {
if (!Session::exists('api', $_REQUEST['auth']) and $_REQUEST['action'] != 'handshake' and $_REQUEST['action'] != 'ping') { debug_event('Access Denied', 'Invalid Session attempt to API [' . $_REQUEST['action'] . ']', '3'); ob_end_clean(); echo XML_Data::error('401', T_('Session Expired')); exit; } // If the session exists then let's try to pull some data from it to see if we're still allowed to do this $username = $_REQUEST['action'] == 'handshake' || $_REQUEST['action'] == 'ping' ? $_REQUEST['user'] : Session::username($_REQUEST['auth']); if (!Access::check_network('init-api', $username, 5)) { debug_event('Access Denied', 'Unauthorized access attempt to API [' . $_SERVER['REMOTE_ADDR'] . ']', '3'); ob_end_clean(); echo XML_Data::error('403', T_('Unauthorized access attempt to API - ACL Error')); exit; } if ($_REQUEST['action'] != 'handshake' and $_REQUEST['action'] != 'ping') { Session::extend($_REQUEST['auth']); $GLOBALS['user'] = User::get_from_username($username); } // Get the list of possible methods for the Ampache API $methods = get_class_methods('api'); // Define list of internal functions that should be skipped $internal_functions = array('set_filter'); // Recurse through them and see if we're calling one of them foreach ($methods as $method) { if (in_array($method, $internal_functions)) { continue; } // If the method is the same as the action being called // Then let's call this function! if ($_GET['action'] == $method) { call_user_func(array('api', $method), $_GET);
/** * ping * This can be called without being authenticated, it is useful for determining if what the status * of the server is, and what version it is running/compatible with */ public static function ping($input) { $xmldata = array('server' => AmpConfig::get('version'), 'version' => Api::$version, 'compatible' => '350001'); // Check and see if we should extend the api sessions (done if valid sess is passed) if (Session::exists('api', $input['auth'])) { Session::extend($input['auth']); $xmldata = array_merge(array('session_expire' => date("c", time() + AmpConfig::get('session_length') - 60)), $xmldata); } debug_event('API', 'Ping Received from ' . $_SERVER['REMOTE_ADDR'] . ' :: ' . $input['auth'], '5'); ob_end_clean(); echo XML_Data::keyed_array($xmldata); }
if (!AmpConfig::get('require_localnet_session') and Access::check_network('network', $GLOBALS['user']->id, '5')) { debug_event('play', 'Streaming access allowed for local network IP ' . $_SERVER['REMOTE_ADDR'], '5'); } else { if (!Session::exists('stream', $sid)) { // No valid session id given, try with cookie session from web interface $sid = $_COOKIE[AmpConfig::get('session_name')]; if (!Session::exists('interface', $sid)) { debug_event('UI::access_denied', 'Streaming access denied: ' . $GLOBALS['user']->username . "'s session has expired", 3); header('HTTP/1.1 403 Session Expired'); exit; } } } // Now that we've confirmed the session is valid // extend it Session::extend($sid, 'stream'); } } /* Update the users last seen information */ $GLOBALS['user']->update_last_seen(); } else { $secret = $_REQUEST['share_secret']; $share = new Share($share_id); if (!$share->is_valid($secret, 'stream')) { header('HTTP/1.1 403 Access Unauthorized'); exit; } if (!$share->is_shared_media($oid)) { header('HTTP/1.1 403 Access Unauthorized'); exit; }
* GNU General Public license for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. * * @category FluxBB * @package Core * @copyright Copyright (c) 2008-2012 FluxBB (http://fluxbb.org) * @license http://www.gnu.org/licenses/gpl.html GNU General Public License */ define('FLUXBB_VERSION', '2.0-alpha1'); Autoloader::namespaces(array('fluxbb' => __DIR__ . DS . 'classes')); if (fluxbb\Core::installed()) { Request::set_env('fluxbb'); } // Set up our custom session handler if (!Request::cli() && !Session::started()) { Session::extend('fluxbb::session', function () { return new fluxbb\Session\Driver(Laravel\Database::connection()); }); Config::set('session.driver', 'fluxbb::session'); Session::load(); } // View composers require 'helpers/composers.php'; // Route filters require 'helpers/filters.php'; // HTML helpers require 'helpers/html.php'; // Validators require 'helpers/validator.php';