Home Explore Help
Sign In
someonewithpc
/
gnufm
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 9abebfef2a
Branches Tags
gnufm
/
gnukebox
/
auth-utils.php

auth-utils.php 2.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 
  1. <?php
    2. 

  2. 

  3. /* GNUkebox -- a free software server for recording your listening habits
    4. 

  4. 

  5.    Copyright (C) 2009 Free Software Foundation, Inc
    6. 

  6. 

  7.    This program is free software: you can redistribute it and/or modify
    8. 

  8.    it under the terms of the GNU Affero General Public License as published by
    9. 

  9.    the Free Software Foundation, either version 3 of the License, or
    10. 

  10.    (at your option) any later version.
    11. 

  11. 

  12.    This program is distributed in the hope that it will be useful,
    13. 

  13.    but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.    GNU Affero General Public License for more details.
    16. 

  16. 

  17.    You should have received a copy of the GNU Affero General Public License
    18. 

  18.    along with this program.  If not, see <http://www.gnu.org/licenses/>.
    19. 

  19. 

  20. */
    21. 

  21. 

  22. require_once('database.php');
    23. 

  23. 

  24. function check_web_auth($username, $token, $timestamp, $api_key, $sk) {
    25. 

  25. 	// Validates authentication using a web services token
    26. 

  26. 	global $adodb;
    27. 

  27. 

  28. 	// Using the valid_api_key function from nixtape/2.0/index.php would be appropriate here
    29. 

  29. 	if (strlen($api_key) != 32) {
    30. 

  30. 		return false;
    31. 

  31. 	}
    32. 

  32. 

  33. 	$adodb->SetFetchMode(ADODB_FETCH_ASSOC); // this query should get the uniqueid and then return it on success
    34. 

  34. 	$result = $adodb->GetOne('SELECT username FROM Auth WHERE '
    35. 

  35. 		//. 'expires > ' . time() . ' AND '   // session keys have an infinite lifetime
    36. 

  36. 		. 'sk = ' . $adodb->qstr($sk)
    37. 

  37. 		);
    38. 

  38. 	if (!$result) {
    39. 

  39. 		// TODO: Log failures somewhere
    40. 

  40. 		return false;
    41. 

  41. 	}
    42. 

  42. 

  43. 	return $result == $username;
    44. 

  44. }
    45. 

  45. 

  46. function check_standard_auth($username, $token, $timestamp) {
    47. 

  47. 	// Validates authentication using a standard authentication token
    48. 

  48. 	global $adodb;
    49. 

  49. 

  50. 	$adodb->SetFetchMode(ADODB_FETCH_ASSOC); // this query should get the uniqueid and then return it on success
    51. 

  51. 	$pass = $adodb->GetOne('SELECT password FROM Users WHERE lower(username) = lower(' . $adodb->qstr($username) . ')');
    52. 

  52. 	if (!$pass) {
    53. 

  53. 		// TODO: Log failures somewhere
    54. 

  54. 		return false;
    55. 

  55. 	}
    56. 

  56. 

  57. 	$check_token = md5($pass . $timestamp);
    58. 

  58. 

  59. 	return $check_token == $token;
    60. 

  60. }
    61. 

  61. 

  62. /**
    63. 

  63.  * Checks if the session is still valid. Assumes $sessionID is already quoted.
    64. 

  64.  */
    65. 

  65. function check_session($sessionID) {
    66. 

  66. 	global $adodb;
    67. 

  67. 

  68. 	$session = $adodb->GetOne('SELECT expires from Scrobble_Sessions WHERE sessionid = ' . $sessionID);
    69. 

  69. 	if (!$session) {
    70. 

  70. 		return(false);
    71. 

  71. 	}
    72. 

  72. 

  73. 	return($session >= time());
    74. 

  74. }
    75. 

  75.