We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 7f1023e2 authored by Jonas Haraldsson's avatar Jonas Haraldsson

clean up 1.x/submissions/1.1/handshake.php

parent 99556af0
...@@ -18,23 +18,28 @@ ...@@ -18,23 +18,28 @@
*/ */
// Implements the submissions handshake protocol 1.1 as detailed at: http://www.audioscrobbler.net/wiki/Protocol1.1.merged /**
// * Implements the submissions handshake protocol 1.1 as detailed at: http://www.audioscrobbler.net/wiki/Protocol1.1.merged
// By sending the timestamp as the md5 challenge then creating the session key from md5(md5($password) . $timestamp) we can *
// force a 1.1 client to give us a session key that can be used by the 1.2 protocol handler, so we only handle handshakes for * By sending the timestamp as the md5 challenge then creating the session key from md5(md5($password) . $timestamp) we can
// 1.1 then pass all submissions off to the 1.2 handler. * force a 1.1 client to give us a session key that can be used by the 1.2 protocol handler, so we only handle handshakes for
* 1.1 then pass all submissions off to the 1.2 handler.
*/
require_once($_SERVER['DOCUMENT_ROOT'] . '/config.php'); require_once($_SERVER['DOCUMENT_ROOT'] . '/config.php');
require_once($install_path . '1.x/auth-utils.php'); require_once($install_path . '1.x/auth-utils.php');
require_once($install_path . 'temp-utils.php'); require_once($install_path . 'temp-utils.php');
header('Content-Type: text/plain');
$supported_protocols = array('1.1'); $supported_protocols = array('1.1');
if (!isset($_REQUEST['p']) || !isset($_REQUEST['u']) || !isset($_REQUEST['c'])) { if (!isset($_REQUEST['p']) || !isset($_REQUEST['u']) || !isset($_REQUEST['c'])) {
die("FAILED\n"); die("FAILED\n");
} }
$protocol = $_REQUEST['p']; $username = $_REQUEST['u']; $client = $_REQUEST['c']; $protocol = $_REQUEST['p'];
$username = $_REQUEST['u'];
$client = $_REQUEST['c'];
if (!in_array($protocol, $supported_protocols)) { if (!in_array($protocol, $supported_protocols)) {
die("FAILED Unsupported protocol version\n"); die("FAILED Unsupported protocol version\n");
...@@ -42,24 +47,21 @@ if (!in_array($protocol, $supported_protocols)) { ...@@ -42,24 +47,21 @@ if (!in_array($protocol, $supported_protocols)) {
$timestamp = time(); $timestamp = time();
$adodb->SetFetchMode(ADODB_FETCH_ASSOC); $select_query = 'SELECT uniqueid, password FROM Users WHERE lower(username) = lower(?)';
$select_params = array($username);
try { try {
$row = $adodb->GetRow('SELECT uniqueid,password FROM Users WHERE lower(username) = lower(' . $adodb->qstr($username) . ')'); list($userid, $password) = $adodb->GetRow($select_query, $select_params);
} catch (Exception $e) { } catch (Exception $e) {
die('FAILED ' . $e->getMessage() . "\n"); die('FAILED ' . $e->getMessage() . "\n");
} }
if (!$row) { if (!$password) {
die("BADUSER\n"); die("BADUSER\n");
} }
$password = $row['password']; $sessionid = md5($password . $timestamp);
$uniqueid = $row['uniqueid']; $insert_query = 'INSERT INTO Scrobble_Sessions(userid, sessionid, client, expires) VALUES (?,?,?,?)';
$session_id = md5($password . $timestamp); $insert_params = array($userid, $sessionid, $client, time() + 86400);
try { try {
$res = $adodb->Execute('INSERT INTO Scrobble_Sessions(userid, sessionid, client, expires) VALUES (' $res = $adodb->Execute($insert_query, $insert_params);
. ($uniqueid) . ','
. $adodb->qstr($session_id, 'text') . ','
. $adodb->qstr($client, 'text') . ','
. $adodb->qstr(time() + 86400) . ')');
} catch (Exception $e) { } catch (Exception $e) {
die('FAILED ' . $e->getMessage() . "\n"); die('FAILED ' . $e->getMessage() . "\n");
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment