$lpass = get_config('login_pass');
+$rw = true;
+$ro = false;
+if(isset($_SESSION['logged_in']) && ($_SESSION['logged_in'] == "ro")) {
+ $rw = false;
+ $ro = true;
+}
+
if(!is_null($lpass)&&$lpass!="") {
- if(!isset($_SESSION['logged_in'])||!$_SESSION['logged_in']) {
+ if(!isset($_SESSION['logged_in'])||!$_SESSION['logged_in'] || ($need_rw && !$rw)) {
if(!isset($no_require_login)) {
header("Location: login.php");
echo "Wrong password";
}
}
+
function get_config($name, $default = null) {
global $config;
if(isset($config->$name)) {
echo array_to_json($v);
exit();
}
- else if(isset($_GET['add'])||isset($_GET['ma'])||isset($_GET['searchadd'])) {
+ else if(isset($_GET['add'])||isset($_GET['ma'])||isset($_GET['searchadd'])&&$rw) {
/* for automatic playback start */
try {
$s = $pl->getStatus();
if(isset($_GET['playlist'])) {
$act = $_GET['playlist'];
try {
- if($act=="move"&&isset($_GET['from'])&&isset($_GET['to'])) {
+ if($act=="move"&&isset($_GET['from'])&&isset($_GET['to'])&&$rw) {
// todo: sanity check
$response = null;
if($pl->moveSongId($_GET['from'], $_GET['to']))
$json = array ('result' => PF_FAILURE);
}
}
- else if(isset($_GET['rangemove'])&&is_numeric(trim($_GET['rangemove']))&&isset($_GET['elems'])) {
+ else if(isset($_GET['rangemove'])&&is_numeric(trim($_GET['rangemove']))&&isset($_GET['elems'])&&$rw) {
$res = PF_FAILURE;
$dest = intval($_GET['rangemove']);
$pos_offset = 0;
$result = "pong";
$json = array("result" => $result);
}
- else if(isset($_GET['volume'])&&is_numeric(trim($_GET['volume']))) {
+ else if(isset($_GET['volume'])&&is_numeric(trim($_GET['volume']))&&$rw) {
$res = PF_FAILURE;
try {
$volume = trim($_GET['volume']);
$json = array("result" => $res);
}
else if(isset($_GET['position'])&&is_numeric(trim($_GET['position']))
- && isset($_GET['id']) && is_numeric(trim($_GET['id']))) {
+ && isset($_GET['id']) && is_numeric(trim($_GET['id'])) && $rw) {
$result = PF_FAILURE;
try {
$pos = trim($_GET['position']);
}
$json = array("result" => $res);
}
- else if(isset($_GET['act'])) {
+ else if(isset($_GET['act']) && $rw) {
$act = trim($_GET['act']);
$result = "failure";
try {
}
$json = array("result" => $result);
}
- else if(isset($_GET['add'])) {
+ else if(isset($_GET['add']) && $rw) {
$add = $_GET['add'];
try {
$res = PF_FAILURE;
}
$json = array("result" => $res);
}
- else if(isset($_GET['remove'])) {
+ else if(isset($_GET['remove']) && $rw) {
$arr = selection_to_reverse_list($_GET['remove']);
$res = "ok";
try {
}
$json = array("result" => $res);
}
- else if(isset($_GET['updatedb'])) {
+ else if(isset($_GET['updatedb']) && $rw) {
$res = PF_FAILURE;
try {
$adm = get_admin();
}
$json = array("result" => $res);
}
- else if(isset($_GET['outputs'])||isset($_GET['output_e'])||isset($_GET['output_d'])) {
+ else if(isset($_GET['outputs'])||isset($_GET['output_e'])||isset($_GET['output_d']) && $rw) {
$res = PF_FAILURE;
try {
$admin = get_admin();
}
$json = array("result" => $res);
}
- else if(isset($_GET['random'])) {
+ else if(isset($_GET['random'])&&$rw) {
$res = "failure";
try {
$play = get_playback();
$json = array("result" => $res);
}
- else if(isset($_GET['repeat'])) {
+ else if(isset($_GET['repeat'])&&$rw) {
$res = "failure";
try {
$play = get_playback();
}
$json = array("result" => $res);
}
- else if(isset($_GET['xfade'])&&is_numeric($_GET['xfade'])) {
+ else if(isset($_GET['xfade'])&&is_numeric($_GET['xfade'])&&$rw) {
$res = PF_FAILURE;
try {
$play = get_playback();
$params["Album"] = $album;
- if(isset($_GET['searchadd'])) {
+ if(isset($_GET['searchadd'])&&$rw) {
if(search_add($db, $pl, $params)) {
$res = "ok";
$something_added = true;
}
$json = array("result" => $res);
}
- else if(isset($_GET['ma'])) {
+ else if(isset($_GET['ma'])&&$rw) {
/* note to self: should merge single add with this */
$res = PF_FAILURE;
if (!isset($HTTP_RAW_POST_DATA))
$json = array("result" => $res);
}
else if(isset($_GET['playlist_rm'])||isset($_GET['playlist_load'])
- ||isset($_GET['playlist_save'])||isset($_GET['playlist_add_url'])) {
+ ||isset($_GET['playlist_save'])||isset($_GET['playlist_add_url'])&&$rw) {
$res = false;
try {
$title = "";
@ob_start();
+ $need_rw = true;
require_once("../inc/base.php");
require_once("../lang/master.php");
header("Content-Type: text/html; charset=UTF-8");
$config = simplexml_load_string("<?xml version='1.0' ?>\n<root>\n</root>\n");
}
if(isset($_POST['submit'])) {
- $vars = array( 'mpd_host', 'mpd_port', 'mpd_pass', 'login_pass', 'update_delay',
+ $vars = array( 'mpd_host', 'mpd_port', 'mpd_pass', 'login_pass', 'ro_pass', 'update_delay',
'metadata_disable', 'theme', 'stop_button', 'shout_url', 'pagination', 'lang',
'aws_keyid', 'aws_secret');
foreach ($vars as $var) {
$add = 0;
else $add = intval($add);
}
- else if($var=="login_pass"&&strlen($add)>0) {
+ else if(($var=="login_pass" || $var == "ro_pass") &&strlen($add)>0) {
if($add== HASH_PASS)
continue;
$add = generate_hash($add);
}
?>' name='login_pass' /></td></tr>
+ <tr><td><?php echo m("View-only password (optional):");?>
+ </td><td><input type='password' title='<?php echo m("If you want to allow users to view and listen, but not modify, specify a view-only password here");?>' value='<?php
+
+ $pass = get_config('ro_pass', '');
+ if(substr($pass,0, 4)=="sha:") {
+ echo HASH_PASS;
+ }
+ else {
+ echo htmlspecialchars($pass);
+ }
+
+?>' name='ro_pass' /></td></tr>
<tr><td><?php echo m("Theme:");?> </td>
<td>
<select name='theme'>
<div class='pc_ci' >
<div class='nomargin'>
+ <? if ($ro) { ?>
+ <b>[<?=m("view only")?>]</b><br>
+ <? } else { ?>
<img id='previous_button' class='act_button fakelink'/>
<img id='stop_button' style='display: none; ' class='act_button fakelink' />
<img id='pp_button' class='act_button fakelink' />
<img id='next_button' class='act_button fakelink'/>
+ <? } ?>
</div>
<p class='disp'><span id="disp_info"></span></p>
<input type='text' id='quickadd' value='<?php echo m("Quick add"); ?>' />
<li class='menuitem fakelink' title='<?php echo m("Search current playlist"); ?>'
id='playlist_search_btn' ><?php echo m("Search playlist"); ?></li>
<li class='menuitem' ><a class='pc_other' href='config.php'><?php echo m("Configure"); ?></a></li>
+ <? if ($ro) { ?>
+ <li class='menuitem' ><a class='pc_other' href='login.php'><?php echo m("Log in"); ?></a></li>
+ <? } else if (isset($_SESSION['logged_in'])) { ?>
+ <li class='menuitem' ><a class='pc_other' href='login.php?logout'><?php echo m("Log out"); ?></a></li>
+ <? } ?>
<?php
if(!is_null(get_config("shout_url")))
$error = false;
$no_require_login = "true";
require_once("../inc/base.php");
- if(isset($_POST['password'])) {
+ if(isset($_POST['password']) && $_POST['password'] != "") {
$pass = get_config("login_pass");
if(substr($pass,0, 4)=="sha:") {
if(check_hash($pass, trim($_POST['password']))) {
- $_SESSION['logged_in'] = true;
+ $_SESSION['logged_in'] = "rw";
header("Location: index.php");
exit();
}
$error = "Login failed";
}
else if($pass==trim($_POST['password'])) {
- $_SESSION['logged_in'] = true;
+ $_SESSION['logged_in'] = "rw";
header("Location: index.php");
exit();
}
- else {
+
+ $pass = get_config("ro_pass");
+ if(substr($pass,0, 4)=="sha:") {
+ if(check_hash($pass, trim($_POST['password']))) {
+ $_SESSION['logged_in'] = "ro";
+ header("Location: index.php");
+ exit();
+ }
$error = "Login failed";
}
+ else if($pass==trim($_POST['password'])) {
+ $_SESSION['logged_in'] = "ro";
+ header("Location: index.php");
+ exit();
+ }
+
+ $error = "Login failed";
}
else if(isset($_GET['logout'])) {
session_destroy();
if(state!=playing.state) {
playing.state = state;
var bt = playing.pp_button;
- if(state=="play") {
- bt.src = IMAGE.BUTTON_PAUSE;
- if(typeof(window.streaming_try_autoplay)=='function')
- streaming_try_autoplay();
- }
- else {
- bt.src = IMAGE.BUTTON_PLAY;
- if(typeof(window.streaming_try_autostop)=='function')
- streaming_try_autostop();
+ if (bt) /* we must be in read write mode to show this */ {
+ if(state=="play") {
+ bt.src = IMAGE.BUTTON_PAUSE;
+ if(typeof(window.streaming_try_autoplay)=='function')
+ streaming_try_autoplay();
+ }
+ else {
+ bt.src = IMAGE.BUTTON_PLAY;
+ if(typeof(window.streaming_try_autostop)=='function')
+ streaming_try_autostop();
+ }
}
}
/* player control */
var elem = document.getElementById('pp_button');
- elem.src = IMAGE.BUTTON_PLAY;
- add_listener(elem, "click", send_play_pause);
- if(window.stop_button) {
- elem = document.getElementById('stop_button');
- elem.style.display = "";
- elem.src = IMAGE.BUTTON_STOP;
- add_listener(elem, "click", send_stop_cmd);
- elem.parentNode.style.marginLeft = "-15px";
- }
-
- elem = document.getElementById("next_button");
- elem.src = IMAGE.BUTTON_NEXT;
- add_listener(elem, "click", send_next_song);
- elem = document.getElementById("previous_button");
- elem.src = IMAGE.BUTTON_PREVIOUS;
- add_listener(elem, "click", send_previous_song);
+ if (elem) /* we must be in read write mode to show these buttons */
+ {
+ elem.src = IMAGE.BUTTON_PLAY;
+ add_listener(elem, "click", send_play_pause);
+ if(window.stop_button) {
+ elem = document.getElementById('stop_button');
+ elem.style.display = "";
+ elem.src = IMAGE.BUTTON_STOP;
+ add_listener(elem, "click", send_stop_cmd);
+ elem.parentNode.style.marginLeft = "-15px";
+ }
+
+ elem = document.getElementById("next_button");
+ elem.src = IMAGE.BUTTON_NEXT;
+ add_listener(elem, "click", send_next_song);
+ elem = document.getElementById("previous_button");
+ elem.src = IMAGE.BUTTON_PREVIOUS;
+ add_listener(elem, "click", send_previous_song);
+ }
/* left menu buttons */
elem = document.getElementById("open_directory_button");
git.joshuawise.com / patchfork.git / commitdiff