From: Joshua Wise <joshua@h2so4.joshuawise.com>
Date: Tue, 23 Mar 2010 03:14:48 +0000 (-0400)
Subject: Add support for view-only mode.
X-Git-Url: http://git.joshuawise.com/patchfork.git/commitdiff_plain/f8fb3735ae5063d8589a2d85eda35452592726c8?hp=0c1f6f504940ab4b9486757cee541b22f0aab8a5

Add support for view-only mode.
---

diff --git a/inc/base.php b/inc/base.php
index fbc1072..75a73f7 100644
--- a/inc/base.php
+++ b/inc/base.php
@@ -42,8 +42,15 @@ if(!is_theme_dir_ok($theme_dir . $selected_theme))
 
 $lpass = get_config('login_pass');
 
+$rw = true;
+$ro = false;
+if(isset($_SESSION['logged_in']) && ($_SESSION['logged_in'] == "ro")) {
+	$rw = false;
+	$ro = true;
+}
+
 if(!is_null($lpass)&&$lpass!="") {
-	if(!isset($_SESSION['logged_in'])||!$_SESSION['logged_in']) {
+	if(!isset($_SESSION['logged_in'])||!$_SESSION['logged_in'] || ($need_rw && !$rw)) {
 		if(!isset($no_require_login)) {
 			header("Location: login.php");
 			echo "Wrong password";
@@ -52,6 +59,7 @@ if(!is_null($lpass)&&$lpass!="") {
 	}
 }
 
+
 function get_config($name, $default = null) {
 	global $config;
 	if(isset($config->$name)) {
diff --git a/player/command.php b/player/command.php
index 25b2575..f210343 100644
--- a/player/command.php
+++ b/player/command.php
@@ -207,7 +207,7 @@
 		echo array_to_json($v);
 		exit();
 	}
-	else if(isset($_GET['add'])||isset($_GET['ma'])||isset($_GET['searchadd'])) {
+	else if(isset($_GET['add'])||isset($_GET['ma'])||isset($_GET['searchadd'])&&$rw) {
 		/* for automatic playback start */
 		try {
 			$s = $pl->getStatus();
@@ -225,7 +225,7 @@
 	if(isset($_GET['playlist'])) {
 		$act = $_GET['playlist'];
 		try {
-			if($act=="move"&&isset($_GET['from'])&&isset($_GET['to'])) {
+			if($act=="move"&&isset($_GET['from'])&&isset($_GET['to'])&&$rw) {
 				// todo: sanity check
 				$response = null; 
 				if($pl->moveSongId($_GET['from'], $_GET['to'])) 
@@ -253,7 +253,7 @@
 			$json = array ('result' => PF_FAILURE);
 		}
 	}
-	else if(isset($_GET['rangemove'])&&is_numeric(trim($_GET['rangemove']))&&isset($_GET['elems'])) {
+	else if(isset($_GET['rangemove'])&&is_numeric(trim($_GET['rangemove']))&&isset($_GET['elems'])&&$rw) {
 		$res = PF_FAILURE;
 		$dest = intval($_GET['rangemove']);
 		$pos_offset = 0;
@@ -293,7 +293,7 @@
 		$result = "pong";
 		$json = array("result" => $result);
 	}
-	else if(isset($_GET['volume'])&&is_numeric(trim($_GET['volume']))) {
+	else if(isset($_GET['volume'])&&is_numeric(trim($_GET['volume']))&&$rw) {
 		$res = PF_FAILURE;
 		try {
 			$volume = trim($_GET['volume']);
@@ -307,7 +307,7 @@
 		$json = array("result" => $res);
 	}
 	else if(isset($_GET['position'])&&is_numeric(trim($_GET['position']))
-		&& isset($_GET['id']) && is_numeric(trim($_GET['id']))) {
+		&& isset($_GET['id']) && is_numeric(trim($_GET['id'])) && $rw) {
 		$result = PF_FAILURE;
 		try {
 			$pos = trim($_GET['position']);
@@ -395,7 +395,7 @@
 		}
 		$json = array("result" => $res);
 	}
-	else if(isset($_GET['act'])) {
+	else if(isset($_GET['act']) && $rw) {
 		$act = trim($_GET['act']);
 		$result = "failure";
 		try {
@@ -438,7 +438,7 @@
 		}
 		$json = array("result" => $result);
 	}
-	else if(isset($_GET['add'])) {
+	else if(isset($_GET['add']) && $rw) {
 		$add = $_GET['add'];
 		try {
 			$res = PF_FAILURE;
@@ -451,7 +451,7 @@
 		}
 		$json = array("result" => $res);
 	}
-	else if(isset($_GET['remove'])) {
+	else if(isset($_GET['remove']) && $rw) {
 		$arr = selection_to_reverse_list($_GET['remove']);
 		$res = "ok";
 		try {
@@ -465,7 +465,7 @@
 		}
 		$json = array("result" => $res);
 	}
-	else if(isset($_GET['updatedb'])) {
+	else if(isset($_GET['updatedb']) && $rw) {
 		$res = PF_FAILURE;
 		try {
 			$adm = get_admin();
@@ -478,7 +478,7 @@
 		}
 		$json = array("result" => $res);
 	}
-	else if(isset($_GET['outputs'])||isset($_GET['output_e'])||isset($_GET['output_d'])) {
+	else if(isset($_GET['outputs'])||isset($_GET['output_e'])||isset($_GET['output_d']) && $rw) {
 		$res = PF_FAILURE;
 		try {
 			$admin = get_admin();
@@ -495,7 +495,7 @@
 		}
 		$json = array("result" => $res);
 	}
-	else if(isset($_GET['random'])) {
+	else if(isset($_GET['random'])&&$rw) {
 		$res = "failure";
 		try {
 			$play = get_playback(); 
@@ -510,7 +510,7 @@
 		$json = array("result" => $res);
 
 	}
-	else if(isset($_GET['repeat'])) {
+	else if(isset($_GET['repeat'])&&$rw) {
 		$res = "failure";
 		try {
 			$play = get_playback(); 
@@ -524,7 +524,7 @@
 		}
 		$json = array("result" => $res);
 	}
-	else if(isset($_GET['xfade'])&&is_numeric($_GET['xfade'])) {
+	else if(isset($_GET['xfade'])&&is_numeric($_GET['xfade'])&&$rw) {
 		$res = PF_FAILURE;
 		try {
 			$play = get_playback(); 
@@ -587,7 +587,7 @@
 				$params["Album"] = $album;
 
 
-			if(isset($_GET['searchadd'])) {
+			if(isset($_GET['searchadd'])&&$rw) {
 				if(search_add($db, $pl, $params)) {
 					$res = "ok";
 					$something_added = true;
@@ -708,7 +708,7 @@
 		}
 		$json = array("result" => $res);
 	}
-	else if(isset($_GET['ma'])) {
+	else if(isset($_GET['ma'])&&$rw) {
 		/* note to self: should merge single add with this */
 		$res = PF_FAILURE;
 		if (!isset($HTTP_RAW_POST_DATA))
@@ -755,7 +755,7 @@
 		$json = array("result" => $res);
 	}
 	else if(isset($_GET['playlist_rm'])||isset($_GET['playlist_load'])
-		||isset($_GET['playlist_save'])||isset($_GET['playlist_add_url'])) {
+		||isset($_GET['playlist_save'])||isset($_GET['playlist_add_url'])&&$rw) {
 
 		$res = false;
 		try {
diff --git a/player/config.php b/player/config.php
index 748156c..7b74547 100644
--- a/player/config.php
+++ b/player/config.php
@@ -44,6 +44,7 @@
 
 	$title = "";
 	@ob_start();
+	$need_rw = true;
 	require_once("../inc/base.php");
 	require_once("../lang/master.php");
 	header("Content-Type: text/html; charset=UTF-8");
@@ -104,7 +105,7 @@
 		$config = simplexml_load_string("<?xml version='1.0' ?>\n<root>\n</root>\n");
 	}
 	if(isset($_POST['submit'])) {
-		$vars = array( 'mpd_host', 'mpd_port', 'mpd_pass', 'login_pass', 'update_delay', 
+		$vars = array( 'mpd_host', 'mpd_port', 'mpd_pass', 'login_pass', 'ro_pass', 'update_delay', 
 				'metadata_disable', 'theme', 'stop_button', 'shout_url', 'pagination', 'lang',
 				'aws_keyid', 'aws_secret');
 		foreach ($vars as $var) {
@@ -117,7 +118,7 @@
 					$add = 0;
 				else $add = intval($add);
 			}
-			else if($var=="login_pass"&&strlen($add)>0) {
+			else if(($var=="login_pass" || $var == "ro_pass") &&strlen($add)>0) {
 				if($add== HASH_PASS)
 					continue;
 				$add = generate_hash($add);
@@ -206,6 +207,18 @@
 	}
 
 ?>' name='login_pass' /></td></tr>
+	<tr><td><?php echo m("View-only password (optional):");?>
+	</td><td><input type='password' title='<?php echo m("If you want to allow users to view and listen, but not modify, specify a view-only password here");?>' value='<?php 
+	
+	$pass = get_config('ro_pass', '');
+	if(substr($pass,0, 4)=="sha:") {
+		echo HASH_PASS;
+	}
+	else {
+		echo htmlspecialchars($pass);
+	}
+
+?>' name='ro_pass' /></td></tr>
 <tr><td><?php echo m("Theme:");?> </td>
 <td>
 <select name='theme'>
diff --git a/player/index.php b/player/index.php
index fa6d768..1044e99 100644
--- a/player/index.php
+++ b/player/index.php
@@ -68,10 +68,14 @@
 
 	<div class='pc_ci' >
 		<div class='nomargin'>
+	<? if ($ro) { ?>
+		<b>[<?=m("view only")?>]</b><br>
+	<? } else { ?>
 		<img id='previous_button' class='act_button fakelink'/>
 		<img id='stop_button' style='display: none; ' class='act_button fakelink' />
 		<img id='pp_button' class='act_button fakelink' />
 		<img id='next_button' class='act_button fakelink'/>
+	<? } ?>
 		</div>
 		<p class='disp'><span id="disp_info"></span></p>
 		<input type='text' id='quickadd' value='<?php echo m("Quick add"); ?>' />
@@ -96,6 +100,11 @@
 		<li class='menuitem fakelink' title='<?php echo m("Search current playlist"); ?>' 
 				id='playlist_search_btn' ><?php echo m("Search playlist"); ?></li>
 		<li class='menuitem' ><a class='pc_other' href='config.php'><?php echo m("Configure"); ?></a></li>
+		<? if ($ro) { ?>
+			<li class='menuitem' ><a class='pc_other' href='login.php'><?php echo m("Log in"); ?></a></li>
+		<? } else if (isset($_SESSION['logged_in'])) { ?>
+			<li class='menuitem' ><a class='pc_other' href='login.php?logout'><?php echo m("Log out"); ?></a></li>
+		<? } ?>
 
 		<?php 
 		if(!is_null(get_config("shout_url"))) 
diff --git a/player/login.php b/player/login.php
index 4ad58e2..84b1122 100644
--- a/player/login.php
+++ b/player/login.php
@@ -19,24 +19,38 @@
 	$error = false;
 	$no_require_login = "true";
 	require_once("../inc/base.php");
-	if(isset($_POST['password'])) {
+	if(isset($_POST['password']) && $_POST['password'] != "") {
 		$pass = get_config("login_pass");
 		if(substr($pass,0, 4)=="sha:") {
 			if(check_hash($pass, trim($_POST['password']))) {
-				$_SESSION['logged_in'] = true;
+				$_SESSION['logged_in'] = "rw";
 				header("Location: index.php");
 				exit(); 
 			}
 			$error = "Login failed";
 		}
 		else if($pass==trim($_POST['password'])) {
-			$_SESSION['logged_in'] = true;
+			$_SESSION['logged_in'] = "rw";
 			header("Location: index.php");
 			exit(); 
 		}
-		else {
+		
+		$pass = get_config("ro_pass");
+		if(substr($pass,0, 4)=="sha:") {
+			if(check_hash($pass, trim($_POST['password']))) {
+				$_SESSION['logged_in'] = "ro";
+				header("Location: index.php");
+				exit(); 
+			}
 			$error = "Login failed";
 		}
+		else if($pass==trim($_POST['password'])) {
+			$_SESSION['logged_in'] = "ro";
+			header("Location: index.php");
+			exit(); 
+		}
+
+		$error = "Login failed";
 	}
 	else if(isset($_GET['logout'])) {
 		session_destroy();
diff --git a/std/command.js b/std/command.js
index 8db64d1..e5d2932 100644
--- a/std/command.js
+++ b/std/command.js
@@ -415,15 +415,17 @@ function current_status_handler(info, has_plchanges) {
 	if(state!=playing.state) {
 		playing.state = state;
 		var bt = playing.pp_button;
-		if(state=="play") {
-			bt.src = IMAGE.BUTTON_PAUSE;
-			if(typeof(window.streaming_try_autoplay)=='function')
-				streaming_try_autoplay();
-		}
-		else {
-			bt.src = IMAGE.BUTTON_PLAY;
-			if(typeof(window.streaming_try_autostop)=='function')
-				streaming_try_autostop();
+		if (bt) /* we must be in read write mode to show this */ {
+			if(state=="play") {
+				bt.src = IMAGE.BUTTON_PAUSE;
+				if(typeof(window.streaming_try_autoplay)=='function')
+					streaming_try_autoplay();
+			}
+			else {
+				bt.src = IMAGE.BUTTON_PLAY;
+				if(typeof(window.streaming_try_autostop)=='function')
+					streaming_try_autostop();
+			}
 		}
 	}
 	
@@ -595,22 +597,25 @@ function buttons_init() {
 	
 	/* player control */
 	var elem = document.getElementById('pp_button');
-	elem.src = IMAGE.BUTTON_PLAY;
-	add_listener(elem, "click", send_play_pause);
-	if(window.stop_button) {
-		elem = document.getElementById('stop_button');
-		elem.style.display = "";
-		elem.src = IMAGE.BUTTON_STOP;
-		add_listener(elem, "click", send_stop_cmd);
-		elem.parentNode.style.marginLeft = "-15px";
-	}
-
-	elem = document.getElementById("next_button");
-	elem.src = IMAGE.BUTTON_NEXT;
-	add_listener(elem, "click", send_next_song);
-	elem = document.getElementById("previous_button");
-	elem.src = IMAGE.BUTTON_PREVIOUS;
-	add_listener(elem, "click", send_previous_song);
+	if (elem) /* we must be in read write mode to show these buttons */
+	{
+		elem.src = IMAGE.BUTTON_PLAY;
+		add_listener(elem, "click", send_play_pause);
+		if(window.stop_button) {
+			elem = document.getElementById('stop_button');
+			elem.style.display = "";
+			elem.src = IMAGE.BUTTON_STOP;
+			add_listener(elem, "click", send_stop_cmd);
+			elem.parentNode.style.marginLeft = "-15px";
+		}
+		
+		elem = document.getElementById("next_button");
+		elem.src = IMAGE.BUTTON_NEXT;
+		add_listener(elem, "click", send_next_song);
+		elem = document.getElementById("previous_button");
+		elem.src = IMAGE.BUTTON_PREVIOUS;
+		add_listener(elem, "click", send_previous_song);
+	}
 
 	/* left menu buttons */
 	elem = document.getElementById("open_directory_button");