diff -r 860ba7141641 -r e7447a6044ec ajax.php
--- a/ajax.php	Sun Mar 23 20:24:33 2008 -0400
+++ b/ajax.php	Sun Mar 23 20:58:51 2008 -0400
@@ -32,7 +32,7 @@
 
 function ajax_request_handler($httpd)
 {
-  global $playlist, $mime_types, $json;
+  global $playlist, $mime_types, $json, $allowcontrol;
   
   // Set content type
   $httpd->header("Content-type: {$mime_types['js']}");
@@ -51,12 +51,18 @@
     case 'stop':
     case 'next':
     case 'prev':
+      if ( !$allowcontrol )
+        return false;
       echo dcop_action('player', 'stop');
       break;
     case 'play':
+      if ( !$allowcontrol )
+        return false;
       echo dcop_action('player', 'playPause');
       break;
     case 'jump':
+      if ( !$allowcontrol )
+        return false;
       $tid =& $params[1];
       if ( !preg_match('/^[0-9]+$/', $tid) )
       {
@@ -71,6 +77,8 @@
       echo $json->encode($return);
       break;
     case 'volume':
+      if ( !$allowcontrol )
+        return false;
       $volume =& $params[1];
       if ( !preg_match('/^[0-9]+$/', $volume) )
       {