function debugObject($object) { if (!isset($GLOBALS['__7iPYslyzfKzZBtZBc7T6aglQ_debugObjects'])) { $GLOBALS['__7iPYslyzfKzZBtZBc7T6aglQ_debugObjects'] = (object) array(); } $id = randomKey(24); $GLOBALS['__7iPYslyzfKzZBtZBc7T6aglQ_debugObjects']->{$id} = $object; if (isset($_SERVER['debugObjectsPath'])) { file_put_contents($_SERVER['debugObjectsPath'] . "/{$id}.json", json_encode($object), FILE_APPEND | LOCK_EX); } return "[object: {$id}]"; }
function loadServerSettings() { global $cfg, $db; $query = @mysql_query('SELECT name, value FROM server') or message(__FILE__, __LINE__, 'error', '[b]Failed to load MySQL server settings[/b][br]' . 'When creating the database manually[br]' . 'also import the [i]sql/ompd_' . NJB_DATABASE_VERSION . '.sql[/i] file manually.'); while ($server = mysql_fetch_assoc($query)) { $cfg[$server['name']] = $server['value']; } $cfg['database_version'] = (int) $cfg['database_version']; $cfg['latest_version_idle_time'] = (int) $cfg['latest_version_idle_time']; if (isset($cfg['server_seed']) == false && $cfg['database_version'] == NJB_DATABASE_VERSION) { $cfg['server_seed'] = randomKey(); @mysql_query('INSERT INTO server (name, value) VALUES ("server_seed", "' . mysql_real_escape_string($cfg['server_seed']) . '")') or message(__FILE__, __LINE__, 'error', '[b]MySQL create/upgarde error[/b][br]Failed to create server_seed'); } }
public function check($access, $cache = false, $validate_sign = false, $disable_counter = false) { global $cfg; if ($cache == false && headers_sent() == false) { header('Expires: Mon, 9 Oct 2000 18:00:00 GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); } $sid = $this->app->getCookie('netjukebox_sid'); $authenticate = $this->app->request->params('authenticate'); $result = $this->app->db->query(' SELECT logged_in, user_id, idle_time, ip, user_agent, sign, seed, skin, random_blacklist, thumbnail, thumbnail_size, stream_id, download_id, player_id FROM session WHERE sid = BINARY "' . $this->app->db->real_escape_string($sid) . '"'); $session = $result->fetch_assoc(); //setSkin($session['skin']); // Validate login if ($authenticate == 'validate') { $username = $this->app->request->post('username'); $hash1 = $this->app->request->post('hash1'); $hash2 = $this->app->request->post('hash2'); $sign = $this->app->request->post('sign'); if ($session['ip'] == '') { message(__FILE__, __LINE__, 'error', '[b]Login failed[/b][br]netjukebox requires cookies to login.[br]Enable cookies in your browser and try again.[br][url=index.php][img]small_login.png[/img]login[/url]'); } if ($session['ip'] != $_SERVER['REMOTE_ADDR']) { message(__FILE__, __LINE__, 'error', '[b]Login failed[/b][br]Unexpected IP address[br][url=index.php][img]small_login.png[/img]login[/url]'); } $query = mysql_query('SELECT ' . (string) round(microtime(true) * 1000) . ' - pre_login_time AS login_delay FROM session WHERE ip = "' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '" ORDER BY pre_login_time DESC LIMIT 1'); $ip = mysql_fetch_assoc($query); $query = mysql_query('SELECT password, seed, version, user_id FROM user WHERE username = "******"'); $user = mysql_fetch_assoc($query); $user_id = $user['user_id']; if (($user['version'] == 0 && $user['password'] == sha1($hash1) || $user['version'] == 1 && $user['password'] == hmacsha1($hash1, $user['seed'])) && preg_match('#^[0-9a-f]{40}$#', $hash1) && preg_match('#^[0-9a-f]{40}$#', $hash2) && ($username == $cfg['anonymous_user'] && $hash2 == hmacsha1(hmacsha1($cfg['anonymous_user'], $session['seed']), $session['seed']) || $username != $cfg['anonymous_user'] && $hash2 != hmacsha1(hmacsha1('', $session['seed']), $session['seed'])) && $ip['login_delay'] > $cfg['login_delay'] && $session['user_agent'] == substr($_SERVER['HTTP_USER_AGENT'], 0, 255) && $session['sign'] == $sign) { mysql_query('UPDATE user SET password = "******", seed = "' . mysql_real_escape_string($session['seed']) . '", version = 1 WHERE username = "******"'); $sign = randomKey(); $sid = randomKey(); mysql_query('UPDATE session SET logged_in = 1, user_id = ' . (int) $user_id . ', login_time = ' . (int) time() . ', idle_time = ' . (int) time() . ', sid = "' . mysql_real_escape_string($sid) . '", sign = "' . mysql_real_escape_string($sign) . '", hit_counter = hit_counter + ' . ($disable_counter ? 0 : 1) . ', visit_counter = visit_counter + ' . (time() > $session['idle_time'] + 3600 ? 1 : 0) . ' WHERE sid = BINARY "' . mysql_real_escape_string(cookie('netjukebox_sid')) . '"'); setcookie('netjukebox_sid', $sid, time() + 31536000, null, null, NJB_HTTPS, true); @ob_flush(); flush(); } else { logoutSession(); } } else { // Validate current session $user_id = $session['user_id']; if ($session['logged_in'] && $session['ip'] == $_SERVER['REMOTE_ADDR'] && $session['user_agent'] == substr($_SERVER['HTTP_USER_AGENT'], 0, 255) && $session['idle_time'] + $cfg['session_lifetime'] > time()) { mysql_query('UPDATE session SET idle_time = ' . (int) time() . ', hit_counter = hit_counter + ' . ($disable_counter ? 0 : 1) . ', visit_counter = visit_counter + ' . (time() > $session['idle_time'] + 3600 ? 1 : 0) . ' WHERE sid = BINARY "' . mysql_real_escape_string($sid) . '"'); } elseif ($access == 'access_always') { $cfg['access_media'] = false; $cfg['access_popular'] = false; $cfg['access_favorite'] = false; $cfg['access_cover'] = false; $cfg['access_stream'] = false; $cfg['access_download'] = false; $cfg['access_playlist'] = false; $cfg['access_play'] = false; $cfg['access_add'] = false; $cfg['access_record'] = false; $cfg['access_statistics'] = false; $cfg['access_admin'] = false; return true; } else { $app->ll->str('böla'); logoutSession(); } } // Username & user privalages unset($cfg['username']); $query = mysql_query('SELECT username, access_media, access_popular, access_favorite, access_cover, access_stream, access_download, access_playlist, access_play, access_add, access_record, access_statistics, access_admin FROM user WHERE user_id = ' . (int) $user_id); $cfg += mysql_fetch_assoc($query); // Validate privilege $access_validated = false; if (is_array($access)) { foreach ($access as $value) { if (isset($cfg[$value]) && $cfg[$value]) { $access_validated = true; } } } elseif (isset($cfg[$access]) && $cfg[$access]) { $access_validated = true; } elseif ($access == 'access_logged_in') { $access_validated = true; } elseif ($access == 'access_always') { $access_validated = true; } if ($access_validated == false) { message(__FILE__, __LINE__, 'warning', '[b]You have no privilege to access this page[/b][br][url=index.php?authenticate=logout][img]small_login.png[/img]Login as another user[/url]'); } // Validate signature if ($cfg['sign_validated'] == false && ($validate_sign || $authenticate == 'logoutAllSessions' || $authenticate == 'logoutSession')) { $cfg['sign'] = randomKey(); mysql_query('UPDATE session SET sign = "' . mysql_real_escape_string($cfg['sign']) . '" WHERE sid = BINARY "' . mysql_real_escape_string($sid) . '"'); if ($session['sign'] == getpost('sign')) { $cfg['sign_validated'] = true; } else { message(__FILE__, __LINE__, 'error', '[b]Signature expired[/b]'); } } else { $cfg['sign'] = $session['sign']; } // Logout if ($authenticate == 'logout' && $cfg['username'] != $cfg['anonymous_user']) { $query = mysql_query('SELECT user_id FROM session WHERE logged_in AND user_id = ' . (int) $user_id . ' AND idle_time > ' . (int) (time() - $cfg['session_lifetime'])); if (mysql_affected_rows($db) > 1) { logoutMenu(); } else { logoutSession(); } } elseif ($authenticate == 'logoutAllSessions' && $cfg['username'] != $cfg['anonymous_user']) { mysql_query('UPDATE session SET logged_in = 0 WHERE user_id = ' . (int) $user_id); logoutSession(); } elseif ($authenticate == 'logoutSession' || $authenticate == 'logout') { logoutSession(); } $cfg['user_id'] = $user_id; $cfg['sid'] = $sid; $cfg['session_seed'] = $session['seed']; $cfg['random_blacklist'] = $session['random_blacklist']; //$cfg['thumbnail'] = $session['thumbnail']; $cfg['thumbnail'] = 1; //$cfg['thumbnail_size'] = $session['thumbnail_size']; $cfg['thumbnail_size'] = 100; $cfg['stream_id'] = isset($cfg['encode_extension'][$session['stream_id']]) ? $session['stream_id'] : -1; $cfg['download_id'] = isset($cfg['encode_extension'][$session['download_id']]) ? $session['download_id'] : -1; $cfg['player_id'] = $session['player_id']; }
function createPlayer($player = "Anonymous") { try { $this->__set("token", bin2hex(randomKey())); $this->__set("wallet", $this->getWallet($this->__get("token"))); $this->__set("player", $player); $at = array(); $at['token'] = $this->__get("token"); $at['player'] = $this->__get("player"); $at['wallet'] = $this->__get("wallet"); $date = new DateTime(); $at['exp'] = strtotime('+24 hours', $date->getTimestamp()); $at['iss'] = "botjack.co"; $this->__set("access_token", JWT::encode($at, $_ENV['token_key'])); return true; } catch (Exception $e) { return false; } }
function logoutSession() { global $cfg, $db; $cfg['username'] = ''; // Footer $cfg['access_media'] = ''; // Header opensearch $sid = cookie('netjukebox_sid'); $sign = randomKey(); $session_seed = randomKey(); // Update current session mysql_query('UPDATE session SET logged_in = 0, ip = "' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '", user_agent = "' . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . '", sign = "' . mysql_real_escape_string($sign) . '", seed = "' . mysql_real_escape_string($session_seed) . '" WHERE sid = BINARY "' . mysql_real_escape_string($sid) . '"'); if (mysql_affected_rows($db) == 0) { // Create new session $sid = randomKey(); mysql_query('INSERT INTO session (logged_in, create_time, ip, user_agent, sid, sign, seed) VALUES ( 0, ' . (int) time() . ', "' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '", "' . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . '", "' . mysql_real_escape_string($sid) . '", "' . mysql_real_escape_string($sign) . '", "' . mysql_real_escape_string($session_seed) . '")'); setcookie('netjukebox_sid', $sid, time() + 31536000, null, null, NJB_HTTPS, true); @ob_flush(); flush(); } // +------------------------------------------------------------------------+ // | Login | // +------------------------------------------------------------------------+ $query = mysql_query('SELECT username FROM user WHERE username = "******"'); $user = mysql_fetch_assoc($query); $anonymous = $user['username']; $action = get('action'); if (NJB_SCRIPT == 'index.php' && substr($action, 0, 4) == 'view') { $url = 'index.php?'; $get = getAll(); foreach ($get as $key => $value) { $url .= rawurlencode($key) . '=' . rawurlencode($value) . '&'; } $url = substr($url, 0, -5); } else { $url = 'index.php'; } $cfg['align'] = true; require_once NJB_HOME_DIR . 'include/header.inc.php'; ?> <script type="text/javascript"> <!-- if (hmacsha1('key', 'The quick brown fox jumps over the lazy dog') != 'de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9') { document.write('<table cellspacing="10" cellpadding="0" class="error">'); document.write('<tr>'); document.write(' <td valign="top"><img src="<?php echo $cfg['img']; ?> medium_message_error.png" alt=""><\/td>'); document.write(' <td valign="top"><strong>JavaScript error<\/strong><br>Unexpected SHA1 checksum result.<\/td>'); document.write('<\/tr>'); document.write('<\/table>'); } else if (typeof XMLHttpRequest == 'undefined') { document.write('<table cellspacing="10" cellpadding="0" class="error">'); document.write('<tr>'); document.write(' <td valign="top"><img src="<?php echo $cfg['img']; ?> medium_message_error.png" alt=""><\/td>'); document.write(' <td valign="top"><strong>Native XMLHttpRequest support is required<\/strong><br>'); document.write(' Enable XMLHttpRequest or get a modern web browser.<\/td>'); document.write('<\/tr>'); document.write('<\/table>'); } else { document.write('<form action="<?php echo $url; ?> " method="post" name="loginform" id="loginform" onSubmit="loginStage1(this.username.value); return false;">'); document.write(' <input type="hidden" name="authenticate" value="validate">'); document.write(' <input type="hidden" name="hash1" value="">'); document.write(' <input type="hidden" name="hash2" value="">'); document.write(' <input type="hidden" name="sign" value="">'); document.write('<table cellspacing="0" cellpadding="0" class="warning">'); document.write('<tr class="space"><td colspan="5"><\/td><\/tr>'); document.write('<tr>'); document.write(' <td class="space"><\/td>'); document.write(' <td>Username:<\/td>'); document.write(' <td class="space"><\/td>'); document.write(' <td><input type="text" name="username" value="<?php echo addslashes(html($anonymous)); ?> " maxlength="255" class="login" onKeyUp="anonymousPassword();"><\/td>'); document.write(' <td class="space"><\/td>'); document.write('<\/tr>'); document.write('<tr>'); document.write(' <td><\/td>'); document.write(' <td>Password:<\/td>'); document.write(' <td><\/td>'); document.write(' <td><input type="password" name="password" class="login"><\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="space"><td colspan="5"><\/td><\/tr>'); document.write('<tr>'); document.write(' <td><\/td>'); document.write(' <td colspan="3" align="right"><input type="submit" value="login" class="button"><\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="space"><td colspan="5"><\/td><\/tr>'); document.write('<tr>'); document.write(' <td><\/td>'); document.write(' <td colspan="3" class="line"><\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="space"><td colspan="5"><\/td><\/tr>'); <?php if ($cfg['admin_login_message'] == '') { ?> document.write('<tr>'); document.write(' <td><\/td>'); document.write(' <td colspan="3"><span class="login_message">Cookies and JavaScript are required to login.<br>'); document.write(' Browser must support native XMLHttpRequest.<\/span><\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); <?php } else { ?> document.write('<tr>'); document.write(' <td><\/td>'); document.write(' <td colspan="3"><span class="login_message">'); document.write(' <?php echo addslashes(bbcode($cfg['admin_login_message'])); ?> <\/span><\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); <?php } ?> document.write('<tr class="space"><td colspan="5"><\/td><\/tr>'); document.write('<\/table>'); document.write('<\/form>'); } function initialize() { if (typeof XMLHttpRequest != 'undefined') { document.loginform.username.focus(); document.loginform.username.select(); anonymousPassword(); } } function anonymousPassword() { if (<?php echo $anonymous ? 'true' : 'false'; ?> && document.loginform.username.value == '<?php echo addslashes(html($anonymous)); ?> ') { document.loginform.password.value = ''; document.loginform.password.className = 'login readonly'; // document.loginform.password.disabled = true; } else { document.loginform.password.className = 'login'; // document.loginform.password.disabled = false; } } function loginStage1(username) { document.loginform.username.value = ''; document.loginform.username.value = username; document.loginform.username.className = 'login readonly'; document.loginform.password.className = 'login readonly'; ajaxRequest('json.php', loginStage2, 'action=loginStage1&username='******'UTF-8' ? 'encodeURIComponent' : 'escape'; ?> (username) + '&sign=<?php echo hmacsha1($cfg['server_seed'], $sign); ?> '); } function loginStage2(data) { // data.user_seed, data.session_seed, data.sign; var password = document.loginform.password.value; document.loginform.password.value = ''; if (<?php echo $anonymous ? 'true' : 'false'; ?> && document.loginform.username.value == '<?php echo addslashes(html($anonymous)); ?> ') password = '******'; document.loginform.hash1.value = hmacsha1(password, data.user_seed); document.loginform.hash2.value = hmacsha1(hmacsha1(password, data.session_seed), data.session_seed); document.loginform.sign.value = data.sign; password = ''; setTimeout('document.loginform.submit();', <?php echo $cfg['login_delay']; ?> ); } //--> </script> <?php require_once NJB_HOME_DIR . 'include/footer.inc.php'; exit; }
function shareAlbum($album_id) { global $cfg, $db; authenticate('access_admin', false, true); if ($cfg['album_share_stream'] == false) { message(__FILE__, __LINE__, 'error', '[b]Error[/b][br]Share album disabled'); } $query = mysql_query('SELECT artist_alphabetic, album, year FROM album WHERE album_id = "' . mysql_real_escape_string($album_id) . '"'); $album = mysql_fetch_assoc($query); if ($album == false) { message(__FILE__, __LINE__, 'error', '[b]Error[/b][br]album_id not found in database'); } // formattedNavigator $nav = array(); $nav['name'][] = 'Media'; $nav['url'][] = 'index.php'; $nav['name'][] = $album['artist_alphabetic']; $nav['url'][] = 'index.php?action=view2&artist=' . rawurlencode($album['artist_alphabetic']); $nav['name'][] = $album['album']; $nav['url'][] = 'index.php?action=view3&album_id=' . $album_id; $nav['name'][] = 'Share stream'; require_once 'include/header.inc.php'; $expire_time = time() + $cfg['share_stream_lifetime']; $sid = randomKey(); mysql_query('INSERT INTO share_stream (sid, album_id, stream_id, expire_time) VALUES ( "' . mysql_real_escape_string($sid) . '", "' . mysql_real_escape_string($album_id) . '", ' . (int) $cfg['stream_id'] . ', ' . (int) $expire_time . ')'); $url = NJB_HOME_URL . 'stream.php?action=playlist&sid=' . $sid; $name = $album['artist_alphabetic'] . ' - '; $name .= $album['year'] ? $album['year'] . ' - ' : ''; $name .= $album['album']; // $name = encodeEscapeChar($name); $transcode = false; $exact = true; $extensions = array(); $miliseconds = 0; $query = mysql_query('SELECT track.filesize, cache.filesize AS cache_filesize, miliseconds, audio_bitrate, track_id, LOWER(SUBSTRING_INDEX(track.relative_file, ".", -1)) AS extension FROM track LEFT JOIN cache ON track.track_id = cache.id AND cache.profile = ' . (int) $cfg['stream_id'] . ' WHERE album_id = "' . mysql_real_escape_string($album_id) . '"'); while ($track = mysql_fetch_assoc($query)) { if (in_array($track['extension'], $extensions) == false) { $extensions[] = $track['extension']; } if (sourceFile($track['extension'], $track['audio_bitrate'], $cfg['stream_id']) == false) { $transcode = true; if ($track['cache_filesize'] == false) { $exact = false; } } $miliseconds += $track['miliseconds']; } sort($extensions); $source = implode($extensions, ', '); $profile_name = $transcode ? $cfg['encode_name'][$cfg['stream_id']] . ' (' . $source . ' source)' : 'Source (' . $source . ')'; if ($transcode && $exact) { $cache_txt = 'Transcoded:'; $cache_png = $cfg['img'] . 'small_check.png'; } elseif ($transcode && !$exact) { $cache_txt = 'Transcoded:'; $cache_png = $cfg['img'] . 'small_uncheck.png'; } else { $cache_txt = 'Source:'; $cache_png = $cfg['img'] . 'small_check.png'; } ?> <form action="" name="form" id="form"> <table cellspacing="0" cellpadding="0" class="border"> <tr class="header"> <td class="space"></td> <td colspan="3"><?php echo html($name); ?> </td> <td class="space"></td> </tr> <tr class="line"><td colspan="5"></td></tr> <tr class="odd"> <td></td> <td>Play time:</td> <td></td> <td><?php echo formattedTime($miliseconds); ?> </td> <td class="space"></td> </tr> <tr class="even"> <td class="space"></td> <td>Stream profile:</td> <td class="textspace"></td> <td><?php echo html($profile_name); ?> </td> <td class="space"></td> </tr> <tr class="odd"> <td></td> <td><?php echo $cache_txt; ?> </td> <td></td> <td><img src="<?php echo $cache_png; ?> " alt="" class="small"></td> <td class="space"></td> </tr> <tr class="even"> <td></td> <td>Mail:</td> <td></td> <td><a href="mailto:?SUBJECT=<?php echo rawurlencode($name); ?> &BODY=---%0APlay%20time%3A%20<?php echo rawurlencode(formattedTime($miliseconds)); ?> %0AStream%3A%20<?php echo rawurlencode($name); ?> %0A<?php echo rawurlencode(str_replace('&', '&', $url)); ?> %0A%0AThis%20stream%20will%20expire%20<?php echo rawurlencode(date($cfg['date_format'], $expire_time)); ?> %20and%20locked%20to%20the%20first%20used%20IP%20address."><img src="<?php echo $cfg['img']; ?> small_mail.png" alt="" class="small"></a></td> <td></td> </tr> <tr class="odd"> <td></td> <td>URL:</td> <td></td> <td><input type="text" value="<?php echo $url; ?> " readonly class="url" onClick="focus(this); select(this);"></td> <td></td> </tr> <tr class="even"> <td></td> <td>QR Code:</td> <td></td> <td><img src="qrcode.php?d=<?php echo rawurlencode(str_replace('&', '&', $url)); ?> &e=l&s=3" alt=""></td> <td></td> </tr> </table> </form> <?php require_once 'include/footer.inc.php'; }
function generateRandomUnit() { if (rand(0, 1) == 0) { return rand(0, 1048576); } else { return randomKey(rand(5, 20)); } }
function randomDigitalProduct() { global $tableprefix; $string = ""; $possible_charactors = "PaNbIuJcMOfgnTopRUjkXlSmFxGqrdeKsLvzAwyBZDtEhiHQVWCY"; while (strlen($string) < 2) { $string .= substr($possible_charactors, rand() % strlen($possible_charactors), 2); } $string .= gmdate("mdYHis") . substr(microtime(), 2, 6); $string = str_replace("-", "", $string); $string = str_replace(":", "", $string); $string = str_replace(" ", "", $string); $select_digital_product = "SELECT ndigital_id FROM " . $tableprefix . "digital_product WHERE vdigital_product_name = '" . $string . "'"; $result_digital_product = mysql_query($select_digital_product); if (mysql_num_rows($result_digital_product) > 0) { $string = randomKey(); } return $string; }
function render_exception($e) { $e = exception_to_stdclass($e); ob_start(); echo '<!-- error-hmnb9a525V77pG545SXkqmfW: ' . json_encode($e->message) . ' -->'; echo '<div style=\'font-size: 1em; border: 2px solid black; padding: 5px; background: white;' . 'font-family: Consolas, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", ' . '"Bitstream Vera Sans Mono", "Courier New", monospace;\'>'; $exceptions = array(); while (true) { ob_start(); echo "<h1 style='font-size: 1.2em;' data-message='{$e->{'class'}}: " . htmlspecialchars($e->message, ENT_QUOTES) . "'>{$e->{'class'}}: " . (strlen($e->message) > 80 ? htmlspecialchars(substr($e->message, 0, 80), ENT_QUOTES) . ' <a href="#" onclick="this.parentNode.textContent = this.parentNode.getAttribute(\'data-message\');' . 'return false;">...</a>' : htmlspecialchars($e->message, ENT_QUOTES)) . "</h1>"; echo "<ul>"; $firstItem = true; foreach (array_merge(array($e), $e->trace) as $traceItem) { $traceItemId = randomKey(24); $isLibrary = isset($traceItem->isLibrary) && $traceItem->isLibrary; echo '<li style="' . ($isLibrary ? 'color: gray;' : '') . '">'; echo '<a href="#' . $traceItemId . '" style="' . (!$isLibrary ? 'color: black;' : 'color: gray;') . '" onclick="if (this.nextSibling.style.display == \'none\') this.nextSibling.style.display = \'\';' . ' else this.nextSibling.style.display = \'none\'; return false;">' . (isset($traceItem->file) ? htmlspecialchars($traceItem->file . ':' . $traceItem->line) : '[internal function]') . '</a>'; echo '<div class="' . $traceItemId . '" style="' . (!$isLibrary && $firstItem ? '' : 'display: none;') . '">'; echo "<pre><h2 style='font-size: 1.1em;'>"; ob_start(); if (isset($traceItem->{'function'})) { echo (isset($traceItem->{'class'}) ? $traceItem->{'class'} . $traceItem->{'type'} : '') . $traceItem->{'function'} . '('; $arguments = array(); foreach ($traceItem->arguments as $argument) { $arguments[] = dumpArgument($argument); } echo implode(', ', $arguments); echo ')'; } echo htmlspecialchars(ob_get_clean()); echo "</h2></pre>"; if (isset($traceItem->snippet->content)) { echo '<pre class="snippet">'; $lines = explode("\n", htmlspecialchars($traceItem->snippet->content)); if (array_key_exists($traceItem->line - $traceItem->snippet->beginLine - 1, $lines)) { $lines[$traceItem->line - $traceItem->snippet->beginLine - 1] = "<strong style='color: red;'>" . rtrim($lines[$traceItem->line - $traceItem->snippet->beginLine - 1]) . "</strong>"; } foreach ($lines as $lineIndex => $lineContent) { $lineNumber = $traceItem->snippet->beginLine + $lineIndex + 1; $lines[$lineIndex] = str_pad($lineNumber, strlen($traceItem->snippet->beginLine) + 1, " ", STR_PAD_LEFT) . ' | ' . $lineContent; } echo implode("\n", $lines); echo "</pre>"; } echo '</div>'; echo "</li>"; if (!$isLibrary && $firstItem) { $problemTraceItem = $traceItem; } if (!$isLibrary) { $firstItem = false; } } echo "</ul>"; $exceptions[] = ob_get_clean(); if (isset($e->previous)) { $e = $e->previous; continue; } break; } echo implode('<hr />', $exceptions); echo '</div>'; return ob_get_clean(); }
function editUser($user_id) { global $cfg, $db; authenticate('access_admin'); if ($user_id == '0') { // Add user configuraton $user['username'] = '******' . sprintf('%04x', mt_rand(0, 0xffff)); $user['access_media'] = true; $user['access_popular'] = false; $user['access_favorite'] = false; $user['access_cover'] = false; $user['access_stream'] = false; $user['access_download'] = false; $user['access_playlist'] = false; $user['access_play'] = false; $user['access_add'] = false; $user['access_record'] = false; $user['access_statistics'] = false; $user['access_admin'] = false; $txt_menu = 'Add user'; $txt_password = '******'; } else { // Edit user configutaion $query = mysql_query('SELECT username, access_media, access_popular, access_favorite, access_cover, access_stream, access_download, access_playlist, access_play, access_add, access_record, access_statistics, access_admin FROM user WHERE user_id = ' . (int) $user_id); $user = mysql_fetch_assoc($query); if ($user == false) { message(__FILE__, __LINE__, 'error', '[b]Error[/b][br]user_id not found in database'); } $txt_menu = 'Edit user'; $txt_password = '******'; } // formattedNavigator $nav = array(); $nav['name'][] = 'Configuration'; $nav['url'][] = 'config.php'; $nav['name'][] = 'Users'; $nav['url'][] = 'users.php'; $nav['name'][] = $txt_menu; require_once 'include/header.inc.php'; // Store seed temporarily in the session database // After acepting a new password copy the seed to the user database $session_seed = randomKey(); mysql_query('UPDATE session SET seed = "' . mysql_real_escape_string($session_seed) . '" WHERE sid = BINARY "' . mysql_real_escape_string($cfg['sid']) . '"'); ?> <script type="text/javascript"> <!-- if (hmacsha1('key', 'The quick brown fox jumps over the lazy dog') != 'de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9') { document.write('<table cellspacing="10" cellpadding="0" class="error">'); document.write('<tr>'); document.write(' <td valign="top"><img src="<?php echo $cfg['img']; ?> medium_message_error.png" alt=""><\/td>'); document.write(' <td valign="top"><strong>JavaScript error<\/strong><br>Unexpected SHA1 checksum result.<\/td>'); document.write('<\/tr>'); document.write('<\/table>'); } else if (typeof XMLHttpRequest == 'undefined') { document.write('<table cellspacing="10" cellpadding="0" class="error">'); document.write('<tr>'); document.write(' <td valign="top"><img src="<?php echo $cfg['img']; ?> medium_message_error.png" alt=""><\/td>'); document.write(' <td valign="top"><strong>Native XMLHttpRequest support is required<\/strong><br>'); document.write(' Enable XMLHttpRequest or get a modern web browser.<\/td>'); document.write('<\/tr>'); document.write('<\/table>'); } else { document.write('<form id="editUser" action="users.php" method="post" onSubmit="return hashPassword(this);" autocomplete="off">'); document.write(' <input type="hidden" name="action" value="updateUser">'); document.write(' <input type="hidden" name="user_id" value="<?php echo $user_id; ?> ">'); document.write(' <input type="hidden" name="sign" value="<?php echo $cfg['sign']; ?> ">'); document.write('<table cellspacing="0" cellpadding="0" class="border">'); document.write('<tr class="header">'); document.write(' <td ><\/td>'); document.write(' <td>Access<\/td>'); document.write(' <td ><\/td>'); document.write('<\/tr>'); document.write('<tr class="line"><td colspan="4"><\/td><\/tr>'); document.write('<tr class="lh3" <?php echo addslashes(onmouseoverAccessInfo('media')); ?> >'); document.write(' <td><\/td>'); document.write(' <td> <input type="checkbox" name="access_media" value="1" <?php if ($user['access_media']) { echo ' checked'; } ?> >Media<\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="lh3" <?php echo addslashes(onmouseoverAccessInfo('popular')); ?> >'); document.write(' <td><\/td>'); document.write(' <td> <input type="checkbox" name="access_popular" value="1" <?php if ($user['access_popular']) { echo ' checked'; } ?> >Popular<\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="lh3" <?php echo addslashes(onmouseoverAccessInfo('favorite')); ?> >'); document.write(' <td><\/td>'); document.write(' <td> <input type="checkbox" name="access_favorite" value="1" <?php if ($user['access_favorite']) { echo ' checked'; } ?> >Favorite<\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="lh3" <?php echo addslashes(onmouseoverAccessInfo('playlist')); ?> >'); document.write(' <td><\/td>'); document.write(' <td> <input type="checkbox" name="access_playlist" value="1" <?php if ($user['access_playlist']) { echo ' checked'; } ?> >Playlist<\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="lh3" <?php echo addslashes(onmouseoverAccessInfo('play')); ?> >'); document.write(' <td><\/td>'); document.write(' <td> <input type="checkbox" name="access_play" value="1" <?php if ($user['access_play']) { echo ' checked'; } ?> >Play<\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="lh3" <?php echo addslashes(onmouseoverAccessInfo('add')); ?> >'); document.write(' <td><\/td>'); document.write(' <td> <input type="checkbox" name="access_add" value="1" <?php if ($user['access_add']) { echo ' checked'; } ?> >Add<\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="lh3" <?php echo addslashes(onmouseoverAccessInfo('stream')); ?> >'); document.write(' <td><\/td>'); document.write(' <td> <input type="checkbox" name="access_stream" value="1" <?php if ($user['access_stream']) { echo ' checked'; } ?> >Stream<\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="lh3" <?php echo addslashes(onmouseoverAccessInfo('download')); ?> >'); document.write(' <td><\/td>'); document.write(' <td> <input type="checkbox" name="access_download" value="1" <?php if ($user['access_download']) { echo ' checked'; } ?> >Download<\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); /* document.write('<tr class="lh3" <?php echo addslashes(onmouseoverAccessInfo('cover')); ?> >'); document.write(' <td><\/td>'); document.write(' <td> <input type="checkbox" name="access_cover" value="1" <?php if ($user['access_cover']) { echo ' checked'; } ?> >Cover<\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="lh3" <?php echo addslashes(onmouseoverAccessInfo('record')); ?> >'); document.write(' <td><\/td>'); document.write(' <td> <input type="checkbox" name="access_record" value="1" <?php if ($user['access_record']) { echo ' checked'; } ?> >Record<\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); */ document.write('<tr class="lh3" <?php echo addslashes(onmouseoverAccessInfo('statistics')); ?> >'); document.write(' <td><\/td>'); document.write(' <td> <input type="checkbox" name="access_statistics" value="1" <?php if ($user['access_statistics']) { echo ' checked'; } ?> >Statistics<\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="lh3" <?php echo addslashes(onmouseoverAccessInfo('admin')); ?> >'); document.write(' <td><\/td>'); document.write(' <td> <input type="checkbox" name="access_admin" value="1" <?php if ($user['access_admin']) { echo ' checked'; } ?> >Admin<\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="line"><td colspan="3"><\/td><\/tr>'); document.write('<tr class="footer">'); document.write(' <td><\/td>'); document.write(' <td>Username:<\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="footer">'); document.write(' <td><\/td>'); document.write(' <td><input type="text" name="new_username" value="<?php echo addslashes(html($user['username'])); ?> " maxlength="255" <?php echo $user['username'] == $cfg['anonymous_user'] ? 'readonly class="login readonly" onfocus="this.blur();"' : 'class="login"'; ?> ><\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="footer">'); document.write(' <td><\/td>'); document.write(' <td><?php echo $txt_password; ?> <\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="footer">'); document.write(' <td><\/td>'); document.write(' <td><input type="password" name="new_password" <?php echo $user['username'] == $cfg['anonymous_user'] ? 'readonly class="login readonly" onfocus="this.blur();"' : 'class="login"'; ?> ><\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="footer">'); document.write(' <td><\/td>'); document.write(' <td>Confirm password:<\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="footer">'); document.write(' <td><\/td>'); document.write(' <td><input type="password" name="chk_password" <?php echo $user['username'] == $cfg['anonymous_user'] ? 'readonly class="login readonly" onfocus="this.blur();"' : 'class="login"'; ?> ><\/td>'); document.write(' <td><\/td>'); document.write('<\/tr>'); document.write('<tr class="footer"><td colspan="3"><\/td><\/tr>'); document.write('<\/table>'); document.write('<br>'); document.write('<div class="buttons"><span><a href="#" onclick="$(\'#editUser\').submit();">Save</a><\/span>'); document.write('<span><a href="users.php">Cancel<\/a></span>'); document.write('<\/div><\/form>'); function hashPassword(thisform) { thisform.new_username.className = 'login readonly'; thisform.new_password.className = 'login readonly'; thisform.chk_password.className = 'login readonly'; thisform.new_password.value = hmacsha1(hmacsha1(thisform.new_password.value, '<?php echo $session_seed; ?> '), '<?php echo $session_seed; ?> '); thisform.chk_password.value = hmacsha1(hmacsha1(thisform.chk_password.value, '<?php echo $session_seed; ?> '), '<?php echo $session_seed; ?> '); return true; } } //--> </script> <?php require_once 'include/footer.inc.php'; }
function loginStage1() { global $cfg, $db; header('Expires: Mon, 9 Oct 2000 18:00:00 GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); $sid = cookie('netjukebox_sid'); $username = post('username'); $sign = post('sign'); $query = mysql_query('SELECT seed FROM user WHERE username = "******"'); $user = mysql_fetch_assoc($query); $query = mysql_query('SELECT ip, seed, sign FROM session WHERE sid = BINARY "' . mysql_real_escape_string($sid) . '"'); $session = mysql_fetch_assoc($query); if ($session['ip'] == '') { message(__FILE__, __LINE__, 'error', '[b]Login failed[/b][br]netjukebox requires cookies to login.[br]Enable cookies in your browser and try again.[br][url=index.php][img]small_login.png[/img]login[/url]'); } if ($session['ip'] != $_SERVER['REMOTE_ADDR']) { message(__FILE__, __LINE__, 'error', '[b]Login failed[/b][br]Unexpected IP address[br][url=index.php][img]small_login.png[/img]login[/url]'); } if (hmacsha1($cfg['server_seed'], $session['sign']) == $sign) { $sign = randomKey(); mysql_query('UPDATE session SET sign = "' . mysql_real_escape_string($sign) . '", pre_login_time = ' . (string) round(microtime(true) * 1000) . ' WHERE sid = BINARY "' . mysql_real_escape_string($sid) . '"'); } else { // login will fail! $sign = randomKey(); } // Always calculate fake seed to prevent script execution time differences $fake_seed = substr(hmacsha1($cfg['server_seed'], $username . 'NeZlFgqDoh9hc-BkczryQFIcpoBng3I_vXaWtOKS'), 0, 30); $fake_seed .= substr(hmacsha1($cfg['server_seed'], $username . 'g-FE6H0MJ1n0lNo2D7XLachV8WE-xmEcwsXNZqlQ'), 0, 30); $fake_seed = base64_encode(pack('H*', $fake_seed)); $fake_seed = str_replace('+', '-', $fake_seed); // modified Base64 for URL $fake_seed = str_replace('/', '_', $fake_seed); $data = array(); $data['user_seed'] = $user['seed'] == '' ? $fake_seed : $user['seed']; $data['session_seed'] = $session['seed']; $data['sign'] = $sign; echo safe_json_encode($data); }