function debugObject($object)
{
if (!isset($GLOBALS['__7iPYslyzfKzZBtZBc7T6aglQ_debugObjects'])) {
$GLOBALS['__7iPYslyzfKzZBtZBc7T6aglQ_debugObjects'] = (object) array();
}
$id = randomKey(24);
$GLOBALS['__7iPYslyzfKzZBtZBc7T6aglQ_debugObjects']->{$id} = $object;
if (isset($_SERVER['debugObjectsPath'])) {
file_put_contents($_SERVER['debugObjectsPath'] . "/{$id}.json", json_encode($object), FILE_APPEND | LOCK_EX);
}
return "[object: {$id}]";
}
function loadServerSettings()
{
global $cfg, $db;
$query = @mysql_query('SELECT name, value FROM server') or message(__FILE__, __LINE__, 'error', '[b]Failed to load MySQL server settings[/b][br]' . 'When creating the database manually[br]' . 'also import the [i]sql/ompd_' . NJB_DATABASE_VERSION . '.sql[/i] file manually.');
while ($server = mysql_fetch_assoc($query)) {
$cfg[$server['name']] = $server['value'];
}
$cfg['database_version'] = (int) $cfg['database_version'];
$cfg['latest_version_idle_time'] = (int) $cfg['latest_version_idle_time'];
if (isset($cfg['server_seed']) == false && $cfg['database_version'] == NJB_DATABASE_VERSION) {
$cfg['server_seed'] = randomKey();
@mysql_query('INSERT INTO server (name, value) VALUES ("server_seed", "' . mysql_real_escape_string($cfg['server_seed']) . '")') or message(__FILE__, __LINE__, 'error', '[b]MySQL create/upgarde error[/b][br]Failed to create server_seed');
}
}
public function check($access, $cache = false, $validate_sign = false, $disable_counter = false)
{
global $cfg;
if ($cache == false && headers_sent() == false) {
header('Expires: Mon, 9 Oct 2000 18:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
}
$sid = $this->app->getCookie('netjukebox_sid');
$authenticate = $this->app->request->params('authenticate');
$result = $this->app->db->query('
SELECT logged_in, user_id, idle_time,
ip, user_agent, sign, seed, skin,
random_blacklist, thumbnail, thumbnail_size,
stream_id, download_id, player_id
FROM session
WHERE sid = BINARY "' . $this->app->db->real_escape_string($sid) . '"');
$session = $result->fetch_assoc();
//setSkin($session['skin']);
// Validate login
if ($authenticate == 'validate') {
$username = $this->app->request->post('username');
$hash1 = $this->app->request->post('hash1');
$hash2 = $this->app->request->post('hash2');
$sign = $this->app->request->post('sign');
if ($session['ip'] == '') {
message(__FILE__, __LINE__, 'error', '[b]Login failed[/b][br]netjukebox requires cookies to login.[br]Enable cookies in your browser and try again.[br][url=index.php][img]small_login.png[/img]login[/url]');
}
if ($session['ip'] != $_SERVER['REMOTE_ADDR']) {
message(__FILE__, __LINE__, 'error', '[b]Login failed[/b][br]Unexpected IP address[br][url=index.php][img]small_login.png[/img]login[/url]');
}
$query = mysql_query('SELECT ' . (string) round(microtime(true) * 1000) . ' - pre_login_time AS login_delay FROM session WHERE ip = "' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '" ORDER BY pre_login_time DESC LIMIT 1');
$ip = mysql_fetch_assoc($query);
$query = mysql_query('SELECT password, seed, version, user_id FROM user WHERE username = "******"');
$user = mysql_fetch_assoc($query);
$user_id = $user['user_id'];
if (($user['version'] == 0 && $user['password'] == sha1($hash1) || $user['version'] == 1 && $user['password'] == hmacsha1($hash1, $user['seed'])) && preg_match('#^[0-9a-f]{40}$#', $hash1) && preg_match('#^[0-9a-f]{40}$#', $hash2) && ($username == $cfg['anonymous_user'] && $hash2 == hmacsha1(hmacsha1($cfg['anonymous_user'], $session['seed']), $session['seed']) || $username != $cfg['anonymous_user'] && $hash2 != hmacsha1(hmacsha1('', $session['seed']), $session['seed'])) && $ip['login_delay'] > $cfg['login_delay'] && $session['user_agent'] == substr($_SERVER['HTTP_USER_AGENT'], 0, 255) && $session['sign'] == $sign) {
mysql_query('UPDATE user SET
password = "******",
seed = "' . mysql_real_escape_string($session['seed']) . '",
version = 1
WHERE username = "******"');
$sign = randomKey();
$sid = randomKey();
mysql_query('UPDATE session SET
logged_in = 1,
user_id = ' . (int) $user_id . ',
login_time = ' . (int) time() . ',
idle_time = ' . (int) time() . ',
sid = "' . mysql_real_escape_string($sid) . '",
sign = "' . mysql_real_escape_string($sign) . '",
hit_counter = hit_counter + ' . ($disable_counter ? 0 : 1) . ',
visit_counter = visit_counter + ' . (time() > $session['idle_time'] + 3600 ? 1 : 0) . '
WHERE sid = BINARY "' . mysql_real_escape_string(cookie('netjukebox_sid')) . '"');
setcookie('netjukebox_sid', $sid, time() + 31536000, null, null, NJB_HTTPS, true);
@ob_flush();
flush();
} else {
logoutSession();
}
} else {
// Validate current session
$user_id = $session['user_id'];
if ($session['logged_in'] && $session['ip'] == $_SERVER['REMOTE_ADDR'] && $session['user_agent'] == substr($_SERVER['HTTP_USER_AGENT'], 0, 255) && $session['idle_time'] + $cfg['session_lifetime'] > time()) {
mysql_query('UPDATE session SET
idle_time = ' . (int) time() . ',
hit_counter = hit_counter + ' . ($disable_counter ? 0 : 1) . ',
visit_counter = visit_counter + ' . (time() > $session['idle_time'] + 3600 ? 1 : 0) . '
WHERE sid = BINARY "' . mysql_real_escape_string($sid) . '"');
} elseif ($access == 'access_always') {
$cfg['access_media'] = false;
$cfg['access_popular'] = false;
$cfg['access_favorite'] = false;
$cfg['access_cover'] = false;
$cfg['access_stream'] = false;
$cfg['access_download'] = false;
$cfg['access_playlist'] = false;
$cfg['access_play'] = false;
$cfg['access_add'] = false;
$cfg['access_record'] = false;
$cfg['access_statistics'] = false;
$cfg['access_admin'] = false;
return true;
} else {
$app->ll->str('böla');
logoutSession();
}
}
// Username & user privalages
unset($cfg['username']);
$query = mysql_query('SELECT
username,
access_media,
access_popular,
access_favorite,
access_cover,
access_stream,
access_download,
access_playlist,
access_play,
access_add,
access_record,
access_statistics,
access_admin
FROM user
WHERE user_id = ' . (int) $user_id);
$cfg += mysql_fetch_assoc($query);
// Validate privilege
$access_validated = false;
if (is_array($access)) {
foreach ($access as $value) {
if (isset($cfg[$value]) && $cfg[$value]) {
$access_validated = true;
}
}
} elseif (isset($cfg[$access]) && $cfg[$access]) {
$access_validated = true;
} elseif ($access == 'access_logged_in') {
$access_validated = true;
} elseif ($access == 'access_always') {
$access_validated = true;
}
if ($access_validated == false) {
message(__FILE__, __LINE__, 'warning', '[b]You have no privilege to access this page[/b][br][url=index.php?authenticate=logout][img]small_login.png[/img]Login as another user[/url]');
}
// Validate signature
if ($cfg['sign_validated'] == false && ($validate_sign || $authenticate == 'logoutAllSessions' || $authenticate == 'logoutSession')) {
$cfg['sign'] = randomKey();
mysql_query('UPDATE session
SET sign = "' . mysql_real_escape_string($cfg['sign']) . '"
WHERE sid = BINARY "' . mysql_real_escape_string($sid) . '"');
if ($session['sign'] == getpost('sign')) {
$cfg['sign_validated'] = true;
} else {
message(__FILE__, __LINE__, 'error', '[b]Signature expired[/b]');
}
} else {
$cfg['sign'] = $session['sign'];
}
// Logout
if ($authenticate == 'logout' && $cfg['username'] != $cfg['anonymous_user']) {
$query = mysql_query('SELECT user_id FROM session
WHERE logged_in
AND user_id = ' . (int) $user_id . '
AND idle_time > ' . (int) (time() - $cfg['session_lifetime']));
if (mysql_affected_rows($db) > 1) {
logoutMenu();
} else {
logoutSession();
}
} elseif ($authenticate == 'logoutAllSessions' && $cfg['username'] != $cfg['anonymous_user']) {
mysql_query('UPDATE session
SET logged_in = 0
WHERE user_id = ' . (int) $user_id);
logoutSession();
} elseif ($authenticate == 'logoutSession' || $authenticate == 'logout') {
logoutSession();
}
$cfg['user_id'] = $user_id;
$cfg['sid'] = $sid;
$cfg['session_seed'] = $session['seed'];
$cfg['random_blacklist'] = $session['random_blacklist'];
//$cfg['thumbnail'] = $session['thumbnail'];
$cfg['thumbnail'] = 1;
//$cfg['thumbnail_size'] = $session['thumbnail_size'];
$cfg['thumbnail_size'] = 100;
$cfg['stream_id'] = isset($cfg['encode_extension'][$session['stream_id']]) ? $session['stream_id'] : -1;
$cfg['download_id'] = isset($cfg['encode_extension'][$session['download_id']]) ? $session['download_id'] : -1;
$cfg['player_id'] = $session['player_id'];
}
function createPlayer($player = "Anonymous")
{
try {
$this->__set("token", bin2hex(randomKey()));
$this->__set("wallet", $this->getWallet($this->__get("token")));
$this->__set("player", $player);
$at = array();
$at['token'] = $this->__get("token");
$at['player'] = $this->__get("player");
$at['wallet'] = $this->__get("wallet");
$date = new DateTime();
$at['exp'] = strtotime('+24 hours', $date->getTimestamp());
$at['iss'] = "botjack.co";
$this->__set("access_token", JWT::encode($at, $_ENV['token_key']));
return true;
} catch (Exception $e) {
return false;
}
}
function logoutSession()
{
global $cfg, $db;
$cfg['username'] = '';
// Footer
$cfg['access_media'] = '';
// Header opensearch
$sid = cookie('netjukebox_sid');
$sign = randomKey();
$session_seed = randomKey();
// Update current session
mysql_query('UPDATE session SET
logged_in = 0,
ip = "' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '",
user_agent = "' . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . '",
sign = "' . mysql_real_escape_string($sign) . '",
seed = "' . mysql_real_escape_string($session_seed) . '"
WHERE sid = BINARY "' . mysql_real_escape_string($sid) . '"');
if (mysql_affected_rows($db) == 0) {
// Create new session
$sid = randomKey();
mysql_query('INSERT INTO session (logged_in, create_time, ip, user_agent, sid, sign, seed) VALUES (
0,
' . (int) time() . ',
"' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '",
"' . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . '",
"' . mysql_real_escape_string($sid) . '",
"' . mysql_real_escape_string($sign) . '",
"' . mysql_real_escape_string($session_seed) . '")');
setcookie('netjukebox_sid', $sid, time() + 31536000, null, null, NJB_HTTPS, true);
@ob_flush();
flush();
}
// +------------------------------------------------------------------------+
// | Login |
// +------------------------------------------------------------------------+
$query = mysql_query('SELECT username FROM user WHERE username = "******"');
$user = mysql_fetch_assoc($query);
$anonymous = $user['username'];
$action = get('action');
if (NJB_SCRIPT == 'index.php' && substr($action, 0, 4) == 'view') {
$url = 'index.php?';
$get = getAll();
foreach ($get as $key => $value) {
$url .= rawurlencode($key) . '=' . rawurlencode($value) . '&';
}
$url = substr($url, 0, -5);
} else {
$url = 'index.php';
}
$cfg['align'] = true;
require_once NJB_HOME_DIR . 'include/header.inc.php';
?>
<script type="text/javascript">
<!--
if (hmacsha1('key', 'The quick brown fox jumps over the lazy dog') != 'de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9') {
document.write('<table cellspacing="10" cellpadding="0" class="error">');
document.write('<tr>');
document.write(' <td valign="top"><img src="<?php
echo $cfg['img'];
?>
medium_message_error.png" alt=""><\/td>');
document.write(' <td valign="top"><strong>JavaScript error<\/strong><br>Unexpected SHA1 checksum result.<\/td>');
document.write('<\/tr>');
document.write('<\/table>');
}
else if (typeof XMLHttpRequest == 'undefined') {
document.write('<table cellspacing="10" cellpadding="0" class="error">');
document.write('<tr>');
document.write(' <td valign="top"><img src="<?php
echo $cfg['img'];
?>
medium_message_error.png" alt=""><\/td>');
document.write(' <td valign="top"><strong>Native XMLHttpRequest support is required<\/strong><br>');
document.write(' Enable XMLHttpRequest or get a modern web browser.<\/td>');
document.write('<\/tr>');
document.write('<\/table>');
}
else {
document.write('<form action="<?php
echo $url;
?>
" method="post" name="loginform" id="loginform" onSubmit="loginStage1(this.username.value); return false;">');
document.write(' <input type="hidden" name="authenticate" value="validate">');
document.write(' <input type="hidden" name="hash1" value="">');
document.write(' <input type="hidden" name="hash2" value="">');
document.write(' <input type="hidden" name="sign" value="">');
document.write('<table cellspacing="0" cellpadding="0" class="warning">');
document.write('<tr class="space"><td colspan="5"><\/td><\/tr>');
document.write('<tr>');
document.write(' <td class="space"><\/td>');
document.write(' <td>Username:<\/td>');
document.write(' <td class="space"><\/td>');
document.write(' <td><input type="text" name="username" value="<?php
echo addslashes(html($anonymous));
?>
" maxlength="255" class="login" onKeyUp="anonymousPassword();"><\/td>');
document.write(' <td class="space"><\/td>');
document.write('<\/tr>');
document.write('<tr>');
document.write(' <td><\/td>');
document.write(' <td>Password:<\/td>');
document.write(' <td><\/td>');
document.write(' <td><input type="password" name="password" class="login"><\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="space"><td colspan="5"><\/td><\/tr>');
document.write('<tr>');
document.write(' <td><\/td>');
document.write(' <td colspan="3" align="right"><input type="submit" value="login" class="button"><\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="space"><td colspan="5"><\/td><\/tr>');
document.write('<tr>');
document.write(' <td><\/td>');
document.write(' <td colspan="3" class="line"><\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="space"><td colspan="5"><\/td><\/tr>');
<?php
if ($cfg['admin_login_message'] == '') {
?>
document.write('<tr>');
document.write(' <td><\/td>');
document.write(' <td colspan="3"><span class="login_message">Cookies and JavaScript are required to login.<br>');
document.write(' Browser must support native XMLHttpRequest.<\/span><\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
<?php
} else {
?>
document.write('<tr>');
document.write(' <td><\/td>');
document.write(' <td colspan="3"><span class="login_message">');
document.write(' <?php
echo addslashes(bbcode($cfg['admin_login_message']));
?>
<\/span><\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
<?php
}
?>
document.write('<tr class="space"><td colspan="5"><\/td><\/tr>');
document.write('<\/table>');
document.write('<\/form>');
}
function initialize() {
if (typeof XMLHttpRequest != 'undefined') {
document.loginform.username.focus();
document.loginform.username.select();
anonymousPassword();
}
}
function anonymousPassword() {
if (<?php
echo $anonymous ? 'true' : 'false';
?>
&& document.loginform.username.value == '<?php
echo addslashes(html($anonymous));
?>
') {
document.loginform.password.value = '';
document.loginform.password.className = 'login readonly';
// document.loginform.password.disabled = true;
}
else {
document.loginform.password.className = 'login';
// document.loginform.password.disabled = false;
}
}
function loginStage1(username) {
document.loginform.username.value = '';
document.loginform.username.value = username;
document.loginform.username.className = 'login readonly';
document.loginform.password.className = 'login readonly';
ajaxRequest('json.php', loginStage2, 'action=loginStage1&username='******'UTF-8' ? 'encodeURIComponent' : 'escape';
?>
(username) + '&sign=<?php
echo hmacsha1($cfg['server_seed'], $sign);
?>
');
}
function loginStage2(data) {
// data.user_seed, data.session_seed, data.sign;
var password = document.loginform.password.value;
document.loginform.password.value = '';
if (<?php
echo $anonymous ? 'true' : 'false';
?>
&& document.loginform.username.value == '<?php
echo addslashes(html($anonymous));
?>
')
password = '******';
document.loginform.hash1.value = hmacsha1(password, data.user_seed);
document.loginform.hash2.value = hmacsha1(hmacsha1(password, data.session_seed), data.session_seed);
document.loginform.sign.value = data.sign;
password = '';
setTimeout('document.loginform.submit();', <?php
echo $cfg['login_delay'];
?>
);
}
//-->
</script>
<?php
require_once NJB_HOME_DIR . 'include/footer.inc.php';
exit;
}
function shareAlbum($album_id)
{
global $cfg, $db;
authenticate('access_admin', false, true);
if ($cfg['album_share_stream'] == false) {
message(__FILE__, __LINE__, 'error', '[b]Error[/b][br]Share album disabled');
}
$query = mysql_query('SELECT artist_alphabetic, album, year
FROM album
WHERE album_id = "' . mysql_real_escape_string($album_id) . '"');
$album = mysql_fetch_assoc($query);
if ($album == false) {
message(__FILE__, __LINE__, 'error', '[b]Error[/b][br]album_id not found in database');
}
// formattedNavigator
$nav = array();
$nav['name'][] = 'Media';
$nav['url'][] = 'index.php';
$nav['name'][] = $album['artist_alphabetic'];
$nav['url'][] = 'index.php?action=view2&artist=' . rawurlencode($album['artist_alphabetic']);
$nav['name'][] = $album['album'];
$nav['url'][] = 'index.php?action=view3&album_id=' . $album_id;
$nav['name'][] = 'Share stream';
require_once 'include/header.inc.php';
$expire_time = time() + $cfg['share_stream_lifetime'];
$sid = randomKey();
mysql_query('INSERT INTO share_stream (sid, album_id, stream_id, expire_time) VALUES (
"' . mysql_real_escape_string($sid) . '",
"' . mysql_real_escape_string($album_id) . '",
' . (int) $cfg['stream_id'] . ',
' . (int) $expire_time . ')');
$url = NJB_HOME_URL . 'stream.php?action=playlist&sid=' . $sid;
$name = $album['artist_alphabetic'] . ' - ';
$name .= $album['year'] ? $album['year'] . ' - ' : '';
$name .= $album['album'];
// $name = encodeEscapeChar($name);
$transcode = false;
$exact = true;
$extensions = array();
$miliseconds = 0;
$query = mysql_query('SELECT track.filesize, cache.filesize AS cache_filesize,
miliseconds, audio_bitrate, track_id,
LOWER(SUBSTRING_INDEX(track.relative_file, ".", -1)) AS extension
FROM track LEFT JOIN cache
ON track.track_id = cache.id
AND cache.profile = ' . (int) $cfg['stream_id'] . '
WHERE album_id = "' . mysql_real_escape_string($album_id) . '"');
while ($track = mysql_fetch_assoc($query)) {
if (in_array($track['extension'], $extensions) == false) {
$extensions[] = $track['extension'];
}
if (sourceFile($track['extension'], $track['audio_bitrate'], $cfg['stream_id']) == false) {
$transcode = true;
if ($track['cache_filesize'] == false) {
$exact = false;
}
}
$miliseconds += $track['miliseconds'];
}
sort($extensions);
$source = implode($extensions, ', ');
$profile_name = $transcode ? $cfg['encode_name'][$cfg['stream_id']] . ' (' . $source . ' source)' : 'Source (' . $source . ')';
if ($transcode && $exact) {
$cache_txt = 'Transcoded:';
$cache_png = $cfg['img'] . 'small_check.png';
} elseif ($transcode && !$exact) {
$cache_txt = 'Transcoded:';
$cache_png = $cfg['img'] . 'small_uncheck.png';
} else {
$cache_txt = 'Source:';
$cache_png = $cfg['img'] . 'small_check.png';
}
?>
<form action="" name="form" id="form">
<table cellspacing="0" cellpadding="0" class="border">
<tr class="header">
<td class="space"></td>
<td colspan="3"><?php
echo html($name);
?>
</td>
<td class="space"></td>
</tr>
<tr class="line"><td colspan="5"></td></tr>
<tr class="odd">
<td></td>
<td>Play time:</td>
<td></td>
<td><?php
echo formattedTime($miliseconds);
?>
</td>
<td class="space"></td>
</tr>
<tr class="even">
<td class="space"></td>
<td>Stream profile:</td>
<td class="textspace"></td>
<td><?php
echo html($profile_name);
?>
</td>
<td class="space"></td>
</tr>
<tr class="odd">
<td></td>
<td><?php
echo $cache_txt;
?>
</td>
<td></td>
<td><img src="<?php
echo $cache_png;
?>
" alt="" class="small"></td>
<td class="space"></td>
</tr>
<tr class="even">
<td></td>
<td>Mail:</td>
<td></td>
<td><a href="mailto:?SUBJECT=<?php
echo rawurlencode($name);
?>
&BODY=---%0APlay%20time%3A%20<?php
echo rawurlencode(formattedTime($miliseconds));
?>
%0AStream%3A%20<?php
echo rawurlencode($name);
?>
%0A<?php
echo rawurlencode(str_replace('&', '&', $url));
?>
%0A%0AThis%20stream%20will%20expire%20<?php
echo rawurlencode(date($cfg['date_format'], $expire_time));
?>
%20and%20locked%20to%20the%20first%20used%20IP%20address."><img src="<?php
echo $cfg['img'];
?>
small_mail.png" alt="" class="small"></a></td>
<td></td>
</tr>
<tr class="odd">
<td></td>
<td>URL:</td>
<td></td>
<td><input type="text" value="<?php
echo $url;
?>
" readonly class="url" onClick="focus(this); select(this);"></td>
<td></td>
</tr>
<tr class="even">
<td></td>
<td>QR Code:</td>
<td></td>
<td><img src="qrcode.php?d=<?php
echo rawurlencode(str_replace('&', '&', $url));
?>
&e=l&s=3" alt=""></td>
<td></td>
</tr>
</table>
</form>
<?php
require_once 'include/footer.inc.php';
}
function generateRandomUnit()
{
if (rand(0, 1) == 0) {
return rand(0, 1048576);
} else {
return randomKey(rand(5, 20));
}
}
function randomDigitalProduct()
{
global $tableprefix;
$string = "";
$possible_charactors = "PaNbIuJcMOfgnTopRUjkXlSmFxGqrdeKsLvzAwyBZDtEhiHQVWCY";
while (strlen($string) < 2) {
$string .= substr($possible_charactors, rand() % strlen($possible_charactors), 2);
}
$string .= gmdate("mdYHis") . substr(microtime(), 2, 6);
$string = str_replace("-", "", $string);
$string = str_replace(":", "", $string);
$string = str_replace(" ", "", $string);
$select_digital_product = "SELECT ndigital_id FROM " . $tableprefix . "digital_product WHERE vdigital_product_name = '" . $string . "'";
$result_digital_product = mysql_query($select_digital_product);
if (mysql_num_rows($result_digital_product) > 0) {
$string = randomKey();
}
return $string;
}
function render_exception($e)
{
$e = exception_to_stdclass($e);
ob_start();
echo '<!-- error-hmnb9a525V77pG545SXkqmfW: ' . json_encode($e->message) . ' -->';
echo '<div style=\'font-size: 1em; border: 2px solid black; padding: 5px; background: white;' . 'font-family: Consolas, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", ' . '"Bitstream Vera Sans Mono", "Courier New", monospace;\'>';
$exceptions = array();
while (true) {
ob_start();
echo "<h1 style='font-size: 1.2em;' data-message='{$e->{'class'}}: " . htmlspecialchars($e->message, ENT_QUOTES) . "'>{$e->{'class'}}: " . (strlen($e->message) > 80 ? htmlspecialchars(substr($e->message, 0, 80), ENT_QUOTES) . ' <a href="#" onclick="this.parentNode.textContent = this.parentNode.getAttribute(\'data-message\');' . 'return false;">...</a>' : htmlspecialchars($e->message, ENT_QUOTES)) . "</h1>";
echo "<ul>";
$firstItem = true;
foreach (array_merge(array($e), $e->trace) as $traceItem) {
$traceItemId = randomKey(24);
$isLibrary = isset($traceItem->isLibrary) && $traceItem->isLibrary;
echo '<li style="' . ($isLibrary ? 'color: gray;' : '') . '">';
echo '<a href="#' . $traceItemId . '" style="' . (!$isLibrary ? 'color: black;' : 'color: gray;') . '" onclick="if (this.nextSibling.style.display == \'none\') this.nextSibling.style.display = \'\';' . ' else this.nextSibling.style.display = \'none\'; return false;">' . (isset($traceItem->file) ? htmlspecialchars($traceItem->file . ':' . $traceItem->line) : '[internal function]') . '</a>';
echo '<div class="' . $traceItemId . '" style="' . (!$isLibrary && $firstItem ? '' : 'display: none;') . '">';
echo "<pre><h2 style='font-size: 1.1em;'>";
ob_start();
if (isset($traceItem->{'function'})) {
echo (isset($traceItem->{'class'}) ? $traceItem->{'class'} . $traceItem->{'type'} : '') . $traceItem->{'function'} . '(';
$arguments = array();
foreach ($traceItem->arguments as $argument) {
$arguments[] = dumpArgument($argument);
}
echo implode(', ', $arguments);
echo ')';
}
echo htmlspecialchars(ob_get_clean());
echo "</h2></pre>";
if (isset($traceItem->snippet->content)) {
echo '<pre class="snippet">';
$lines = explode("\n", htmlspecialchars($traceItem->snippet->content));
if (array_key_exists($traceItem->line - $traceItem->snippet->beginLine - 1, $lines)) {
$lines[$traceItem->line - $traceItem->snippet->beginLine - 1] = "<strong style='color: red;'>" . rtrim($lines[$traceItem->line - $traceItem->snippet->beginLine - 1]) . "</strong>";
}
foreach ($lines as $lineIndex => $lineContent) {
$lineNumber = $traceItem->snippet->beginLine + $lineIndex + 1;
$lines[$lineIndex] = str_pad($lineNumber, strlen($traceItem->snippet->beginLine) + 1, " ", STR_PAD_LEFT) . ' | ' . $lineContent;
}
echo implode("\n", $lines);
echo "</pre>";
}
echo '</div>';
echo "</li>";
if (!$isLibrary && $firstItem) {
$problemTraceItem = $traceItem;
}
if (!$isLibrary) {
$firstItem = false;
}
}
echo "</ul>";
$exceptions[] = ob_get_clean();
if (isset($e->previous)) {
$e = $e->previous;
continue;
}
break;
}
echo implode('<hr />', $exceptions);
echo '</div>';
return ob_get_clean();
}
function editUser($user_id)
{
global $cfg, $db;
authenticate('access_admin');
if ($user_id == '0') {
// Add user configuraton
$user['username'] = '******' . sprintf('%04x', mt_rand(0, 0xffff));
$user['access_media'] = true;
$user['access_popular'] = false;
$user['access_favorite'] = false;
$user['access_cover'] = false;
$user['access_stream'] = false;
$user['access_download'] = false;
$user['access_playlist'] = false;
$user['access_play'] = false;
$user['access_add'] = false;
$user['access_record'] = false;
$user['access_statistics'] = false;
$user['access_admin'] = false;
$txt_menu = 'Add user';
$txt_password = '******';
} else {
// Edit user configutaion
$query = mysql_query('SELECT
username,
access_media,
access_popular,
access_favorite,
access_cover,
access_stream,
access_download,
access_playlist,
access_play,
access_add,
access_record,
access_statistics,
access_admin
FROM user
WHERE user_id = ' . (int) $user_id);
$user = mysql_fetch_assoc($query);
if ($user == false) {
message(__FILE__, __LINE__, 'error', '[b]Error[/b][br]user_id not found in database');
}
$txt_menu = 'Edit user';
$txt_password = '******';
}
// formattedNavigator
$nav = array();
$nav['name'][] = 'Configuration';
$nav['url'][] = 'config.php';
$nav['name'][] = 'Users';
$nav['url'][] = 'users.php';
$nav['name'][] = $txt_menu;
require_once 'include/header.inc.php';
// Store seed temporarily in the session database
// After acepting a new password copy the seed to the user database
$session_seed = randomKey();
mysql_query('UPDATE session
SET seed = "' . mysql_real_escape_string($session_seed) . '"
WHERE sid = BINARY "' . mysql_real_escape_string($cfg['sid']) . '"');
?>
<script type="text/javascript">
<!--
if (hmacsha1('key', 'The quick brown fox jumps over the lazy dog') != 'de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9') {
document.write('<table cellspacing="10" cellpadding="0" class="error">');
document.write('<tr>');
document.write(' <td valign="top"><img src="<?php
echo $cfg['img'];
?>
medium_message_error.png" alt=""><\/td>');
document.write(' <td valign="top"><strong>JavaScript error<\/strong><br>Unexpected SHA1 checksum result.<\/td>');
document.write('<\/tr>');
document.write('<\/table>');
}
else if (typeof XMLHttpRequest == 'undefined') {
document.write('<table cellspacing="10" cellpadding="0" class="error">');
document.write('<tr>');
document.write(' <td valign="top"><img src="<?php
echo $cfg['img'];
?>
medium_message_error.png" alt=""><\/td>');
document.write(' <td valign="top"><strong>Native XMLHttpRequest support is required<\/strong><br>');
document.write(' Enable XMLHttpRequest or get a modern web browser.<\/td>');
document.write('<\/tr>');
document.write('<\/table>');
}
else {
document.write('<form id="editUser" action="users.php" method="post" onSubmit="return hashPassword(this);" autocomplete="off">');
document.write(' <input type="hidden" name="action" value="updateUser">');
document.write(' <input type="hidden" name="user_id" value="<?php
echo $user_id;
?>
">');
document.write(' <input type="hidden" name="sign" value="<?php
echo $cfg['sign'];
?>
">');
document.write('<table cellspacing="0" cellpadding="0" class="border">');
document.write('<tr class="header">');
document.write(' <td ><\/td>');
document.write(' <td>Access<\/td>');
document.write(' <td ><\/td>');
document.write('<\/tr>');
document.write('<tr class="line"><td colspan="4"><\/td><\/tr>');
document.write('<tr class="lh3" <?php
echo addslashes(onmouseoverAccessInfo('media'));
?>
>');
document.write(' <td><\/td>');
document.write(' <td> <input type="checkbox" name="access_media" value="1" <?php
if ($user['access_media']) {
echo ' checked';
}
?>
>Media<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="lh3" <?php
echo addslashes(onmouseoverAccessInfo('popular'));
?>
>');
document.write(' <td><\/td>');
document.write(' <td> <input type="checkbox" name="access_popular" value="1" <?php
if ($user['access_popular']) {
echo ' checked';
}
?>
>Popular<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="lh3" <?php
echo addslashes(onmouseoverAccessInfo('favorite'));
?>
>');
document.write(' <td><\/td>');
document.write(' <td> <input type="checkbox" name="access_favorite" value="1" <?php
if ($user['access_favorite']) {
echo ' checked';
}
?>
>Favorite<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="lh3" <?php
echo addslashes(onmouseoverAccessInfo('playlist'));
?>
>');
document.write(' <td><\/td>');
document.write(' <td> <input type="checkbox" name="access_playlist" value="1" <?php
if ($user['access_playlist']) {
echo ' checked';
}
?>
>Playlist<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="lh3" <?php
echo addslashes(onmouseoverAccessInfo('play'));
?>
>');
document.write(' <td><\/td>');
document.write(' <td> <input type="checkbox" name="access_play" value="1" <?php
if ($user['access_play']) {
echo ' checked';
}
?>
>Play<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="lh3" <?php
echo addslashes(onmouseoverAccessInfo('add'));
?>
>');
document.write(' <td><\/td>');
document.write(' <td> <input type="checkbox" name="access_add" value="1" <?php
if ($user['access_add']) {
echo ' checked';
}
?>
>Add<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="lh3" <?php
echo addslashes(onmouseoverAccessInfo('stream'));
?>
>');
document.write(' <td><\/td>');
document.write(' <td> <input type="checkbox" name="access_stream" value="1" <?php
if ($user['access_stream']) {
echo ' checked';
}
?>
>Stream<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="lh3" <?php
echo addslashes(onmouseoverAccessInfo('download'));
?>
>');
document.write(' <td><\/td>');
document.write(' <td> <input type="checkbox" name="access_download" value="1" <?php
if ($user['access_download']) {
echo ' checked';
}
?>
>Download<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
/* document.write('<tr class="lh3" <?php
echo addslashes(onmouseoverAccessInfo('cover'));
?>
>');
document.write(' <td><\/td>');
document.write(' <td> <input type="checkbox" name="access_cover" value="1" <?php
if ($user['access_cover']) {
echo ' checked';
}
?>
>Cover<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="lh3" <?php
echo addslashes(onmouseoverAccessInfo('record'));
?>
>');
document.write(' <td><\/td>');
document.write(' <td> <input type="checkbox" name="access_record" value="1" <?php
if ($user['access_record']) {
echo ' checked';
}
?>
>Record<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>'); */
document.write('<tr class="lh3" <?php
echo addslashes(onmouseoverAccessInfo('statistics'));
?>
>');
document.write(' <td><\/td>');
document.write(' <td> <input type="checkbox" name="access_statistics" value="1" <?php
if ($user['access_statistics']) {
echo ' checked';
}
?>
>Statistics<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="lh3" <?php
echo addslashes(onmouseoverAccessInfo('admin'));
?>
>');
document.write(' <td><\/td>');
document.write(' <td> <input type="checkbox" name="access_admin" value="1" <?php
if ($user['access_admin']) {
echo ' checked';
}
?>
>Admin<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="line"><td colspan="3"><\/td><\/tr>');
document.write('<tr class="footer">');
document.write(' <td><\/td>');
document.write(' <td>Username:<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="footer">');
document.write(' <td><\/td>');
document.write(' <td><input type="text" name="new_username" value="<?php
echo addslashes(html($user['username']));
?>
" maxlength="255" <?php
echo $user['username'] == $cfg['anonymous_user'] ? 'readonly class="login readonly" onfocus="this.blur();"' : 'class="login"';
?>
><\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="footer">');
document.write(' <td><\/td>');
document.write(' <td><?php
echo $txt_password;
?>
<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="footer">');
document.write(' <td><\/td>');
document.write(' <td><input type="password" name="new_password" <?php
echo $user['username'] == $cfg['anonymous_user'] ? 'readonly class="login readonly" onfocus="this.blur();"' : 'class="login"';
?>
><\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="footer">');
document.write(' <td><\/td>');
document.write(' <td>Confirm password:<\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="footer">');
document.write(' <td><\/td>');
document.write(' <td><input type="password" name="chk_password" <?php
echo $user['username'] == $cfg['anonymous_user'] ? 'readonly class="login readonly" onfocus="this.blur();"' : 'class="login"';
?>
><\/td>');
document.write(' <td><\/td>');
document.write('<\/tr>');
document.write('<tr class="footer"><td colspan="3"><\/td><\/tr>');
document.write('<\/table>');
document.write('<br>');
document.write('<div class="buttons"><span><a href="#" onclick="$(\'#editUser\').submit();">Save</a><\/span>');
document.write('<span><a href="users.php">Cancel<\/a></span>');
document.write('<\/div><\/form>');
function hashPassword(thisform) {
thisform.new_username.className = 'login readonly';
thisform.new_password.className = 'login readonly';
thisform.chk_password.className = 'login readonly';
thisform.new_password.value = hmacsha1(hmacsha1(thisform.new_password.value, '<?php
echo $session_seed;
?>
'), '<?php
echo $session_seed;
?>
');
thisform.chk_password.value = hmacsha1(hmacsha1(thisform.chk_password.value, '<?php
echo $session_seed;
?>
'), '<?php
echo $session_seed;
?>
');
return true;
}
}
//-->
</script>
<?php
require_once 'include/footer.inc.php';
}
function loginStage1()
{
global $cfg, $db;
header('Expires: Mon, 9 Oct 2000 18:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
$sid = cookie('netjukebox_sid');
$username = post('username');
$sign = post('sign');
$query = mysql_query('SELECT seed FROM user WHERE username = "******"');
$user = mysql_fetch_assoc($query);
$query = mysql_query('SELECT ip, seed, sign FROM session WHERE sid = BINARY "' . mysql_real_escape_string($sid) . '"');
$session = mysql_fetch_assoc($query);
if ($session['ip'] == '') {
message(__FILE__, __LINE__, 'error', '[b]Login failed[/b][br]netjukebox requires cookies to login.[br]Enable cookies in your browser and try again.[br][url=index.php][img]small_login.png[/img]login[/url]');
}
if ($session['ip'] != $_SERVER['REMOTE_ADDR']) {
message(__FILE__, __LINE__, 'error', '[b]Login failed[/b][br]Unexpected IP address[br][url=index.php][img]small_login.png[/img]login[/url]');
}
if (hmacsha1($cfg['server_seed'], $session['sign']) == $sign) {
$sign = randomKey();
mysql_query('UPDATE session
SET sign = "' . mysql_real_escape_string($sign) . '",
pre_login_time = ' . (string) round(microtime(true) * 1000) . '
WHERE sid = BINARY "' . mysql_real_escape_string($sid) . '"');
} else {
// login will fail!
$sign = randomKey();
}
// Always calculate fake seed to prevent script execution time differences
$fake_seed = substr(hmacsha1($cfg['server_seed'], $username . 'NeZlFgqDoh9hc-BkczryQFIcpoBng3I_vXaWtOKS'), 0, 30);
$fake_seed .= substr(hmacsha1($cfg['server_seed'], $username . 'g-FE6H0MJ1n0lNo2D7XLachV8WE-xmEcwsXNZqlQ'), 0, 30);
$fake_seed = base64_encode(pack('H*', $fake_seed));
$fake_seed = str_replace('+', '-', $fake_seed);
// modified Base64 for URL
$fake_seed = str_replace('/', '_', $fake_seed);
$data = array();
$data['user_seed'] = $user['seed'] == '' ? $fake_seed : $user['seed'];
$data['session_seed'] = $session['seed'];
$data['sign'] = $sign;
echo safe_json_encode($data);
}
