<?php
if (!isset($_SESSION)) {
session_start();
}
if ($_SESSION["login"] != "true") {
header("Location:login.php");
$_SESSION["error"] = "<h1 style='color:red;'>You don't have privileges to see this page.</h1>";
exit;
}
require_once 'settings.php';
require_once 'includes/functions.php';
require_once directoryAboveWebRoot() . '/db_con.php';
$Editid = isset($_GET['Editid']) ? $_GET['Editid'] : "";
$anfrage_JSON = "SELECT * FROM eFilm_Content_Movies_Annotations WHERE ID_Annotations='" . $Editid . "';";
$ergebnis_JSON = mysqli_query($localDatabase, $anfrage_JSON);
$trefferzahl_JSON = mysqli_num_rows($ergebnis_JSON);
$Contenarray = array();
while ($row_JSON = mysqli_fetch_array($ergebnis_JSON)) {
$Contenarray['ID_Movies'] = $row_JSON['ID_Movies'];
$Contenarray['ID_Annotations'] = $row_JSON['ID_Annotations'];
$Contenarray['_FM_CREATE'] = $row_JSON['_FM_CREATE'];
$Contenarray['_FM_CHANGE'] = $row_JSON['_FM_CHANGE'];
$Contenarray['_FM_DATETIME_CREATE'] = $row_JSON['_FM_DATETIME_CREATE'];
$Contenarray['_FM_DATETIME_CHANGE'] = $row_JSON['_FM_DATETIME_CHANGE'];
$Contenarray['eF_FILM_ID'] = $row_JSON['eF_FILM_ID'];
$Contenarray['AnnotationType_L1'] = $row_JSON['AnnotationType_L1'];
$Contenarray['AnnotationType_L2'] = $row_JSON['AnnotationType_L2'];
$Contenarray['AnnotationType_L3'] = $row_JSON['AnnotationType_L3'];
$Contenarray['startTime'] = $row_JSON['startTime'];
$Contenarray['endTime'] = $row_JSON['endTime'];
echo "<center><span id=\"s3Done\" style=\"color: green; margin: 45px 45px; display: none;\">S3 Setup Complete!</span></center>";
echo "<table id=\"s3Table\">";
echo "<tr><td>S3 Key:</td><td><input type=\"text\" id=\"s3Key\" name=\"s3Key\"></td></tr>";
echo "<tr><td>S3 Secret:</td><td><input type=\"text\" id=\"s3Secret\" name=\"s3Secret\"></td></tr>";
echo "<tr><td>S3 Region:</td><td><input type=\"text\" id=\"s3Region\" name=\"s3Region\"></td></tr>";
echo "<tr><td colspan=2 style=\"text-align: center;\">";
echo "<button type=\"button\" onclick=\"createS3();\">Create</button>";
echo "   ";
echo "<button type=\"button\" onclick=\"skipS3();\">Skip</button>";
echo "</td></tr>";
echo "</table>";
echo "</div>";
exit;
}
// To create a basic player we will need the paths to the assets
if (file_exists(directoryAboveWebRoot() . '/amazonCredentials.php') && !file_exists('settings.php')) {
// need path to images and films
echo "<div style=\"margin: 0px auto; width: 295px;\">";
echo "<center><h3>Amazon S3 Location</h3></center>";
echo "<center><span id=\"s3LDone\" style=\"color: green; margin: 45px 45px; display: none;\">S3 Location Set!</span></center>";
echo "<table id=\"s3LTable\">";
echo "<tr><td>Amazon URL: </td><td><input type=\"text\" id=\"s3Lurl\"></td></tr>";
echo "<tr><td colspan=2 style=\"text-align: center;\"><button type=\"button\" onclick=\"createS3L();\">Set</button></td></tr>";
echo "</table>";
echo "</div>";
exit;
} else {
if (!file_exists('settings.php')) {
// set up the image paths for the local site
?>
<script>
}
// the connection worked, so let's go ahead and build our database connection file
$content = "<?php\n";
$content .= "\$includes = get_included_files();\n";
$content .= "if (count(\$includes) < 1) {\n";
$content .= " exit();\n";
$content .= "}\n";
$content .= "\$localDatabase = mysqli_connect('" . $databaseLocation . "','" . $databaseUsername . "','" . $databasePassword . "','" . $databaseName . "');\n";
$content .= "if (!\$localDatabase) {\n";
$content .= " echo \"<h2>Service not currently available</h2>\";\n";
$content .= " header(\"Service Unavailable\", 503);\n";
$content .= " exit();\n";
$content .= "}\n";
$content .= "ini_set('default_charset','UTF-8');\n";
$content .= "mysqli_set_charset(\$localDatabase, \"utf8\");\n";
$file = fopen(directoryAboveWebRoot() . "/db_con.php", "w");
if ($file === false) {
$results['complete'] = 'no';
$results['reason'] = 'Can not write a file above the web root folder.';
echo json_encode($results);
exit;
}
fwrite($file, $content);
fclose($file);
$structure = "--\n";
$structure .= "-- Database: `" . $databaseName . "`\n";
$structure .= "--\n";
$structure .= "CREATE DATABASE IF NOT EXISTS `efilms` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; USE `" . $databaseName . "`;\n";
$structure .= "-- -------------------------------------------------------- --\n";
$structure .= "-- Table structure for table `eFilm_ActiveFilms` --\n";
$structure .= "CREATE TABLE IF NOT EXISTS `eFilm_ActiveFilms` (\n";
session_start();
}
if ($_SESSION["login"] != "true") {
header("Location:login.php");
$_SESSION["error"] = "<h1 style='color:red;'>You don't have privileges to see this page.</h1>";
exit;
}
require_once 'settings.php';
require_once 'includes/functions.php';
require_once directoryAboveWebRoot() . '/db_con.php';
include '/usr/local/aws-php-sdk/aws-autoloader.php';
use App\Http\Controllers\Controller;
use Aws\Common\Aws;
use Aws\S3\S3Client;
use File;
$amazonServices = Aws::factory(directoryAboveWebRoot() . 'amazonCredentials.php');
$s3 = $amazonServices->get('s3');
$parsePath = parse_url($storeURL);
$awsBucket = $parsePath['host'];
/**
* Original eFilms Uploader Script
*/
error_reporting(E_ALL);
ini_set('display_errors', 'On');
$type = $_POST['mimetype'];
$xhr = $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest';
if ($type == 'xml') {
header('Content-type: text/xml');
echo "<address attr1=\"value1\" attr2=\"value2\">\n";
echo " <street attr=\"value\">A & B</street>\n";
echo " <city>Palmyra</city>\n";
// bad data, try again
$results['complete'] = 'no';
$results['reason'] = 'you must fill in all of the fields';
echo json_encode($results);
exit;
}
include_once directoryAboveWebRoot() . '/db_con.php';
$select = "SELECT * from `eFilm_Config_Users` WHERE `USER_Name` = '" . $adminName . "'";
$userList = mysqli_query($localDatabase, $select);
if ($row = mysqli_fetch_array($userList)) {
// user exists... weird, try again
$results['complete'] = 'no';
$results['reason'] = 'somehow this user name already exists';
echo json_encode($results);
exit;
}
date_default_timezone_set('GMT');
$insert = "INSERT INTO `eFilm_Config_Users` (`_FM_CREATE`, `_FM_CHANGE`, `_FM_DATETIME_CREATE`, `_FM_DATETIME_CHANGE`, `USER_Name`, `USER_Nik`, `USER_Rights`, `USER_Pass`, `RIGHTS_Config`, `RIGHTS_Resources`, `RIGHTS_Publish`, `email`) VALUES ('Admin', 'Admin', '" . date("Y-m-d H:i:s") . "', '" . date("Y-m-d H:i:s") . "', '" . $adminName . "', '" . $adminNickname . "', '', '', 'EDIT', 'EDIT', 'EDIT', '" . $adminEmail . "')";
mysqli_query($localDatabase, $insert);
mysqli_close($localDatabase);
$fp = fopen(directoryAboveWebRoot() . "/.htpasswd", "a");
fwrite($fp, $adminName . ":" . crypt($adminPassword, base64_encode($adminPassword)) . "\n");
fclose($fp);
// don't overwrite this, only prepend it
$fp = @file_get_contents(".htaccess");
file_put_contents(".htaccess", "AuthUserFile " . directoryAboveWebRoot() . "/.htpasswd" . "\nAuthType Basic\nAuthName \"Restricted Area\"\nRequire valid-user\n\n" . $fp);
$results['complete'] = 'yes';
$results['setting'] = 'admin';
$results['reason'] = 'You will now login with your Name and Password';
echo json_encode($results);
unlink('createFirstUser.php');
$content .= " \$loginArray[\$key] = \$value;\n";
$content .= " }\n";
$content .= "} else {\n";
$content .= " echo \"could not update password, please contact your system administrator\";\n";
$content .= " unlink(\"" . $_SERVER['DOCUMENT_ROOT'] . "/reset/{$randomFileName}\");\n";
$content .= " unlink(\"" . $_SERVER['DOCUMENT_ROOT'] . "/reset/{$formProcessName}\");\n";
$content .= " exit();\n";
$content .= "}\n";
$content .= "fclose(\$fp);\n";
$content .= "require_once(\"" . directoryAboveWebRoot() . "/db_con.php\");\n";
$content .= "\$select = \"SELECT `email`,`USER_Name` from `eFilm_Config_Users` WHERE `ID_C_Users` = '\".\$idCheck.\"'\";\n";
$content .= "\$userEmail = mysqli_query(\$localDatabase, \$select);\n";
$content .= "while(\$row = mysqli_fetch_array(\$userEmail)) {\n";
$content .= " \$loginArray[\$row['USER_Name']] = crypt(\$_POST['password'], base64_encode(\$_POST['password']));\n";
$content .= "}\n";
$content .= "\$fp = fopen(\"" . directoryAboveWebRoot() . "/.htpasswd\", \"w\");\n";
$content .= "foreach (\$loginArray as \$key => \$value) {\n";
$content .= " fwrite(\$fp, \$key.\":\".\$value.\"\\n\");\n";
$content .= "}\n";
$content .= "fclose(\$fp);\n";
$content .= "echo '<center>';\n";
$content .= "echo '<h2>Your password has been updated</h2>';\n";
$content .= "echo '<a href=\"/\">Click Here to Login</a>';\n";
$content .= "echo '</center>';\n";
$content .= "unlink(\"" . $_SERVER['DOCUMENT_ROOT'] . "/reset/{$formProcessName}\");\n";
$fp = fopen($_SERVER['DOCUMENT_ROOT'] . "/reset/" . $formProcessName, 'w');
fwrite($fp, $content);
fclose($fp);
}
}
}
$s3Secret = preg_replace("/[^\\w\\/\\.\\-\\,_]/", "", $_POST['s3Secret']);
$s3Region = preg_replace("/[^\\w\\/\\.\\-\\,_]/", "", $_POST['s3Region']);
$skip = $_POST['skip'];
if ($skip == 'false') {
$content = "<?php\n";
$content .= "return array(\n";
$content .= "\t'includes' => array('_aws'),\n";
$content .= "\t'services' => array(\n";
$content .= "\t\t'default_settings' => array(\n";
$content .= "\t\t\t'params' => array(\n";
$content .= "\t\t\t\t'key' => '" . $s3Key . "',\n";
$content .= "\t\t\t\t'secret' => '" . $s3Secret . "',\n";
$content .= "\t\t\t\t'region' => '" . $s3Region . "'\n";
$content .= "\t\t\t)\n";
$content .= "\t\t)\n";
$content .= "\t)\n";
$content .= ");\n";
$fp = fopen(directoryAboveWebRoot() . "/amazonCredentials.php", "a");
fwrite($fp, $content);
fclose($fp);
$results['complete'] = 'yes';
$results['setting'] = 's3';
$results['reason'] = 'S3 Connection created...';
echo json_encode($results);
} else {
$results['complete'] = 'yes';
$results['setting'] = 's3';
$results['reason'] = 'Skipping Amazon S3 setup';
echo json_encode($results);
}
unlink('setupAmazon.php');
$name = preg_replace("/[^\\w\\s\\.\\-\\,_]/", "", $_POST["name"]);
$nickname = preg_replace("/[^\\w\\s\\.\\-\\,_]/", "", $_POST["nickname"]);
if (isemail($_POST["email"])) {
$email = $_POST["email"];
}
if (in_array($_POST["configRights"], array("EDIT", "NONE"))) {
$configRights = $_POST["configRights"];
}
if (in_array($_POST["resourceRights"], array("EDIT", "NONE"))) {
$resourceRights = $_POST["resourceRights"];
}
if (empty($name) || empty($nickname) || empty($email) || empty($configRights) || empty($resourceRights)) {
echo "bad data";
exit;
}
$select = "SELECT * from `eFilm_Config_Users` WHERE `USER_Name` = '" . $name . "'";
// USER_Name needs to be unique
$userList = mysqli_query($localDatabase, $select);
if ($row = mysqli_fetch_array($userList)) {
echo "user exists";
// This user exists, bail out so we don't get duplicates
exit;
}
// We have all of our data and we don't have this person in the list yet, add them
$insert = "INSERT INTO `eFilm_Config_Users` (`_FM_CREATE`,`_FM_CHANGE`,`_FM_DATETIME_CREATE`,`_FM_DATETIME_CHANGE`,`USER_Name`,`USER_Nik`,`USER_Rights`,`USER_Pass`,`RIGHTS_Config`,`RIGHTS_Resources`,`RIGHTS_Publish`,`email`) VALUES ('Admin','Admin','" . date("Y-m-d H:i:s") . "','" . date("Y-m-d H:i:s") . "','" . $name . "','" . $nickname . "','','','" . $configRights . "','" . $resourceRights . "','NONE','" . $email . "')";
mysqli_query($localDatabase, $insert);
echo mysqli_insert_id($localDatabase);
$newPassword = get_random_string($valid_characters, 16);
$fp = fopen(directoryAboveWebRoot() . "/.htpasswd", "a");
fwrite($fp, $name . ":" . crypt($newPassword, base64_encode($newPassword)) . "\n");
fclose($fp);
<script type="text/javascript" src="_js/jquery.cycle.all.js"></script>
</head>
<body data-movielocationprefix="<?php
echo $storeURL;
?>
/_media/movies_wm/">
<div class="pageContent">
<div class="moviePlayer">
<?php
$language = isset($_COOKIE["language"]) ? $_COOKIE["language"] : "en";
$movieID = preg_replace("/[^0-9]/", "", $_GET['movieID']);
$movieSig = preg_replace("/[^a-z0-9_\\-]/i", "", $_GET['movieSig']);
$movieStart = preg_replace("/[^0-9.]/", "", $_GET['movieStart']);
$movieStop = preg_replace("/[^0-9.]/", "", $_GET['movieStop']);
$content = "";
include directoryAboveWebRoot() . "/db_con.php";
$filmDetailsQuery = "SELECT `englishTitle`,`germanTitle`,`year`,`fps` FROM `eFilm_ActiveFilms` WHERE `filmNumber` = '" . $movieID . "'";
$filmDetailsResults = mysqli_query($localDatabase, $filmDetailsQuery);
$filmDetails = mysqli_fetch_array($filmDetailsResults);
if ($language == 'de') {
$filmTitle = $filmDetails['germanTitle'];
} else {
$filmTitle = $filmDetails['englishTitle'];
}
$movieSpeed = $filmDetails['fps'];
if (!empty($filmTitle)) {
$content .= "<div class='filmPlayerFilmTitle'>" . $filmTitle . "</div>";
} else {
$content .= "<div class='filmPlayerFilmTitle'> </div>";
}
$content .= "<div class='filmPlayerFilmNumber'>" . $movieSig . "</div>";
