<?php if (!isset($_SESSION)) { session_start(); } if ($_SESSION["login"] != "true") { header("Location:login.php"); $_SESSION["error"] = "<h1 style='color:red;'>You don't have privileges to see this page.</h1>"; exit; } require_once 'settings.php'; require_once 'includes/functions.php'; require_once directoryAboveWebRoot() . '/db_con.php'; $Editid = isset($_GET['Editid']) ? $_GET['Editid'] : ""; $anfrage_JSON = "SELECT * FROM eFilm_Content_Movies_Annotations WHERE ID_Annotations='" . $Editid . "';"; $ergebnis_JSON = mysqli_query($localDatabase, $anfrage_JSON); $trefferzahl_JSON = mysqli_num_rows($ergebnis_JSON); $Contenarray = array(); while ($row_JSON = mysqli_fetch_array($ergebnis_JSON)) { $Contenarray['ID_Movies'] = $row_JSON['ID_Movies']; $Contenarray['ID_Annotations'] = $row_JSON['ID_Annotations']; $Contenarray['_FM_CREATE'] = $row_JSON['_FM_CREATE']; $Contenarray['_FM_CHANGE'] = $row_JSON['_FM_CHANGE']; $Contenarray['_FM_DATETIME_CREATE'] = $row_JSON['_FM_DATETIME_CREATE']; $Contenarray['_FM_DATETIME_CHANGE'] = $row_JSON['_FM_DATETIME_CHANGE']; $Contenarray['eF_FILM_ID'] = $row_JSON['eF_FILM_ID']; $Contenarray['AnnotationType_L1'] = $row_JSON['AnnotationType_L1']; $Contenarray['AnnotationType_L2'] = $row_JSON['AnnotationType_L2']; $Contenarray['AnnotationType_L3'] = $row_JSON['AnnotationType_L3']; $Contenarray['startTime'] = $row_JSON['startTime']; $Contenarray['endTime'] = $row_JSON['endTime'];
echo "<center><span id=\"s3Done\" style=\"color: green; margin: 45px 45px; display: none;\">S3 Setup Complete!</span></center>"; echo "<table id=\"s3Table\">"; echo "<tr><td>S3 Key:</td><td><input type=\"text\" id=\"s3Key\" name=\"s3Key\"></td></tr>"; echo "<tr><td>S3 Secret:</td><td><input type=\"text\" id=\"s3Secret\" name=\"s3Secret\"></td></tr>"; echo "<tr><td>S3 Region:</td><td><input type=\"text\" id=\"s3Region\" name=\"s3Region\"></td></tr>"; echo "<tr><td colspan=2 style=\"text-align: center;\">"; echo "<button type=\"button\" onclick=\"createS3();\">Create</button>"; echo "   "; echo "<button type=\"button\" onclick=\"skipS3();\">Skip</button>"; echo "</td></tr>"; echo "</table>"; echo "</div>"; exit; } // To create a basic player we will need the paths to the assets if (file_exists(directoryAboveWebRoot() . '/amazonCredentials.php') && !file_exists('settings.php')) { // need path to images and films echo "<div style=\"margin: 0px auto; width: 295px;\">"; echo "<center><h3>Amazon S3 Location</h3></center>"; echo "<center><span id=\"s3LDone\" style=\"color: green; margin: 45px 45px; display: none;\">S3 Location Set!</span></center>"; echo "<table id=\"s3LTable\">"; echo "<tr><td>Amazon URL: </td><td><input type=\"text\" id=\"s3Lurl\"></td></tr>"; echo "<tr><td colspan=2 style=\"text-align: center;\"><button type=\"button\" onclick=\"createS3L();\">Set</button></td></tr>"; echo "</table>"; echo "</div>"; exit; } else { if (!file_exists('settings.php')) { // set up the image paths for the local site ?> <script>
} // the connection worked, so let's go ahead and build our database connection file $content = "<?php\n"; $content .= "\$includes = get_included_files();\n"; $content .= "if (count(\$includes) < 1) {\n"; $content .= " exit();\n"; $content .= "}\n"; $content .= "\$localDatabase = mysqli_connect('" . $databaseLocation . "','" . $databaseUsername . "','" . $databasePassword . "','" . $databaseName . "');\n"; $content .= "if (!\$localDatabase) {\n"; $content .= " echo \"<h2>Service not currently available</h2>\";\n"; $content .= " header(\"Service Unavailable\", 503);\n"; $content .= " exit();\n"; $content .= "}\n"; $content .= "ini_set('default_charset','UTF-8');\n"; $content .= "mysqli_set_charset(\$localDatabase, \"utf8\");\n"; $file = fopen(directoryAboveWebRoot() . "/db_con.php", "w"); if ($file === false) { $results['complete'] = 'no'; $results['reason'] = 'Can not write a file above the web root folder.'; echo json_encode($results); exit; } fwrite($file, $content); fclose($file); $structure = "--\n"; $structure .= "-- Database: `" . $databaseName . "`\n"; $structure .= "--\n"; $structure .= "CREATE DATABASE IF NOT EXISTS `efilms` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; USE `" . $databaseName . "`;\n"; $structure .= "-- -------------------------------------------------------- --\n"; $structure .= "-- Table structure for table `eFilm_ActiveFilms` --\n"; $structure .= "CREATE TABLE IF NOT EXISTS `eFilm_ActiveFilms` (\n";
session_start(); } if ($_SESSION["login"] != "true") { header("Location:login.php"); $_SESSION["error"] = "<h1 style='color:red;'>You don't have privileges to see this page.</h1>"; exit; } require_once 'settings.php'; require_once 'includes/functions.php'; require_once directoryAboveWebRoot() . '/db_con.php'; include '/usr/local/aws-php-sdk/aws-autoloader.php'; use App\Http\Controllers\Controller; use Aws\Common\Aws; use Aws\S3\S3Client; use File; $amazonServices = Aws::factory(directoryAboveWebRoot() . 'amazonCredentials.php'); $s3 = $amazonServices->get('s3'); $parsePath = parse_url($storeURL); $awsBucket = $parsePath['host']; /** * Original eFilms Uploader Script */ error_reporting(E_ALL); ini_set('display_errors', 'On'); $type = $_POST['mimetype']; $xhr = $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'; if ($type == 'xml') { header('Content-type: text/xml'); echo "<address attr1=\"value1\" attr2=\"value2\">\n"; echo " <street attr=\"value\">A & B</street>\n"; echo " <city>Palmyra</city>\n";
// bad data, try again $results['complete'] = 'no'; $results['reason'] = 'you must fill in all of the fields'; echo json_encode($results); exit; } include_once directoryAboveWebRoot() . '/db_con.php'; $select = "SELECT * from `eFilm_Config_Users` WHERE `USER_Name` = '" . $adminName . "'"; $userList = mysqli_query($localDatabase, $select); if ($row = mysqli_fetch_array($userList)) { // user exists... weird, try again $results['complete'] = 'no'; $results['reason'] = 'somehow this user name already exists'; echo json_encode($results); exit; } date_default_timezone_set('GMT'); $insert = "INSERT INTO `eFilm_Config_Users` (`_FM_CREATE`, `_FM_CHANGE`, `_FM_DATETIME_CREATE`, `_FM_DATETIME_CHANGE`, `USER_Name`, `USER_Nik`, `USER_Rights`, `USER_Pass`, `RIGHTS_Config`, `RIGHTS_Resources`, `RIGHTS_Publish`, `email`) VALUES ('Admin', 'Admin', '" . date("Y-m-d H:i:s") . "', '" . date("Y-m-d H:i:s") . "', '" . $adminName . "', '" . $adminNickname . "', '', '', 'EDIT', 'EDIT', 'EDIT', '" . $adminEmail . "')"; mysqli_query($localDatabase, $insert); mysqli_close($localDatabase); $fp = fopen(directoryAboveWebRoot() . "/.htpasswd", "a"); fwrite($fp, $adminName . ":" . crypt($adminPassword, base64_encode($adminPassword)) . "\n"); fclose($fp); // don't overwrite this, only prepend it $fp = @file_get_contents(".htaccess"); file_put_contents(".htaccess", "AuthUserFile " . directoryAboveWebRoot() . "/.htpasswd" . "\nAuthType Basic\nAuthName \"Restricted Area\"\nRequire valid-user\n\n" . $fp); $results['complete'] = 'yes'; $results['setting'] = 'admin'; $results['reason'] = 'You will now login with your Name and Password'; echo json_encode($results); unlink('createFirstUser.php');
$content .= " \$loginArray[\$key] = \$value;\n"; $content .= " }\n"; $content .= "} else {\n"; $content .= " echo \"could not update password, please contact your system administrator\";\n"; $content .= " unlink(\"" . $_SERVER['DOCUMENT_ROOT'] . "/reset/{$randomFileName}\");\n"; $content .= " unlink(\"" . $_SERVER['DOCUMENT_ROOT'] . "/reset/{$formProcessName}\");\n"; $content .= " exit();\n"; $content .= "}\n"; $content .= "fclose(\$fp);\n"; $content .= "require_once(\"" . directoryAboveWebRoot() . "/db_con.php\");\n"; $content .= "\$select = \"SELECT `email`,`USER_Name` from `eFilm_Config_Users` WHERE `ID_C_Users` = '\".\$idCheck.\"'\";\n"; $content .= "\$userEmail = mysqli_query(\$localDatabase, \$select);\n"; $content .= "while(\$row = mysqli_fetch_array(\$userEmail)) {\n"; $content .= " \$loginArray[\$row['USER_Name']] = crypt(\$_POST['password'], base64_encode(\$_POST['password']));\n"; $content .= "}\n"; $content .= "\$fp = fopen(\"" . directoryAboveWebRoot() . "/.htpasswd\", \"w\");\n"; $content .= "foreach (\$loginArray as \$key => \$value) {\n"; $content .= " fwrite(\$fp, \$key.\":\".\$value.\"\\n\");\n"; $content .= "}\n"; $content .= "fclose(\$fp);\n"; $content .= "echo '<center>';\n"; $content .= "echo '<h2>Your password has been updated</h2>';\n"; $content .= "echo '<a href=\"/\">Click Here to Login</a>';\n"; $content .= "echo '</center>';\n"; $content .= "unlink(\"" . $_SERVER['DOCUMENT_ROOT'] . "/reset/{$formProcessName}\");\n"; $fp = fopen($_SERVER['DOCUMENT_ROOT'] . "/reset/" . $formProcessName, 'w'); fwrite($fp, $content); fclose($fp); } } }
$s3Secret = preg_replace("/[^\\w\\/\\.\\-\\,_]/", "", $_POST['s3Secret']); $s3Region = preg_replace("/[^\\w\\/\\.\\-\\,_]/", "", $_POST['s3Region']); $skip = $_POST['skip']; if ($skip == 'false') { $content = "<?php\n"; $content .= "return array(\n"; $content .= "\t'includes' => array('_aws'),\n"; $content .= "\t'services' => array(\n"; $content .= "\t\t'default_settings' => array(\n"; $content .= "\t\t\t'params' => array(\n"; $content .= "\t\t\t\t'key' => '" . $s3Key . "',\n"; $content .= "\t\t\t\t'secret' => '" . $s3Secret . "',\n"; $content .= "\t\t\t\t'region' => '" . $s3Region . "'\n"; $content .= "\t\t\t)\n"; $content .= "\t\t)\n"; $content .= "\t)\n"; $content .= ");\n"; $fp = fopen(directoryAboveWebRoot() . "/amazonCredentials.php", "a"); fwrite($fp, $content); fclose($fp); $results['complete'] = 'yes'; $results['setting'] = 's3'; $results['reason'] = 'S3 Connection created...'; echo json_encode($results); } else { $results['complete'] = 'yes'; $results['setting'] = 's3'; $results['reason'] = 'Skipping Amazon S3 setup'; echo json_encode($results); } unlink('setupAmazon.php');
$name = preg_replace("/[^\\w\\s\\.\\-\\,_]/", "", $_POST["name"]); $nickname = preg_replace("/[^\\w\\s\\.\\-\\,_]/", "", $_POST["nickname"]); if (isemail($_POST["email"])) { $email = $_POST["email"]; } if (in_array($_POST["configRights"], array("EDIT", "NONE"))) { $configRights = $_POST["configRights"]; } if (in_array($_POST["resourceRights"], array("EDIT", "NONE"))) { $resourceRights = $_POST["resourceRights"]; } if (empty($name) || empty($nickname) || empty($email) || empty($configRights) || empty($resourceRights)) { echo "bad data"; exit; } $select = "SELECT * from `eFilm_Config_Users` WHERE `USER_Name` = '" . $name . "'"; // USER_Name needs to be unique $userList = mysqli_query($localDatabase, $select); if ($row = mysqli_fetch_array($userList)) { echo "user exists"; // This user exists, bail out so we don't get duplicates exit; } // We have all of our data and we don't have this person in the list yet, add them $insert = "INSERT INTO `eFilm_Config_Users` (`_FM_CREATE`,`_FM_CHANGE`,`_FM_DATETIME_CREATE`,`_FM_DATETIME_CHANGE`,`USER_Name`,`USER_Nik`,`USER_Rights`,`USER_Pass`,`RIGHTS_Config`,`RIGHTS_Resources`,`RIGHTS_Publish`,`email`) VALUES ('Admin','Admin','" . date("Y-m-d H:i:s") . "','" . date("Y-m-d H:i:s") . "','" . $name . "','" . $nickname . "','','','" . $configRights . "','" . $resourceRights . "','NONE','" . $email . "')"; mysqli_query($localDatabase, $insert); echo mysqli_insert_id($localDatabase); $newPassword = get_random_string($valid_characters, 16); $fp = fopen(directoryAboveWebRoot() . "/.htpasswd", "a"); fwrite($fp, $name . ":" . crypt($newPassword, base64_encode($newPassword)) . "\n"); fclose($fp);
<script type="text/javascript" src="_js/jquery.cycle.all.js"></script> </head> <body data-movielocationprefix="<?php echo $storeURL; ?> /_media/movies_wm/"> <div class="pageContent"> <div class="moviePlayer"> <?php $language = isset($_COOKIE["language"]) ? $_COOKIE["language"] : "en"; $movieID = preg_replace("/[^0-9]/", "", $_GET['movieID']); $movieSig = preg_replace("/[^a-z0-9_\\-]/i", "", $_GET['movieSig']); $movieStart = preg_replace("/[^0-9.]/", "", $_GET['movieStart']); $movieStop = preg_replace("/[^0-9.]/", "", $_GET['movieStop']); $content = ""; include directoryAboveWebRoot() . "/db_con.php"; $filmDetailsQuery = "SELECT `englishTitle`,`germanTitle`,`year`,`fps` FROM `eFilm_ActiveFilms` WHERE `filmNumber` = '" . $movieID . "'"; $filmDetailsResults = mysqli_query($localDatabase, $filmDetailsQuery); $filmDetails = mysqli_fetch_array($filmDetailsResults); if ($language == 'de') { $filmTitle = $filmDetails['germanTitle']; } else { $filmTitle = $filmDetails['englishTitle']; } $movieSpeed = $filmDetails['fps']; if (!empty($filmTitle)) { $content .= "<div class='filmPlayerFilmTitle'>" . $filmTitle . "</div>"; } else { $content .= "<div class='filmPlayerFilmTitle'> </div>"; } $content .= "<div class='filmPlayerFilmNumber'>" . $movieSig . "</div>";