From 155835367249752a6c652a49f0fe6b18335bcdf7 Mon Sep 17 00:00:00 2001 From: "Jan M. Hochstein" Date: Sat, 9 Apr 2016 17:07:11 +0200 Subject: [PATCH 01/10] Force UTF-8 when sending WS-Discovery Probe --- onvif/modules/lib/WSDiscovery/TransportUDP.pm | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/onvif/modules/lib/WSDiscovery/TransportUDP.pm b/onvif/modules/lib/WSDiscovery/TransportUDP.pm index 375f9628d..edc837da6 100644 --- a/onvif/modules/lib/WSDiscovery/TransportUDP.pm +++ b/onvif/modules/lib/WSDiscovery/TransportUDP.pm @@ -61,16 +61,19 @@ sub _notify_response } sub send_multi() { - my ($self, $address, $port, $data) = @_; + my ($self, $address, $port, $utf8_string) = @_; my $destination = $address . ':' . $port; my $socket = IO::Socket::Multicast->new(PROTO => 'udp', LocalPort=>$port, PeerAddr=>$destination, ReuseAddr=>1) or die 'Cannot open multicast socket to ' . ${address} . ':' . ${port}; + + my $bytes = $utf8_string; + utf8::encode($bytes); $socket->mcast_ttl(1); - $socket->send($data); + $socket->send($bytes); } sub receive_multi() { From 2125faa4447dfd146fe6448f2bd3f6461f4c4bbd Mon Sep 17 00:00:00 2001 From: "Jan M. Hochstein" Date: Sun, 10 Apr 2016 09:37:16 +0200 Subject: [PATCH 02/10] Added header elements to perl WS-Discovery proxy --- .../WSDiscovery10/Interfaces/WSDiscovery/WSDiscoveryPort.pm | 6 +++++- onvif/proxy/lib/WSDiscovery10/Typemaps/WSDiscovery.pm | 5 +++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/onvif/proxy/lib/WSDiscovery10/Interfaces/WSDiscovery/WSDiscoveryPort.pm b/onvif/proxy/lib/WSDiscovery10/Interfaces/WSDiscovery/WSDiscoveryPort.pm index d194bbc87..581d6e59e 100644 --- a/onvif/proxy/lib/WSDiscovery10/Interfaces/WSDiscovery/WSDiscoveryPort.pm +++ b/onvif/proxy/lib/WSDiscovery10/Interfaces/WSDiscovery/WSDiscoveryPort.pm @@ -34,7 +34,11 @@ sub ProbeOp { }, header => { - + 'use' => 'literal', + namespace => 'http://schemas.xmlsoap.org/ws/2004/08/addressing', + encodingStyle => '', + parts => [qw(WSDiscovery10::Elements::To WSDiscovery10::Elements::Action)], + }, headerfault => { diff --git a/onvif/proxy/lib/WSDiscovery10/Typemaps/WSDiscovery.pm b/onvif/proxy/lib/WSDiscovery10/Typemaps/WSDiscovery.pm index 635a19393..4429a517b 100644 --- a/onvif/proxy/lib/WSDiscovery10/Typemaps/WSDiscovery.pm +++ b/onvif/proxy/lib/WSDiscovery10/Typemaps/WSDiscovery.pm @@ -24,6 +24,11 @@ our $typemap_1 = { 'ProbeMatches/ProbeMatch/EndpointReference' => 'WSDiscovery10::Types::EndpointReferenceType', 'ProbeMatches/ProbeMatch/EndpointReference/ReferenceProperties' => 'WSDiscovery10::Types::ReferencePropertiesType', 'ProbeMatches/ProbeMatch/EndpointReference/PortType' => 'WSDiscovery10::Types::AttributedQName' + 'MessageID' => 'WSDiscovery10::Elements::MessageID', + 'RelatesTo' => '__SKIP__', + 'To' => '__SKIP__', + 'Action' => '__SKIP__', + 'AppSequence' => '__SKIP__', }; ; From edf3f3c43a1e197b4627d0ba11ec4a478e9b2517 Mon Sep 17 00:00:00 2001 From: "Jan M. Hochstein" Date: Sun, 10 Apr 2016 15:57:53 +0200 Subject: [PATCH 03/10] Fixed WS-Discovery Probe message header --- .../lib/WSDiscovery10/Elements/Header.pm | 55 +++++++++++++++++++ .../lib/WSDiscovery10/Typemaps/WSDiscovery.pm | 8 +-- onvif/scripts/zmonvif-probe.pl | 23 +++++++- 3 files changed, 79 insertions(+), 7 deletions(-) create mode 100644 onvif/proxy/lib/WSDiscovery10/Elements/Header.pm diff --git a/onvif/proxy/lib/WSDiscovery10/Elements/Header.pm b/onvif/proxy/lib/WSDiscovery10/Elements/Header.pm new file mode 100644 index 000000000..df2d7f389 --- /dev/null +++ b/onvif/proxy/lib/WSDiscovery10/Elements/Header.pm @@ -0,0 +1,55 @@ + +package WSDiscovery10::Elements::Header; +use strict; +use warnings; + + +__PACKAGE__->_set_element_form_qualified(0); + +sub get_xmlns { 'http://schemas.xmlsoap.org/soap/envelope/' }; + +our $XML_ATTRIBUTE_CLASS; +undef $XML_ATTRIBUTE_CLASS; + +sub __get_attr_class { + return $XML_ATTRIBUTE_CLASS; +} + +use Class::Std::Fast::Storable constructor => 'none'; +use base qw(SOAP::WSDL::XSD::Typelib::ComplexType); + +Class::Std::initialize(); + +{ # BLOCK to scope variables + +my %Action_of :ATTR(:get); +my %MessageID_of :ATTR(:get); +my %ReplyTo_of :ATTR(:get); +my %To_of :ATTR(:get); + +__PACKAGE__->_factory( + [ qw( Action MessageID ReplyTo To ) ], + { + 'Action' => \%Action_of, + 'MessageID' => \%MessageID_of, + 'ReplyTo' => \%ReplyTo_of, + 'To' => \%To_of, + }, + { + 'Action' => 'WSDiscovery10::Elements::Action', + 'MessageID' => 'WSDiscovery10::Elements::MessageID', + 'ReplyTo' => 'WSDiscovery10::Elements::ReplyTo', + 'To' => 'WSDiscovery10::Elements::To', + }, + { + 'Action' => '', + 'MessageID' => '', + 'ReplyTo' => '', + 'To' => '', + } +); + +} # end BLOCK + + +1; diff --git a/onvif/proxy/lib/WSDiscovery10/Typemaps/WSDiscovery.pm b/onvif/proxy/lib/WSDiscovery10/Typemaps/WSDiscovery.pm index 4429a517b..f0d7b7931 100644 --- a/onvif/proxy/lib/WSDiscovery10/Typemaps/WSDiscovery.pm +++ b/onvif/proxy/lib/WSDiscovery10/Typemaps/WSDiscovery.pm @@ -25,10 +25,10 @@ our $typemap_1 = { 'ProbeMatches/ProbeMatch/EndpointReference/ReferenceProperties' => 'WSDiscovery10::Types::ReferencePropertiesType', 'ProbeMatches/ProbeMatch/EndpointReference/PortType' => 'WSDiscovery10::Types::AttributedQName' 'MessageID' => 'WSDiscovery10::Elements::MessageID', - 'RelatesTo' => '__SKIP__', - 'To' => '__SKIP__', - 'Action' => '__SKIP__', - 'AppSequence' => '__SKIP__', + 'RelatesTo' => 'WSDiscovery10::Elements::RelatesTo', + 'To' => 'WSDiscovery10::Elements::To', + 'Action' => 'WSDiscovery10::Elements::Action', + 'AppSequence' => 'WSDiscovery10::Elements::AppSequence', }; ; diff --git a/onvif/scripts/zmonvif-probe.pl b/onvif/scripts/zmonvif-probe.pl index 93c12959f..8f1fccd17 100755 --- a/onvif/scripts/zmonvif-probe.pl +++ b/onvif/scripts/zmonvif-probe.pl @@ -25,13 +25,14 @@ # use Getopt::Std; +use Data::UUID; require ONVIF::Client; require WSDiscovery10::Interfaces::WSDiscovery::WSDiscoveryPort; +require WSDiscovery10::Elements::Header; require WSDiscovery10::Elements::Types; require WSDiscovery10::Elements::Scopes; -require WSDiscovery10::Elements::To; require WSDiscovery::TransportUDP; @@ -169,6 +170,8 @@ sub discover ## try both soap versions my %services; + my $uuid_gen = Data::UUID->new(); + if($verbose) { print "Probing for SOAP 1.1\n" } @@ -177,12 +180,18 @@ sub discover }); $svc_discover->set_soap_version('1.1'); + my $uuid = $uuid_gen->create_str(); + my $result = $svc_discover->ProbeOp( { # WSDiscovery::Types::ProbeType Types => 'http://www.onvif.org/ver10/network/wsdl:NetworkVideoTransmitter http://www.onvif.org/ver10/device/wsdl:Device', # QNameListType Scopes => { value => '' }, }, - WSDiscovery10::Elements::To->new({ value => 'urn:schemas-xmlsoap-org:ws:2005:04:discovery' }) + WSDiscovery10::Elements::Header->new({ + Action => { value => 'http://schemas.xmlsoap.org/ws/2005/04/discovery/Probe' }, + MessageID => { value => "urn:uuid:$uuid" }, + To => { value => 'urn:schemas-xmlsoap-org:ws:2005:04:discovery' }, + }) ); # print $result . "\n"; @@ -197,12 +206,20 @@ sub discover }); $svc_discover->set_soap_version('1.2'); + # copies of the same Probe message must have the same MessageID. + # This is not a copy. So we generate a new uuid. + $uuid = $uuid_gen->create_str(); + $result = $svc_discover->ProbeOp( { # WSDiscovery::Types::ProbeType Types => 'http://www.onvif.org/ver10/network/wsdl:NetworkVideoTransmitter http://www.onvif.org/ver10/device/wsdl:Device', # QNameListType Scopes => { value => '' }, }, - WSDiscovery10::Elements::To->new({ value => 'urn:schemas-xmlsoap-org:ws:2005:04:discovery' }) + WSDiscovery10::Elements::Header->new({ + Action => { value => 'http://schemas.xmlsoap.org/ws/2005/04/discovery/Probe' }, + MessageID => { value => "urn:uuid:$uuid" }, + To => { value => 'urn:schemas-xmlsoap-org:ws:2005:04:discovery' }, + }) ); # print $result . "\n"; From 8b92151a0cb75c312d252e88a9759741f4367f85 Mon Sep 17 00:00:00 2001 From: "Jan M. Hochstein" Date: Sun, 10 Apr 2016 18:19:10 +0200 Subject: [PATCH 04/10] WS-Discovery header fixes --- .../Interfaces/WSDiscovery/WSDiscoveryPort.pm | 2 +- .../proxy/lib/WSDiscovery10/Typemaps/WSDiscovery.pm | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/onvif/proxy/lib/WSDiscovery10/Interfaces/WSDiscovery/WSDiscoveryPort.pm b/onvif/proxy/lib/WSDiscovery10/Interfaces/WSDiscovery/WSDiscoveryPort.pm index 581d6e59e..f1b6446a5 100644 --- a/onvif/proxy/lib/WSDiscovery10/Interfaces/WSDiscovery/WSDiscoveryPort.pm +++ b/onvif/proxy/lib/WSDiscovery10/Interfaces/WSDiscovery/WSDiscoveryPort.pm @@ -37,7 +37,7 @@ sub ProbeOp { 'use' => 'literal', namespace => 'http://schemas.xmlsoap.org/ws/2004/08/addressing', encodingStyle => '', - parts => [qw(WSDiscovery10::Elements::To WSDiscovery10::Elements::Action)], + parts => [qw( WSDiscovery10::Elements::Header )], }, headerfault => { diff --git a/onvif/proxy/lib/WSDiscovery10/Typemaps/WSDiscovery.pm b/onvif/proxy/lib/WSDiscovery10/Typemaps/WSDiscovery.pm index f0d7b7931..c19a7c647 100644 --- a/onvif/proxy/lib/WSDiscovery10/Typemaps/WSDiscovery.pm +++ b/onvif/proxy/lib/WSDiscovery10/Typemaps/WSDiscovery.pm @@ -23,12 +23,12 @@ our $typemap_1 = { 'ProbeMatches/ProbeMatch/Types' => 'WSDiscovery10::Types::QNameListType', 'ProbeMatches/ProbeMatch/EndpointReference' => 'WSDiscovery10::Types::EndpointReferenceType', 'ProbeMatches/ProbeMatch/EndpointReference/ReferenceProperties' => 'WSDiscovery10::Types::ReferencePropertiesType', - 'ProbeMatches/ProbeMatch/EndpointReference/PortType' => 'WSDiscovery10::Types::AttributedQName' - 'MessageID' => 'WSDiscovery10::Elements::MessageID', - 'RelatesTo' => 'WSDiscovery10::Elements::RelatesTo', - 'To' => 'WSDiscovery10::Elements::To', - 'Action' => 'WSDiscovery10::Elements::Action', - 'AppSequence' => 'WSDiscovery10::Elements::AppSequence', + 'ProbeMatches/ProbeMatch/EndpointReference/PortType' => 'WSDiscovery10::Types::AttributedQName', + 'MessageID' => '__SKIP__', + 'RelatesTo' => '__SKIP__', + 'To' => '__SKIP__', + 'Action' => '__SKIP__', + 'AppSequence' => '__SKIP__', }; ; From 5d3f5e5a4a14b7af57f246e62ae2f5a195b22690 Mon Sep 17 00:00:00 2001 From: "Jan M. Hochstein" Date: Sat, 16 Apr 2016 19:06:36 +0200 Subject: [PATCH 05/10] WSDiscovery: workaround for SOAP::WSDL QName limitation --- .../lib/WSDiscovery10/Types/ProbeType.pm | 50 ++++++++++++++++++- onvif/scripts/zmonvif-probe.pl | 4 +- 2 files changed, 51 insertions(+), 3 deletions(-) diff --git a/onvif/proxy/lib/WSDiscovery10/Types/ProbeType.pm b/onvif/proxy/lib/WSDiscovery10/Types/ProbeType.pm index 10c290e8e..8d7e9e7ca 100644 --- a/onvif/proxy/lib/WSDiscovery10/Types/ProbeType.pm +++ b/onvif/proxy/lib/WSDiscovery10/Types/ProbeType.pm @@ -7,8 +7,10 @@ __PACKAGE__->_set_element_form_qualified(0); sub get_xmlns { 'http://schemas.xmlsoap.org/ws/2005/04/discovery' }; -our $XML_ATTRIBUTE_CLASS; -undef $XML_ATTRIBUTE_CLASS; +our $XML_ATTRIBUTE_CLASS = 'WSDiscovery10::Types::ProbeType::_ProbeType::XmlAttr'; + +#our $XML_ATTRIBUTE_CLASS; +#undef $XML_ATTRIBUTE_CLASS; sub __get_attr_class { return $XML_ATTRIBUTE_CLASS; @@ -49,11 +51,55 @@ __PACKAGE__->_factory( } # end BLOCK +package WSDiscovery10::Types::ProbeType::_ProbeType::XmlAttr; +#use base qw(SOAP::WSDL::XSD::Typelib::ComplexType); +use Class::Std::Fast::Storable constructor => 'none', cache => 1; +use base qw(SOAP::WSDL::XSD::Typelib::Builtin::anySimpleType); +{ # BLOCK to scope variables +my %Attribs_of :ATTR(:get); +sub new +{ + my $self = pop @{ Class::Std::Fast::OBJECT_CACHE_REF()->{ $_[0] } }; + $self = bless \(my $o = Class::Std::Fast::ID()), $_[0] + if not defined $self; + + $self->BUILD(${$self}, $_[1]); + return $self; +} + +sub BUILD +{ + my ($self, $ident, $arg_ref) = @_; + + $Attribs_of{$ident} = $arg_ref; +} + +# without this no attributes are serialized +# SOAP::WSDL::XSD::Typelib::CompexType sub serialize_attr() + +sub as_bool :BOOLIFY { 1 } + +sub serialize() +{ + my $ident = ${ $_[0] }; + my $option_ref = $_[1]; + my $attr_str = ""; + + foreach my $attr (keys %{$Attribs_of{$ident}}) + { + my $value = %{$Attribs_of{$ident}}{$attr}; + $attr_str .= " $attr=\"$value\""; + } + + return $attr_str; +} + +} # end BLOCK 1; diff --git a/onvif/scripts/zmonvif-probe.pl b/onvif/scripts/zmonvif-probe.pl index 8f1fccd17..10aa26a08 100755 --- a/onvif/scripts/zmonvif-probe.pl +++ b/onvif/scripts/zmonvif-probe.pl @@ -212,7 +212,9 @@ sub discover $result = $svc_discover->ProbeOp( { # WSDiscovery::Types::ProbeType - Types => 'http://www.onvif.org/ver10/network/wsdl:NetworkVideoTransmitter http://www.onvif.org/ver10/device/wsdl:Device', # QNameListType + xmlattr => { 'xmlns:dn' => 'http://www.onvif.org/ver10/network/wsdl', + 'xmlns:tds' => 'http://www.onvif.org/ver10/device/wsdl', }, + Types => 'dn:NetworkVideoTransmitter tds:Device', # QNameListType Scopes => { value => '' }, }, WSDiscovery10::Elements::Header->new({ From a5ba4759bf27108aed334f1d7a0b6f5fa30fd5fe Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 10 May 2016 10:54:40 -0400 Subject: [PATCH 06/10] fix new config entry --- scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in index 01d4b534c..610d2432d 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in +++ b/scripts/ZoneMinder/lib/ZoneMinder/ConfigData.pm.in @@ -1712,7 +1712,8 @@ our @options = { name => 'ZM_LD_PRELOAD', default => '', - description => "Some older cameras require the use of the v4l1 compat + description => "Path to library to preload before launching daemons", + help => qqq("Some older cameras require the use of the v4l1 compat library. This setting allows the setting of the path to the library, so that it can be loaded by zmdc.pl before launching zmc."), From 1530096560e9f48e003efcaebcdcdea983b5391a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 12 May 2016 10:17:41 -0400 Subject: [PATCH 07/10] whitespace/google code style --- web/includes/functions.php | 4030 ++++++++++++++++-------------------- 1 file changed, 1814 insertions(+), 2216 deletions(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index 9a8264548..314806105 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -19,2501 +19,2099 @@ // // Compatibility functions -if ( version_compare( phpversion(), "4.3.0", "<") ) -{ - function ob_get_clean() - { - $buffer = ob_get_contents(); - ob_end_clean(); - return( $buffer ); - } +if ( version_compare( phpversion(), "4.3.0", "<") ) { + function ob_get_clean() { + $buffer = ob_get_contents(); + ob_end_clean(); + return( $buffer ); + } } -function userLogin( $username, $password="", $passwordHashed=false ) -{ - global $user, $cookies; +function userLogin( $username, $password="", $passwordHashed=false ) { + global $user, $cookies; - $sql = "select * from Users where Enabled = 1"; - $sql_values = NULL; - if ( ZM_AUTH_TYPE == "builtin" ) - { - if ( $passwordHashed ) { - $sql .= " AND Username=? AND Password=?"; - } else { - $sql .= " AND Username=? AND Password=password(?)"; - } - $sql_values = array( $username, $password ); + $sql = "select * from Users where Enabled = 1"; + $sql_values = NULL; + if ( ZM_AUTH_TYPE == "builtin" ) { + if ( $passwordHashed ) { + $sql .= " AND Username=? AND Password=?"; } else { - $sql .= " AND Username = ?"; - $sql_values = array( $username ); + $sql .= " AND Username=? AND Password=password(?)"; } - $_SESSION['username'] = $username; - if ( ZM_AUTH_RELAY == "plain" ) - { - // Need to save this in session - $_SESSION['password'] = $password; + $sql_values = array( $username, $password ); + } else { + $sql .= " AND Username = ?"; + $sql_values = array( $username ); + } + $_SESSION['username'] = $username; + if ( ZM_AUTH_RELAY == "plain" ) { + // Need to save this in session + $_SESSION['password'] = $password; + } + $_SESSION['remoteAddr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking + if ( $dbUser = dbFetchOne( $sql, NULL, $sql_values ) ) { + Info( "Login successful for user \"$username\"" ); + $_SESSION['user'] = $user = $dbUser; + if ( ZM_AUTH_TYPE == "builtin" ) { + $_SESSION['passwordHash'] = $user['Password']; } - $_SESSION['remoteAddr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking - if ( $dbUser = dbFetchOne( $sql, NULL, $sql_values ) ) - { - Info( "Login successful for user \"$username\"" ); - $_SESSION['user'] = $user = $dbUser; - if ( ZM_AUTH_TYPE == "builtin" ) - { - $_SESSION['passwordHash'] = $user['Password']; - } - } - else - { - Warning( "Login denied for user \"$username\"" ); - unset( $user ); - } - if ( $cookies ) - session_write_close(); -} - -function userLogout() -{ - global $user; - $username = $user['Username']; - - Info( "User \"$username\" logged out" ); - - unset( $_SESSION['user'] ); + } else { + Warning( "Login denied for user \"$username\"" ); unset( $user ); - - session_destroy(); + } + if ( $cookies ) + session_write_close(); } -function noCacheHeaders() -{ - header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past - header("Last-Modified: ".gmdate( "D, d M Y H:i:s" )." GMT"); // always modified - header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1 - header("Cache-Control: post-check=0, pre-check=0", false); - header("Pragma: no-cache"); // HTTP/1.0 +function userLogout() { + global $user; + $username = $user['Username']; + + Info( "User \"$username\" logged out" ); + + unset( $_SESSION['user'] ); + unset( $user ); + + session_destroy(); +} + +function noCacheHeaders() { + header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past + header("Last-Modified: ".gmdate( "D, d M Y H:i:s" )." GMT"); // always modified + header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1 + header("Cache-Control: post-check=0, pre-check=0", false); + header("Pragma: no-cache"); // HTTP/1.0 } function CORSHeaders() { - if ( isset( $_SERVER['HTTP_ORIGIN'] ) ) { + if ( isset( $_SERVER['HTTP_ORIGIN'] ) ) { - # The following is left for future reference/use. - $valid = false; - $servers = dbFetchAll( 'SELECT * FROM Servers' ); - if ( sizeof($servers) <= 1 ) { - # Only need CORSHeaders in the event that there are multiple servers in use. - return; - } - foreach( dbFetchAll( 'SELECT * FROM Servers' ) as $row ) { - $Server = new Server( $row ); - if ( $_SERVER['HTTP_ORIGIN'] == $Server->Url() ) { - $valid = true; - header("Access-Control-Allow-Origin: " . $Server->Url() ); - header("Access-Control-Allow-Headers: x-requested-with,x-request"); - } - } - if ( ! $valid ) { - Warning( $_SERVER['HTTP_ORIGIN'] . " is not found in servers list." ); - } - } +# The following is left for future reference/use. + $valid = false; + $servers = dbFetchAll( 'SELECT * FROM Servers' ); + if ( sizeof($servers) <= 1 ) { +# Only need CORSHeaders in the event that there are multiple servers in use. + return; + } + foreach( dbFetchAll( 'SELECT * FROM Servers' ) as $row ) { + $Server = new Server( $row ); + if ( $_SERVER['HTTP_ORIGIN'] == $Server->Url() ) { + $valid = true; + header("Access-Control-Allow-Origin: " . $Server->Url() ); + header("Access-Control-Allow-Headers: x-requested-with,x-request"); + } + } + if ( ! $valid ) { + Warning( $_SERVER['HTTP_ORIGIN'] . " is not found in servers list." ); + } + } } -function getAuthUser( $auth ) -{ - if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == "hashed" && !empty($auth) ) - { +function getAuthUser( $auth ) { + if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == "hashed" && !empty($auth) ) { + $remoteAddr = ""; + if ( ZM_AUTH_HASH_IPS ) { + $remoteAddr = $_SERVER['REMOTE_ADDR']; + if ( !$remoteAddr ) { + Error( "Can't determine remote address for authentication, using empty string" ); $remoteAddr = ""; - if ( ZM_AUTH_HASH_IPS ) - { - $remoteAddr = $_SERVER['REMOTE_ADDR']; - if ( !$remoteAddr ) - { - Error( "Can't determine remote address for authentication, using empty string" ); - $remoteAddr = ""; - } - } - - $sql = "select Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Enabled = 1"; - foreach ( dbFetchAll( $sql ) as $user ) - { - $now = time(); - for ( $i = 0; $i < 2; $i++, $now -= (60*60) ) // Try for last two hours - { - $time = localtime( $now ); - $authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$remoteAddr.$time[2].$time[3].$time[4].$time[5]; - $authHash = md5( $authKey ); - - if ( $auth == $authHash ) - { - return( $user ); - } - } - } + } } - Error( "Unable to authenticate user from auth hash '$auth'" ); - return( false ); + + $sql = "select Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Enabled = 1"; + foreach ( dbFetchAll( $sql ) as $user ) { + $now = time(); + for ( $i = 0; $i < 2; $i++, $now -= (60*60) ) { // Try for last two hours + $time = localtime( $now ); + $authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$remoteAddr.$time[2].$time[3].$time[4].$time[5]; + $authHash = md5( $authKey ); + + if ( $auth == $authHash ) { + return( $user ); + } + } + } + } + Error( "Unable to authenticate user from auth hash '$auth'" ); + return( false ); } -function generateAuthHash( $useRemoteAddr ) -{ - if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == "hashed" ) - { - $time = localtime(); - if ( $useRemoteAddr ) - { - $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$time[2].$time[3].$time[4].$time[5]; - } - else - { - $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$time[2].$time[3].$time[4].$time[5]; - } - $auth = md5( $authKey ); +function generateAuthHash( $useRemoteAddr ) { + if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == "hashed" ) { + $time = localtime(); + if ( $useRemoteAddr ) { + $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$time[2].$time[3].$time[4].$time[5]; + } else { + $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$time[2].$time[3].$time[4].$time[5]; } - else - { - $auth = ""; - } - return( $auth ); + $auth = md5( $authKey ); + } else { + $auth = ""; + } + return( $auth ); } -function getStreamSrc( $args, $querySep='&' ) -{ - $streamSrc = ZM_BASE_URL.ZM_PATH_ZMS; +function getStreamSrc( $args, $querySep='&' ) { + $streamSrc = ZM_BASE_URL.ZM_PATH_ZMS; - if ( ZM_OPT_USE_AUTH ) - { - if ( ZM_AUTH_RELAY == "hashed" ) - { - $args[] = "auth=".generateAuthHash( ZM_AUTH_HASH_IPS ); - } - elseif ( ZM_AUTH_RELAY == "plain" ) - { - $args[] = "user=".$_SESSION['username']; - $args[] = "pass=".$_SESSION['password']; - } - elseif ( ZM_AUTH_RELAY == "none" ) - { - $args[] = "user=".$_SESSION['username']; - } - } - if ( !in_array( "mode=single", $args ) && !empty($GLOBALS['connkey']) ) - { - $args[] = "connkey=".$GLOBALS['connkey']; - } - if ( ZM_RAND_STREAM ) - { - $args[] = "rand=".time(); + if ( ZM_OPT_USE_AUTH ) { + if ( ZM_AUTH_RELAY == "hashed" ) { + $args[] = "auth=".generateAuthHash( ZM_AUTH_HASH_IPS ); + } elseif ( ZM_AUTH_RELAY == "plain" ) { + $args[] = "user=".$_SESSION['username']; + $args[] = "pass=".$_SESSION['password']; + } elseif ( ZM_AUTH_RELAY == "none" ) { + $args[] = "user=".$_SESSION['username']; } + } + if ( !in_array( "mode=single", $args ) && !empty($GLOBALS['connkey']) ) { + $args[] = "connkey=".$GLOBALS['connkey']; + } + if ( ZM_RAND_STREAM ) { + $args[] = "rand=".time(); + } - if ( count($args) ) - { - $streamSrc .= "?".join( $querySep, $args ); - } + if ( count($args) ) { + $streamSrc .= "?".join( $querySep, $args ); + } - return( $streamSrc ); + return( $streamSrc ); } -function getMimeType( $file ) -{ - if ( function_exists('mime_content_type') ) - { - return( mime_content_type( $file ) ); - } - elseif ( function_exists('finfo_file') ) - { - $finfo = finfo_open( FILEINFO_MIME ); - $mimeType = finfo_file( $finfo, $file ); - finfo_close($finfo); - return( $mimeType ); - } - return( trim( exec( 'file -bi '.escapeshellarg( $file ).' 2>/dev/null' ) ) ); +function getMimeType( $file ) { + if ( function_exists('mime_content_type') ) { + return( mime_content_type( $file ) ); + } elseif ( function_exists('finfo_file') ) { + $finfo = finfo_open( FILEINFO_MIME ); + $mimeType = finfo_file( $finfo, $file ); + finfo_close($finfo); + return( $mimeType ); + } + return( trim( exec( 'file -bi '.escapeshellarg( $file ).' 2>/dev/null' ) ) ); } -function outputVideoStream( $id, $src, $width, $height, $format, $title="" ) -{ - if ( file_exists( $src ) ) - $mimeType = getMimeType( $src ); - else - { - switch( $format ) +function outputVideoStream( $id, $src, $width, $height, $format, $title="" ) { + if ( file_exists( $src ) ) { + $mimeType = getMimeType( $src ); + } else { + switch( $format ) { + case 'asf' : + $mimeType = "video/x-ms-asf"; + break; + case 'avi' : + case 'wmv' : + $mimeType = "video/x-msvideo"; + break; + case 'mov' : + $mimeType = "video/quicktime"; + break; + case 'mpg' : + case 'mpeg' : + $mimeType = "video/mpeg"; + break; + case 'swf' : + $mimeType = "application/x-shockwave-flash"; + break; + case '3gp' : + $mimeType = "video/3gpp"; + break; + default : + $mimeType = "video/$format"; + break; + } + } + if ( !$mimeType || ($mimeType == 'application/octet-stream') ) + $mimeType = 'video/'.$format; + $objectTag = false; + if ( ZM_WEB_USE_OBJECT_TAGS ) { + switch( $mimeType ) { + case "video/x-ms-asf" : + case "video/x-msvideo" : + case "video/mp4" : { - case 'asf' : - $mimeType = "video/x-ms-asf"; - break; - case 'avi' : - case 'wmv' : - $mimeType = "video/x-msvideo"; - break; - case 'mov' : - $mimeType = "video/quicktime"; - break; - case 'mpg' : - case 'mpeg' : - $mimeType = "video/mpeg"; - break; - case 'swf' : - $mimeType = "application/x-shockwave-flash"; - break; - case '3gp' : - $mimeType = "video/3gpp"; - break; - default : - $mimeType = "video/$format"; - break; + if ( isWindows() ) { + ?> + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - -src="" -name="" -width="" -height="" -autostart="1" -autoplay="1" -showcontrols="0" -controller="0"> - - + + src="" + name="" + width="" + height="" + autostart="1" + autoplay="1" + showcontrols="0" + controller="0"> + + -