Url() ) { $valid = true; header('Access-Control-Allow-Origin: ' . $Server->Url() ); header('Access-Control-Allow-Headers: x-requested-with,x-request'); } } if ( ! $valid ) { Warning( $_SERVER['HTTP_ORIGIN'] . ' is not found in servers list.' ); } } } function getAuthUser( $auth ) { if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == 'hashed' && !empty($auth) ) { $remoteAddr = ''; if ( ZM_AUTH_HASH_IPS ) { $remoteAddr = $_SERVER['REMOTE_ADDR']; if ( !$remoteAddr ) { Error( "Can't determine remote address for authentication, using empty string" ); $remoteAddr = ''; } } if ( isset( $_SESSION['username'] ) ) { # Most of the time we will be logged in already and the session will have our username, so we can significantly speed up our hash testing by only looking at our user. # Only really important if you have a lot of users. $sql = "SELECT * FROM Users WHERE Enabled = 1 AND Username='".$_SESSION['username']."'"; } else { $sql = 'SELECT * FROM Users WHERE Enabled = 1'; } foreach ( dbFetchAll( $sql ) as $user ) { $now = time(); for ( $i = 0; $i < ZM_AUTH_HASH_TTL; $i++, $now -= (3600) ) { // Try for last two hours $time = localtime( $now ); $authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$remoteAddr.$time[2].$time[3].$time[4].$time[5]; $authHash = md5( $authKey ); if ( $auth == $authHash ) { return $user; } } // end foreach hour } // end foreach user } // end if using auth hash Error( "Unable to authenticate user from auth hash '$auth'" ); return( false ); } // end getAuthUser($auth) function generateAuthHash( $useRemoteAddr ) { if ( ZM_OPT_USE_AUTH and ZM_AUTH_RELAY == 'hashed' and isset($_SESSION['username']) and $_SESSION['passwordHash'] ) { # regenerate a hash at half the liftetime of a hash, an hour is 3600 so half is 1800 $time = time(); $mintime = $time - ( ZM_AUTH_HASH_TTL * 1800 ); if ( ( !isset($_SESSION['AuthHash']) ) or ( $_SESSION['AuthHashGeneratedAt'] < $mintime ) ) { # Don't both regenerating Auth Hash if an hour hasn't gone by yet $local_time = localtime(); $authKey = ''; if ( $useRemoteAddr ) { $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$local_time[2].$local_time[3].$local_time[4].$local_time[5]; } else { $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$local_time[2].$local_time[3].$local_time[4].$local_time[5]; } Logger::Debug("Generated using hour:".$local_time[2] . ' mday:' . $local_time[3] . ' month:'.$local_time[4] . ' year: ' . $local_time[5] ); $auth = md5( $authKey ); if ( session_status() == PHP_SESSION_NONE ) { $backTrace = debug_backtrace(); $file = $backTrace[1]['file']; $line = $backTrace[1]['line']; Warning("Session is not active. AuthHash will not be cached. called from $file:$line. OldHash:" . $_SESSION['AuthHash'] . ' generated at ' . $_SESSION['AuthHashGeneratedAt'] . ' < ' . $time . ' - ( ' . ZM_AUTH_HASH_TTL . '* 1800 = ' . ZM_AUTH_HASH_TTL * 1800 ); } $_SESSION['AuthHash'] = $auth; $_SESSION['AuthHashGeneratedAt'] = $time; Logger::Debug("Generated new auth $auth at " . $_SESSION['AuthHashGeneratedAt']. " using $authKey" ); } else { Logger::Debug("Using cached auth " . $_SESSION['AuthHash'] ." beacuse generatedat:" . $_SESSION['AuthHashGeneratedAt'] . ' < now:'. $time . ' - ' . ZM_AUTH_HASH_TTL . ' * 1800 = '. $mintime); } # end if AuthHash is not cached return $_SESSION['AuthHash']; } else { $auth = ''; } return( $auth ); } function getStreamSrc( $args, $querySep='&' ) { $streamSrc = ZM_BASE_URL.ZM_PATH_ZMS; if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_RELAY == 'hashed' ) { $args[] = 'auth='.generateAuthHash( ZM_AUTH_HASH_IPS ); } elseif ( ZM_AUTH_RELAY == 'plain' ) { $args[] = 'user='.$_SESSION['username']; $args[] = 'pass='.$_SESSION['password']; } elseif ( ZM_AUTH_RELAY == 'none' ) { $args[] = 'user='.$_SESSION['username']; } } if ( !in_array( 'mode=single', $args ) && !empty($GLOBALS['connkey']) ) { $args[] = 'connkey='.$GLOBALS['connkey']; } if ( ZM_RAND_STREAM ) { $args[] = 'rand='.time(); } if ( count($args) ) { $streamSrc .= '?'.join( $querySep, $args ); } return( $streamSrc ); } function getMimeType( $file ) { if ( function_exists('mime_content_type') ) { return( mime_content_type( $file ) ); } elseif ( function_exists('finfo_file') ) { $finfo = finfo_open( FILEINFO_MIME ); $mimeType = finfo_file( $finfo, $file ); finfo_close($finfo); return( $mimeType ); } return( trim( exec( 'file -bi '.escapeshellarg( $file ).' 2>/dev/null' ) ) ); } function outputVideoStream( $id, $src, $width, $height, $format, $title='' ) { echo getVideoStreamHTML( $id, $src, $width, $height, $format, $title ); } function getVideoStreamHTML( $id, $src, $width, $height, $format, $title='' ) { $html = ''; $width = validInt($width); $height = validInt($height); $title = validHtmlStr($title); if ( file_exists( $src ) ) { $mimeType = getMimeType( $src ); } else { switch( $format ) { case 'asf' : $mimeType = 'video/x-ms-asf'; break; case 'avi' : case 'wmv' : $mimeType = 'video/x-msvideo'; break; case 'mov' : $mimeType = 'video/quicktime'; break; case 'mpg' : case 'mpeg' : $mimeType = 'video/mpeg'; break; case 'swf' : $mimeType = 'application/x-shockwave-flash'; break; case '3gp' : $mimeType = 'video/3gpp'; break; default : $mimeType = "video/$format"; break; } } if ( !$mimeType || ($mimeType == 'application/octet-stream') ) $mimeType = 'video/'.$format; if ( ZM_WEB_USE_OBJECT_TAGS ) { switch( $mimeType ) { case 'video/x-ms-asf' : case 'video/x-msvideo' : case 'video/mp4' : { if ( isWindows() ) { return ' '; } } case 'video/quicktime' : { return ' '; } case 'application/x-shockwave-flash' : { return ' '; } } # end switch } # end if use object tags return ' '; } function outputImageStream( $id, $src, $width, $height, $title='' ) { echo getImageStreamHTML( $id, $src, $width, $height, $title ); } function getImageStreamHTML( $id, $src, $width, $height, $title='' ) { if ( canStreamIframe() ) { return '