Url() ) { $valid = true; header("Access-Control-Allow-Origin: " . $Server->Url() ); header("Access-Control-Allow-Headers: x-requested-with,x-request"); } } if ( ! $valid ) { Warning( $_SERVER['HTTP_ORIGIN'] . " is not found in servers list." ); } } } function getAuthUser( $auth ) { if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == 'hashed' && !empty($auth) ) { $remoteAddr = ''; if ( ZM_AUTH_HASH_IPS ) { $remoteAddr = $_SERVER['REMOTE_ADDR']; if ( !$remoteAddr ) { Error( "Can't determine remote address for authentication, using empty string" ); $remoteAddr = ""; } } if ( $_SESSION['username'] ) { # Most of the time we will be logged in already and the session will have our username, so we can significantly speed up our hash testing by only looking at our user. # Only really important if you have a lot of users. $sql = "SELECT Username, Password FROM Users WHERE Enabled = 1 AND Username='".$_SESSION['username']."'"; } else { $sql = 'SELECT Username, Password FROM Users WHERE Enabled = 1'; } foreach ( dbFetchAll( $sql ) as $user ) { $now = time(); for ( $i = 0; $i < ZM_AUTH_HASH_TTL; $i++, $now -= (3600) ) { // Try for last two hours $time = localtime( $now ); $authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$remoteAddr.$time[2].$time[3].$time[4].$time[5]; $authHash = md5( $authKey ); if ( $auth == $authHash ) { return( $user ); } } // end foreach hour } // end foreach user } // end if using auth hash Error( "Unable to authenticate user from auth hash '$auth'" ); return( false ); } function generateAuthHash( $useRemoteAddr ) { if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == "hashed" ) { # regenerate a hash at half the liftetime of a hash, an hour is 3600 so half is 1800 if ( ( $_SESSION['AuthHashGeneratedAt'] < time() - ( ZM_AUTH_HASH_TTL * 1800 ) ) or ! isset($_SESSION['AuthHash']) ) { # Don't both regenerating Auth Hash if an hour hasn't gone by yet $time = localtime(); if ( $useRemoteAddr ) { $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$time[2].$time[3].$time[4].$time[5]; } else { $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$time[2].$time[3].$time[4].$time[5]; } $auth = md5( $authKey ); if ( session_status() == PHP_SESSION_NONE ) { Warning("Session is not active. AuthHash will not be cached."); } $_SESSION['AuthHash'] = $auth; $_SESSION['AuthHashGeneratedAt'] = time(); } # end if AuthHash is not cached } else { $auth = ""; } return( $auth ); } function getStreamSrc( $args, $querySep='&' ) { $streamSrc = ZM_BASE_URL.ZM_PATH_ZMS; if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_RELAY == "hashed" ) { $args[] = "auth=".generateAuthHash( ZM_AUTH_HASH_IPS ); } elseif ( ZM_AUTH_RELAY == "plain" ) { $args[] = "user=".$_SESSION['username']; $args[] = "pass=".$_SESSION['password']; } elseif ( ZM_AUTH_RELAY == "none" ) { $args[] = "user=".$_SESSION['username']; } } if ( !in_array( "mode=single", $args ) && !empty($GLOBALS['connkey']) ) { $args[] = "connkey=".$GLOBALS['connkey']; } if ( ZM_RAND_STREAM ) { $args[] = "rand=".time(); } if ( count($args) ) { $streamSrc .= "?".join( $querySep, $args ); } return( $streamSrc ); } function getMimeType( $file ) { if ( function_exists('mime_content_type') ) { return( mime_content_type( $file ) ); } elseif ( function_exists('finfo_file') ) { $finfo = finfo_open( FILEINFO_MIME ); $mimeType = finfo_file( $finfo, $file ); finfo_close($finfo); return( $mimeType ); } return( trim( exec( 'file -bi '.escapeshellarg( $file ).' 2>/dev/null' ) ) ); } function outputVideoStream( $id, $src, $width, $height, $format, $title="" ) { echo getVideoStreamHTML( $id, $src, $width, $height, $format, $title ); } function getVideoStreamHTML( $id, $src, $width, $height, $format, $title="" ) { $html = ''; $width = validInt($width); $height = validInt($height); $title = validHtmlStr($title); if ( file_exists( $src ) ) { $mimeType = getMimeType( $src ); } else { switch( $format ) { case 'asf' : $mimeType = "video/x-ms-asf"; break; case 'avi' : case 'wmv' : $mimeType = "video/x-msvideo"; break; case 'mov' : $mimeType = "video/quicktime"; break; case 'mpg' : case 'mpeg' : $mimeType = "video/mpeg"; break; case 'swf' : $mimeType = "application/x-shockwave-flash"; break; case '3gp' : $mimeType = "video/3gpp"; break; default : $mimeType = "video/$format"; break; } } if ( !$mimeType || ($mimeType == 'application/octet-stream') ) $mimeType = 'video/'.$format; if ( ZM_WEB_USE_OBJECT_TAGS ) { switch( $mimeType ) { case "video/x-ms-asf" : case "video/x-msvideo" : case "video/mp4" : { if ( isWindows() ) { return ' '; } } case "video/quicktime" : { return ' '; } case "application/x-shockwave-flash" : { return ' '; } } # end switch } # end if use object tags return ' '; } function outputImageStream( $id, $src, $width, $height, $title="" ) { echo getImageStream( $id, $src, $width, $height, $title ); } function getImageStream( $id, $src, $width, $height, $title="" ) { if ( canStreamIframe() ) { return '