Url() ) { $valid = true; header("Access-Control-Allow-Origin: " . $Server->Url() ); header("Access-Control-Allow-Headers: x-requested-with,x-request"); } } if ( ! $valid ) { Warning( $_SERVER['HTTP_ORIGIN'] . " is not found in servers list." ); } } } function getAuthUser( $auth ) { if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == "hashed" && !empty($auth) ) { $remoteAddr = ""; if ( ZM_AUTH_HASH_IPS ) { $remoteAddr = $_SERVER['REMOTE_ADDR']; if ( !$remoteAddr ) { Error( "Can't determine remote address for authentication, using empty string" ); $remoteAddr = ""; } } $sql = "select Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Enabled = 1"; foreach ( dbFetchAll( $sql ) as $user ) { $now = time(); for ( $i = 0; $i < 2; $i++, $now -= (60*60) ) { // Try for last two hours $time = localtime( $now ); $authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$remoteAddr.$time[2].$time[3].$time[4].$time[5]; $authHash = md5( $authKey ); if ( $auth == $authHash ) { return( $user ); } } } } Error( "Unable to authenticate user from auth hash '$auth'" ); return( false ); } function generateAuthHash( $useRemoteAddr ) { if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == "hashed" ) { $time = localtime(); if ( $useRemoteAddr ) { $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$time[2].$time[3].$time[4].$time[5]; } else { $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$time[2].$time[3].$time[4].$time[5]; } $auth = md5( $authKey ); } else { $auth = ""; } return( $auth ); } function getStreamSrc( $args, $querySep='&' ) { $streamSrc = ZM_BASE_URL.ZM_PATH_ZMS; if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_RELAY == "hashed" ) { $args[] = "auth=".generateAuthHash( ZM_AUTH_HASH_IPS ); } elseif ( ZM_AUTH_RELAY == "plain" ) { $args[] = "user=".$_SESSION['username']; $args[] = "pass=".$_SESSION['password']; } elseif ( ZM_AUTH_RELAY == "none" ) { $args[] = "user=".$_SESSION['username']; } } if ( !in_array( "mode=single", $args ) && !empty($GLOBALS['connkey']) ) { $args[] = "connkey=".$GLOBALS['connkey']; } if ( ZM_RAND_STREAM ) { $args[] = "rand=".time(); } if ( count($args) ) { $streamSrc .= "?".join( $querySep, $args ); } return( $streamSrc ); } function getMimeType( $file ) { if ( function_exists('mime_content_type') ) { return( mime_content_type( $file ) ); } elseif ( function_exists('finfo_file') ) { $finfo = finfo_open( FILEINFO_MIME ); $mimeType = finfo_file( $finfo, $file ); finfo_close($finfo); return( $mimeType ); } return( trim( exec( 'file -bi '.escapeshellarg( $file ).' 2>/dev/null' ) ) ); } function outputVideoStream( $id, $src, $width, $height, $format, $title="" ) { if ( file_exists( $src ) ) { $mimeType = getMimeType( $src ); } else { switch( $format ) { case 'asf' : $mimeType = "video/x-ms-asf"; break; case 'avi' : case 'wmv' : $mimeType = "video/x-msvideo"; break; case 'mov' : $mimeType = "video/quicktime"; break; case 'mpg' : case 'mpeg' : $mimeType = "video/mpeg"; break; case 'swf' : $mimeType = "application/x-shockwave-flash"; break; case '3gp' : $mimeType = "video/3gpp"; break; default : $mimeType = "video/$format"; break; } } if ( !$mimeType || ($mimeType == 'application/octet-stream') ) $mimeType = 'video/'.$format; $objectTag = false; if ( ZM_WEB_USE_OBJECT_TAGS ) { switch( $mimeType ) { case "video/x-ms-asf" : case "video/x-msvideo" : case "video/mp4" : { if ( isWindows() ) { ?> src="" name="" width="" height="" autostart="1" autoplay="1" showcontrols="0" controller="0">