Url() ) { $valid = true; header("Access-Control-Allow-Origin: " . $Server->Url() ); header("Access-Control-Allow-Headers: x-requested-with,x-request"); } } if ( ! $valid ) { Warning( $_SERVER['HTTP_ORIGIN'] . " is not found in servers list." ); } } } function getAuthUser( $auth ) { if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == 'hashed' && !empty($auth) ) { $remoteAddr = ''; if ( ZM_AUTH_HASH_IPS ) { $remoteAddr = $_SERVER['REMOTE_ADDR']; if ( !$remoteAddr ) { Error( "Can't determine remote address for authentication, using empty string" ); $remoteAddr = ''; } } if ( $_SESSION['username'] ) { # Most of the time we will be logged in already and the session will have our username, so we can significantly speed up our hash testing by only looking at our user. # Only really important if you have a lot of users. $sql = "SELECT * FROM Users WHERE Enabled = 1 AND Username='".$_SESSION['username']."'"; } else { $sql = 'SELECT * FROM Users WHERE Enabled = 1'; } foreach ( dbFetchAll( $sql ) as $user ) { $now = time(); for ( $i = 0; $i < ZM_AUTH_HASH_TTL; $i++, $now -= (3600) ) { // Try for last two hours $time = localtime( $now ); $authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$remoteAddr.$time[2].$time[3].$time[4].$time[5]; $authHash = md5( $authKey ); if ( $auth == $authHash ) { return( $user ); } } // end foreach hour } // end foreach user } // end if using auth hash Error( "Unable to authenticate user from auth hash '$auth'" ); return( false ); } function generateAuthHash( $useRemoteAddr ) { if ( ZM_OPT_USE_AUTH and ZM_AUTH_RELAY == 'hashed' and $_SESSION['username'] and $_SESSION['passwordHash'] ) { # regenerate a hash at half the liftetime of a hash, an hour is 3600 so half is 1800 if ( ( ! isset($_SESSION['AuthHash']) ) or ( $_SESSION['AuthHashGeneratedAt'] < time() - ( ZM_AUTH_HASH_TTL * 1800 ) ) ) { # Don't both regenerating Auth Hash if an hour hasn't gone by yet $time = localtime(); $authKey = ''; if ( $useRemoteAddr ) { $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$time[2].$time[3].$time[4].$time[5]; } else { $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$time[2].$time[3].$time[4].$time[5]; } $auth = md5( $authKey ); if ( session_status() == PHP_SESSION_NONE ) { Warning("Session is not active. AuthHash will not be cached."); } $_SESSION['AuthHash'] = $auth; $_SESSION['AuthHashGeneratedAt'] = time(); Debug("Generated new auth $auth at " . $_SESSION['AuthHashGeneratedAt']. " using $authKey" ); } else { Debug( "Using cached auth " . $_SESSION['AuthHash'] ); } # end if AuthHash is not cached return $_SESSION['AuthHash']; } else { $auth = ''; } return( $auth ); } function getStreamSrc( $args, $querySep='&' ) { $streamSrc = ZM_BASE_URL.ZM_PATH_ZMS; if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_RELAY == "hashed" ) { $args[] = "auth=".generateAuthHash( ZM_AUTH_HASH_IPS ); } elseif ( ZM_AUTH_RELAY == "plain" ) { $args[] = "user=".$_SESSION['username']; $args[] = "pass=".$_SESSION['password']; } elseif ( ZM_AUTH_RELAY == "none" ) { $args[] = "user=".$_SESSION['username']; } } if ( !in_array( "mode=single", $args ) && !empty($GLOBALS['connkey']) ) { $args[] = "connkey=".$GLOBALS['connkey']; } if ( ZM_RAND_STREAM ) { $args[] = "rand=".time(); } if ( count($args) ) { $streamSrc .= "?".join( $querySep, $args ); } return( $streamSrc ); } function getMimeType( $file ) { if ( function_exists('mime_content_type') ) { return( mime_content_type( $file ) ); } elseif ( function_exists('finfo_file') ) { $finfo = finfo_open( FILEINFO_MIME ); $mimeType = finfo_file( $finfo, $file ); finfo_close($finfo); return( $mimeType ); } return( trim( exec( 'file -bi '.escapeshellarg( $file ).' 2>/dev/null' ) ) ); } function outputVideoStream( $id, $src, $width, $height, $format, $title="" ) { echo getVideoStreamHTML( $id, $src, $width, $height, $format, $title ); } function getVideoStreamHTML( $id, $src, $width, $height, $format, $title="" ) { $html = ''; $width = validInt($width); $height = validInt($height); $title = validHtmlStr($title); if ( file_exists( $src ) ) { $mimeType = getMimeType( $src ); } else { switch( $format ) { case 'asf' : $mimeType = "video/x-ms-asf"; break; case 'avi' : case 'wmv' : $mimeType = "video/x-msvideo"; break; case 'mov' : $mimeType = "video/quicktime"; break; case 'mpg' : case 'mpeg' : $mimeType = "video/mpeg"; break; case 'swf' : $mimeType = "application/x-shockwave-flash"; break; case '3gp' : $mimeType = "video/3gpp"; break; default : $mimeType = "video/$format"; break; } } if ( !$mimeType || ($mimeType == 'application/octet-stream') ) $mimeType = 'video/'.$format; if ( ZM_WEB_USE_OBJECT_TAGS ) { switch( $mimeType ) { case "video/x-ms-asf" : case "video/x-msvideo" : case "video/mp4" : { if ( isWindows() ) { return ' '; } } case "video/quicktime" : { return ' '; } case "application/x-shockwave-flash" : { return ' '; } } # end switch } # end if use object tags return ' '; } function outputImageStream( $id, $src, $width, $height, $title="" ) { echo getImageStream( $id, $src, $width, $height, $title ); } function getImageStream( $id, $src, $width, $height, $title="" ) { if ( canStreamIframe() ) { return '