diff --git a/install/checkConfiguration.php b/install/checkConfiguration.php
index 4b1b73e573..83686c45dc 100644
--- a/install/checkConfiguration.php
+++ b/install/checkConfiguration.php
@@ -4,7 +4,7 @@ if (file_exists("../videos/configuration.php")) {
exit;
}
-$installationVersion = "11.8";
+$installationVersion = "12.0";
error_log("Installation: ".__LINE__." ". json_encode($_POST));
header('Content-Type: application/json');
diff --git a/install/liveLinks.php b/install/liveLinks.php
index e971297b6d..cb93fc34d4 100644
--- a/install/liveLinks.php
+++ b/install/liveLinks.php
@@ -1,29 +1,29 @@
-real_escape_string($channelName);
-$sql = "SELECT lt.*, u.* FROM users u LEFT JOIN live_transmitions lt ON users_id = u.id "
- . " WHERE canStream = 1 AND status = 'a' ORDER BY public DESC LIMIT 20";
-$res = sqlDAL::readSql($sql);
-$users = sqlDAL::fetchAllAssoc($res);
-sqlDAL::close($res);
-if ($res != false) {
- foreach ($users as $row) {
- echo "-----------------------------------".PHP_EOL;
- if (!empty($row['public'])) {
- echo "PUBLIC ";
- }
- echo "{$row['id']} - {$row['user']} ".PHP_EOL;
- echo Live::getServer() . "?p=" . $row['password'] . "/" . $row['key'].PHP_EOL;
- echo Live::getLinkToLiveFromUsers_id($row['id']).PHP_EOL;
- echo "-----------------------------------".PHP_EOL;
- }
-}
-die();
+load($id);
}
}
+
+ public static function getSearchFieldsNames(){
+ return array();
+ }
- protected function load($id)
+ public function load($id)
{
$row = self::getFromDb($id);
if (empty($row)) {
@@ -165,8 +168,8 @@ abstract class ObjectYPT implements ObjectInterface
if (!empty($_POST['sort'])) {
$orderBy = [];
foreach ($_POST['sort'] as $key => $value) {
- $key = $global['mysqli']->real_escape_string($key);
- //$value = $global['mysqli']->real_escape_string($value);
+ $key = ($key);
+ //$value = ($value);
$direction = "ASC";
if (strtoupper($value) === "DESC") {
$direction = "DESC";
@@ -253,7 +256,7 @@ abstract class ObjectYPT implements ObjectInterface
}
if (!empty($_GET['q'])) {
global $global;
- $search = $global['mysqli']->real_escape_string(xss_esc($_GET['q']));
+ $search = (xss_esc($_GET['q']));
$like = [];
$searchFields = static::getSearchFieldsNames();
@@ -287,10 +290,13 @@ abstract class ObjectYPT implements ObjectInterface
}
global $global;
$fieldsName = $this->getAllFields();
+ $formats = '';
+ $values = array();
if (!empty($this->id)) {
$sql = "UPDATE " . static::getTableName() . " SET ";
$fields = [];
foreach ($fieldsName as $value) {
+ //$escapedValue = $global['mysqli']->real_escape_string($this->$value);
if (strtolower($value) == 'created') {
// do nothing
} elseif (strtolower($value) == 'modified') {
@@ -299,17 +305,21 @@ abstract class ObjectYPT implements ObjectInterface
if (empty($this->$value)) {
$this->$value = date_default_timezone_get();
}
- $fields[] = " `{$value}` = '{$this->$value}' ";
- } elseif (is_numeric($this->$value)) {
- $fields[] = " `{$value}` = {$this->$value} ";
+ $formats .= 's';
+ $values[] = $this->$value;
+ $fields[] = " `{$value}` = ? ";
} elseif (!isset($this->$value) || strtolower($this->$value) == 'null') {
$fields[] = " `{$value}` = NULL ";
} else {
- $fields[] = " `{$value}` = '{$this->$value}' ";
+ $formats .= 's';
+ $values[] = $this->$value;
+ $fields[] = " `{$value}` = ? ";
}
}
$sql .= implode(", ", $fields);
- $sql .= " WHERE id = {$this->id}";
+ $formats .= 'i';
+ $values[] = $this->id;
+ $sql .= " WHERE id = ?";
} else {
$sql = "INSERT INTO " . static::getTableName() . " ( ";
$sql .= "`" . implode("`,`", $fieldsName) . "` )";
@@ -321,20 +331,25 @@ abstract class ObjectYPT implements ObjectInterface
if (empty($this->$value)) {
$this->$value = date_default_timezone_get();
}
- $fields[] = " '{$this->$value}' ";
+ $formats .= 's';
+ $values[] = $this->$value;
+ $fields[] = " ? ";
} elseif (!isset($this->$value) || (is_string($this->$value) && strtolower($this->$value) == 'null')) {
$fields[] = " NULL ";
} elseif (is_string($this->$value) || is_numeric($this->$value)) {
- $fields[] = " '{$this->$value}' ";
+ $formats .= 's';
+ $values[] = $this->$value;
+ $fields[] = " ? ";
} else {
$fields[] = " NULL ";
}
}
$sql .= " VALUES (" . implode(", ", $fields) . ")";
}
- //if(static::getTableName() == 'Scheduler_commands'){ echo $sql;var_dump($this->parameters);exit;}
- //echo $sql;var_dump($this->parameters);exit;
- $insert_row = sqlDAL::writeSql($sql);
+ //var_dump(static::getTableName(), $sql, $values);
+ //if(static::getTableName() == 'videos'){ echo $sql;var_dump($values);exit;}return false;
+ //echo $sql;var_dump($values);exit;
+ $insert_row = sqlDAL::writeSql($sql, $formats, $values);
if ($insert_row) {
if (empty($this->id)) {
diff --git a/objects/bootGrid.php b/objects/bootGrid.php
index 3efe7586fd..bb97420ed8 100644
--- a/objects/bootGrid.php
+++ b/objects/bootGrid.php
@@ -58,7 +58,7 @@ class BootGrid
if (!empty($_POST['searchPhrase'])) {
global $global;
- $search = $global['mysqli']->real_escape_string(xss_esc($_POST['searchPhrase']));
+ $search = (xss_esc($_POST['searchPhrase']));
$search = str_replace('"', '"', $search);
$like = [];
foreach ($searchFieldsNames as $value) {
diff --git a/objects/category.php b/objects/category.php
index d3a94e1654..769a2f7527 100644
--- a/objects/category.php
+++ b/objects/category.php
@@ -98,7 +98,7 @@ class Category {
}
}
- private function load($id) {
+ public function load($id) {
$row = self::getCategory($id);
if (empty($row)) {
return false;
diff --git a/objects/comment.php b/objects/comment.php
index 655a76bbcb..277245455b 100644
--- a/objects/comment.php
+++ b/objects/comment.php
@@ -60,7 +60,7 @@ class Comment
return $this->videos_id;
}
- private function load($id)
+ public function load($id)
{
$row = $this->getComment($id);
if (empty($row)) {
@@ -80,7 +80,7 @@ class Comment
die('{"error":"'.__("Permission denied").'"}');
}
//$this->comment = htmlentities($this->comment);
- $this->comment = $global['mysqli']->real_escape_string($this->comment);
+ $this->comment = ($this->comment);
if (empty($this->comment)) {
return false;
diff --git a/objects/comments_like.php b/objects/comments_like.php
index f58bd11cd6..564371f349 100644
--- a/objects/comments_like.php
+++ b/objects/comments_like.php
@@ -1,163 +1,163 @@
-comments_id = $comments_id;
- $this->users_id = User::getId();
- $this->load();
- // if click again in the same vote, remove the vote
- if ($this->like == $like) {
- $like = 0;
- }
- $this->setLike($like);
- $this->save();
- }
-
- private function setLike($like)
- {
- $like = intval($like);
- if (!in_array($like, [0,1,-1])) {
- $like = 0;
- }
- $this->like = $like;
- }
-
- private function load()
- {
- $like = $this->getLike();
- if (empty($like)) {
- return false;
- }
- foreach ($like as $key => $value) {
- $this->$key = $value;
- }
- }
-
- private function getLike()
- {
- global $global;
- if (empty($this->users_id) || empty($this->comments_id)) {
- header('Content-Type: application/json');
- die('{"error":"You must have user and videos set to get a like"}');
- }
- $sql = "SELECT * FROM comments_likes WHERE users_id = ? AND comments_id = ? LIMIT 1";
- $res = sqlDAL::readSql($sql, "ii", [$this->users_id,$this->comments_id]);
- $result = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- return ($res) ? $result : false;
- }
-
- private function save()
- {
- global $global;
- if (!User::isLogged()) {
- header('Content-Type: application/json');
- die('{"error":"'.__("Permission denied").'"}');
- }
- $formats = '';
- $values = [];
- if (!empty($this->id)) {
- $sql = "UPDATE comments_likes SET `like` = ?, modified = now() WHERE id = ?";
- $formats = "ii";
- $values = [$this->like,$this->id];
- } else {
- $sql = "INSERT INTO comments_likes ( `like`,users_id, comments_id, created, modified) VALUES (?, ?, ?, now(), now())";
- $formats = "iii";
- $values = [$this->like,$this->users_id,$this->comments_id];
- }
- return sqlDAL::writeSql($sql, $formats, $values);
- }
-
- public static function getLikes($comments_id)
- {
- global $global;
-
- $obj = new stdClass();
- $obj->comments_id = $comments_id;
- $obj->likes = 0;
- $obj->dislikes = 0;
- $obj->myVote = self::getMyVote($comments_id);
-
- $sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = ? AND `like` = 1 "; // like
- $res = sqlDAL::readSql($sql, "i", [$comments_id]);
- $result = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if (!$res) {
- die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- $obj->likes = intval($result['total']);
-
- $sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = ? AND `like` = -1 "; // dislike
- $res = sqlDAL::readSql($sql, "i", [$comments_id]);
- $result = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if (!$res) {
- die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- $obj->dislikes = intval($result['total']);
- return $obj;
- }
-
- public static function getTotalLikes()
- {
- global $global;
-
- $obj = new stdClass();
- $obj->likes = 0;
- $obj->dislikes = 0;
-
- $sql = "SELECT count(*) as total FROM comments_likes WHERE `like` = 1 "; // like
- $res = sqlDAL::readSql($sql);
- $result = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if (!$res) {
- die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- $obj->likes = intval($result['total']);
-
- $sql = "SELECT count(*) as total FROM comments_likes WHERE `like` = -1 "; // dislike
- $res = sqlDAL::readSql($sql);
- $result = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if (!$res) {
- die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- $obj->dislikes = intval($result['total']);
- return $obj;
- }
-
- public static function getMyVote($comments_id)
- {
- global $global;
- if (!User::isLogged()) {
- return 0;
- }
- $id = User::getId();
- $sql = "SELECT `like` FROM comments_likes WHERE comments_id = ? AND users_id = ? "; // like
- $res = sqlDAL::readSql($sql, "ii", [$comments_id,$id]);
- $result = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if (!empty($result)) {
- return intval($result['like']);
- }
- return 0;
- }
-}
+comments_id = $comments_id;
+ $this->users_id = User::getId();
+ $this->load();
+ // if click again in the same vote, remove the vote
+ if ($this->like == $like) {
+ $like = 0;
+ }
+ $this->setLike($like);
+ $this->save();
+ }
+
+ private function setLike($like)
+ {
+ $like = intval($like);
+ if (!in_array($like, [0,1,-1])) {
+ $like = 0;
+ }
+ $this->like = $like;
+ }
+
+ public function load()
+ {
+ $like = $this->getLike();
+ if (empty($like)) {
+ return false;
+ }
+ foreach ($like as $key => $value) {
+ $this->$key = $value;
+ }
+ }
+
+ private function getLike()
+ {
+ global $global;
+ if (empty($this->users_id) || empty($this->comments_id)) {
+ header('Content-Type: application/json');
+ die('{"error":"You must have user and videos set to get a like"}');
+ }
+ $sql = "SELECT * FROM comments_likes WHERE users_id = ? AND comments_id = ? LIMIT 1";
+ $res = sqlDAL::readSql($sql, "ii", [$this->users_id,$this->comments_id]);
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ return ($res) ? $result : false;
+ }
+
+ private function save()
+ {
+ global $global;
+ if (!User::isLogged()) {
+ header('Content-Type: application/json');
+ die('{"error":"'.__("Permission denied").'"}');
+ }
+ $formats = '';
+ $values = [];
+ if (!empty($this->id)) {
+ $sql = "UPDATE comments_likes SET `like` = ?, modified = now() WHERE id = ?";
+ $formats = "ii";
+ $values = [$this->like,$this->id];
+ } else {
+ $sql = "INSERT INTO comments_likes ( `like`,users_id, comments_id, created, modified) VALUES (?, ?, ?, now(), now())";
+ $formats = "iii";
+ $values = [$this->like,$this->users_id,$this->comments_id];
+ }
+ return sqlDAL::writeSql($sql, $formats, $values);
+ }
+
+ public static function getLikes($comments_id)
+ {
+ global $global;
+
+ $obj = new stdClass();
+ $obj->comments_id = $comments_id;
+ $obj->likes = 0;
+ $obj->dislikes = 0;
+ $obj->myVote = self::getMyVote($comments_id);
+
+ $sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = ? AND `like` = 1 "; // like
+ $res = sqlDAL::readSql($sql, "i", [$comments_id]);
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!$res) {
+ die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ $obj->likes = intval($result['total']);
+
+ $sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = ? AND `like` = -1 "; // dislike
+ $res = sqlDAL::readSql($sql, "i", [$comments_id]);
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!$res) {
+ die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ $obj->dislikes = intval($result['total']);
+ return $obj;
+ }
+
+ public static function getTotalLikes()
+ {
+ global $global;
+
+ $obj = new stdClass();
+ $obj->likes = 0;
+ $obj->dislikes = 0;
+
+ $sql = "SELECT count(*) as total FROM comments_likes WHERE `like` = 1 "; // like
+ $res = sqlDAL::readSql($sql);
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!$res) {
+ die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ $obj->likes = intval($result['total']);
+
+ $sql = "SELECT count(*) as total FROM comments_likes WHERE `like` = -1 "; // dislike
+ $res = sqlDAL::readSql($sql);
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!$res) {
+ die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ $obj->dislikes = intval($result['total']);
+ return $obj;
+ }
+
+ public static function getMyVote($comments_id)
+ {
+ global $global;
+ if (!User::isLogged()) {
+ return 0;
+ }
+ $id = User::getId();
+ $sql = "SELECT `like` FROM comments_likes WHERE comments_id = ? AND users_id = ? "; // like
+ $res = sqlDAL::readSql($sql, "ii", [$comments_id,$id]);
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!empty($result)) {
+ return intval($result['like']);
+ }
+ return 0;
+ }
+}
diff --git a/objects/configuration.php b/objects/configuration.php
index edc018321a..18593b89dc 100644
--- a/objects/configuration.php
+++ b/objects/configuration.php
@@ -5,42 +5,42 @@ if (!isset($global['systemRootPath'])) {
}
require_once $global['systemRootPath'] . 'objects/user.php';
require_once $global['systemRootPath'] . 'objects/functions.php';
+require_once $global['systemRootPath'] . 'objects/Object.php';
-class Configuration
-{
- private $id;
- private $video_resolution;
- private $webSiteTitle;
- private $language;
- private $contactEmail;
- private $users_id;
- private $version;
- private $authCanUploadVideos;
- private $authCanViewChart;
- private $authCanComment;
- private $head;
- private $logo;
- private $logo_small;
- private $adsense;
- private $mode;
+class Configuration extends ObjectYPT{
+ protected $id;
+ protected $video_resolution;
+ protected $webSiteTitle;
+ protected $language;
+ protected $contactEmail;
+ protected $users_id;
+ protected $version;
+ protected $authCanUploadVideos;
+ protected $authCanViewChart;
+ protected $authCanComment;
+ protected $head;
+ protected $logo;
+ protected $logo_small;
+ protected $adsense;
+ protected $mode;
// version 2.7
- private $disable_analytics;
- private $disable_youtubeupload;
- private $allow_download;
- private $session_timeout;
- private $autoplay;
+ protected $disable_analytics;
+ protected $disable_youtubeupload;
+ protected $allow_download;
+ protected $session_timeout;
+ protected $autoplay;
// version 3.1
- private $theme;
+ protected $theme;
//version 3.3
- private $smtp;
- private $smtpAuth;
- private $smtpSecure;
- private $smtpHost;
- private $smtpUsername;
- private $smtpPassword;
- private $smtpPort;
+ protected $smtp;
+ protected $smtpAuth;
+ protected $smtpSecure;
+ protected $smtpHost;
+ protected $smtpUsername;
+ protected $smtpPassword;
+ protected $smtpPort;
// version 4
- private $encoderURL;
+ protected $encoderURL;
public function __construct($video_resolution = "")
{
@@ -50,29 +50,13 @@ class Configuration
}
}
- public function load()
+ public function load($id='')
{
global $global;
- _mysql_connect();
- $sql = "SELECT * FROM configurations WHERE id = 1 LIMIT 1";
- //echo $sql;exit;
- // add true because I was not getting the SMTP configuration on function setSiteSendMessage(&$mail)
- $res = sqlDAL::readSql($sql, '', [], true);
- $result = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if ($res && !empty($result)) {
- $config = $result;
- //var_dump($config);exit;
- foreach ($config as $key => $value) {
- $this->$key = $value;
- }
- } else {
- return false;
- }
+ return parent::load(1);
}
- public function save()
- {
+ public function save(){
global $global;
if (!User::isAdmin()) {
header('Content-Type: application/json');
@@ -82,38 +66,7 @@ class Configuration
ObjectYPT::deleteCache("getEncoderURL");
- $sql = "UPDATE configurations SET "
- . "video_resolution = '{$this->video_resolution}',"
- . "webSiteTitle = '{$this->webSiteTitle}',"
- . "language = '{$this->language}',"
- . "contactEmail = '{$this->contactEmail}',"
- . "users_id = '{$this->users_id}', "
- . "authCanUploadVideos = '{$this->authCanUploadVideos}',"
- . "authCanViewChart = '{$this->authCanViewChart}',"
- . "authCanComment = '{$this->authCanComment}',"
- . "encoderURL = '{$global['mysqli']->real_escape_string($this->_getEncoderURL())}',"
- . "head = '{$global['mysqli']->real_escape_string($this->getHead())}',"
- . "adsense = '{$global['mysqli']->real_escape_string($this->getAdsense())}',"
- . "mode = '{$this->getMode()}',"
- . "logo = '{$global['mysqli']->real_escape_string($this->getLogo())}',"
- . "logo_small = '{$global['mysqli']->real_escape_string($this->getLogo_small())}',"
- . "disable_analytics = '{$this->getDisable_analytics()}',"
- . "disable_youtubeupload = '{$this->getDisable_youtubeupload()}',"
- . "allow_download = '{$this->getAllow_download()}',"
- . "session_timeout = '{$this->getSession_timeout()}',"
- . "autoplay = '{$this->getAutoplay()}',"
- . "theme = '{$global['mysqli']->real_escape_string($this->getTheme())}',"
- . "smtp = '{$this->getSmtp()}',"
- . "smtpAuth = '{$this->getSmtpAuth()}',"
- . "smtpSecure = '{$global['mysqli']->real_escape_string($this->getSmtpSecure())}',"
- . "smtpHost = '{$global['mysqli']->real_escape_string($this->getSmtpHost())}',"
- . "smtpUsername = '{$global['mysqli']->real_escape_string($this->getSmtpUsername())}',"
- . "smtpPort = '{$global['mysqli']->real_escape_string($this->getSmtpPort())}',"
- . "smtpPassword = '{$global['mysqli']->real_escape_string($this->getSmtpPassword())}'"
- . " WHERE id = 1";
-
-
- return sqlDAL::writeSql($sql);
+ return parent::save();
}
public function getVideo_resolution()
@@ -624,4 +577,9 @@ require_once \$global['systemRootPath'].'objects/include_config.php';
}
return " " . PAGE_TITLE_SEPARATOR . " ";
}
+
+ public static function getTableName() {
+ return 'configurations';
+ }
+
}
diff --git a/objects/functions.php b/objects/functions.php
index eda5c20128..47c45841f0 100644
--- a/objects/functions.php
+++ b/objects/functions.php
@@ -24,6 +24,14 @@ if (!function_exists('xss_esc')) {
if (empty($text)) {
return "";
}
+ if(!is_string($text)){
+ if(is_array($text)){
+ foreach ($text as $key => $value) {
+ $text[$key] = xss_esc($value);
+ }
+ }
+ return $text;
+ }
$result = @htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
if (empty($result)) {
$result = str_replace(['"', "'", "\\"], ["", "", ""], strip_tags($text));
@@ -2000,7 +2008,7 @@ function unzipDirectory($filename, $destination) {
sleep(2);
ini_set('memory_limit', '-1');
ini_set('max_execution_time', 7200); // 2 hours
- $filename = escapeshellarg($filename);
+ $filename = escapeshellarg(safeString($filename,true));
$destination = escapeshellarg($destination);
$cmd = "unzip -: {$filename} -d {$destination}" . " 2>&1";
_error_log("unzipDirectory: {$cmd}");
@@ -2039,7 +2047,7 @@ function unzipDirectory($filename, $destination) {
}
} else {
_error_log("unzipDirectory: Success {$destination}");
- }
+ }
@unlink($filename);
}
@@ -2414,6 +2422,7 @@ function isValidM3U8Link($url, $timeout = 3) {
function url_get_contents($url, $ctx = "", $timeout = 0, $debug = false) {
global $global, $mysqlHost, $mysqlUser, $mysqlPass, $mysqlDatabase, $mysqlPort;
if (!isValidURLOrPath($url)) {
+ _error_log('url_get_contents Cannot download '.$url);
return false;
}
if ($debug) {
@@ -3398,6 +3407,7 @@ function rrmdir($dir) {
function rrmdirCommandLine($dir, $async = false) {
if (is_dir($dir)) {
+ $dir = escapeshellarg($dir);
if (isWindows()) {
$command = ('rd /s /q ' . $dir);
} else {
@@ -5010,12 +5020,13 @@ function isValidURLOrPath($str, $insideCacheOrTmpDirOnly = true) {
}
if (str_starts_with($str, '/') || str_starts_with($str, '../') || preg_match("/^[a-z]:.*/i", $str)) {
if ($insideCacheOrTmpDirOnly) {
- $vroot = realpath($str);
- $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
+ $absolutePath = realpath($str);
+ $ext = strtolower(pathinfo($absolutePath, PATHINFO_EXTENSION));
if ($ext == 'php') {
return false;
}
- if (str_starts_with($vroot, getTmpDir()) || str_starts_with($vroot, $global['systemRootPath'])) {
+ $cacheDir = "{$global['systemRootPath']}videos/cache/";
+ if (str_starts_with($absolutePath, getTmpDir()) || str_starts_with($absolutePath, $cacheDir)) {
return true;
}
} else {
@@ -5181,7 +5192,7 @@ function reloadSearchVar() {
}
function wget($url, $filename, $debug = false) {
- if (empty($url) || $url == "php://input" || !preg_match("/^http/", $url)) {
+ if (empty($url) || $url == "php://input" || !isValidURL($url)) {
return false;
}
if ($lockfilename = wgetIsLocked($url)) {
@@ -6216,6 +6227,9 @@ function setToastMessage($msg) {
}
function showAlertMessage() {
+ if(!requestComesFromSafePlace()){
+ return false;
+ }
if (!empty($_SESSION['YPTalertMessage'])) {
foreach ($_SESSION['YPTalertMessage'] as $value) {
if (!empty($value[0])) {
@@ -6229,17 +6243,21 @@ function showAlertMessage() {
unset($_SESSION['YPTalertMessage']);
}
- $joinString = ['error', 'msg', 'success'];
+ $joinString = ['error', 'msg', 'success', 'toast'];
foreach ($joinString as $value) {
- if (!empty($_GET[$value]) && is_array($_GET[$value])) {
- $_GET[$value] = array_unique($_GET[$value]);
- $newStr = [];
- foreach ($_GET[$value] as $value2) {
- if (!empty($value2)) {
- $newStr[] = $value2;
+ if (!empty($_GET[$value]) ) {
+ if (is_array($_GET[$value])) {
+ $_GET[$value] = array_unique($_GET[$value]);
+ $newStr = [];
+ foreach ($_GET[$value] as $value2) {
+ if (!empty($value2)) {
+ $newStr[] = $value2;
+ }
}
+ $_GET[$value] = implode("
", $newStr);
+ }else{
+ $_GET[$value] = $_GET[$value];
}
- $_GET[$value] = implode("
", $newStr);
}
}
@@ -6290,7 +6308,7 @@ function showAlertMessage() {
}
echo '$.toast({
- text: "' . $value . '",
+ text: "' . strip_tags($value, $allowable_tags) . '",
hideAfter: ' . $hideAfter . ' // in milli seconds
});console.log("Toast Hide after ' . $hideAfter . '");';
}
@@ -8803,3 +8821,23 @@ function _empty($html_string) {
}
return emptyHTML($html_string);
}
+
+function adminSecurityCheck($force=false){
+ if(empty($force)){
+ if(!empty($_SESSION['adminSecurityCheck'])){
+ return false;
+ }
+ if(!User::isAdmin()){
+ return false;
+ }
+ }
+ global $global;
+ $videosHtaccessFile = getVideosDir().'.htaccess';
+ if(!file_exists($videosHtaccessFile)){
+ $bytes = copy("{$global['systemRootPath']}objects/htaccess_for_videos.conf",$videosHtaccessFile);
+ _error_log("adminSecurityCheck: file created {$videosHtaccessFile} {$bytes} bytes");
+ }
+ _session_start();
+ $_SESSION['adminSecurityCheck'] = time();
+ return true;
+}
\ No newline at end of file
diff --git a/objects/htaccess_for_videos.conf b/objects/htaccess_for_videos.conf
new file mode 100644
index 0000000000..44f23ac812
--- /dev/null
+++ b/objects/htaccess_for_videos.conf
@@ -0,0 +1,16 @@
+
+ Order Allow,Deny
+ Deny from all
+
+
+ Require all denied
+
+
+
+ Order Allow,Deny
+ Allow from all
+
+
+ Require all granted
+
+
\ No newline at end of file
diff --git a/objects/include_config.php b/objects/include_config.php
index 583bbf87ef..96a9925343 100644
--- a/objects/include_config.php
+++ b/objects/include_config.php
@@ -148,6 +148,7 @@ require_once $global['systemRootPath'] . 'objects/user.php';
require_once $global['systemRootPath'] . 'objects/video.php';
require_once $global['systemRootPath'] . 'plugin/AVideoPlugin.php';
+adminSecurityCheck();
setSiteLang();
fixSystemPath();
ObjectYPT::checkSessionCacheBasedOnLastDeleteALLCacheTime();
diff --git a/objects/like.php b/objects/like.php
index 732046a307..42a97d6dd0 100644
--- a/objects/like.php
+++ b/objects/like.php
@@ -1,193 +1,193 @@
-videos_id = $videos_id;
- $this->users_id = User::getId();
- $this->load();
- // if click again in the same vote, remove the vote
- if ($this->like == $like) {
- $like = 0;
- if ($this->like==1) {
- Video::updateLikesDislikes($videos_id, 'likes', '-1');
- } elseif ($this->like==-1) {
- Video::updateLikesDislikes($videos_id, 'dislikes', '-1');
- }
- } else {
- if (!empty($this->like)) {
- // need to remove some like or dislike
- if ($like==1) {
- Video::updateLikesDislikes($videos_id, 'dislikes', '-1');
- } elseif ($like==-1) {
- Video::updateLikesDislikes($videos_id, 'likes', '-1');
- }
- }
- if ($like==1) {
- Video::updateLikesDislikes($videos_id, 'likes', '+1');
- } elseif ($like==-1) {
- Video::updateLikesDislikes($videos_id, 'dislikes', '+1');
- }
- }
- //exit;
- $this->setLike($like);
- $saved = $this->save();
- }
-
- private function setLike($like)
- {
- $like = intval($like);
- if (!in_array($like, [0,1,-1])) {
- $like = 0;
- }
- $this->like = $like;
- }
-
- private function load()
- {
- $like = $this->getLike();
- if (empty($like)) {
- return false;
- }
- foreach ($like as $key => $value) {
- $this->$key = $value;
- }
- }
-
- private function getLike()
- {
- global $global;
- if (empty($this->users_id) || empty($this->videos_id)) {
- header('Content-Type: application/json');
- die('{"error":"You must have user and videos set to get a like"}');
- }
- $sql = "SELECT * FROM likes WHERE users_id = ? AND videos_id = ".$this->videos_id." LIMIT 1;";
- $res = sqlDAL::readSql($sql, "i", [$this->users_id]);
- $dbLike = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- return $dbLike;
- }
-
- private function save()
- {
- global $global;
- if (!User::isLogged()) {
- header('Content-Type: application/json');
- die('{"error":"'.__("Permission denied").'"}');
- }
- if (!empty($this->id)) {
- $sql = "UPDATE likes SET `like` = ?, modified = now() WHERE id = ?;";
- $res = sqlDAL::writeSql($sql, "ii", [$this->like, $this->id]);
- } else {
- $sql = "INSERT INTO likes (`like`,users_id, videos_id, created, modified) VALUES (?, ?, ?, now(), now());";
- $res = sqlDAL::writeSql($sql, "iii", [$this->like, $this->users_id, $this->videos_id]);
- }
- //echo $sql;
- if ($global['mysqli']->errno!=0) {
- die('Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- return $res;
- }
-
- public static function getLikes($videos_id)
- {
- global $global, $_getLikes;
-
- if (!isset($_getLikes)) {
- $_getLikes = [];
- }
-
- if (!empty($_getLikes[$videos_id])) {
- return $_getLikes[$videos_id];
- }
-
- $obj = new stdClass();
- $obj->videos_id = $videos_id;
- $obj->likes = 0;
- $obj->dislikes = 0;
- $obj->myVote = self::getMyVote($videos_id);
-
- $sql = "SELECT count(*) as total FROM likes WHERE videos_id = ? AND `like` = 1 "; // like
- $res = sqlDAL::readSql($sql, "i", [$videos_id]);
- $row = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if ($global['mysqli']->errno!=0) {
- die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- $obj->likes = intval($row['total']);
-
- $sql = "SELECT count(*) as total FROM likes WHERE videos_id = ? AND `like` = -1 "; // dislike
-
- $res = sqlDAL::readSql($sql, "i", [$videos_id]);
- $row = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if ($global['mysqli']->errno!=0) {
- die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- $obj->dislikes = intval($row['total']);
- $_getLikes[$videos_id] = $obj;
- return $obj;
- }
-
- public static function getTotalLikes()
- {
- global $global;
-
- $obj = new stdClass();
- $obj->likes = 0;
- $obj->dislikes = 0;
-
- $sql = "SELECT count(*) as total FROM likes WHERE `like` = 1 "; // like
- $res = sqlDAL::readSql($sql);
- $row = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if (!$res) {
- die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- $obj->likes = intval($row['total']);
-
- $sql = "SELECT count(*) as total FROM likes WHERE `like` = -1 "; // dislike
- $res = sqlDAL::readSql($sql);
- $row = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if (!$res) {
- die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- $obj->dislikes = intval($row['total']);
- return $obj;
- }
-
- public static function getMyVote($videos_id)
- {
- global $global;
- if (!User::isLogged()) {
- return 0;
- }
- $id = User::getId();
- $sql = "SELECT `like` FROM likes WHERE videos_id = ? AND users_id = ? "; // like
-
- $res = sqlDAL::readSql($sql, "ii", [$videos_id,$id]);
- $dbLike = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if ($dbLike!=false) {
- return intval($dbLike['like']);
- }
- return 0;
- }
-}
+videos_id = $videos_id;
+ $this->users_id = User::getId();
+ $this->load();
+ // if click again in the same vote, remove the vote
+ if ($this->like == $like) {
+ $like = 0;
+ if ($this->like==1) {
+ Video::updateLikesDislikes($videos_id, 'likes', '-1');
+ } elseif ($this->like==-1) {
+ Video::updateLikesDislikes($videos_id, 'dislikes', '-1');
+ }
+ } else {
+ if (!empty($this->like)) {
+ // need to remove some like or dislike
+ if ($like==1) {
+ Video::updateLikesDislikes($videos_id, 'dislikes', '-1');
+ } elseif ($like==-1) {
+ Video::updateLikesDislikes($videos_id, 'likes', '-1');
+ }
+ }
+ if ($like==1) {
+ Video::updateLikesDislikes($videos_id, 'likes', '+1');
+ } elseif ($like==-1) {
+ Video::updateLikesDislikes($videos_id, 'dislikes', '+1');
+ }
+ }
+ //exit;
+ $this->setLike($like);
+ $saved = $this->save();
+ }
+
+ private function setLike($like)
+ {
+ $like = intval($like);
+ if (!in_array($like, [0,1,-1])) {
+ $like = 0;
+ }
+ $this->like = $like;
+ }
+
+ public function load()
+ {
+ $like = $this->getLike();
+ if (empty($like)) {
+ return false;
+ }
+ foreach ($like as $key => $value) {
+ $this->$key = $value;
+ }
+ }
+
+ private function getLike()
+ {
+ global $global;
+ if (empty($this->users_id) || empty($this->videos_id)) {
+ header('Content-Type: application/json');
+ die('{"error":"You must have user and videos set to get a like"}');
+ }
+ $sql = "SELECT * FROM likes WHERE users_id = ? AND videos_id = ".$this->videos_id." LIMIT 1;";
+ $res = sqlDAL::readSql($sql, "i", [$this->users_id]);
+ $dbLike = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ return $dbLike;
+ }
+
+ private function save()
+ {
+ global $global;
+ if (!User::isLogged()) {
+ header('Content-Type: application/json');
+ die('{"error":"'.__("Permission denied").'"}');
+ }
+ if (!empty($this->id)) {
+ $sql = "UPDATE likes SET `like` = ?, modified = now() WHERE id = ?;";
+ $res = sqlDAL::writeSql($sql, "ii", [$this->like, $this->id]);
+ } else {
+ $sql = "INSERT INTO likes (`like`,users_id, videos_id, created, modified) VALUES (?, ?, ?, now(), now());";
+ $res = sqlDAL::writeSql($sql, "iii", [$this->like, $this->users_id, $this->videos_id]);
+ }
+ //echo $sql;
+ if ($global['mysqli']->errno!=0) {
+ die('Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ return $res;
+ }
+
+ public static function getLikes($videos_id)
+ {
+ global $global, $_getLikes;
+
+ if (!isset($_getLikes)) {
+ $_getLikes = [];
+ }
+
+ if (!empty($_getLikes[$videos_id])) {
+ return $_getLikes[$videos_id];
+ }
+
+ $obj = new stdClass();
+ $obj->videos_id = $videos_id;
+ $obj->likes = 0;
+ $obj->dislikes = 0;
+ $obj->myVote = self::getMyVote($videos_id);
+
+ $sql = "SELECT count(*) as total FROM likes WHERE videos_id = ? AND `like` = 1 "; // like
+ $res = sqlDAL::readSql($sql, "i", [$videos_id]);
+ $row = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if ($global['mysqli']->errno!=0) {
+ die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ $obj->likes = intval($row['total']);
+
+ $sql = "SELECT count(*) as total FROM likes WHERE videos_id = ? AND `like` = -1 "; // dislike
+
+ $res = sqlDAL::readSql($sql, "i", [$videos_id]);
+ $row = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if ($global['mysqli']->errno!=0) {
+ die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ $obj->dislikes = intval($row['total']);
+ $_getLikes[$videos_id] = $obj;
+ return $obj;
+ }
+
+ public static function getTotalLikes()
+ {
+ global $global;
+
+ $obj = new stdClass();
+ $obj->likes = 0;
+ $obj->dislikes = 0;
+
+ $sql = "SELECT count(*) as total FROM likes WHERE `like` = 1 "; // like
+ $res = sqlDAL::readSql($sql);
+ $row = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!$res) {
+ die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ $obj->likes = intval($row['total']);
+
+ $sql = "SELECT count(*) as total FROM likes WHERE `like` = -1 "; // dislike
+ $res = sqlDAL::readSql($sql);
+ $row = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!$res) {
+ die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ $obj->dislikes = intval($row['total']);
+ return $obj;
+ }
+
+ public static function getMyVote($videos_id)
+ {
+ global $global;
+ if (!User::isLogged()) {
+ return 0;
+ }
+ $id = User::getId();
+ $sql = "SELECT `like` FROM likes WHERE videos_id = ? AND users_id = ? "; // like
+
+ $res = sqlDAL::readSql($sql, "ii", [$videos_id,$id]);
+ $dbLike = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if ($dbLike!=false) {
+ return intval($dbLike['like']);
+ }
+ return 0;
+ }
+}
diff --git a/objects/plugin.php b/objects/plugin.php
index 6dfd3ff6a8..885c694554 100644
--- a/objects/plugin.php
+++ b/objects/plugin.php
@@ -1,583 +1,583 @@
-id;
- }
-
- public function getStatus()
- {
- return $this->status;
- }
-
- public function getObject_data()
- {
- return $this->object_data;
- }
-
- public function getPluginVersion()
- {
- return $this->pluginVersion;
- }
-
- public function getName()
- {
- return $this->name;
- }
-
- public function setId($id)
- {
- $this->id = $id;
- }
-
- public function setStatus($status)
- {
- $this->status = $status;
- }
-
- public function setObject_data($object_data)
- {
- $this->object_data = $object_data;
- }
-
- public function setName($name)
- {
- $name = preg_replace("/[^A-Za-z0-9 _-]/", '', $name);
- $this->name = $name;
- }
-
- public function getUuid()
- {
- return $this->uuid;
- }
-
- public function getDirName()
- {
- return $this->dirName;
- }
-
- public function setUuid($uuid)
- {
- $this->uuid = $uuid;
- $this->loadFromUUID($uuid);
- }
-
- public function setDirName($dirName)
- {
- $dirName = preg_replace("/[^A-Za-z0-9 _-]/", '', $dirName);
- $this->dirName = $dirName;
- }
-
- public function setPluginversion($pluginversion)
- {
- $this->pluginversion = $pluginversion;
- }
-
- public static function setCurrentVersionByUuid($uuid, $currentVersion)
- {
- _error_log("plugin::setCurrentVersionByUuid $uuid, $currentVersion");
- $p = static::getPluginByUUID($uuid);
- if (!$p) {
- _error_log("plugin::setCurrentVersionByUuid error on get plugin");
- return false;
- }
- //pluginversion isn't an object property so we must explicity update it using this function
- $sql = "update " . static::getTableName() . " set pluginversion='$currentVersion' where uuid='$uuid'";
-
- $name = "plugin$uuid";
- ObjectYPT::deleteCache($name);
- $res = sqlDal::writeSql($sql);
- }
-
- public static function getCurrentVersionByUuid($uuid)
- {
- $p = static::getPluginByUUID($uuid);
- if (!$p) {
- return false;
- }
- //pluginversion isn't an object property so we must explicity update it using this function
- $sql = "SELECT pluginversion FROM " . static::getTableName() . " WHERE uuid=? LIMIT 1 ";
- $res = sqlDAL::readSql($sql, "s", [$uuid]);
- $data = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if (!empty($data)) {
- return $data['pluginversion'];
- }
- return false;
- }
-
- public static function getPluginByName($name)
- {
- global $global, $getPluginByName;
- if (empty($getPluginByName)) {
- $getPluginByName = [];
- }
- if (empty($getPluginByName[$name])) {
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE name = ? LIMIT 1";
- $res = sqlDAL::readSql($sql, "s", [$name], true);
- $data = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if (!empty($data)) {
- $getPluginByName[$name] = $data;
- } else {
- $getPluginByName[$name] = false;
- }
- }
- return $getPluginByName[$name];
- }
-
- public static function getPluginByUUID($uuid)
- {
- global $global, $getPluginByUUID, $pluginJustInstalled;
- $name = "plugin$uuid";
- if (!isset($getPluginByUUID)) {
- $getPluginByUUID = [];
- }
- if (!isset($pluginJustInstalled)) {
- $pluginJustInstalled = [];
- }
- if (empty($getPluginByUUID[$uuid])) {
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE uuid = ? LIMIT 1";
- $res = sqlDAL::readSql($sql, "s", [$uuid]);
- $data = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if (!empty($data)) {
- if (empty($data['pluginversion'])) {
- $data['pluginversion'] = "1.0";
- }
- if (AVideoPlugin::isPluginOnByDefault($uuid)) {
- $data['status'] = 'active';
- }
- $getPluginByUUID[$uuid] = $data;
- } else {
- $name = AVideoPlugin::getPluginsNameOnByDefaultFromUUID($uuid);
- if ($name !== false && empty($pluginJustInstalled[$uuid])) {
- $pluginJustInstalled[$uuid] = 1;
- _error_log("plugin::getPluginByUUID {$name} {$uuid} this plugin is On By Default we will install it ($sql)");
- self::deleteByUUID($uuid);
- self::deleteByName($name);
- unset($getPluginByUUID[$uuid]);
- $getPluginByUUID[$uuid] = self::getOrCreatePluginByName($name, 'active');
- } else {
- $getPluginByUUID[$uuid] = false;
- }
- }
- }
- return $getPluginByUUID[$uuid];
- }
-
- public function loadFromUUID($uuid)
- {
- $uuid = preg_replace("/[^A-Za-z0-9 _-]/", '', $uuid);
- $this->uuid = $uuid;
- $row = static::getPluginByUUID($uuid);
- if (!empty($row)) {
- $this->load($row['id']);
- }
- }
-
- public static function isEnabledByName($name)
- {
- $row = static::getPluginByName($name);
- if ($row) {
- return $row['status'] == 'active' && AVideoPlugin::isPluginTablesInstalled($name, true);
- }
- return false;
- }
-
- public static function isEnabledByUUID($uuid)
- {
- $row = static::getPluginByUUID($uuid);
- if ($row) {
- return $row['status'] == 'active' && AVideoPlugin::isPluginTablesInstalled($row['name'], true);
- }
- return false;
- }
-
- public static function getAvailablePlugins($comparePluginVersion = false)
- {
- global $global, $getAvailablePlugins;
- $pluginsMarketplace = [];
- if ($comparePluginVersion) {
- $pluginsMarketplace = ObjectYPT::getSessionCache('getAvailablePlugins', 600); // 10 min cache
- if (empty($pluginsMarketplace)) {
- $pluginsMarketplace = _json_decode(url_get_contents("https://tutorials.wwbn.net/info?version=1", "", 2));
- if (!empty($pluginsMarketplace)) {
- ObjectYPT::setSessionCache('getAvailablePlugins', $pluginsMarketplace);
- }
- }
- }
- if (empty($getAvailablePlugins)) {
- $dir = $global['systemRootPath'] . "plugin";
- $getAvailablePlugins = [];
- $cdir = scandir($dir);
- foreach ($cdir as $key => $value) {
- if (!in_array($value, [".", ".."])) {
- if (is_dir($dir . DIRECTORY_SEPARATOR . $value)) {
- $p = AVideoPlugin::loadPlugin($value);
- if (!is_object($p) || $p->hidePlugin()) {
- if ($value !== "Statistics") { // avoid error while this plugin is not ready
- _error_log("Plugin Not Found: {$value}");
- }
- continue;
- }
- $obj = new stdClass();
- $obj->name = $p->getName();
- $obj->dir = $value;
- $obj->uuid = $p->getUUID();
- $obj->description = $p->getDescription();
- $obj->installedPlugin = static::getPluginByUUID($obj->uuid);
- $obj->enabled = (!empty($obj->installedPlugin['status']) && $obj->installedPlugin['status'] === "active") ? true : false;
- $obj->id = (!empty($obj->installedPlugin['id'])) ? $obj->installedPlugin['id'] : 0;
- $obj->data_object = $p->getDataObject();
- $obj->data_object_helper = $p->getDataObjectHelper();
- $obj->databaseScript = !empty(static::getDatabaseFile($value));
- $obj->pluginMenu = $p->getPluginMenu();
- $obj->tags = $p->getTags();
- $obj->pluginversion = $p->getPluginVersion();
- $obj->pluginversionMarketPlace = (!empty($pluginsMarketplace->plugins->{$obj->uuid}) ? $pluginsMarketplace->plugins->{$obj->uuid}->pluginversion : 0);
- $obj->pluginversionCompare = (!empty($obj->pluginversionMarketPlace) ? version_compare($obj->pluginversion, $obj->pluginversionMarketPlace) : 0);
- $obj->permissions = $obj->enabled ? Permissions::getPluginPermissions($obj->id) : [];
- if (User::isAdmin()) {
- $obj->isPluginTablesInstalled = AVideoPlugin::isPluginTablesInstalled($obj->name, false);
- }
- if ($obj->pluginversionCompare < 0) {
- $obj->tags[] = "update";
- }
- $getAvailablePlugins[] = $obj;
- }
- }
- }
- }
- return $getAvailablePlugins;
- }
-
- public static function getAvailablePluginsBasic()
- {
- global $global, $getAvailablePlugins;
- if (empty($getAvailablePlugins)) {
- $dir = $global['systemRootPath'] . "plugin";
- $getAvailablePlugins = [];
- $cdir = scandir($dir);
- foreach ($cdir as $key => $value) {
- if (!in_array($value, [".", ".."])) {
- if (is_dir($dir . DIRECTORY_SEPARATOR . $value)) {
- $p = AVideoPlugin::loadPlugin($value);
- if (!is_object($p) || $p->hidePlugin()) {
- if ($value !== "Statistics") { // avoid error while this plugin is not ready
- _error_log("Plugin Not Found: {$value}");
- }
- continue;
- }
- $row = self::getPluginByUUID($p->getUUID());
- $obj = new stdClass();
- $obj->name = $p->getName();
- $obj->pluginversion = $p->getPluginVersion();
- $obj->status = $row['status'];
-
- $pinfoFile = $dir . DIRECTORY_SEPARATOR . $value . DIRECTORY_SEPARATOR . 'pinfo.json';
- if (file_exists($pinfoFile)) {
- $obj->pinfo = json_decode(file_get_contents($pinfoFile));
- } else {
- $obj->pinfo = false;
- }
- $getAvailablePlugins[$p->getUUID()] = $obj;
- }
- }
- }
- }
- return $getAvailablePlugins;
- }
-
- public static function getDatabaseFile($pluginName)
- {
- $filename = static::getDatabaseFileName($pluginName);
- if (!$filename) {
- return false;
- }
- return url_get_contents($filename);
- }
-
- public static function getDatabaseFileName($pluginName)
- {
- global $global;
-
- $pluginName = AVideoPlugin::fixName($pluginName);
- $dir = $global['systemRootPath'] . "plugin";
- $filename = $dir . DIRECTORY_SEPARATOR . $pluginName . DIRECTORY_SEPARATOR . "install" . DIRECTORY_SEPARATOR . "install.sql";
- if (!file_exists($filename)) {
- return false;
- }
- return $filename;
- }
-
- public static function getAllEnabled($try = 0)
- {
- global $global, $getAllEnabledRows;
- if (empty($getAllEnabledRows)) {
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE status='active' ";
-
- $defaultEnabledUUIDs = AVideoPlugin::getPluginsOnByDefault(true);
- $defaultEnabledNames = AVideoPlugin::getPluginsOnByDefault(false);
- $sql .= " OR uuid IN ('" . implode("','", $defaultEnabledUUIDs) . "')";
-
- $res = sqlDAL::readSql($sql);
- $fullData = sqlDAL::fetchAllAssoc($res);
- sqlDAL::close($res);
- $getAllEnabledRows = [];
- foreach ($fullData as $row) {
- $getAllEnabledRows[] = $row;
- if (($key = array_search($row['uuid'], $defaultEnabledUUIDs)) !== false) {
- unset($defaultEnabledUUIDs[$key], $defaultEnabledNames[$key]);
- }
- }
-
- $addedNewPlugin = false;
- foreach ($defaultEnabledUUIDs as $key => $value) {
- $obj = new Plugin(0);
- $obj->loadFromUUID($defaultEnabledUUIDs[$key]);
- $obj->setName($defaultEnabledNames[$key]);
- $obj->setDirName($defaultEnabledNames[$key]);
- $obj->setStatus("active");
- if ($obj->save()) {
- $addedNewPlugin = true;
- }
- }
-
- if ($addedNewPlugin && empty($try)) {
- //ObjectYPT::deleteALLCache();
- return self::getAllEnabled(1);
- }
-
- uasort($getAllEnabledRows, 'cmpPlugin');
- }
- return $getAllEnabledRows;
- }
-
- public static function getAllDisabled()
- {
- global $global, $getAllDisabledRows;
- if (empty($getAllDisabledRows)) {
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE status='inactive' ";
- $res = sqlDAL::readSql($sql);
- $fullData = sqlDAL::fetchAllAssoc($res);
- sqlDAL::close($res);
- $getAllDisabledRows = [];
- foreach ($fullData as $row) {
- $getAllDisabledRows[] = $row;
- }
- uasort($getAllDisabledRows, 'cmpPlugin');
- }
- return $getAllDisabledRows;
- }
-
- public static function getEnabled($uuid)
- {
- global $global, $getEnabled;
- if (empty($getEnabled)) {
- $getEnabled = [];
- }
-
- if (in_array($uuid, AVideoPlugin::getPluginsOnByDefault())) {
- // make sure the OnByDefault plugins are enabled
- return self::getOrCreatePluginByName(AVideoPlugin::getPluginsNameOnByDefaultFromUUID($uuid));
- }
-
- if (empty($getEnabled[$uuid])) {
- $getEnabled[$uuid] = [];
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE status='active' AND uuid = '" . $uuid . "' ;";
- $res = sqlDAL::readSql($sql);
- $pluginRows = sqlDAL::fetchAllAssoc($res);
- sqlDAL::close($res);
- if ($pluginRows !== false) {
- foreach ($pluginRows as $row) {
- $getEnabled[$uuid][] = $row;
- }
- }
- }
-
- return $getEnabled[$uuid];
- }
-
- public static function deleteByUUID($uuid)
- {
- global $global;
- $uuid = $global['mysqli']->real_escape_string($uuid);
- if (!empty($uuid)) {
- _error_log("Plugin:deleteByUUID {$uuid}");
- $sql = "DELETE FROM " . static::getTableName() . " ";
- $sql .= " WHERE uuid = ?";
- $global['lastQuery'] = $sql;
- //_error_log("Delete Query: ".$sql);
- return sqlDAL::writeSql($sql, "s", [$uuid]);
- }
- return false;
- }
-
- public static function deleteByName($name)
- {
- global $global;
- $name = $global['mysqli']->real_escape_string($name);
- if (!empty($name)) {
- _error_log("Plugin:deleteByName {$name}");
- $sql = "DELETE FROM " . static::getTableName() . " ";
- $sql .= " WHERE name = ?";
- $global['lastQuery'] = $sql;
- //_error_log("Delete Query: ".$sql);
- return sqlDAL::writeSql($sql, "s", [$name]);
- }
- return false;
- }
-
- public static function getOrCreatePluginByName($name, $statusIfCreate = 'inactive')
- {
- global $global;
- if (self::getPluginByName($name) === false) {
- $pluginFile = $global['systemRootPath'] . "plugin/{$name}/{$name}.php";
- if (file_exists($pluginFile)) {
- require_once $pluginFile;
- $code = "\$p = new {$name}();";
- eval($code);
- $plugin = new Plugin(0);
- $plugin->setUuid($p->getUUID());
- $plugin->setDirName($name);
- $plugin->setName($name);
- $plugin->setObject_data(json_encode($p->getDataObject()));
- $plugin->setStatus($statusIfCreate);
- $plugin->setPluginversion($p->getPluginVersion());
- $plugin->save();
- }
- }
- return self::getPluginByName($name);
- }
-
- public function save()
- {
- if (empty($this->uuid)) {
- return false;
- }
- global $global;
- $this->object_data = $global['mysqli']->real_escape_string($this->object_data);
- if (empty($this->object_data)) {
- $this->object_data = 'null';
- }
- self::deletePluginCache($this->uuid);
- //ObjectYPT::deleteALLCache();
- return parent::save();
- }
-
- public static function deletePluginCache($uuid)
- {
- $name = "plugin{$uuid}";
- ObjectYPT::deleteCache($name);
- ObjectYPT::deleteCache("plugin::getAllEnabled");
- }
-
- public static function encryptIfNeed($object_data)
- {
- $isString = false;
- if (!is_object($object_data)) {
- $object_data = _json_decode($object_data);
- $isString = true;
- }
- if (!empty($object_data)) {
- foreach ($object_data as $key => $value) {
- if (!empty($value->type) && !empty($value->value) && is_string($value->type) && strtolower($value->type) === "encrypted") {
- if (!self::isEncrypted($value->value)) {
- $obj2 = new stdClass();
- $obj2->dateEncrypted = time();
- $obj2->value = $value->value;
- $object_data->$key->value = encryptString($obj2);
- }
- }
- }
- if ($isString) {
- $object_data = json_encode($object_data);
- }
- return $object_data;
- } else {
- return '';
- }
- }
-
- public static function decryptIfNeed($object_data)
- {
- $isString = false;
- if (!is_object($object_data)) {
- $object_data = _json_decode($object_data);
- $isString = true;
- }
- if (!empty($object_data)) {
- foreach ($object_data as $key => $value) {
- if (!empty($value->type) && !empty($value->value) && strtolower($value->type) === "encrypted") {
- $isEncrypted = self::isEncrypted($value->value);
- if ($isEncrypted) {
- $object_data->$key->value = $isEncrypted;
- }
- }
- }
- if ($isString) {
- $object_data = json_encode($object_data);
- }
- return $object_data;
- } else {
- return '';
- }
- }
-
- public static function isEncrypted($object_data_element_value)
- {
- if (!empty($object_data_element_value)) {
- $object_data_element_value_json = decryptString($object_data_element_value);
- $object_data_element_value_json = _json_decode($object_data_element_value_json);
- if (!empty($object_data_element_value_json) && !empty($object_data_element_value_json->dateEncrypted)) {
- return $object_data_element_value_json->value;
- }
- }
- return false;
- }
-}
-
-class PluginTags
-{
- public static $RECOMMENDED = ['success', 'Recommended', '', 'RECOMMENDED'];
- public static $SECURITY = ['warning', 'Security', '', 'SECURITY'];
- public static $LIVE = ['primary', 'Live', '', 'LIVE'];
- public static $MONETIZATION = ['primary', 'Monetization', '', 'MONETIZATION'];
- public static $ADS = ['primary', 'ADS', '', 'ADS'];
- public static $STORAGE = ['primary', 'Storage', '', 'STORAGE'];
- public static $GALLERY = ['primary', 'Gallery', '', 'GALLERY'];
- public static $NETFLIX = ['primary', 'Netflix', '', 'NETFLIX'];
- public static $LAYOUT = ['primary', 'Layout', '', 'LAYOUT'];
- public static $LOGIN = ['primary', 'Login', '', 'LOGIN'];
- public static $MOBILE = ['primary', 'Mobile', '', 'MOBILE'];
- public static $PLAYER = ['primary', 'Player', '', 'PLAYER'];
- public static $FREE = ['info', 'Free', '', 'FREE'];
- public static $PREMIUM = ['info', 'Premium', '', 'PREMIUM'];
- public static $DEPRECATED = ['danger', 'Deprecated', '', 'DEPRECATED'];
-}
+id;
+ }
+
+ public function getStatus()
+ {
+ return $this->status;
+ }
+
+ public function getObject_data()
+ {
+ return $this->object_data;
+ }
+
+ public function getPluginVersion()
+ {
+ return $this->pluginVersion;
+ }
+
+ public function getName()
+ {
+ return $this->name;
+ }
+
+ public function setId($id)
+ {
+ $this->id = $id;
+ }
+
+ public function setStatus($status)
+ {
+ $this->status = $status;
+ }
+
+ public function setObject_data($object_data)
+ {
+ $this->object_data = $object_data;
+ }
+
+ public function setName($name)
+ {
+ $name = preg_replace("/[^A-Za-z0-9 _-]/", '', $name);
+ $this->name = $name;
+ }
+
+ public function getUuid()
+ {
+ return $this->uuid;
+ }
+
+ public function getDirName()
+ {
+ return $this->dirName;
+ }
+
+ public function setUuid($uuid)
+ {
+ $this->uuid = $uuid;
+ $this->loadFromUUID($uuid);
+ }
+
+ public function setDirName($dirName)
+ {
+ $dirName = preg_replace("/[^A-Za-z0-9 _-]/", '', $dirName);
+ $this->dirName = $dirName;
+ }
+
+ public function setPluginversion($pluginversion)
+ {
+ $this->pluginversion = $pluginversion;
+ }
+
+ public static function setCurrentVersionByUuid($uuid, $currentVersion)
+ {
+ _error_log("plugin::setCurrentVersionByUuid $uuid, $currentVersion");
+ $p = static::getPluginByUUID($uuid);
+ if (!$p) {
+ _error_log("plugin::setCurrentVersionByUuid error on get plugin");
+ return false;
+ }
+ //pluginversion isn't an object property so we must explicity update it using this function
+ $sql = "update " . static::getTableName() . " set pluginversion='$currentVersion' where uuid='$uuid'";
+
+ $name = "plugin$uuid";
+ ObjectYPT::deleteCache($name);
+ $res = sqlDal::writeSql($sql);
+ }
+
+ public static function getCurrentVersionByUuid($uuid)
+ {
+ $p = static::getPluginByUUID($uuid);
+ if (!$p) {
+ return false;
+ }
+ //pluginversion isn't an object property so we must explicity update it using this function
+ $sql = "SELECT pluginversion FROM " . static::getTableName() . " WHERE uuid=? LIMIT 1 ";
+ $res = sqlDAL::readSql($sql, "s", [$uuid]);
+ $data = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!empty($data)) {
+ return $data['pluginversion'];
+ }
+ return false;
+ }
+
+ public static function getPluginByName($name)
+ {
+ global $global, $getPluginByName;
+ if (empty($getPluginByName)) {
+ $getPluginByName = [];
+ }
+ if (empty($getPluginByName[$name])) {
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE name = ? LIMIT 1";
+ $res = sqlDAL::readSql($sql, "s", [$name], true);
+ $data = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!empty($data)) {
+ $getPluginByName[$name] = $data;
+ } else {
+ $getPluginByName[$name] = false;
+ }
+ }
+ return $getPluginByName[$name];
+ }
+
+ public static function getPluginByUUID($uuid)
+ {
+ global $global, $getPluginByUUID, $pluginJustInstalled;
+ $name = "plugin$uuid";
+ if (!isset($getPluginByUUID)) {
+ $getPluginByUUID = [];
+ }
+ if (!isset($pluginJustInstalled)) {
+ $pluginJustInstalled = [];
+ }
+ if (empty($getPluginByUUID[$uuid])) {
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE uuid = ? LIMIT 1";
+ $res = sqlDAL::readSql($sql, "s", [$uuid]);
+ $data = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!empty($data)) {
+ if (empty($data['pluginversion'])) {
+ $data['pluginversion'] = "1.0";
+ }
+ if (AVideoPlugin::isPluginOnByDefault($uuid)) {
+ $data['status'] = 'active';
+ }
+ $getPluginByUUID[$uuid] = $data;
+ } else {
+ $name = AVideoPlugin::getPluginsNameOnByDefaultFromUUID($uuid);
+ if ($name !== false && empty($pluginJustInstalled[$uuid])) {
+ $pluginJustInstalled[$uuid] = 1;
+ _error_log("plugin::getPluginByUUID {$name} {$uuid} this plugin is On By Default we will install it ($sql)");
+ self::deleteByUUID($uuid);
+ self::deleteByName($name);
+ unset($getPluginByUUID[$uuid]);
+ $getPluginByUUID[$uuid] = self::getOrCreatePluginByName($name, 'active');
+ } else {
+ $getPluginByUUID[$uuid] = false;
+ }
+ }
+ }
+ return $getPluginByUUID[$uuid];
+ }
+
+ public function loadFromUUID($uuid)
+ {
+ $uuid = preg_replace("/[^A-Za-z0-9 _-]/", '', $uuid);
+ $this->uuid = $uuid;
+ $row = static::getPluginByUUID($uuid);
+ if (!empty($row)) {
+ $this->load($row['id']);
+ }
+ }
+
+ public static function isEnabledByName($name)
+ {
+ $row = static::getPluginByName($name);
+ if ($row) {
+ return $row['status'] == 'active' && AVideoPlugin::isPluginTablesInstalled($name, true);
+ }
+ return false;
+ }
+
+ public static function isEnabledByUUID($uuid)
+ {
+ $row = static::getPluginByUUID($uuid);
+ if ($row) {
+ return $row['status'] == 'active' && AVideoPlugin::isPluginTablesInstalled($row['name'], true);
+ }
+ return false;
+ }
+
+ public static function getAvailablePlugins($comparePluginVersion = false)
+ {
+ global $global, $getAvailablePlugins;
+ $pluginsMarketplace = [];
+ if ($comparePluginVersion) {
+ $pluginsMarketplace = ObjectYPT::getSessionCache('getAvailablePlugins', 600); // 10 min cache
+ if (empty($pluginsMarketplace)) {
+ $pluginsMarketplace = _json_decode(url_get_contents("https://tutorials.wwbn.net/info?version=1", "", 2));
+ if (!empty($pluginsMarketplace)) {
+ ObjectYPT::setSessionCache('getAvailablePlugins', $pluginsMarketplace);
+ }
+ }
+ }
+ if (empty($getAvailablePlugins)) {
+ $dir = $global['systemRootPath'] . "plugin";
+ $getAvailablePlugins = [];
+ $cdir = scandir($dir);
+ foreach ($cdir as $key => $value) {
+ if (!in_array($value, [".", ".."])) {
+ if (is_dir($dir . DIRECTORY_SEPARATOR . $value)) {
+ $p = AVideoPlugin::loadPlugin($value);
+ if (!is_object($p) || $p->hidePlugin()) {
+ if ($value !== "Statistics") { // avoid error while this plugin is not ready
+ _error_log("Plugin Not Found: {$value}");
+ }
+ continue;
+ }
+ $obj = new stdClass();
+ $obj->name = $p->getName();
+ $obj->dir = $value;
+ $obj->uuid = $p->getUUID();
+ $obj->description = $p->getDescription();
+ $obj->installedPlugin = static::getPluginByUUID($obj->uuid);
+ $obj->enabled = (!empty($obj->installedPlugin['status']) && $obj->installedPlugin['status'] === "active") ? true : false;
+ $obj->id = (!empty($obj->installedPlugin['id'])) ? $obj->installedPlugin['id'] : 0;
+ $obj->data_object = $p->getDataObject();
+ $obj->data_object_helper = $p->getDataObjectHelper();
+ $obj->databaseScript = !empty(static::getDatabaseFile($value));
+ $obj->pluginMenu = $p->getPluginMenu();
+ $obj->tags = $p->getTags();
+ $obj->pluginversion = $p->getPluginVersion();
+ $obj->pluginversionMarketPlace = (!empty($pluginsMarketplace->plugins->{$obj->uuid}) ? $pluginsMarketplace->plugins->{$obj->uuid}->pluginversion : 0);
+ $obj->pluginversionCompare = (!empty($obj->pluginversionMarketPlace) ? version_compare($obj->pluginversion, $obj->pluginversionMarketPlace) : 0);
+ $obj->permissions = $obj->enabled ? Permissions::getPluginPermissions($obj->id) : [];
+ if (User::isAdmin()) {
+ $obj->isPluginTablesInstalled = AVideoPlugin::isPluginTablesInstalled($obj->name, false);
+ }
+ if ($obj->pluginversionCompare < 0) {
+ $obj->tags[] = "update";
+ }
+ $getAvailablePlugins[] = $obj;
+ }
+ }
+ }
+ }
+ return $getAvailablePlugins;
+ }
+
+ public static function getAvailablePluginsBasic()
+ {
+ global $global, $getAvailablePlugins;
+ if (empty($getAvailablePlugins)) {
+ $dir = $global['systemRootPath'] . "plugin";
+ $getAvailablePlugins = [];
+ $cdir = scandir($dir);
+ foreach ($cdir as $key => $value) {
+ if (!in_array($value, [".", ".."])) {
+ if (is_dir($dir . DIRECTORY_SEPARATOR . $value)) {
+ $p = AVideoPlugin::loadPlugin($value);
+ if (!is_object($p) || $p->hidePlugin()) {
+ if ($value !== "Statistics") { // avoid error while this plugin is not ready
+ _error_log("Plugin Not Found: {$value}");
+ }
+ continue;
+ }
+ $row = self::getPluginByUUID($p->getUUID());
+ $obj = new stdClass();
+ $obj->name = $p->getName();
+ $obj->pluginversion = $p->getPluginVersion();
+ $obj->status = $row['status'];
+
+ $pinfoFile = $dir . DIRECTORY_SEPARATOR . $value . DIRECTORY_SEPARATOR . 'pinfo.json';
+ if (file_exists($pinfoFile)) {
+ $obj->pinfo = json_decode(file_get_contents($pinfoFile));
+ } else {
+ $obj->pinfo = false;
+ }
+ $getAvailablePlugins[$p->getUUID()] = $obj;
+ }
+ }
+ }
+ }
+ return $getAvailablePlugins;
+ }
+
+ public static function getDatabaseFile($pluginName)
+ {
+ $filename = static::getDatabaseFileName($pluginName);
+ if (!$filename) {
+ return false;
+ }
+ return url_get_contents($filename);
+ }
+
+ public static function getDatabaseFileName($pluginName)
+ {
+ global $global;
+
+ $pluginName = AVideoPlugin::fixName($pluginName);
+ $dir = $global['systemRootPath'] . "plugin";
+ $filename = $dir . DIRECTORY_SEPARATOR . $pluginName . DIRECTORY_SEPARATOR . "install" . DIRECTORY_SEPARATOR . "install.sql";
+ if (!file_exists($filename)) {
+ return false;
+ }
+ return $filename;
+ }
+
+ public static function getAllEnabled($try = 0)
+ {
+ global $global, $getAllEnabledRows;
+ if (empty($getAllEnabledRows)) {
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE status='active' ";
+
+ $defaultEnabledUUIDs = AVideoPlugin::getPluginsOnByDefault(true);
+ $defaultEnabledNames = AVideoPlugin::getPluginsOnByDefault(false);
+ $sql .= " OR uuid IN ('" . implode("','", $defaultEnabledUUIDs) . "')";
+
+ $res = sqlDAL::readSql($sql);
+ $fullData = sqlDAL::fetchAllAssoc($res);
+ sqlDAL::close($res);
+ $getAllEnabledRows = [];
+ foreach ($fullData as $row) {
+ $getAllEnabledRows[] = $row;
+ if (($key = array_search($row['uuid'], $defaultEnabledUUIDs)) !== false) {
+ unset($defaultEnabledUUIDs[$key], $defaultEnabledNames[$key]);
+ }
+ }
+
+ $addedNewPlugin = false;
+ foreach ($defaultEnabledUUIDs as $key => $value) {
+ $obj = new Plugin(0);
+ $obj->loadFromUUID($defaultEnabledUUIDs[$key]);
+ $obj->setName($defaultEnabledNames[$key]);
+ $obj->setDirName($defaultEnabledNames[$key]);
+ $obj->setStatus("active");
+ if ($obj->save()) {
+ $addedNewPlugin = true;
+ }
+ }
+
+ if ($addedNewPlugin && empty($try)) {
+ //ObjectYPT::deleteALLCache();
+ return self::getAllEnabled(1);
+ }
+
+ uasort($getAllEnabledRows, 'cmpPlugin');
+ }
+ return $getAllEnabledRows;
+ }
+
+ public static function getAllDisabled()
+ {
+ global $global, $getAllDisabledRows;
+ if (empty($getAllDisabledRows)) {
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE status='inactive' ";
+ $res = sqlDAL::readSql($sql);
+ $fullData = sqlDAL::fetchAllAssoc($res);
+ sqlDAL::close($res);
+ $getAllDisabledRows = [];
+ foreach ($fullData as $row) {
+ $getAllDisabledRows[] = $row;
+ }
+ uasort($getAllDisabledRows, 'cmpPlugin');
+ }
+ return $getAllDisabledRows;
+ }
+
+ public static function getEnabled($uuid)
+ {
+ global $global, $getEnabled;
+ if (empty($getEnabled)) {
+ $getEnabled = [];
+ }
+
+ if (in_array($uuid, AVideoPlugin::getPluginsOnByDefault())) {
+ // make sure the OnByDefault plugins are enabled
+ return self::getOrCreatePluginByName(AVideoPlugin::getPluginsNameOnByDefaultFromUUID($uuid));
+ }
+
+ if (empty($getEnabled[$uuid])) {
+ $getEnabled[$uuid] = [];
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE status='active' AND uuid = '" . $uuid . "' ;";
+ $res = sqlDAL::readSql($sql);
+ $pluginRows = sqlDAL::fetchAllAssoc($res);
+ sqlDAL::close($res);
+ if ($pluginRows !== false) {
+ foreach ($pluginRows as $row) {
+ $getEnabled[$uuid][] = $row;
+ }
+ }
+ }
+
+ return $getEnabled[$uuid];
+ }
+
+ public static function deleteByUUID($uuid)
+ {
+ global $global;
+ $uuid = ($uuid);
+ if (!empty($uuid)) {
+ _error_log("Plugin:deleteByUUID {$uuid}");
+ $sql = "DELETE FROM " . static::getTableName() . " ";
+ $sql .= " WHERE uuid = ?";
+ $global['lastQuery'] = $sql;
+ //_error_log("Delete Query: ".$sql);
+ return sqlDAL::writeSql($sql, "s", [$uuid]);
+ }
+ return false;
+ }
+
+ public static function deleteByName($name)
+ {
+ global $global;
+ $name = ($name);
+ if (!empty($name)) {
+ _error_log("Plugin:deleteByName {$name}");
+ $sql = "DELETE FROM " . static::getTableName() . " ";
+ $sql .= " WHERE name = ?";
+ $global['lastQuery'] = $sql;
+ //_error_log("Delete Query: ".$sql);
+ return sqlDAL::writeSql($sql, "s", [$name]);
+ }
+ return false;
+ }
+
+ public static function getOrCreatePluginByName($name, $statusIfCreate = 'inactive')
+ {
+ global $global;
+ if (self::getPluginByName($name) === false) {
+ $pluginFile = $global['systemRootPath'] . "plugin/{$name}/{$name}.php";
+ if (file_exists($pluginFile)) {
+ require_once $pluginFile;
+ $code = "\$p = new {$name}();";
+ eval($code);
+ $plugin = new Plugin(0);
+ $plugin->setUuid($p->getUUID());
+ $plugin->setDirName($name);
+ $plugin->setName($name);
+ $plugin->setObject_data(json_encode($p->getDataObject()));
+ $plugin->setStatus($statusIfCreate);
+ $plugin->setPluginversion($p->getPluginVersion());
+ $plugin->save();
+ }
+ }
+ return self::getPluginByName($name);
+ }
+
+ public function save()
+ {
+ if (empty($this->uuid)) {
+ return false;
+ }
+ global $global;
+ $this->object_data = ($this->object_data);
+ if (empty($this->object_data)) {
+ $this->object_data = 'null';
+ }
+ self::deletePluginCache($this->uuid);
+ //ObjectYPT::deleteALLCache();
+ return parent::save();
+ }
+
+ public static function deletePluginCache($uuid)
+ {
+ $name = "plugin{$uuid}";
+ ObjectYPT::deleteCache($name);
+ ObjectYPT::deleteCache("plugin::getAllEnabled");
+ }
+
+ public static function encryptIfNeed($object_data)
+ {
+ $isString = false;
+ if (!is_object($object_data)) {
+ $object_data = _json_decode($object_data);
+ $isString = true;
+ }
+ if (!empty($object_data)) {
+ foreach ($object_data as $key => $value) {
+ if (!empty($value->type) && !empty($value->value) && is_string($value->type) && strtolower($value->type) === "encrypted") {
+ if (!self::isEncrypted($value->value)) {
+ $obj2 = new stdClass();
+ $obj2->dateEncrypted = time();
+ $obj2->value = $value->value;
+ $object_data->$key->value = encryptString($obj2);
+ }
+ }
+ }
+ if ($isString) {
+ $object_data = json_encode($object_data);
+ }
+ return $object_data;
+ } else {
+ return '';
+ }
+ }
+
+ public static function decryptIfNeed($object_data)
+ {
+ $isString = false;
+ if (!is_object($object_data)) {
+ $object_data = _json_decode($object_data);
+ $isString = true;
+ }
+ if (!empty($object_data)) {
+ foreach ($object_data as $key => $value) {
+ if (!empty($value->type) && !empty($value->value) && strtolower($value->type) === "encrypted") {
+ $isEncrypted = self::isEncrypted($value->value);
+ if ($isEncrypted) {
+ $object_data->$key->value = $isEncrypted;
+ }
+ }
+ }
+ if ($isString) {
+ $object_data = json_encode($object_data);
+ }
+ return $object_data;
+ } else {
+ return '';
+ }
+ }
+
+ public static function isEncrypted($object_data_element_value)
+ {
+ if (!empty($object_data_element_value)) {
+ $object_data_element_value_json = decryptString($object_data_element_value);
+ $object_data_element_value_json = _json_decode($object_data_element_value_json);
+ if (!empty($object_data_element_value_json) && !empty($object_data_element_value_json->dateEncrypted)) {
+ return $object_data_element_value_json->value;
+ }
+ }
+ return false;
+ }
+}
+
+class PluginTags
+{
+ public static $RECOMMENDED = ['success', 'Recommended', '', 'RECOMMENDED'];
+ public static $SECURITY = ['warning', 'Security', '', 'SECURITY'];
+ public static $LIVE = ['primary', 'Live', '', 'LIVE'];
+ public static $MONETIZATION = ['primary', 'Monetization', '', 'MONETIZATION'];
+ public static $ADS = ['primary', 'ADS', '', 'ADS'];
+ public static $STORAGE = ['primary', 'Storage', '', 'STORAGE'];
+ public static $GALLERY = ['primary', 'Gallery', '', 'GALLERY'];
+ public static $NETFLIX = ['primary', 'Netflix', '', 'NETFLIX'];
+ public static $LAYOUT = ['primary', 'Layout', '', 'LAYOUT'];
+ public static $LOGIN = ['primary', 'Login', '', 'LOGIN'];
+ public static $MOBILE = ['primary', 'Mobile', '', 'MOBILE'];
+ public static $PLAYER = ['primary', 'Player', '', 'PLAYER'];
+ public static $FREE = ['info', 'Free', '', 'FREE'];
+ public static $PREMIUM = ['info', 'Premium', '', 'PREMIUM'];
+ public static $DEPRECATED = ['danger', 'Deprecated', '', 'DEPRECATED'];
+}
diff --git a/objects/security.php b/objects/security.php
index f6b516de03..695b3c7bda 100644
--- a/objects/security.php
+++ b/objects/security.php
@@ -1,6 +1,5 @@
users_id = $users_id;
}
+
+ public static function getTableName() {
+ return 'subscribes';
+ }
+
}
diff --git a/objects/user.php b/objects/user.php
index bb536208a1..72bc200df3 100644
--- a/objects/user.php
+++ b/objects/user.php
@@ -220,7 +220,7 @@ if (typeof gtag !== \"function\") {
return $eo[$id];
}
- private function load($id) {
+ public function load($id) {
$id = intval($id);
if (empty($id)) {
return false;
diff --git a/objects/userGroups.php b/objects/userGroups.php
index 2d2d3c1dca..90836b39ce 100644
--- a/objects/userGroups.php
+++ b/objects/userGroups.php
@@ -1,505 +1,505 @@
-group_name = $group_name;
- } else {
- // get data from id
- $this->load($id);
- }
- }
-
- private function load($id)
- {
- $user = self::getUserGroupsDb($id);
- if (empty($user)) {
- return false;
- }
- foreach ($user as $key => $value) {
- $this->$key = $value;
- }
- }
-
- private static function getUserGroupsDb($id)
- {
- global $global;
- $id = intval($id);
- $sql = "SELECT * FROM users_groups WHERE id = ? LIMIT 1";
- $res = sqlDAL::readSql($sql, "i", [$id]);
- $data = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if (!empty($data)) {
- $user = $data;
- } else {
- $user = false;
- }
- return $user;
- }
-
- public function save()
- {
- global $global;
- if (empty($this->isAdmin)) {
- $this->isAdmin = "false";
- }
- $formats = '';
- $values = [];
- $this->group_name = _substr($this->group_name, 0, 255);
- if (!empty($this->id)) {
- $sql = "UPDATE users_groups SET group_name = ?, modified = now() WHERE id = ?";
- $formats = "si";
- $values = [$this->group_name,$this->id];
- } else {
- $sql = "INSERT INTO users_groups ( group_name, created, modified) VALUES (?,now(), now())";
- $formats = "s";
- $values = [$this->group_name];
- }
- if (sqlDAL::writeSql($sql, $formats, $values)) {
- if (empty($this->id)) {
- $id = $global['mysqli']->insert_id;
- } else {
- $id = $this->id;
- }
- return $id;
- } else {
- return false;
- }
- }
-
- public function delete()
- {
- if (!User::isAdmin()) {
- return false;
- }
-
- global $global;
- if (!empty($this->id)) {
- $sql = "DELETE FROM users_groups WHERE id = ?";
- } else {
- return false;
- }
- return sqlDAL::writeSql($sql, "i", [$this->id]);
- }
-
- private function getUserGroup($id)
- {
- global $global;
- $id = intval($id);
- $sql = "SELECT * FROM users_groups WHERE id = ? LIMIT 1";
- $res = sqlDAL::readSql($sql, "i", [$id]);
- $data = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if (!empty($data)) {
- $category = $data;
- } else {
- $category = false;
- }
- return $category;
- }
-
- public static function getAllUsersGroups()
- {
- global $global;
- $sql = "SELECT *,"
- . " (SELECT COUNT(*) FROM videos_group_view WHERE users_groups_id = ug.id ) as total_videos, "
- . " (SELECT COUNT(*) FROM users_has_users_groups WHERE users_groups_id = ug.id ) as total_users "
- . " FROM users_groups as ug WHERE 1=1 ";
-
- $sql .= BootGrid::getSqlFromPost(['group_name']);
-
- $res = sqlDAL::readSql($sql);
- $fullData = sqlDAL::fetchAllAssoc($res);
- sqlDAL::close($res);
- $arr = [];
- if ($res!=false) {
- foreach ($fullData as $row) {
- $arr[] = $row;
- }
- //$category = $res->fetch_all(MYSQLI_ASSOC);
- } else {
- $arr = false;
- die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- return $arr;
- }
-
- public static function getAllUsersGroupsArray()
- {
- global $global;
- $sql = "SELECT * FROM users_groups as ug WHERE 1=1 ";
-
- $res = sqlDAL::readSql($sql);
- $fullData = sqlDAL::fetchAllAssoc($res);
- sqlDAL::close($res);
- $arr = [];
- if ($res!=false) {
- foreach ($fullData as $row) {
- $arr[$row['id']] = $row['group_name'];
- }
- //$category = $res->fetch_all(MYSQLI_ASSOC);
- } else {
- $arr = false;
- die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- return $arr;
- }
-
- public static function getTotalUsersGroups()
- {
- global $global;
- $sql = "SELECT id FROM users_groups WHERE 1=1 ";
-
- $sql .= BootGrid::getSqlSearchFromPost(['group_name']);
- $res = sqlDAL::readSql($sql);
- $numRows = sqlDAL::num_rows($res);
- sqlDAL::close($res);
- return $numRows;
- }
-
- public function getGroup_name()
- {
- return $this->group_name;
- }
-
- public function setGroup_name($group_name)
- {
- $this->group_name = $group_name;
- }
-
- public static function getUserGroupByName($group_name, $refreshCache = false)
- {
- global $global;
- $sql = "SELECT * FROM users_groups WHERE group_name = ? LIMIT 1";
- $res = sqlDAL::readSql($sql, "s", [$group_name], $refreshCache);
- $data = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if (!empty($data)) {
- $category = $data;
- } else {
- $category = false;
- }
- return $category;
- }
-
- public static function getOrCreateUserGroups($group_name)
- {
- $group_name = trim($group_name);
- $group_name = _substr($group_name, 0, 255);
- if (empty($group_name)) {
- return false;
- }
- $group = self::getUserGroupByName($group_name, true);
- if (empty($group)) {
- $g = new UserGroups(0, $group_name);
- return $g->save();
- } else {
- return $group['id'];
- }
- }
-
- // for users
-
- public static function updateUserGroups($users_id, $array_groups_id, $byPassAdmin=false, $mergeWithCurrentUserGroups=false)
- {
- if (!$byPassAdmin && !Permissions::canAdminUsers()) {
- return false;
- }
- if (!is_array($array_groups_id)) {
- return false;
- }
- if (empty($users_id)) {
- return false;
- }
-
- if ($mergeWithCurrentUserGroups) {
- $current_user_groups = self::getUserGroups($users_id);
- foreach ($current_user_groups as $value) {
- if (!in_array($value['id'], $array_groups_id)) {
- $array_groups_id[] = $value['id'];
- }
- }
- }
-
- self::deleteGroupsFromUser($users_id, true);
- global $global;
- $array_groups_id = array_unique($array_groups_id);
- $sql = "INSERT INTO users_has_users_groups ( users_id, users_groups_id) VALUES (?,?)";
- foreach ($array_groups_id as $value) {
- $value = intval($value);
- if (empty($value)) {
- continue;
- }
- sqlDAL::writeSql($sql, "ii", [$users_id,$value]);
- }
-
- // make sure you do not save the dynamic user groups
- $user_groups_ids = AVideoPlugin::getDynamicUserGroupsId($users_id);
- if (!empty($user_groups_ids) && is_array($user_groups_ids)) {
- $sql = "DELETE FROM users_has_users_groups WHERE users_id = ? AND users_groups_id IN (". implode(',', $user_groups_ids).") ";
- return sqlDAL::writeSql($sql, "i", [$users_id]);
- }
-
- return true;
- }
-
- public static function getAlUserGroupsFromUser($users_id)
- {
- return self::getUserGroups($users_id);
- }
-
- public static function getUserGroups($users_id)
- {
- global $global;
- $res = sqlDAL::readSql("SHOW TABLES LIKE 'users_has_users_groups'");
- $result = sqlDAL::num_rows($res);
- sqlDAL::close($res);
- if (empty($result)) {
- $_GET['error'] = "You need to update your system to ver 2.3";
- return [];
- }
- if (empty($users_id)) {
- return [];
- }
- $sql = "SELECT uug.*, ug.* FROM users_groups ug"
- . " LEFT JOIN users_has_users_groups uug ON users_groups_id = ug.id WHERE users_id = ? ";
-
- $ids = AVideoPlugin::getDynamicUserGroupsId($users_id);
- if (!empty($ids) && is_array($ids)) {
- $ids = array_unique($ids);
- $sql .= " OR ug.id IN ('". implode("','", $ids)."') ";
- }
- //var_dump($ids);echo $sql;exit;
- $res = sqlDAL::readSql($sql, "i", [$users_id]);
- $fullData = sqlDal::fetchAllAssoc($res);
- sqlDAL::close($res);
- $arr = [];
- $doNotRepeat = [];
- if ($res!=false) {
- foreach ($fullData as $row) {
- if (in_array($row['id'], $doNotRepeat)) {
- continue;
- }
- if (in_array($row['id'], $ids)) {
- $row['isDynamic'] = 1;
- } else {
- $row['isDynamic'] = 0;
- }
- $row = cleanUpRowFromDatabase($row);
- $doNotRepeat[] = $row['id'];
- $arr[] = $row;
- }
- } else {
- $arr = false;
- die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- return $arr;
- }
-
- private static function deleteGroupsFromUser($users_id, $byPassAdmin=false)
- {
- if (!$byPassAdmin && !User::isAdmin()) {
- return false;
- }
-
- global $global;
- if (!empty($users_id)) {
- $sql = "DELETE FROM users_has_users_groups WHERE users_id = ?";
- } else {
- return false;
- }
- return sqlDAL::writeSql($sql, "i", [$users_id]);
- }
-
- public static function getVideoGroupsViewId($videos_id, $users_groups_id)
- {
- if (empty($videos_id)) {
- return false;
- }
- if (empty($users_groups_id)) {
- return false;
- }
- global $global;
-
- $sql = "SELECT id FROM videos_group_view WHERE videos_id = ? AND users_groups_id = ? LIMIT 1 ";
- $res = sqlDAL::readSql($sql, "ii", [$videos_id, $users_groups_id]);
- $data = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if (!empty($data)) {
- return $data['id'];
- } else {
- return 0;
- }
- }
-
- public static function addVideoGroups($videos_id, $users_groups_id)
- {
- if (!User::canUpload()) {
- return false;
- }
- global $global;
-
- if (self::getVideoGroupsViewId($videos_id, $users_groups_id)) {
- return false;
- }
-
- $sql = "INSERT INTO videos_group_view ( videos_id, users_groups_id) VALUES (?,?)";
- $value = intval($value);
- $response = sqlDAL::writeSql($sql, "ii", [$videos_id,$users_groups_id]);
-
- if ($response) {
- Video::clearCache($videos_id);
- }
- return $response;
- }
-
- public static function deleteVideoGroups($videos_id, $users_groups_id)
- {
- if (!User::canUpload()) {
- return false;
- }
-
- $sql = "DELETE FROM videos_group_view WHERE videos_id = ? AND users_groups_id = ?";
- $response = sqlDAL::writeSql($sql, "ii", [$videos_id, $users_groups_id]);
-
- if ($response) {
- Video::clearCache($videos_id);
- }
- return $response;
- }
-
- public static function updateVideoGroups($videos_id, $array_groups_id, $mergeWithCurrentUserGroups=false)
- {
- if (!User::canUpload()) {
- return false;
- }
- if (!is_array($array_groups_id)) {
- return false;
- }
-
- if ($mergeWithCurrentUserGroups) {
- $current_user_groups = self::getVideosAndCategoriesUserGroups($videos_id);
- foreach ($current_user_groups as $value) {
- if (!in_array($value['id'], $array_groups_id)) {
- $array_groups_id[] = $value['id'];
- }
- }
- }
-
- self::deleteGroupsFromVideo($videos_id);
- global $global;
-
- $sql = "INSERT INTO videos_group_view ( videos_id, users_groups_id) VALUES (?,?)";
- foreach ($array_groups_id as $value) {
- $value = intval($value);
- sqlDAL::writeSql($sql, "ii", [$videos_id,$value]);
- }
-
- return true;
- }
-
- public static function getVideoGroups($videos_id){
- if (empty($videos_id)) {
- return [];
- }
- global $global;
- $sql = "SELECT v.*, ug.*FROM videos_group_view as v "
- . " LEFT JOIN users_groups as ug ON users_groups_id = ug.id WHERE videos_id = ? ";
- $res = sqlDAL::readSql($sql, "i", [$videos_id]);
- $fullData = sqlDAL::fetchAllAssoc($res);
- sqlDAL::close($res);
- $arr = [];
- if ($res!=false) {
- foreach ($fullData as $row) {
- $row = cleanUpRowFromDatabase($row);
- $arr[] = $row;
- }
- } else {
- $arr = false;
- die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- return $arr;
- }
-
- public static function getCategoriesGroups($videos_id){
- if (empty($videos_id)) {
- return [];
- }
- global $global;
-
- $v = Video::getVideoLight($videos_id);
-
- $sql = "SELECT chug.*, ug.* FROM categories_has_users_groups as chug "
- . " LEFT JOIN users_groups as ug ON users_groups_id = ug.id WHERE categories_id = ? ";
- $res = sqlDAL::readSql($sql, "i", [$v['categories_id']]);
- $fullData = sqlDAL::fetchAllAssoc($res);
- sqlDAL::close($res);
- $arr = [];
- if ($res!=false) {
- foreach ($fullData as $row) {
- $row = cleanUpRowFromDatabase($row);
- $arr[] = $row;
- }
- } else {
- $arr = false;
- die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- return $arr;
- }
-
- public static function getVideosAndCategoriesUserGroups($videos_id){
- global $_getVideosAndCategoriesUserGroups;
-
- if(!isset($_getVideosAndCategoriesUserGroups)){
- $_getVideosAndCategoriesUserGroups = array();
- }
- if(!isset($_getVideosAndCategoriesUserGroups[$videos_id])){
- $videosug = self::getVideoGroups($videos_id);
- $categoriessug = self::getCategoriesGroups($videos_id);
- $response = array();
- foreach ($videosug as $value) {
- $value['isVideoUserGroup'] = 1;
- $value['isCategoryUserGroup'] = 0;
- $response[$value['users_groups_id']] = $value;
- }
- foreach ($categoriessug as $value) {
- if(!isset($response[$value['users_groups_id']])){
- $value['isVideoUserGroup'] = 0;
- $value['isCategoryUserGroup'] = 1;
- $response[$value['users_groups_id']] = $value;
- }else{
- $response[$value['users_groups_id']]['isCategoryUserGroup'] = 1;
- }
- }
- $_getVideosAndCategoriesUserGroups[$videos_id] = $response;
- }
- return $_getVideosAndCategoriesUserGroups[$videos_id];
- }
-
- private static function deleteGroupsFromVideo($videos_id){
- if (!User::canUpload()) {
- return false;
- }
-
- global $global;
- if (!empty($videos_id)) {
- $sql = "DELETE FROM videos_group_view WHERE videos_id = ?";
- } else {
- return false;
- }
- return sqlDAL::writeSql($sql, "i", [$videos_id]);
- }
-}
+group_name = $group_name;
+ } else {
+ // get data from id
+ $this->load($id);
+ }
+ }
+
+ public function load($id)
+ {
+ $user = self::getUserGroupsDb($id);
+ if (empty($user)) {
+ return false;
+ }
+ foreach ($user as $key => $value) {
+ $this->$key = $value;
+ }
+ }
+
+ private static function getUserGroupsDb($id)
+ {
+ global $global;
+ $id = intval($id);
+ $sql = "SELECT * FROM users_groups WHERE id = ? LIMIT 1";
+ $res = sqlDAL::readSql($sql, "i", [$id]);
+ $data = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!empty($data)) {
+ $user = $data;
+ } else {
+ $user = false;
+ }
+ return $user;
+ }
+
+ public function save()
+ {
+ global $global;
+ if (empty($this->isAdmin)) {
+ $this->isAdmin = "false";
+ }
+ $formats = '';
+ $values = [];
+ $this->group_name = _substr($this->group_name, 0, 255);
+ if (!empty($this->id)) {
+ $sql = "UPDATE users_groups SET group_name = ?, modified = now() WHERE id = ?";
+ $formats = "si";
+ $values = [$this->group_name,$this->id];
+ } else {
+ $sql = "INSERT INTO users_groups ( group_name, created, modified) VALUES (?,now(), now())";
+ $formats = "s";
+ $values = [$this->group_name];
+ }
+ if (sqlDAL::writeSql($sql, $formats, $values)) {
+ if (empty($this->id)) {
+ $id = $global['mysqli']->insert_id;
+ } else {
+ $id = $this->id;
+ }
+ return $id;
+ } else {
+ return false;
+ }
+ }
+
+ public function delete()
+ {
+ if (!User::isAdmin()) {
+ return false;
+ }
+
+ global $global;
+ if (!empty($this->id)) {
+ $sql = "DELETE FROM users_groups WHERE id = ?";
+ } else {
+ return false;
+ }
+ return sqlDAL::writeSql($sql, "i", [$this->id]);
+ }
+
+ private function getUserGroup($id)
+ {
+ global $global;
+ $id = intval($id);
+ $sql = "SELECT * FROM users_groups WHERE id = ? LIMIT 1";
+ $res = sqlDAL::readSql($sql, "i", [$id]);
+ $data = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!empty($data)) {
+ $category = $data;
+ } else {
+ $category = false;
+ }
+ return $category;
+ }
+
+ public static function getAllUsersGroups()
+ {
+ global $global;
+ $sql = "SELECT *,"
+ . " (SELECT COUNT(*) FROM videos_group_view WHERE users_groups_id = ug.id ) as total_videos, "
+ . " (SELECT COUNT(*) FROM users_has_users_groups WHERE users_groups_id = ug.id ) as total_users "
+ . " FROM users_groups as ug WHERE 1=1 ";
+
+ $sql .= BootGrid::getSqlFromPost(['group_name']);
+
+ $res = sqlDAL::readSql($sql);
+ $fullData = sqlDAL::fetchAllAssoc($res);
+ sqlDAL::close($res);
+ $arr = [];
+ if ($res!=false) {
+ foreach ($fullData as $row) {
+ $arr[] = $row;
+ }
+ //$category = $res->fetch_all(MYSQLI_ASSOC);
+ } else {
+ $arr = false;
+ die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ return $arr;
+ }
+
+ public static function getAllUsersGroupsArray()
+ {
+ global $global;
+ $sql = "SELECT * FROM users_groups as ug WHERE 1=1 ";
+
+ $res = sqlDAL::readSql($sql);
+ $fullData = sqlDAL::fetchAllAssoc($res);
+ sqlDAL::close($res);
+ $arr = [];
+ if ($res!=false) {
+ foreach ($fullData as $row) {
+ $arr[$row['id']] = $row['group_name'];
+ }
+ //$category = $res->fetch_all(MYSQLI_ASSOC);
+ } else {
+ $arr = false;
+ die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ return $arr;
+ }
+
+ public static function getTotalUsersGroups()
+ {
+ global $global;
+ $sql = "SELECT id FROM users_groups WHERE 1=1 ";
+
+ $sql .= BootGrid::getSqlSearchFromPost(['group_name']);
+ $res = sqlDAL::readSql($sql);
+ $numRows = sqlDAL::num_rows($res);
+ sqlDAL::close($res);
+ return $numRows;
+ }
+
+ public function getGroup_name()
+ {
+ return $this->group_name;
+ }
+
+ public function setGroup_name($group_name)
+ {
+ $this->group_name = $group_name;
+ }
+
+ public static function getUserGroupByName($group_name, $refreshCache = false)
+ {
+ global $global;
+ $sql = "SELECT * FROM users_groups WHERE group_name = ? LIMIT 1";
+ $res = sqlDAL::readSql($sql, "s", [$group_name], $refreshCache);
+ $data = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!empty($data)) {
+ $category = $data;
+ } else {
+ $category = false;
+ }
+ return $category;
+ }
+
+ public static function getOrCreateUserGroups($group_name)
+ {
+ $group_name = trim($group_name);
+ $group_name = _substr($group_name, 0, 255);
+ if (empty($group_name)) {
+ return false;
+ }
+ $group = self::getUserGroupByName($group_name, true);
+ if (empty($group)) {
+ $g = new UserGroups(0, $group_name);
+ return $g->save();
+ } else {
+ return $group['id'];
+ }
+ }
+
+ // for users
+
+ public static function updateUserGroups($users_id, $array_groups_id, $byPassAdmin=false, $mergeWithCurrentUserGroups=false)
+ {
+ if (!$byPassAdmin && !Permissions::canAdminUsers()) {
+ return false;
+ }
+ if (!is_array($array_groups_id)) {
+ return false;
+ }
+ if (empty($users_id)) {
+ return false;
+ }
+
+ if ($mergeWithCurrentUserGroups) {
+ $current_user_groups = self::getUserGroups($users_id);
+ foreach ($current_user_groups as $value) {
+ if (!in_array($value['id'], $array_groups_id)) {
+ $array_groups_id[] = $value['id'];
+ }
+ }
+ }
+
+ self::deleteGroupsFromUser($users_id, true);
+ global $global;
+ $array_groups_id = array_unique($array_groups_id);
+ $sql = "INSERT INTO users_has_users_groups ( users_id, users_groups_id) VALUES (?,?)";
+ foreach ($array_groups_id as $value) {
+ $value = intval($value);
+ if (empty($value)) {
+ continue;
+ }
+ sqlDAL::writeSql($sql, "ii", [$users_id,$value]);
+ }
+
+ // make sure you do not save the dynamic user groups
+ $user_groups_ids = AVideoPlugin::getDynamicUserGroupsId($users_id);
+ if (!empty($user_groups_ids) && is_array($user_groups_ids)) {
+ $sql = "DELETE FROM users_has_users_groups WHERE users_id = ? AND users_groups_id IN (". implode(',', $user_groups_ids).") ";
+ return sqlDAL::writeSql($sql, "i", [$users_id]);
+ }
+
+ return true;
+ }
+
+ public static function getAlUserGroupsFromUser($users_id)
+ {
+ return self::getUserGroups($users_id);
+ }
+
+ public static function getUserGroups($users_id)
+ {
+ global $global;
+ $res = sqlDAL::readSql("SHOW TABLES LIKE 'users_has_users_groups'");
+ $result = sqlDAL::num_rows($res);
+ sqlDAL::close($res);
+ if (empty($result)) {
+ $_GET['error'] = "You need to update your system to ver 2.3";
+ return [];
+ }
+ if (empty($users_id)) {
+ return [];
+ }
+ $sql = "SELECT uug.*, ug.* FROM users_groups ug"
+ . " LEFT JOIN users_has_users_groups uug ON users_groups_id = ug.id WHERE users_id = ? ";
+
+ $ids = AVideoPlugin::getDynamicUserGroupsId($users_id);
+ if (!empty($ids) && is_array($ids)) {
+ $ids = array_unique($ids);
+ $sql .= " OR ug.id IN ('". implode("','", $ids)."') ";
+ }
+ //var_dump($ids);echo $sql;exit;
+ $res = sqlDAL::readSql($sql, "i", [$users_id]);
+ $fullData = sqlDal::fetchAllAssoc($res);
+ sqlDAL::close($res);
+ $arr = [];
+ $doNotRepeat = [];
+ if ($res!=false) {
+ foreach ($fullData as $row) {
+ if (in_array($row['id'], $doNotRepeat)) {
+ continue;
+ }
+ if (in_array($row['id'], $ids)) {
+ $row['isDynamic'] = 1;
+ } else {
+ $row['isDynamic'] = 0;
+ }
+ $row = cleanUpRowFromDatabase($row);
+ $doNotRepeat[] = $row['id'];
+ $arr[] = $row;
+ }
+ } else {
+ $arr = false;
+ die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ return $arr;
+ }
+
+ private static function deleteGroupsFromUser($users_id, $byPassAdmin=false)
+ {
+ if (!$byPassAdmin && !User::isAdmin()) {
+ return false;
+ }
+
+ global $global;
+ if (!empty($users_id)) {
+ $sql = "DELETE FROM users_has_users_groups WHERE users_id = ?";
+ } else {
+ return false;
+ }
+ return sqlDAL::writeSql($sql, "i", [$users_id]);
+ }
+
+ public static function getVideoGroupsViewId($videos_id, $users_groups_id)
+ {
+ if (empty($videos_id)) {
+ return false;
+ }
+ if (empty($users_groups_id)) {
+ return false;
+ }
+ global $global;
+
+ $sql = "SELECT id FROM videos_group_view WHERE videos_id = ? AND users_groups_id = ? LIMIT 1 ";
+ $res = sqlDAL::readSql($sql, "ii", [$videos_id, $users_groups_id]);
+ $data = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!empty($data)) {
+ return $data['id'];
+ } else {
+ return 0;
+ }
+ }
+
+ public static function addVideoGroups($videos_id, $users_groups_id)
+ {
+ if (!User::canUpload()) {
+ return false;
+ }
+ global $global;
+
+ if (self::getVideoGroupsViewId($videos_id, $users_groups_id)) {
+ return false;
+ }
+
+ $sql = "INSERT INTO videos_group_view ( videos_id, users_groups_id) VALUES (?,?)";
+ $value = intval($value);
+ $response = sqlDAL::writeSql($sql, "ii", [$videos_id,$users_groups_id]);
+
+ if ($response) {
+ Video::clearCache($videos_id);
+ }
+ return $response;
+ }
+
+ public static function deleteVideoGroups($videos_id, $users_groups_id)
+ {
+ if (!User::canUpload()) {
+ return false;
+ }
+
+ $sql = "DELETE FROM videos_group_view WHERE videos_id = ? AND users_groups_id = ?";
+ $response = sqlDAL::writeSql($sql, "ii", [$videos_id, $users_groups_id]);
+
+ if ($response) {
+ Video::clearCache($videos_id);
+ }
+ return $response;
+ }
+
+ public static function updateVideoGroups($videos_id, $array_groups_id, $mergeWithCurrentUserGroups=false)
+ {
+ if (!User::canUpload()) {
+ return false;
+ }
+ if (!is_array($array_groups_id)) {
+ return false;
+ }
+
+ if ($mergeWithCurrentUserGroups) {
+ $current_user_groups = self::getVideosAndCategoriesUserGroups($videos_id);
+ foreach ($current_user_groups as $value) {
+ if (!in_array($value['id'], $array_groups_id)) {
+ $array_groups_id[] = $value['id'];
+ }
+ }
+ }
+
+ self::deleteGroupsFromVideo($videos_id);
+ global $global;
+
+ $sql = "INSERT INTO videos_group_view ( videos_id, users_groups_id) VALUES (?,?)";
+ foreach ($array_groups_id as $value) {
+ $value = intval($value);
+ sqlDAL::writeSql($sql, "ii", [$videos_id,$value]);
+ }
+
+ return true;
+ }
+
+ public static function getVideoGroups($videos_id){
+ if (empty($videos_id)) {
+ return [];
+ }
+ global $global;
+ $sql = "SELECT v.*, ug.*FROM videos_group_view as v "
+ . " LEFT JOIN users_groups as ug ON users_groups_id = ug.id WHERE videos_id = ? ";
+ $res = sqlDAL::readSql($sql, "i", [$videos_id]);
+ $fullData = sqlDAL::fetchAllAssoc($res);
+ sqlDAL::close($res);
+ $arr = [];
+ if ($res!=false) {
+ foreach ($fullData as $row) {
+ $row = cleanUpRowFromDatabase($row);
+ $arr[] = $row;
+ }
+ } else {
+ $arr = false;
+ die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ return $arr;
+ }
+
+ public static function getCategoriesGroups($videos_id){
+ if (empty($videos_id)) {
+ return [];
+ }
+ global $global;
+
+ $v = Video::getVideoLight($videos_id);
+
+ $sql = "SELECT chug.*, ug.* FROM categories_has_users_groups as chug "
+ . " LEFT JOIN users_groups as ug ON users_groups_id = ug.id WHERE categories_id = ? ";
+ $res = sqlDAL::readSql($sql, "i", [$v['categories_id']]);
+ $fullData = sqlDAL::fetchAllAssoc($res);
+ sqlDAL::close($res);
+ $arr = [];
+ if ($res!=false) {
+ foreach ($fullData as $row) {
+ $row = cleanUpRowFromDatabase($row);
+ $arr[] = $row;
+ }
+ } else {
+ $arr = false;
+ die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ return $arr;
+ }
+
+ public static function getVideosAndCategoriesUserGroups($videos_id){
+ global $_getVideosAndCategoriesUserGroups;
+
+ if(!isset($_getVideosAndCategoriesUserGroups)){
+ $_getVideosAndCategoriesUserGroups = array();
+ }
+ if(!isset($_getVideosAndCategoriesUserGroups[$videos_id])){
+ $videosug = self::getVideoGroups($videos_id);
+ $categoriessug = self::getCategoriesGroups($videos_id);
+ $response = array();
+ foreach ($videosug as $value) {
+ $value['isVideoUserGroup'] = 1;
+ $value['isCategoryUserGroup'] = 0;
+ $response[$value['users_groups_id']] = $value;
+ }
+ foreach ($categoriessug as $value) {
+ if(!isset($response[$value['users_groups_id']])){
+ $value['isVideoUserGroup'] = 0;
+ $value['isCategoryUserGroup'] = 1;
+ $response[$value['users_groups_id']] = $value;
+ }else{
+ $response[$value['users_groups_id']]['isCategoryUserGroup'] = 1;
+ }
+ }
+ $_getVideosAndCategoriesUserGroups[$videos_id] = $response;
+ }
+ return $_getVideosAndCategoriesUserGroups[$videos_id];
+ }
+
+ private static function deleteGroupsFromVideo($videos_id){
+ if (!User::canUpload()) {
+ return false;
+ }
+
+ global $global;
+ if (!empty($videos_id)) {
+ $sql = "DELETE FROM videos_group_view WHERE videos_id = ?";
+ } else {
+ return false;
+ }
+ return sqlDAL::writeSql($sql, "i", [$videos_id]);
+ }
+}
diff --git a/objects/video.php b/objects/video.php
index 4a8e5534ed..e3a9f2df64 100644
--- a/objects/video.php
+++ b/objects/video.php
@@ -19,50 +19,50 @@ require_once $global['systemRootPath'] . 'objects/Object.php';
if (!class_exists('Video')) {
- class Video {
+ class Video extends ObjectYPT {
- private $id;
- private $title;
- private $clean_title;
- private $filename;
- private $description;
- private $views_count;
- private $status;
- private $duration;
- private $users_id;
- private $categories_id;
- private $old_categories_id;
- private $type;
- private $rotation;
- private $zoom;
- private $videoDownloadedLink;
- private $videoLink;
- private $next_videos_id;
- private $isSuggested;
+ protected $id;
+ protected $title;
+ protected $clean_title;
+ protected $filename;
+ protected $description;
+ protected $views_count;
+ protected $status;
+ protected $duration;
+ protected $users_id;
+ protected $categories_id;
+ protected $old_categories_id;
+ protected $type;
+ protected $rotation;
+ protected $zoom;
+ protected $videoDownloadedLink;
+ protected $videoLink;
+ protected $next_videos_id;
+ protected $isSuggested;
public static $types = ['webm', 'mp4', 'mp3', 'ogg', 'pdf', 'jpg', 'jpeg', 'gif', 'png', 'webp', 'zip'];
- private $videoGroups;
- private $trailer1;
- private $trailer2;
- private $trailer3;
- private $rate;
- private $can_download;
- private $can_share;
- private $only_for_paid;
- private $rrating;
- private $externalOptions;
- private $sites_id;
- private $serie_playlists_id;
- private $video_password;
- private $encoderURL;
- private $filepath;
- private $filesize;
- private $live_transmitions_history_id;
- private $total_seconds_watching;
- private $duration_in_seconds;
- private $likes;
- private $dislikes;
- private $users_id_company;
- private $created;
+ protected $videoGroups;
+ protected $trailer1;
+ protected $trailer2;
+ protected $trailer3;
+ protected $rate;
+ protected $can_download;
+ protected $can_share;
+ protected $only_for_paid;
+ protected $rrating;
+ protected $externalOptions;
+ protected $sites_id;
+ protected $serie_playlists_id;
+ protected $video_password;
+ protected $encoderURL;
+ protected $filepath;
+ protected $filesize;
+ protected $live_transmitions_history_id;
+ protected $total_seconds_watching;
+ protected $duration_in_seconds;
+ protected $likes;
+ protected $dislikes;
+ protected $users_id_company;
+ protected $created;
public static $statusDesc = [
'a' => 'Active',
'k' => 'Active and Encoding',
@@ -102,7 +102,7 @@ if (!class_exists('Video')) {
public static $statusBrokenMissingFiles = 'b';
public static $rratingOptions = ['', 'g', 'pg', 'pg-13', 'r', 'nc-17', 'ma'];
//ver 3.4
- private $youtubeId;
+ protected $youtubeId;
public static $typeOptions = ['audio', 'video', 'embed', 'linkVideo', 'linkAudio', 'torrent', 'pdf', 'image', 'gallery', 'article', 'serie', 'image', 'zip', 'notfound', 'blockedUser'];
public static $searchFieldsNames = ['v.title', 'v.description', 'c.name', 'c.description', 'v.id', 'v.filename'];
public static $searchFieldsNamesLabels = ['Video Title', 'Video Description', 'Channel Name', 'Channel Description', 'Video ID', 'Video Filename'];
@@ -349,9 +349,9 @@ if (!class_exists('Video')) {
$catDefault = Category::getCategoryDefault();
$this->categories_id = $catDefault['id'];
}
- //$this->setTitle($global['mysqli']->real_escape_string(trim($this->title)));
- $this->title = ($global['mysqli']->real_escape_string(safeString($this->title)));
- $this->description = ($global['mysqli']->real_escape_string($this->description));
+ //$this->setTitle((trim($this->title)));
+ $this->title = ((safeString($this->title)));
+ $this->description = (($this->description));
if (forbiddenWords($this->title) || forbiddenWords($this->description)) {
return false;
@@ -412,31 +412,16 @@ if (!class_exists('Video')) {
header('Content-Type: application/json');
die('{"error":"3 ' . __("Permission denied") . '"}');
}
- $sql = "UPDATE videos SET title = '{$this->title}',clean_title = '{$this->clean_title}',"
- . " filename = '{$this->filename}', categories_id = '{$this->categories_id}', status = '{$this->status}',"
- . " description = '{$this->description}', duration = '{$this->duration}', type = '{$this->type}', videoDownloadedLink = '{$this->videoDownloadedLink}', youtubeId = '{$this->youtubeId}', videoLink = '{$this->videoLink}', next_videos_id = {$this->next_videos_id}, isSuggested = {$this->isSuggested}, users_id = {$this->users_id}, "
- . " trailer1 = '{$this->trailer1}', trailer2 = '{$this->trailer2}', trailer3 = '{$this->trailer3}', rate = '{$this->rate}', can_download = '{$this->can_download}', can_share = '{$this->can_share}', only_for_paid = '{$this->only_for_paid}', rrating = '{$this->rrating}', externalOptions = '{$this->externalOptions}', sites_id = {$this->sites_id}, serie_playlists_id = {$this->serie_playlists_id} ,live_transmitions_history_id = {$this->live_transmitions_history_id} , video_password = '{$this->video_password}', "
- . " encoderURL = '{$this->encoderURL}', filepath = '{$this->filepath}' , filesize = '{$this->filesize}' , duration_in_seconds = '{$this->duration_in_seconds}' , modified = now(), users_id_company = ".(empty($this->users_id_company)?'NULL':intval($this->users_id_company))." "
- . " WHERE id = {$this->id}";
-
- $saved = sqlDAL::writeSql($sql);
- if ($saved) {
- $insert_row = $this->id;
+
+ $insert_row = parent::save();
+ if ($insert_row) {
AVideoPlugin::onUpdateVideo($insert_row);
_error_log('onUpdateVideo $insert_row = '.$insert_row);
}else{
_error_log('onUpdateVideo error $saved is empty');
}
} else {
- if(empty($this->created)){
- $this->created = 'now()';
- }
- $sql = "INSERT INTO videos "
- . "(duration_in_seconds, title,clean_title, filename, users_id, categories_id, status, description, duration,type,videoDownloadedLink, next_videos_id, created, modified, videoLink, can_download, can_share, only_for_paid, rrating, externalOptions, sites_id, serie_playlists_id,live_transmitions_history_id, video_password, encoderURL, filepath , filesize, users_id_company) values "
- . "('{$this->duration_in_seconds}','{$this->title}','{$this->clean_title}', '{$this->filename}', {$this->users_id},{$this->categories_id}, '{$this->status}', '{$this->description}', '{$this->duration}', '{$this->type}', '{$this->videoDownloadedLink}', {$this->next_videos_id},{$this->created}, now(), '{$this->videoLink}', '{$this->can_download}', '{$this->can_share}','{$this->only_for_paid}', '{$this->rrating}', '$this->externalOptions', {$this->sites_id}, {$this->serie_playlists_id},{$this->live_transmitions_history_id}, '{$this->video_password}', '{$this->encoderURL}', '{$this->filepath}', '{$this->filesize}', ".(empty($this->users_id_company)?'NULL':intval($this->users_id_company)).")";
-
- //_error_log("Video::save ".$sql);
- $insert_row = sqlDAL::writeSql($sql);
+ $insert_row = parent::save();
if(!empty($insert_row)){
AVideoPlugin::onNewVideo($insert_row);
_error_log('onNewVideo $insert_row = '.$insert_row);
@@ -444,6 +429,7 @@ if (!class_exists('Video')) {
_error_log('onNewVideo error $insert_row is empty');
}
}
+ //var_dump($this->title, $insert_row);exit;
if ($insert_row) {
_error_log("Video::save ({$this->title}) Saved id = {$insert_row} ");
Category::clearCacheCount();
@@ -512,8 +498,10 @@ if (!class_exists('Video')) {
return false;
}
_error_log("Video::updateDurationInSeconds update duration {$videos_id}, {$duration}, {$duration_in_seconds}");
- $sql = "UPDATE videos SET duration_in_seconds = '{$duration_in_seconds}' , modified = now() WHERE id = {$videos_id}";
- $saved = sqlDAL::writeSql($sql);
+ $formats = 'si';
+ $values = [$duration_in_seconds, $videos_id];
+ $sql = "UPDATE videos SET duration_in_seconds = ? , modified = now() WHERE id = ?";
+ $saved = sqlDAL::writeSql($sql, $formats, $values);
self::clearCache($videos_id);
return $duration_in_seconds;
}
@@ -663,8 +651,10 @@ if (!class_exists('Video')) {
if (!empty($this->id)) {
global $global;
- $sql = "UPDATE videos SET rotation = '{$saneRotation}', modified = now() WHERE id = {$this->id} ";
- $res = sqlDAL::writeSql($sql);
+ $sql = "UPDATE videos SET rotation = ?, modified = now() WHERE id = ? ";
+ $formats = 'si';
+ $values = [$saneRotation, $this->id];
+ $res = sqlDAL::writeSql($sql, $formats, $values);
if ($global['mysqli']->errno !== 0) {
die('Error on update Rotation: (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
@@ -689,8 +679,10 @@ if (!class_exists('Video')) {
if (!empty($this->id)) {
global $global;
- $sql = "UPDATE videos SET zoom = '{$saneZoom}', modified = now() WHERE id = {$this->id} ";
- $res = sqlDAL::writeSql($sql);
+ $sql = "UPDATE videos SET zoom = ?, modified = now() WHERE id = ? ";
+ $formats = 'si';
+ $values = [$saneZoom, $this->id];
+ $res = sqlDAL::writeSql($sql, $formats, $values);
if ($global['mysqli']->errno !== 0) {
die('Error on update Zoom: (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
@@ -826,7 +818,7 @@ if (!class_exists('Video')) {
}
if (!empty($_GET['catName'])) {
- $catName = $global['mysqli']->real_escape_string($_GET['catName']);
+ $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
}
@@ -1231,7 +1223,7 @@ if (!class_exists('Video')) {
}
if (!empty($_GET['catName'])) {
- $catName = $global['mysqli']->real_escape_string($_GET['catName']);
+ $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
}
@@ -1752,7 +1744,7 @@ if (!class_exists('Video')) {
}
if (!empty($_GET['catName'])) {
- $catName = $global['mysqli']->real_escape_string($_GET['catName']);
+ $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
}
@@ -4881,7 +4873,7 @@ if (!class_exists('Video')) {
private static function getFullTextSearch($columnsArray, $search, $connection = "OR") {
global $global;
- $search = $global['mysqli']->real_escape_string(xss_esc($search));
+ $search = (xss_esc($search));
$search = str_replace('"', '"', $search);
if (empty($columnsArray) || empty($search)) {
return "";
@@ -5294,6 +5286,10 @@ if (!class_exists('Video')) {
return !$found;
}
+ public static function getTableName() {
+ return 'videos';
+ }
+
}
}
diff --git a/objects/video_statistic.php b/objects/video_statistic.php
index 570a399b6a..df278ed0d1 100644
--- a/objects/video_statistic.php
+++ b/objects/video_statistic.php
@@ -123,7 +123,7 @@ class VideoStatistic extends ObjectYPT {
$this->seconds_watching_video = intval($this->seconds_watching_video);
- $this->json = $global['mysqli']->real_escape_string($this->json);
+ $this->json = ($this->json);
return parent::save();
}
diff --git a/plugin/AD_Overlay/Objects/AD_Overlay_Code.php b/plugin/AD_Overlay/Objects/AD_Overlay_Code.php
index fb365b312b..5a751ae399 100644
--- a/plugin/AD_Overlay/Objects/AD_Overlay_Code.php
+++ b/plugin/AD_Overlay/Objects/AD_Overlay_Code.php
@@ -1,93 +1,93 @@
-setUsers_id($users_id);
- if (empty($row))
- return false;
- foreach ($row as $key => $value) {
- $this->$key = $value;
- }
- return true;
- }
-
- static protected function getFromDbFromUser($users_id) {
- global $global;
- $users_id = intval($users_id);
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = ? LIMIT 1";
- // I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
- $res = sqlDAL::readSql($sql, "i", array($users_id));
- $data = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if ($res) {
- $row = $data;
- } else {
- $row = false;
- }
- return $row;
- }
-
- static function getSearchFieldsNames() {
- return array('code');
- }
-
- static function getTableName() {
- return 'ad_overlay_codes';
- }
-
- function getUsers_id() {
- return $this->users_id;
- }
-
- function getCode() {
- return trim($this->code);
- }
-
- function setUsers_id($users_id) {
- $this->users_id = $users_id;
- }
-
- function setCode($code) {
- $this->code = self::filterCode($code);
- }
-
- function getStatus() {
- return $this->status;
- }
-
- function setStatus($status) {
- $this->status = $status;
- }
-
- static function filterCode($data) {
- global $global;
- //$data = preg_replace('/[\x00-\x1F\x7F]/u', '', $data);
- // normalize $data because of get_magic_quotes_gpc
- $dataNeedsStripSlashes = get_magic_quotes_gpc();
- if ($dataNeedsStripSlashes) {
- $data = stripslashes($data);
- }
-
- // normalize $data because of whitespace on beginning and end
- $data = trim($data);
-
- // strip tags
- //$data = strip_tags($data);
-
- // replace characters with their HTML entitites
- //$data = htmlentities($data);
-
- // mysql escape string
- $data = $global['mysqli']->real_escape_string($data);
-
- return $data;
- }
-
-}
+setUsers_id($users_id);
+ if (empty($row))
+ return false;
+ foreach ($row as $key => $value) {
+ $this->$key = $value;
+ }
+ return true;
+ }
+
+ static protected function getFromDbFromUser($users_id) {
+ global $global;
+ $users_id = intval($users_id);
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = ? LIMIT 1";
+ // I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
+ $res = sqlDAL::readSql($sql, "i", array($users_id));
+ $data = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if ($res) {
+ $row = $data;
+ } else {
+ $row = false;
+ }
+ return $row;
+ }
+
+ static function getSearchFieldsNames() {
+ return array('code');
+ }
+
+ static function getTableName() {
+ return 'ad_overlay_codes';
+ }
+
+ function getUsers_id() {
+ return $this->users_id;
+ }
+
+ function getCode() {
+ return trim($this->code);
+ }
+
+ function setUsers_id($users_id) {
+ $this->users_id = $users_id;
+ }
+
+ function setCode($code) {
+ $this->code = self::filterCode($code);
+ }
+
+ function getStatus() {
+ return $this->status;
+ }
+
+ function setStatus($status) {
+ $this->status = $status;
+ }
+
+ static function filterCode($data) {
+ global $global;
+ //$data = preg_replace('/[\x00-\x1F\x7F]/u', '', $data);
+ // normalize $data because of get_magic_quotes_gpc
+ $dataNeedsStripSlashes = get_magic_quotes_gpc();
+ if ($dataNeedsStripSlashes) {
+ $data = stripslashes($data);
+ }
+
+ // normalize $data because of whitespace on beginning and end
+ $data = trim($data);
+
+ // strip tags
+ //$data = strip_tags($data);
+
+ // replace characters with their HTML entitites
+ //$data = htmlentities($data);
+
+ // mysql escape string
+ $data = ($data);
+
+ return $data;
+ }
+
+}
diff --git a/plugin/AD_Server_Location/Objects/CampaignLocations.php b/plugin/AD_Server_Location/Objects/CampaignLocations.php
index ec72930519..876de956cc 100644
--- a/plugin/AD_Server_Location/Objects/CampaignLocations.php
+++ b/plugin/AD_Server_Location/Objects/CampaignLocations.php
@@ -1,88 +1,88 @@
-country_name;
- }
-
- function getRegion_name() {
- return $this->region_name;
- }
-
- function getCity_name() {
- return $this->city_name;
- }
-
- function getVast_campaigns_id() {
- return $this->vast_campaigns_id;
- }
-
- function setCountry_name($country_name) {
- global $global;
- $country_name = $global['mysqli']->real_escape_string($country_name);
- $this->country_name = $country_name;
- }
-
- function setRegion_name($region_name) {
- global $global;
- $region_name = $global['mysqli']->real_escape_string($region_name);
- $this->region_name = $region_name;
- }
-
- function setCity_name($city_name) {
- global $global;
- $city_name = $global['mysqli']->real_escape_string($city_name);
- $this->city_name = $city_name;
- }
-
- function setVast_campaigns_id($vast_campaigns_id) {
- $this->vast_campaigns_id = $vast_campaigns_id;
- }
-
- public function getCampaignLocations(){
- global $global;
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE vast_campaigns_id={$this->vast_campaigns_id} ";
-
- $sql .= self::getSqlFromPost();
- $res = sqlDAL::readSql($sql);
- $fullData = sqlDAL::fetchAllAssoc($res);
- sqlDAL::close($res);
- $rows = array();
- if ($res!=false) {
- foreach ($fullData as $row) {
- $rows[] = $row;
- }
- } else {
- die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- return $rows;
- }
-
- static function deleteFromCapmpaign($vast_campaigns_id) {
- global $global;
- if (!empty($vast_campaigns_id)) {
- $sql = "DELETE FROM " . static::getTableName() . " ";
- $sql .= " WHERE vast_campaigns_id = ?";
- $global['lastQuery'] = $sql;
- //_error_log("Delete Query: ".$sql);
- return sqlDAL::writeSql($sql,"i",array($vast_campaigns_id));
- }
- _error_log("Id for table " . static::getTableName() . " not defined for deletion");
- return false;
- }
-
-}
+country_name;
+ }
+
+ function getRegion_name() {
+ return $this->region_name;
+ }
+
+ function getCity_name() {
+ return $this->city_name;
+ }
+
+ function getVast_campaigns_id() {
+ return $this->vast_campaigns_id;
+ }
+
+ function setCountry_name($country_name) {
+ global $global;
+ $country_name = ($country_name);
+ $this->country_name = $country_name;
+ }
+
+ function setRegion_name($region_name) {
+ global $global;
+ $region_name = ($region_name);
+ $this->region_name = $region_name;
+ }
+
+ function setCity_name($city_name) {
+ global $global;
+ $city_name = ($city_name);
+ $this->city_name = $city_name;
+ }
+
+ function setVast_campaigns_id($vast_campaigns_id) {
+ $this->vast_campaigns_id = $vast_campaigns_id;
+ }
+
+ public function getCampaignLocations(){
+ global $global;
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE vast_campaigns_id={$this->vast_campaigns_id} ";
+
+ $sql .= self::getSqlFromPost();
+ $res = sqlDAL::readSql($sql);
+ $fullData = sqlDAL::fetchAllAssoc($res);
+ sqlDAL::close($res);
+ $rows = array();
+ if ($res!=false) {
+ foreach ($fullData as $row) {
+ $rows[] = $row;
+ }
+ } else {
+ die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ return $rows;
+ }
+
+ static function deleteFromCapmpaign($vast_campaigns_id) {
+ global $global;
+ if (!empty($vast_campaigns_id)) {
+ $sql = "DELETE FROM " . static::getTableName() . " ";
+ $sql .= " WHERE vast_campaigns_id = ?";
+ $global['lastQuery'] = $sql;
+ //_error_log("Delete Query: ".$sql);
+ return sqlDAL::writeSql($sql,"i",array($vast_campaigns_id));
+ }
+ _error_log("Id for table " . static::getTableName() . " not defined for deletion");
+ return false;
+ }
+
+}
diff --git a/plugin/CloneSite/Objects/Clones.php b/plugin/CloneSite/Objects/Clones.php
index 07fc06e191..8d00a171ca 100644
--- a/plugin/CloneSite/Objects/Clones.php
+++ b/plugin/CloneSite/Objects/Clones.php
@@ -1,186 +1,194 @@
-id)) {
- $sql = "UPDATE " . static::getTableName() . " SET last_clone_request = now() ";
- $sql .= " WHERE id = {$this->id}";
- } else {
- return false;
- }
- $insert_row = sqlDAL::writeSql($sql);
-
- if ($insert_row) {
- $id = $this->id;
- return $id;
- } else {
- die($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- }
-
- public function loadFromURL($url)
- {
- $row = self::getFromURL($url);
- if (empty($row)) {
- return false;
- }
- foreach ($row as $key => $value) {
- $this->$key = $value;
- }
- return true;
- }
-
- public static function thisURLCanCloneMe($url, $key)
- {
- $resp = new stdClass();
- $resp->canClone = false;
- $resp->clone = null;
- $resp->msg = "";
-
- $clone = new Clones(0);
- $clone->loadFromURL($url);
- if (empty($clone->getId())) {
- $resp->msg = "The URL {$url} was just added in our server, ask the Server Manager to approve this URL on plugins->Clone Site->Clones Manager (The Blue Button) and Activate your client";
- self::addURL($url, $key);
- return $resp;
- }
- if ($clone->getKey() !== $key) {
- $resp->msg = "Invalid Key";
- return $resp;
- }
- if ($clone->getStatus() !== 'a') {
- $resp->msg = "The URL {$url} is inactive in our Clone Server";
- return $resp;
- }
- $resp->clone = $clone;
- $resp->canClone = true;
- return $resp;
- }
-
- public static function addURL($url, $key)
- {
- $clone = new Clones(0);
- $clone->loadFromURL($url);
- if (empty($clone->getId())) {
- $clone->setUrl($url);
- $clone->setKey($key);
- return $clone->save();
- }
- return false;
- }
-
- public function save()
- {
- global $global;
- if (empty($this->status)) {
- $this->status = 'i';
- }
- if (empty($this->last_clone_request)) {
- $this->last_clone_request = 'null';
- }
-
- $this->key = $global['mysqli']->real_escape_string($this->key);
- $this->url = $global['mysqli']->real_escape_string($this->url);
- return parent::save();
- }
-
- public function getId()
- {
- return $this->id;
- }
-
- public function getUrl()
- {
- return $this->url;
- }
-
- public function getStatus()
- {
- return $this->status;
- }
-
- public function getKey()
- {
- return $this->key;
- }
-
- public function getLast_clone_request()
- {
- return $this->last_clone_request;
- }
-
- public function setId($id)
- {
- $this->id = $id;
- }
-
- public function setUrl($url)
- {
- $this->url = $url;
- }
-
- public function setStatus($status)
- {
- $this->status = $status;
- }
-
- public function setKey($key)
- {
- $this->key = $key;
- }
-
- public function setLast_clone_request($last_clone_request)
- {
- $this->last_clone_request = $last_clone_request;
- }
-
- public function toogleStatus()
- {
- if (empty($this->id)) {
- return false;
- }
- if ($this->status==='i') {
- $this->status='a';
- } else {
- $this->status='i';
- }
- return $this->save();
- }
-}
+id)) {
+ $sql = "UPDATE " . static::getTableName() . " SET last_clone_request = now() ";
+ $sql .= " WHERE id = {$this->id}";
+ } else {
+ return false;
+ }
+ $insert_row = sqlDAL::writeSql($sql);
+
+ if ($insert_row) {
+ $id = $this->id;
+ return $id;
+ } else {
+ die($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ }
+
+ public function loadFromURL($url){
+ if(!isValidURL($url)){
+ return false;
+ }
+ $row = self::getFromURL($url);
+ if (empty($row)) {
+ return false;
+ }
+ foreach ($row as $key => $value) {
+ $this->$key = $value;
+ }
+ return true;
+ }
+
+ public static function thisURLCanCloneMe($url, $key)
+ {
+ $resp = new stdClass();
+ $resp->canClone = false;
+ $resp->clone = null;
+ $resp->msg = "";
+ if(!isValidURL($url)){
+ $resp->msg = "Invalid URL";
+ return $resp;
+ }
+ $clone = new Clones(0);
+ $clone->loadFromURL($url);
+ if (empty($clone->getId())) {
+ $resp->msg = "The URL {$url} was just added in our server, ask the Server Manager to approve this URL on plugins->Clone Site->Clones Manager (The Blue Button) and Activate your client";
+ self::addURL($url, $key);
+ return $resp;
+ }
+ if ($clone->getKey() !== $key) {
+ $resp->msg = "Invalid Key";
+ return $resp;
+ }
+ if ($clone->getStatus() !== 'a') {
+ $resp->msg = "The URL {$url} is inactive in our Clone Server";
+ return $resp;
+ }
+ $resp->clone = $clone;
+ $resp->canClone = true;
+ return $resp;
+ }
+
+ public static function addURL($url, $key)
+ {
+ $clone = new Clones(0);
+ $clone->loadFromURL($url);
+ if (empty($clone->getId())) {
+ $clone->setUrl($url);
+ $clone->setKey($key);
+ return $clone->save();
+ }
+ return false;
+ }
+
+ public function save()
+ {
+ global $global;
+ if (empty($this->status)) {
+ $this->status = 'i';
+ }
+ if (empty($this->last_clone_request)) {
+ $this->last_clone_request = 'null';
+ }
+ if(!isValidURL($this->url)){
+ return false;
+ }
+ $this->key = safeString($this->key, true);
+ $this->url = $this->url;
+ return parent::save();
+ }
+
+ public function getId()
+ {
+ return $this->id;
+ }
+
+ public function getUrl()
+ {
+ return $this->url;
+ }
+
+ public function getStatus()
+ {
+ return $this->status;
+ }
+
+ public function getKey()
+ {
+ return $this->key;
+ }
+
+ public function getLast_clone_request()
+ {
+ return $this->last_clone_request;
+ }
+
+ public function setId($id)
+ {
+ $this->id = $id;
+ }
+
+ public function setUrl($url){
+ if(isValidURL($url)){
+ $this->url = $url;
+ }
+ }
+
+ public function setStatus($status)
+ {
+ $this->status = $status;
+ }
+
+ public function setKey($key)
+ {
+ $this->key = safeString($key);
+ }
+
+ public function setLast_clone_request($last_clone_request)
+ {
+ $this->last_clone_request = $last_clone_request;
+ }
+
+ public function toogleStatus()
+ {
+ if (empty($this->id)) {
+ return false;
+ }
+ if ($this->status==='i') {
+ $this->status='a';
+ } else {
+ $this->status='i';
+ }
+ return $this->save();
+ }
+}
diff --git a/plugin/Live/Live.php b/plugin/Live/Live.php
index 8cdd8fa4a9..74d706a454 100644
--- a/plugin/Live/Live.php
+++ b/plugin/Live/Live.php
@@ -3040,7 +3040,7 @@ Click here to join our live.";
}
if (!empty($_GET['catName'])) {
- $catName = $global['mysqli']->real_escape_string($_GET['catName']);
+ $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
}
diff --git a/plugin/Live/Objects/LiveTransmition.php b/plugin/Live/Objects/LiveTransmition.php
index 16adcc5b20..fa82a1afd3 100644
--- a/plugin/Live/Objects/LiveTransmition.php
+++ b/plugin/Live/Objects/LiveTransmition.php
@@ -75,7 +75,7 @@ class LiveTransmition extends ObjectYPT
public function setTitle($title)
{
global $global;
- //$title = $global['mysqli']->real_escape_string($title);
+ //$title = ($title);
$this->title = xss_esc($title);
}
@@ -107,7 +107,7 @@ class LiveTransmition extends ObjectYPT
public function setDescription($description)
{
global $global;
- //$description = $global['mysqli']->real_escape_string($description);
+ //$description = ($description);
$this->description = xss_esc($description);
}
@@ -204,7 +204,7 @@ class LiveTransmition extends ObjectYPT
{
global $global;
_mysql_connect();
- $userName = $global['mysqli']->real_escape_string($userName);
+ $userName = ($userName);
$sql = "SELECT * FROM users WHERE user = ? LIMIT 1";
$res = sqlDAL::readSql($sql, "s", [$userName], true);
$data = sqlDAL::fetchAssoc($res);
@@ -224,7 +224,7 @@ class LiveTransmition extends ObjectYPT
{
global $global;
_mysql_connect();
- $channelName = $global['mysqli']->real_escape_string($channelName);
+ $channelName = ($channelName);
$sql = "SELECT * FROM users WHERE channelName = ? LIMIT 1";
$res = sqlDAL::readSql($sql, "s", [$channelName], true);
$data = sqlDAL::fetchAssoc($res);
diff --git a/plugin/Live/Objects/LiveTransmitionHistory.php b/plugin/Live/Objects/LiveTransmitionHistory.php
index 9b9f95363c..9672a4bff7 100644
--- a/plugin/Live/Objects/LiveTransmitionHistory.php
+++ b/plugin/Live/Objects/LiveTransmitionHistory.php
@@ -93,13 +93,13 @@ class LiveTransmitionHistory extends ObjectYPT {
global $global;
$Char = "";
$title = str_replace($Char, '', $title);
- $title = $global['mysqli']->real_escape_string($title);
+ $title = ($title);
$this->title = $title;
}
public function setDescription($description) {
global $global;
- $description = $global['mysqli']->real_escape_string($description);
+ $description = ($description);
$this->description = $description;
}
@@ -354,7 +354,7 @@ class LiveTransmitionHistory extends ObjectYPT {
public static function getLatest($key, $live_servers_id = null, $active=false) {
global $global;
- $key = $global['mysqli']->real_escape_string($key);
+ $key = ($key);
if (empty($key)) {
return false;
diff --git a/plugin/Live/Objects/Live_schedule.php b/plugin/Live/Objects/Live_schedule.php
index 717db4d70d..3246f68aa3 100644
--- a/plugin/Live/Objects/Live_schedule.php
+++ b/plugin/Live/Objects/Live_schedule.php
@@ -358,7 +358,7 @@ class Live_schedule extends ObjectYPT
$this->key = uniqid();
}
- $this->description = $global['mysqli']->real_escape_string($this->description);
+ $this->description = ($this->description);
$this->_setTimeZone(date_default_timezone_get());
diff --git a/plugin/Live/Objects/Live_servers.php b/plugin/Live/Objects/Live_servers.php
index 6ec53ec058..ee02147fb8 100644
--- a/plugin/Live/Objects/Live_servers.php
+++ b/plugin/Live/Objects/Live_servers.php
@@ -1,285 +1,285 @@
-id = intval($id);
- }
-
- public function setName($name)
- {
- $this->name = $name;
- }
-
- public function setUrl($url)
- {
- $this->url = $url;
- }
-
- public function setStatus($status)
- {
- $this->status = $status;
- }
-
- public function setRtmp_server($rtmp_server)
- {
- $this->rtmp_server = $rtmp_server;
- }
-
- public function setPlayerServer($playerServer)
- {
- $this->playerServer = $playerServer;
- }
-
- public function setStats_url($stats_url)
- {
- $this->stats_url = $stats_url;
- }
-
- public function setDisableDVR($disableDVR)
- {
- $this->disableDVR = intval($disableDVR);
- }
-
- public function setDisableGifThumbs($disableGifThumbs)
- {
- $this->disableGifThumbs = intval($disableGifThumbs);
- }
-
- public function setUseAadaptiveMode($useAadaptiveMode)
- {
- $this->useAadaptiveMode = intval($useAadaptiveMode);
- }
-
- public function setProtectLive($protectLive)
- {
- $this->protectLive = intval($protectLive);
- }
-
- public function setGetRemoteFile($getRemoteFile)
- {
- $this->getRemoteFile = $getRemoteFile;
- }
-
- public function getId()
- {
- return intval($this->id);
- }
-
- public function getName()
- {
- return $this->name;
- }
-
- public function getUrl()
- {
- return $this->url;
- }
-
- public function getStatus()
- {
- return $this->status;
- }
-
- public function getRtmp_server()
- {
- return trim($this->rtmp_server);
- }
-
- public function getPlayerServer()
- {
- return $this->playerServer;
- }
-
- public function getStats_url()
- {
- return $this->stats_url;
- }
-
- public function getDisableDVR()
- {
- return intval($this->disableDVR);
- }
-
- public function getDisableGifThumbs()
- {
- return intval($this->disableGifThumbs);
- }
-
- public function getUseAadaptiveMode()
- {
- return intval($this->useAadaptiveMode);
- }
-
- public function getProtectLive()
- {
- return intval($this->protectLive);
- }
-
- public function getGetRemoteFile()
- {
- return $this->getRemoteFile;
- }
-
- public function getRestreamerURL()
- {
- return $this->restreamerURL;
- }
-
- public function setRestreamerURL($restreamerURL)
- {
- $this->restreamerURL = $restreamerURL;
- }
-
- public function getControlURL()
- {
- return $this->controlURL;
- }
-
- public function setControlURL($controlURL)
- {
- $this->controlURL = $controlURL;
- }
-
- public function getwebRTC_server()
- {
- return $this->webRTC_server;
- }
-
- public function setwebRTC_server($webRTC_server)
- {
- $this->webRTC_server = addLastSlash($webRTC_server);
- }
-
- public static function getStatsFromId($live_servers_id, $force_recreate = false)
- {
- global $_getStatsFromId;
- if (empty($force_recreate)) {
- if (!isset($_getStatsFromId)) {
- $_getStatsFromId = [];
- }
-
- if (isset($_getStatsFromId[$live_servers_id])) {
- return $_getStatsFromId[$live_servers_id];
- }
- }
- $ls = new Live_servers($live_servers_id);
- if (empty($ls->getStatus()) || $ls->getStatus()=='i') {
- _error_log("Live_servers:: getStatsFromId ERROR ".json_encode($ls));
- $_getStatsFromId[$live_servers_id] = false;
- } else {
- $_getStatsFromId[$live_servers_id] = Live::_getStats($live_servers_id, $force_recreate);
- }
- return $_getStatsFromId[$live_servers_id];
- }
-
- public static function getAllActive()
- {
- global $global, $liveServersgetAllActive;
- if (isset($liveServersgetAllActive)) {
- return $liveServersgetAllActive;
- }
- if (!static::isTableInstalled()) {
- return false;
- }
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE status='a' ";
-
- //$sql .= self::getSqlFromPost();
- $res = sqlDAL::readSql($sql);
- $fullData = sqlDAL::fetchAllAssoc($res);
- sqlDAL::close($res);
- $rows = [];
- if ($res != false) {
- foreach ($fullData as $row) {
- $rows[] = $row;
- }
- } else {
- die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- $liveServersgetAllActive = $rows;
- return $rows;
- }
-
- public static function getServerFromRTMPHost($rtmpHostURI)
- {
- $obj = AVideoPlugin::getObjectData('Live');
- if (empty($obj->useLiveServers)) {
- return 0;
- }
- global $global;
- $host = trim($rtmpHostURI);
- $parts = parse_url($host);
- $host = "rtmp://{$parts["host"]}{$parts["path"]}";
- $host = $global['mysqli']->real_escape_string($host);
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE rtmp_server LIKE '%{$host}%' AND status = 'a' ";
- $res = sqlDAL::readSql($sql);
- $data = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if ($res) {
- $row = $data;
- } else {
- $row = false;
- }
- return $row;
- }
-
- public static function getServerIdFromRTMPHost($rtmpHostURI)
- {
- $data = self::getServerFromRTMPHost($rtmpHostURI);
- if ($data) {
- $row = $data['id'];
- } else {
- $row = 0;
- }
- return intval($row);
- }
-
- public function save()
- {
- $id = parent::save();
- if ($id) {
- _session_start();
- $_SESSION['useAadaptiveMode'] = [];
- $_SESSION['playerServer'] = [];
- }
- return $id;
- }
-
- public function delete()
- {
- if (!empty($this->id)) {
- LiveTransmitionHistory::deleteAllFromLiveServer($this->id);
- }
-
- return parent::delete();
- }
-}
+id = intval($id);
+ }
+
+ public function setName($name)
+ {
+ $this->name = $name;
+ }
+
+ public function setUrl($url)
+ {
+ $this->url = $url;
+ }
+
+ public function setStatus($status)
+ {
+ $this->status = $status;
+ }
+
+ public function setRtmp_server($rtmp_server)
+ {
+ $this->rtmp_server = $rtmp_server;
+ }
+
+ public function setPlayerServer($playerServer)
+ {
+ $this->playerServer = $playerServer;
+ }
+
+ public function setStats_url($stats_url)
+ {
+ $this->stats_url = $stats_url;
+ }
+
+ public function setDisableDVR($disableDVR)
+ {
+ $this->disableDVR = intval($disableDVR);
+ }
+
+ public function setDisableGifThumbs($disableGifThumbs)
+ {
+ $this->disableGifThumbs = intval($disableGifThumbs);
+ }
+
+ public function setUseAadaptiveMode($useAadaptiveMode)
+ {
+ $this->useAadaptiveMode = intval($useAadaptiveMode);
+ }
+
+ public function setProtectLive($protectLive)
+ {
+ $this->protectLive = intval($protectLive);
+ }
+
+ public function setGetRemoteFile($getRemoteFile)
+ {
+ $this->getRemoteFile = $getRemoteFile;
+ }
+
+ public function getId()
+ {
+ return intval($this->id);
+ }
+
+ public function getName()
+ {
+ return $this->name;
+ }
+
+ public function getUrl()
+ {
+ return $this->url;
+ }
+
+ public function getStatus()
+ {
+ return $this->status;
+ }
+
+ public function getRtmp_server()
+ {
+ return trim($this->rtmp_server);
+ }
+
+ public function getPlayerServer()
+ {
+ return $this->playerServer;
+ }
+
+ public function getStats_url()
+ {
+ return $this->stats_url;
+ }
+
+ public function getDisableDVR()
+ {
+ return intval($this->disableDVR);
+ }
+
+ public function getDisableGifThumbs()
+ {
+ return intval($this->disableGifThumbs);
+ }
+
+ public function getUseAadaptiveMode()
+ {
+ return intval($this->useAadaptiveMode);
+ }
+
+ public function getProtectLive()
+ {
+ return intval($this->protectLive);
+ }
+
+ public function getGetRemoteFile()
+ {
+ return $this->getRemoteFile;
+ }
+
+ public function getRestreamerURL()
+ {
+ return $this->restreamerURL;
+ }
+
+ public function setRestreamerURL($restreamerURL)
+ {
+ $this->restreamerURL = $restreamerURL;
+ }
+
+ public function getControlURL()
+ {
+ return $this->controlURL;
+ }
+
+ public function setControlURL($controlURL)
+ {
+ $this->controlURL = $controlURL;
+ }
+
+ public function getwebRTC_server()
+ {
+ return $this->webRTC_server;
+ }
+
+ public function setwebRTC_server($webRTC_server)
+ {
+ $this->webRTC_server = addLastSlash($webRTC_server);
+ }
+
+ public static function getStatsFromId($live_servers_id, $force_recreate = false)
+ {
+ global $_getStatsFromId;
+ if (empty($force_recreate)) {
+ if (!isset($_getStatsFromId)) {
+ $_getStatsFromId = [];
+ }
+
+ if (isset($_getStatsFromId[$live_servers_id])) {
+ return $_getStatsFromId[$live_servers_id];
+ }
+ }
+ $ls = new Live_servers($live_servers_id);
+ if (empty($ls->getStatus()) || $ls->getStatus()=='i') {
+ _error_log("Live_servers:: getStatsFromId ERROR ".json_encode($ls));
+ $_getStatsFromId[$live_servers_id] = false;
+ } else {
+ $_getStatsFromId[$live_servers_id] = Live::_getStats($live_servers_id, $force_recreate);
+ }
+ return $_getStatsFromId[$live_servers_id];
+ }
+
+ public static function getAllActive()
+ {
+ global $global, $liveServersgetAllActive;
+ if (isset($liveServersgetAllActive)) {
+ return $liveServersgetAllActive;
+ }
+ if (!static::isTableInstalled()) {
+ return false;
+ }
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE status='a' ";
+
+ //$sql .= self::getSqlFromPost();
+ $res = sqlDAL::readSql($sql);
+ $fullData = sqlDAL::fetchAllAssoc($res);
+ sqlDAL::close($res);
+ $rows = [];
+ if ($res != false) {
+ foreach ($fullData as $row) {
+ $rows[] = $row;
+ }
+ } else {
+ die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ $liveServersgetAllActive = $rows;
+ return $rows;
+ }
+
+ public static function getServerFromRTMPHost($rtmpHostURI)
+ {
+ $obj = AVideoPlugin::getObjectData('Live');
+ if (empty($obj->useLiveServers)) {
+ return 0;
+ }
+ global $global;
+ $host = trim($rtmpHostURI);
+ $parts = parse_url($host);
+ $host = "rtmp://{$parts["host"]}{$parts["path"]}";
+ $host = ($host);
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE rtmp_server LIKE '%{$host}%' AND status = 'a' ";
+ $res = sqlDAL::readSql($sql);
+ $data = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if ($res) {
+ $row = $data;
+ } else {
+ $row = false;
+ }
+ return $row;
+ }
+
+ public static function getServerIdFromRTMPHost($rtmpHostURI)
+ {
+ $data = self::getServerFromRTMPHost($rtmpHostURI);
+ if ($data) {
+ $row = $data['id'];
+ } else {
+ $row = 0;
+ }
+ return intval($row);
+ }
+
+ public function save()
+ {
+ $id = parent::save();
+ if ($id) {
+ _session_start();
+ $_SESSION['useAadaptiveMode'] = [];
+ $_SESSION['playerServer'] = [];
+ }
+ return $id;
+ }
+
+ public function delete()
+ {
+ if (!empty($this->id)) {
+ LiveTransmitionHistory::deleteAllFromLiveServer($this->id);
+ }
+
+ return parent::delete();
+ }
+}
diff --git a/plugin/LiveLinks/LiveLinks.php b/plugin/LiveLinks/LiveLinks.php
index 76b6ceddec..2b94d5fa39 100644
--- a/plugin/LiveLinks/LiveLinks.php
+++ b/plugin/LiveLinks/LiveLinks.php
@@ -304,7 +304,7 @@ class LiveLinks extends PluginAbstract {
}
if (!empty($_GET['catName'])) {
- $catName = $global['mysqli']->real_escape_string($_GET['catName']);
+ $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
}
diff --git a/plugin/PayPalYPT/Objects/PayPalYPT_log.php b/plugin/PayPalYPT/Objects/PayPalYPT_log.php
index 9d165ed468..4de7b62ee9 100644
--- a/plugin/PayPalYPT/Objects/PayPalYPT_log.php
+++ b/plugin/PayPalYPT/Objects/PayPalYPT_log.php
@@ -1,181 +1,181 @@
-errno . ') ' . $global['mysqli']->error);
- }
- return $rows;
- }
-
- public function setId($id)
- {
- $this->id = intval($id);
- }
-
- public function setAgreement_id($agreement_id)
- {
- $this->agreement_id = $agreement_id;
- }
-
- public function setUsers_id($users_id)
- {
- $this->users_id = intval($users_id);
- }
-
- public function setJson($json)
- {
- if (!is_string($json)) {
- $json = _json_encode($json);
- }
- $this->json = $json;
- }
-
- public function setRecurring_payment_id($recurring_payment_id)
- {
- $this->recurring_payment_id = $recurring_payment_id;
- }
-
- public function setValue($value)
- {
- $this->value = floatval($value);
- }
-
- public function setToken($token)
- {
- $this->token = $token;
- }
-
- public function getId()
- {
- return intval($this->id);
- }
-
- public function getAgreement_id()
- {
- return $this->agreement_id;
- }
-
- public function getUsers_id()
- {
- return intval($this->users_id);
- }
-
- public function getJson()
- {
- return $this->json;
- }
-
- public function getRecurring_payment_id()
- {
- return $this->recurring_payment_id;
- }
-
- public function getValue()
- {
- return floatval($this->value);
- }
-
- public function getToken()
- {
- return $this->token;
- }
-
- public static function getFromToken($token)
- {
- global $global;
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE token = ? LIMIT 1";
- // I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
- $res = sqlDAL::readSql($sql, "s", [$token], true);
- $data = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if ($res) {
- $row = $data;
- } else {
- $row = false;
- }
- return $row;
- }
-
- public static function getFromRecurringPaymentId($recurring_payment_id)
- {
- global $global;
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE recurring_payment_id = ? LIMIT 1";
- // I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
- $res = sqlDAL::readSql($sql, "s", [$recurring_payment_id], true);
- $data = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
- if ($res) {
- $row = $data;
- } else {
- $row = false;
- }
- return $row;
- }
-
- public static function getAllFromUser($users_id)
- {
- global $global;
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = ? ";
-
- $sql .= self::getSqlFromPost();
- $res = sqlDAL::readSql($sql, "i", [$users_id]);
- $fullData = sqlDAL::fetchAllAssoc($res);
- sqlDAL::close($res);
- $rows = [];
- if ($res != false) {
- foreach ($fullData as $row) {
- $search = ['"get":{"json":"{', '}","success"'];
- $replace = ['"get":{"json":{', '},"success"'];
- $row['json'] = str_replace($search, $replace, $row['json']);
- $rows[] = $row;
- }
- } else {
- _error_log($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- return $rows;
- }
-
- public function save()
- {
- global $global;
- $this->json = $global['mysqli']->real_escape_string($this->json);
-
- return parent::save();
- }
-}
+errno . ') ' . $global['mysqli']->error);
+ }
+ return $rows;
+ }
+
+ public function setId($id)
+ {
+ $this->id = intval($id);
+ }
+
+ public function setAgreement_id($agreement_id)
+ {
+ $this->agreement_id = $agreement_id;
+ }
+
+ public function setUsers_id($users_id)
+ {
+ $this->users_id = intval($users_id);
+ }
+
+ public function setJson($json)
+ {
+ if (!is_string($json)) {
+ $json = _json_encode($json);
+ }
+ $this->json = $json;
+ }
+
+ public function setRecurring_payment_id($recurring_payment_id)
+ {
+ $this->recurring_payment_id = $recurring_payment_id;
+ }
+
+ public function setValue($value)
+ {
+ $this->value = floatval($value);
+ }
+
+ public function setToken($token)
+ {
+ $this->token = $token;
+ }
+
+ public function getId()
+ {
+ return intval($this->id);
+ }
+
+ public function getAgreement_id()
+ {
+ return $this->agreement_id;
+ }
+
+ public function getUsers_id()
+ {
+ return intval($this->users_id);
+ }
+
+ public function getJson()
+ {
+ return $this->json;
+ }
+
+ public function getRecurring_payment_id()
+ {
+ return $this->recurring_payment_id;
+ }
+
+ public function getValue()
+ {
+ return floatval($this->value);
+ }
+
+ public function getToken()
+ {
+ return $this->token;
+ }
+
+ public static function getFromToken($token)
+ {
+ global $global;
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE token = ? LIMIT 1";
+ // I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
+ $res = sqlDAL::readSql($sql, "s", [$token], true);
+ $data = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if ($res) {
+ $row = $data;
+ } else {
+ $row = false;
+ }
+ return $row;
+ }
+
+ public static function getFromRecurringPaymentId($recurring_payment_id)
+ {
+ global $global;
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE recurring_payment_id = ? LIMIT 1";
+ // I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
+ $res = sqlDAL::readSql($sql, "s", [$recurring_payment_id], true);
+ $data = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if ($res) {
+ $row = $data;
+ } else {
+ $row = false;
+ }
+ return $row;
+ }
+
+ public static function getAllFromUser($users_id)
+ {
+ global $global;
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = ? ";
+
+ $sql .= self::getSqlFromPost();
+ $res = sqlDAL::readSql($sql, "i", [$users_id]);
+ $fullData = sqlDAL::fetchAllAssoc($res);
+ sqlDAL::close($res);
+ $rows = [];
+ if ($res != false) {
+ foreach ($fullData as $row) {
+ $search = ['"get":{"json":"{', '}","success"'];
+ $replace = ['"get":{"json":{', '},"success"'];
+ $row['json'] = str_replace($search, $replace, $row['json']);
+ $rows[] = $row;
+ }
+ } else {
+ _error_log($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ return $rows;
+ }
+
+ public function save()
+ {
+ global $global;
+ $this->json = ($this->json);
+
+ return parent::save();
+ }
+}
diff --git a/plugin/Scheduler/Objects/Scheduler_commands.php b/plugin/Scheduler/Objects/Scheduler_commands.php
index 52c6ea81a5..7ef3d8606d 100644
--- a/plugin/Scheduler/Objects/Scheduler_commands.php
+++ b/plugin/Scheduler/Objects/Scheduler_commands.php
@@ -102,7 +102,7 @@ class Scheduler_commands extends ObjectYPT {
global $global;
if(!is_string($parameters)){
$parameters = _json_encode($parameters);
- $parameters = $global['mysqli']->real_escape_string($parameters);
+ $parameters = ($parameters);
}
$this->parameters = $parameters;
@@ -158,7 +158,7 @@ class Scheduler_commands extends ObjectYPT {
function setExecuted($callbackResponse) {
if (!is_string($callbackResponse)) {
$callbackResponse = json_encode($callbackResponse);
- $callbackResponse = $global['mysqli']->real_escape_string($callbackResponse);
+ $callbackResponse = ($callbackResponse);
}
$this->setExecuted_in(date('Y-m-d H:i:s'));
$this->setCallbackResponse($callbackResponse);
diff --git a/plugin/TopMenu/Objects/Menu.php b/plugin/TopMenu/Objects/Menu.php
index d43282ae6c..1f6c1742b6 100644
--- a/plugin/TopMenu/Objects/Menu.php
+++ b/plugin/TopMenu/Objects/Menu.php
@@ -1,133 +1,133 @@
-'Left',
- 2=>'Top',
- 3=>'Action',
- 4=>'Action Per Video',
- 5=>'Action Per Video For Logged Users Only',
- 6=>'Action Per Video For Users That can Watch Video',
- 7=>'Action Per Video For Users That can NOT Watch Video',
- 8=>'Mobile Tab Menu',
- 9=>'Mobile Left Menu',
- 10=>'Mobile Tab Menu in a Browser',
- 11=>'Mobile Left Menu in a Browser');
-
- protected $id, $menuName, $categories_id, $users_groups_id, $menu_order, $status, $position, $type, $icon, $menuSeoUrl;
-
- static function getSearchFieldsNames() {
- return array();
- }
-
- static function getTableName() {
- return 'topMenu';
- }
-
- function setMenuName($menuName) {
- $this->menuName = $menuName;
- }
-
- function setCategories_id($categories_id) {
- $this->categories_id = $categories_id;
- }
-
- function setUsers_groups_id($users_groups_id) {
- $this->users_groups_id = $users_groups_id;
- }
-
- function setMenu_order($menu_order) {
- $this->menu_order = $menu_order;
- }
-
- function setStatus($status) {
- $this->status = $status;
- }
-
- function setPosition($position) {
- $this->position = $position;
- }
-
- function setType($type) {
- $this->type = $type;
- }
-
- function setIcon($icon) {
- $this->icon = $icon;
- }
-
- function setmenuSeoUrl($menuSeoUrl){
- $this->menuSeoUrl=$menuSeoUrl;
- }
-
- static function getAllActive($type=false) {
- global $global;
- $sql = "SELECT * FROM ".static::getTableName()." WHERE status = 'active' ";
- if(!empty($type)){
- $sql .= " AND type = $type ";
- }
- $sql .= " ORDER BY menu_order ";
- _mysql_connect();
- $res = $global['mysqli']->query($sql);
- $rows = array();
- if ($res) {
- while ($row = $res->fetch_assoc()) {
- $rows[] = $row;
- }
- }
- return $rows;
- }
-
- function save() {
- global $global;
- if(empty($this->menuName)){
- $this->menuName = 'Unknow Menu Name';
- }
- if(empty($this->categories_id)){
- $this->categories_id = 'null';
- }
- if(empty($this->users_groups_id)){
- $this->users_groups_id = 'null';
- }
-
- if(empty($this->menu_order)){
- $this->menu_order = 0;
- }
- if(empty($this->status)){
- $this->status = "active";
- }
-
- if(empty($this->position)){
- $this->position = "right";
- }
- if(empty($this->type)){
- $this->type = 1;
- }
- if(empty($this->menuSeoUrl)){
- $this->menuSeoUrl=$this->menuName;
- }
-
- $this->menuSeoUrl=$global['mysqli']->real_escape_string(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->menuSeoUrl)));
-
- return parent::save();
- }
-
-
-}
+'Left',
+ 2=>'Top',
+ 3=>'Action',
+ 4=>'Action Per Video',
+ 5=>'Action Per Video For Logged Users Only',
+ 6=>'Action Per Video For Users That can Watch Video',
+ 7=>'Action Per Video For Users That can NOT Watch Video',
+ 8=>'Mobile Tab Menu',
+ 9=>'Mobile Left Menu',
+ 10=>'Mobile Tab Menu in a Browser',
+ 11=>'Mobile Left Menu in a Browser');
+
+ protected $id, $menuName, $categories_id, $users_groups_id, $menu_order, $status, $position, $type, $icon, $menuSeoUrl;
+
+ static function getSearchFieldsNames() {
+ return array();
+ }
+
+ static function getTableName() {
+ return 'topMenu';
+ }
+
+ function setMenuName($menuName) {
+ $this->menuName = $menuName;
+ }
+
+ function setCategories_id($categories_id) {
+ $this->categories_id = $categories_id;
+ }
+
+ function setUsers_groups_id($users_groups_id) {
+ $this->users_groups_id = $users_groups_id;
+ }
+
+ function setMenu_order($menu_order) {
+ $this->menu_order = $menu_order;
+ }
+
+ function setStatus($status) {
+ $this->status = $status;
+ }
+
+ function setPosition($position) {
+ $this->position = $position;
+ }
+
+ function setType($type) {
+ $this->type = $type;
+ }
+
+ function setIcon($icon) {
+ $this->icon = $icon;
+ }
+
+ function setmenuSeoUrl($menuSeoUrl){
+ $this->menuSeoUrl=$menuSeoUrl;
+ }
+
+ static function getAllActive($type=false) {
+ global $global;
+ $sql = "SELECT * FROM ".static::getTableName()." WHERE status = 'active' ";
+ if(!empty($type)){
+ $sql .= " AND type = $type ";
+ }
+ $sql .= " ORDER BY menu_order ";
+ _mysql_connect();
+ $res = $global['mysqli']->query($sql);
+ $rows = array();
+ if ($res) {
+ while ($row = $res->fetch_assoc()) {
+ $rows[] = $row;
+ }
+ }
+ return $rows;
+ }
+
+ function save() {
+ global $global;
+ if(empty($this->menuName)){
+ $this->menuName = 'Unknow Menu Name';
+ }
+ if(empty($this->categories_id)){
+ $this->categories_id = 'null';
+ }
+ if(empty($this->users_groups_id)){
+ $this->users_groups_id = 'null';
+ }
+
+ if(empty($this->menu_order)){
+ $this->menu_order = 0;
+ }
+ if(empty($this->status)){
+ $this->status = "active";
+ }
+
+ if(empty($this->position)){
+ $this->position = "right";
+ }
+ if(empty($this->type)){
+ $this->type = 1;
+ }
+ if(empty($this->menuSeoUrl)){
+ $this->menuSeoUrl=$this->menuName;
+ }
+
+ $this->menuSeoUrl=(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->menuSeoUrl)));
+
+ return parent::save();
+ }
+
+
+}
diff --git a/plugin/TopMenu/Objects/MenuItem.php b/plugin/TopMenu/Objects/MenuItem.php
index c92535cff0..36d3a9ccd5 100644
--- a/plugin/TopMenu/Objects/MenuItem.php
+++ b/plugin/TopMenu/Objects/MenuItem.php
@@ -1,142 +1,142 @@
-query($sql);
- $rows = array();
- if ($res) {
- $webSiteRootURLParse = parse_url($global['webSiteRootURL']);
- $webSiteRootURLParse['host'] = strtolower($webSiteRootURLParse['host']);
- while ($row = $res->fetch_assoc()) {
- $row['finalURL'] = $row['url'];
- $row['target'] = "";
- if (!empty($row['url']) && strpos($row['url'], 'iframe:') === false) {// it is not an iframe
- $parse = parse_url($row['url']);
- if (!empty($parse['host']) && strtolower($parse['host']) !== $webSiteRootURLParse['host']) {// it is to another domain
- $row['target'] = " target='_blank' rel='noopener noreferrer' ";
- }
- } else {
- if (!empty($row['menuSeoUrlItem'])) {
- $row['finalURL'] = $global['webSiteRootURL'] . "menu/{$row['menuSeoUrlItem']}";
- } else {
- $row['finalURL'] = $global['webSiteRootURL'] . "plugin/TopMenu/?id={$row['id']}";
- }
- }
- $rows[] = $row;
- }
- } else {
- die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- return $rows;
- }
-
- function setTitle($title) {
- $this->title = $title;
- }
-
- function setImage($image) {
- $this->image = $image;
- }
-
- function setUrl($url) {
- $this->url = $url;
- }
-
- function setClass($class) {
- $this->class = $class;
- }
-
- function setStyle($style) {
- $this->style = $style;
- }
-
- function setItem_order($item_order) {
- $this->item_order = intval($item_order);
- }
-
- function setTopMenu_id($topMenu_id) {
- $this->topMenu_id = intval($topMenu_id);
- }
-
- function setStatus($status) {
- $this->status = $status;
- }
-
- function setText($text) {
- $this->text = $text;
- }
-
- function setIcon($icon) {
- $this->icon = $icon;
- }
-
- function setClean_url($clean_url) {
- $this->clean_url = $clean_url;
- }
-
- function setmenuSeoUrlItem($menuSeoUrlItem) {
- $this->menuSeoUrlItem = $menuSeoUrlItem;
- }
-
- function save() {
- global $global;
- if (empty($this->title)) {
- $this->title = "Unknow Item Menu Title";
- }
- if (empty($this->status)) {
- $this->status = "active";
- }
- if (empty($this->menuSeoUrlItem)) {
- $this->menuSeoUrlItem = $this->title;
- }
- $this->menuSeoUrlItem = $global['mysqli']->real_escape_string(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->title)));
-
- $this->title = $global['mysqli']->real_escape_string($this->title);
- $this->text = $global['mysqli']->real_escape_string($this->text);
-
- return parent::save();
- }
-
- function getTitle() {
- return $this->title;
- }
-
- function getText() {
- return $this->text;
- }
-
- function getUrl() {
- return $this->url;
- }
-
-}
+query($sql);
+ $rows = array();
+ if ($res) {
+ $webSiteRootURLParse = parse_url($global['webSiteRootURL']);
+ $webSiteRootURLParse['host'] = strtolower($webSiteRootURLParse['host']);
+ while ($row = $res->fetch_assoc()) {
+ $row['finalURL'] = $row['url'];
+ $row['target'] = "";
+ if (!empty($row['url']) && strpos($row['url'], 'iframe:') === false) {// it is not an iframe
+ $parse = parse_url($row['url']);
+ if (!empty($parse['host']) && strtolower($parse['host']) !== $webSiteRootURLParse['host']) {// it is to another domain
+ $row['target'] = " target='_blank' rel='noopener noreferrer' ";
+ }
+ } else {
+ if (!empty($row['menuSeoUrlItem'])) {
+ $row['finalURL'] = $global['webSiteRootURL'] . "menu/{$row['menuSeoUrlItem']}";
+ } else {
+ $row['finalURL'] = $global['webSiteRootURL'] . "plugin/TopMenu/?id={$row['id']}";
+ }
+ }
+ $rows[] = $row;
+ }
+ } else {
+ die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ return $rows;
+ }
+
+ function setTitle($title) {
+ $this->title = $title;
+ }
+
+ function setImage($image) {
+ $this->image = $image;
+ }
+
+ function setUrl($url) {
+ $this->url = $url;
+ }
+
+ function setClass($class) {
+ $this->class = $class;
+ }
+
+ function setStyle($style) {
+ $this->style = $style;
+ }
+
+ function setItem_order($item_order) {
+ $this->item_order = intval($item_order);
+ }
+
+ function setTopMenu_id($topMenu_id) {
+ $this->topMenu_id = intval($topMenu_id);
+ }
+
+ function setStatus($status) {
+ $this->status = $status;
+ }
+
+ function setText($text) {
+ $this->text = $text;
+ }
+
+ function setIcon($icon) {
+ $this->icon = $icon;
+ }
+
+ function setClean_url($clean_url) {
+ $this->clean_url = $clean_url;
+ }
+
+ function setmenuSeoUrlItem($menuSeoUrlItem) {
+ $this->menuSeoUrlItem = $menuSeoUrlItem;
+ }
+
+ function save() {
+ global $global;
+ if (empty($this->title)) {
+ $this->title = "Unknow Item Menu Title";
+ }
+ if (empty($this->status)) {
+ $this->status = "active";
+ }
+ if (empty($this->menuSeoUrlItem)) {
+ $this->menuSeoUrlItem = $this->title;
+ }
+ $this->menuSeoUrlItem = (preg_replace('/[^a-z0-9]+/', '_', strtolower($this->title)));
+
+ $this->title = ($this->title);
+ $this->text = ($this->text);
+
+ return parent::save();
+ }
+
+ function getTitle() {
+ return $this->title;
+ }
+
+ function getText() {
+ return $this->text;
+ }
+
+ function getUrl() {
+ return $this->url;
+ }
+
+}
diff --git a/plugin/TopMenu/TopMenu.php b/plugin/TopMenu/TopMenu.php
index 89f9e2fb89..0d7975b29e 100644
--- a/plugin/TopMenu/TopMenu.php
+++ b/plugin/TopMenu/TopMenu.php
@@ -91,7 +91,7 @@ class TopMenu extends PluginAbstract {
public function getidBySeoUrl($menuSeoUrlItem) {
global $global;
$sql="select id from topMenu_items where menuSeoUrlItem= ?";
- $res=sqlDal::readSql($sql, "s", array($global['mysqli']->real_escape_string($menuSeoUrlItem)));
+ $res=sqlDal::readSql($sql, "s", array(($menuSeoUrlItem)));
$menuId=sqlDAL::fetchAssoc($res);
if(!isset($menuId['id']))
return false;
diff --git a/plugin/YPTWallet/Objects/Wallet.php b/plugin/YPTWallet/Objects/Wallet.php
index 58636922e3..cf81e7f873 100644
--- a/plugin/YPTWallet/Objects/Wallet.php
+++ b/plugin/YPTWallet/Objects/Wallet.php
@@ -1,119 +1,119 @@
-balance)){
- return 0.0;
- }
- return floatval($this->balance);
- }
-
- function getId() {
- return $this->id;
- }
-
- function setId($id) {
- $this->id = $id;
- }
-
- function getUsers_id() {
- return $this->users_id;
- }
-
- function setBalance($balance) {
- $this->balance = floatval($balance);
- }
-
- function setUsers_id($users_id) {
- $this->loadFromUser($users_id);
- $this->users_id = $users_id;
- }
-
- // base64 is used to save hexa values as string in some databases
- function getCrypto_wallet_address() {
- return base64_decode($this->crypto_wallet_address);
- }
-
- function setCrypto_wallet_address($crypto_wallet_address) {
- $this->crypto_wallet_address = base64_encode($crypto_wallet_address);
- }
-
- protected function loadFromUser($users_id) {
- $row = self::getFromUser($users_id);
- if (empty($row))
- return false;
- foreach ($row as $key => $value) {
- $this->$key = $value;
- }
- return true;
- }
-
- static function getFromUser($users_id) {
- global $global;
- $users_id = intval($users_id);
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = $users_id LIMIT 1";
- $res = $global['mysqli']->query($sql);
- if ($res) {
- $row = $res->fetch_assoc();
- $res->free();// do not cache the result
- } else {
- $row = false;
- }
- return $row;
- }
-
- static function getFromWalletId($wallet_id) {
- global $global;
- $wallet_id = intval($wallet_id);
- $sql = "SELECT u.*, w.* FROM " . static::getTableName() . " w "
- . " LEFT JOIN users u ON u.id = users_id WHERE w.id = $wallet_id LIMIT 1";
- //echo $sql;
- $res = $global['mysqli']->query($sql);
- if ($res) {
- $row = $res->fetch_assoc();
- $row = cleanUpRowFromDatabase($row);
- } else {
- $row = false;
- }
- return $row;
- }
-
- public function save() {
- global $global;
- $this->balance = floatval($this->balance);
- $this->crypto_wallet_address = $global['mysqli']->real_escape_string($this->crypto_wallet_address);
- ObjectYPT::clearSessionCache();
- return parent::save();
- }
-
- static function getOrCreateFromUser($users_id) {
- $wallet = self::getFromUser($users_id);
- if(empty($wallet)){
- $w = new Wallet(0);
- $w->setBalance(0);
- $w->setCrypto_wallet_address("");
- $w->setUsers_id($users_id);
- $w->save();
- $wallet = self::getFromUser($users_id);
- }
- return $wallet;
- }
-
-}
+balance)){
+ return 0.0;
+ }
+ return floatval($this->balance);
+ }
+
+ function getId() {
+ return $this->id;
+ }
+
+ function setId($id) {
+ $this->id = $id;
+ }
+
+ function getUsers_id() {
+ return $this->users_id;
+ }
+
+ function setBalance($balance) {
+ $this->balance = floatval($balance);
+ }
+
+ function setUsers_id($users_id) {
+ $this->loadFromUser($users_id);
+ $this->users_id = $users_id;
+ }
+
+ // base64 is used to save hexa values as string in some databases
+ function getCrypto_wallet_address() {
+ return base64_decode($this->crypto_wallet_address);
+ }
+
+ function setCrypto_wallet_address($crypto_wallet_address) {
+ $this->crypto_wallet_address = base64_encode($crypto_wallet_address);
+ }
+
+ protected function loadFromUser($users_id) {
+ $row = self::getFromUser($users_id);
+ if (empty($row))
+ return false;
+ foreach ($row as $key => $value) {
+ $this->$key = $value;
+ }
+ return true;
+ }
+
+ static function getFromUser($users_id) {
+ global $global;
+ $users_id = intval($users_id);
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = $users_id LIMIT 1";
+ $res = $global['mysqli']->query($sql);
+ if ($res) {
+ $row = $res->fetch_assoc();
+ $res->free();// do not cache the result
+ } else {
+ $row = false;
+ }
+ return $row;
+ }
+
+ static function getFromWalletId($wallet_id) {
+ global $global;
+ $wallet_id = intval($wallet_id);
+ $sql = "SELECT u.*, w.* FROM " . static::getTableName() . " w "
+ . " LEFT JOIN users u ON u.id = users_id WHERE w.id = $wallet_id LIMIT 1";
+ //echo $sql;
+ $res = $global['mysqli']->query($sql);
+ if ($res) {
+ $row = $res->fetch_assoc();
+ $row = cleanUpRowFromDatabase($row);
+ } else {
+ $row = false;
+ }
+ return $row;
+ }
+
+ public function save() {
+ global $global;
+ $this->balance = floatval($this->balance);
+ $this->crypto_wallet_address = ($this->crypto_wallet_address);
+ ObjectYPT::clearSessionCache();
+ return parent::save();
+ }
+
+ static function getOrCreateFromUser($users_id) {
+ $wallet = self::getFromUser($users_id);
+ if(empty($wallet)){
+ $w = new Wallet(0);
+ $w->setBalance(0);
+ $w->setCrypto_wallet_address("");
+ $w->setUsers_id($users_id);
+ $w->save();
+ $wallet = self::getFromUser($users_id);
+ }
+ return $wallet;
+ }
+
+}
diff --git a/plugin/YPTWallet/Objects/Wallet_log.php b/plugin/YPTWallet/Objects/Wallet_log.php
index 2d3d4a3b2d..773612691c 100644
--- a/plugin/YPTWallet/Objects/Wallet_log.php
+++ b/plugin/YPTWallet/Objects/Wallet_log.php
@@ -1,180 +1,180 @@
-value;
- }
-
- function getDescription() {
- return $this->description;
- }
-
- function getWallet_id() {
- return $this->wallet_id;
- }
-
- function getJson_data() {
- return $this->json_data;
- }
-
- function setValue($value) {
- $this->value = $value;
- }
-
- function setDescription($description) {
- $this->description = $description;
- }
-
- function setWallet_id($wallet_id) {
- $this->wallet_id = $wallet_id;
- }
-
- function setJson_data($json_data) {
- $this->json_data = $json_data;
- }
-
- function getStatus() {
- return $this->status;
- }
-
- function getType() {
- return $this->type;
- }
-
- function setStatus($status) {
- $this->status = $status;
- }
-
- function setType($type) {
- $this->type = $type;
- }
-
- function getInformation() {
- return $this->information;
- }
-
- function setInformation($information) {
- if(!is_string($information)){
- $information = _json_encode($information);
- }
- $this->information = $information;
- }
-
- static function getAllFromWallet($wallet_id, $dontReturnEmpty = true, $status="") {
- global $global;
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE 1=1 ";
-
- if(!empty($wallet_id)){
- $sql .= " AND wallet_id=$wallet_id ";
- }
-
- if($dontReturnEmpty){
- $sql .= " AND value != 0.0 ";
- }
-
- if(!empty($status)){
- $sql .= " AND status = '$status' ";
- }
-
- $sql .= self::getSqlFromPost();
- $obj = AVideoPlugin::getObjectData("YPTWallet");
- $res = $global['mysqli']->query($sql);
- $rows = array();
- if ($res) {
- while ($row = $res->fetch_assoc()) {
- $row['valueText'] = YPTWallet::formatCurrency($row['value']);
- $row['wallet'] = Wallet::getFromWalletId($row['wallet_id']);
- $row['user'] = $row['wallet']['user'];
- $row['balance'] = $row['wallet']['balance'];
- $row['crypto_wallet_address'] = "";
- $rows[] = $row;
- }
- } else {
- die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
- }
- return $rows;
- }
-
- static function getTotalFromWallet($wallet_id, $dontReturnEmpty = true, $status="") {
- global $global;
- $sql = "SELECT * FROM " . static::getTableName() . " WHERE 1=1 ";
-
- if(!empty($wallet_id)){
- $sql .= " AND wallet_id=$wallet_id ";
- }
-
- if($dontReturnEmpty){
- $sql .= " AND value != 0.0 ";
- }
-
- if(!empty($status)){
- $sql .= " AND status = '$status' ";
- }
-
- $sql .= self::getSqlSearchFromPost();
- $res = $global['mysqli']->query($sql);
- if(!$res){
- return 0;
- }
-
- return $res->num_rows;
- }
-
- static function getAllFromUser($users_id, $dontReturnEmpty = true) {
-
- $wallet = Wallet::getFromUser($users_id);
- if(empty($wallet)){
- return false;
- }
- return self::getAllFromWallet($wallet['id'], $dontReturnEmpty);
- }
-
- static function getTotalFromUser($users_id, $dontReturnEmpty = true) {
-
- $wallet = Wallet::getFromUser($users_id);
-
- if(empty($wallet)){
- return false;
- }
- return self::getTotalFromWallet($wallet['id'], $dontReturnEmpty);
- }
-
- static function addLog($wallet_id, $value, $description="", $json_data="{}", $status="success", $type="", $information=''){
- $log = new WalletLog(0);
- $log->setWallet_id($wallet_id);
- $log->setValue($value);
- $log->setDescription($description);
- $log->setJson_data($json_data);
- $log->setStatus($status);
- $log->setType($type);
- $log->setInformation($information);
- return $log->save();
- }
-
- function save() {
- global $global;
- $this->description = $global['mysqli']->real_escape_string($this->description);
- $this->information = $global['mysqli']->real_escape_string($this->information);
- return parent::save();
- }
-
-
-}
+value;
+ }
+
+ function getDescription() {
+ return $this->description;
+ }
+
+ function getWallet_id() {
+ return $this->wallet_id;
+ }
+
+ function getJson_data() {
+ return $this->json_data;
+ }
+
+ function setValue($value) {
+ $this->value = $value;
+ }
+
+ function setDescription($description) {
+ $this->description = $description;
+ }
+
+ function setWallet_id($wallet_id) {
+ $this->wallet_id = $wallet_id;
+ }
+
+ function setJson_data($json_data) {
+ $this->json_data = $json_data;
+ }
+
+ function getStatus() {
+ return $this->status;
+ }
+
+ function getType() {
+ return $this->type;
+ }
+
+ function setStatus($status) {
+ $this->status = $status;
+ }
+
+ function setType($type) {
+ $this->type = $type;
+ }
+
+ function getInformation() {
+ return $this->information;
+ }
+
+ function setInformation($information) {
+ if(!is_string($information)){
+ $information = _json_encode($information);
+ }
+ $this->information = $information;
+ }
+
+ static function getAllFromWallet($wallet_id, $dontReturnEmpty = true, $status="") {
+ global $global;
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE 1=1 ";
+
+ if(!empty($wallet_id)){
+ $sql .= " AND wallet_id=$wallet_id ";
+ }
+
+ if($dontReturnEmpty){
+ $sql .= " AND value != 0.0 ";
+ }
+
+ if(!empty($status)){
+ $sql .= " AND status = '$status' ";
+ }
+
+ $sql .= self::getSqlFromPost();
+ $obj = AVideoPlugin::getObjectData("YPTWallet");
+ $res = $global['mysqli']->query($sql);
+ $rows = array();
+ if ($res) {
+ while ($row = $res->fetch_assoc()) {
+ $row['valueText'] = YPTWallet::formatCurrency($row['value']);
+ $row['wallet'] = Wallet::getFromWalletId($row['wallet_id']);
+ $row['user'] = $row['wallet']['user'];
+ $row['balance'] = $row['wallet']['balance'];
+ $row['crypto_wallet_address'] = "";
+ $rows[] = $row;
+ }
+ } else {
+ die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
+ }
+ return $rows;
+ }
+
+ static function getTotalFromWallet($wallet_id, $dontReturnEmpty = true, $status="") {
+ global $global;
+ $sql = "SELECT * FROM " . static::getTableName() . " WHERE 1=1 ";
+
+ if(!empty($wallet_id)){
+ $sql .= " AND wallet_id=$wallet_id ";
+ }
+
+ if($dontReturnEmpty){
+ $sql .= " AND value != 0.0 ";
+ }
+
+ if(!empty($status)){
+ $sql .= " AND status = '$status' ";
+ }
+
+ $sql .= self::getSqlSearchFromPost();
+ $res = $global['mysqli']->query($sql);
+ if(!$res){
+ return 0;
+ }
+
+ return $res->num_rows;
+ }
+
+ static function getAllFromUser($users_id, $dontReturnEmpty = true) {
+
+ $wallet = Wallet::getFromUser($users_id);
+ if(empty($wallet)){
+ return false;
+ }
+ return self::getAllFromWallet($wallet['id'], $dontReturnEmpty);
+ }
+
+ static function getTotalFromUser($users_id, $dontReturnEmpty = true) {
+
+ $wallet = Wallet::getFromUser($users_id);
+
+ if(empty($wallet)){
+ return false;
+ }
+ return self::getTotalFromWallet($wallet['id'], $dontReturnEmpty);
+ }
+
+ static function addLog($wallet_id, $value, $description="", $json_data="{}", $status="success", $type="", $information=''){
+ $log = new WalletLog(0);
+ $log->setWallet_id($wallet_id);
+ $log->setValue($value);
+ $log->setDescription($description);
+ $log->setJson_data($json_data);
+ $log->setStatus($status);
+ $log->setType($type);
+ $log->setInformation($information);
+ return $log->save();
+ }
+
+ function save() {
+ global $global;
+ $this->description = ($this->description);
+ $this->information = ($this->information);
+ return parent::save();
+ }
+
+
+}
diff --git a/updatedb/updateDb.v12.0.sql b/updatedb/updateDb.v12.0.sql
new file mode 100644
index 0000000000..b67b0f9e82
--- /dev/null
+++ b/updatedb/updateDb.v12.0.sql
@@ -0,0 +1,95 @@
+-- ### Credit
+--
+-- Discovered by Claudio Bozzato of Cisco Talos.
+--
+-- TALOS-2022-1534
+--
+-- Now the userUpdate.json.php requires a request from the same domain as the AVideo site
+-- in aditional all save and delete database calls requires the same by default (a whitelist can be builded hardcoding it in the objects/Object.php file)
+--
+-- TALOS-2022-1535
+--
+-- Session ID will only change if you are not logged in
+-- In case the session ID changed we will regenerate it with a new name avoiding reuse it
+--
+-- TALOS-2022-1536
+--
+-- plugin/Live/view/Live_schedule/add.json.php and objects/playlistAddNew.json.php will deny to update if the users_id is not = as the original record when it is editing
+--
+-- TALOS-2022-1537
+--
+-- Add a sanitize rule on the security file
+--
+--
+-- TALOS-2022-1539
+--
+-- Add a sanitize rule on the view/img/image403.php file itself
+--
+-- TALOS-2022-1540
+--
+-- Video title and filename will always be sanitized on the setTitle method (sometimes more than once)
+--
+--
+-- TALOS-2022-1542
+--
+-- httponly set to true
+-- we are now using the passhash instead of the database pass in all site
+-- the passhash is totally different than the original DB password, it a encrypted json and has an expiration time and also will be automatically rejected if the original password is updated
+-- the login with the pass hash (database password field) directly will be disabled soon, for now it is only enabled to buy some time to update the other third parties apps
+--
+-- TALOS-2022-1545
+--
+-- Fixed on TALOS-2022-1542
+--
+-- TALOS-2022-1546
+--
+-- Filename is now sanitized with escapeshellarg(safeString($filename,true));
+--
+-- TALOS-2022-1538
+--
+-- all 4 parameters are sanitized now
+-- also if the request does not come from the same site, the showAlertMessage() function will not be executed
+--
+-- TALOS-2022-1547
+--
+-- Now every time the admin login we will check if the new videos/.htaccess is there, and create it if it is not
+--
+-- Order Allow,Deny
+-- Deny from all
+--
+--
+-- Require all denied
+--
+--
+--
+-- Order Allow,Deny
+-- Allow from all
+--
+--
+-- Require all granted
+--
+--
+--
+-- this will only allow access to only some specific file types inside videos folder
+--
+-- TALOS-2022-1548
+--
+-- we now verify if is a valid URL properly, also we are using the escapeshellarg for URL and destination filename
+--
+-- TALOS-2022-1549
+--
+-- We now only download the downloadURL_image if it is a valid URL NOT localfiles any more
+--
+-- TALOS-2022-1551
+--
+-- All our classes were updated using the prepare statement to avoid sql injection
+-- also `videoDownloadedLink` and `duration` are now sanitized
+-- if you are editing anything we now "forbidIfItIsNotMyUsersId"
+-- key and URL are now sanitized Clone plugin
+--
+-- TALOS-2022-1550
+--
+-- the url_get_contents now only download files from valid URLs or files from inside the cache folder
+
+
+UPDATE configurations SET version = '12.0', modified = now() WHERE id = 1;
\ No newline at end of file