yetangitu/Oinktube
1
0
Fork 0
mirror of https://github.com/DanielnetoDotCom/YouPHPTube synced 2025-10-04 02:09:22 +02:00
Code Issues Releases Wiki Activity

TALOS Security Advisory for WWBN (TALOS-2022-1551, TALOS-2022-1550, TALOS-2022-1549, TALOS-2022-1548, TALOS-2022-1547, TALOS-2022-1546, TALOS-2022-1545, TALOS-2022-1542, TALOS-2022-1540 - TALOS-2022-1534)

Browse source 
Should all be good now
This commit is contained in:
DanieL 2022-07-07 17:24:20 -03:00
parent 68328cdd42
commit 21fed6e0b7
36 changed files with 3221 additions and 3091 deletions
Download patch file Download diff file Expand all files Collapse all files

2
install/checkConfiguration.php
View file

@ -4,7 +4,7 @@ if (file_exists("../videos/configuration.php")) {
exit; exit;
} }
$installationVersion = "11.8"; $installationVersion = "12.0";
error_log("Installation: ".__LINE__." ". json_encode($_POST)); error_log("Installation: ".__LINE__." ". json_encode($_POST));
header('Content-Type: application/json'); header('Content-Type: application/json');

58
install/liveLinks.php
View file

@ -1,29 +1,29 @@
<?php <?php
//streamer config //streamer config
require_once '../videos/configuration.php'; require_once '../videos/configuration.php';
if (!isCommandLineInterface()) { if (!isCommandLineInterface()) {
return die('Command Line only'); return die('Command Line only');
} }
AVideoPlugin::loadPlugin("Live"); AVideoPlugin::loadPlugin("Live");
$channelName = $global['mysqli']->real_escape_string($channelName); $channelName = ($channelName);
$sql = "SELECT lt.*, u.* FROM users u LEFT JOIN live_transmitions lt ON users_id = u.id " $sql = "SELECT lt.*, u.* FROM users u LEFT JOIN live_transmitions lt ON users_id = u.id "
. " WHERE canStream = 1 AND status = 'a' ORDER BY public DESC LIMIT 20"; . " WHERE canStream = 1 AND status = 'a' ORDER BY public DESC LIMIT 20";
$res = sqlDAL::readSql($sql); $res = sqlDAL::readSql($sql);
$users = sqlDAL::fetchAllAssoc($res); $users = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if ($res != false) { if ($res != false) {
foreach ($users as $row) { foreach ($users as $row) {
echo "-----------------------------------".PHP_EOL; echo "-----------------------------------".PHP_EOL;
if (!empty($row['public'])) { if (!empty($row['public'])) {
echo "PUBLIC "; echo "PUBLIC ";
} }
echo "{$row['id']} - {$row['user']} ".PHP_EOL; echo "{$row['id']} - {$row['user']} ".PHP_EOL;
echo Live::getServer() . "?p=" . $row['password'] . "/" . $row['key'].PHP_EOL; echo Live::getServer() . "?p=" . $row['password'] . "/" . $row['key'].PHP_EOL;
echo Live::getLinkToLiveFromUsers_id($row['id']).PHP_EOL; echo Live::getLinkToLiveFromUsers_id($row['id']).PHP_EOL;
echo "-----------------------------------".PHP_EOL; echo "-----------------------------------".PHP_EOL;
} }
} }
die(); die();

45
objects/Object.php
View file

@ -3,7 +3,6 @@ interface ObjectInterface
{ {
public static function getTableName(); public static function getTableName();
public static function getSearchFieldsNames();
} }
$tableExists = []; $tableExists = [];
@ -19,8 +18,12 @@ abstract class ObjectYPT implements ObjectInterface
$this->load($id); $this->load($id);
} }
} }
public static function getSearchFieldsNames(){
return array();
}
protected function load($id) public function load($id)
{ {
$row = self::getFromDb($id); $row = self::getFromDb($id);
if (empty($row)) { if (empty($row)) {
@ -165,8 +168,8 @@ abstract class ObjectYPT implements ObjectInterface
if (!empty($_POST['sort'])) { if (!empty($_POST['sort'])) {
$orderBy = []; $orderBy = [];
foreach ($_POST['sort'] as $key => $value) { foreach ($_POST['sort'] as $key => $value) {
$key = $global['mysqli']->real_escape_string($key); $key = ($key);
//$value = $global['mysqli']->real_escape_string($value); //$value = ($value);
$direction = "ASC"; $direction = "ASC";
if (strtoupper($value) === "DESC") { if (strtoupper($value) === "DESC") {
$direction = "DESC"; $direction = "DESC";
@ -253,7 +256,7 @@ abstract class ObjectYPT implements ObjectInterface
} }
if (!empty($_GET['q'])) { if (!empty($_GET['q'])) {
global $global; global $global;
$search = $global['mysqli']->real_escape_string(xss_esc($_GET['q'])); $search = (xss_esc($_GET['q']));
$like = []; $like = [];
$searchFields = static::getSearchFieldsNames(); $searchFields = static::getSearchFieldsNames();
@ -287,10 +290,13 @@ abstract class ObjectYPT implements ObjectInterface
} }
global $global; global $global;
$fieldsName = $this->getAllFields(); $fieldsName = $this->getAllFields();
$formats = '';
$values = array();
if (!empty($this->id)) { if (!empty($this->id)) {
$sql = "UPDATE " . static::getTableName() . " SET "; $sql = "UPDATE " . static::getTableName() . " SET ";
$fields = []; $fields = [];
foreach ($fieldsName as $value) { foreach ($fieldsName as $value) {
//$escapedValue = $global['mysqli']->real_escape_string($this->$value);
if (strtolower($value) == 'created') { if (strtolower($value) == 'created') {
// do nothing // do nothing
} elseif (strtolower($value) == 'modified') { } elseif (strtolower($value) == 'modified') {
@ -299,17 +305,21 @@ abstract class ObjectYPT implements ObjectInterface
if (empty($this->$value)) { if (empty($this->$value)) {
$this->$value = date_default_timezone_get(); $this->$value = date_default_timezone_get();
} }
$fields[] = " `{$value}` = '{$this->$value}' "; $formats .= 's';
} elseif (is_numeric($this->$value)) { $values[] = $this->$value;
$fields[] = " `{$value}` = {$this->$value} "; $fields[] = " `{$value}` = ? ";
} elseif (!isset($this->$value) || strtolower($this->$value) == 'null') { } elseif (!isset($this->$value) || strtolower($this->$value) == 'null') {
$fields[] = " `{$value}` = NULL "; $fields[] = " `{$value}` = NULL ";
} else { } else {
$fields[] = " `{$value}` = '{$this->$value}' "; $formats .= 's';
$values[] = $this->$value;
$fields[] = " `{$value}` = ? ";
} }
} }
$sql .= implode(", ", $fields); $sql .= implode(", ", $fields);
$sql .= " WHERE id = {$this->id}"; $formats .= 'i';
$values[] = $this->id;
$sql .= " WHERE id = ?";
} else { } else {
$sql = "INSERT INTO " . static::getTableName() . " ( "; $sql = "INSERT INTO " . static::getTableName() . " ( ";
$sql .= "`" . implode("`,`", $fieldsName) . "` )"; $sql .= "`" . implode("`,`", $fieldsName) . "` )";
@ -321,20 +331,25 @@ abstract class ObjectYPT implements ObjectInterface
if (empty($this->$value)) { if (empty($this->$value)) {
$this->$value = date_default_timezone_get(); $this->$value = date_default_timezone_get();
} }
$fields[] = " '{$this->$value}' "; $formats .= 's';
$values[] = $this->$value;
$fields[] = " ? ";
} elseif (!isset($this->$value) || (is_string($this->$value) && strtolower($this->$value) == 'null')) { } elseif (!isset($this->$value) || (is_string($this->$value) && strtolower($this->$value) == 'null')) {
$fields[] = " NULL "; $fields[] = " NULL ";
} elseif (is_string($this->$value) || is_numeric($this->$value)) { } elseif (is_string($this->$value) || is_numeric($this->$value)) {
$fields[] = " '{$this->$value}' "; $formats .= 's';
$values[] = $this->$value;
$fields[] = " ? ";
} else { } else {
$fields[] = " NULL "; $fields[] = " NULL ";
} }
} }
$sql .= " VALUES (" . implode(", ", $fields) . ")"; $sql .= " VALUES (" . implode(", ", $fields) . ")";
} }
//if(static::getTableName() == 'Scheduler_commands'){ echo $sql;var_dump($this->parameters);exit;} //var_dump(static::getTableName(), $sql, $values);
//echo $sql;var_dump($this->parameters);exit; //if(static::getTableName() == 'videos'){ echo $sql;var_dump($values);exit;}return false;
$insert_row = sqlDAL::writeSql($sql); //echo $sql;var_dump($values);exit;
$insert_row = sqlDAL::writeSql($sql, $formats, $values);
if ($insert_row) { if ($insert_row) {
if (empty($this->id)) { if (empty($this->id)) {

2
objects/bootGrid.php
View file

@ -58,7 +58,7 @@ class BootGrid
if (!empty($_POST['searchPhrase'])) { if (!empty($_POST['searchPhrase'])) {
global $global; global $global;
$search = $global['mysqli']->real_escape_string(xss_esc($_POST['searchPhrase'])); $search = (xss_esc($_POST['searchPhrase']));
$search = str_replace('&quot;', '"', $search); $search = str_replace('&quot;', '"', $search);
$like = []; $like = [];
foreach ($searchFieldsNames as $value) { foreach ($searchFieldsNames as $value) {

2
objects/category.php
View file

@ -98,7 +98,7 @@ class Category {
} }
} }
private function load($id) { public function load($id) {
$row = self::getCategory($id); $row = self::getCategory($id);
if (empty($row)) { if (empty($row)) {
return false; return false;

4
objects/comment.php
View file

@ -60,7 +60,7 @@ class Comment
return $this->videos_id; return $this->videos_id;
} }
private function load($id) public function load($id)
{ {
$row = $this->getComment($id); $row = $this->getComment($id);
if (empty($row)) { if (empty($row)) {
@ -80,7 +80,7 @@ class Comment
die('{"error":"'.__("Permission denied").'"}'); die('{"error":"'.__("Permission denied").'"}');
} }
//$this->comment = htmlentities($this->comment); //$this->comment = htmlentities($this->comment);
$this->comment = $global['mysqli']->real_escape_string($this->comment); $this->comment = ($this->comment);
if (empty($this->comment)) { if (empty($this->comment)) {
return false; return false;

326
objects/comments_like.php
View file

@ -1,163 +1,163 @@
<?php <?php
global $global, $config; global $global, $config;
if (!isset($global['systemRootPath'])) { if (!isset($global['systemRootPath'])) {
require_once '../videos/configuration.php'; require_once '../videos/configuration.php';
} }
require_once $global['systemRootPath'] . 'objects/user.php'; require_once $global['systemRootPath'] . 'objects/user.php';
class CommentsLike class CommentsLike
{ {
private $id; private $id;
private $like; private $like;
private $comments_id; private $comments_id;
private $users_id; private $users_id;
public function __construct($like, $comments_id) public function __construct($like, $comments_id)
{ {
if (!User::isLogged()) { if (!User::isLogged()) {
header('Content-Type: application/json'); header('Content-Type: application/json');
die('{"error":"'.__("Permission denied").'"}'); die('{"error":"'.__("Permission denied").'"}');
} }
$this->comments_id = $comments_id; $this->comments_id = $comments_id;
$this->users_id = User::getId(); $this->users_id = User::getId();
$this->load(); $this->load();
// if click again in the same vote, remove the vote // if click again in the same vote, remove the vote
if ($this->like == $like) { if ($this->like == $like) {
$like = 0; $like = 0;
} }
$this->setLike($like); $this->setLike($like);
$this->save(); $this->save();
} }
private function setLike($like) private function setLike($like)
{ {
$like = intval($like); $like = intval($like);
if (!in_array($like, [0,1,-1])) { if (!in_array($like, [0,1,-1])) {
$like = 0; $like = 0;
} }
$this->like = $like; $this->like = $like;
} }
private function load() public function load()
{ {
$like = $this->getLike(); $like = $this->getLike();
if (empty($like)) { if (empty($like)) {
return false; return false;
} }
foreach ($like as $key => $value) { foreach ($like as $key => $value) {
$this->$key = $value; $this->$key = $value;
} }
} }
private function getLike() private function getLike()
{ {
global $global; global $global;
if (empty($this->users_id) || empty($this->comments_id)) { if (empty($this->users_id) || empty($this->comments_id)) {
header('Content-Type: application/json'); header('Content-Type: application/json');
die('{"error":"You must have user and videos set to get a like"}'); die('{"error":"You must have user and videos set to get a like"}');
} }
$sql = "SELECT * FROM comments_likes WHERE users_id = ? AND comments_id = ? LIMIT 1"; $sql = "SELECT * FROM comments_likes WHERE users_id = ? AND comments_id = ? LIMIT 1";
$res = sqlDAL::readSql($sql, "ii", [$this->users_id,$this->comments_id]); $res = sqlDAL::readSql($sql, "ii", [$this->users_id,$this->comments_id]);
$result = sqlDAL::fetchAssoc($res); $result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
return ($res) ? $result : false; return ($res) ? $result : false;
} }
private function save() private function save()
{ {
global $global; global $global;
if (!User::isLogged()) { if (!User::isLogged()) {
header('Content-Type: application/json'); header('Content-Type: application/json');
die('{"error":"'.__("Permission denied").'"}'); die('{"error":"'.__("Permission denied").'"}');
} }
$formats = ''; $formats = '';
$values = []; $values = [];
if (!empty($this->id)) { if (!empty($this->id)) {
$sql = "UPDATE comments_likes SET `like` = ?, modified = now() WHERE id = ?"; $sql = "UPDATE comments_likes SET `like` = ?, modified = now() WHERE id = ?";
$formats = "ii"; $formats = "ii";
$values = [$this->like,$this->id]; $values = [$this->like,$this->id];
} else { } else {
$sql = "INSERT INTO comments_likes ( `like`,users_id, comments_id, created, modified) VALUES (?, ?, ?, now(), now())"; $sql = "INSERT INTO comments_likes ( `like`,users_id, comments_id, created, modified) VALUES (?, ?, ?, now(), now())";
$formats = "iii"; $formats = "iii";
$values = [$this->like,$this->users_id,$this->comments_id]; $values = [$this->like,$this->users_id,$this->comments_id];
} }
return sqlDAL::writeSql($sql, $formats, $values); return sqlDAL::writeSql($sql, $formats, $values);
} }
public static function getLikes($comments_id) public static function getLikes($comments_id)
{ {
global $global; global $global;
$obj = new stdClass(); $obj = new stdClass();
$obj->comments_id = $comments_id; $obj->comments_id = $comments_id;
$obj->likes = 0; $obj->likes = 0;
$obj->dislikes = 0; $obj->dislikes = 0;
$obj->myVote = self::getMyVote($comments_id); $obj->myVote = self::getMyVote($comments_id);
$sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = ? AND `like` = 1 "; // like $sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = ? AND `like` = 1 "; // like
$res = sqlDAL::readSql($sql, "i", [$comments_id]); $res = sqlDAL::readSql($sql, "i", [$comments_id]);
$result = sqlDAL::fetchAssoc($res); $result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if (!$res) { if (!$res) {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
$obj->likes = intval($result['total']); $obj->likes = intval($result['total']);
$sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = ? AND `like` = -1 "; // dislike $sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = ? AND `like` = -1 "; // dislike
$res = sqlDAL::readSql($sql, "i", [$comments_id]); $res = sqlDAL::readSql($sql, "i", [$comments_id]);
$result = sqlDAL::fetchAssoc($res); $result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if (!$res) { if (!$res) {
die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
$obj->dislikes = intval($result['total']); $obj->dislikes = intval($result['total']);
return $obj; return $obj;
} }
public static function getTotalLikes() public static function getTotalLikes()
{ {
global $global; global $global;
$obj = new stdClass(); $obj = new stdClass();
$obj->likes = 0; $obj->likes = 0;
$obj->dislikes = 0; $obj->dislikes = 0;
$sql = "SELECT count(*) as total FROM comments_likes WHERE `like` = 1 "; // like $sql = "SELECT count(*) as total FROM comments_likes WHERE `like` = 1 "; // like
$res = sqlDAL::readSql($sql); $res = sqlDAL::readSql($sql);
$result = sqlDAL::fetchAssoc($res); $result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if (!$res) { if (!$res) {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
$obj->likes = intval($result['total']); $obj->likes = intval($result['total']);
$sql = "SELECT count(*) as total FROM comments_likes WHERE `like` = -1 "; // dislike $sql = "SELECT count(*) as total FROM comments_likes WHERE `like` = -1 "; // dislike
$res = sqlDAL::readSql($sql); $res = sqlDAL::readSql($sql);
$result = sqlDAL::fetchAssoc($res); $result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if (!$res) { if (!$res) {
die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
$obj->dislikes = intval($result['total']); $obj->dislikes = intval($result['total']);
return $obj; return $obj;
} }
public static function getMyVote($comments_id) public static function getMyVote($comments_id)
{ {
global $global; global $global;
if (!User::isLogged()) { if (!User::isLogged()) {
return 0; return 0;
} }
$id = User::getId(); $id = User::getId();
$sql = "SELECT `like` FROM comments_likes WHERE comments_id = ? AND users_id = ? "; // like $sql = "SELECT `like` FROM comments_likes WHERE comments_id = ? AND users_id = ? "; // like
$res = sqlDAL::readSql($sql, "ii", [$comments_id,$id]); $res = sqlDAL::readSql($sql, "ii", [$comments_id,$id]);
$result = sqlDAL::fetchAssoc($res); $result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if (!empty($result)) { if (!empty($result)) {
return intval($result['like']); return intval($result['like']);
} }
return 0; return 0;
} }
} }

122
objects/configuration.php
View file

@ -5,42 +5,42 @@ if (!isset($global['systemRootPath'])) {
} }
require_once $global['systemRootPath'] . 'objects/user.php'; require_once $global['systemRootPath'] . 'objects/user.php';
require_once $global['systemRootPath'] . 'objects/functions.php'; require_once $global['systemRootPath'] . 'objects/functions.php';
require_once $global['systemRootPath'] . 'objects/Object.php';
class Configuration class Configuration extends ObjectYPT{
{ protected $id;
private $id; protected $video_resolution;
private $video_resolution; protected $webSiteTitle;
private $webSiteTitle; protected $language;
private $language; protected $contactEmail;
private $contactEmail; protected $users_id;
private $users_id; protected $version;
private $version; protected $authCanUploadVideos;
private $authCanUploadVideos; protected $authCanViewChart;
private $authCanViewChart; protected $authCanComment;
private $authCanComment; protected $head;
private $head; protected $logo;
private $logo; protected $logo_small;
private $logo_small; protected $adsense;
private $adsense; protected $mode;
private $mode;
// version 2.7 // version 2.7
private $disable_analytics; protected $disable_analytics;
private $disable_youtubeupload; protected $disable_youtubeupload;
private $allow_download; protected $allow_download;
private $session_timeout; protected $session_timeout;
private $autoplay; protected $autoplay;
// version 3.1 // version 3.1
private $theme; protected $theme;
//version 3.3 //version 3.3
private $smtp; protected $smtp;
private $smtpAuth; protected $smtpAuth;
private $smtpSecure; protected $smtpSecure;
private $smtpHost; protected $smtpHost;
private $smtpUsername; protected $smtpUsername;
private $smtpPassword; protected $smtpPassword;
private $smtpPort; protected $smtpPort;
// version 4 // version 4
private $encoderURL; protected $encoderURL;
public function __construct($video_resolution = "") public function __construct($video_resolution = "")
{ {
@ -50,29 +50,13 @@ class Configuration
} }
} }
public function load() public function load($id='')
{ {
global $global; global $global;
_mysql_connect(); return parent::load(1);
$sql = "SELECT * FROM configurations WHERE id = 1 LIMIT 1";
//echo $sql;exit;
// add true because I was not getting the SMTP configuration on function setSiteSendMessage(&$mail)
$res = sqlDAL::readSql($sql, '', [], true);
$result = sqlDAL::fetchAssoc($res);
sqlDAL::close($res);
if ($res && !empty($result)) {
$config = $result;
//var_dump($config);exit;
foreach ($config as $key => $value) {
$this->$key = $value;
}
} else {
return false;
}
} }
public function save() public function save(){
{
global $global; global $global;
if (!User::isAdmin()) { if (!User::isAdmin()) {
header('Content-Type: application/json'); header('Content-Type: application/json');
@ -82,38 +66,7 @@ class Configuration
ObjectYPT::deleteCache("getEncoderURL"); ObjectYPT::deleteCache("getEncoderURL");
$sql = "UPDATE configurations SET " return parent::save();
. "video_resolution = '{$this->video_resolution}',"
. "webSiteTitle = '{$this->webSiteTitle}',"
. "language = '{$this->language}',"
. "contactEmail = '{$this->contactEmail}',"
. "users_id = '{$this->users_id}', "
. "authCanUploadVideos = '{$this->authCanUploadVideos}',"
. "authCanViewChart = '{$this->authCanViewChart}',"
. "authCanComment = '{$this->authCanComment}',"
. "encoderURL = '{$global['mysqli']->real_escape_string($this->_getEncoderURL())}',"
. "head = '{$global['mysqli']->real_escape_string($this->getHead())}',"
. "adsense = '{$global['mysqli']->real_escape_string($this->getAdsense())}',"
. "mode = '{$this->getMode()}',"
. "logo = '{$global['mysqli']->real_escape_string($this->getLogo())}',"
. "logo_small = '{$global['mysqli']->real_escape_string($this->getLogo_small())}',"
. "disable_analytics = '{$this->getDisable_analytics()}',"
. "disable_youtubeupload = '{$this->getDisable_youtubeupload()}',"
. "allow_download = '{$this->getAllow_download()}',"
. "session_timeout = '{$this->getSession_timeout()}',"
. "autoplay = '{$this->getAutoplay()}',"
. "theme = '{$global['mysqli']->real_escape_string($this->getTheme())}',"
. "smtp = '{$this->getSmtp()}',"
. "smtpAuth = '{$this->getSmtpAuth()}',"
. "smtpSecure = '{$global['mysqli']->real_escape_string($this->getSmtpSecure())}',"
. "smtpHost = '{$global['mysqli']->real_escape_string($this->getSmtpHost())}',"
. "smtpUsername = '{$global['mysqli']->real_escape_string($this->getSmtpUsername())}',"
. "smtpPort = '{$global['mysqli']->real_escape_string($this->getSmtpPort())}',"
. "smtpPassword = '{$global['mysqli']->real_escape_string($this->getSmtpPassword())}'"
. " WHERE id = 1";
return sqlDAL::writeSql($sql);
} }
public function getVideo_resolution() public function getVideo_resolution()
@ -624,4 +577,9 @@ require_once \$global['systemRootPath'].'objects/include_config.php';
} }
return " " . PAGE_TITLE_SEPARATOR . " "; return " " . PAGE_TITLE_SEPARATOR . " ";
} }
public static function getTableName() {
return 'configurations';
}
} }

68
objects/functions.php
View file

@ -24,6 +24,14 @@ if (!function_exists('xss_esc')) {
if (empty($text)) { if (empty($text)) {
return ""; return "";
} }
if(!is_string($text)){
if(is_array($text)){
foreach ($text as $key => $value) {
$text[$key] = xss_esc($value);
}
}
return $text;
}
$result = @htmlspecialchars($text, ENT_QUOTES, 'UTF-8'); $result = @htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
if (empty($result)) { if (empty($result)) {
$result = str_replace(['"', "'", "\\"], ["", "", ""], strip_tags($text)); $result = str_replace(['"', "'", "\\"], ["", "", ""], strip_tags($text));
@ -2000,7 +2008,7 @@ function unzipDirectory($filename, $destination) {
sleep(2); sleep(2);
ini_set('memory_limit', '-1'); ini_set('memory_limit', '-1');
ini_set('max_execution_time', 7200); // 2 hours ini_set('max_execution_time', 7200); // 2 hours
$filename = escapeshellarg($filename); $filename = escapeshellarg(safeString($filename,true));
$destination = escapeshellarg($destination); $destination = escapeshellarg($destination);
$cmd = "unzip -: {$filename} -d {$destination}" . " 2>&1"; $cmd = "unzip -: {$filename} -d {$destination}" . " 2>&1";
_error_log("unzipDirectory: {$cmd}"); _error_log("unzipDirectory: {$cmd}");
@ -2039,7 +2047,7 @@ function unzipDirectory($filename, $destination) {
} }
} else { } else {
_error_log("unzipDirectory: Success {$destination}"); _error_log("unzipDirectory: Success {$destination}");
} }
@unlink($filename); @unlink($filename);
} }
@ -2414,6 +2422,7 @@ function isValidM3U8Link($url, $timeout = 3) {
function url_get_contents($url, $ctx = "", $timeout = 0, $debug = false) { function url_get_contents($url, $ctx = "", $timeout = 0, $debug = false) {
global $global, $mysqlHost, $mysqlUser, $mysqlPass, $mysqlDatabase, $mysqlPort; global $global, $mysqlHost, $mysqlUser, $mysqlPass, $mysqlDatabase, $mysqlPort;
if (!isValidURLOrPath($url)) { if (!isValidURLOrPath($url)) {
_error_log('url_get_contents Cannot download '.$url);
return false; return false;
} }
if ($debug) { if ($debug) {
@ -3398,6 +3407,7 @@ function rrmdir($dir) {
function rrmdirCommandLine($dir, $async = false) { function rrmdirCommandLine($dir, $async = false) {
if (is_dir($dir)) { if (is_dir($dir)) {
$dir = escapeshellarg($dir);
if (isWindows()) { if (isWindows()) {
$command = ('rd /s /q ' . $dir); $command = ('rd /s /q ' . $dir);
} else { } else {
@ -5010,12 +5020,13 @@ function isValidURLOrPath($str, $insideCacheOrTmpDirOnly = true) {
} }
if (str_starts_with($str, '/') || str_starts_with($str, '../') || preg_match("/^[a-z]:.*/i", $str)) { if (str_starts_with($str, '/') || str_starts_with($str, '../') || preg_match("/^[a-z]:.*/i", $str)) {
if ($insideCacheOrTmpDirOnly) { if ($insideCacheOrTmpDirOnly) {
$vroot = realpath($str); $absolutePath = realpath($str);
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); $ext = strtolower(pathinfo($absolutePath, PATHINFO_EXTENSION));
if ($ext == 'php') { if ($ext == 'php') {
return false; return false;
} }
if (str_starts_with($vroot, getTmpDir()) || str_starts_with($vroot, $global['systemRootPath'])) { $cacheDir = "{$global['systemRootPath']}videos/cache/";
if (str_starts_with($absolutePath, getTmpDir()) || str_starts_with($absolutePath, $cacheDir)) {
return true; return true;
} }
} else { } else {
@ -5181,7 +5192,7 @@ function reloadSearchVar() {
} }
function wget($url, $filename, $debug = false) { function wget($url, $filename, $debug = false) {
if (empty($url) || $url == "php://input" || !preg_match("/^http/", $url)) { if (empty($url) || $url == "php://input" || !isValidURL($url)) {
return false; return false;
} }
if ($lockfilename = wgetIsLocked($url)) { if ($lockfilename = wgetIsLocked($url)) {
@ -6216,6 +6227,9 @@ function setToastMessage($msg) {
} }
function showAlertMessage() { function showAlertMessage() {
if(!requestComesFromSafePlace()){
return false;
}
if (!empty($_SESSION['YPTalertMessage'])) { if (!empty($_SESSION['YPTalertMessage'])) {
foreach ($_SESSION['YPTalertMessage'] as $value) { foreach ($_SESSION['YPTalertMessage'] as $value) {
if (!empty($value[0])) { if (!empty($value[0])) {
@ -6229,17 +6243,21 @@ function showAlertMessage() {
unset($_SESSION['YPTalertMessage']); unset($_SESSION['YPTalertMessage']);
} }
$joinString = ['error', 'msg', 'success']; $joinString = ['error', 'msg', 'success', 'toast'];
foreach ($joinString as $value) { foreach ($joinString as $value) {
if (!empty($_GET[$value]) && is_array($_GET[$value])) { if (!empty($_GET[$value]) ) {
$_GET[$value] = array_unique($_GET[$value]); if (is_array($_GET[$value])) {
$newStr = []; $_GET[$value] = array_unique($_GET[$value]);
foreach ($_GET[$value] as $value2) { $newStr = [];
if (!empty($value2)) { foreach ($_GET[$value] as $value2) {
$newStr[] = $value2; if (!empty($value2)) {
$newStr[] = $value2;
}
} }
$_GET[$value] = implode("<br>", $newStr);
}else{
$_GET[$value] = $_GET[$value];
} }
$_GET[$value] = implode("<br>", $newStr);
} }
} }
@ -6290,7 +6308,7 @@ function showAlertMessage() {
} }
echo '$.toast({ echo '$.toast({
text: "' . $value . '", text: "' . strip_tags($value, $allowable_tags) . '",
hideAfter: ' . $hideAfter . ' // in milli seconds hideAfter: ' . $hideAfter . ' // in milli seconds
});console.log("Toast Hide after ' . $hideAfter . '");'; });console.log("Toast Hide after ' . $hideAfter . '");';
} }
@ -8803,3 +8821,23 @@ function _empty($html_string) {
} }
return emptyHTML($html_string); return emptyHTML($html_string);
} }
function adminSecurityCheck($force=false){
if(empty($force)){
if(!empty($_SESSION['adminSecurityCheck'])){
return false;
}
if(!User::isAdmin()){
return false;
}
}
global $global;
$videosHtaccessFile = getVideosDir().'.htaccess';
if(!file_exists($videosHtaccessFile)){
$bytes = copy("{$global['systemRootPath']}objects/htaccess_for_videos.conf",$videosHtaccessFile);
_error_log("adminSecurityCheck: file created {$videosHtaccessFile} {$bytes} bytes");
}
_session_start();
$_SESSION['adminSecurityCheck'] = time();
return true;
}

16
objects/htaccess_for_videos.conf Normal file
View file

@ -0,0 +1,16 @@
<IfModule !authz_core_module>
Order Allow,Deny
Deny from all
</IfModule>
<IfModule authz_core_module>
Require all denied
</IfModule>
<filesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|ts|txt|mp4|mp3|m3u8|webp|key|css|tff|woff|woff2)$">
<IfModule !authz_core_module>
Order Allow,Deny
Allow from all
</IfModule>
<IfModule authz_core_module>
Require all granted
</IfModule>
</filesMatch>

1
objects/include_config.php
View file

@ -148,6 +148,7 @@ require_once $global['systemRootPath'] . 'objects/user.php';
require_once $global['systemRootPath'] . 'objects/video.php'; require_once $global['systemRootPath'] . 'objects/video.php';
require_once $global['systemRootPath'] . 'plugin/AVideoPlugin.php'; require_once $global['systemRootPath'] . 'plugin/AVideoPlugin.php';
adminSecurityCheck();
setSiteLang(); setSiteLang();
fixSystemPath(); fixSystemPath();
ObjectYPT::checkSessionCacheBasedOnLastDeleteALLCacheTime(); ObjectYPT::checkSessionCacheBasedOnLastDeleteALLCacheTime();

386
objects/like.php
View file

@ -1,193 +1,193 @@
<?php <?php
global $global, $config; global $global, $config;
if (!isset($global['systemRootPath'])) { if (!isset($global['systemRootPath'])) {
require_once '../videos/configuration.php'; require_once '../videos/configuration.php';
} }
require_once $global['systemRootPath'] . 'objects/user.php'; require_once $global['systemRootPath'] . 'objects/user.php';
class Like class Like
{ {
private $id; private $id;
private $like; private $like;
private $videos_id; private $videos_id;
private $users_id; private $users_id;
public function __construct($like, $videos_id) public function __construct($like, $videos_id)
{ {
if (!User::isLogged()) { if (!User::isLogged()) {
header('Content-Type: application/json'); header('Content-Type: application/json');
die('{"error":"'.__("Permission denied").'"}'); die('{"error":"'.__("Permission denied").'"}');
} }
$this->videos_id = $videos_id; $this->videos_id = $videos_id;
$this->users_id = User::getId(); $this->users_id = User::getId();
$this->load(); $this->load();
// if click again in the same vote, remove the vote // if click again in the same vote, remove the vote
if ($this->like == $like) { if ($this->like == $like) {
$like = 0; $like = 0;
if ($this->like==1) { if ($this->like==1) {
Video::updateLikesDislikes($videos_id, 'likes', '-1'); Video::updateLikesDislikes($videos_id, 'likes', '-1');
} elseif ($this->like==-1) { } elseif ($this->like==-1) {
Video::updateLikesDislikes($videos_id, 'dislikes', '-1'); Video::updateLikesDislikes($videos_id, 'dislikes', '-1');
} }
} else { } else {
if (!empty($this->like)) { if (!empty($this->like)) {
// need to remove some like or dislike // need to remove some like or dislike
if ($like==1) { if ($like==1) {
Video::updateLikesDislikes($videos_id, 'dislikes', '-1'); Video::updateLikesDislikes($videos_id, 'dislikes', '-1');
} elseif ($like==-1) { } elseif ($like==-1) {
Video::updateLikesDislikes($videos_id, 'likes', '-1'); Video::updateLikesDislikes($videos_id, 'likes', '-1');
} }
} }
if ($like==1) { if ($like==1) {
Video::updateLikesDislikes($videos_id, 'likes', '+1'); Video::updateLikesDislikes($videos_id, 'likes', '+1');
} elseif ($like==-1) { } elseif ($like==-1) {
Video::updateLikesDislikes($videos_id, 'dislikes', '+1'); Video::updateLikesDislikes($videos_id, 'dislikes', '+1');
} }
} }
//exit; //exit;
$this->setLike($like); $this->setLike($like);
$saved = $this->save(); $saved = $this->save();
} }
private function setLike($like) private function setLike($like)
{ {
$like = intval($like); $like = intval($like);
if (!in_array($like, [0,1,-1])) { if (!in_array($like, [0,1,-1])) {
$like = 0; $like = 0;
} }
$this->like = $like; $this->like = $like;
} }
private function load() public function load()
{ {
$like = $this->getLike(); $like = $this->getLike();
if (empty($like)) { if (empty($like)) {
return false; return false;
} }
foreach ($like as $key => $value) { foreach ($like as $key => $value) {
$this->$key = $value; $this->$key = $value;
} }
} }
private function getLike() private function getLike()
{ {
global $global; global $global;
if (empty($this->users_id) || empty($this->videos_id)) { if (empty($this->users_id) || empty($this->videos_id)) {
header('Content-Type: application/json'); header('Content-Type: application/json');
die('{"error":"You must have user and videos set to get a like"}'); die('{"error":"You must have user and videos set to get a like"}');
} }
$sql = "SELECT * FROM likes WHERE users_id = ? AND videos_id = ".$this->videos_id." LIMIT 1;"; $sql = "SELECT * FROM likes WHERE users_id = ? AND videos_id = ".$this->videos_id." LIMIT 1;";
$res = sqlDAL::readSql($sql, "i", [$this->users_id]); $res = sqlDAL::readSql($sql, "i", [$this->users_id]);
$dbLike = sqlDAL::fetchAssoc($res); $dbLike = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
return $dbLike; return $dbLike;
} }
private function save() private function save()
{ {
global $global; global $global;
if (!User::isLogged()) { if (!User::isLogged()) {
header('Content-Type: application/json'); header('Content-Type: application/json');
die('{"error":"'.__("Permission denied").'"}'); die('{"error":"'.__("Permission denied").'"}');
} }
if (!empty($this->id)) { if (!empty($this->id)) {
$sql = "UPDATE likes SET `like` = ?, modified = now() WHERE id = ?;"; $sql = "UPDATE likes SET `like` = ?, modified = now() WHERE id = ?;";
$res = sqlDAL::writeSql($sql, "ii", [$this->like, $this->id]); $res = sqlDAL::writeSql($sql, "ii", [$this->like, $this->id]);
} else { } else {
$sql = "INSERT INTO likes (`like`,users_id, videos_id, created, modified) VALUES (?, ?, ?, now(), now());"; $sql = "INSERT INTO likes (`like`,users_id, videos_id, created, modified) VALUES (?, ?, ?, now(), now());";
$res = sqlDAL::writeSql($sql, "iii", [$this->like, $this->users_id, $this->videos_id]); $res = sqlDAL::writeSql($sql, "iii", [$this->like, $this->users_id, $this->videos_id]);
} }
//echo $sql; //echo $sql;
if ($global['mysqli']->errno!=0) { if ($global['mysqli']->errno!=0) {
die('Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die('Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
return $res; return $res;
} }
public static function getLikes($videos_id) public static function getLikes($videos_id)
{ {
global $global, $_getLikes; global $global, $_getLikes;
if (!isset($_getLikes)) { if (!isset($_getLikes)) {
$_getLikes = []; $_getLikes = [];
} }
if (!empty($_getLikes[$videos_id])) { if (!empty($_getLikes[$videos_id])) {
return $_getLikes[$videos_id]; return $_getLikes[$videos_id];
} }
$obj = new stdClass(); $obj = new stdClass();
$obj->videos_id = $videos_id; $obj->videos_id = $videos_id;
$obj->likes = 0; $obj->likes = 0;
$obj->dislikes = 0; $obj->dislikes = 0;
$obj->myVote = self::getMyVote($videos_id); $obj->myVote = self::getMyVote($videos_id);
$sql = "SELECT count(*) as total FROM likes WHERE videos_id = ? AND `like` = 1 "; // like $sql = "SELECT count(*) as total FROM likes WHERE videos_id = ? AND `like` = 1 "; // like
$res = sqlDAL::readSql($sql, "i", [$videos_id]); $res = sqlDAL::readSql($sql, "i", [$videos_id]);
$row = sqlDAL::fetchAssoc($res); $row = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if ($global['mysqli']->errno!=0) { if ($global['mysqli']->errno!=0) {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
$obj->likes = intval($row['total']); $obj->likes = intval($row['total']);
$sql = "SELECT count(*) as total FROM likes WHERE videos_id = ? AND `like` = -1 "; // dislike $sql = "SELECT count(*) as total FROM likes WHERE videos_id = ? AND `like` = -1 "; // dislike
$res = sqlDAL::readSql($sql, "i", [$videos_id]); $res = sqlDAL::readSql($sql, "i", [$videos_id]);
$row = sqlDAL::fetchAssoc($res); $row = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if ($global['mysqli']->errno!=0) { if ($global['mysqli']->errno!=0) {
die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
$obj->dislikes = intval($row['total']); $obj->dislikes = intval($row['total']);
$_getLikes[$videos_id] = $obj; $_getLikes[$videos_id] = $obj;
return $obj; return $obj;
} }
public static function getTotalLikes() public static function getTotalLikes()
{ {
global $global; global $global;
$obj = new stdClass(); $obj = new stdClass();
$obj->likes = 0; $obj->likes = 0;
$obj->dislikes = 0; $obj->dislikes = 0;
$sql = "SELECT count(*) as total FROM likes WHERE `like` = 1 "; // like $sql = "SELECT count(*) as total FROM likes WHERE `like` = 1 "; // like
$res = sqlDAL::readSql($sql); $res = sqlDAL::readSql($sql);
$row = sqlDAL::fetchAssoc($res); $row = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if (!$res) { if (!$res) {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
$obj->likes = intval($row['total']); $obj->likes = intval($row['total']);
$sql = "SELECT count(*) as total FROM likes WHERE `like` = -1 "; // dislike $sql = "SELECT count(*) as total FROM likes WHERE `like` = -1 "; // dislike
$res = sqlDAL::readSql($sql); $res = sqlDAL::readSql($sql);
$row = sqlDAL::fetchAssoc($res); $row = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if (!$res) { if (!$res) {
die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
$obj->dislikes = intval($row['total']); $obj->dislikes = intval($row['total']);
return $obj; return $obj;
} }
public static function getMyVote($videos_id) public static function getMyVote($videos_id)
{ {
global $global; global $global;
if (!User::isLogged()) { if (!User::isLogged()) {
return 0; return 0;
} }
$id = User::getId(); $id = User::getId();
$sql = "SELECT `like` FROM likes WHERE videos_id = ? AND users_id = ? "; // like $sql = "SELECT `like` FROM likes WHERE videos_id = ? AND users_id = ? "; // like
$res = sqlDAL::readSql($sql, "ii", [$videos_id,$id]); $res = sqlDAL::readSql($sql, "ii", [$videos_id,$id]);
$dbLike = sqlDAL::fetchAssoc($res); $dbLike = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if ($dbLike!=false) { if ($dbLike!=false) {
return intval($dbLike['like']); return intval($dbLike['like']);
} }
return 0; return 0;
} }
} }

1166
objects/plugin.php
View file

File diff suppressed because it is too large Load diff

1
objects/security.php
View file

@ -1,6 +1,5 @@
<?php <?php
require_once $global['systemRootPath'] . 'objects/functions.php'; require_once $global['systemRootPath'] . 'objects/functions.php';
// filter some security here // filter some security here
$securityFilter = ['jump','videoDownloadedLink','duration','error', 'msg', 'info', 'warning', 'success','toast', 'catName', 'type', 'channelName', 'captcha', 'showOnly', 'key', 'link', 'email', 'country', 'region', 'videoName']; $securityFilter = ['jump','videoDownloadedLink','duration','error', 'msg', 'info', 'warning', 'success','toast', 'catName', 'type', 'channelName', 'captcha', 'showOnly', 'key', 'link', 'email', 'country', 'region', 'videoName'];
$securityFilterInt = ['isAdmin', 'priority', 'totalClips', 'rowCount']; $securityFilterInt = ['isAdmin', 'priority', 'totalClips', 'rowCount'];

10
objects/subscribe.php
View file

@ -6,8 +6,7 @@ if (!isset($global['systemRootPath'])) {
require_once $global['systemRootPath'] . 'objects/bootGrid.php'; require_once $global['systemRootPath'] . 'objects/bootGrid.php';
require_once $global['systemRootPath'] . 'objects/user.php'; require_once $global['systemRootPath'] . 'objects/user.php';
class Subscribe class Subscribe extends ObjectYPT{
{
private $id; private $id;
private $email; private $email;
private $status; private $status;
@ -31,7 +30,7 @@ class Subscribe
} }
} }
private function load($id) public function load($id)
{ {
$obj = self::getSubscribe($id); $obj = self::getSubscribe($id);
if (empty($obj)) { if (empty($obj)) {
@ -433,4 +432,9 @@ class Subscribe
{ {
$this->users_id = $users_id; $this->users_id = $users_id;
} }
public static function getTableName() {
return 'subscribes';
}
} }

2
objects/user.php
View file

@ -220,7 +220,7 @@ if (typeof gtag !== \"function\") {
return $eo[$id]; return $eo[$id];
} }
private function load($id) { public function load($id) {
$id = intval($id); $id = intval($id);
if (empty($id)) { if (empty($id)) {
return false; return false;

1010
objects/userGroups.php
View file

File diff suppressed because it is too large Load diff

146
objects/video.php
View file

@ -19,50 +19,50 @@ require_once $global['systemRootPath'] . 'objects/Object.php';
if (!class_exists('Video')) { if (!class_exists('Video')) {
class Video { class Video extends ObjectYPT {
private $id; protected $id;
private $title; protected $title;
private $clean_title; protected $clean_title;
private $filename; protected $filename;
private $description; protected $description;
private $views_count; protected $views_count;
private $status; protected $status;
private $duration; protected $duration;
private $users_id; protected $users_id;
private $categories_id; protected $categories_id;
private $old_categories_id; protected $old_categories_id;
private $type; protected $type;
private $rotation; protected $rotation;
private $zoom; protected $zoom;
private $videoDownloadedLink; protected $videoDownloadedLink;
private $videoLink; protected $videoLink;
private $next_videos_id; protected $next_videos_id;
private $isSuggested; protected $isSuggested;
public static $types = ['webm', 'mp4', 'mp3', 'ogg', 'pdf', 'jpg', 'jpeg', 'gif', 'png', 'webp', 'zip']; public static $types = ['webm', 'mp4', 'mp3', 'ogg', 'pdf', 'jpg', 'jpeg', 'gif', 'png', 'webp', 'zip'];
private $videoGroups; protected $videoGroups;
private $trailer1; protected $trailer1;
private $trailer2; protected $trailer2;
private $trailer3; protected $trailer3;
private $rate; protected $rate;
private $can_download; protected $can_download;
private $can_share; protected $can_share;
private $only_for_paid; protected $only_for_paid;
private $rrating; protected $rrating;
private $externalOptions; protected $externalOptions;
private $sites_id; protected $sites_id;
private $serie_playlists_id; protected $serie_playlists_id;
private $video_password; protected $video_password;
private $encoderURL; protected $encoderURL;
private $filepath; protected $filepath;
private $filesize; protected $filesize;
private $live_transmitions_history_id; protected $live_transmitions_history_id;
private $total_seconds_watching; protected $total_seconds_watching;
private $duration_in_seconds; protected $duration_in_seconds;
private $likes; protected $likes;
private $dislikes; protected $dislikes;
private $users_id_company; protected $users_id_company;
private $created; protected $created;
public static $statusDesc = [ public static $statusDesc = [
'a' => 'Active', 'a' => 'Active',
'k' => 'Active and Encoding', 'k' => 'Active and Encoding',
@ -102,7 +102,7 @@ if (!class_exists('Video')) {
public static $statusBrokenMissingFiles = 'b'; public static $statusBrokenMissingFiles = 'b';
public static $rratingOptions = ['', 'g', 'pg', 'pg-13', 'r', 'nc-17', 'ma']; public static $rratingOptions = ['', 'g', 'pg', 'pg-13', 'r', 'nc-17', 'ma'];
//ver 3.4 //ver 3.4
private $youtubeId; protected $youtubeId;
public static $typeOptions = ['audio', 'video', 'embed', 'linkVideo', 'linkAudio', 'torrent', 'pdf', 'image', 'gallery', 'article', 'serie', 'image', 'zip', 'notfound', 'blockedUser']; public static $typeOptions = ['audio', 'video', 'embed', 'linkVideo', 'linkAudio', 'torrent', 'pdf', 'image', 'gallery', 'article', 'serie', 'image', 'zip', 'notfound', 'blockedUser'];
public static $searchFieldsNames = ['v.title', 'v.description', 'c.name', 'c.description', 'v.id', 'v.filename']; public static $searchFieldsNames = ['v.title', 'v.description', 'c.name', 'c.description', 'v.id', 'v.filename'];
public static $searchFieldsNamesLabels = ['Video Title', 'Video Description', 'Channel Name', 'Channel Description', 'Video ID', 'Video Filename']; public static $searchFieldsNamesLabels = ['Video Title', 'Video Description', 'Channel Name', 'Channel Description', 'Video ID', 'Video Filename'];
@ -349,9 +349,9 @@ if (!class_exists('Video')) {
$catDefault = Category::getCategoryDefault(); $catDefault = Category::getCategoryDefault();
$this->categories_id = $catDefault['id']; $this->categories_id = $catDefault['id'];
} }
//$this->setTitle($global['mysqli']->real_escape_string(trim($this->title))); //$this->setTitle((trim($this->title)));
$this->title = ($global['mysqli']->real_escape_string(safeString($this->title))); $this->title = ((safeString($this->title)));
$this->description = ($global['mysqli']->real_escape_string($this->description)); $this->description = (($this->description));
if (forbiddenWords($this->title) || forbiddenWords($this->description)) { if (forbiddenWords($this->title) || forbiddenWords($this->description)) {
return false; return false;
@ -412,31 +412,16 @@ if (!class_exists('Video')) {
header('Content-Type: application/json'); header('Content-Type: application/json');
die('{"error":"3 ' . __("Permission denied") . '"}'); die('{"error":"3 ' . __("Permission denied") . '"}');
} }
$sql = "UPDATE videos SET title = '{$this->title}',clean_title = '{$this->clean_title}',"
. " filename = '{$this->filename}', categories_id = '{$this->categories_id}', status = '{$this->status}'," $insert_row = parent::save();
. " description = '{$this->description}', duration = '{$this->duration}', type = '{$this->type}', videoDownloadedLink = '{$this->videoDownloadedLink}', youtubeId = '{$this->youtubeId}', videoLink = '{$this->videoLink}', next_videos_id = {$this->next_videos_id}, isSuggested = {$this->isSuggested}, users_id = {$this->users_id}, " if ($insert_row) {
. " trailer1 = '{$this->trailer1}', trailer2 = '{$this->trailer2}', trailer3 = '{$this->trailer3}', rate = '{$this->rate}', can_download = '{$this->can_download}', can_share = '{$this->can_share}', only_for_paid = '{$this->only_for_paid}', rrating = '{$this->rrating}', externalOptions = '{$this->externalOptions}', sites_id = {$this->sites_id}, serie_playlists_id = {$this->serie_playlists_id} ,live_transmitions_history_id = {$this->live_transmitions_history_id} , video_password = '{$this->video_password}', "
. " encoderURL = '{$this->encoderURL}', filepath = '{$this->filepath}' , filesize = '{$this->filesize}' , duration_in_seconds = '{$this->duration_in_seconds}' , modified = now(), users_id_company = ".(empty($this->users_id_company)?'NULL':intval($this->users_id_company))." "
. " WHERE id = {$this->id}";
$saved = sqlDAL::writeSql($sql);
if ($saved) {
$insert_row = $this->id;
AVideoPlugin::onUpdateVideo($insert_row); AVideoPlugin::onUpdateVideo($insert_row);
_error_log('onUpdateVideo $insert_row = '.$insert_row); _error_log('onUpdateVideo $insert_row = '.$insert_row);
}else{ }else{
_error_log('onUpdateVideo error $saved is empty'); _error_log('onUpdateVideo error $saved is empty');
} }
} else { } else {
if(empty($this->created)){ $insert_row = parent::save();
$this->created = 'now()';
}
$sql = "INSERT INTO videos "
. "(duration_in_seconds, title,clean_title, filename, users_id, categories_id, status, description, duration,type,videoDownloadedLink, next_videos_id, created, modified, videoLink, can_download, can_share, only_for_paid, rrating, externalOptions, sites_id, serie_playlists_id,live_transmitions_history_id, video_password, encoderURL, filepath , filesize, users_id_company) values "
. "('{$this->duration_in_seconds}','{$this->title}','{$this->clean_title}', '{$this->filename}', {$this->users_id},{$this->categories_id}, '{$this->status}', '{$this->description}', '{$this->duration}', '{$this->type}', '{$this->videoDownloadedLink}', {$this->next_videos_id},{$this->created}, now(), '{$this->videoLink}', '{$this->can_download}', '{$this->can_share}','{$this->only_for_paid}', '{$this->rrating}', '$this->externalOptions', {$this->sites_id}, {$this->serie_playlists_id},{$this->live_transmitions_history_id}, '{$this->video_password}', '{$this->encoderURL}', '{$this->filepath}', '{$this->filesize}', ".(empty($this->users_id_company)?'NULL':intval($this->users_id_company)).")";
//_error_log("Video::save ".$sql);
$insert_row = sqlDAL::writeSql($sql);
if(!empty($insert_row)){ if(!empty($insert_row)){
AVideoPlugin::onNewVideo($insert_row); AVideoPlugin::onNewVideo($insert_row);
_error_log('onNewVideo $insert_row = '.$insert_row); _error_log('onNewVideo $insert_row = '.$insert_row);
@ -444,6 +429,7 @@ if (!class_exists('Video')) {
_error_log('onNewVideo error $insert_row is empty'); _error_log('onNewVideo error $insert_row is empty');
} }
} }
//var_dump($this->title, $insert_row);exit;
if ($insert_row) { if ($insert_row) {
_error_log("Video::save ({$this->title}) Saved id = {$insert_row} "); _error_log("Video::save ({$this->title}) Saved id = {$insert_row} ");
Category::clearCacheCount(); Category::clearCacheCount();
@ -512,8 +498,10 @@ if (!class_exists('Video')) {
return false; return false;
} }
_error_log("Video::updateDurationInSeconds update duration {$videos_id}, {$duration}, {$duration_in_seconds}"); _error_log("Video::updateDurationInSeconds update duration {$videos_id}, {$duration}, {$duration_in_seconds}");
$sql = "UPDATE videos SET duration_in_seconds = '{$duration_in_seconds}' , modified = now() WHERE id = {$videos_id}"; $formats = 'si';
$saved = sqlDAL::writeSql($sql); $values = [$duration_in_seconds, $videos_id];
$sql = "UPDATE videos SET duration_in_seconds = ? , modified = now() WHERE id = ?";
$saved = sqlDAL::writeSql($sql, $formats, $values);
self::clearCache($videos_id); self::clearCache($videos_id);
return $duration_in_seconds; return $duration_in_seconds;
} }
@ -663,8 +651,10 @@ if (!class_exists('Video')) {
if (!empty($this->id)) { if (!empty($this->id)) {
global $global; global $global;
$sql = "UPDATE videos SET rotation = '{$saneRotation}', modified = now() WHERE id = {$this->id} "; $sql = "UPDATE videos SET rotation = ?, modified = now() WHERE id = ? ";
$res = sqlDAL::writeSql($sql); $formats = 'si';
$values = [$saneRotation, $this->id];
$res = sqlDAL::writeSql($sql, $formats, $values);
if ($global['mysqli']->errno !== 0) { if ($global['mysqli']->errno !== 0) {
die('Error on update Rotation: (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die('Error on update Rotation: (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
@ -689,8 +679,10 @@ if (!class_exists('Video')) {
if (!empty($this->id)) { if (!empty($this->id)) {
global $global; global $global;
$sql = "UPDATE videos SET zoom = '{$saneZoom}', modified = now() WHERE id = {$this->id} "; $sql = "UPDATE videos SET zoom = ?, modified = now() WHERE id = ? ";
$res = sqlDAL::writeSql($sql); $formats = 'si';
$values = [$saneZoom, $this->id];
$res = sqlDAL::writeSql($sql, $formats, $values);
if ($global['mysqli']->errno !== 0) { if ($global['mysqli']->errno !== 0) {
die('Error on update Zoom: (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die('Error on update Zoom: (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
@ -826,7 +818,7 @@ if (!class_exists('Video')) {
} }
if (!empty($_GET['catName'])) { if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']); $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))"; $sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
} }
@ -1231,7 +1223,7 @@ if (!class_exists('Video')) {
} }
if (!empty($_GET['catName'])) { if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']); $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))"; $sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
} }
@ -1752,7 +1744,7 @@ if (!class_exists('Video')) {
} }
if (!empty($_GET['catName'])) { if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']); $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))"; $sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
} }
@ -4881,7 +4873,7 @@ if (!class_exists('Video')) {
private static function getFullTextSearch($columnsArray, $search, $connection = "OR") { private static function getFullTextSearch($columnsArray, $search, $connection = "OR") {
global $global; global $global;
$search = $global['mysqli']->real_escape_string(xss_esc($search)); $search = (xss_esc($search));
$search = str_replace('&quot;', '"', $search); $search = str_replace('&quot;', '"', $search);
if (empty($columnsArray) || empty($search)) { if (empty($columnsArray) || empty($search)) {
return ""; return "";
@ -5294,6 +5286,10 @@ if (!class_exists('Video')) {
return !$found; return !$found;
} }
public static function getTableName() {
return 'videos';
}
} }
} }

2
objects/video_statistic.php
View file

@ -123,7 +123,7 @@ class VideoStatistic extends ObjectYPT {
$this->seconds_watching_video = intval($this->seconds_watching_video); $this->seconds_watching_video = intval($this->seconds_watching_video);
$this->json = $global['mysqli']->real_escape_string($this->json); $this->json = ($this->json);
return parent::save(); return parent::save();
} }

186
plugin/AD_Overlay/Objects/AD_Overlay_Code.php
View file

@ -1,93 +1,93 @@
<?php <?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php'; require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/user.php'; require_once dirname(__FILE__) . '/../../../objects/user.php';
class AD_Overlay_Code extends ObjectYPT { class AD_Overlay_Code extends ObjectYPT {
protected $id, $users_id, $code, $status; protected $id, $users_id, $code, $status;
function loadFromUser($users_id) { function loadFromUser($users_id) {
$row = self::getFromDbFromUser($users_id); $row = self::getFromDbFromUser($users_id);
$this->setUsers_id($users_id); $this->setUsers_id($users_id);
if (empty($row)) if (empty($row))
return false; return false;
foreach ($row as $key => $value) { foreach ($row as $key => $value) {
$this->$key = $value; $this->$key = $value;
} }
return true; return true;
} }
static protected function getFromDbFromUser($users_id) { static protected function getFromDbFromUser($users_id) {
global $global; global $global;
$users_id = intval($users_id); $users_id = intval($users_id);
$sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = ? LIMIT 1"; $sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = ? LIMIT 1";
// I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about // I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
$res = sqlDAL::readSql($sql, "i", array($users_id)); $res = sqlDAL::readSql($sql, "i", array($users_id));
$data = sqlDAL::fetchAssoc($res); $data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if ($res) { if ($res) {
$row = $data; $row = $data;
} else { } else {
$row = false; $row = false;
} }
return $row; return $row;
} }
static function getSearchFieldsNames() { static function getSearchFieldsNames() {
return array('code'); return array('code');
} }
static function getTableName() { static function getTableName() {
return 'ad_overlay_codes'; return 'ad_overlay_codes';
} }
function getUsers_id() { function getUsers_id() {
return $this->users_id; return $this->users_id;
} }
function getCode() { function getCode() {
return trim($this->code); return trim($this->code);
} }
function setUsers_id($users_id) { function setUsers_id($users_id) {
$this->users_id = $users_id; $this->users_id = $users_id;
} }
function setCode($code) { function setCode($code) {
$this->code = self::filterCode($code); $this->code = self::filterCode($code);
} }
function getStatus() { function getStatus() {
return $this->status; return $this->status;
} }
function setStatus($status) { function setStatus($status) {
$this->status = $status; $this->status = $status;
} }
static function filterCode($data) { static function filterCode($data) {
global $global; global $global;
//$data = preg_replace('/[\x00-\x1F\x7F]/u', '', $data); //$data = preg_replace('/[\x00-\x1F\x7F]/u', '', $data);
// normalize $data because of get_magic_quotes_gpc // normalize $data because of get_magic_quotes_gpc
$dataNeedsStripSlashes = get_magic_quotes_gpc(); $dataNeedsStripSlashes = get_magic_quotes_gpc();
if ($dataNeedsStripSlashes) { if ($dataNeedsStripSlashes) {
$data = stripslashes($data); $data = stripslashes($data);
} }
// normalize $data because of whitespace on beginning and end // normalize $data because of whitespace on beginning and end
$data = trim($data); $data = trim($data);
// strip tags // strip tags
//$data = strip_tags($data); //$data = strip_tags($data);
// replace characters with their HTML entitites // replace characters with their HTML entitites
//$data = htmlentities($data); //$data = htmlentities($data);
// mysql escape string // mysql escape string
$data = $global['mysqli']->real_escape_string($data); $data = ($data);
return $data; return $data;
} }
} }

176
plugin/AD_Server_Location/Objects/CampaignLocations.php
View file

@ -1,88 +1,88 @@
<?php <?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php'; require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/user.php'; require_once dirname(__FILE__) . '/../../../objects/user.php';
class CampaignLocations extends ObjectYPT { class CampaignLocations extends ObjectYPT {
protected $id, $country_name, $region_name, $city_name, $vast_campaigns_id; protected $id, $country_name, $region_name, $city_name, $vast_campaigns_id;
static function getSearchFieldsNames() { static function getSearchFieldsNames() {
return array('country_name','region_name','city_name'); return array('country_name','region_name','city_name');
} }
static function getTableName() { static function getTableName() {
return 'campaign_locations'; return 'campaign_locations';
} }
function getCountry_name() { function getCountry_name() {
return $this->country_name; return $this->country_name;
} }
function getRegion_name() { function getRegion_name() {
return $this->region_name; return $this->region_name;
} }
function getCity_name() { function getCity_name() {
return $this->city_name; return $this->city_name;
} }
function getVast_campaigns_id() { function getVast_campaigns_id() {
return $this->vast_campaigns_id; return $this->vast_campaigns_id;
} }
function setCountry_name($country_name) { function setCountry_name($country_name) {
global $global; global $global;
$country_name = $global['mysqli']->real_escape_string($country_name); $country_name = ($country_name);
$this->country_name = $country_name; $this->country_name = $country_name;
} }
function setRegion_name($region_name) { function setRegion_name($region_name) {
global $global; global $global;
$region_name = $global['mysqli']->real_escape_string($region_name); $region_name = ($region_name);
$this->region_name = $region_name; $this->region_name = $region_name;
} }
function setCity_name($city_name) { function setCity_name($city_name) {
global $global; global $global;
$city_name = $global['mysqli']->real_escape_string($city_name); $city_name = ($city_name);
$this->city_name = $city_name; $this->city_name = $city_name;
} }
function setVast_campaigns_id($vast_campaigns_id) { function setVast_campaigns_id($vast_campaigns_id) {
$this->vast_campaigns_id = $vast_campaigns_id; $this->vast_campaigns_id = $vast_campaigns_id;
} }
public function getCampaignLocations(){ public function getCampaignLocations(){
global $global; global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE vast_campaigns_id={$this->vast_campaigns_id} "; $sql = "SELECT * FROM " . static::getTableName() . " WHERE vast_campaigns_id={$this->vast_campaigns_id} ";
$sql .= self::getSqlFromPost(); $sql .= self::getSqlFromPost();
$res = sqlDAL::readSql($sql); $res = sqlDAL::readSql($sql);
$fullData = sqlDAL::fetchAllAssoc($res); $fullData = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
$rows = array(); $rows = array();
if ($res!=false) { if ($res!=false) {
foreach ($fullData as $row) { foreach ($fullData as $row) {
$rows[] = $row; $rows[] = $row;
} }
} else { } else {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
return $rows; return $rows;
} }
static function deleteFromCapmpaign($vast_campaigns_id) { static function deleteFromCapmpaign($vast_campaigns_id) {
global $global; global $global;
if (!empty($vast_campaigns_id)) { if (!empty($vast_campaigns_id)) {
$sql = "DELETE FROM " . static::getTableName() . " "; $sql = "DELETE FROM " . static::getTableName() . " ";
$sql .= " WHERE vast_campaigns_id = ?"; $sql .= " WHERE vast_campaigns_id = ?";
$global['lastQuery'] = $sql; $global['lastQuery'] = $sql;
//_error_log("Delete Query: ".$sql); //_error_log("Delete Query: ".$sql);
return sqlDAL::writeSql($sql,"i",array($vast_campaigns_id)); return sqlDAL::writeSql($sql,"i",array($vast_campaigns_id));
} }
_error_log("Id for table " . static::getTableName() . " not defined for deletion"); _error_log("Id for table " . static::getTableName() . " not defined for deletion");
return false; return false;
} }
} }

380
plugin/CloneSite/Objects/Clones.php
View file

@ -1,186 +1,194 @@
<?php <?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php'; require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/user.php'; require_once dirname(__FILE__) . '/../../../objects/user.php';
class Clones extends ObjectYPT class Clones extends ObjectYPT
{ {
protected $id; protected $id;
protected $url; protected $url;
protected $status; protected $status;
protected $key; protected $key;
protected $last_clone_request; protected $last_clone_request;
public static function getSearchFieldsNames() public static function getSearchFieldsNames()
{ {
return ['url']; return ['url'];
} }
public static function getTableName() public static function getTableName()
{ {
return 'clone_SitesAllowed'; return 'clone_SitesAllowed';
} }
public static function getFromURL($url) public static function getFromURL($url)
{ {
global $global; global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE url = ? LIMIT 1"; $sql = "SELECT * FROM " . static::getTableName() . " WHERE url = ? LIMIT 1";
$res = sqlDAL::readSql($sql, "s", [$url]); $res = sqlDAL::readSql($sql, "s", [$url]);
$data = sqlDAL::fetchAssoc($res); $data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if ($res) { if ($res) {
$row = $data; $row = $data;
} else { } else {
$row = false; $row = false;
} }
return $row; return $row;
} }
public function updateLastCloneRequest() public function updateLastCloneRequest()
{ {
global $global; global $global;
if (!empty($this->id)) { if (!empty($this->id)) {
$sql = "UPDATE " . static::getTableName() . " SET last_clone_request = now() "; $sql = "UPDATE " . static::getTableName() . " SET last_clone_request = now() ";
$sql .= " WHERE id = {$this->id}"; $sql .= " WHERE id = {$this->id}";
} else { } else {
return false; return false;
} }
$insert_row = sqlDAL::writeSql($sql); $insert_row = sqlDAL::writeSql($sql);
if ($insert_row) { if ($insert_row) {
$id = $this->id; $id = $this->id;
return $id; return $id;
} else { } else {
die($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
} }
public function loadFromURL($url) public function loadFromURL($url){
{ if(!isValidURL($url)){
$row = self::getFromURL($url); return false;
if (empty($row)) { }
return false; $row = self::getFromURL($url);
} if (empty($row)) {
foreach ($row as $key => $value) { return false;
$this->$key = $value; }
} foreach ($row as $key => $value) {
return true; $this->$key = $value;
} }
return true;
public static function thisURLCanCloneMe($url, $key) }
{
$resp = new stdClass(); public static function thisURLCanCloneMe($url, $key)
$resp->canClone = false; {
$resp->clone = null; $resp = new stdClass();
$resp->msg = ""; $resp->canClone = false;
$resp->clone = null;
$clone = new Clones(0); $resp->msg = "";
$clone->loadFromURL($url); if(!isValidURL($url)){
if (empty($clone->getId())) { $resp->msg = "Invalid URL";
$resp->msg = "The URL {$url} was just added in our server, ask the Server Manager to approve this URL on plugins->Clone Site->Clones Manager (The Blue Button) and Activate your client"; return $resp;
self::addURL($url, $key); }
return $resp; $clone = new Clones(0);
} $clone->loadFromURL($url);
if ($clone->getKey() !== $key) { if (empty($clone->getId())) {
$resp->msg = "Invalid Key"; $resp->msg = "The URL {$url} was just added in our server, ask the Server Manager to approve this URL on plugins->Clone Site->Clones Manager (The Blue Button) and Activate your client";
return $resp; self::addURL($url, $key);
} return $resp;
if ($clone->getStatus() !== 'a') { }
$resp->msg = "The URL {$url} is inactive in our Clone Server"; if ($clone->getKey() !== $key) {
return $resp; $resp->msg = "Invalid Key";
} return $resp;
$resp->clone = $clone; }
$resp->canClone = true; if ($clone->getStatus() !== 'a') {
return $resp; $resp->msg = "The URL {$url} is inactive in our Clone Server";
} return $resp;
}
public static function addURL($url, $key) $resp->clone = $clone;
{ $resp->canClone = true;
$clone = new Clones(0); return $resp;
$clone->loadFromURL($url); }
if (empty($clone->getId())) {
$clone->setUrl($url); public static function addURL($url, $key)
$clone->setKey($key); {
return $clone->save(); $clone = new Clones(0);
} $clone->loadFromURL($url);
return false; if (empty($clone->getId())) {
} $clone->setUrl($url);
$clone->setKey($key);
public function save() return $clone->save();
{ }
global $global; return false;
if (empty($this->status)) { }
$this->status = 'i';
} public function save()
if (empty($this->last_clone_request)) { {
$this->last_clone_request = 'null'; global $global;
} if (empty($this->status)) {
$this->status = 'i';
$this->key = $global['mysqli']->real_escape_string($this->key); }
$this->url = $global['mysqli']->real_escape_string($this->url); if (empty($this->last_clone_request)) {
return parent::save(); $this->last_clone_request = 'null';
} }
if(!isValidURL($this->url)){
public function getId() return false;
{ }
return $this->id; $this->key = safeString($this->key, true);
} $this->url = $this->url;
return parent::save();
public function getUrl() }
{
return $this->url; public function getId()
} {
return $this->id;
public function getStatus() }
{
return $this->status; public function getUrl()
} {
return $this->url;
public function getKey() }
{
return $this->key; public function getStatus()
} {
return $this->status;
public function getLast_clone_request() }
{
return $this->last_clone_request; public function getKey()
} {
return $this->key;
public function setId($id) }
{
$this->id = $id; public function getLast_clone_request()
} {
return $this->last_clone_request;
public function setUrl($url) }
{
$this->url = $url; public function setId($id)
} {
$this->id = $id;
public function setStatus($status) }
{
$this->status = $status; public function setUrl($url){
} if(isValidURL($url)){
$this->url = $url;
public function setKey($key) }
{ }
$this->key = $key;
} public function setStatus($status)
{
public function setLast_clone_request($last_clone_request) $this->status = $status;
{ }
$this->last_clone_request = $last_clone_request;
} public function setKey($key)
{
public function toogleStatus() $this->key = safeString($key);
{ }
if (empty($this->id)) {
return false; public function setLast_clone_request($last_clone_request)
} {
if ($this->status==='i') { $this->last_clone_request = $last_clone_request;
$this->status='a'; }
} else {
$this->status='i'; public function toogleStatus()
} {
return $this->save(); if (empty($this->id)) {
} return false;
} }
if ($this->status==='i') {
$this->status='a';
} else {
$this->status='i';
}
return $this->save();
}
}

2
plugin/Live/Live.php
View file

@ -3040,7 +3040,7 @@ Click <a href=\"{link}\">here</a> to join our live.";
} }
if (!empty($_GET['catName'])) { if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']); $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))"; $sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
} }

8
plugin/Live/Objects/LiveTransmition.php
View file

@ -75,7 +75,7 @@ class LiveTransmition extends ObjectYPT
public function setTitle($title) public function setTitle($title)
{ {
global $global; global $global;
//$title = $global['mysqli']->real_escape_string($title); //$title = ($title);
$this->title = xss_esc($title); $this->title = xss_esc($title);
} }
@ -107,7 +107,7 @@ class LiveTransmition extends ObjectYPT
public function setDescription($description) public function setDescription($description)
{ {
global $global; global $global;
//$description = $global['mysqli']->real_escape_string($description); //$description = ($description);
$this->description = xss_esc($description); $this->description = xss_esc($description);
} }
@ -204,7 +204,7 @@ class LiveTransmition extends ObjectYPT
{ {
global $global; global $global;
_mysql_connect(); _mysql_connect();
$userName = $global['mysqli']->real_escape_string($userName); $userName = ($userName);
$sql = "SELECT * FROM users WHERE user = ? LIMIT 1"; $sql = "SELECT * FROM users WHERE user = ? LIMIT 1";
$res = sqlDAL::readSql($sql, "s", [$userName], true); $res = sqlDAL::readSql($sql, "s", [$userName], true);
$data = sqlDAL::fetchAssoc($res); $data = sqlDAL::fetchAssoc($res);
@ -224,7 +224,7 @@ class LiveTransmition extends ObjectYPT
{ {
global $global; global $global;
_mysql_connect(); _mysql_connect();
$channelName = $global['mysqli']->real_escape_string($channelName); $channelName = ($channelName);
$sql = "SELECT * FROM users WHERE channelName = ? LIMIT 1"; $sql = "SELECT * FROM users WHERE channelName = ? LIMIT 1";
$res = sqlDAL::readSql($sql, "s", [$channelName], true); $res = sqlDAL::readSql($sql, "s", [$channelName], true);
$data = sqlDAL::fetchAssoc($res); $data = sqlDAL::fetchAssoc($res);

6
plugin/Live/Objects/LiveTransmitionHistory.php
View file

@ -93,13 +93,13 @@ class LiveTransmitionHistory extends ObjectYPT {
global $global; global $global;
$Char = "&zwnj;"; $Char = "&zwnj;";
$title = str_replace($Char, '', $title); $title = str_replace($Char, '', $title);
$title = $global['mysqli']->real_escape_string($title); $title = ($title);
$this->title = $title; $this->title = $title;
} }
public function setDescription($description) { public function setDescription($description) {
global $global; global $global;
$description = $global['mysqli']->real_escape_string($description); $description = ($description);
$this->description = $description; $this->description = $description;
} }
@ -354,7 +354,7 @@ class LiveTransmitionHistory extends ObjectYPT {
public static function getLatest($key, $live_servers_id = null, $active=false) { public static function getLatest($key, $live_servers_id = null, $active=false) {
global $global; global $global;
$key = $global['mysqli']->real_escape_string($key); $key = ($key);
if (empty($key)) { if (empty($key)) {
return false; return false;

2
plugin/Live/Objects/Live_schedule.php
View file

@ -358,7 +358,7 @@ class Live_schedule extends ObjectYPT
$this->key = uniqid(); $this->key = uniqid();
} }
$this->description = $global['mysqli']->real_escape_string($this->description); $this->description = ($this->description);
$this->_setTimeZone(date_default_timezone_get()); $this->_setTimeZone(date_default_timezone_get());

570
plugin/Live/Objects/Live_servers.php
View file

@ -1,285 +1,285 @@
<?php <?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php'; require_once dirname(__FILE__) . '/../../../videos/configuration.php';
class Live_servers extends ObjectYPT class Live_servers extends ObjectYPT
{ {
protected $id; protected $id;
protected $name; protected $name;
protected $url; protected $url;
protected $status; protected $status;
protected $rtmp_server; protected $rtmp_server;
protected $playerServer; protected $playerServer;
protected $stats_url; protected $stats_url;
protected $disableDVR; protected $disableDVR;
protected $disableGifThumbs; protected $disableGifThumbs;
protected $useAadaptiveMode; protected $useAadaptiveMode;
protected $protectLive; protected $protectLive;
protected $getRemoteFile; protected $getRemoteFile;
protected $restreamerURL; protected $restreamerURL;
protected $controlURL; protected $controlURL;
protected $webRTC_server; protected $webRTC_server;
public static function getSearchFieldsNames() public static function getSearchFieldsNames()
{ {
return ['name', 'url', 'rtmp_server', 'playerServer', 'stats_url', 'getRemoteFile']; return ['name', 'url', 'rtmp_server', 'playerServer', 'stats_url', 'getRemoteFile'];
} }
public static function getTableName() public static function getTableName()
{ {
return 'live_servers'; return 'live_servers';
} }
public function setId($id) public function setId($id)
{ {
$this->id = intval($id); $this->id = intval($id);
} }
public function setName($name) public function setName($name)
{ {
$this->name = $name; $this->name = $name;
} }
public function setUrl($url) public function setUrl($url)
{ {
$this->url = $url; $this->url = $url;
} }
public function setStatus($status) public function setStatus($status)
{ {
$this->status = $status; $this->status = $status;
} }
public function setRtmp_server($rtmp_server) public function setRtmp_server($rtmp_server)
{ {
$this->rtmp_server = $rtmp_server; $this->rtmp_server = $rtmp_server;
} }
public function setPlayerServer($playerServer) public function setPlayerServer($playerServer)
{ {
$this->playerServer = $playerServer; $this->playerServer = $playerServer;
} }
public function setStats_url($stats_url) public function setStats_url($stats_url)
{ {
$this->stats_url = $stats_url; $this->stats_url = $stats_url;
} }
public function setDisableDVR($disableDVR) public function setDisableDVR($disableDVR)
{ {
$this->disableDVR = intval($disableDVR); $this->disableDVR = intval($disableDVR);
} }
public function setDisableGifThumbs($disableGifThumbs) public function setDisableGifThumbs($disableGifThumbs)
{ {
$this->disableGifThumbs = intval($disableGifThumbs); $this->disableGifThumbs = intval($disableGifThumbs);
} }
public function setUseAadaptiveMode($useAadaptiveMode) public function setUseAadaptiveMode($useAadaptiveMode)
{ {
$this->useAadaptiveMode = intval($useAadaptiveMode); $this->useAadaptiveMode = intval($useAadaptiveMode);
} }
public function setProtectLive($protectLive) public function setProtectLive($protectLive)
{ {
$this->protectLive = intval($protectLive); $this->protectLive = intval($protectLive);
} }
public function setGetRemoteFile($getRemoteFile) public function setGetRemoteFile($getRemoteFile)
{ {
$this->getRemoteFile = $getRemoteFile; $this->getRemoteFile = $getRemoteFile;
} }
public function getId() public function getId()
{ {
return intval($this->id); return intval($this->id);
} }
public function getName() public function getName()
{ {
return $this->name; return $this->name;
} }
public function getUrl() public function getUrl()
{ {
return $this->url; return $this->url;
} }
public function getStatus() public function getStatus()
{ {
return $this->status; return $this->status;
} }
public function getRtmp_server() public function getRtmp_server()
{ {
return trim($this->rtmp_server); return trim($this->rtmp_server);
} }
public function getPlayerServer() public function getPlayerServer()
{ {
return $this->playerServer; return $this->playerServer;
} }
public function getStats_url() public function getStats_url()
{ {
return $this->stats_url; return $this->stats_url;
} }
public function getDisableDVR() public function getDisableDVR()
{ {
return intval($this->disableDVR); return intval($this->disableDVR);
} }
public function getDisableGifThumbs() public function getDisableGifThumbs()
{ {
return intval($this->disableGifThumbs); return intval($this->disableGifThumbs);
} }
public function getUseAadaptiveMode() public function getUseAadaptiveMode()
{ {
return intval($this->useAadaptiveMode); return intval($this->useAadaptiveMode);
} }
public function getProtectLive() public function getProtectLive()
{ {
return intval($this->protectLive); return intval($this->protectLive);
} }
public function getGetRemoteFile() public function getGetRemoteFile()
{ {
return $this->getRemoteFile; return $this->getRemoteFile;
} }
public function getRestreamerURL() public function getRestreamerURL()
{ {
return $this->restreamerURL; return $this->restreamerURL;
} }
public function setRestreamerURL($restreamerURL) public function setRestreamerURL($restreamerURL)
{ {
$this->restreamerURL = $restreamerURL; $this->restreamerURL = $restreamerURL;
} }
public function getControlURL() public function getControlURL()
{ {
return $this->controlURL; return $this->controlURL;
} }
public function setControlURL($controlURL) public function setControlURL($controlURL)
{ {
$this->controlURL = $controlURL; $this->controlURL = $controlURL;
} }
public function getwebRTC_server() public function getwebRTC_server()
{ {
return $this->webRTC_server; return $this->webRTC_server;
} }
public function setwebRTC_server($webRTC_server) public function setwebRTC_server($webRTC_server)
{ {
$this->webRTC_server = addLastSlash($webRTC_server); $this->webRTC_server = addLastSlash($webRTC_server);
} }
public static function getStatsFromId($live_servers_id, $force_recreate = false) public static function getStatsFromId($live_servers_id, $force_recreate = false)
{ {
global $_getStatsFromId; global $_getStatsFromId;
if (empty($force_recreate)) { if (empty($force_recreate)) {
if (!isset($_getStatsFromId)) { if (!isset($_getStatsFromId)) {
$_getStatsFromId = []; $_getStatsFromId = [];
} }
if (isset($_getStatsFromId[$live_servers_id])) { if (isset($_getStatsFromId[$live_servers_id])) {
return $_getStatsFromId[$live_servers_id]; return $_getStatsFromId[$live_servers_id];
} }
} }
$ls = new Live_servers($live_servers_id); $ls = new Live_servers($live_servers_id);
if (empty($ls->getStatus()) || $ls->getStatus()=='i') { if (empty($ls->getStatus()) || $ls->getStatus()=='i') {
_error_log("Live_servers:: getStatsFromId ERROR ".json_encode($ls)); _error_log("Live_servers:: getStatsFromId ERROR ".json_encode($ls));
$_getStatsFromId[$live_servers_id] = false; $_getStatsFromId[$live_servers_id] = false;
} else { } else {
$_getStatsFromId[$live_servers_id] = Live::_getStats($live_servers_id, $force_recreate); $_getStatsFromId[$live_servers_id] = Live::_getStats($live_servers_id, $force_recreate);
} }
return $_getStatsFromId[$live_servers_id]; return $_getStatsFromId[$live_servers_id];
} }
public static function getAllActive() public static function getAllActive()
{ {
global $global, $liveServersgetAllActive; global $global, $liveServersgetAllActive;
if (isset($liveServersgetAllActive)) { if (isset($liveServersgetAllActive)) {
return $liveServersgetAllActive; return $liveServersgetAllActive;
} }
if (!static::isTableInstalled()) { if (!static::isTableInstalled()) {
return false; return false;
} }
$sql = "SELECT * FROM " . static::getTableName() . " WHERE status='a' "; $sql = "SELECT * FROM " . static::getTableName() . " WHERE status='a' ";
//$sql .= self::getSqlFromPost(); //$sql .= self::getSqlFromPost();
$res = sqlDAL::readSql($sql); $res = sqlDAL::readSql($sql);
$fullData = sqlDAL::fetchAllAssoc($res); $fullData = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
$rows = []; $rows = [];
if ($res != false) { if ($res != false) {
foreach ($fullData as $row) { foreach ($fullData as $row) {
$rows[] = $row; $rows[] = $row;
} }
} else { } else {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
$liveServersgetAllActive = $rows; $liveServersgetAllActive = $rows;
return $rows; return $rows;
} }
public static function getServerFromRTMPHost($rtmpHostURI) public static function getServerFromRTMPHost($rtmpHostURI)
{ {
$obj = AVideoPlugin::getObjectData('Live'); $obj = AVideoPlugin::getObjectData('Live');
if (empty($obj->useLiveServers)) { if (empty($obj->useLiveServers)) {
return 0; return 0;
} }
global $global; global $global;
$host = trim($rtmpHostURI); $host = trim($rtmpHostURI);
$parts = parse_url($host); $parts = parse_url($host);
$host = "rtmp://{$parts["host"]}{$parts["path"]}"; $host = "rtmp://{$parts["host"]}{$parts["path"]}";
$host = $global['mysqli']->real_escape_string($host); $host = ($host);
$sql = "SELECT * FROM " . static::getTableName() . " WHERE rtmp_server LIKE '%{$host}%' AND status = 'a' "; $sql = "SELECT * FROM " . static::getTableName() . " WHERE rtmp_server LIKE '%{$host}%' AND status = 'a' ";
$res = sqlDAL::readSql($sql); $res = sqlDAL::readSql($sql);
$data = sqlDAL::fetchAssoc($res); $data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if ($res) { if ($res) {
$row = $data; $row = $data;
} else { } else {
$row = false; $row = false;
} }
return $row; return $row;
} }
public static function getServerIdFromRTMPHost($rtmpHostURI) public static function getServerIdFromRTMPHost($rtmpHostURI)
{ {
$data = self::getServerFromRTMPHost($rtmpHostURI); $data = self::getServerFromRTMPHost($rtmpHostURI);
if ($data) { if ($data) {
$row = $data['id']; $row = $data['id'];
} else { } else {
$row = 0; $row = 0;
} }
return intval($row); return intval($row);
} }
public function save() public function save()
{ {
$id = parent::save(); $id = parent::save();
if ($id) { if ($id) {
_session_start(); _session_start();
$_SESSION['useAadaptiveMode'] = []; $_SESSION['useAadaptiveMode'] = [];
$_SESSION['playerServer'] = []; $_SESSION['playerServer'] = [];
} }
return $id; return $id;
} }
public function delete() public function delete()
{ {
if (!empty($this->id)) { if (!empty($this->id)) {
LiveTransmitionHistory::deleteAllFromLiveServer($this->id); LiveTransmitionHistory::deleteAllFromLiveServer($this->id);
} }
return parent::delete(); return parent::delete();
} }
} }

2
plugin/LiveLinks/LiveLinks.php
View file

@ -304,7 +304,7 @@ class LiveLinks extends PluginAbstract {
} }
if (!empty($_GET['catName'])) { if (!empty($_GET['catName'])) {
$catName = $global['mysqli']->real_escape_string($_GET['catName']); $catName = ($_GET['catName']);
$sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))"; $sql .= " AND (c.clean_name = '{$catName}' OR c.parentId IN (SELECT cs.id from categories cs where cs.clean_name = '{$catName}' ))";
} }

362
plugin/PayPalYPT/Objects/PayPalYPT_log.php
View file

@ -1,181 +1,181 @@
<?php <?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php'; require_once dirname(__FILE__) . '/../../../videos/configuration.php';
class PayPalYPT_log extends ObjectYPT class PayPalYPT_log extends ObjectYPT
{ {
protected $id; protected $id;
protected $agreement_id; protected $agreement_id;
protected $users_id; protected $users_id;
protected $json; protected $json;
protected $recurring_payment_id; protected $recurring_payment_id;
protected $value; protected $value;
protected $token; protected $token;
public static function getSearchFieldsNames() public static function getSearchFieldsNames()
{ {
return ['agreement_id', 'json', 'recurring_payment_id', 'token']; return ['agreement_id', 'json', 'recurring_payment_id', 'token'];
} }
public static function getTableName() public static function getTableName()
{ {
return 'PayPalYPT_log'; return 'PayPalYPT_log';
} }
public static function getAllUsers() public static function getAllUsers()
{ {
global $global; global $global;
$table = "users"; $table = "users";
$sql = "SELECT * FROM {$table} WHERE 1=1 "; $sql = "SELECT * FROM {$table} WHERE 1=1 ";
$sql .= self::getSqlFromPost(); $sql .= self::getSqlFromPost();
$res = sqlDAL::readSql($sql); $res = sqlDAL::readSql($sql);
$fullData = sqlDAL::fetchAllAssoc($res); $fullData = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
$rows = []; $rows = [];
if ($res != false) { if ($res != false) {
foreach ($fullData as $row) { foreach ($fullData as $row) {
$rows[] = $row; $rows[] = $row;
} }
} else { } else {
_error_log($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); _error_log($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
return $rows; return $rows;
} }
public function setId($id) public function setId($id)
{ {
$this->id = intval($id); $this->id = intval($id);
} }
public function setAgreement_id($agreement_id) public function setAgreement_id($agreement_id)
{ {
$this->agreement_id = $agreement_id; $this->agreement_id = $agreement_id;
} }
public function setUsers_id($users_id) public function setUsers_id($users_id)
{ {
$this->users_id = intval($users_id); $this->users_id = intval($users_id);
} }
public function setJson($json) public function setJson($json)
{ {
if (!is_string($json)) { if (!is_string($json)) {
$json = _json_encode($json); $json = _json_encode($json);
} }
$this->json = $json; $this->json = $json;
} }
public function setRecurring_payment_id($recurring_payment_id) public function setRecurring_payment_id($recurring_payment_id)
{ {
$this->recurring_payment_id = $recurring_payment_id; $this->recurring_payment_id = $recurring_payment_id;
} }
public function setValue($value) public function setValue($value)
{ {
$this->value = floatval($value); $this->value = floatval($value);
} }
public function setToken($token) public function setToken($token)
{ {
$this->token = $token; $this->token = $token;
} }
public function getId() public function getId()
{ {
return intval($this->id); return intval($this->id);
} }
public function getAgreement_id() public function getAgreement_id()
{ {
return $this->agreement_id; return $this->agreement_id;
} }
public function getUsers_id() public function getUsers_id()
{ {
return intval($this->users_id); return intval($this->users_id);
} }
public function getJson() public function getJson()
{ {
return $this->json; return $this->json;
} }
public function getRecurring_payment_id() public function getRecurring_payment_id()
{ {
return $this->recurring_payment_id; return $this->recurring_payment_id;
} }
public function getValue() public function getValue()
{ {
return floatval($this->value); return floatval($this->value);
} }
public function getToken() public function getToken()
{ {
return $this->token; return $this->token;
} }
public static function getFromToken($token) public static function getFromToken($token)
{ {
global $global; global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE token = ? LIMIT 1"; $sql = "SELECT * FROM " . static::getTableName() . " WHERE token = ? LIMIT 1";
// I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about // I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
$res = sqlDAL::readSql($sql, "s", [$token], true); $res = sqlDAL::readSql($sql, "s", [$token], true);
$data = sqlDAL::fetchAssoc($res); $data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if ($res) { if ($res) {
$row = $data; $row = $data;
} else { } else {
$row = false; $row = false;
} }
return $row; return $row;
} }
public static function getFromRecurringPaymentId($recurring_payment_id) public static function getFromRecurringPaymentId($recurring_payment_id)
{ {
global $global; global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE recurring_payment_id = ? LIMIT 1"; $sql = "SELECT * FROM " . static::getTableName() . " WHERE recurring_payment_id = ? LIMIT 1";
// I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about // I had to add this because the about from customize plugin was not loading on the about page http://127.0.0.1/AVideo/about
$res = sqlDAL::readSql($sql, "s", [$recurring_payment_id], true); $res = sqlDAL::readSql($sql, "s", [$recurring_payment_id], true);
$data = sqlDAL::fetchAssoc($res); $data = sqlDAL::fetchAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
if ($res) { if ($res) {
$row = $data; $row = $data;
} else { } else {
$row = false; $row = false;
} }
return $row; return $row;
} }
public static function getAllFromUser($users_id) public static function getAllFromUser($users_id)
{ {
global $global; global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = ? "; $sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = ? ";
$sql .= self::getSqlFromPost(); $sql .= self::getSqlFromPost();
$res = sqlDAL::readSql($sql, "i", [$users_id]); $res = sqlDAL::readSql($sql, "i", [$users_id]);
$fullData = sqlDAL::fetchAllAssoc($res); $fullData = sqlDAL::fetchAllAssoc($res);
sqlDAL::close($res); sqlDAL::close($res);
$rows = []; $rows = [];
if ($res != false) { if ($res != false) {
foreach ($fullData as $row) { foreach ($fullData as $row) {
$search = ['"get":{"json":"{', '}","success"']; $search = ['"get":{"json":"{', '}","success"'];
$replace = ['"get":{"json":{', '},"success"']; $replace = ['"get":{"json":{', '},"success"'];
$row['json'] = str_replace($search, $replace, $row['json']); $row['json'] = str_replace($search, $replace, $row['json']);
$rows[] = $row; $rows[] = $row;
} }
} else { } else {
_error_log($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); _error_log($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
return $rows; return $rows;
} }
public function save() public function save()
{ {
global $global; global $global;
$this->json = $global['mysqli']->real_escape_string($this->json); $this->json = ($this->json);
return parent::save(); return parent::save();
} }
} }

4
plugin/Scheduler/Objects/Scheduler_commands.php
View file

@ -102,7 +102,7 @@ class Scheduler_commands extends ObjectYPT {
global $global; global $global;
if(!is_string($parameters)){ if(!is_string($parameters)){
$parameters = _json_encode($parameters); $parameters = _json_encode($parameters);
$parameters = $global['mysqli']->real_escape_string($parameters); $parameters = ($parameters);
} }
$this->parameters = $parameters; $this->parameters = $parameters;
@ -158,7 +158,7 @@ class Scheduler_commands extends ObjectYPT {
function setExecuted($callbackResponse) { function setExecuted($callbackResponse) {
if (!is_string($callbackResponse)) { if (!is_string($callbackResponse)) {
$callbackResponse = json_encode($callbackResponse); $callbackResponse = json_encode($callbackResponse);
$callbackResponse = $global['mysqli']->real_escape_string($callbackResponse); $callbackResponse = ($callbackResponse);
} }
$this->setExecuted_in(date('Y-m-d H:i:s')); $this->setExecuted_in(date('Y-m-d H:i:s'));
$this->setCallbackResponse($callbackResponse); $this->setCallbackResponse($callbackResponse);

266
plugin/TopMenu/Objects/Menu.php
View file

@ -1,133 +1,133 @@
<?php <?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php'; require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php'; require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/user.php'; require_once dirname(__FILE__) . '/../../../objects/user.php';
class Menu extends ObjectYPT { class Menu extends ObjectYPT {
static $typeLeftMenu = 1; static $typeLeftMenu = 1;
static $typeTopMenu = 2; static $typeTopMenu = 2;
static $typeActionMenu = 3; static $typeActionMenu = 3;
static $typeActionMenuCustomURL = 4; static $typeActionMenuCustomURL = 4;
static $typeActionMenuCustomURLForLoggedUsers = 5; static $typeActionMenuCustomURLForLoggedUsers = 5;
static $typeActionMenuCustomURLForUsersThatCanWatchVideo = 6; static $typeActionMenuCustomURLForUsersThatCanWatchVideo = 6;
static $typeActionMenuCustomURLForUsersThatCanNotWatchVideo = 7; static $typeActionMenuCustomURLForUsersThatCanNotWatchVideo = 7;
static $typeMobileTabMenu = 8; static $typeMobileTabMenu = 8;
static $typeMobileLeftMenu = 9; static $typeMobileLeftMenu = 9;
static $typeMobileTabMenuInABrowser = 10; static $typeMobileTabMenuInABrowser = 10;
static $typeMobileLeftMenuInABrowser = 11; static $typeMobileLeftMenuInABrowser = 11;
static $typeName = array( static $typeName = array(
1=>'Left', 1=>'Left',
2=>'Top', 2=>'Top',
3=>'Action', 3=>'Action',
4=>'Action Per Video', 4=>'Action Per Video',
5=>'Action Per Video For Logged Users Only', 5=>'Action Per Video For Logged Users Only',
6=>'Action Per Video For Users That can Watch Video', 6=>'Action Per Video For Users That can Watch Video',
7=>'Action Per Video For Users That can NOT Watch Video', 7=>'Action Per Video For Users That can NOT Watch Video',
8=>'Mobile Tab Menu', 8=>'Mobile Tab Menu',
9=>'Mobile Left Menu', 9=>'Mobile Left Menu',
10=>'Mobile Tab Menu in a Browser', 10=>'Mobile Tab Menu in a Browser',
11=>'Mobile Left Menu in a Browser'); 11=>'Mobile Left Menu in a Browser');
protected $id, $menuName, $categories_id, $users_groups_id, $menu_order, $status, $position, $type, $icon, $menuSeoUrl; protected $id, $menuName, $categories_id, $users_groups_id, $menu_order, $status, $position, $type, $icon, $menuSeoUrl;
static function getSearchFieldsNames() { static function getSearchFieldsNames() {
return array(); return array();
} }
static function getTableName() { static function getTableName() {
return 'topMenu'; return 'topMenu';
} }
function setMenuName($menuName) { function setMenuName($menuName) {
$this->menuName = $menuName; $this->menuName = $menuName;
} }
function setCategories_id($categories_id) { function setCategories_id($categories_id) {
$this->categories_id = $categories_id; $this->categories_id = $categories_id;
} }
function setUsers_groups_id($users_groups_id) { function setUsers_groups_id($users_groups_id) {
$this->users_groups_id = $users_groups_id; $this->users_groups_id = $users_groups_id;
} }
function setMenu_order($menu_order) { function setMenu_order($menu_order) {
$this->menu_order = $menu_order; $this->menu_order = $menu_order;
} }
function setStatus($status) { function setStatus($status) {
$this->status = $status; $this->status = $status;
} }
function setPosition($position) { function setPosition($position) {
$this->position = $position; $this->position = $position;
} }
function setType($type) { function setType($type) {
$this->type = $type; $this->type = $type;
} }
function setIcon($icon) { function setIcon($icon) {
$this->icon = $icon; $this->icon = $icon;
} }
function setmenuSeoUrl($menuSeoUrl){ function setmenuSeoUrl($menuSeoUrl){
$this->menuSeoUrl=$menuSeoUrl; $this->menuSeoUrl=$menuSeoUrl;
} }
static function getAllActive($type=false) { static function getAllActive($type=false) {
global $global; global $global;
$sql = "SELECT * FROM ".static::getTableName()." WHERE status = 'active' "; $sql = "SELECT * FROM ".static::getTableName()." WHERE status = 'active' ";
if(!empty($type)){ if(!empty($type)){
$sql .= " AND type = $type "; $sql .= " AND type = $type ";
} }
$sql .= " ORDER BY menu_order "; $sql .= " ORDER BY menu_order ";
_mysql_connect(); _mysql_connect();
$res = $global['mysqli']->query($sql); $res = $global['mysqli']->query($sql);
$rows = array(); $rows = array();
if ($res) { if ($res) {
while ($row = $res->fetch_assoc()) { while ($row = $res->fetch_assoc()) {
$rows[] = $row; $rows[] = $row;
} }
} }
return $rows; return $rows;
} }
function save() { function save() {
global $global; global $global;
if(empty($this->menuName)){ if(empty($this->menuName)){
$this->menuName = 'Unknow Menu Name'; $this->menuName = 'Unknow Menu Name';
} }
if(empty($this->categories_id)){ if(empty($this->categories_id)){
$this->categories_id = 'null'; $this->categories_id = 'null';
} }
if(empty($this->users_groups_id)){ if(empty($this->users_groups_id)){
$this->users_groups_id = 'null'; $this->users_groups_id = 'null';
} }
if(empty($this->menu_order)){ if(empty($this->menu_order)){
$this->menu_order = 0; $this->menu_order = 0;
} }
if(empty($this->status)){ if(empty($this->status)){
$this->status = "active"; $this->status = "active";
} }
if(empty($this->position)){ if(empty($this->position)){
$this->position = "right"; $this->position = "right";
} }
if(empty($this->type)){ if(empty($this->type)){
$this->type = 1; $this->type = 1;
} }
if(empty($this->menuSeoUrl)){ if(empty($this->menuSeoUrl)){
$this->menuSeoUrl=$this->menuName; $this->menuSeoUrl=$this->menuName;
} }
$this->menuSeoUrl=$global['mysqli']->real_escape_string(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->menuSeoUrl))); $this->menuSeoUrl=(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->menuSeoUrl)));
return parent::save(); return parent::save();
} }
} }

284
plugin/TopMenu/Objects/MenuItem.php
View file

@ -1,142 +1,142 @@
<?php <?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php'; require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php'; require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/user.php'; require_once dirname(__FILE__) . '/../../../objects/user.php';
class MenuItem extends ObjectYPT { class MenuItem extends ObjectYPT {
protected $id, $title, $image, $url, $class, $style, $item_order, $topMenu_id, $status, $text, $icon, $clean_url, $menuSeoUrlItem; protected $id, $title, $image, $url, $class, $style, $item_order, $topMenu_id, $status, $text, $icon, $clean_url, $menuSeoUrlItem;
static function getSearchFieldsNames() { static function getSearchFieldsNames() {
return array(); return array();
} }
static function getTableName() { static function getTableName() {
return 'topMenu_items'; return 'topMenu_items';
} }
static function getAllFromMenu($menu_id, $activeOnly = false, $sort = true) { static function getAllFromMenu($menu_id, $activeOnly = false, $sort = true) {
global $global; global $global;
$menu_id = intval($menu_id); $menu_id = intval($menu_id);
if (empty($menu_id)) { if (empty($menu_id)) {
return false; return false;
} }
$sql = "SELECT * FROM " . static::getTableName() . " WHERE topMenu_id = {$menu_id}"; $sql = "SELECT * FROM " . static::getTableName() . " WHERE topMenu_id = {$menu_id}";
if ($activeOnly) { if ($activeOnly) {
$sql .= " AND status = 'active' "; $sql .= " AND status = 'active' ";
} }
if ($sort) { if ($sort) {
$sql .= " ORDER BY item_order "; $sql .= " ORDER BY item_order ";
} }
$res = $global['mysqli']->query($sql); $res = $global['mysqli']->query($sql);
$rows = array(); $rows = array();
if ($res) { if ($res) {
$webSiteRootURLParse = parse_url($global['webSiteRootURL']); $webSiteRootURLParse = parse_url($global['webSiteRootURL']);
$webSiteRootURLParse['host'] = strtolower($webSiteRootURLParse['host']); $webSiteRootURLParse['host'] = strtolower($webSiteRootURLParse['host']);
while ($row = $res->fetch_assoc()) { while ($row = $res->fetch_assoc()) {
$row['finalURL'] = $row['url']; $row['finalURL'] = $row['url'];
$row['target'] = ""; $row['target'] = "";
if (!empty($row['url']) && strpos($row['url'], 'iframe:') === false) {// it is not an iframe if (!empty($row['url']) && strpos($row['url'], 'iframe:') === false) {// it is not an iframe
$parse = parse_url($row['url']); $parse = parse_url($row['url']);
if (!empty($parse['host']) && strtolower($parse['host']) !== $webSiteRootURLParse['host']) {// it is to another domain if (!empty($parse['host']) && strtolower($parse['host']) !== $webSiteRootURLParse['host']) {// it is to another domain
$row['target'] = " target='_blank' rel='noopener noreferrer' "; $row['target'] = " target='_blank' rel='noopener noreferrer' ";
} }
} else { } else {
if (!empty($row['menuSeoUrlItem'])) { if (!empty($row['menuSeoUrlItem'])) {
$row['finalURL'] = $global['webSiteRootURL'] . "menu/{$row['menuSeoUrlItem']}"; $row['finalURL'] = $global['webSiteRootURL'] . "menu/{$row['menuSeoUrlItem']}";
} else { } else {
$row['finalURL'] = $global['webSiteRootURL'] . "plugin/TopMenu/?id={$row['id']}"; $row['finalURL'] = $global['webSiteRootURL'] . "plugin/TopMenu/?id={$row['id']}";
} }
} }
$rows[] = $row; $rows[] = $row;
} }
} else { } else {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
return $rows; return $rows;
} }
function setTitle($title) { function setTitle($title) {
$this->title = $title; $this->title = $title;
} }
function setImage($image) { function setImage($image) {
$this->image = $image; $this->image = $image;
} }
function setUrl($url) { function setUrl($url) {
$this->url = $url; $this->url = $url;
} }
function setClass($class) { function setClass($class) {
$this->class = $class; $this->class = $class;
} }
function setStyle($style) { function setStyle($style) {
$this->style = $style; $this->style = $style;
} }
function setItem_order($item_order) { function setItem_order($item_order) {
$this->item_order = intval($item_order); $this->item_order = intval($item_order);
} }
function setTopMenu_id($topMenu_id) { function setTopMenu_id($topMenu_id) {
$this->topMenu_id = intval($topMenu_id); $this->topMenu_id = intval($topMenu_id);
} }
function setStatus($status) { function setStatus($status) {
$this->status = $status; $this->status = $status;
} }
function setText($text) { function setText($text) {
$this->text = $text; $this->text = $text;
} }
function setIcon($icon) { function setIcon($icon) {
$this->icon = $icon; $this->icon = $icon;
} }
function setClean_url($clean_url) { function setClean_url($clean_url) {
$this->clean_url = $clean_url; $this->clean_url = $clean_url;
} }
function setmenuSeoUrlItem($menuSeoUrlItem) { function setmenuSeoUrlItem($menuSeoUrlItem) {
$this->menuSeoUrlItem = $menuSeoUrlItem; $this->menuSeoUrlItem = $menuSeoUrlItem;
} }
function save() { function save() {
global $global; global $global;
if (empty($this->title)) { if (empty($this->title)) {
$this->title = "Unknow Item Menu Title"; $this->title = "Unknow Item Menu Title";
} }
if (empty($this->status)) { if (empty($this->status)) {
$this->status = "active"; $this->status = "active";
} }
if (empty($this->menuSeoUrlItem)) { if (empty($this->menuSeoUrlItem)) {
$this->menuSeoUrlItem = $this->title; $this->menuSeoUrlItem = $this->title;
} }
$this->menuSeoUrlItem = $global['mysqli']->real_escape_string(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->title))); $this->menuSeoUrlItem = (preg_replace('/[^a-z0-9]+/', '_', strtolower($this->title)));
$this->title = $global['mysqli']->real_escape_string($this->title); $this->title = ($this->title);
$this->text = $global['mysqli']->real_escape_string($this->text); $this->text = ($this->text);
return parent::save(); return parent::save();
} }
function getTitle() { function getTitle() {
return $this->title; return $this->title;
} }
function getText() { function getText() {
return $this->text; return $this->text;
} }
function getUrl() { function getUrl() {
return $this->url; return $this->url;
} }
} }

2
plugin/TopMenu/TopMenu.php
View file

@ -91,7 +91,7 @@ class TopMenu extends PluginAbstract {
public function getidBySeoUrl($menuSeoUrlItem) { public function getidBySeoUrl($menuSeoUrlItem) {
global $global; global $global;
$sql="select id from topMenu_items where menuSeoUrlItem= ?"; $sql="select id from topMenu_items where menuSeoUrlItem= ?";
$res=sqlDal::readSql($sql, "s", array($global['mysqli']->real_escape_string($menuSeoUrlItem))); $res=sqlDal::readSql($sql, "s", array(($menuSeoUrlItem)));
$menuId=sqlDAL::fetchAssoc($res); $menuId=sqlDAL::fetchAssoc($res);
if(!isset($menuId['id'])) if(!isset($menuId['id']))
return false; return false;

238
plugin/YPTWallet/Objects/Wallet.php
View file

@ -1,119 +1,119 @@
<?php <?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php'; require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php'; require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/video.php'; require_once dirname(__FILE__) . '/../../../objects/video.php';
require_once dirname(__FILE__) . '/../../../objects/user.php'; require_once dirname(__FILE__) . '/../../../objects/user.php';
class Wallet extends ObjectYPT { class Wallet extends ObjectYPT {
protected $id, $balance, $users_id, $crypto_wallet_address; protected $id, $balance, $users_id, $crypto_wallet_address;
static function getSearchFieldsNames() { static function getSearchFieldsNames() {
return array(); return array();
} }
static function getTableName() { static function getTableName() {
return 'wallet'; return 'wallet';
} }
function getBalance() { function getBalance() {
if(empty($this->balance)){ if(empty($this->balance)){
return 0.0; return 0.0;
} }
return floatval($this->balance); return floatval($this->balance);
} }
function getId() { function getId() {
return $this->id; return $this->id;
} }
function setId($id) { function setId($id) {
$this->id = $id; $this->id = $id;
} }
function getUsers_id() { function getUsers_id() {
return $this->users_id; return $this->users_id;
} }
function setBalance($balance) { function setBalance($balance) {
$this->balance = floatval($balance); $this->balance = floatval($balance);
} }
function setUsers_id($users_id) { function setUsers_id($users_id) {
$this->loadFromUser($users_id); $this->loadFromUser($users_id);
$this->users_id = $users_id; $this->users_id = $users_id;
} }
// base64 is used to save hexa values as string in some databases // base64 is used to save hexa values as string in some databases
function getCrypto_wallet_address() { function getCrypto_wallet_address() {
return base64_decode($this->crypto_wallet_address); return base64_decode($this->crypto_wallet_address);
} }
function setCrypto_wallet_address($crypto_wallet_address) { function setCrypto_wallet_address($crypto_wallet_address) {
$this->crypto_wallet_address = base64_encode($crypto_wallet_address); $this->crypto_wallet_address = base64_encode($crypto_wallet_address);
} }
protected function loadFromUser($users_id) { protected function loadFromUser($users_id) {
$row = self::getFromUser($users_id); $row = self::getFromUser($users_id);
if (empty($row)) if (empty($row))
return false; return false;
foreach ($row as $key => $value) { foreach ($row as $key => $value) {
$this->$key = $value; $this->$key = $value;
} }
return true; return true;
} }
static function getFromUser($users_id) { static function getFromUser($users_id) {
global $global; global $global;
$users_id = intval($users_id); $users_id = intval($users_id);
$sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = $users_id LIMIT 1"; $sql = "SELECT * FROM " . static::getTableName() . " WHERE users_id = $users_id LIMIT 1";
$res = $global['mysqli']->query($sql); $res = $global['mysqli']->query($sql);
if ($res) { if ($res) {
$row = $res->fetch_assoc(); $row = $res->fetch_assoc();
$res->free();// do not cache the result $res->free();// do not cache the result
} else { } else {
$row = false; $row = false;
} }
return $row; return $row;
} }
static function getFromWalletId($wallet_id) { static function getFromWalletId($wallet_id) {
global $global; global $global;
$wallet_id = intval($wallet_id); $wallet_id = intval($wallet_id);
$sql = "SELECT u.*, w.* FROM " . static::getTableName() . " w " $sql = "SELECT u.*, w.* FROM " . static::getTableName() . " w "
. " LEFT JOIN users u ON u.id = users_id WHERE w.id = $wallet_id LIMIT 1"; . " LEFT JOIN users u ON u.id = users_id WHERE w.id = $wallet_id LIMIT 1";
//echo $sql; //echo $sql;
$res = $global['mysqli']->query($sql); $res = $global['mysqli']->query($sql);
if ($res) { if ($res) {
$row = $res->fetch_assoc(); $row = $res->fetch_assoc();
$row = cleanUpRowFromDatabase($row); $row = cleanUpRowFromDatabase($row);
} else { } else {
$row = false; $row = false;
} }
return $row; return $row;
} }
public function save() { public function save() {
global $global; global $global;
$this->balance = floatval($this->balance); $this->balance = floatval($this->balance);
$this->crypto_wallet_address = $global['mysqli']->real_escape_string($this->crypto_wallet_address); $this->crypto_wallet_address = ($this->crypto_wallet_address);
ObjectYPT::clearSessionCache(); ObjectYPT::clearSessionCache();
return parent::save(); return parent::save();
} }
static function getOrCreateFromUser($users_id) { static function getOrCreateFromUser($users_id) {
$wallet = self::getFromUser($users_id); $wallet = self::getFromUser($users_id);
if(empty($wallet)){ if(empty($wallet)){
$w = new Wallet(0); $w = new Wallet(0);
$w->setBalance(0); $w->setBalance(0);
$w->setCrypto_wallet_address(""); $w->setCrypto_wallet_address("");
$w->setUsers_id($users_id); $w->setUsers_id($users_id);
$w->save(); $w->save();
$wallet = self::getFromUser($users_id); $wallet = self::getFromUser($users_id);
} }
return $wallet; return $wallet;
} }
} }

360
plugin/YPTWallet/Objects/Wallet_log.php
View file

@ -1,180 +1,180 @@
<?php <?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php'; require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php'; require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/video.php'; require_once dirname(__FILE__) . '/../../../objects/video.php';
require_once dirname(__FILE__) . '/../../../objects/user.php'; require_once dirname(__FILE__) . '/../../../objects/user.php';
require_once $global['systemRootPath'].'plugin/YPTWallet/Objects/Wallet.php'; require_once $global['systemRootPath'].'plugin/YPTWallet/Objects/Wallet.php';
class WalletLog extends ObjectYPT { class WalletLog extends ObjectYPT {
protected $id, $value, $description, $wallet_id, $json_data, $status, $type, $information; protected $id, $value, $description, $wallet_id, $json_data, $status, $type, $information;
static function getSearchFieldsNames() { static function getSearchFieldsNames() {
return array(); return array();
} }
static function getTableName() { static function getTableName() {
return 'wallet_log'; return 'wallet_log';
} }
function getValue() { function getValue() {
return $this->value; return $this->value;
} }
function getDescription() { function getDescription() {
return $this->description; return $this->description;
} }
function getWallet_id() { function getWallet_id() {
return $this->wallet_id; return $this->wallet_id;
} }
function getJson_data() { function getJson_data() {
return $this->json_data; return $this->json_data;
} }
function setValue($value) { function setValue($value) {
$this->value = $value; $this->value = $value;
} }
function setDescription($description) { function setDescription($description) {
$this->description = $description; $this->description = $description;
} }
function setWallet_id($wallet_id) { function setWallet_id($wallet_id) {
$this->wallet_id = $wallet_id; $this->wallet_id = $wallet_id;
} }
function setJson_data($json_data) { function setJson_data($json_data) {
$this->json_data = $json_data; $this->json_data = $json_data;
} }
function getStatus() { function getStatus() {
return $this->status; return $this->status;
} }
function getType() { function getType() {
return $this->type; return $this->type;
} }
function setStatus($status) { function setStatus($status) {
$this->status = $status; $this->status = $status;
} }
function setType($type) { function setType($type) {
$this->type = $type; $this->type = $type;
} }
function getInformation() { function getInformation() {
return $this->information; return $this->information;
} }
function setInformation($information) { function setInformation($information) {
if(!is_string($information)){ if(!is_string($information)){
$information = _json_encode($information); $information = _json_encode($information);
} }
$this->information = $information; $this->information = $information;
} }
static function getAllFromWallet($wallet_id, $dontReturnEmpty = true, $status="") { static function getAllFromWallet($wallet_id, $dontReturnEmpty = true, $status="") {
global $global; global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE 1=1 "; $sql = "SELECT * FROM " . static::getTableName() . " WHERE 1=1 ";
if(!empty($wallet_id)){ if(!empty($wallet_id)){
$sql .= " AND wallet_id=$wallet_id "; $sql .= " AND wallet_id=$wallet_id ";
} }
if($dontReturnEmpty){ if($dontReturnEmpty){
$sql .= " AND value != 0.0 "; $sql .= " AND value != 0.0 ";
} }
if(!empty($status)){ if(!empty($status)){
$sql .= " AND status = '$status' "; $sql .= " AND status = '$status' ";
} }
$sql .= self::getSqlFromPost(); $sql .= self::getSqlFromPost();
$obj = AVideoPlugin::getObjectData("YPTWallet"); $obj = AVideoPlugin::getObjectData("YPTWallet");
$res = $global['mysqli']->query($sql); $res = $global['mysqli']->query($sql);
$rows = array(); $rows = array();
if ($res) { if ($res) {
while ($row = $res->fetch_assoc()) { while ($row = $res->fetch_assoc()) {
$row['valueText'] = YPTWallet::formatCurrency($row['value']); $row['valueText'] = YPTWallet::formatCurrency($row['value']);
$row['wallet'] = Wallet::getFromWalletId($row['wallet_id']); $row['wallet'] = Wallet::getFromWalletId($row['wallet_id']);
$row['user'] = $row['wallet']['user']; $row['user'] = $row['wallet']['user'];
$row['balance'] = $row['wallet']['balance']; $row['balance'] = $row['wallet']['balance'];
$row['crypto_wallet_address'] = ""; $row['crypto_wallet_address'] = "";
$rows[] = $row; $rows[] = $row;
} }
} else { } else {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error); die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
} }
return $rows; return $rows;
} }
static function getTotalFromWallet($wallet_id, $dontReturnEmpty = true, $status="") { static function getTotalFromWallet($wallet_id, $dontReturnEmpty = true, $status="") {
global $global; global $global;
$sql = "SELECT * FROM " . static::getTableName() . " WHERE 1=1 "; $sql = "SELECT * FROM " . static::getTableName() . " WHERE 1=1 ";
if(!empty($wallet_id)){ if(!empty($wallet_id)){
$sql .= " AND wallet_id=$wallet_id "; $sql .= " AND wallet_id=$wallet_id ";
} }
if($dontReturnEmpty){ if($dontReturnEmpty){
$sql .= " AND value != 0.0 "; $sql .= " AND value != 0.0 ";
} }
if(!empty($status)){ if(!empty($status)){
$sql .= " AND status = '$status' "; $sql .= " AND status = '$status' ";
} }
$sql .= self::getSqlSearchFromPost(); $sql .= self::getSqlSearchFromPost();
$res = $global['mysqli']->query($sql); $res = $global['mysqli']->query($sql);
if(!$res){ if(!$res){
return 0; return 0;
} }
return $res->num_rows; return $res->num_rows;
} }
static function getAllFromUser($users_id, $dontReturnEmpty = true) { static function getAllFromUser($users_id, $dontReturnEmpty = true) {
$wallet = Wallet::getFromUser($users_id); $wallet = Wallet::getFromUser($users_id);
if(empty($wallet)){ if(empty($wallet)){
return false; return false;
} }
return self::getAllFromWallet($wallet['id'], $dontReturnEmpty); return self::getAllFromWallet($wallet['id'], $dontReturnEmpty);
} }
static function getTotalFromUser($users_id, $dontReturnEmpty = true) { static function getTotalFromUser($users_id, $dontReturnEmpty = true) {
$wallet = Wallet::getFromUser($users_id); $wallet = Wallet::getFromUser($users_id);
if(empty($wallet)){ if(empty($wallet)){
return false; return false;
} }
return self::getTotalFromWallet($wallet['id'], $dontReturnEmpty); return self::getTotalFromWallet($wallet['id'], $dontReturnEmpty);
} }
static function addLog($wallet_id, $value, $description="", $json_data="{}", $status="success", $type="", $information=''){ static function addLog($wallet_id, $value, $description="", $json_data="{}", $status="success", $type="", $information=''){
$log = new WalletLog(0); $log = new WalletLog(0);
$log->setWallet_id($wallet_id); $log->setWallet_id($wallet_id);
$log->setValue($value); $log->setValue($value);
$log->setDescription($description); $log->setDescription($description);
$log->setJson_data($json_data); $log->setJson_data($json_data);
$log->setStatus($status); $log->setStatus($status);
$log->setType($type); $log->setType($type);
$log->setInformation($information); $log->setInformation($information);
return $log->save(); return $log->save();
} }
function save() { function save() {
global $global; global $global;
$this->description = $global['mysqli']->real_escape_string($this->description); $this->description = ($this->description);
$this->information = $global['mysqli']->real_escape_string($this->information); $this->information = ($this->information);
return parent::save(); return parent::save();
} }
} }

95
updatedb/updateDb.v12.0.sql Normal file
View file

@ -0,0 +1,95 @@
-- ### Credit
--
-- Discovered by Claudio Bozzato of Cisco Talos.
--
-- TALOS-2022-1534
--
-- Now the userUpdate.json.php requires a request from the same domain as the AVideo site
-- in aditional all save and delete database calls requires the same by default (a whitelist can be builded hardcoding it in the objects/Object.php file)
--
-- TALOS-2022-1535
--
-- Session ID will only change if you are not logged in
-- In case the session ID changed we will regenerate it with a new name avoiding reuse it
--
-- TALOS-2022-1536
--
-- plugin/Live/view/Live_schedule/add.json.php and objects/playlistAddNew.json.php will deny to update if the users_id is not = as the original record when it is editing
--
-- TALOS-2022-1537
--
-- Add a sanitize rule on the security file
--
--
-- TALOS-2022-1539
--
-- Add a sanitize rule on the view/img/image403.php file itself
--
-- TALOS-2022-1540
--
-- Video title and filename will always be sanitized on the setTitle method (sometimes more than once)
--
--
-- TALOS-2022-1542
--
-- httponly set to true
-- we are now using the passhash instead of the database pass in all site
-- the passhash is totally different than the original DB password, it a encrypted json and has an expiration time and also will be automatically rejected if the original password is updated
-- the login with the pass hash (database password field) directly will be disabled soon, for now it is only enabled to buy some time to update the other third parties apps
--
-- TALOS-2022-1545
--
-- Fixed on TALOS-2022-1542
--
-- TALOS-2022-1546
--
-- Filename is now sanitized with escapeshellarg(safeString($filename,true));
--
-- TALOS-2022-1538
--
-- all 4 parameters are sanitized now
-- also if the request does not come from the same site, the showAlertMessage() function will not be executed
--
-- TALOS-2022-1547
--
-- Now every time the admin login we will check if the new videos/.htaccess is there, and create it if it is not
-- <IfModule !authz_core_module>
-- Order Allow,Deny
-- Deny from all
-- </IfModule>
-- <IfModule authz_core_module>
-- Require all denied
-- </IfModule>
-- <filesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|ts|txt|mp4|mp3|m3u8|webp|key|css|tff|woff|woff2)$">
-- <IfModule !authz_core_module>
-- Order Allow,Deny
-- Allow from all
-- </IfModule>
-- <IfModule authz_core_module>
-- Require all granted
-- </IfModule>
-- </filesMatch>
--
-- this will only allow access to only some specific file types inside videos folder
--
-- TALOS-2022-1548
--
-- we now verify if is a valid URL properly, also we are using the escapeshellarg for URL and destination filename
--
-- TALOS-2022-1549
--
-- We now only download the downloadURL_image if it is a valid URL NOT localfiles any more
--
-- TALOS-2022-1551
--
-- All our classes were updated using the prepare statement to avoid sql injection
-- also `videoDownloadedLink` and `duration` are now sanitized
-- if you are editing anything we now "forbidIfItIsNotMyUsersId"
-- key and URL are now sanitized Clone plugin
--
-- TALOS-2022-1550
--
-- the url_get_contents now only download files from valid URLs or files from inside the cache folder
UPDATE configurations SET version = '12.0', modified = now() WHERE id = 1;