yetangitu/Oinktube
1
0
Fork 0
mirror of https://github.com/DanielnetoDotCom/YouPHPTube synced 2025-10-06 03:50:04 +02:00
Code Issues Releases Wiki Activity

https://github.com/WWBN/AVideo/issues/9492#issuecomment-2409505879

Browse source
This commit is contained in:
Daniel Neto 2024-10-13 22:39:30 -03:00
parent 7dbebd22c5
commit 3c5ebfcba5
5 changed files with 123 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

27
objects/functionsPHP.php
View file

@ -328,7 +328,7 @@ function _session_start(array $options = [])
} }
if (!blackListRegenerateSession()) { if (!blackListRegenerateSession()) {
_error_log("captcha: session_id regenerated new session_id=" . session_id()); _error_log("captcha: session_id regenerated new session_id=" . session_id());
_session_regenerate_id(); _session_regenerate_id(User::getId(), true);
} }
return $session; return $session;
} else { } else {
@ -355,13 +355,36 @@ function _session_start(array $options = [])
} }
} }
function _session_regenerate_id() function _session_regenerate_id($users_id=0, $force = false)
{ {
$session = $_SESSION; $session = $_SESSION;
$users_id = intval($users_id);
$prefix = "UID_{$users_id}_";
// If force is true or the session ID does not start with the correct prefix, regenerate it
if ($force || strpos(session_id(), $prefix) !== 0) {
// Create a new session ID with the prefix and timestamp
$newSessionId = $prefix . time() . '_' . bin2hex(random_bytes(8)); // Add random bytes for security
$_SESSION = array();
// Regenerate the session ID and preserve the current session data
session_regenerate_id(true); session_regenerate_id(true);
// Set the new session ID manually
session_id($newSessionId);
// Reset the cookies with the new session ID
_resetcookie('PHPSESSID', session_id()); _resetcookie('PHPSESSID', session_id());
_resetcookie(session_name(), session_id()); _resetcookie(session_name(), session_id());
// Restore session data
$_SESSION = $session; $_SESSION = $session;
_error_log("Session ID regenerated with prefix: " . session_id());
}
} }
function uniqidV4() function uniqidV4()

10
objects/phpsessionid.json.php Normal file
View file

@ -0,0 +1,10 @@
<?php
global $global, $config;
require_once __DIR__.'/../videos/configuration.php';
header('Content-Type: application/json');
$obj = new stdClass();
$obj->phpsessid = session_id();
echo _json_encode($obj);

18
objects/user.php
View file

@ -1152,14 +1152,16 @@ if (typeof gtag !== \"function\") {
{ {
global $global, $advancedCustom, $advancedCustomUser, $config; global $global, $advancedCustom, $advancedCustomUser, $config;
require_once $global['systemRootPath'] . 'plugin/AVideoPlugin.php'; require_once $global['systemRootPath'] . 'plugin/AVideoPlugin.php';
if (!class_exists('AVideoPlugin')) { if (!class_exists('AVideoPlugin')) {
_error_log("ERROR login($noPass, $encodedPass, $ignoreEmailVerification) " . json_encode(debug_backtrace())); _error_log("ERROR login($noPass, $encodedPass, $ignoreEmailVerification) " . json_encode(debug_backtrace()));
return self::SYSTEM_ERROR; return self::SYSTEM_ERROR;
} }
if (User::isLogged()) { if (User::isLogged()) {
//_error_log('User:login is already logged '.json_encode($_SESSION['user']['id']));
return self::USER_LOGGED; return self::USER_LOGGED;
} }
if (class_exists('AVideoPlugin')) { if (class_exists('AVideoPlugin')) {
if (empty($advancedCustomUser)) { if (empty($advancedCustomUser)) {
$advancedCustomUser = AVideoPlugin::getObjectData("CustomizeUser"); $advancedCustomUser = AVideoPlugin::getObjectData("CustomizeUser");
@ -1172,7 +1174,7 @@ if (typeof gtag !== \"function\") {
if (strtolower($encodedPass) === 'false') { if (strtolower($encodedPass) === 'false') {
$encodedPass = false; $encodedPass = false;
} }
//_error_log("user::login: noPass = $noPass, encodedPass = $encodedPass, this->user, $this->user " . getRealIpAddr());
if ($noPass) { if ($noPass) {
$user = $this->find($this->user, false, true); $user = $this->find($this->user, false, true);
} else { } else {
@ -1183,10 +1185,10 @@ if (typeof gtag !== \"function\") {
_error_log('login Captcha error ' . $_SERVER['HTTP_USER_AGENT']); _error_log('login Captcha error ' . $_SERVER['HTTP_USER_AGENT']);
return self::CAPTCHA_ERROR; return self::CAPTCHA_ERROR;
} }
ObjectYPT::clearSessionCache(); ObjectYPT::clearSessionCache();
_session_start(); _session_start();
// check for multiple logins attempts to prevent hacking end
// if user is not verified
if (empty($ignoreEmailVerification) && !empty($user) && empty($user['isAdmin']) && empty($user['emailVerified']) && !empty($advancedCustomUser->unverifiedEmailsCanNOTLogin)) { if (empty($ignoreEmailVerification) && !empty($user) && empty($user['isAdmin']) && empty($user['emailVerified']) && !empty($advancedCustomUser->unverifiedEmailsCanNOTLogin)) {
unset($_SESSION['user']); unset($_SESSION['user']);
self::sendVerificationLink($user['id']); self::sendVerificationLink($user['id']);
@ -1211,11 +1213,13 @@ if (typeof gtag !== \"function\") {
AVideoPlugin::onUserSignIn($_SESSION['user']['id']); AVideoPlugin::onUserSignIn($_SESSION['user']['id']);
$_SESSION['loginAttempts'] = 0; $_SESSION['loginAttempts'] = 0;
// this was regenerating the session all the time, making harder to save info in the session
//_session_regenerate_id(); // Call custom session regenerate logic
_session_regenerate_id($_SESSION['user']['id']);
_session_write_close(); _session_write_close();
_error_log("User:login finish with success users_id= {$_SESSION['user']['id']} {$_SERVER['HTTP_USER_AGENT']} IP=" . getRealIpAddr().json_encode(debug_backtrace())); _error_log("User:login finish with success users_id= {$_SESSION['user']['id']} {$_SERVER['HTTP_USER_AGENT']} IP=" . getRealIpAddr() . json_encode(debug_backtrace()));
return self::USER_LOGGED; return self::USER_LOGGED;
} else { } else {
unset($_SESSION['user']); unset($_SESSION['user']);

24
plugin/Live/latestOrLive.php
View file

@ -200,7 +200,29 @@ if (!empty($_REQUEST['isClosed'])) {
?> ?>
var webSiteRootURL = '<?php echo $global['webSiteRootURL']; ?>'; var webSiteRootURL = '<?php echo $global['webSiteRootURL']; ?>';
var player; var player;
var PHPSESSID = "<?php echo session_id(); ?>"; // Create a variable to hold the session ID
var PHPSESSID = null;
// Function to load the session ID via AJAX
function loadPHPSessionID() {
fetch('objects/phpsessionid.json.php', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Cache-Control': 'no-cache'
}
})
.then(response => response.json())
.then(data => {
PHPSESSID = data.phpsessid; // Assign the session ID to the variable
console.log('PHPSESSID loaded:', PHPSESSID); // You can remove this in production
})
.catch(error => {
console.error('Error loading PHPSESSID:', error);
});
}
// Load the session ID as fast as possible
window.addEventListener('DOMContentLoaded', loadPHPSessionID);
</script> </script>
<?php <?php
echo AVideoPlugin::getHeadCode(); echo AVideoPlugin::getHeadCode();

46
view/include/head.php
View file

@ -37,7 +37,7 @@ if (!empty($poster) && !empty($video['description'])) {
TimeLogEnd($timeLogHead, __LINE__); TimeLogEnd($timeLogHead, __LINE__);
if (!empty($_REQUEST['catName'])) { if (!empty($_REQUEST['catName'])) {
$category = Category::getCategoryByName($_REQUEST['catName']); $category = Category::getCategoryByName($_REQUEST['catName']);
if(!empty($category)){ if (!empty($category)) {
$description = str_replace(['"', "\n", "\r"], ["", "", ""], strip_tags("{$category['description']}")); $description = str_replace(['"', "\n", "\r"], ["", "", ""], strip_tags("{$category['description']}"));
$custom = []; $custom = [];
$custom[] = $description; $custom[] = $description;
@ -69,11 +69,11 @@ if (!empty($head_videos_id)) {
echo $tags['head']; echo $tags['head'];
} }
if(!isCommandLineInterface()){ if (!isCommandLineInterface()) {
$swRegister = getURL('view/js/swRegister.js'); $swRegister = getURL('view/js/swRegister.js');
$swRegister = addQueryStringParameter($swRegister, 'webSiteRootURL', $global['webSiteRootURL']); $swRegister = addQueryStringParameter($swRegister, 'webSiteRootURL', $global['webSiteRootURL']);
?> ?>
<script class="doNotSepareteTag" src="<?php echo $swRegister; ?>" type="text/javascript"></script> <script class="doNotSepareteTag" src="<?php echo $swRegister; ?>" type="text/javascript"></script>
<?php <?php
} }
?> ?>
@ -100,7 +100,7 @@ if (!isBot()) {
<link href="<?php echo getURL('node_modules/jquery-ui-dist/jquery-ui.min.css'); ?>" rel="stylesheet" type="text/css" /> <link href="<?php echo getURL('node_modules/jquery-ui-dist/jquery-ui.min.css'); ?>" rel="stylesheet" type="text/css" />
<link href="<?php echo getURL('view/css/flagstrap/css/flags.css'); ?>" rel="stylesheet" type="text/css" /> <link href="<?php echo getURL('view/css/flagstrap/css/flags.css'); ?>" rel="stylesheet" type="text/css" />
<link href="<?php echo getURL('view/css/social.css'); ?>" rel="stylesheet" type="text/css" /> <link href="<?php echo getURL('view/css/social.css'); ?>" rel="stylesheet" type="text/css" />
<script src="<?php echo getURL('locale/function.js.php'); ?>&lang=<?php echo revertLangString(getLanguage()); ?>" ></script> <script src="<?php echo getURL('locale/function.js.php'); ?>&lang=<?php echo revertLangString(getLanguage()); ?>"></script>
<?php <?php
} }
if (!isVideo()) { if (!isVideo()) {
@ -114,7 +114,7 @@ if (!isVideo()) {
$metaDescription .= getSEOComplement(["addAutoPrefix" => false]); $metaDescription .= getSEOComplement(["addAutoPrefix" => false]);
$metaDescription = getSEODescription($metaDescription); $metaDescription = getSEODescription($metaDescription);
echo '<meta name="description" content="' . $metaDescription . '">'; echo '<meta name="description" content="' . $metaDescription . '">';
}else if(isEmbed()){ } else if (isEmbed()) {
echo '<style>body{background-color: #000;}</style>'; echo '<style>body{background-color: #000;}</style>';
} }
//var_dump($metaDescription);var_dump(debug_backtrace());exit; //var_dump($metaDescription);var_dump(debug_backtrace());exit;
@ -127,14 +127,14 @@ include $global['systemRootPath'] . 'view/include/bootstrap.css.php';
?> ?>
<?php <?php
TimeLogEnd($timeLogHead, __LINE__); TimeLogEnd($timeLogHead, __LINE__);
if(!empty($theme)){ if (!empty($theme)) {
?> ?>
<link href="<?php echo getURL('view/css/custom/' . $theme . '.css'); ?>" rel="stylesheet" type="text/css" id="customCSS" /> <link href="<?php echo getURL('view/css/custom/' . $theme . '.css'); ?>" rel="stylesheet" type="text/css" id="customCSS" />
<?php <?php
if($isCurrentThemeDark){ if ($isCurrentThemeDark) {
?> ?>
<link href="<?php echo getURL('view/css/dark.css'); ?>" rel="stylesheet" type="text/css" id="customCSS" /> <link href="<?php echo getURL('view/css/dark.css'); ?>" rel="stylesheet" type="text/css" id="customCSS" />
<?php <?php
} }
} }
if (empty($global['userBootstrapLatest'])) { if (empty($global['userBootstrapLatest'])) {
@ -163,7 +163,7 @@ if ($theme === "default" && !empty($customizePlugin->showCustomCSS) && file_exis
TimeLogEnd($timeLogHead, __LINE__); TimeLogEnd($timeLogHead, __LINE__);
if (isRTL()) { if (isRTL()) {
?> ?>
<link href="<?php echo getURL('view/css/rtl.css'); ?>" rel="stylesheet" type="text/css"/> <link href="<?php echo getURL('view/css/rtl.css'); ?>" rel="stylesheet" type="text/css" />
<?php <?php
} }
?> ?>
@ -175,7 +175,7 @@ if (isRTL()) {
var my_identification = <?php echo json_encode(User::getNameIdentification()); ?>; var my_identification = <?php echo json_encode(User::getNameIdentification()); ?>;
var mediaId = <?php echo json_encode(getVideos_id()); ?>; var mediaId = <?php echo json_encode(getVideos_id()); ?>;
var player; var player;
var isCurrentThemeDark = <?php echo !empty($isCurrentThemeDark)?1:0 ; ?>; var isCurrentThemeDark = <?php echo !empty($isCurrentThemeDark) ? 1 : 0; ?>;
var externalReferrer = '<?php echo storeAndGetExternalReferrer(); ?>'; var externalReferrer = '<?php echo storeAndGetExternalReferrer(); ?>';
</script> </script>
@ -188,7 +188,29 @@ if (isRTL()) {
var _serverSystemTimezone = "<?php echo (getSystemTimezone()); ?>"; var _serverSystemTimezone = "<?php echo (getSystemTimezone()); ?>";
var avideoModalIframeFullScreenCloseButton = <?php echo json_encode(getHamburgerButton('avideoModalIframeFullScreenCloseButton', 2, 'class="btn btn-default pull-left hamburger " onclick="avideoModalIframeFullScreenClose();"', true)); ?>; var avideoModalIframeFullScreenCloseButton = <?php echo json_encode(getHamburgerButton('avideoModalIframeFullScreenCloseButton', 2, 'class="btn btn-default pull-left hamburger " onclick="avideoModalIframeFullScreenClose();"', true)); ?>;
var avideoModalIframeFullScreenCloseButtonSmall = <?php echo json_encode(getHamburgerButton('avideoModalIframeFullScreenCloseButton', 4, 'class="btn btn-default btn-sm pull-left hamburger " onclick="avideoModalIframeFullScreenClose();"', true)); ?>; var avideoModalIframeFullScreenCloseButtonSmall = <?php echo json_encode(getHamburgerButton('avideoModalIframeFullScreenCloseButton', 4, 'class="btn btn-default btn-sm pull-left hamburger " onclick="avideoModalIframeFullScreenClose();"', true)); ?>;
var PHPSESSID = "<?php echo session_id(); ?>"; // Create a variable to hold the session ID
var PHPSESSID = null;
// Function to load the session ID via AJAX
function loadPHPSessionID() {
fetch('objects/phpsessionid.json.php', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Cache-Control': 'no-cache'
}
})
.then(response => response.json())
.then(data => {
PHPSESSID = data.phpsessid; // Assign the session ID to the variable
console.log('PHPSESSID loaded:', PHPSESSID); // You can remove this in production
})
.catch(error => {
console.error('Error loading PHPSESSID:', error);
});
}
// Load the session ID as fast as possible
window.addEventListener('DOMContentLoaded', loadPHPSessionID);
</script> </script>
<?php <?php
if (!isOffline() && !$config->getDisable_analytics()) { if (!isOffline() && !$config->getDisable_analytics()) {