yetangitu/Oinktube
1
0
Fork 0
mirror of https://github.com/DanielnetoDotCom/YouPHPTube synced 2025-10-05 10:49:36 +02:00
Code Issues Releases Wiki Activity

Updates

Browse source
This commit is contained in:
Daniel Neto 2024-10-13 23:26:42 -03:00
parent 3c5ebfcba5
commit bc81ceb9ec
7 changed files with 63 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

4
objects/functionsLogs.php
View file

@ -90,8 +90,8 @@ function _error_log($message, $type = 0, $doNotRepeat = false)
$message = json_encode($message); $message = json_encode($message);
} }
if (isSchedulerRun() || !empty($global['printLogs'])) { if (isSchedulerRun() || !empty($global['printLogs'])) {
echo $message . PHP_EOL; //echo $message . PHP_EOL;
return false; //return false;
} }
if (empty($doNotRepeat)) { if (empty($doNotRepeat)) {
// do not log it too many times when you are using HLS format, other wise it will fill the log file with the same error // do not log it too many times when you are using HLS format, other wise it will fill the log file with the same error

55
objects/functionsPHP.php
View file

@ -328,7 +328,8 @@ function _session_start(array $options = [])
} }
if (!blackListRegenerateSession()) { if (!blackListRegenerateSession()) {
_error_log("captcha: session_id regenerated new session_id=" . session_id()); _error_log("captcha: session_id regenerated new session_id=" . session_id());
_session_regenerate_id(User::getId(), true); _session_regenerate_id(isset($_SESSION['user']) && isset($_SESSION['user']['id']) ? $_SESSION['user']['id'] : 0, true);
} }
return $session; return $session;
} else { } else {
@ -339,6 +340,8 @@ function _session_start(array $options = [])
$start = microtime(true); $start = microtime(true);
//_error_log('session_start 1'); //_error_log('session_start 1');
$session = @session_start($options); $session = @session_start($options);
_session_regenerate_id(isset($_SESSION['user']) && isset($_SESSION['user']['id']) ? $_SESSION['user']['id'] : 0);
//_error_log('session_id '. session_id().' line='.__LINE__.' IP:'.getRealIpAddr().json_encode($options)); //_error_log('session_id '. session_id().' line='.__LINE__.' IP:'.getRealIpAddr().json_encode($options));
//_error_log('session_start 2'); //_error_log('session_start 2');
$takes = microtime(true) - $start; $takes = microtime(true) - $start;
@ -355,38 +358,44 @@ function _session_start(array $options = [])
} }
} }
function _session_regenerate_id($users_id=0, $force = false) function _session_regenerate_id($users_id = 0, $force = false)
{ {
$session = $_SESSION;
$users_id = intval($users_id); $users_id = intval($users_id);
$prefix = "UID_{$users_id}_"; $prefix = "UID_{$users_id}_";
// If force is true or the session ID does not start with the correct prefix, regenerate it // If force is true or the session ID does not start with the correct prefix, rename it
if ($force || strpos(session_id(), $prefix) !== 0) { if ($force || strpos(session_id(), $prefix) !== 0) {
// Create a new session ID with the prefix and timestamp // Call the renaming function to generate a new session ID with the given prefix and user ID
$newSessionId = $prefix . time() . '_' . bin2hex(random_bytes(8)); // Add random bytes for security rename_session_id($users_id);
$_SESSION = array();
// Regenerate the session ID and preserve the current session data
session_regenerate_id(true);
// Set the new session ID manually
session_id($newSessionId);
// Reset the cookies with the new session ID
_resetcookie('PHPSESSID', session_id());
_resetcookie(session_name(), session_id());
// Restore session data
$_SESSION = $session;
_error_log("Session ID regenerated with prefix: " . session_id()); _error_log("Session ID regenerated with prefix: " . session_id());
} }
} }
// New function to rename session ID
function rename_session_id($users_id = 0)
{
$session = $_SESSION; // Store the current session data
// Generate the new session ID with the prefix and user ID
$newSessionId = 'UID_' . $users_id . '_' . time() . '_' . bin2hex(random_bytes(8));
session_write_close(); // Write the session data and close it to allow session ID change
// Change the session ID
session_id($newSessionId);
session_start(); // Restart the session with the new session ID
$_SESSION = $session; // Restore the session data
// Reset the session cookie to use the new session ID
_resetcookie('PHPSESSID', session_id());
_resetcookie(session_name(), session_id());
_error_log("Session ID renamed to: " . session_id());
}
function uniqidV4() function uniqidV4()
{ {
$randomString = openssl_random_pseudo_bytes(16); $randomString = openssl_random_pseudo_bytes(16);

2
objects/phpsessionid.json.php
View file

@ -1,6 +1,6 @@
<?php <?php
global $global, $config; global $global, $config;
$doNotConnectDatabaseIncludeConfig = 1;
require_once __DIR__.'/../videos/configuration.php'; require_once __DIR__.'/../videos/configuration.php';
header('Content-Type: application/json'); header('Content-Type: application/json');

3
objects/user.php
View file

@ -1215,7 +1215,8 @@ if (typeof gtag !== \"function\") {
$_SESSION['loginAttempts'] = 0; $_SESSION['loginAttempts'] = 0;
// Call custom session regenerate logic // Call custom session regenerate logic
_session_regenerate_id($_SESSION['user']['id']); // this was regenerating the session all the time, making harder to save info in the session
_session_regenerate_id();
_session_write_close(); _session_write_close();

24
plugin/Live/latestOrLive.php
View file

@ -168,6 +168,7 @@ if (!empty($_REQUEST['isClosed'])) {
<title><?php echo $objectToReturnToParentIframe->title; ?></title> <title><?php echo $objectToReturnToParentIframe->title; ?></title>
<link href="<?php echo getURL('view/bootstrap/css/bootstrap.min.css'); ?>" rel="stylesheet" type="text/css" /> <link href="<?php echo getURL('view/bootstrap/css/bootstrap.min.css'); ?>" rel="stylesheet" type="text/css" />
<link href="<?php echo getURL('node_modules/@fortawesome/fontawesome-free/css/all.min.css'); ?>" rel="stylesheet" type="text/css" /> <link href="<?php echo getURL('node_modules/@fortawesome/fontawesome-free/css/all.min.css'); ?>" rel="stylesheet" type="text/css" />
<script src="<?php echo getURL('view/js/session.js'); ?>" type="text/javascript"></script>
<script src="<?php echo getURL('node_modules/jquery/dist/jquery.min.js'); ?>" type="text/javascript"></script> <script src="<?php echo getURL('node_modules/jquery/dist/jquery.min.js'); ?>" type="text/javascript"></script>
<style> <style>
body { body {
@ -200,29 +201,6 @@ if (!empty($_REQUEST['isClosed'])) {
?> ?>
var webSiteRootURL = '<?php echo $global['webSiteRootURL']; ?>'; var webSiteRootURL = '<?php echo $global['webSiteRootURL']; ?>';
var player; var player;
// Create a variable to hold the session ID
var PHPSESSID = null;
// Function to load the session ID via AJAX
function loadPHPSessionID() {
fetch('objects/phpsessionid.json.php', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Cache-Control': 'no-cache'
}
})
.then(response => response.json())
.then(data => {
PHPSESSID = data.phpsessid; // Assign the session ID to the variable
console.log('PHPSESSID loaded:', PHPSESSID); // You can remove this in production
})
.catch(error => {
console.error('Error loading PHPSESSID:', error);
});
}
// Load the session ID as fast as possible
window.addEventListener('DOMContentLoaded', loadPHPSessionID);
</script> </script>
<?php <?php
echo AVideoPlugin::getHeadCode(); echo AVideoPlugin::getHeadCode();

24
view/include/head.php
View file

@ -88,6 +88,7 @@ if (!isCommandLineInterface()) {
<link rel="shortcut icon" href="<?php echo $config->getFavicon(); ?>" sizes="16x16,24x24,32x32,48x48,144x144"> <link rel="shortcut icon" href="<?php echo $config->getFavicon(); ?>" sizes="16x16,24x24,32x32,48x48,144x144">
<meta name="msapplication-TileImage" content="<?php echo $config->getFavicon(true); ?>"> <meta name="msapplication-TileImage" content="<?php echo $config->getFavicon(true); ?>">
<meta name="robots" content="index, follow" /> <meta name="robots" content="index, follow" />
<script src="<?php echo getURL('view/js/session.js'); ?>" type="text/javascript"></script>
<link href="<?php echo getURL('node_modules/@fortawesome/fontawesome-free/css/all.min.css'); ?>" rel="stylesheet" type="text/css" /> <link href="<?php echo getURL('node_modules/@fortawesome/fontawesome-free/css/all.min.css'); ?>" rel="stylesheet" type="text/css" />
<?php <?php
@ -188,29 +189,6 @@ if (isRTL()) {
var _serverSystemTimezone = "<?php echo (getSystemTimezone()); ?>"; var _serverSystemTimezone = "<?php echo (getSystemTimezone()); ?>";
var avideoModalIframeFullScreenCloseButton = <?php echo json_encode(getHamburgerButton('avideoModalIframeFullScreenCloseButton', 2, 'class="btn btn-default pull-left hamburger " onclick="avideoModalIframeFullScreenClose();"', true)); ?>; var avideoModalIframeFullScreenCloseButton = <?php echo json_encode(getHamburgerButton('avideoModalIframeFullScreenCloseButton', 2, 'class="btn btn-default pull-left hamburger " onclick="avideoModalIframeFullScreenClose();"', true)); ?>;
var avideoModalIframeFullScreenCloseButtonSmall = <?php echo json_encode(getHamburgerButton('avideoModalIframeFullScreenCloseButton', 4, 'class="btn btn-default btn-sm pull-left hamburger " onclick="avideoModalIframeFullScreenClose();"', true)); ?>; var avideoModalIframeFullScreenCloseButtonSmall = <?php echo json_encode(getHamburgerButton('avideoModalIframeFullScreenCloseButton', 4, 'class="btn btn-default btn-sm pull-left hamburger " onclick="avideoModalIframeFullScreenClose();"', true)); ?>;
// Create a variable to hold the session ID
var PHPSESSID = null;
// Function to load the session ID via AJAX
function loadPHPSessionID() {
fetch('objects/phpsessionid.json.php', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Cache-Control': 'no-cache'
}
})
.then(response => response.json())
.then(data => {
PHPSESSID = data.phpsessid; // Assign the session ID to the variable
console.log('PHPSESSID loaded:', PHPSESSID); // You can remove this in production
})
.catch(error => {
console.error('Error loading PHPSESSID:', error);
});
}
// Load the session ID as fast as possible
window.addEventListener('DOMContentLoaded', loadPHPSessionID);
</script> </script>
<?php <?php
if (!isOffline() && !$config->getDisable_analytics()) { if (!isOffline() && !$config->getDisable_analytics()) {

23
view/js/session.js Normal file
View file

@ -0,0 +1,23 @@
// Create a variable to hold the session ID
var PHPSESSID = null;
// Function to load the session ID via AJAX
function loadPHPSessionID() {
fetch(webSiteRootURL + 'objects/phpsessionid.json.php', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Cache-Control': 'no-cache'
}
})
.then(response => response.json())
.then(data => {
PHPSESSID = data.phpsessid; // Assign the session ID to the variable
console.log('PHPSESSID loaded:', PHPSESSID); // You can remove this in production
})
.catch(error => {
console.error('Error loading PHPSESSID:', error);
});
}
// Load the session ID as fast as possible
window.addEventListener('DOMContentLoaded', loadPHPSessionID);