0b7e2d0a5b
- Created complete documentation in docs/ directory - Added PROJECT_OVERVIEW.md with feature highlights and getting started guide - Added ARCHITECTURE.md with system design and technical details - Added SECURITY.md with comprehensive security implementation guide - Added DEVELOPMENT.md with development workflows and best practices - Added DEPLOYMENT.md with production deployment instructions - Added API.md with complete REST API documentation - Added CONTRIBUTING.md with contribution guidelines - Added CHANGELOG.md with version history and migration notes - Reorganized all documentation files into docs/ directory for better organization - Updated README.md with proper documentation links and quick navigation - Enhanced project structure with professional documentation standards
161 lines
6.7 KiB
PHP
161 lines
6.7 KiB
PHP
<?php
|
|
/*******************************************************************************************************************
|
|
| Software Name : EasyStream
|
|
| Software Description : High End YouTube Clone Script with Videos, Shorts, Streams, Images, Audio, Documents, Blogs
|
|
| Software Author : (c) Sami Ahmed
|
|
|*******************************************************************************************************************
|
|
|
|
|
|*******************************************************************************************************************
|
|
| This source file is subject to the EasyStream Proprietary License Agreement.
|
|
|
|
|
| By using this software, you acknowledge having read this Agreement and agree to be bound thereby.
|
|
|*******************************************************************************************************************
|
|
| Copyright (c) 2025 Sami Ahmed. All rights reserved.
|
|
|*******************************************************************************************************************/
|
|
|
|
define('_ISVALID', true);
|
|
|
|
$main_dir = realpath(dirname(__FILE__) . '/../../../');
|
|
set_include_path($main_dir);
|
|
|
|
include_once 'f_core/config.core.php';
|
|
include_once 'f_core/f_classes/class.conversion.php';
|
|
|
|
include_once $class_language->setLanguageFile('frontend', 'language.global');
|
|
|
|
$host = array('127.0.0.1');
|
|
|
|
if ($cfg["live_module"] == 0 or $cfg["live_uploads"] == 0 or !in_array($_SERVER[REM_ADDR], $host)) {
|
|
error("error[publish][host_not_in_array]");
|
|
}
|
|
|
|
$error = false;
|
|
$check = false;
|
|
$notify = true;
|
|
$type = 'live';
|
|
$app = $class_filter->clr_str($_GET["app"]);
|
|
$name = $class_filter->clr_str($_GET["name"]);
|
|
$name = str_replace(array('_360p', '_480p', '_720p', '_src', '_hls'), array('', '', '', '', ''), $name);
|
|
$apps = array('cast', 'live', 'play', 'sbr', 'mbr', 'srv1', 'srv2', 'srv1-local-off', 'srv2-local', 'vods', 'vods1-local', 'vods2-local', 'elive', 'esrv1', 'evods');
|
|
|
|
if ($app == 'srv1' or $app == 'srv1-local' or $app == 'esrv1' or $app == 'evods' or $app == 'vods' or $app == 'vods1-local') {exit;}
|
|
|
|
if (strlen($_GET["q"]) === 32 and ctype_xdigit($_GET["q"])) {
|
|
$pwd = $class_filter->clr_str(strrev($_GET["q"]));
|
|
$q = sprintf("SELECT A.`db_id`, A.`usr_id`, A.`stream_vod`, A.`file_key`, A.`stream_live`, B.`usr_key` FROM `db_%sfiles` A, `db_accountuser` B WHERE A.`usr_id`=B.`usr_id` AND A.`stream_key`='%s' AND A.`stream_ended`='0' AND A.`stream_key_active`='1' AND A.`approved`='1' AND A.`deleted`='0' AND A.`active`='1' LIMIT 1;", $type, $name);
|
|
$r = $db->execute($q);
|
|
|
|
$usr_id = $r->fields["usr_id"];
|
|
$usr_key = $r->fields["usr_key"];
|
|
$pass = md5($usr_id . $usr_key . $cfg["global_salt_key"]);
|
|
$check = $pass == $pwd ? true : false;
|
|
|
|
if (!$check) {
|
|
$error = 'md5_check';
|
|
}
|
|
if (!$error) {
|
|
if (!in_array($app, $apps)) {
|
|
$error = 'app_not_in_array_md5';
|
|
}
|
|
}
|
|
if ($error) {
|
|
error("error[auth][$error]");
|
|
}
|
|
} else {
|
|
$pwd = $class_filter->clr_str(urlencode($_GET["q"]));
|
|
$dec = explode(':', secured_decrypt(rawurldecode($pwd)));
|
|
|
|
if (isset($dec[0]) and isset($dec[1]) and isset($dec[2])) {
|
|
$usr_id = (int) $dec[0];
|
|
$usr_key = (int) $dec[1];
|
|
$salt_key = $class_filter->clr_str($dec[2]);
|
|
if ($salt_key === $cfg["global_salt_key"]) {
|
|
$check = true;
|
|
} else {
|
|
$error = 'salt_key_check';
|
|
}
|
|
} else {
|
|
$error = 'secured_decrypt';
|
|
}
|
|
|
|
if (!$error) {
|
|
if (!in_array($app, $apps)) {
|
|
$error = 'app_not_in_array';
|
|
}
|
|
}
|
|
if ($error) {
|
|
error("error[auth][$error]");
|
|
}
|
|
}
|
|
|
|
if ($name != '') {
|
|
$q = sprintf("SELECT A.`db_id`, A.`usr_id`, A.`stream_vod`, A.`file_key`, A.`stream_live` FROM `db_%sfiles` A WHERE
|
|
A.`usr_id`='%s' AND
|
|
A.`stream_key`='%s' AND A.`approved`='1' AND A.`deleted`='0' AND A.`active`='1'
|
|
ORDER BY A.`db_id` DESC
|
|
LIMIT 1;",
|
|
$type, $usr_id, $name);
|
|
|
|
$r = $db->execute($q);
|
|
|
|
if ($db_id = $r->fields["db_id"] and $r->fields["stream_live"] == 1 and ($app == 'live' or $app == 'elive')) {
|
|
$db->execute(sprintf("UPDATE `db_%sfiles` SET `stream_ended`='0', `stream_end`='00:00:00 00:00:00', `stream_key_active`='1', `stream_key_old`='', `file_duration`='1' WHERE `db_id`='%s' LIMIT 1;", $type, $db_id));
|
|
$notify = false;
|
|
} elseif (!$r->fields["db_id"]) {
|
|
error("error[auth][db_id1]");
|
|
}
|
|
}
|
|
|
|
if ($name != '') {
|
|
$q = sprintf("SELECT A.`db_id`, A.`usr_id`, A.`stream_vod`, A.`file_key`, A.`stream_live`, A.`stream_end`, A.`mail_sent` FROM `db_%sfiles` A WHERE
|
|
A.`usr_id`='%s' AND
|
|
A.`stream_key`='%s' AND A.`approved`='1' AND A.`deleted`='0' AND A.`active`='1'
|
|
ORDER BY A.`db_id` DESC
|
|
LIMIT 1;", $type, $usr_id, $name);
|
|
|
|
$r = $db->execute($q);
|
|
|
|
if ($db_id = $r->fields["db_id"]) {
|
|
$svod = $r->fields["stream_vod"];
|
|
$send = $r->fields["stream_end"];
|
|
$mail = $r->fields["mail_sent"];
|
|
|
|
$p = unserialize($class_database->singleFieldValue('db_accountuser', 'usr_perm', 'usr_id', (int) $usr_id));
|
|
|
|
if ($check and $p["perm_upload_l"] == 1) {
|
|
if ($send != '0000-00-00 00:00:00' and strtotime($send) > 0 and (strtotime(date("Y-m-d H:i:s")) - strtotime($send)) > 600) {
|
|
error("error[auth][strtotime]");
|
|
} elseif ($send != '0000-00-00 00:00:00' and strtotime($send) > 0 and (strtotime(date("Y-m-d H:i:s")) - strtotime($send)) < 900) {
|
|
$notify = false;
|
|
}
|
|
if (($app == 'evods' or $app == 'vods' or $app == 'vods1-local' or $app == 'vods2-local') and ($svod == 0 or $p["perm_live_vod"] == 0 or $cfg["live_vod"] == 0)) {
|
|
//error("error[auth][app_vods]");
|
|
|
|
header("HTTP/1.0 404 Not Found");exit;
|
|
}
|
|
|
|
$db->execute(sprintf("UPDATE `db_accountuser` SET `usr_live`='1' WHERE `usr_id`='%s' LIMIT 1;", $usr_id));
|
|
$db->execute(sprintf("UPDATE `db_%sfiles` SET
|
|
`mail_sent`='1', `stream_live`='1', `stream_start`='%s', `stream_ended`='0', `stream_end`='', `stream_key_active`='1', `stream_key_old`='', `file_duration`='1' WHERE
|
|
`db_id`='%s' AND `usr_id`='%s' LIMIT 1;", $type, date("Y-m-d H:i:s"), $db_id, $usr_id));
|
|
|
|
if (!$mail and $db->Affected_Rows() > 0) {
|
|
VUpload::notifySubscribers($usr_id, $type, $r->fields["file_key"], $r->fields["usr_key"]);
|
|
}
|
|
} else {
|
|
error("error[auth][perm_upload_l]");
|
|
}
|
|
} else {
|
|
error("error[auth][db_id2]");
|
|
}
|
|
}
|
|
|
|
function error($type)
|
|
{
|
|
error_log(date("Y-m-d H:i:s") . ": $type\n", 3, LIVE_AUTH_LOG);
|
|
error_log(date("Y-m-d H:i:s") . ": Req: " . VServer::get_ip() . ": " . $_SERVER["REQUEST_URI"] . "\n\n", 3, LIVE_AUTH_LOG);
|
|
|
|
header("HTTP/1.0 404 Not Found");
|
|
exit;
|
|
}
|