0b7e2d0a5b
- Created complete documentation in docs/ directory - Added PROJECT_OVERVIEW.md with feature highlights and getting started guide - Added ARCHITECTURE.md with system design and technical details - Added SECURITY.md with comprehensive security implementation guide - Added DEVELOPMENT.md with development workflows and best practices - Added DEPLOYMENT.md with production deployment instructions - Added API.md with complete REST API documentation - Added CONTRIBUTING.md with contribution guidelines - Added CHANGELOG.md with version history and migration notes - Reorganized all documentation files into docs/ directory for better organization - Updated README.md with proper documentation links and quick navigation - Enhanced project structure with professional documentation standards
171 lines
7.0 KiB
PHP
171 lines
7.0 KiB
PHP
<?php
|
|
/*******************************************************************************************************************
|
|
| Software Name : EasyStream
|
|
| Software Description : High End YouTube Clone Script with Videos, Shorts, Streams, Images, Audio, Documents, Blogs
|
|
| Software Author : (c) Sami Ahmed
|
|
|*******************************************************************************************************************
|
|
|
|
|
|*******************************************************************************************************************
|
|
| This source file is subject to the EasyStream Proprietary License Agreement.
|
|
|
|
|
| By using this software, you acknowledge having read this Agreement and agree to be bound thereby.
|
|
|*******************************************************************************************************************
|
|
| Copyright (c) 2025 Sami Ahmed. All rights reserved.
|
|
|*******************************************************************************************************************/
|
|
define('_ISVALID', true);
|
|
|
|
include_once 'f_core/config.core.php';
|
|
|
|
// Initialize security class
|
|
$security = VSecurity::getInstance();
|
|
|
|
include_once $class_language->setLanguageFile('frontend', 'language.home');
|
|
include_once $class_language->setLanguageFile('frontend', 'language.global');
|
|
include_once $class_language->setLanguageFile('frontend', 'language.files');
|
|
include_once $class_language->setLanguageFile('frontend', 'language.files.menu');
|
|
include_once $class_language->setLanguageFile('frontend', 'language.notifications');
|
|
include_once $class_language->setLanguageFile('frontend', 'language.userpage');
|
|
include_once $class_language->setLanguageFile('frontend', 'language.signup');
|
|
|
|
$error_message = null;
|
|
$cfg = $class_database->getConfigurations('video_uploads,video_player,image_player,audio_player,document_player,public_channels,channel_bulletins,user_subscriptions,paid_memberships,file_counts,file_comments,channel_comments,file_comment_votes,file_responses,file_rating,file_favorites,file_deleting,file_delete_method,file_privacy,file_playlists,file_views,file_history,file_watchlist,file_embedding,file_social_sharing,message_count,server_path_php,thumbs_width,thumbs_height,file_comment_spam');
|
|
|
|
// Secure parameter handling
|
|
$ap = VSecurity::getParam('ap', 'int');
|
|
if ($ap !== null) {
|
|
$_SESSION['ap'] = $ap;
|
|
exit;
|
|
}
|
|
|
|
// Secure parameter handling for m/n
|
|
$m = VSecurity::getParam('m', 'string');
|
|
$n = VSecurity::getParam('n', 'string');
|
|
if ($m !== null || $n !== null) {
|
|
$_SESSION['sbm'] = ($m !== null) ? 1 : 0;
|
|
exit;
|
|
}
|
|
|
|
$home = new VHome;
|
|
$browse = new VBrowse;
|
|
|
|
// Secure parameter handling with validation
|
|
$cfg_param = VSecurity::getParam('cfg', 'alphanum');
|
|
$load_param = VSecurity::getParam('load', 'alphanum');
|
|
$loadall_param = VSecurity::getParam('loadall', 'alphanum');
|
|
$hide_param = VSecurity::getParam('hide', 'alphanum');
|
|
$unhide_param = VSecurity::getParam('unhide', 'alphanum');
|
|
$sub_param = VSecurity::getParam('sub', 'alphanum');
|
|
$categ_param = VSecurity::getParam('categ', 'alphanum');
|
|
$rc_param = VSecurity::getParam('rc', 'alphanum');
|
|
$a_param = VSecurity::getParam('a', 'alphanum');
|
|
$do_param = VSecurity::getParam('do', 'slug');
|
|
|
|
if ($cfg_param !== null) {
|
|
$html = VHome::homeConfig();
|
|
exit;
|
|
} elseif ($load_param !== null) {
|
|
$html = VHome::userNotifications();
|
|
exit;
|
|
} elseif ($loadall_param !== null) {
|
|
$html = VHome::userNotifications(true);
|
|
exit;
|
|
} elseif ($hide_param !== null) {
|
|
$html = VHome::hideNotifications();
|
|
exit;
|
|
} elseif ($unhide_param !== null) {
|
|
$html = VHome::hideNotifications(true);
|
|
exit;
|
|
} elseif ($sub_param !== null) {
|
|
exit;
|
|
} elseif ($categ_param !== null) {
|
|
exit;
|
|
} elseif ($rc_param !== null) {
|
|
exit;
|
|
} elseif ($a_param !== null) {
|
|
// Whitelist allowed actions
|
|
$allowedActions = ['color', 'sub', 'unsub', 'cb-favadd', 'cb-watchadd'];
|
|
|
|
if (in_array($a_param, $allowedActions)) {
|
|
switch ($a_param) {
|
|
case "color":
|
|
$act = VGenerate::doThemeSwitch();
|
|
break;
|
|
case "sub":
|
|
$act = VChannels::chSubscribe();
|
|
break;
|
|
case "unsub":
|
|
$act = VChannels::chSubscribe(1);
|
|
break;
|
|
case "cb-favadd":
|
|
case "cb-watchadd":
|
|
$files = new VFiles;
|
|
$ct = VFiles::doActions($a_param);
|
|
break;
|
|
}
|
|
}
|
|
} elseif ($do_param !== null) {
|
|
// Whitelist allowed do actions
|
|
$allowedDoActions = [
|
|
'sub-option', 'unsub-option', 'sub-continue', 'user-sub', 'user-unsub',
|
|
'act-load', 'vm', 'vm-ch', 'featured-list', 'channel-sort',
|
|
'channel-browse', 'channel-list', 'subscribe', 'user-unsubscribe'
|
|
];
|
|
|
|
if (in_array($do_param, $allowedDoActions)) {
|
|
if (in_array($do_param, ['sub-option', 'unsub-option', 'sub-continue', 'user-sub', 'user-unsub'])) {
|
|
$vview = new VView;
|
|
}
|
|
|
|
switch ($do_param) {
|
|
case "act-load":
|
|
echo $ct = VHome::getActivity();
|
|
break;
|
|
case "vm":
|
|
echo $ct = VHome::viewMode();
|
|
break;
|
|
case "vm-ch":
|
|
echo $ct = VChannels::viewMode(1);
|
|
break;
|
|
case "featured-list":
|
|
case "channel-sort":
|
|
$a_check = VSecurity::getParam('a', 'string', '');
|
|
echo $ct = ($a_check === '') ? VHome::featuredFiles() : null;
|
|
break;
|
|
case "channel-browse":
|
|
case "channel-list":
|
|
$a_check = VSecurity::getParam('a', 'string', '');
|
|
echo $ct = ($a_check === '') ? VHome::listFeaturedChannels() : null;
|
|
break;
|
|
case "subscribe":
|
|
break;
|
|
case "user-unsubscribe":
|
|
// Validate CSRF token for POST actions
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' && VSecurity::validateCSRFFromPost('unsubscribe')) {
|
|
$uf_vuid = VSecurity::postParam('uf_vuid', 'int', 0);
|
|
if ($uf_vuid > 0) {
|
|
echo $do_load = VSubscriber::unsub_request($uf_vuid);
|
|
}
|
|
}
|
|
break;
|
|
case "sub-option":
|
|
echo $do_load = VView::subHtml('', 'home');
|
|
break;
|
|
case "unsub-option":
|
|
echo $do_load = VView::subHtml(1, 'home');
|
|
break;
|
|
case "sub-continue":
|
|
echo $do_load = VView::subContinue('home');
|
|
break;
|
|
case "user-sub":
|
|
case "user-unsub":
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
$smarty->assign('c_section', VHref::getKey("index"));
|
|
// Secure feature parameter check
|
|
$feature_param = VSecurity::getParam('feature', 'alpha');
|
|
$check_rd = ($feature_param === 'channels' && $cfg["public_channels"] == 0) ? $class_redirect->to('', VHref::getKey('index')) : null;
|
|
$page = ($do_param === null && $a_param === null) ? $class_smarty->displayPage('frontend', 'tpl_index', $error_message) : null;
|