setKey(hexToString($_MISC['master-key'])); $crypt=new Crypt_RC4(); //connect2db $_DB = new PDO("mysql:host={$_MYSQL['host']};dbname={$_MYSQL['db_name']}", $_MYSQL['db_user'], $_MYSQL['password'],array(PDO::ATTR_PERSISTENT => true)); $_DB->query("SET CHARACTER SET 'utf8'"); //start user-session session_name($_MISC['cookie-name']); session_set_cookie_params($_MISC['cookie-duration']); //70 days in seconds session_start(); if(!$_SESSION['regdate_first']) $_SESSION['regdate_first']=date('Y-m-d H:i:s'); if(!usession_get('agent_survey')) { updateAndSetUserData(usession_get('email'),array('user_agent'=>$_SERVER['HTTP_USER_AGENT'])); usession_set('agent_survey',true); } /* ACTIONS */ //load auth_modules if($_GET['auth']) { if(is_file("php/auth.{$_GET['auth']}.php")) { require_once "php/auth.{$_GET['auth']}.php"; authentificate(); exit; } exit; } //facebook require_once("php/auth.facebook.php"); //start song session if($_GET['play'] == 'start') { if(!is_session_authentificated()) exit('error: not authentificated'); $song_hash = $master_crypt->decrypt_b64($_SERVER['HTTP_X_PLAYER_DATA']); $song=$_DB->prepare('SELECT * FROM `songs` WHERE `hash` = :hash');$song->execute(array('hash'=>$song_hash)); if($song=$song->fetch()) { if(user_hasSongPlayRights($song)<1) exit('error: you are not allowed to play this song'); $start_key=md5(generate_key()).md5(generate_key()); $start_hash=md5(generate_key()); $session_key=song_hash($song['mp3name'].rand(), $song['titile'].rand(), $song['length'].rand()); $hash_counter=rand(10000000,999999999); //create song_session $query=$_DB->prepare('INSERT INTO `song_sessions` (email, song_id, hash_time, play_time, current_hash, scrobbel, hash_counter, current_key, session_key, transfered, user_agent) VALUES (:email, :song_id, :hash_time, :play_time, :current_hash, :scrobbel, :hash_counter, :current_key, :session_key, :transfered,:user_agent)'); $query->execute(array( 'email'=>usession_get('email') , 'song_id'=>$song['song_id'], 'hash_time'=>time(), 'play_time'=>date('Y-m-d H:i:s'), 'transfered'=>0, 'current_hash'=>$start_hash, 'scrobbel'=>0, 'user_agent'=>$_SERVER['HTTP_USER_AGENT'], 'hash_counter'=>$hash_counter, 'current_key'=>$start_key, 'session_key'=> $session_key)); //~ print_r($query->errorInfo()); $message = json_encode(array('start_hash'=>$start_hash, 'start_key'=>$start_key, 'song_scrobbel'=>intval($song['length']*$_MISC['scrobbelAt']*1000),'session_key'=> $session_key,'hash_counter'=>$hash_counter,'hash_update_time'=>($_MISC['hash-validity-duration']/2)*1000));//,JSON_HEX_TAG|JSON_HEX_APOS|JSON_HEX_QUOT|JSON_HEX_AMP); logi(intval($song['length']*$_MISC['scrobbelAt']*1000)); echo $master_crypt->encrypt_b64($message); } exit; } if($_GET['play'] == 'stream') { $session_key = $master_crypt->decrypt_b64($_SERVER['HTTP_X_PLAYER_SESSION']); $songsession=$_DB->prepare('SELECT * FROM `song_sessions` WHERE `session_key` = :key AND `email` = :email');$songsession->execute(array('key'=>$session_key,'email'=>usession_get('email'))); if($songsession=$songsession->fetch()) { $userInfo=get_userInfo(); $crypt->setKey(hexToString($songsession['current_key'])); $song=$_DB->prepare('SELECT * FROM `songs` WHERE `song_id` = :sid AND hash = :hash');$song->execute(array('sid'=>$songsession['song_id'], 'hash'=>$crypt->decrypt_b64($_SERVER['HTTP_X_PLAYER_DATA']))); if($song=$song->fetch()) { $interval=0.2; //every 0.2s, data is flushed $hash_interval=$_MISC['hash-validity-duration']; //every max s, the hash has to be renewed $filename="media/".$song['mp3name']; $filesize=filesize($filename); logi("Streaming {$song['mp3name']} to ".usession_get('email')); header("Content-Type: audio/x-mp3"); header("Content-Length: " .(string)$filesize ); header("Cache-Control: no-cache"); $fp=fopen($filename, "rb"); $firstpart=200*1024;//flush first 100Kb echo fread($fp, $firstpart); ob_flush(); $step=intval((($filesize-$firstpart)/(intval($song['length'])*(1/$interval)))*1.3); //step for further flushes per 0.x seconds $email=usession_get('email'); //close session to allow auth-procedure to access it session_write_close(); //~ for($t=0;($t*$step)+$firstpart<$filesize;$t=$t+$interval) { while($chunk=fread($fp, $step)) { //~ print(fread($fp, $step)); ob_flush(); //flush stepkb print($chunk); ob_flush(); usleep($interval*1000000); //sleep during intervall if(fmod($t, 2) == 0 ) { //check if hash is still valid every 2 seconds $songsession=$_DB->prepare('SELECT * FROM `song_sessions` WHERE `session_key` = :key AND `email` = :email');$songsession->execute(array('key'=>$session_key,'email'=>$email)); $songsession=$songsession->fetch(); if(intval($songsession['hash_time']) <= time()-$_MISC['hash-validity-duration']) { logi("Stream {$song['mp3name']} to ".usession_get('email')." is not valid anymore."); exit('error: stream not valid anymore'); } } } logi("finished streaming {$song['mp3name']} to ".usession_get('email')); //set stream to finished (transfer) $query=$_DB->prepare('UPDATE `song_sessions` SET `transfered` = 1 WHERE `session_key` = :key AND `email` = :email');$query->execute(array('key'=>$session_key,'email'=>$email)); } } exit; } if($_GET['play'] == 'auth') { $session_key = $master_crypt->decrypt_b64($_SERVER['HTTP_X_PLAYER_SESSION']); $songsession=$_DB->prepare('SELECT * FROM `song_sessions` WHERE `session_key` = :key AND `email` = :email');$songsession->execute(array('key'=>$session_key,'email'=>usession_get('email'))); if($songsession=$songsession->fetch()) { if($songsession['transfered']==1) exit('finished'); if(intval($songsession['hash_time']) <= time()-$_MISC['hash-validity-duration']) exit("error: stream not valid anymore"); //calc new keys&hashes $songsession[' '] //~ $new_hash_counter=intval(($songsession['hash_counter']+($songsession['hash_counter']*(($songsession['hash_counter']/($songsession['hash_counter']-($songsession['hash_counter']*0.01)))*($songsession['hash_counter']/($songsession['hash_counter']-($songsession['hash_counter']*0.01))))))/2); $new_hash_counter=intval($songsession['hash_counter']/2); $new_current_key=md5($songsession['hash_counter'].$songsession['current_key']).md5($new_hash_counter.md5($songsession['hash_counter'].$songsession['current_key'])); $new_current_hash=md5(md5($songsession['current_hash'].$new_current_key).md5($new_hash_counter)).md5($new_hash_counter.$songsession['hash_counter'].$new_current_key); //~ echo "nhc: $new_hash_counter\nnck: $new_current_key\nnh: $new_current_hash"; //~ echo "\n\na: ",$new_hash_counter.$songsession['hash_counter'].$new_current_key,"\n"; //now decrypt&check $crypt->setKey(hexToString($new_current_key)); if($new_current_hash==$crypt->decrypt_b64($_SERVER['HTTP_X_PLAYER_DATA'])) { $query=$_DB->prepare('UPDATE `song_sessions` SET `hash_time` = :hash_time , `current_hash` = :current_hash , `hash_counter` = :hash_counter , `current_key` = :current_key WHERE `session_key` = :session_key AND `email` = :email');$query->execute(array( 'session_key'=>$session_key, 'email'=>usession_get('email'), 'hash_time'=>time(), 'current_hash'=>$new_current_hash, 'hash_counter'=>$new_hash_counter, 'current_key'=>$new_current_key)); logi(var_export($query->errorInfo(),true)); exit('success'); } else exit("error:2\n"); //~ } else exit("error:2\nnhc: $new_hash_counter\nnck: $new_current_key\nnch: $new_current_hash\n\ndecrypt: ".($crypt->decrypt_b64($_SERVER['HTTP_X_PLAYER_DATA']))); } else exit('error:1'); exit; } if($_GET['play'] == 'scrobbel') { $session_key = $master_crypt->decrypt_b64($_SERVER['HTTP_X_PLAYER_SESSION']); $songsession=$_DB->prepare('SELECT * FROM `song_sessions` WHERE `session_key` = :key AND `email` = :email');$songsession->execute(array('key'=>$session_key,'email'=>usession_get('email'))); if($songsession=$songsession->fetch()) { $query=$_DB->prepare('UPDATE `song_sessions` SET `scrobbel` =1 WHERE `session_key` = :session_key AND `email` = :email');$query->execute(array( 'session_key'=>$session_key, 'email'=>usession_get('email'))); } } /*AJAX-API*/ if($_GET['js'] and $_POST['param']) $_js_param=json_decode($_POST['param'],true); if($_GET['js']=='get_songs') { $userInfo=get_userInfo(); foreach($_DB->query('SELECT * FROM `songs` ORDER BY `treshold` ASC')->fetchAll() as $song) { $songlist[]=array('title'=>$song['title'], 'hash'=>$song['hash'], 'length'=>$song['length'],'hasRights'=>user_hasSongPlayRights($song,$userInfo)); } $task=array("todo"=>"updateTrackList","param"=>$songlist); echo json_encode($task, JSON_HEX_TAG|JSON_HEX_APOS|JSON_HEX_QUOT|JSON_HEX_AMP); exit; } if($_GET['js']=='prepareSong') { $song = get_songFromHash($_js_param['hash']); switch(user_hasSongPlayRights($song)) { case 1: $g=array("booklet","livepics"); $num=rand(0,count($g)-1); $url='js/slideshow/getimages/'.$g[$num]; $task = array( array('todo'=>'playSong','param'=>array('hash'=>$_js_param['hash'])), array('todo'=>'showSlideshow','param'=>array('url'=>$url,'object'=>'cover-slideshow')), array('todo'=>'slideto','param'=>array('slideid'=>$num+1)) ); break; case 0: $task = array('todo'=>'showBox','param'=>array('url'=>'/box/pleaseauth')); break; case -1: $task = array('todo'=>'showBox','param'=>array('url'=>'/box/spreadtheword')); break; } echo json_encode($task, JSON_HEX_TAG|JSON_HEX_APOS|JSON_HEX_QUOT|JSON_HEX_AMP); exit; } if($_GET['js']=='slideshow') { echo json_encode(glob("images/slideshow/{$_GET['getimages']}/*.jpg"));; exit; } if($_GET['js']=='theunknownnotreproducablebaderrororccured_sadbuttrue') { $_DB->prepare("INSERT INTO `DONT PANIC`(`time`,`user_agent`,`email`) VALUES(:time,:user_agent,:email)")->execute(array("time"=>date('Y-m-d H:i:s'),"user_agent"=>$_SERVER['HTTP_USER_AGENT'], "email"=>usession_get("email"))); exit; } if($_GET['js']=='installcount') { $installs=number_of_user_installs(); $task=array('todo'=>'updateInstallCount','param'=>array('installs'=>$installs,'songs'=>number_of_songs_available($installs),'left'=>next_level($installs)-$installs,'songname'=>next_song($installs))); echo json_encode($task, JSON_HEX_TAG|JSON_HEX_APOS|JSON_HEX_QUOT|JSON_HEX_AMP); exit; } if($_GET['box']) { if(is_file("templates/box/{$_GET['box']}.php")) { include "templates/box/{$_GET['box']}.php"; exit; } exit; }; /*MAIN*/ //check authentification //~ if(!is_session_authentificated()){ //~ if(!usession_get('auth_mode')) { //~ $_AUTH_MODE = get_auth_mode(); //~ usession_set('auth_mode', $_AUTH_MODE); //~ } //~ header('Location: /auth/'.usession_get('auth_mode')); //~ exit; //~ } //show site include "templates/header.php"; //APC TEST /* if(!apc_exists('testkey')) { $var="Hello World!"; apc_add('testkey', $var); echo 'saved testkey in apc-cache'; } $text=apc_fetch('testkey'); echo "$text
"; */ /* echo "You are authentificated as ", usession_get('email'),'
'; echo "avaible songs:
"; */ ?>