SHARE
TWEET

Untitled

a guest Mar 13th, 2019 78 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /**
  3. *
  4. * @ This file is created by http://DeZender.Net
  5. * @ deZender (PHP5 Decoder for ionCube Encoder)
  6. *
  7. * @ Version         :   3.0.8.0
  8. * @ Author          :   DeZender
  9. * @ Release on      :   25.09.2017
  10. * @ Official site   :   http://DeZender.Net
  11. *
  12. */
  13.  
  14. namespace Stalker\Lib\Core;
  15.  
  16. class Stb
  17. {
  18.     public $id = 0;
  19.     public $mac = '';
  20.     public $ip = null;
  21.     public $hd = 0;
  22.     private $user_agent = '';
  23.     private $access_token = null;
  24.     private $is_moderator = null;
  25.     private $params = array(  );
  26.     private $db = null;
  27.     public $lang = null;
  28.     private $locale = null;
  29.     private $country_id = null;
  30.     private $openweathermap_country_id = null;
  31.     public $city_id = null;
  32.     public $openweathermap_city_id = null;
  33.     public $timezone = null;
  34.     public static $server_timezone = null;
  35.     public $timezone_diff = 0;
  36.     private $stb_lang = null;
  37.     public $additional_services_on = 0;
  38.     private static $just_created = false;
  39.     private $valid_hash_version = false;
  40.     private static $allowed_languages = null;
  41.     private static $clock_formats = array(
  42.         '12h',
  43.         '24h'
  44.     );
  45.     private static $instance = null;
  46.  
  47.     /**
  48.          * @static
  49.          * @return Stb
  50.          */
  51.     public static function getInstance()
  52.     {
  53.         if (self::$instance == NULL) {
  54.             self::$instance = new Stb(  );
  55.         }
  56.  
  57.         return self::$instance;
  58.     }
  59.  
  60.     private function __construct()
  61.     {
  62.         $debug_key = $this->getDebugKey(  );
  63.         $this->user_agent = ((empty( $_SERVER['HTTP_USER_AGENT'] ) ? '' : $_SERVER['HTTP_USER_AGENT']));
  64.  
  65.         if (!(empty( $_SERVER['HTTP_X_USER_AGENT'] ))) {
  66.             $this->user_agent .= '; ' . $_SERVER['HTTP_X_USER_AGENT'];
  67.         }
  68.  
  69.         $this->parseAuthorizationHeader(  );
  70.  
  71.         if (!(empty( $debug_key )) && $this->checkDebugKey( $debug_key )) {
  72.             if (!(empty( $_REQUEST['mac'] ))) {
  73.                 $this->mac = @htmlspecialchars( trim( urldecode( $_REQUEST['mac'] ) ) );
  74.             }
  75.             else if (!(empty( $_COOKIE['mac'] ))) {
  76.                 $this->mac = @htmlspecialchars( trim( urldecode( $_COOKIE['mac'] ) ) );
  77.             }
  78.             else {
  79.                 echo 'Identification failed';
  80.                 exit(  );
  81.             }
  82.  
  83.             if (!(empty( $_COOKIE['debug'] )) || !(empty( $_REQUEST['debug'] ))) {
  84.                 Mysql::$debug = true;
  85.             }
  86.         }
  87.         else if (!(empty( $_COOKIE['mac'] )) && empty( $_COOKIE['mac_emu'] )) {
  88.             $this->mac = @htmlspecialchars( trim( urldecode( $_COOKIE['mac'] ) ) );
  89.  
  90.             if (!(empty( $_REQUEST['action'] )) && ($_REQUEST['action'] != 'handshake') && ($_REQUEST['action'] != 'get_profile') && ($_REQUEST['action'] != 'get_localization') && ($_REQUEST['action'] != 'do_auth') && !($this->isValidAccessToken( $this->access_token ))) {
  91.                 error_log( 'STB authorization failed. MAC: ' . $this->mac . ', token: ' . $this->access_token );
  92.                 echo 'Authorization failed.';
  93.                 exit(  );
  94.             }
  95.         }
  96.         else {
  97.             if ((!(empty( $_SERVER['TARGET'] )) && (($_SERVER['TARGET'] == 'API') || ($_SERVER['TARGET'] == 'ADM'))) || (!(empty( $_REQUEST['type'] )) && ($_REQUEST['type'] == 'stb'))) {
  98.             }
  99.             else {
  100.                 $this->mac = '';
  101.                 echo 'Unauthorized request.';
  102.                 exit(  );
  103.             }
  104.         }
  105.  
  106.         $this->mac = strtoupper( $this->mac );
  107.  
  108.         if (!(empty( $_COOKIE['stb_lang'] ))) {
  109.             $this->stb_lang = @trim( urldecode( $_COOKIE['stb_lang'] ) );
  110.         }
  111.  
  112.         if (!(empty( $_COOKIE['timezone'] )) && ($_COOKIE['timezone'] != 'undefined')) {
  113.             $this->timezone = @trim( $_COOKIE['timezone'] );
  114.         }
  115.  
  116.         if (@$_SERVER['HTTP_X_REAL_IP']) {
  117.             $this->ip = @$_SERVER['HTTP_X_REAL_IP'];
  118.         }
  119.         else {
  120.             $this->ip = @$_SERVER['REMOTE_ADDR'];
  121.         }
  122.  
  123.         $this->db = Mysql::getInstance(  );
  124.  
  125.         try {
  126.             $this->getStbParams(  );
  127.         }
  128.         catch (MysqlException $e) {
  129.             echo $e->getMessage(  ) . PHP_EOL;
  130.             return;
  131.         }
  132.  
  133.         if (!(empty( $_COOKIE['mac'] )) && (empty( $this->id ) || ($this->params['status'] == 1) || ($this->params['blocked'] == 1)) && !(empty( $_REQUEST['action'] )) && ($_REQUEST['action'] != 'handshake') && ($_REQUEST['action'] != 'get_profile') && ($_REQUEST['action'] != 'get_localization') && ($_REQUEST['action'] != 'do_auth') && ($_REQUEST['action'] != 'get_events') && ($_REQUEST['action'] != 'get_modules') && ($_REQUEST['action'] != 'get_main_info') && ($_REQUEST['action'] != 'get_payment_info') && ($_REQUEST['action'] != 'get_agreement_info') && ($_REQUEST['action'] != 'get_terms_info')) {
  134.             error_log( 'Access denied to ' . $_REQUEST['type'] . ':' . $_REQUEST['action'] . ' for MAC: ' . $this->mac );
  135.             echo 'Access denied.';
  136.             exit(  );
  137.         }
  138.  
  139.         if (empty( $this->id )) {
  140.             $this->initLocale( $this->stb_lang );
  141.  
  142.             if (!(empty( $_COOKIE['mac'] )) && !(empty( $_REQUEST['action'] )) && ($_REQUEST['action'] != 'handshake') && ($_REQUEST['action'] != 'get_profile') && ($_REQUEST['action'] != 'get_localization') && ($_REQUEST['action'] != 'do_auth') && ($_REQUEST['action'] != 'get_events') && ($_REQUEST['action'] != 'get_main_info') && ($_REQUEST['action'] != 'get_payment_info') && ($_REQUEST['action'] != 'get_agreement_info') && ($_REQUEST['action'] != 'get_terms_info')) {
  143.                 error_log( 'STB not found in the database, authorization failed. MAC: ' . $this->mac . ', token: ' . $this->access_token );
  144.                 echo 'Authorization failed.';
  145.                 exit(  );
  146.             }
  147.         }
  148.     }
  149.  
  150.     private function checkDebugKey($key)
  151.     {
  152.         return (bool) Mysql::getInstance(  )->from( 'administrators' )->where( array(
  153.             'debug_key' => $key,
  154.             'login'     => 'admin'
  155.         ) )->get(  )->first(  );
  156.     }
  157.  
  158.     private function getDebugKey()
  159.     {
  160.         if (!(empty( $_REQUEST['debug_key'] ))) {
  161.             return $_REQUEST['debug_key'];
  162.         }
  163.  
  164.         if (!(empty( $_COOKIE['debug_key'] ))) {
  165.             return $_COOKIE['debug_key'];
  166.         }
  167.  
  168.         return null;
  169.     }
  170.  
  171.     public function setId($id)
  172.     {
  173.         $this->id = (int) $id;
  174.         $this->params['id'] = (int) $id;
  175.     }
  176.  
  177.     public function getTimezone()
  178.     {
  179.         return $this->timezone;
  180.     }
  181.  
  182.     public function getParam($name)
  183.     {
  184.         return $this->params[$name];
  185.     }
  186.  
  187.     public function getUserAgent()
  188.     {
  189.         return $this->user_agent;
  190.     }
  191.  
  192.     public function getStbLanguage()
  193.     {
  194.         return $this->stb_lang;
  195.     }
  196.  
  197.     public function setParam($key, $value)
  198.     {
  199.         if (!(array_key_exists( $key, $this->params ))) {
  200.             return false;
  201.         }
  202.  
  203.         if ($this->params[$key] == $value) {
  204.             return true;
  205.         }
  206.  
  207.         $this->params[$key] = $value;
  208.  
  209.         if (property_exists( $this, $key )) {
  210.             $this->$key = $value;
  211.         }
  212.  
  213.         return Mysql::getInstance(  )->update( 'users', array( $key => $value ), array( 'id' => $this->id ) );
  214.     }
  215.  
  216.     public function getStbParams()
  217.     {
  218.         if (!(empty( $this->mac ))) {
  219.             $user = $this->db->from( 'users' )->where( array( 'mac' => $this->mac ) )->get(  )->first(  );
  220.         }
  221.         else {
  222.             if (User::isInitialized(  ) && User::getInstance(  )->getId(  )) {
  223.                 $user = $this->db->from( 'users' )->where( array( 'id' => (int) User::getInstance(  )->getId(  ) ) )->get(  )->first(  );
  224.             }
  225.         }
  226.  
  227.         if (!(empty( $user ))) {
  228.             $this->params = $user;
  229.             $this->id = $user['id'];
  230.             $this->hd = $user['hd'];
  231.             if (($this->params['hw_version_2'] && (($this->params['hw_version_2'] % 2) == 0)) || ($this->params['hw_version_2'] == '')) {
  232.                 $this->valid_hash_version = true;
  233.             }
  234.  
  235.             $this->locale = ((empty( $user['locale'] ) && Config::exist( 'default_locale' ) ? Config::get( 'default_locale' ) : $user['locale']));
  236.  
  237.             if ((Config::getSafe( 'default_city_id', 0 ) == 0) && ($user['city_id'] == 0)) {
  238.                 $this->city_id = 0;
  239.             }
  240.             else {
  241.                 $this->city_id = ((empty( $user['city_id'] ) && Config::exist( 'default_city_id' ) ? Config::get( 'default_city_id' ) : intval( $user['city_id'] )));
  242.             }
  243.  
  244.             if ((Config::getSafe( 'default_openweathermap_city_id', 0 ) == 0) && ($user['openweathermap_city_id'] == 0)) {
  245.                 $this->openweathermap_city_id = 0;
  246.             }
  247.             else {
  248.                 $this->openweathermap_city_id = ((empty( $user['openweathermap_city_id'] ) && Config::exist( 'default_openweathermap_city_id' ) ? Config::get( 'default_openweathermap_city_id' ) : intval( $user['openweathermap_city_id'] )));
  249.             }
  250.  
  251.             $this->timezone = ((empty( $this->timezone ) && Config::exist( 'default_timezone' ) ? Config::get( 'default_timezone' ) : $this->timezone));
  252.             self::$server_timezone = date_default_timezone_get(  );
  253.             date_default_timezone_set( $this->timezone );
  254.             $date_server = new DateTime(  );
  255.             $date_server->setTimezone( new DateTimeZone( Stb::$server_timezone ) );
  256.             $date_stb = new DateTime(  );
  257.             $date_stb->setTimezone( new DateTimeZone( $this->timezone ) );
  258.             $this->timezone_diff = $date_server->format( 'Z' ) - $date_stb->format( 'Z' );
  259.             $date = new DateTime(  );
  260.             $offset = $date->format( 'e' );
  261.  
  262.             if (!(Mysql::getInstance(  )->set_timezone( $offset ))) {
  263.                 $offset = $date->format( 'P' );
  264.                 Mysql::getInstance(  )->set_timezone( $offset );
  265.             }
  266.  
  267.             $this->additional_services_on = $user['additional_services_on'];
  268.  
  269.             if (!(empty( $user['country'] ))) {
  270.                 $this->user_agent .= '; Country: ' . $user['country'];
  271.             }
  272.  
  273.             if (!(empty( $user['client_type'] ))) {
  274.                 $this->user_agent .= '; ClientType: ' . $user['client_type'];
  275.             }
  276.  
  277.             $this->initLocale( $this->stb_lang );
  278.         }
  279.     }
  280.  
  281.     public function initLocale($lang)
  282.     {
  283.         $stb_lang = $lang;
  284.  
  285.         if (!(empty( $lang )) && (2 <= strlen( $lang ))) {
  286.             $preferred_locales = array_filter( Config::get( 'allowed_locales' ), function($e) use($stb_lang) {
  287.                 return strpos( $e, $stb_lang ) === 0;
  288.             } );
  289.  
  290.             if (!(empty( $preferred_locales ))) {
  291.                 $preferred_locales = array_values( $preferred_locales );
  292.                 $this->locale = $preferred_locales[0];
  293.             }
  294.         }
  295.  
  296.         $this->stb_lang = substr( $this->locale, 0, 2 );
  297.         setlocale( LC_MESSAGES, $this->locale );
  298.         putenv( 'LC_MESSAGES=' . $this->locale );
  299.  
  300.         if (!(function_exists( 'bindtextdomain' ))) {
  301.             throw new ErrorException( 'php-gettext extension not installed.' );
  302.         }
  303.  
  304.         if (!(function_exists( 'locale_accept_from_http' ))) {
  305.             throw new ErrorException( 'php-intl extension not installed.' );
  306.         }
  307.  
  308.         bindtextdomain( 'stb', PROJECT_PATH . '/locale' );
  309.         textdomain( 'stb' );
  310.         bind_textdomain_codeset( 'stb', 'UTF-8' );
  311.     }
  312.  
  313.     public function getStorages()
  314.     {
  315.         $master = new VideoMaster(  );
  316.         return $master->getStoragesForStb(  );
  317.     }
  318.  
  319.     private function isValidAccessToken($access_token, $mac = NULL)
  320.     {
  321.         if (empty( $access_token )) {
  322.             return false;
  323.         }
  324.  
  325.         if (!($mac)) {
  326.             $mac = $this->mac;
  327.         }
  328.  
  329.         $user = Mysql::getInstance(  )->from( 'users' )->where( array( 'mac' => $mac ) )->get(  )->first(  );
  330.  
  331.         if (empty( $user )) {
  332.             return false;
  333.         }
  334.  
  335.         return $user['access_token'] == $access_token;
  336.     }
  337.  
  338.     private function parseAuthorizationHeader()
  339.     {
  340.         if (function_exists( 'getallheaders' )) {
  341.             $headers = getallheaders(  );
  342.         }
  343.         else {
  344.             $headers = $this->getHttpHeaders(  );
  345.         }
  346.  
  347.         if (!($headers)) {
  348.             return;
  349.         }
  350.  
  351.         $auth_header = ((!(empty( $headers['Authorization'] )) ? $headers['Authorization'] : null));
  352.         if ($auth_header && preg_match( '/Bearer\\s+(.*)$/i', $auth_header, $matches )) {
  353.             $this->access_token = trim( $matches[1] );
  354.         }
  355.     }
  356.  
  357.     private function getHttpHeaders()
  358.     {
  359.         $headers = array(  );
  360.  
  361.         foreach ($_SERVER as $name => $value) {
  362.             if (substr( $name, 0, 5 ) == 'HTTP_') {
  363.                 $headers[str_replace( ' ', '-', ucwords( strtolower( str_replace( '_', ' ', substr( $name, 5 ) ) ) ) )] = $value;
  364.             }
  365.         }
  366.  
  367.         return $headers;
  368.     }
  369.  
  370.     public function handshake()
  371.     {
  372.         $debug_key = $this->getDebugKey(  );
  373.         $random = self::getCheck(  );
  374.  
  375.         if (!(empty( $debug_key )) && $this->checkDebugKey( $debug_key )) {
  376.             return array(
  377.                 'token'  => $this->getParam( 'access_token' ),
  378.                 'random' => $random
  379.             );
  380.         }
  381.  
  382.         if (!(empty( $_REQUEST['token'] )) && ($_REQUEST['token'] == $this->getParam( 'access_token' ))) {
  383.             return array(
  384.                 'token'  => $this->getParam( 'access_token' ),
  385.                 'random' => $random
  386.             );
  387.         }
  388.  
  389.         $token = strtoupper( md5( microtime( 1 ) . uniqid(  ) ) );
  390.         return array(
  391.             'token'     => $token,
  392.             'random'    => $random,
  393.             'not_valid' => (Config::exist( 'auth_url' ) && !(empty( $_REQUEST['token'] )) && ($_REQUEST['token'] != $this->getParam( 'access_token' )) ? 1 : 0)
  394.         );
  395.     }
  396.  
  397.     private function passAccessFilter($country, &$model, $mac, $serial_number, $version, $device_id, $signature, &$force_auth)
  398.     {
  399.         $filter_file = PROJECT_PATH . '/access_filter.php';
  400.         $rnd = $this->access_token;
  401.  
  402.         if (is_readable( $filter_file )) {
  403.             return require_once $filter_file;
  404.         }
  405.  
  406.         return true;
  407.     }
  408.  
  409.     public function getProfile($apiv3 = false, $disable_device_id_validation = false)
  410.     {
  411.         $debug_key = $this->getDebugKey(  );
  412.         if (Config::getSafe( 'disable_portal', false ) && (empty( $debug_key ) || !($this->checkDebugKey( $debug_key )))) {
  413.             try {
  414.                 Mysql::getInstance(  )->update( 'users', array( 'access_token' => $this->access_token ), array( 'id' => $this->id ) );
  415.  
  416.                 if (Config::getSafe( 'bind_stb_auth_and_oauth', true )) {
  417.                     $this->resetOauthToken(  );
  418.  
  419.                     /* 可能存在bug 一般代表DEFAULT的结束或者ELSE语句封闭,需要将此后的代码,移到switch 结束括号外面 */
  420. goto label47;
  421.  
  422.                     echo $e->getMessage(  ) . PHP_EOL;
  423.                 }
  424.             }
  425.             catch (MysqlException $e) {
  426.                 echo $e->getMessage(  ) . PHP_EOL;
  427.             }
  428.  
  429. label47:
  430.             return array(
  431.                 'status'          => 1,
  432.                 'msg'             => 'Portal is disabled',
  433.                 'block_msg'       => _( 'The portal is temporarily unavailable.<br>Please try again later.<br>Sorry for the inconvenience.' ),
  434.                 'portal_disabled' => true
  435.             );
  436.         }
  437.  
  438.         if (function_exists( 'geoip_country_code_by_name' )) {
  439.             $country = @geoip_country_code_by_name( $this->ip );
  440.  
  441.             if (!($country)) {
  442.                 error_log( 'geoip_country_code_by_name(): Host ' . $this->ip . ' not found' );
  443.             }
  444.         }
  445.         else {
  446.             $country = '';
  447.         }
  448.  
  449.         $model = ((isset( $_REQUEST['stb_type'] ) ? $_REQUEST['stb_type'] : ''));
  450.         $serial_number = ((isset( $_REQUEST['sn'] ) ? $_REQUEST['sn'] : ''));
  451.         $version = ((isset( $_REQUEST['ver'] ) ? $_REQUEST['ver'] : ''));
  452.         $device_id = ((isset( $_REQUEST['device_id'] ) ? $_REQUEST['device_id'] : ''));
  453.         $device_id2 = ((isset( $_REQUEST['device_id2'] ) ? $_REQUEST['device_id2'] : ''));
  454.         $signature = ((isset( $_REQUEST['signature'] ) ? $_REQUEST['signature'] : ''));
  455.         $client_type = ((isset( $_REQUEST['client_type'] ) ? $_REQUEST['client_type'] : ''));
  456.         $hw_version_2 = ((isset( $_REQUEST['hw_version_2'] ) ? $_REQUEST['hw_version_2'] : ''));
  457.         $metrics = ((isset( $_REQUEST['metrics'] ) ? $_REQUEST['metrics'] : ''));
  458.         $force_auth = null;
  459.         $filter_response = $this->passAccessFilter( $country, $model, $this->mac, $serial_number, $version, $device_id2, $signature, $force_auth );
  460.         $this->params['stb_type'] = $model;
  461.  
  462.         if (is_array( $filter_response )) {
  463.             $filter_result = $filter_response['result'];
  464. .....................................................................
  465. .......................................
  466. .............
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top