<?php/**** @ This file is created by http://DeZender.Net* @ deZender (PH

1. <?php
2. /**
3. *
4. * @ This file is created by http://DeZender.Net
5. * @ deZender (PHP5 Decoder for ionCube Encoder)
6. *
7. * @ Version : 3.0.8.0
8. * @ Author : DeZender
9. * @ Release on : 25.09.2017
10. * @ Official site : http://DeZender.Net
11. *
12. */
13.  
14. namespace Stalker\Lib\Core;
15.  
16. class Stb
17. {
18. public $id = 0;
19. public $mac = '';
20. public $ip = null;
21. public $hd = 0;
22. private $user_agent = '';
23. private $access_token = null;
24. private $is_moderator = null;
25. private $params = array( );
26. private $db = null;
27. public $lang = null;
28. private $locale = null;
29. private $country_id = null;
30. private $openweathermap_country_id = null;
31. public $city_id = null;
32. public $openweathermap_city_id = null;
33. public $timezone = null;
34. public static $server_timezone = null;
35. public $timezone_diff = 0;
36. private $stb_lang = null;
37. public $additional_services_on = 0;
38. private static $just_created = false;
39. private $valid_hash_version = false;
40. private static $allowed_languages = null;
41. private static $clock_formats = array(
42. '12h',
43. '24h'
44. );
45. private static $instance = null;
46.  
47. /**
48. * @static
49. * @return Stb
50. */
51. public static function getInstance()
52. {
53. if (self::$instance == NULL) {
54. self::$instance = new Stb( );
55. }
56.  
57. return self::$instance;
58. }
59.  
60. private function __construct()
61. {
62. $debug_key = $this->getDebugKey( );
63. $this->user_agent = ((empty( $_SERVER['HTTP_USER_AGENT'] ) ? '' : $_SERVER['HTTP_USER_AGENT']));
64.  
65. if (!(empty( $_SERVER['HTTP_X_USER_AGENT'] ))) {
66. $this->user_agent .= '; ' . $_SERVER['HTTP_X_USER_AGENT'];
67. }
68.  
69. $this->parseAuthorizationHeader( );
70.  
71. if (!(empty( $debug_key )) && $this->checkDebugKey( $debug_key )) {
72. if (!(empty( $_REQUEST['mac'] ))) {
73. $this->mac = @htmlspecialchars( trim( urldecode( $_REQUEST['mac'] ) ) );
74. }
75. else if (!(empty( $_COOKIE['mac'] ))) {
76. $this->mac = @htmlspecialchars( trim( urldecode( $_COOKIE['mac'] ) ) );
77. }
78. else {
79. echo 'Identification failed';
80. exit( );
81. }
82.  
83. if (!(empty( $_COOKIE['debug'] )) || !(empty( $_REQUEST['debug'] ))) {
84. Mysql::$debug = true;
85. }
86. }
87. else if (!(empty( $_COOKIE['mac'] )) && empty( $_COOKIE['mac_emu'] )) {
88. $this->mac = @htmlspecialchars( trim( urldecode( $_COOKIE['mac'] ) ) );
89.  
90. if (!(empty( $_REQUEST['action'] )) && ($_REQUEST['action'] != 'handshake') && ($_REQUEST['action'] != 'get_profile') && ($_REQUEST['action'] != 'get_localization') && ($_REQUEST['action'] != 'do_auth') && !($this->isValidAccessToken( $this->access_token ))) {
91. error_log( 'STB authorization failed. MAC: ' . $this->mac . ', token: ' . $this->access_token );
92. echo 'Authorization failed.';
93. exit( );
94. }
95. }
96. else {
97. if ((!(empty( $_SERVER['TARGET'] )) && (($_SERVER['TARGET'] == 'API') || ($_SERVER['TARGET'] == 'ADM'))) || (!(empty( $_REQUEST['type'] )) && ($_REQUEST['type'] == 'stb'))) {
98. }
99. else {
100. $this->mac = '';
101. echo 'Unauthorized request.';
102. exit( );
103. }
104. }
105.  
106. $this->mac = strtoupper( $this->mac );
107.  
108. if (!(empty( $_COOKIE['stb_lang'] ))) {
109. $this->stb_lang = @trim( urldecode( $_COOKIE['stb_lang'] ) );
110. }
111.  
112. if (!(empty( $_COOKIE['timezone'] )) && ($_COOKIE['timezone'] != 'undefined')) {
113. $this->timezone = @trim( $_COOKIE['timezone'] );
114. }
115.  
116. if (@$_SERVER['HTTP_X_REAL_IP']) {
117. $this->ip = @$_SERVER['HTTP_X_REAL_IP'];
118. }
119. else {
120. $this->ip = @$_SERVER['REMOTE_ADDR'];
121. }
122.  
123. $this->db = Mysql::getInstance( );
124.  
125. try {
126. $this->getStbParams( );
127. }
128. catch (MysqlException $e) {
129. echo $e->getMessage( ) . PHP_EOL;
130. return;
131. }
132.  
133. if (!(empty( $_COOKIE['mac'] )) && (empty( $this->id ) || ($this->params['status'] == 1) || ($this->params['blocked'] == 1)) && !(empty( $_REQUEST['action'] )) && ($_REQUEST['action'] != 'handshake') && ($_REQUEST['action'] != 'get_profile') && ($_REQUEST['action'] != 'get_localization') && ($_REQUEST['action'] != 'do_auth') && ($_REQUEST['action'] != 'get_events') && ($_REQUEST['action'] != 'get_modules') && ($_REQUEST['action'] != 'get_main_info') && ($_REQUEST['action'] != 'get_payment_info') && ($_REQUEST['action'] != 'get_agreement_info') && ($_REQUEST['action'] != 'get_terms_info')) {
134. error_log( 'Access denied to ' . $_REQUEST['type'] . ':' . $_REQUEST['action'] . ' for MAC: ' . $this->mac );
135. echo 'Access denied.';
136. exit( );
137. }
138.  
139. if (empty( $this->id )) {
140. $this->initLocale( $this->stb_lang );
141.  
142. if (!(empty( $_COOKIE['mac'] )) && !(empty( $_REQUEST['action'] )) && ($_REQUEST['action'] != 'handshake') && ($_REQUEST['action'] != 'get_profile') && ($_REQUEST['action'] != 'get_localization') && ($_REQUEST['action'] != 'do_auth') && ($_REQUEST['action'] != 'get_events') && ($_REQUEST['action'] != 'get_main_info') && ($_REQUEST['action'] != 'get_payment_info') && ($_REQUEST['action'] != 'get_agreement_info') && ($_REQUEST['action'] != 'get_terms_info')) {
143. error_log( 'STB not found in the database, authorization failed. MAC: ' . $this->mac . ', token: ' . $this->access_token );
144. echo 'Authorization failed.';
145. exit( );
146. }
147. }
148. }
149.  
150. private function checkDebugKey($key)
151. {
152. return (bool) Mysql::getInstance( )->from( 'administrators' )->where( array(
153. 'debug_key' => $key,
154. 'login' => 'admin'
155. ) )->get( )->first( );
156. }
157.  
158. private function getDebugKey()
159. {
160. if (!(empty( $_REQUEST['debug_key'] ))) {
161. return $_REQUEST['debug_key'];
162. }
163.  
164. if (!(empty( $_COOKIE['debug_key'] ))) {
165. return $_COOKIE['debug_key'];
166. }
167.  
168. return null;
169. }
170.  
171. public function setId($id)
172. {
173. $this->id = (int) $id;
174. $this->params['id'] = (int) $id;
175. }
176.  
177. public function getTimezone()
178. {
179. return $this->timezone;
180. }
181.  
182. public function getParam($name)
183. {
184. return $this->params[$name];
185. }
186.  
187. public function getUserAgent()
188. {
189. return $this->user_agent;
190. }
191.  
192. public function getStbLanguage()
193. {
194. return $this->stb_lang;
195. }
196.  
197. public function setParam($key, $value)
198. {
199. if (!(array_key_exists( $key, $this->params ))) {
200. return false;
201. }
202.  
203. if ($this->params[$key] == $value) {
204. return true;
205. }
206.  
207. $this->params[$key] = $value;
208.  
209. if (property_exists( $this, $key )) {
210. $this->$key = $value;
211. }
212.  
213. return Mysql::getInstance( )->update( 'users', array( $key => $value ), array( 'id' => $this->id ) );
214. }
215.  
216. public function getStbParams()
217. {
218. if (!(empty( $this->mac ))) {
219. $user = $this->db->from( 'users' )->where( array( 'mac' => $this->mac ) )->get( )->first( );
220. }
221. else {
222. if (User::isInitialized( ) && User::getInstance( )->getId( )) {
223. $user = $this->db->from( 'users' )->where( array( 'id' => (int) User::getInstance( )->getId( ) ) )->get( )->first( );
224. }
225. }
226.  
227. if (!(empty( $user ))) {
228. $this->params = $user;
229. $this->id = $user['id'];
230. $this->hd = $user['hd'];
231. if (($this->params['hw_version_2'] && (($this->params['hw_version_2'] % 2) == 0)) || ($this->params['hw_version_2'] == '')) {
232. $this->valid_hash_version = true;
233. }
234.  
235. $this->locale = ((empty( $user['locale'] ) && Config::exist( 'default_locale' ) ? Config::get( 'default_locale' ) : $user['locale']));
236.  
237. if ((Config::getSafe( 'default_city_id', 0 ) == 0) && ($user['city_id'] == 0)) {
238. $this->city_id = 0;
239. }
240. else {
241. $this->city_id = ((empty( $user['city_id'] ) && Config::exist( 'default_city_id' ) ? Config::get( 'default_city_id' ) : intval( $user['city_id'] )));
242. }
243.  
244. if ((Config::getSafe( 'default_openweathermap_city_id', 0 ) == 0) && ($user['openweathermap_city_id'] == 0)) {
245. $this->openweathermap_city_id = 0;
246. }
247. else {
248. $this->openweathermap_city_id = ((empty( $user['openweathermap_city_id'] ) && Config::exist( 'default_openweathermap_city_id' ) ? Config::get( 'default_openweathermap_city_id' ) : intval( $user['openweathermap_city_id'] )));
249. }
250.  
251. $this->timezone = ((empty( $this->timezone ) && Config::exist( 'default_timezone' ) ? Config::get( 'default_timezone' ) : $this->timezone));
252. self::$server_timezone = date_default_timezone_get( );
253. date_default_timezone_set( $this->timezone );
254. $date_server = new DateTime( );
255. $date_server->setTimezone( new DateTimeZone( Stb::$server_timezone ) );
256. $date_stb = new DateTime( );
257. $date_stb->setTimezone( new DateTimeZone( $this->timezone ) );
258. $this->timezone_diff = $date_server->format( 'Z' ) - $date_stb->format( 'Z' );
259. $date = new DateTime( );
260. $offset = $date->format( 'e' );
261.  
262. if (!(Mysql::getInstance( )->set_timezone( $offset ))) {
263. $offset = $date->format( 'P' );
264. Mysql::getInstance( )->set_timezone( $offset );
265. }
266.  
267. $this->additional_services_on = $user['additional_services_on'];
268.  
269. if (!(empty( $user['country'] ))) {
270. $this->user_agent .= '; Country: ' . $user['country'];
271. }
272.  
273. if (!(empty( $user['client_type'] ))) {
274. $this->user_agent .= '; ClientType: ' . $user['client_type'];
275. }
276.  
277. $this->initLocale( $this->stb_lang );
278. }
279. }
280.  
281. public function initLocale($lang)
282. {
283. $stb_lang = $lang;
284.  
285. if (!(empty( $lang )) && (2 <= strlen( $lang ))) {
286. $preferred_locales = array_filter( Config::get( 'allowed_locales' ), function($e) use($stb_lang) {
287. return strpos( $e, $stb_lang ) === 0;
288. } );
289.  
290. if (!(empty( $preferred_locales ))) {
291. $preferred_locales = array_values( $preferred_locales );
292. $this->locale = $preferred_locales[0];
293. }
294. }
295.  
296. $this->stb_lang = substr( $this->locale, 0, 2 );
297. setlocale( LC_MESSAGES, $this->locale );
298. putenv( 'LC_MESSAGES=' . $this->locale );
299.  
300. if (!(function_exists( 'bindtextdomain' ))) {
301. throw new ErrorException( 'php-gettext extension not installed.' );
302. }
303.  
304. if (!(function_exists( 'locale_accept_from_http' ))) {
305. throw new ErrorException( 'php-intl extension not installed.' );
306. }
307.  
308. bindtextdomain( 'stb', PROJECT_PATH . '/locale' );
309. textdomain( 'stb' );
310. bind_textdomain_codeset( 'stb', 'UTF-8' );
311. }
312.  
313. public function getStorages()
314. {
315. $master = new VideoMaster( );
316. return $master->getStoragesForStb( );
317. }
318.  
319. private function isValidAccessToken($access_token, $mac = NULL)
320. {
321. if (empty( $access_token )) {
322. return false;
323. }
324.  
325. if (!($mac)) {
326. $mac = $this->mac;
327. }
328.  
329. $user = Mysql::getInstance( )->from( 'users' )->where( array( 'mac' => $mac ) )->get( )->first( );
330.  
331. if (empty( $user )) {
332. return false;
333. }
334.  
335. return $user['access_token'] == $access_token;
336. }
337.  
338. private function parseAuthorizationHeader()
339. {
340. if (function_exists( 'getallheaders' )) {
341. $headers = getallheaders( );
342. }
343. else {
344. $headers = $this->getHttpHeaders( );
345. }
346.  
347. if (!($headers)) {
348. return;
349. }
350.  
351. $auth_header = ((!(empty( $headers['Authorization'] )) ? $headers['Authorization'] : null));
352. if ($auth_header && preg_match( '/Bearer\\s+(.*)$/i', $auth_header, $matches )) {
353. $this->access_token = trim( $matches[1] );
354. }
355. }
356.  
357. private function getHttpHeaders()
358. {
359. $headers = array( );
360.  
361. foreach ($_SERVER as $name => $value) {
362. if (substr( $name, 0, 5 ) == 'HTTP_') {
363. $headers[str_replace( ' ', '-', ucwords( strtolower( str_replace( '_', ' ', substr( $name, 5 ) ) ) ) )] = $value;
364. }
365. }
366.  
367. return $headers;
368. }
369.  
370. public function handshake()
371. {
372. $debug_key = $this->getDebugKey( );
373. $random = self::getCheck( );
374.  
375. if (!(empty( $debug_key )) && $this->checkDebugKey( $debug_key )) {
376. return array(
377. 'token' => $this->getParam( 'access_token' ),
378. 'random' => $random
379. );
380. }
381.  
382. if (!(empty( $_REQUEST['token'] )) && ($_REQUEST['token'] == $this->getParam( 'access_token' ))) {
383. return array(
384. 'token' => $this->getParam( 'access_token' ),
385. 'random' => $random
386. );
387. }
388.  
389. $token = strtoupper( md5( microtime( 1 ) . uniqid( ) ) );
390. return array(
391. 'token' => $token,
392. 'random' => $random,
393. 'not_valid' => (Config::exist( 'auth_url' ) && !(empty( $_REQUEST['token'] )) && ($_REQUEST['token'] != $this->getParam( 'access_token' )) ? 1 : 0)
394. );
395. }
396.  
397. private function passAccessFilter($country, &$model, $mac, $serial_number, $version, $device_id, $signature, &$force_auth)
398. {
399. $filter_file = PROJECT_PATH . '/access_filter.php';
400. $rnd = $this->access_token;
401.  
402. if (is_readable( $filter_file )) {
403. return require_once $filter_file;
404. }
405.  
406. return true;
407. }
408.  
409. public function getProfile($apiv3 = false, $disable_device_id_validation = false)
410. {
411. $debug_key = $this->getDebugKey( );
412. if (Config::getSafe( 'disable_portal', false ) && (empty( $debug_key ) || !($this->checkDebugKey( $debug_key )))) {
413. try {
414. Mysql::getInstance( )->update( 'users', array( 'access_token' => $this->access_token ), array( 'id' => $this->id ) );
415.  
416. if (Config::getSafe( 'bind_stb_auth_and_oauth', true )) {
417. $this->resetOauthToken( );
418.  
419. /* 可能存在bug 一般代表DEFAULT的结束或者ELSE语句封闭,需要将此后的代码,移到switch 结束括号外面 */
420. goto label47;
421.  
422. echo $e->getMessage( ) . PHP_EOL;
423. }
424. }
425. catch (MysqlException $e) {
426. echo $e->getMessage( ) . PHP_EOL;
427. }
428.  
429. label47:
430. return array(
431. 'status' => 1,
432. 'msg' => 'Portal is disabled',
433. 'block_msg' => _( 'The portal is temporarily unavailable.<br>Please try again later.<br>Sorry for the inconvenience.' ),
434. 'portal_disabled' => true
435. );
436. }
437.  
438. if (function_exists( 'geoip_country_code_by_name' )) {
439. $country = @geoip_country_code_by_name( $this->ip );
440.  
441. if (!($country)) {
442. error_log( 'geoip_country_code_by_name(): Host ' . $this->ip . ' not found' );
443. }
444. }
445. else {
446. $country = '';
447. }
448.  
449. $model = ((isset( $_REQUEST['stb_type'] ) ? $_REQUEST['stb_type'] : ''));
450. $serial_number = ((isset( $_REQUEST['sn'] ) ? $_REQUEST['sn'] : ''));
451. $version = ((isset( $_REQUEST['ver'] ) ? $_REQUEST['ver'] : ''));
452. $device_id = ((isset( $_REQUEST['device_id'] ) ? $_REQUEST['device_id'] : ''));
453. $device_id2 = ((isset( $_REQUEST['device_id2'] ) ? $_REQUEST['device_id2'] : ''));
454. $signature = ((isset( $_REQUEST['signature'] ) ? $_REQUEST['signature'] : ''));
455. $client_type = ((isset( $_REQUEST['client_type'] ) ? $_REQUEST['client_type'] : ''));
456. $hw_version_2 = ((isset( $_REQUEST['hw_version_2'] ) ? $_REQUEST['hw_version_2'] : ''));
457. $metrics = ((isset( $_REQUEST['metrics'] ) ? $_REQUEST['metrics'] : ''));
458. $force_auth = null;
459. $filter_response = $this->passAccessFilter( $country, $model, $this->mac, $serial_number, $version, $device_id2, $signature, $force_auth );
460. $this->params['stb_type'] = $model;
461.  
462. if (is_array( $filter_response )) {
463. $filter_result = $filter_response['result'];
464. .....................................................................
465. .......................................
466. .............