/dev/null#m",
"$interval * * * * $root/../bin/refresh_youtube.pl &2> /dev/null", $crontab);
} else {
$crontab .= "$interval * * * * $root/../bin/refresh_youtube.pl &2> /dev/null\n";
}
file_put_contents("$root/.crontab.tmp", $crontab);
error(shell_exec(escapeshellcmd("/usr/bin/crontab $root/.crontab.tmp")));
error(shell_exec(escapeshellcmd("/bin/rm $root/.crontab.tmp")));
}
# Refresh feeds
function refresh()
{
global $root;
return shell_exec(escapeshellcmd("$root/../bin/refresh_youtube.pl"));
}
# Fix quotes for SQL input
# Convert ip4 to a long int for comparison in permissions
function ip4_2_long($ip)
{
$ips = preg_split('/\./',$ip);
return($ips[3] | $ips[2] << 8 | $ips[1] << 16 | $ips[0] << 24);
}
# Convert ip6 to a long int for comparison in permissions
function ip6_2_long($ip)
{
if (!function_exists('gmp_init') && !function_exists('bcadd')) {
error('
403: Permission Denied
Requires either GMP or BCMATH extension
');
}
$ip_n = inet_pton($ip);
$bin = '';
for ($bit = strlen($ip_n) - 1; $bit >= 0; $bit--) {
$bin = sprintf('%08b', ord($ip_n[$bit])) . $bin;
}
if (function_exists('gmp_init')) {
return gmp_strval(gmp_init($bin, 2), 10);
} elseif (function_exists('bcadd')) {
$dec = '0';
for ($i = 0; $i < strlen($bin); $i++) {
$dec = bcmul($dec, '2', 0);
$dec = bcadd($dec, $bin[$i], 0);
}
return $dec;
} else {
exit();
trigger_error('GMP or BCMATH extension not installed!', E_USER_ERROR);
}
}
# Check if given IP is in a ip4 CIDR range
function in_range4($allowed,$cidr,$ip)
{
if ( ( ( ip4_2_long($ip) >= ip4_2_long($allowed) ) && ( ip4_2_long($ip) <= (ip4_2_long($allowed)+2**(32-$cidr)) ) ) || ($ip == $_SERVER['SERVER_ADDR'])) {
return 1;
} else {
return 0;
}
}
# Check if write is outside of read range
function write_outside_read4($read4ip,$read4cidr,$write4ip,$write4cidr) {
$readtop = ip4_2_long($read4ip)+2**(32-$read4cidr);
$writetop = ip4_2_long($write4ip)+2**(32-$write4cidr);
if (!in_range4($read4ip,$read4cidr,$write4ip) || ($writetop > $readtop)) {
error("
write range ($write4ip/$write4cidr) must be contained within read range ($read4ip/$read4cidr)
");
return 1;
}
return 0;
}
# Check if given IP is in a ip6 CIDR range
function in_range6($allowed,$cidr,$ip)
{
if ( ( ( ip6_2_long($ip) >= ip6_2_long($allowed) ) && ( ip6_2_long($ip) <= (ip6_2_long($allowed)+2**(32-$cidr)) ) ) || ($ip == $_SERVER['SERVER_ADDR'])) {
return 1;
} else {
return 0;
}
}
# Strip argument key and value from current target URL and return valid updated URL
function remove_arg($target,$arg)
{
global $debug_text;
if (preg_match("/\?$arg/",$target)) {
# First argument, leave ? and remove trailing & if it exists
$target = preg_replace("/$arg=[^&]*&?/",'',$target);
if (preg_match("/\?$/",$target)) {
$target = rtrim($target,"?");
}
} else {
# Secondary argument, remove leading &
$target = preg_replace("/&$arg=[^&]*/",'',$target);
}
$debug_text .= "
Just removed $arg
Target is now: $target
";
return $target;
}
# Return whether the client IP is ip4 or ip6
function ip_version($ip)
{
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
return 4;
} elseif (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
return 6;
} else {
return 0;
}
}
# Return read and write permissions given client IP and preferences
function get_permissions($settings)
{
$permissions = array();
if ($settings['ipv'] == 4) {
$permissions['rip'] = preg_replace("/([\d\.]+)\/\d+/","$1",$settings['read4']);
$permissions['wip'] = preg_replace("/([\d\.]+)\/\d+/","$1",$settings['write4']);
$permissions['rcidr'] = preg_replace("/[\d\.]+\/(\d+)/","$1",$settings['read4']);
$permissions['wcidr'] = preg_replace("/[\d\.]+\/(\d+)/","$1",$settings['write4']);
if ($settings['enable4']) {
$permissions['readable'] = in_range4($permissions['rip'],$permissions['rcidr'],$_SERVER['REMOTE_ADDR']);
$permissions['writable'] = in_range4($permissions['wip'],$permissions['wcidr'],$_SERVER['REMOTE_ADDR']);
} else {
$permissions['readable'] = 0;
$permissions['writable'] = 0;
}
} else {
$permissions['rip'] = preg_replace("/([\d:]+)\/\d+/","$1",$settings['read6']);
$permissions['wip'] = preg_replace("/([\d:]+)\/\d+/","$1",$settings['write6']);
$permissions['rcidr'] = preg_replace("/[\d:]+\/(\d+)/","$1",$settings['read6']);
$permissions['wcidr'] = preg_replace("/[\d:]+\/(\d+)/","$1",$settings['write6']);
if ($settings['enable6']) {
$permissions['readable'] = 1;
//$permissions['readable'] = in_range6($permissions['rip'],$permissions['rcidr'],$_SERVER['REMOTE_ADDR']);
$permissions['writable'] = 0;
//$permissions['writable'] = in_range6($permissions['wip'],$permissions['wcidr'],$_SERVER['REMOTE_ADDR']);
} else {
$permissions['readable'] = 0;
$permissions['writable'] = 0;
}
}
return $permissions;
}
# Print one row given the video details
function print_video($video,$settings,$mobile,$show_seen)
{
$html = '
';
}
$html .= '
';
}
return $html;
}
# Add a new subscription.
function add_channel($chan)
{
global $root;
return shell_exec(escapeshellcmd("$root/../bin/add_youtube_subscription.pl $chan"));
}
# Fix quotes for SQL input
function sql_escape($text)
{
return preg_replace("/'/","''",$text);
}
# Open database and fetch all settings
$no_db = 1;
if (!file_exists($database)) {
$permissions = array("readable"=>"1","writable"=>"1");
} else {
$no_db = 0;
$handle = new SQLite3($database);
$settings_row = $handle->query('SELECT * FROM settings');
$settings = $settings_row->fetchArray();
}
# If default player is 'embed' we need to select the right 'embed_type'
if (isset($settings['player']) && $settings['player'] == 'embed' && isset($settings['embed_type'])) {
$settings['player'] == $settings['embed_type'];
}
# Fetch client IP version, then check permissions for that IP
if (!isset($permissions)) {
$settings['ipv'] = ip_version($_SERVER['REMOTE_ADDR']);
if (isset($settings['ipv'])) {
$permissions = get_permissions($settings);
# Reject connection if PHP does not support ip6
} elseif (!defined('AF_INET6')) {
error('
403: Permission Denied
PHP does not support IPv6 and your address is: ' . $_SERVER['REMOTE_ADDR'] . '
');
# Reject connection if not a valid ip4 or ip6 address (what else is it?)
} else {
error('
403: Permission Denied
Invalid remote IP address: ' . $_SERVER['REMOTE_ADDR'] . '
');
}
}
# Reject connection if not readable
if (!$permissions['readable']) {
error('
403: Permission Denied
You do not have readable access to this page
');
if ($settings['ipv'] == 4) {
if ($settings['enable4']) {
error('
Your IP (' . $_SERVER['REMOTE_ADDR'] . ') falls outside of readable range (' . $settings['read4'] . ')
');
} else {
error('
IPv4 Interface is disabled
');
}
} else {
if ($settings['enable6']) {
error('
Your IP (' . $_SERVER['REMOTE_ADDR'] . ') falls outside of readable range (' . $settings['read6'] . ')
');
} else {
error('
IPv6 Interface is disabled
');
}
}
}
# Collect URL arguments
$target = $_SERVER['REQUEST_URI'];
$args = array();
parse_str($_SERVER['QUERY_STRING'], $args);
# Some arguments will require the page to be reloaded after processing.
# They will set this flag which will be checked after all arguements are done.
$reload = 0;
## STARTREAD: Read options included prior to the ENDREAD line
if (isset($args['mobile'])) {
if ($args['mobile'] != '' && $args['mobile'] != '0') {
$mobile = 1;
} else {
$mobile = 0;
}
$target = remove_arg($target,'mobile');
unset($args['mobile']);
}
# Retrieve passed error message
if (isset($args['msg'])) {
if ($args['msg'] != '') {
error(urldecode($args['msg']));
}
$target = remove_arg($target,'msg');
unset($args['msg']);
}
# Add parameters to SQL query to restrict by search results
if (isset($args['search'])) {
if (isset($args['search_clear']) || $args['search'] == '') {
unset($args['search_clear']);
$target = remove_arg($target,'search_clear');
$target = remove_arg($target,'search');
} else {
$search = urldecode($args['search']);
# If search is quoted with '/', treat it as a regex
if (preg_match('#^/.*/$#',$search)) {
$sql_search = preg_replace('#^/(.*)/$#', '$1', $search);
$regex_search = $handle->loadExtension('pcre.so');
if ($regex_search) {
$sql_search = " videos.title REGEXP '" . $sql_search . "'";
} else {
# emulate regex if module is unavailable
$new_search = '';
if (preg_match('/^\^/', $sql_search)) {
$start = preg_replace('/^\^([^\.]*).*/','$1',$sql_search);
$sql_search = preg_replace('/^\^[^\.]*(.*)$/','$1',$sql_search);
$new_search .= " AND videos.title LIKE '" . $start . "%'";
}
if (preg_match('/\$$/', $sql_search)) {
$tail = preg_replace('/^.*?([^\*]*)\$$/','$1',$sql_search);
$sql_search = preg_replace('/^(.*?)[^\*]*\$$/','$1',$sql_search);
$new_search .= " AND videos.title LIKE '%" . $tail . "'";
}
$sql_search = preg_replace('/(\.\*)?(.*)(\.\*)?/','$2',$sql_search);
$searches = preg_split('/\.\*/', $sql_search);
foreach ($searches as $s) {
if ($s != '') {
$new_search .= " AND videos.title LIKE '%" . $s . "%'";
}
}
$sql_search = preg_replace('/ AND(.*)/', '$1', $new_search);
error("You do not have the pcre.so extension for SQLite3.");
if ($permissions['writable']) {
error("
You will need to add the path to your extensions directory with an argument in your php.ini file like:
sqlite3.extension_dir = \"/usr/lib/sqlite3/\"
");
}
error ("
Simulating basic wildcard (.*) and anchor (^$) expression:
$sql_search
");
}
} else {
$sql_search = " videos.title LIKE '%" . sql_escape($search) . "%'";
}
}
unset($args['search']);
$target = remove_arg($target,'search');
}
# Set flag to not hide videos marked as seen from SQL query results
if (isset($args['show_seen'])) {
$show_seen = $args['show_seen'];
unset($args['show_seen']);
$target = remove_arg($target,'show_seen');
}
# Remove previous filter arguments to revert to regular query results
if (isset($args['filter_clear'])) {
unset($args['filter_clear']);
$target = remove_arg($target,'filter_clear');
unset($args['filter']);
$target = remove_arg($target,'filter');
unset($args['filter[]']);
$target = remove_arg($target,urlencode('filter[]'));
}
# Add claus(es) to SQL query to limit by channel or category
if (isset($args['filter'])) {
$categories = array();
if (!is_array($args['filter'])) {
if (preg_match('/^UC[0-9a-zA-Z\_\-]{22}$/', $args['filter'])) {
$chan_filter = $args['filter'];
} elseif ($args['filter'] != '-') {
$categories[0] = $args['filter'];
}
$target = remove_arg($target,'filter');
$target = remove_arg($target,urlencode('filter[]'));
} else {
foreach ($args['filter'] as $filter) {
$categories[] = urldecode($filter);
$target = remove_arg($target,urlencode('filter[]'));
}
$target = remove_arg($target,'filter');
}
unset($args['filter']);
unset($args['filter[]']);
}
## ENDREAD
# If there are remaining arguments, ensure that the client has write permissions
if ($permissions['writable']) {
if (sizeof($args) > 0) {
$reload = 1;
}
} elseif ($permissions['readable']) {
if (sizeof($args) > 0) {
$reload = 1;
error("
You are allowed to read but not write. However, a write argument was passed.
');
return http_response_code(403);
}
## IMPORTANT: Write operations to be included after this point only.
# Initialize database
if ($no_db && isset($args['initialize'])) {
$debug_text .= "
";
}
}
# Handle all change requests.
if ( !$no_db && $reload && $permissions['writable'] ) {
# Force feeds to refresh
if (isset($args['force_refresh']) && $args['force_refresh'] == 1) {
$debug_text .= "
Refreshing feeds...
";
# Must free database in order to insert
$handle->close();
$debug_text .= "
" . refresh() . "
";
$handle = new SQLite3($database);
$target = remove_arg($target,'force_refresh');
$reload = 1;
}
# Mark one or all videos as played.
if (isset($args['rm'])) {
if (preg_match("/^([^']{11})$/",urldecode($args['rm']))) {
$debug_text .= "
Removing " . urldecode($args['rm']) . "
";
$rm = sql_escape(urldecode($args['rm']));
$handle->query("UPDATE videos SET seen = 1 WHERE videoId = '$rm'");
} elseif (urldecode($args['rm']) == '*') {
$debug_text .= "
Removing All
";
$handle->query("UPDATE videos SET seen = 1 WHERE seen = 0");
}
$target = remove_arg($target,'rm');
}
# Mark one or all videos as played.
if (isset($args['unrm'])) {
if (preg_match("/^([^']{11})$/",urldecode($args['unrm']))) {
$debug_text .= "
Restoring " . urldecode($args['unrm']) . "
";
$unrm = sql_escape(urldecode($args['unrm']));
$handle->query("UPDATE videos SET seen = 0 WHERE videoId = '$unrm'");
}
$target = remove_arg($target,'unrm');
}
# Update the refresh interval
if (isset($args['refresh'])) {
$interval = urldecode($args['refresh']);
if (preg_match('/^[0-9]+$/',$interval) && $interval <= 60) {
$handle->query("UPDATE settings SET refresh = '$interval'");
update_cron($interval);
$debug_text .= "
Set update interval to $interval
";
} else {
error("
Update interval must be an integer lower than or equal to 60, $interval is not
");
}
$target = remove_arg($target,'refresh');
}
# Update the theme
if (isset($args['theme'])) {
$found = 0;
$theme = urldecode($args['theme']);
foreach (glob($root.'/css/*.css') as $file) {
$file = preg_replace('/.*\/([^\/]*)\.css$/','\1',$file);
if ($args['theme'] == $file && $file != 'style') {
$handle->query("UPDATE settings SET theme = '" . sql_escape($theme) . "'");
$debug_text .= "
Set theme $theme
";
$found = 1;
}
}
if (!$found) {
error("
" . $theme . " is not a valid theme option
");
}
$target = remove_arg($target,'theme');
}
# Update the thumbnail quality
if (isset($args['thumbnail_quality'])) {
if (preg_match("/^(maxresdefault|sddefault|hqdefault|mqdefault|default|1|2|3)$/",urldecode($args['thumbnail_quality']))) {
$thumbnail_quality = sql_escape(urldecode($args['thumbnail_quality']));
if (!isset($thumbnail_quality) || $thumbnail_quality == '') {
$thumbnail_quality = 'default';
}
$thumbnail_quality = sql_escape(urldecode($args['thumbnail_quality']));
$handle->query("UPDATE settings SET thumbnail_quality = '$thumbnail_quality'");
$debug_text .= "
Set thumbnail_quality $thumbnail_quality
";
} else {
error("
" . $args['thumbnail_quality'] . " is not a valid thumbnail_quality option
");
}
$target = remove_arg($target,'thumbnail_quality');
}
# Update the embedded player type
if (isset($args['embed_type'])) {
if (preg_match("/^(embed|nocookie|proxy)$/",urldecode($args['embed_type']))) {
$embed_type = sql_escape(urldecode($args['embed_type']));
$handle->query("UPDATE settings SET embed_type = '$embed_type'");
$debug_text .= "
Set embed_type $embed_type
";
} else {
error("
" . $args['embed_type'] . " is not a valid embed_type option
");
}
$target = remove_arg($target,'embed_type');
}
# Update the default player
if (isset($args['player'])) {
if (preg_match("/^(clip|embed|web)$/",urldecode($args['player']))) {
$player = sql_escape(urldecode($args['player']));
$handle->query("UPDATE settings SET player = '$player'");
$debug_text .= "
Set player $player
";
} else {
error("
" . $args['player'] . " is not a valid player option
");
}
$target = remove_arg($target,'player');
}
# Subscribe to a new channel
if (isset($args['sub'])) {
$debug_text .= "
Adding " . urldecode($args['sub']) . "...
";
# Must free database in order to insert
$handle->close();
$debug_text .= "
" . add_channel(urldecode($args['sub'])) . "
";
$handle = new SQLite3($database);
$reload = 1;
$target = remove_arg($target,'sub');
}
# Unsubscribe and remove channel's videos.
if (isset($args['unsub'])) {
$unsub = sql_escape(urldecode($args['unsub']));
$channels = $handle->query("SELECT * FROM channels WHERE channelId = '$unsub'");
$chan = $channels->fetchArray();
$debug_text .= "
Removing " . $chan['channelName'] . "
";
$handle->query("DELETE FROM channels WHERE channelId = '$unsub'");
$handle->query("DELETE FROM videos WHERE channelId = '$unsub'");
$target = remove_arg($target,'unsub');
}
# Update IPv4 writeable range
if (isset($args['write4'])) {
$write4ip = preg_replace("/([\d\.]+)\/\d+/","$1",urldecode($args['write4']));
$write4cidr = preg_replace("/[\d\.]+\/(\d+)/","$1",urldecode($args['write4']));
if (isset($args['read4'])) {
$read4ip = preg_replace("/([\d\.]+)\/\d+/","$1",urldecode($args['read4']));
$read4cidr = preg_replace("/[\d\.]+\/(\d+)/","$1",urldecode($args['read4']));
} else {
$read4ip = preg_replace("/([\d\.]+)\/\d+/","$1",$settings['read4']);
$read4cidr = preg_replace("/[\d\.]+\/(\d+)/","$1",$settings['read4']);
}
if ( write_outside_read4($read4ip,$read4cidr,$write4ip,$write4cidr) ) {
error("
Invalid read/write. Write must be completely contained within read.
';
$handle->query("UPDATE channels SET regex = '$regex_exp' WHERE channelId = '$regex_chan'");
$debug_text .= '
Regex updated
';
$target = remove_arg($target,'regex');
}
# If there are remaining arguments, they are invalid
if (preg_match("/[^\?]*\?(.*)/",$target)) {
$remaining = preg_replace("/^(.)*\?(.*)$/",'$2',$target);
$debug_text .= "
Ignoring invalid argument: ' . urldecode($arg) . ' with value ' . urldecode($value) . '
');
$target = remove_arg($target,$arg);
}
}
}
# Clean up target URL given intact arguments
$target = preg_replace('/[\?&]$/', '', $target);
# Close DB then refresh the page with what should be a clean URL
if ($reload) {
if ($debug && isset($debug_text) && $debug_text != '') {
$debug_text .= '
';
if ($no_db) {
$header .= '
Not connected to database.';
} else {
$header .= '
';
}
$header .= '
';
if ($no_db) {
$header .= '
Not connected to database.';
} else {
$header .= '
';
}
$header .= '
';
if ($no_db) {
$header .= '
Not connected to database.';
} else {
$header .= '
';
}
$header .= '
';
if ($no_db) {
$header .= '
Not connected to database.';
} else {
$header .= '
';
}
$header .= '
';
if ($no_db) {
$header .= '
Not connected to database.';
} else {
$header .= '
';
$body = '
';
# VIDEOS
if ($no_db) {
$body .= '
Database not yet created
It appears that you have not yet initialized your subscriptions database. You can do this with the button below.
Note that this will create an empty database with default settings. The default settings allow read and write access from all IPs, so you will probably want to update the settings immediately. This can be done using the cog icon in the top right corner.
 . '.jpg)
';
if ($mobile) {
$html .= '
';
} elseif ($settings['embed_type'] == 'nocookie') {
$html .= '
';
} else {
$html .= '
';
}
$html .= '
';
if (isset($show_seen) && $show_seen && isset($video['seen']) && $video['seen']) {
$html .= '
';
} else {
$html .= '
';
}
$html .= '
 && $show_seen) ? 'no-' : '') . 'rm.svg "Remove/Manage Videos")
