<?php
// +------------------------------------------------------------------------+
// | netjukebox, Copyright © 2001-2013 Willem Bartels |
// | |
// | http://www.netjukebox.nl |
// | http://forum.netjukebox.nl |
// | |
// | This program is free software: you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation, either version 3 of the License, or |
// | (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program. If not, see <http://www.gnu.org/licenses/>. |
// +------------------------------------------------------------------------+
// +------------------------------------------------------------------------+
// | Initialize |
// +------------------------------------------------------------------------+
define('NJB_START_TIME', microtime(true));
define('NJB_VERSION', '6.00 alpha 2');
define('NJB_DATABASE_VERSION', 41);
define('NJB_IMAGE_SIZE', 200);
define('NJB_IMAGE_QUALITY', 85);
define('NJB_WINDOWS', strtoupper(substr(PHP_OS, 0, 3)) === 'WIN');
define('NJB_SCRIPT', basename($_SERVER['SCRIPT_NAME']));
define('NJB_HTTPS', (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != '') ? true : false);
define('NJB_HTTPQ', 0);
define('NJB_VLC', 1);
define('NJB_MPD', 2);
define('NJB_COUNTER_PLAY', 0);
define('NJB_COUNTER_STREAM', 1);
define('NJB_COUNTER_DOWNLOAD', 2);
define('NJB_COUNTER_COVER', 3);
define('NJB_COUNTER_RECORD', 4);
$cfg = array();
$cfg['menu'] = 'media';
$cfg['sign'] = '';
$cfg['skin'] = 'Clean';
$cfg['img'] = 'skin/Clean/img/';
$cfg['username'] = '';
$cfg['sign_validated'] = false;
// +------------------------------------------------------------------------+
// | Get home directory & load config file |
// +------------------------------------------------------------------------+
$temp = dirname(__FILE__);
$temp = realpath($temp . '/..');
define('NJB_HOME_DIR', str_replace('\\', '/', $temp) . '/');
require_once(NJB_HOME_DIR . 'include/config.inc.php');
// +------------------------------------------------------------------------+
// | Default charset |
// +------------------------------------------------------------------------+
if (NJB_WINDOWS) define('NJB_DEFAULT_CHARSET', ($cfg['default_charset'] == '') ? 'ISO-8859-1' : $cfg['default_charset']);
else define('NJB_DEFAULT_CHARSET', ($cfg['default_charset'] == '') ? 'UTF-8' : $cfg['default_charset']);
ini_set('default_charset', NJB_DEFAULT_CHARSET);
// +------------------------------------------------------------------------+
// | Get home url |
// +------------------------------------------------------------------------+
if (PHP_SAPI != 'cli') {
$temp = rawurlencode(dirname($_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME']));
$temp = str_replace('%2F', '/', $temp);
$temp = str_replace('%3A', ':', $temp);
define('NJB_HOME_URL', (NJB_HTTPS ? 'https://' : 'http://') . $temp . '/');
}
else
define('NJB_HOME_URL', '');
// +------------------------------------------------------------------------+
// | Check for default stylesheets (skin) |
// +------------------------------------------------------------------------+
if (file_exists(NJB_HOME_DIR . 'skin/' . $cfg['skin'] . '/styles.css') == false && PHP_SAPI != 'cli')
exit('<!doctype html><html><head><title></title></head><body><h1>Missing stylesheets</h1><p>netjukebox is missing the default stylesheets <i>skin/' . htmlspecialchars($cfg['skin'], ENT_COMPAT, NJB_DEFAULT_CHARSET) . '/styles.css</i></p></body></html>');
// +------------------------------------------------------------------------+
// | Offline |
// +------------------------------------------------------------------------+
if ($cfg['offline'])
message(__FILE__, __LINE__, 'warning', $cfg['offline_message']);
// +------------------------------------------------------------------------+
// | Check PHP version |
// +------------------------------------------------------------------------+
if (version_compare(PHP_VERSION, '5.2.0', '<'))
message(__FILE__, __LINE__, 'error', '[b]netjukebox ' . NJB_VERSION . ' requires PHP 5.2.0 or higher[/b][br]Now PHP ' . PHP_VERSION . ' is running.');
// +------------------------------------------------------------------------+
// | Check for required extensions |
// +------------------------------------------------------------------------+
if (function_exists('imagecreatetruecolor') == false)
message(__FILE__, __LINE__, 'error', '[b]GD2 not loaded[/b][list][*]Compile PHP with GD2 support.[*]Or use a loadable module in the php.ini[/list]');
if (function_exists('mysqli_connect') == false)
message(__FILE__, __LINE__, 'error', '[b]MYSQLI not loaded[/b][list][*]Compile PHP with MYSQLI support.[*]Or use a loadable module in the php.ini[/list]');
if (function_exists('iconv') == false)
message(__FILE__, __LINE__, 'error', '[b]ICONV not loaded[/b][list][*]Compile PHP with ICONV support.[*]Or use a loadable module in the php.ini[/list]');
// +------------------------------------------------------------------------+
// | Require once |
// +------------------------------------------------------------------------+
require_once(NJB_HOME_DIR . 'include/library.inc.php');
require_once(NJB_HOME_DIR . 'include/globalize.inc.php');
// To prevent mysql error snowball effect, and to speed up the message.php and cache.php script.
if (NJB_SCRIPT != 'message.php' && NJB_SCRIPT != 'cache.php')
require_once(NJB_HOME_DIR . 'include/mysqli.inc.php');
// +------------------------------------------------------------------------+
// | Authenticate |
// +------------------------------------------------------------------------+
function authenticate($access, $cache = false, $validate_sign = false, $disable_counter = false) {
global $cfg, $db;
if ($cache == false && headers_sent() == false) {
header('Expires: Mon, 9 Oct 2000 18:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
}
$sid = cookie('netjukebox_sid');
$authenticate = getpost('authenticate');
$query = mysqli_query($db, 'SELECT logged_in, user_id, idle_time, lock_ip, ip, user_agent, sign, seed, skin,
random_blacklist, thumbnail, thumbnail_size, stream_id, download_id, player_id
FROM session
WHERE sid = BINARY "' . mysqli_real_escape_string($db, $sid) . '"');
$session = mysqli_fetch_assoc($query);
setSkin($session['skin']);
// Validate login
if ($authenticate == 'validate') {
$username = post('username');
$hash1 = post('hash1');
$hash2 = post('hash2');
$sign = post('sign');
if ($session['ip'] == '')
message(__FILE__, __LINE__, 'error', '[b]Login failed[/b][br]netjukebox requires cookies to login.[br]Enable cookies in your browser and try again.[br][url=index.php][img]small_login.png[/img]login[/url]');
if ($session['lock_ip'] && $session['ip'] != $_SERVER['REMOTE_ADDR'])
message(__FILE__, __LINE__, 'error', '[b]Login failed[/b][br]Unexpected IP address[br][url=index.php][img]small_login.png[/img]login[/url]');
$query = mysqli_query($db, 'SELECT ' . (string) round(microtime(true) * 1000) . ' - pre_login_time AS login_delay FROM session WHERE ip = "' . mysqli_real_escape_string($db, $_SERVER['REMOTE_ADDR']) . '" ORDER BY pre_login_time DESC LIMIT 1');
$ip = mysqli_fetch_assoc($query);
$query = mysqli_query($db, 'SELECT password, seed, user_id FROM user WHERE username = "' . mysqli_real_escape_string($db, $username) . '"');
$user = mysqli_fetch_assoc($query);
$user_id = $user['user_id'];
if (// validate password
$user['password'] == hmacsha1($hash1, $user['seed']) &&
// sha1 collision protection
preg_match('#^[0-9a-f]{40}$#', $hash1) &&
// new password validation as far as possible
preg_match('#^[0-9a-f]{40}$#', $hash2) &&
(($username == $cfg['anonymous_user'] && $hash2 == hmacsha1(hmacsha1($cfg['anonymous_user'], $session['seed']), $session['seed'])) ||
($username != $cfg['anonymous_user'] && $hash2 != hmacsha1(hmacsha1('', $session['seed']), $session['seed']))) &&
// brute force & hack attack protection
$ip['login_delay'] > $cfg['login_delay'] &&
$session['user_agent'] == substr($_SERVER['HTTP_USER_AGENT'], 0, 255) &&
$session['sign'] == $sign) {
mysqli_query($db, 'UPDATE user SET
password = "' . mysqli_real_escape_string($db, $hash2) . '",
seed = "' . mysqli_real_escape_string($db, $session['seed']) . '"
WHERE username = "' . mysqli_real_escape_string($db, $username) . '"');
$sign = randomKey();
$sid = randomKey();
mysqli_query($db, 'UPDATE session SET
logged_in = 1,
user_id = ' . (int) $user_id . ',
login_time = ' . (int) time() . ',
idle_time = ' . (int) time() . ',
ip = "' . mysqli_real_escape_string($db, $_SERVER['REMOTE_ADDR']) . '",
sid = "' . mysqli_real_escape_string($db, $sid) . '",
sign = "' . mysqli_real_escape_string($db, $sign) . '",
hit_counter = hit_counter + ' . ($disable_counter ? 0 : 1) . ',
visit_counter = visit_counter + ' . (time() > $session['idle_time'] + 3600 ? 1 : 0) . '
WHERE sid = BINARY "' . mysqli_real_escape_string($db, cookie('netjukebox_sid')) . '"');
setcookie('netjukebox_sid', $sid, time() + 31536000, null, null, NJB_HTTPS, true);
@ob_flush();
flush();
}
else
logoutSession();
}
else {
// Validate current session
$user_id = $session['user_id'];
if ($session['logged_in'] &&
($session['lock_ip'] == false || ($session['lock_ip'] && $session['ip'] == $_SERVER['REMOTE_ADDR'])) &&
$session['user_agent'] == substr($_SERVER['HTTP_USER_AGENT'], 0, 255) &&
$session['idle_time'] + $cfg['session_lifetime'] > time()) {
mysqli_query($db, 'UPDATE session SET
hit_counter = hit_counter + ' . ($disable_counter ? 0 : 1) . ',
visit_counter = visit_counter + ' . (time() > $session['idle_time'] + 3600 ? 1 : 0) . ',
idle_time = ' . (int) time() . ',
ip = "' . mysqli_real_escape_string($db, $_SERVER['REMOTE_ADDR']) . '"
WHERE sid = BINARY "' . mysqli_real_escape_string($db, $sid) . '"');
}
elseif ($access == 'access_always') {
$cfg['access_media'] = false;
$cfg['access_popular'] = false;
$cfg['access_favorite'] = false;
$cfg['access_cover'] = false;
$cfg['access_stream'] = false;
$cfg['access_download'] = false;
$cfg['access_playlist'] = false;
$cfg['access_play'] = false;
$cfg['access_add'] = false;
$cfg['access_record'] = false;
$cfg['access_statistics'] = false;
$cfg['access_admin'] = false;
$cfg['access_search'] = 0;
return true;
}
else
logoutSession();
}
// Username & user privalages
unset($cfg['username']);
$query = mysqli_query($db, 'SELECT
username,
access_media,
access_popular,
access_favorite,
access_cover,
access_stream,
access_download,
access_playlist,
access_play,
access_add,
access_record,
access_statistics,
access_admin,
access_search
FROM user
WHERE user_id = ' . (int) $user_id);
$cfg += mysqli_fetch_assoc($query);
// Validate privilege
$access_validated = false;
if (is_array($access)) {
foreach ($access as $value)
if (isset($cfg[$value]) && $cfg[$value]) $access_validated = true;
}
elseif (isset($cfg[$access]) && $cfg[$access]) $access_validated = true;
elseif ($access == 'access_logged_in') $access_validated = true;
elseif ($access == 'access_always') $access_validated = true;
if ($access_validated == false)
message(__FILE__, __LINE__, 'warning', '[b]You have no privilege to access this page[/b][br][url=index.php?authenticate=logout][img]small_login.png[/img]Login as another user[/url]');
// Validate signature
if ($cfg['sign_validated'] == false &&
($validate_sign ||
$authenticate == 'logoutAllSessions' ||
$authenticate == 'logoutSession')) {
$cfg['sign'] = randomKey();
mysqli_query($db, 'UPDATE session
SET sign = "' . mysqli_real_escape_string($db, $cfg['sign']) . '"
WHERE sid = BINARY "' . mysqli_real_escape_string($db, $sid) . '"');
if ($session['sign'] == getpost('sign'))
$cfg['sign_validated'] = true;
else
message(__FILE__, __LINE__, 'error', '[b]Signature has expired[/b]');
}
else
$cfg['sign'] = $session['sign'];
// Logout
if ($authenticate == 'logout' && $cfg['username'] != $cfg['anonymous_user']) {
$query = mysqli_query($db, 'SELECT user_id FROM session
WHERE logged_in
AND user_id = ' . (int) $user_id . '
AND idle_time > ' . (int) (time() - $cfg['session_lifetime']) );
if (mysqli_affected_rows($db) > 1) logoutMenu();
else logoutSession();
}
elseif ($authenticate == 'logoutAllSessions' && $cfg['username'] != $cfg['anonymous_user']) {
mysqli_query($db, 'UPDATE session
SET logged_in = 0
WHERE user_id = ' . (int) $user_id);
logoutSession();
}
elseif ($authenticate == 'logoutSession' || $authenticate == 'logout')
logoutSession();
$cfg['user_id'] = $user_id;
$cfg['sid'] = $sid;
$cfg['session_seed'] = $session['seed'];
$cfg['random_blacklist'] = $session['random_blacklist'];
$cfg['thumbnail'] = $session['thumbnail'];
$cfg['thumbnail_size'] = $session['thumbnail_size'];
$cfg['stream_id'] = (isset($cfg['encode_extension'][$session['stream_id']])) ? $session['stream_id'] : -1;
$cfg['download_id'] = (isset($cfg['encode_extension'][$session['download_id']])) ? $session['download_id'] : -1;
$cfg['player_id'] = $session['player_id'];
}
// +------------------------------------------------------------------------+
// | Authenticate stream |
// +------------------------------------------------------------------------+
function authenticateStream($cache = false) {
global $cfg, $db;
if ($cache == false) {
header('Expires: Mon, 9 Oct 2000 18:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
}
$action = get('action');
$stream_id = get('stream_id'); // stream_id or download_id
$download_id = get('download_id');
$track_id = get('track_id'); // track_id or album_id
$album_id = get('album_id');
$partial_sid = get('partial_sid');
$expire_time = get('expire_time');
$hash = get('hash');
$query = mysqli_query($db, 'SELECT user_id, lock_ip, ip, sid FROM session
WHERE LEFT(sid, 5) = BINARY "' . mysqli_real_escape_string($db, $partial_sid) . '"
AND logged_in');
while ($session = mysqli_fetch_assoc($query)) {
if ($expire_time > time() &&
($session['lock_ip'] == false || $session['ip'] == $_SERVER['REMOTE_ADDR']) &&
$hash == hmacsha1($cfg['server_seed'], $action . $stream_id . $download_id . $track_id . $album_id . $session['sid'] . $expire_time)) {
$query2 = mysqli_query($db, 'SELECT access_stream, access_download FROM user WHERE user_id = ' . (int) $session['user_id']);
$user = mysqli_fetch_assoc($query2);
if ($action == 'stream' && $user['access_stream'] || $action != 'stream' && $user['access_download'])
return true;
}
}
if ($action != 'stream' && $expire_time > time()) message(__FILE__, __LINE__, 'error', '[b]Download failed[/b][br]Authentication failed');
elseif ($action != 'stream') message(__FILE__, __LINE__, 'error', '[b]Download failed[/b][br]Download link has expired');
header('HTTP/1.1 403 Forbidden');
exit();
}
// +------------------------------------------------------------------------+
// | Logout menu |
// +------------------------------------------------------------------------+
function logoutMenu() {
global $cfg;
require_once(NJB_HOME_DIR . 'include/header.inc.php');
?>
<form action="index.php" id="logoutform">
<!--<img src="<?php echo $cfg['img']; ?>medium_online.png" alt="">-->
<input type="hidden" name="sign" value="<?php echo $cfg['sign']; ?>">
<input type="radio" name="authenticate" value="logoutSession" id="logoutSession" checked class="space"><label for="logoutSession">Logout this session only</label>
<input type="radio" name="authenticate" value="logoutAllSessions" id="logoutAllSessions" class="space"><label for="logoutAllSessions">Logout all sessions</label>
<button type="submit" value="logout">Logout</button>
</form>
<?php
require_once(NJB_HOME_DIR . 'include/footer.inc.php');
exit();
}
// +------------------------------------------------------------------------+
// | Logout session |
// +------------------------------------------------------------------------+
function logoutSession() {
global $cfg, $db;
$cfg['username'] = ''; // Footer
$cfg['access_media'] = ''; // Header opensearch
$sid = cookie('netjukebox_sid');
$sign = randomKey();
$session_seed = randomKey();
// Update current session
mysqli_query($db, 'UPDATE session SET
logged_in = 0,
ip = "' . mysqli_real_escape_string($db, $_SERVER['REMOTE_ADDR']) . '",
user_agent = "' . mysqli_real_escape_string($db, $_SERVER['HTTP_USER_AGENT']) . '",
sign = "' . mysqli_real_escape_string($db, $sign) . '",
seed = "' . mysqli_real_escape_string($db, $session_seed) . '"
WHERE sid = BINARY "' . mysqli_real_escape_string($db, $sid) . '"');
if (mysqli_affected_rows($db) == 0) {
// Create new session
$sid = randomKey();
mysqli_query($db, 'INSERT INTO session (logged_in, create_time, ip, user_agent, sid, sign, seed) VALUES (
0,
' . (int) time() . ',
"' . mysqli_real_escape_string($db, $_SERVER['REMOTE_ADDR']) . '",
"' . mysqli_real_escape_string($db, $_SERVER['HTTP_USER_AGENT']) . '",
"' . mysqli_real_escape_string($db, $sid) . '",
"' . mysqli_real_escape_string($db, $sign) . '",
"' . mysqli_real_escape_string($db, $session_seed) . '")');
setcookie('netjukebox_sid', $sid, time() + 31536000, null, null, NJB_HTTPS, true);
@ob_flush();
flush();
}
// +------------------------------------------------------------------------+
// | Login |
// +------------------------------------------------------------------------+
$query = mysqli_query($db, 'SELECT username FROM user WHERE username = "' . mysqli_real_escape_string($db, $cfg['anonymous_user']) . '"');
$user = mysqli_fetch_assoc($query);
$anonymous = $user['username'];
$action = get('action');
if (NJB_SCRIPT == 'index.php' && substr($action, 0, 4) == 'view') {
$url = 'index.php?';
$get = getAll();
foreach ($get as $key => $value) {
$url .= rawurlencode($key) . '=' . rawurlencode($value) . '&';
}
$url = substr($url, 0, -5);
}
else
$url = 'index.php';
if ($cfg['admin_login_message'] == '') {
$cfg['admin_login_message'] = 'Cookies and JavaScript are required to login.[br]';
$cfg['admin_login_message'] .= 'Browser must support native XMLHttpRequest.';
}
require_once(NJB_HOME_DIR . 'include/header.inc.php');
?>
<script type="text/javascript">
<!--
if (hmacsha1('key', 'The quick brown fox jumps over the lazy dog') != 'de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9') {
document.write('<table class="error">');
document.write('<tr>');
document.write(' <td><img src="<?php echo $cfg['img']; ?>medium_message_error.png" alt=""><\/td>');
document.write(' <td><strong>JavaScript error<\/strong><br>Unexpected SHA1 checksum result.<\/td>');
document.write('<\/tr>');
document.write('<\/table>');
}
else if (typeof XMLHttpRequest == 'undefined') {
document.write('<table class="error">');
document.write('<tr>');
document.write(' <td><img src="<?php echo $cfg['img']; ?>medium_message_error.png" alt=""><\/td>');
document.write(' <td><strong>Native XMLHttpRequest support is required<\/strong><br>');
document.write(' Enable XMLHttpRequest or get a modern web browser.<\/td>');
document.write('<\/tr>');
document.write('<\/table>');
}
else {
document.write('<form action="<?php echo $url; ?>" method="post" name="loginform" id="loginform" onSubmit="loginStage1(this.username.value); return false;">');
document.write(' <input type="hidden" name="authenticate" value="validate">');
document.write(' <input type="hidden" name="hash1" value="">');
document.write(' <input type="hidden" name="hash2" value="">');
document.write(' <input type="hidden" name="sign" value="">');
document.write(' <label for="username">Username<\/label>');
document.write(' <input type="text" class="login" id="username" name="username" value="<?php echo addslashes(html($anonymous)); ?>" maxlength="255" onKeyUp="anonymousPassword();">');
document.write(' <label for="password">Password<\/label>');
document.write(' <input type="password" class="login" name="password" id="password">');
document.write(' <label for="lock_ip">Lock<\/label><span class="ll"><input type="checkbox" name="lock_ip" value="1" id="lock_ip" checked class="space">Lock to ip address<\/span>');
document.write(' <button type="submit" value="login">Login<\/button>');
document.write(' <div><?php echo addslashes(bbcode($cfg['admin_login_message'])); ?><\/div>');
document.write('<\/form>');
}
function initialize() {
if (typeof XMLHttpRequest != 'undefined') {
document.loginform.username.focus();
document.loginform.username.select();
anonymousPassword();
<?php if ($cfg['anonymous_user_autologin']) echo "\t\t" . 'loginStage1(document.loginform.username.value)' . "\n"; ?>
}
}
function anonymousPassword() {
if (<?php echo ($anonymous) ? 'true' : 'false'; ?> && document.loginform.username.value == '<?php echo addslashes(html($anonymous)); ?>') {
document.loginform.password.value = '';
document.loginform.password.className = 'login readonly';
// document.loginform.password.disabled = true;
}
else {
document.loginform.password.className = 'login';
// document.loginform.password.disabled = false;
}
}
function loginStage1(username) {
var request = 'action=loginStage1';
request += '&username=' + <?php echo (NJB_DEFAULT_CHARSET == 'UTF-8') ? 'encodeURIComponent' : 'escape'; ?>(username);
request += '&lock_ip=' + ((document.loginform.lock_ip.checked == true) ? '1' : '0');
request += '&sign=<?php echo hmacsha1($cfg['server_seed'], $sign); ?>';
document.loginform.username.value = '';
document.loginform.username.value = username;
document.loginform.username.className = 'login readonly';
document.loginform.password.className = 'login readonly';
ajaxRequest('json.php', loginStage2, request);
}
function loginStage2(data) {
// data.user_seed, data.session_seed, data.sign;
var password = document.loginform.password.value;
document.loginform.password.value = '';
if (<?php echo ($anonymous) ? 'true' : 'false'; ?> && document.loginform.username.value == '<?php echo addslashes(html($anonymous)); ?>')
password = '<?php echo addslashes(html($anonymous)); ?>'
document.loginform.hash1.value = hmacsha1(password, data.user_seed);
document.loginform.hash2.value = hmacsha1(hmacsha1(password, data.session_seed), data.session_seed);
document.loginform.sign.value = data.sign;
password = '';
setTimeout('document.loginform.submit();', <?php echo $cfg['login_delay']; ?>);
}
//-->
</script>
<?php
require_once(NJB_HOME_DIR . 'include/footer.inc.php');
exit();
}
// +------------------------------------------------------------------------+
// | Set skin |
// +------------------------------------------------------------------------+
function setSkin($skin) {
global $cfg, $db;
if ($skin != '' && file_exists(NJB_HOME_DIR . 'skin/' . $skin . '/styles.css')) {
$cfg['skin'] = $skin;
$cfg['img'] = 'skin/' . rawurlencode($skin) . '/img/';
return true;
}
// Get session default skin
$sid = cookie('netjukebox_sid');
$query = mysqli_query($db, 'DESCRIBE session skin');
$session = mysqli_fetch_assoc($query);
if (file_exists(NJB_HOME_DIR . 'skin/' . $session['Default'] . '/styles.css')) {
if ($skin == '') {
mysqli_query($db, 'UPDATE session
SET skin = "' . mysqli_real_escape_string($db, $session['Default']) . '"
WHERE sid = BINARY "' . mysqli_real_escape_string($db, $sid) . '"');
}
$cfg['skin'] = $session['Default'];
$cfg['img'] = 'skin/' . rawurlencode($session['Default']) . '/img/';
return true;
}
// Leave netjukebox skin set on top of this page and set it as default skin.
mysqli_query($db, 'ALTER TABLE session CHANGE skin skin VARCHAR(255) NOT NULL DEFAULT "' . mysqli_real_escape_string($db, $cfg['skin']) . '"');
return true;
}
// +------------------------------------------------------------------------+
// | Message: ok / warning / error |
// +------------------------------------------------------------------------+
function message($file, $line, $type, $message) {
global $cfg;
if (php_sapi_name() == 'cli') {
// Command line error message
require_once(NJB_HOME_DIR . 'include/library.inc.php');
echo "\n";
echo strtoupper($type) . "\n";
echo str_repeat('-', 79) . "\n";
echo bbcode2txt($message);
if ($cfg['debug']) {
echo "\n";
echo str_repeat('-', 79) . "\n";
echo 'File: ' . $file . "\n";
echo 'Line: ' . $line;
}
exit();
}
elseif (NJB_SCRIPT != 'message.php') {
if (in_array(@$_GET['menu'], array('favorite', 'playlist', 'config')))
$cfg['menu'] = $_GET['menu'];
$url = NJB_HOME_URL;
$url .= 'message.php';
$url .= '?message=' . rawurlencode($message);
$url .= '&type=' . rawurlencode($type);
$url .= '&menu=' . rawurlencode($cfg['menu']);
$url .= '&skin=' . rawurlencode($cfg['skin']);
$url .= '&username=' . rawurlencode($cfg['username']);
if ($cfg['debug']) {
$url .= '&file=' . rawurlencode($file);
$url .= '&line=' . rawurlencode($line);
}
$url .= '&sign=' . rawurlencode($cfg['sign']);
$url .= '×tamp=' . dechex(time());
if (@$_GET['ajax'] == '1') {
header('HTTP/1.1 500 Internal Server Error');
exit($url);
}
elseif (headers_sent() == false) {
header('Location: ' . $url);
exit();
}
else
exit('<script type="text/javascript">window.location="' . $url . '";</script>');
}
}