Play images and video from Synology PhotoStation server

authutil.php 8.4KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229
  1. <?php
  2. require_once('auth.inc.php');
  3. class AuthAPIUtil {
  4. static function SYNOPHOTO_LOGIN_USERDATA_PARSER($pUser)
  5. {
  6. global $SYNOPHOTO_DSM_USER_INFO;
  7. $result = array();
  8. if (!is_array($pUser)) {
  9. return null;
  10. }
  11. $i = 0;
  12. $groups = array();
  13. foreach ($pUser as $item) {
  14. if (preg_match('/\((\d+)\)/', $item, $match)) {
  15. $groups[] = $match[1];
  16. }
  17. if (!preg_match('/(^\w+\s?\w+)\s*\:/', $item, $match) || !preg_match('/\[(.*)\]/', $item, $match_val)) {
  18. continue;
  19. }
  20. if (false !== $index = array_search($match[1], $SYNOPHOTO_DSM_USER_INFO)) { // $key = 2;
  21. $result[$index] = $match_val[1];
  22. $result[$SYNOPHOTO_DSM_USER_INFO[$index]] = $match_val[1];
  23. }
  24. }
  25. $result['groups'] = implode(',', $groups);
  26. return $result;
  27. }
  28. static function SYNOPHOTO_LOGIN_AddLog($username, $success)
  29. {
  30. $ip = $_SERVER['REMOTE_ADDR'];
  31. $conf = csSYNOPhotoMisc::GetConfigFile(SYNO_CNF_FILE, 'enable_demomode');
  32. if ('yes' == $conf['enable_demomode']) {
  33. $ip = 'xxx.xxx.xxx.xxx';
  34. }
  35. if ($success) {
  36. PhotoLog::Add($username." logged in from "."[".$ip."].", true, strtolower($username));
  37. return;
  38. }
  39. PhotoLog::Add($username." failed to log in from "."[".$ip."].", false, strtolower($username));
  40. }
  41. /*
  42. * return
  43. * 1 - success
  44. * 0 - fail
  45. */
  46. static function SYNOPHOTO_LOGIN_ValidateAdmin()
  47. {
  48. $user = ('root' == SYNOPHOTO_ADMIN_USER)? 'admin':SYNOPHOTO_ADMIN_NAME;
  49. $command = "/usr/syno/bin/synoauth ".escapeshellarg($user)." ".escapeshellarg($_REQUEST['password']);
  50. @exec($command, $pAuth, $retval);
  51. if (0 == $retval) {
  52. unset($_SESSION[SYNOPHOTO_ADMIN_USER]);
  53. csSYNOPhotoMisc::PhotoSessionStart();
  54. csSYNOPhotoDB::GetDBInstance()->SetSessionSystemConfigsFromFile();
  55. $_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;
  56. self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], true);
  57. return 1;
  58. }
  59. self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], false);
  60. return 0;
  61. }
  62. /*
  63. * return
  64. * 1 - success
  65. * 0 - fail
  66. * -1 - disable user (Photo Station Account System)
  67. * -2 - not photo station user (Photo Station Account System)
  68. * -3 - guest account is not allowed to login (DSM Account System)
  69. */
  70. static function SYNOPHOTO_LOGIN_ValidateDsmUser()
  71. {
  72. if (!strcasecmp($_REQUEST['username'], 'guest')) {
  73. return -3;
  74. }
  75. $command = "/usr/syno/bin/synophoto_dsm_user --auth ".escapeshellarg($_REQUEST['username'])." ".escapeshellarg($_REQUEST['password']);
  76. @exec($command, $pAuth, $auth_retval);
  77. $user_info = array();
  78. if (0 == $auth_retval) {
  79. $command = "/usr/syno/bin/synophoto_dsm_user --getinfo ".escapeshellarg($_REQUEST['username']);
  80. @exec($command, $pUser, $retval);
  81. $user_info = self::SYNOPHOTO_LOGIN_USERDATA_PARSER($pUser);
  82. } else {
  83. self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], false);
  84. return 0;
  85. }
  86. if ($user_info) {
  87. unset($_SESSION[SYNOPHOTO_ADMIN_USER]);
  88. csSYNOPhotoMisc::PhotoSessionStart();
  89. csSYNOPhotoDB::GetDBInstance()->SetSessionSystemConfigsFromFile();
  90. $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_userid'] = $user_info[2];
  91. $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'] = $user_info[0];
  92. $_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account'] = true;
  93. $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = $user_info['groups'];
  94. if ($user_info[10]) {
  95. $_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;
  96. }
  97. self::SYNOPHOTO_LOGIN_AddLog($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'], true);
  98. return 1;
  99. }
  100. self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], false);
  101. return 0;
  102. }
  103. /*
  104. * return
  105. * 1 - success
  106. * 0 - fail
  107. * -1 - disable user (Photo Station Account System)
  108. * -2 - not photo station user (Photo Station Account System)
  109. * -3 - guest account is not allowed to login (DSM Account System)
  110. */
  111. static function SYNOPHOTO_LOGIN_ValidateUser()
  112. {
  113. $escape = PHOTO_DB_GetEscape();
  114. $query_usr = "Select count(*) from photo_user where lower(username) like ? $escape";
  115. $sqlParam = array(PHOTO_DB_EscapForLike(strtolower($_REQUEST['username'])));
  116. $count = PHOTO_DB_QueryCount($GLOBALS['dbconn_photo'], $query_usr, $sqlParam);
  117. if ($count == 0) {
  118. // user is not photo station user
  119. return -2;
  120. }
  121. $query = "Select * from photo_user where lower(username) like ? $escape and password = '".md5($_REQUEST['password'])."'";
  122. $sqlParam = array(PHOTO_DB_EscapForLike(strtolower($_REQUEST['username'])));
  123. $result = PHOTO_DB_Query($query, $sqlParam);
  124. $user_info = PHOTO_DB_FetchRow($result);
  125. if ($user_info) {
  126. if(PHOTO_DB_ConvertBool($user_info[4]) == 't') {
  127. //disabled
  128. return -1;
  129. }
  130. unset($_SESSION[SYNOPHOTO_ADMIN_USER]);
  131. csSYNOPhotoMisc::PhotoSessionStart();
  132. csSYNOPhotoDB::GetDBInstance()->SetSessionSystemConfigsFromFile();
  133. $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_userid'] = $user_info[0];
  134. $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'] = $user_info[1];
  135. $_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account'] = false;
  136. /* set user's belonging groups */
  137. $query = "SELECT groupid FROM " . PHOTO_USER_GROUP_TABLE . " WHERE userid = $user_info[0]";
  138. $db_result = PHOTO_DB_Query($query);
  139. $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = '';
  140. $groups = array();
  141. while ($row = PHOTO_DB_FetchRow($db_result)) {
  142. $groups[] = $row['groupid'];
  143. }
  144. $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = implode(',', $groups);
  145. if (PHOTO_DB_ConvertBool($user_info[6]) == 't') {
  146. $_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;
  147. }
  148. self::SYNOPHOTO_LOGIN_AddLog($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'], true);
  149. return 1;
  150. }
  151. self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], false);
  152. return 0;
  153. }
  154. static function SYNOPHOTO_LOGIN_UpdateUserSession($username) {
  155. if (null == $username) {
  156. return;
  157. }
  158. // PhotoStation User
  159. if ("0" == $_SESSION[SYNOPHOTO_ADMIN_USER]['photo_config']['global']['account_system'] || 'root' != SYNOPHOTO_ADMIN_USER){
  160. $isAdmin = 'f';
  161. $query = "SELECT userid, admin, disabled FROM photo_user WHERE username = ?";
  162. $db_result = PHOTO_DB_Query($query, array($username));
  163. while ($row = PHOTO_DB_FetchRow($db_result)) {
  164. if (PHOTO_DB_IsTrue($row['disabled'])) {
  165. unset($_SESSION[SYNOPHOTO_ADMIN_USER]);
  166. return false;
  167. }
  168. $userid = $row['userid'];
  169. $isAdmin = $row['admin'];
  170. }
  171. if('t' === PHOTO_DB_ConvertBool($isAdmin) || (('root' === SYNOPHOTO_ADMIN_USER) ? 'admin' : substr(SYNOPHOTO_ADMIN_USER, 1)) === $username) {
  172. $_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;
  173. } else {
  174. unset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
  175. }
  176. $query = "SELECT groupid FROM photo_user_group WHERE userid = ?";
  177. $db_result = PHOTO_DB_Query($query, array($userid));
  178. $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = '';
  179. $groups = array();
  180. while ($row = PHOTO_DB_FetchRow($db_result)) {
  181. $groups[] = $row['groupid'];
  182. }
  183. $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = implode(',', $groups);
  184. // DSM User
  185. } else {
  186. $command = "/usr/syno/bin/synophoto_dsm_user --getinfo ".escapeshellarg($username);
  187. @exec($command, $pUser, $retval);
  188. $user_info = self::SYNOPHOTO_LOGIN_USERDATA_PARSER($pUser);
  189. if (!$user_info || $user_info['Expired'] !== "false") {
  190. unset($_SESSION[SYNOPHOTO_ADMIN_USER]);
  191. return false;
  192. }
  193. $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = $user_info['groups'];
  194. if ($user_info[10]) {
  195. $_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;
  196. } else {
  197. unset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);
  198. }
  199. }
  200. }
  201. }
  202. ?>