scratch – Rev 112

Subversion Repositories:
Rev:
<?php

###########################################################################
##  Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3      ##
###########################################################################

require_once('php/pseudocrypt.php');
require_once('php/functions.php');
require_once('vendor/autoload.php');
require_once('vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFMpeg.php');

### Load configuration.
$config = spyc_load_file('config.yaml');

### If no file has been specified for download then return.
if (!isset($_GET['hash']) or empty($_GET['hash'])) {
    http_response_code(404);
    die('File not found.');
}

### Find the requested file.
$file = array_shift(
    preg_grep(
        "/".$_GET['hash']."/",
        scandir($config['STORE_FOLDER'])
    )
);

if (!isset($file) or empty($file)) {
    http_response_code(404);
    die('File not found.');
}

### Check the path for path traversals.
$fileExtension = pathinfo($file, PATHINFO_EXTENSION);

#### If the extension is not allowed then return.
if (!isset($fileExtension) ||
    !in_array(strtoupper($fileExtension),
        array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) {
    http_response_code(403);
    die('File extension not allowed.');
}

#### Build the user path.
$userPath = join(
    DIRECTORY_SEPARATOR,
    array(
        $config['STORE_FOLDER'],
        $file
    )
);

#### Check for path traversals
$pathPart = pathinfo($userPath);
if (strcasecmp(
    realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) {
    http_response_code(500);
    die('Internal server error.');
}

#### Check if the file exists.
if (!file_exists($userPath)) {
    http_response_code(404);
    die('File not found.');
}

$GRAPH_URL = $config['URL_PATH'].'og/'.$_GET['hash'];
$CANON_URL = $config['URL_PATH'].'file.php?hash='.$_GET['hash'];
$BASIC_URL = $config['URL_PATH'].$_GET['hash'];

switch(strtoupper($fileExtension)) {
    case 'GIF':
        list($width, $height) = getimagesize($userPath);
        echo <<<END
<html>
  <head>
    <meta property="og:site_name" content="Scratch Copy">
    <meta property="og:url" content="$BASIC_URL">
    <meta property="og:title" content="Scratch Copy">
    <meta property="og:type" content="video.other">
    <meta property="og:image" content="$BASIC_URL">
    <meta property="og:image:width" content="$width">
    <meta property="og:image:height" content="$height">
  </head>

  <body>
    <p>
      <img src="$BASIC_URL">
    </p>
  </body>

</html>
END;
    break;
    case 'MP4':
    ### Create a thumbnail for the video.
    $file = strtolower(
        PseudoCrypt::hash(
            preg_replace(
                '/\D/',
                '',
                hash(
                    'sha512',
                    $_GET['hash']
                )
            ),
            $config['ASSET_HASH_SIZE']
        )
    );
    
    #### Build the user path.
    $userPath = join(
        DIRECTORY_SEPARATOR,
        array(
            $config['STORE_FOLDER'],
            $file
        )
    );
    
    ### Extract thumbnail.
    $ffmpeg = FFMpeg\FFMpeg::create();
    $video = $ffmpeg->open($CANON_URL);
    $frame = $video->frame(
        FFMpeg\Coordinate\TimeCode::fromSeconds(
            $config['VIDEO_PREVIEW_IMAGE_FRAME_SECOND']
        )
    );
    $frame->save($userPath.'.'.'jpg');
    list($imageWidth, $imageHeight) = getimagesize($userPath.'.'.'jpg');
    
    ### Probe video for width and height.
    $ffprobe = FFMpeg\FFProbe::create();
    $dimension = $ffprobe
        ->streams($CANON_URL)
        ->videos()
        ->first()
        ->getDimensions();
    
    $videoWidth = $dimension->getWidth();
    $videoHeight = $dimension->getHeight();
    
    ### Build paths.
    $PREVIEW_IMAGE_URL = $config['URL_PATH'].$file;
    $FLOW_PLAYER_VIDEO_URL = $config['URL_PATH'].'flowplayer/flowplayer.swf?config={"clip":"'.$BASIC_URL.'"}';
    $FLOW_PLAYER = $config['URL_PATH'].'flowplayer/flowplayer.swf';
    
    echo <<<END
<html>
  <head>
      <meta property="og:type" content="video.other">
      <meta property="og:title" content="Scratch Copy">
      <meta property="og:site_name" content="Scratch Copy">
      
      <meta property="og:url" content="$GRAPH_URL">
      
      <meta property="og:image" content="$PREVIEW_IMAGE_URL">
      <meta property="og:video" content='$FLOW_PLAYER_VIDEO_URL'>
      <meta property="og:video:secure_url" content='$FLOW_PLAYER_VIDEO_URL'>
      <meta property="og:video:type" content="application/x-shockwave-flash">
      <meta property="og:video:width" content="$videoWidth">
      <meta property="og:video:height" content="$videoHeight">
      
      <meta property="og:image:width" content="$imageWidth">
      <meta property="og:image:height" content="$imageHeight">
  </head>

  <body>
    <p>
      <object width="$videoWidth" height="$videoHeight" id="Scratch Copy" name="Scratch Copy" data="$FLOW_PLAYER" type="application/x-shockwave-flash"><param name="movie" value="$FLOW_PLAYER" /><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="flashvars" value='config={"clip":"$BASIC_URL"}' /></object>
    </p>
  </body>

</html>
END;
    break;
}