From d6575d90e16c93d323a8bc30fe2349ce1663b15a Mon Sep 17 00:00:00 2001
From: jaidhar <jaidhar@e3e1d417-86f3-4887-817a-d78f3d33393f>
Date: Fri, 5 Nov 2010 16:48:57 +0000
Subject: [PATCH] XML Plugin: Split off actions from console.php into it's own
 file, actions.php - Fixed bug where authentication wasn't being handled
 properly

git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@3175 e3e1d417-86f3-4887-817a-d78f3d33393f
---
 web/skins/xml/includes/config.php    |  2 +-
 web/skins/xml/includes/functions.php | 23 +++++++
 web/skins/xml/skin.php               |  8 +++
 web/skins/xml/views/Makefile.am      |  1 +
 web/skins/xml/views/Makefile.in      |  1 +
 web/skins/xml/views/actions.php      | 96 ++++++++++++++++++++++++++++
 web/skins/xml/views/console.php      | 67 -------------------
 7 files changed, 130 insertions(+), 68 deletions(-)
 create mode 100644 web/skins/xml/views/actions.php

diff --git a/web/skins/xml/includes/config.php b/web/skins/xml/includes/config.php
index 417de76ca..79d40e273 100644
--- a/web/skins/xml/includes/config.php
+++ b/web/skins/xml/includes/config.php
@@ -18,7 +18,7 @@
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 //
 
-define ( "XML_PROTOCOL_VERSION", "1");
+define ( "XML_PROTOCOL_VERSION", "2");
 define ( "XML_FEATURE_SET", "1");
 
 $rates = array(
diff --git a/web/skins/xml/includes/functions.php b/web/skins/xml/includes/functions.php
index e20144ca5..f6a8e34a8 100644
--- a/web/skins/xml/includes/functions.php
+++ b/web/skins/xml/includes/functions.php
@@ -29,6 +29,29 @@ body {
 	padding: 0px;
 }
 </style>
+	<script type="text/javascript">
+	function ajax(str) {
+		var xmlhttp;
+		if (window.XMLHttpRequest) {
+			xmlhttp = new XMLHttpRequest();
+		} else if (window.ActiveXObject) {
+			xmlhttp = new ActiveXObject("Microsoft.XMLHttp");
+		} else {
+		}
+		if (xmlhttp == null) {
+			return;
+		}
+		var url = str;
+		xmlhttp.onreadystatechange=function() {
+			if (xmlhttp.readyState == 4 || xmlhttp.readyState == "complete") {
+				alert('done');
+			}
+		}
+		alert('sending url ' + str);
+		xmlhttp.open("GET", str, true);
+		xmlhttp.send(null);
+	}
+	</script>
 </head>
 <?php
 }
diff --git a/web/skins/xml/skin.php b/web/skins/xml/skin.php
index 111d1a9c3..5e53332a8 100644
--- a/web/skins/xml/skin.php
+++ b/web/skins/xml/skin.php
@@ -27,4 +27,12 @@ foreach ( getSkinIncludes( 'includes/config.php' ) as $includeFile )
 foreach ( getSkinIncludes( 'includes/functions.php' ) as $includeFile )
     require_once $includeFile;
 
+if ( empty($view) )
+	$view = 'console';
+
+if ( !isset($user) && ZM_OPT_USE_AUTH )
+{
+	echo "Invalid Login";
+	exit;
+}
 ?>
diff --git a/web/skins/xml/views/Makefile.am b/web/skins/xml/views/Makefile.am
index 1cb9e7f48..c79197386 100644
--- a/web/skins/xml/views/Makefile.am
+++ b/web/skins/xml/views/Makefile.am
@@ -6,4 +6,5 @@ webdir = @WEB_PREFIX@/skins/xml/views
 
 dist_web_DATA = \
 	console.php \
+	actions.php \
 	none.php
diff --git a/web/skins/xml/views/Makefile.in b/web/skins/xml/views/Makefile.in
index 7f46a893f..c73b1d64c 100644
--- a/web/skins/xml/views/Makefile.in
+++ b/web/skins/xml/views/Makefile.in
@@ -246,6 +246,7 @@ SUBDIRS =
 webdir = @WEB_PREFIX@/skins/xml/views
 dist_web_DATA = \
 	console.php \
+	actions.php \
 	none.php
 
 all: all-recursive
diff --git a/web/skins/xml/views/actions.php b/web/skins/xml/views/actions.php
new file mode 100644
index 000000000..aa3607539
--- /dev/null
+++ b/web/skins/xml/views/actions.php
@@ -0,0 +1,96 @@
+<?php
+/* Parse any specific actions here */
+if (isset($_GET['action'])) {
+	$action = $_GET['action'];
+	if (strcmp($action, "devent") == 0) {
+		/* ACTION: Delete an Event */
+		if (!canEdit('Events')) {
+			error_log("User ".$user['Username']. " doesn't have edit Events perms");
+			exit;
+		}
+		if (!isset($_REQUEST['eid'])) {
+			error_log("EID not set for action delete-event");
+			exit;
+		}
+		$eid = validInt($_REQUEST['eid']);
+		$url = "./index.php?view=request&request=event&id=".$eid."&action=delete";
+		header("Location: ".$url);
+		exit;
+	} else if (strcmp($action, "feed") == 0) {
+		/* ACTION: View a feed */
+		if (!canView('Stream')) {
+			error_log("User ".$user['Username']. " doesn't have view Stream perms");
+			exit;
+		}
+		/* Check that required variables are set */
+		if (!isset($_REQUEST['monitor']) || !isset($_GET['width']) || !isset($_GET['height'])) {
+			error_log("Not all parameters set for action view-feed");
+			exit;
+		}
+		$width = validInt($_GET['width']);
+		$height = validInt($_GET['height']);
+		$monitor = validInt($_REQUEST['monitor']);
+		if (isset($_GET['fps'])) $fps = $_GET['fps'];
+		else $fps = ZM_WEB_VIDEO_MAXFPS;
+		if (isset($_GET['scale'])) $scale = $_GET['scale'];
+		else $scale = 100;
+		$streamSrc = 
+			getStreamSrc( array( 
+				"mode=jpeg", 
+				"monitor=".$monitor, 
+			        "scale=".$scale,	
+				"maxfps=".$fps,
+				"buffer=1000" 
+			) );
+		noCacheHeaders();
+		xhtmlHeaders( __FILE__, "Stream" );
+		echo "<body>\n";
+		echo "<div style=\"border: 0px solid; padding: 0px; background-color: black; position: absolute; top: 0px; left; 0px; margin: 0px; width: ".$width."px; height: ".$height."px;\">\n";
+		outputImageStream("liveStream", $streamSrc, $width, $height, "stream");
+		echo "</div></body></html>";
+		exit;
+	} else if (strcmp($action, "vevent") == 0) {
+		/* ACTION: View an event */
+		if (!canView('Events')) {
+			error_log("User ".$user['Username']. " doesn't have view Events perms");
+			exit;
+		}
+		if (!isset($_GET['mid']) || !isset($_GET['eid']) || !isset($_GET['fps'])) {
+			error_log("Not all parameters set for Action View-event");
+			exit;
+		}
+		$baseURL = trim(shell_exec('pwd'))."/events/".$_REQUEST['mid']."/".$_REQUEST['eid']."/";
+		$relativeURL = "./events/".$_REQUEST['mid']."/".$_REQUEST['eid']."/";
+		$shellCmd = "ffmpeg -y -r ".$_REQUEST['fps']." -i ".$baseURL."%03d-capture.jpg -vcodec mpeg4 -r 10 ".$baseURL."capture.mov 2> /dev/null";
+		shell_exec("rm -f ".$baseURL."capture.mov");
+		$shellOutput = shell_exec($shellCmd);
+		header("Location: ".$relativeURL."capture.mov");
+	} else if (strcmp($action, "state") == 0) {
+		/* ACTION: Change the state of the system */
+		if (!canEdit('System')) {
+			error_log("User ".$user['Username']. " doesn't have edit System perms");
+			exit;
+		}
+		if (!isset($_GET['state'])) {
+			error_log("Server state not specified for action");
+			exit;
+		}
+		$url = "./index.php?view=none&action=state&runState=".$_GET['state'];
+		header("Location: ".$url);
+		exit;
+	} else if (strcmp($action, "func") == 0) {
+		/* ACTION: Change state of the monitor */
+		if (!canEdit('Monitors')) {
+			error_log("User ".$user['Username']. " doesn't have monitors Edit perms");
+			exit;
+		}
+		if (!isset($_GET['mid']) || !isset($_GET['func']) || !isset($_GET['en'])) {
+			error_log("Not all parameters specified for action Monitor state");
+			exit;
+		}
+		$url = "./index.php?view=none&action=function&mid=".$_GET['mid']."&newFunction=".$_GET['func']."&newEnabled=".$_GET['en'];
+		header("Location: ".$url);
+		exit;
+	}
+}
+?>
diff --git a/web/skins/xml/views/console.php b/web/skins/xml/views/console.php
index 54e958316..ceeb0888a 100644
--- a/web/skins/xml/views/console.php
+++ b/web/skins/xml/views/console.php
@@ -24,7 +24,6 @@
  *
  * For questions, please email jdhar@eyezm.com (http://www.eyezm.com)
  *
- * Protocol Version 1, Updated 10/25/10
  */
 $eventCounts = array(
     array(
@@ -139,72 +138,6 @@ for ( $i = 0; $i < count($monitors); $i++ )
     $displayMonitors[] = $monitors[$i];
 }
 
-/* Parse any specific actions here */
-if (isset($_GET['action']) && (strcmp($_GET['action'],"login") != 0)) {
-	$action = $_GET['action'];
-	if (strcmp($action, "devent") == 0) {
-		if (!canEdit('Events')) {
-			error_log("User ".$user['Username']. " doesn't have edit Events perms");
-			exit;
-		}
-		$eid = validInt($_REQUEST['eid']);
-		$url = "./index.php?view=request&request=event&id=".$eid."&action=delete";
-		header("Location: ".$url);
-		exit;
-	} else if (strcmp($action, "feed") == 0) {
-		if (!canView('Stream')) {
-			error_log("User ".$user['Username']. " doesn't have view Stream perms");
-			exit;
-		}
-		$monitor = validInt($_REQUEST['monitor']);
-		if (isset($_GET['fps'])) $fps = $_GET['fps'];
-		else $fps = ZM_WEB_VIDEO_MAXFPS;
-		if (isset($_GET['scale'])) $scale = $_GET['scale'];
-		else $scale = 100;
-		$streamSrc = 
-			getStreamSrc( array( 
-				"mode=jpeg", 
-				"monitor=".$monitor, 
-			        "scale=".$scale,	
-				"maxfps=".$fps,
-				"buffer=1000" 
-			) );
-		noCacheHeaders();
-		xhtmlHeaders( __FILE__, "Stream" );
-		echo "<body>\n";
-		echo "<div style=\"border: 0px solid; padding: 0px; background-color: black; position: absolute; top: 0px; left; 0px; margin: 0px; width: ".$_GET['width']."px; height: ".$_GET['height']."px;\">\n";
-		outputImageStream("liveStream", $streamSrc, $_GET['width'], $_GET['height'], "stream");
-		echo "</div></body></html>";
-		exit;
-	} else if (strcmp($action, "vevent") == 0) {
-		if (!canView('Events')) {
-			error_log("User ".$user['Username']. " doesn't have view Events perms");
-			exit;
-		}
-		$baseURL = trim(shell_exec('pwd'))."/events/".$_REQUEST['mid']."/".$_REQUEST['eid']."/";
-		$relativeURL = "./events/".$_REQUEST['mid']."/".$_REQUEST['eid']."/";
-		$shellCmd = "ffmpeg -y -r ".$_REQUEST['fps']." -i ".$baseURL."%03d-capture.jpg -r 10 ".$baseURL."capture.mov 2> /dev/null";
-		shell_exec("rm -f ".$baseURL."capture.mov");
-		$shellOutput = shell_exec($shellCmd);
-		header("Location: ".$relativeURL."capture.mov");
-	} else if (strcmp($action, "state") == 0) {
-		if (!canEdit('System')) {
-			error_log("User ".$user['Username']. " doesn't have edit System perms");
-			exit;
-		}
-		$url = "./index.php?view=none&action=state&runState=".$_GET['state'];
-		header("Location: ".$url);
-		exit;
-	} else if (strcmp($action, "func") == 0) {
-		if (!canEdit('Monitors')) {
-			error_log("User ".$user['Username']. " doesn't have monitors Edit perms");
-			exit;
-		}
-		$url = "./index.php?view=none&action=function&mid=".$_GET['mid']."&newFunction=".$_GET['func']."&newEnabled=".$_GET['en'];
-		header("Location: ".$url);
-		exit;
-	}
-}
 $states = dbFetchAll("select * from States");
 /* XML Dump Starts here */
 xml_header();