showrss.php
Code Block |
---|
<?php
$SHOWRSS_FEED="http://showrss.info/user/4480.rss?magnets=true&namespaces=true&name=clean&quality=hd&re=null";
$EMAIL_TO="jmehan@yahoo.com";
$EMAIL_FROM="jmehan@yahoo.com";
$EMAIL_SUBJECT="DOWNLOAD STARTED [NAS0] - ";
$EMAIL_SUBJECT_FAILED="FAILED TO DOWNLOAD [NAS0] - ";
$DB_FILE_NAME="db_showrss.json";
$TEMP_FOLDER="tv/tmp";
$DEST_FOLDER="tv/incoming";
$pass="bGlmZWlzV0Mx";
$baseURL="http://192.168.1.60:8080";
//login to NAS0
$sid = loginToQnap();
//get showRSS Feed
$xml = file_get_contents($SHOWRSS_FEED);
//echo $xml;
//process xml
$xml = simplexml_load_file($SHOWRSS_FEED);
$showArray = array();
$showdb = json_decode(file_get_contents($DB_FILE_NAME), true);
if($showdb==null){
$showdb = array();
}
// loop through
foreach ($xml->channel->item as $item) {
$title = $item->title;
$link = $item->link;
//echo "title=" . $title ."\n";
//$pattern = "/S(\d{1,2})E(\d{1,2})/";
$pattern = "/(\d{1,2})x(\d{1,2})/";
preg_match($pattern, $title, $matches);
if(sizeof($matches)>=3){
$season=intval($matches[1]);
$episode=intval($matches[2]);
$show = trim(substr($title,0,strrpos($title,$matches[0])));
$showAndEpisode=sprintf("%s %02dx%02d", $show,$season,$episode);
}else{
$show=(string)$title;
$showAndEpisode=(string)$title;
$season=0;
$episode=0;
}
//echo "SHOW: " . $show . "\n";
//echo "SEASON: " . $season . "\n";
//echo "EPISODE: " . $episode . "\n";
$showInfo=array($showAndEpisode, $show, $season, $episode, $link);
array_push($showArray, $showInfo);
}
//echo "\n\n";
sort($showArray);
//print_r($showArray);
foreach ($showArray as $show) {
//echo "show: " . $show[0] . "\n";
//add torrent
$found =false;
foreach($showdb as &$showEntry){
$showName = $showEntry[0];
if($showName==$show[1]){
$found=true;
//echo "Found " . $show[1] . " in showdb \n";
$newSeason=$show[2];
$newEpisode=$show[3];
$lastSeason=$showEntry[1];
$lastEpisode=$showEntry[2];
//echo "--- " . $lastSeason . "x" . $lastEpisode . " -> " . $newSeason . "x" . $newEpisode ."\n";
if($lastSeason == $newSeason && $newEpisode > $lastEpisode){
if(downloadShow($show)){
$showEntry[2]= $newEpisode;
echo "U " . $showEntry[0] . " " . $showEntry[1] . "x" . $showEntry[2] . "\n";
}else{
echo "F " . $showEntry[0] . " " . $showEntry[1] . "x" . $showEntry[2] . "\n";
}
}elseif ($newSeason > $lastSeason ){
if(downloadShow($show)){
$showEntry[1]= $newSeason;
$showEntry[2]= $newEpisode;
echo "U+ " . $showEntry[0] . " " . $showEntry[1] . "x" . $showEntry[2] . "\n";
}else{
echo "F+ " . $showEntry[0] . " " . $showEntry[1] . "x" . $showEntry[2] . "\n";
}
}else{
// echo "WTF " . $lastSeason . "x" . $lastEpisode . " -> " . $newSeason . "x" . $newEpisode ."\n";
}
break;
}
}
//set latest season/episode
if ($found==false) {
if(downloadShow($show)){
echo "A " . $show[1] . " " . $show[2] . "x" . $show[3] . "\n" ;
$showDetails=array($show[1], $show[2], $show[3]);
array_push($showdb, $showDetails);
}else{
echo "F " . $show[1] . " " . $show[2] . "x" . $show[3] . "\n" ;
}
}
}
//save showdb to file
//print_r($showdb);
file_put_contents($DB_FILE_NAME,json_encode($showdb));
exit;
//***************************************
// downloadShow
//***************************************
function downloadShow($show){
global $baseURL;
$showAndEpisode = $show[1] . " " . $show[2] . "x" . $show[3];
//echo "D: " . $showAndEpisode . "\n";
//echo "L: " . $show[4] . "\n\n";
$temp=$GLOBALS['TEMP_FOLDER'];
$dest=$GLOBALS['DEST_FOLDER'] . "/" . $show[1];
$realDest = "/share/" . $dest;
if (!file_exists($realDest)) {
mkdir($realDest, 0777, true);
}
if($show[2]>0){
$dest=$dest . "/Season " . $show[2];
}
//echo "Dest: " . $dest . "\n";
$realDest = "/share/" . $dest;
if (!file_exists($realDest)) {
mkdir($realDest, 0777, true);
}
$url = $baseURL . '/downloadstation/V4/Task/AddUrl?sid=' . $GLOBALS['sid'] . '&temp=' . urlencode($temp) . '&move=' . urlencode($dest) . '&url=' . urlencode($show[4]);
//echo "URL: " . $url . "\n";
$resp=file_get_contents($url);
//echo $resp;
if($resp=='{"error":0}'){
//sendNotification($showAndEpisode,true);
return true;
}else{
sendNotification($showAndEpisode,fail);
return false;
}
}
//***************************************
// sendNotification
//***************************************
function sendNotification($showAndEpisode,$success){
if(success == true){
$subject= "\"" . $GLOBALS['EMAIL_SUBJECT'] . $showAndEpisode . "\"";
}else{
$subject= "\"" . $GLOBALS['EMAIL_SUBJECT_FAILED'] . $showAndEpisode . "\"";
}
$cmd= getCwd() . "/sendEmail.sh " . $subject . " " . $GLOBALS['EMAIL_FROM'] . " " . $GLOBALS['EMAIL_TO'] . " " . $subject;
//echo "cmd=" . $cmd . "\n";
shell_exec($cmd);
}
//***************************************
// endsWith
//***************************************
function endsWith($haystack, $needle)
{
$length = strlen($needle);
if ($length == 0) {
return true;
}
return (substr($haystack, -$length) === $needle);
}
//***************************************
// getSid
//***************************************
function getSid($xml){
$parser = xml_parser_create();
xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 1);
xml_parse_into_struct($parser, $xml, $values, $tags);
xml_parser_free($parser);
//print_r($values);
// loop through the structures
foreach ($values as $val) {
$tag=$val['tag'];
$value=$val['value'];
if($tag=="authSid"){
return $value;
}
//echo "tag=" . $tag . ", value=" . $value . "\n";
}
}
//***************************************
// loginToQnap
//***************************************
function loginToQnap(){
global $baseURL;
$resp = file_get_contents($baseURL . '/cgi-bin/authLogin.cgi?user=admin&pwd=bGlmZWlzV0Mx');
//echo $resp;
$sid=getSid($resp);
//echo "sid='" . $sid . "'\n";
$resp=file_get_contents($baseURL . '/downloadstation/V4/Misc/Login?sid=' . $sid);
return $sid;
}
?>
|
removeTorrents.php
Code Block |
---|
<?php
//$EMAIL_TO="jmehan@yahoo.com";
$EMAIL_TO="jennymehan@yahoo.com,jmehan@yahoo.com";
$EMAIL_FROM="jmehan@yahoo.com";
$EMAIL_SUBJECT="TORRENT DOWNLOADED - ";
$pass="bGlmZWlzV0Mx";
$baseURL="http://192.168.1.60:8080";
//login
$resp=file_get_contents($baseURL . '/cgi-bin/authLogin.cgi?user=admin&pwd=' . $pass);
//echo $resp;
$sid=getSid($resp);
//echo "sid='" . $sid . "'\n";
$resp=file_get_contents($baseURL . '/downloadstation/V4/Misc/Login?sid=' . $sid);
//echo $resp . "\n";
$resp=file_get_contents($baseURL . '/downloadstation/V4/Task/Query?start=0&limit=25&status=completed&from=0&to=25&sid=' . $sid);
//echo $resp . "\n";
$json = json_decode($resp);
$data = $json->{'data'};
//var_dump($data);
file_put_contents("/var/log/download.log",$json,FILE_APPEND | LOCK_EX);
//echo "CWD: " . getCwd() . "\n";
foreach($data as $torrent){
$name= $torrent->{'source_name'};
$hash=$torrent->{'hash'};
//echo "torrent: " . $name . "\n";
//echo "hash: " . $hash . "\n";
if(endsWith($name,".torrent")){
// echo "torrent file - just delete\n";
}else{
//echo "file - notify completion\n";
$subject= "\"" . $EMAIL_SUBJECT . $name . "\"";
$cmd= getCwd() . "/sendEmail.sh " . $subject . " " . $EMAIL_TO . " " . $EMAIL_FROM . " " . $subject;
//echo "cmd=" . $cmd . "\n";
shell_exec($cmd);
}
//remove torrent
$resp=file_get_contents($baseURL . '/downloadstation/V4/Task/Remove?clean=0&hash=' . $hash . '&sid=' . $sid);
//echo $resp ."\n";
//break;
}
//***************************************
// endsWith
//***************************************
function endsWith($haystack, $needle)
{
$length = strlen($needle);
if ($length == 0) {
return true;
}
return (substr($haystack, -$length) === $needle);
}
//***************************************
// getSid
//***************************************
function getSid($xml){
$parser = xml_parser_create();
xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 1);
xml_parse_into_struct($parser, $xml, $values, $tags);
xml_parser_free($parser);
//print_r($values);
// loop through the structures
foreach ($values as $val) {
$tag=$val['tag'];
$value=$val['value'];
if($tag=="authSid"){
return $value;
}
//echo "tag=" . $tag . ", value=" . $value . "\n";
}
}
?> |
showTorrents.php
Code Block |
---|
<?php
$EMAIL_TO="jmehan@yahoo.com";
$EMAIL_FROM="jmehan@yahoo.com";
$EMAIL_SUBJECT="TORRENT DOWNLOADED [NAS0] - ";
$pass="bGlmZWlzV0Mx";
$baseURL="http://192.168.1.60:8080";
//login
$resp = file_get_contents($baseURL . '/cgi-bin/authLogin.cgi?user=admin&pwd=' . $pass);
//echo $resp;
$sid=getSid($resp);
//echo "sid='" . $sid . "'\n";
$resp=file_get_contents($baseURL . '/downloadstation/V4/Misc/Login?sid=' . $sid);
//echo $resp . "\n";
$resp=file_get_contents($baseURL . '/downloadstation/V4/Task/Query?start=0&limit=100&status=all&from=0&to=100&sid=' . $sid);
echo $resp . "\n";
$json = json_decode($resp);
$data = $json->{'data'};
//var_dump($data);
//echo "CWD: " . getCwd() . "\n";
foreach($data as $torrent){
$name= $torrent->{'source_name'};
echo "torrent: " . $name . "\n";
}
//***************************************
// endsWith
//***************************************
function endsWith($haystack, $needle)
{
$length = strlen($needle);
if ($length == 0) {
return true;
}
return (substr($haystack, -$length) === $needle);
}
//***************************************
// getSid
//***************************************
function getSid($xml){
$parser = xml_parser_create();
xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 1);
xml_parse_into_struct($parser, $xml, $values, $tags);
xml_parser_free($parser);
//print_r($values);
// loop through the structures
foreach ($values as $val) {
$tag=$val['tag'];
$value=$val['value'];
if($tag=="authSid"){
return $value;
}
//echo "tag=" . $tag . ", value=" . $value . "\n";
}
}
?>
|
removeAllTorrents.php
Code Block |
---|
<?php
$EMAIL_TO="j****@yahoo.com";
$EMAIL_FROM="j****@yahoo.com";
$EMAIL_SUBJECT="TORRENT DOWNLOADED [NAS] - ";
$pass="xxx";
$baseURL="http://xxx.xxx.xxx.xxx:8080";
//login
$resp = file_get_contents($baseURL . "/cgi-bin/authLogin.cgi?user=admin&pwd=" . $pass );
$sid=getSid($resp);
$resp=file_get_contents($baseURL . '/downloadstation/V4/Misc/Login?sid=' . $sid);
$resp=file_get_contents($baseURL . '/downloadstation/V4/Task/Query?start=0&limit=100&status=all&from=0&to=100&sid=' . $sid);
$json = json_decode($resp);
$data = $json->{'data'};
foreach($data as $torrent){
$name= $torrent->{'source_name'};
$hash=$torrent->{'hash'};
if(endsWith($name,".torrent")){
// echo "torrent file - just delete\n";
}else{
//echo "file - notify completion\n";
$subject= "\"" . $EMAIL_SUBJECT . $name . "\"";
$cmd= getCwd() . "/sendEmail.sh " . $subject . " " . $EMAIL_FROM . " " . $EMAIL_TO . " " . $subject;
//echo "cmd=" . $cmd . "\n";
//shell_exec($cmd);
}
//remove torrent
$resp=file_get_contents($baseURL . '/downloadstation/V4/Task/Remove?clean=0&hash=' . $hash . '&sid=' . $sid);
//echo $resp ."\n";
//break;
}
//***************************************
// endsWith
//***************************************
function endsWith($haystack, $needle)
{
$length = strlen($needle);
if ($length == 0) {
return true;
}
return (substr($haystack, -$length) === $needle);
}
//***************************************
// getSid
//***************************************
function getSid($xml){
$parser = xml_parser_create();
xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0);
xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 1);
xml_parse_into_struct($parser, $xml, $values, $tags);
xml_parser_free($parser);
//print_r($values);
// loop through the structures
foreach ($values as $val) {
$tag=$val['tag'];
$value=$val['value'];
if($tag=="authSid"){
return $value;
}
//echo "tag=" . $tag . ", value=" . $value . "\n";
}
}
?>
|
To get your QNAP credentials
Download OWASP ZAP
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Startup OWASP zap
Set Proxy in OWASP Zap by selecting Tools, Options, Local Proxy.
Set local proxy to localhost and a port, say 8090
Now, change the proxy settings on your browser to proxy through the proxy you defined above.
Now open up the URL to your QNAP and login.
Check through the
Look through the list of URLs until you find a call to authLogin.cgi. Click on it and note the request parameters.
In the above case you will need the user=admin and pwd=….
Update the your showRss.php file with the proper path:
Also, look for this path in the other php files.
That’s it. Try running the .sh files manually and see if they work.
Maybe start with the showTorrents.sh script first since it will show you what you are currently downloading.
...