From dcf1339e3aee625736fb30270099b941c9a8df34 Mon Sep 17 00:00:00 2001
From: devdatt <shreebhattji@urmic.org>
Date: Thu, 22 Jan 2026 19:40:58 +0530
Subject: [PATCH] update

---
 encoder/firmware.php | 15 +++------------
 encoder/static.php   |  9 ---------
 install.sh           | 19 ++++++++++++-------
 setup.sh             | 17 +++++++++++------
 4 files changed, 26 insertions(+), 34 deletions(-)

diff --git a/encoder/firmware.php b/encoder/firmware.php
index c3f6089..6749cb0 100755
--- a/encoder/firmware.php
+++ b/encoder/firmware.php
@@ -138,9 +138,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 <div id="blocker">
     <div id="blockerBox">
         <div class="msg">'
-                    . htmlspecialchars($data['message'], ENT_QUOTES) .
+                    . htmlspecialchars("message", ENT_QUOTES) .
                     '</div>
-        <div>Continuing in</div>
+        <div>Refreshing in</div>
         <div class="timer" id="blockerTimer">100</div>
     </div>
 </div>
@@ -155,7 +155,7 @@ const interval = setInterval(() => {
 
     if (seconds <= 0) {
         clearInterval(interval);
-        document.getElementById("blocker").remove();
+        location.reload();
     }
 }, 1000);
 </script>
@@ -188,40 +188,31 @@ EwIDAQAB
 -----END PUBLIC KEY-----
 ";
 
-                error_log("starting");
                 $tmpDir = sys_get_temp_dir() . '/payload_' . bin2hex(random_bytes(6));
                 $zipFile = $tmpDir . '/payload.zip';
                 $sigFile = $tmpDir . '/payload.zip.sig';
                 $extractDir = $tmpDir . '/extract';
-                error_log("setting up directory");
 
                 mkdir($tmpDir, 0700, true);
                 mkdir($extractDir, 0700, true);
-                error_log("directory created");
-                error_log($tmpDir);
 
                 download($data['link'], $zipFile);
                 download($data['signature'], $sigFile);
-                error_log("download compltete");
 
                 $publicKey = openssl_pkey_get_public($public_key);
                 if (!$publicKey) fail('Invalid public key');
 
                 $data = file_get_contents($zipFile);
                 $signature = file_get_contents($sigFile);
-                error_log("loading zip and sig");
 
                 $verified = openssl_verify($data, $signature, $publicKey, OPENSSL_ALGO_SHA256);
 
                 if ($verified !== 1) {
-                    error_log("verification failed");
                     fail('Signature verification FAILED');
                 }
-                error_log("varification complete");
 
                 $zip = new ZipArchive();
                 if ($zip->open($zipFile) !== true) {
-                    error_log("zip unzip problem");
                     fail('Unable to open ZIP');
                 }
                 for ($i = 0; $i < $zip->numFiles; $i++) {
diff --git a/encoder/static.php b/encoder/static.php
index 2c3b4d5..5862d67 100755
--- a/encoder/static.php
+++ b/encoder/static.php
@@ -753,7 +753,6 @@ function update_service($which_service)
                                 . ' -f flv "rtmp://127.0.0.1/shree/bhattji"';
                             break;
                         default:
-                            error_log("service_rtmp0_multiple");
                             break;
                     }
                 }
@@ -795,7 +794,6 @@ function update_service($which_service)
                             . ' -f flv "rtmp://127.0.0.1/shreeshree/bhattji"';
                         break;
                     default:
-                        error_log("service_rtmp1_multiple");
                         break;
                 }
                 if ($use_common_backend_rtmp1 === "disable") {
@@ -919,7 +917,6 @@ function update_service($which_service)
         case "udp1";
             if ($service_udp1 === "enable") {
                 $udp1 = 'ffmpeg -hwaccel auto -hide_banner -i ';
-                error_log($use_common_backend);
                 switch ($use_common_backend) {
                     case "copy_input":
                     case "use_common_backend":
@@ -953,11 +950,6 @@ function update_service($which_service)
                             . ' -metadata service_provider=ShreeBhattJI -f mpegts "' . $data['udp1']['udp'] . '?pkt_size=1316&ttl=4&reuse=1&buffer_size=1048576"';
                         break;
                 }
-                error_log("use_common_backend :- " . $use_common_backend);
-                error_log("format :- " . $data['udp1']['format']);
-                error_log("service_udp1_output :- " . $data['udp1']['service_udp1_output']);
-                error_log("udp1_service_name :- " . $data['udp1']['udp1_service_name']);
-                error_log($udp1);
 
                 if ($use_common_backend == "use_common_backend" && $data['udp1']['format'] == "h264_qsv") {
                     $udp1 = str_replace("ffmpeg -hwaccel auto -hide_banner -i", "ffmpeg  -hwaccel qsv -hwaccel_output_format qsv -hide_banner -i ", $udp1);
@@ -1047,7 +1039,6 @@ function update_service($which_service)
             }
             break;
         default:
-            error_log("Error no input found");
             break;
     }
 }
diff --git a/install.sh b/install.sh
index bfc2e21..4fac1da 100755
--- a/install.sh
+++ b/install.sh
@@ -382,19 +382,24 @@ server {
     server_name _;
 
     root /var/www/html;
-    index index.php index.html;
+    index index.html;
 
+    # These are fine at the server level, but safer inside location
     add_header Access-Control-Allow-Origin "*" always;
     add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
     add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, Origin, X-Requested-With" always;
 
-    if ($request_method = OPTIONS) {
-        add_header Content-Length 0;
-        add_header Content-Type text/plain;
-        return 204;
-    }
-
     location / {
+        # Handle the OPTIONS (Preflight) request correctly
+        if ($request_method = OPTIONS) {
+            add_header Access-Control-Allow-Origin "*" always;
+            add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
+            add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, Origin, X-Requested-With" always;
+            add_header Content-Length 0;
+            add_header Content-Type text/plain;
+            return 204;
+        }
+
         try_files $uri $uri/ =404;
     }
 }
diff --git a/setup.sh b/setup.sh
index f3d475f..ceeaf0a 100644
--- a/setup.sh
+++ b/setup.sh
@@ -27,17 +27,22 @@ server {
     root /var/www/html;
     index index.html;
 
+    # These are fine at the server level, but safer inside location
     add_header Access-Control-Allow-Origin "*" always;
     add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
     add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, Origin, X-Requested-With" always;
 
-    if ($request_method = OPTIONS) {
-        add_header Content-Length 0;
-        add_header Content-Type text/plain;
-        return 204;
-    }
-
     location / {
+        # Handle the OPTIONS (Preflight) request correctly
+        if ($request_method = OPTIONS) {
+            add_header Access-Control-Allow-Origin "*" always;
+            add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
+            add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, Origin, X-Requested-With" always;
+            add_header Content-Length 0;
+            add_header Content-Type text/plain;
+            return 204;
+        }
+
         try_files $uri $uri/ =404;
     }
 }