HPR/hpr_hub
8
0
Fork 3
Code Issues 48 Pull Requests Packages Projects Releases Wiki Activity

Better explanations I101

Browse Source
This commit is contained in:
Ken Fallon
2025-11-25 19:33:15 +01:00
parent e8d9af1f61
commit 3c5a9f6a4f
6 changed files with 74 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
hub/request_confirm.php
View File

@@ -10,23 +10,23 @@ $total = $row[0];
if(!isset($total) or $total > 150 ) {
# This seems to indicate that we are under an attack as we never get 5 shows in the one day from different hosts.
# A host doing bulk upload will need to do them one by one
naughty("5971624889258aefb44e5f7bf8dffbd4");
naughty("5971624889258aefb44e5f7bf8dffbd4 Too many requests - shutting down");
}
# This is to prevent anything except hits from the web form.
if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) {
naughty("19e9019c9615f755aec834000892ee9e");
naughty("19e9019c9615f755aec834000892ee9e Request method is not POST");
}
if ( empty($_SERVER["REMOTE_ADDR"]) ) {
naughty("9bb147a251e8db132dafa93d98f8487f");
naughty("9bb147a251e8db132dafa93d98f8487f The REMOTE_ADDR is missing");
}
else {
$ip = $_SERVER["REMOTE_ADDR"];
}
if (count($_POST) !== 2) {
naughty("02de1aef3b9490a417c39170d8f06028");
naughty("02de1aef3b9490a417c39170d8f06028 The post contains the incorrect number of entries");
}
# This will check to see if there are any existing requests from this ip address
@@ -36,58 +36,58 @@ $db = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ( empty($db["ip"]) ) {
# the request did not come via the web form
naughty("2162941738512bfdb1d21f288ee7cdb4");
naughty("2162941738512bfdb1d21f288ee7cdb4 There is no reservation available for this ip");
}
if ( strtotime($db['timestamp']) >= $_SERVER["REQUEST_TIME"] ) {
# they are playing with the database or time settings
naughty("f0ad965f523b5c2ade071eb20d3618b5");
naughty("f0ad965f523b5c2ade071eb20d3618b5 The timestamp is not correct");
}
if ( strtotime($db['timestamp']) >= ( $_SERVER["REQUEST_TIME"] ) + 1800 ) {
# There is too long a time entering the form
naughty("6570026fd11fc31ac0cada3e1dae4d0b");
naughty("6570026fd11fc31ac0cada3e1dae4d0b Timeout. You waited too long to react. ");
}
// Basic POST Checks
if ( empty($_POST["ep_num_date"]) or strlen($_POST["ep_num_date"]) !== 15 ) {
naughty("a32fbe5f0494eb7f34034b164739314d");
naughty("a32fbe5f0494eb7f34034b164739314d The date is not correct");
}
if ( empty($_POST["email"]) ) {
naughty("76eaa1a1556faeadfc14631c35b8590a");
naughty("76eaa1a1556faeadfc14631c35b8590a The email is missing");
}
// Getting to the keep section
if ( filter_var($_POST["email"], FILTER_VALIDATE_EMAIL) === false ) {
naughty("8c307efe37146015a35e2d928c2c0f69");
naughty("8c307efe37146015a35e2d928c2c0f69 Invalid email");
}
else {
$email = htmlspecialchars(filter_var($_POST["email"], FILTER_VALIDATE_EMAIL));
}
if ( strpos($_POST["ep_num_date"], '_') !== 4 or strpos($_POST["ep_num_date"], '-') !== 9 or strpos($_POST["ep_num_date"], '-', 10 ) !== 12 ) {
naughty("705f8e26e42a90b31075a110674b19ee");
naughty("705f8e26e42a90b31075a110674b19ee The date format is not correct");
}
if ( !preg_match("/^\d{4}_\d{4}-\d{2}-\d{2}$/", $_POST["ep_num_date"]) ) {
naughty("ad7f805c2f42be77122ec52f114fe318");
naughty("ad7f805c2f42be77122ec52f114fe318 The date fails a regex");
}
else {
list($ep_num, $ep_date) = explode('_', $_POST["ep_num_date"]);
}
if ( intval($ep_num) === 0 ) {
naughty("9424f7407b2fb83407760ad763286b53");
naughty("9424f7407b2fb83407760ad763286b53 The episode number is not an integer");
}
else {
$ep_num = intval($ep_num);
}
if ( strtotime($ep_date) === false ) {
naughty("59c7bff340d023773d987d71df545110");
naughty("59c7bff340d023773d987d71df545110 The date is not a valid time");
}
else {
$ep_date_epoch = strtotime($ep_date);
@@ -122,16 +122,16 @@ $current_ep_date_epoch = strtotime($current_ep_date);
$next_year_ep_date = strtotime(date("Y-m-d", time()) . " + 365 day" );
if ( $ep_num == $row[2] or !empty($row[2]) ) {
naughty("$ep_num == $row[2] or !empty($row[2]) 47d186ad8d5b21ec7d455477ea08b023");
naughty("$ep_num == $row[2] or !empty($row[2]) 47d186ad8d5b21ec7d455477ea08b023 Could not make the reservation in the db");
}
if ( $ep_num != 9999 ) {
if ( ( $ep_num <= $current_ep_num ) OR ( $ep_num > $next_year_ep_num ) ) {
naughty("7304801e8ce3b9096d28dbe1a0faa642 $ep_num <= $current_ep_num or $ep_num > $next_year_ep_num");
naughty("7304801e8ce3b9096d28dbe1a0faa642 Episode in wrong range $ep_num <= $current_ep_num or $ep_num > $next_year_ep_num");
}
if ( $ep_date_epoch < $current_ep_date_epoch or $ep_date_epoch > $next_year_ep_date ) {
naughty("34c4259b45927da50ba5c49970f880a4");
naughty("34c4259b45927da50ba5c49970f880a4 Date in wrong range");
}
for ($slot=$current_ep_num; $slot < $next_year_ep_num; $slot++) {
@@ -141,11 +141,11 @@ if ( $ep_num != 9999 ) {
}
if ( empty($shows_slot_date["$ep_num"]) or empty($shows_date_slot["$ep_date"]) ) {
naughty("d0e113355b35f96945124d8e507759a0");
naughty("d0e113355b35f96945124d8e507759a0 This slot date is not empty");
}
if ( $ep_date !== $shows_slot_date["$ep_num"] or $ep_num !== $shows_date_slot["$ep_date"] ) {
naughty("434cb53552ce1e2708e74a42f438028c");
naughty("434cb53552ce1e2708e74a42f438028c This slot is invalid");
}
} // End of bypass checks
@@ -162,7 +162,7 @@ $query = "UPDATE reservations SET `ep_num` = '$ep_num', `ep_date` = '$ep_date',
$result = mysqli_query($connection, $query );
if(!isset($result)) {
naughty("c7405e79b54f582e8db46c69ec4b0f24");
naughty("c7405e79b54f582e8db46c69ec4b0f24 Could not write reservation to the db");
}
use PHPMailer\PHPMailer\PHPMailer;