HPR/hpr_hub
8
0
Fork 3
Code Issues 48 Pull Requests Packages Projects Releases Wiki Activity

Better explanations I101

Browse Source
This commit is contained in:
Ken Fallon
2025-11-25 19:33:15 +01:00
parent e8d9af1f61
commit 3c5a9f6a4f
6 changed files with 74 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
cms/status.php
View File

@@ -2,7 +2,7 @@
require "/home/hpr/php/include.php"; require "/home/hpr/php/include.php";
if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) { if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) {
naughty("438a220a58dc34c200a8669547afc66b"); naughty("438a220a58dc34c200a8669547afc66b REQUEST_METHOD not supported");
} }
$num_get_args=0; $num_get_args=0;
@@ -12,7 +12,7 @@ foreach($_GET as $k => $v) {
if ( $num_get_args !== 2 ){ if ( $num_get_args !== 2 ){
$result = mysqli_query($connection, "SET time_zone = '+0:00';"); $result = mysqli_query($connection, "SET time_zone = '+0:00';");
if (!isset($result)) { if (!isset($result)) {
naughty("cca6408ae1febc3f07974177b2d04375"); naughty("cca6408ae1febc3f07974177b2d04375 DB Error");
} }
header("Content-type: text/csv"); header("Content-type: text/csv");
@@ -26,18 +26,18 @@ if ( $num_get_args !== 2 ){
} }
} }
else { else {
naughty("2dcabda45255713ea9bf04523e804016"); naughty("2dcabda45255713ea9bf04523e804016 Query error");
} }
mysqli_close($connection); mysqli_close($connection);
exit; exit;
} }
if ( empty($_GET["ep_num"]) or empty($_GET["status"]) ) { if ( empty($_GET["ep_num"]) or empty($_GET["status"]) ) {
naughty("32bedea129648f27701f2f2f3ff4b7b5"); naughty("32bedea129648f27701f2f2f3ff4b7b5 Empty ep_num or status");
} }
if ( !in_array($_GET["status"], array('METADATA_PROCESSED','SHOW_POSTED','MEDIA_TRANSCODED','UPLOADED_TO_IA','UPLOADED_TO_RSYNC_NET','REMOVE_RESERVATION'), true ) ) { if ( !in_array($_GET["status"], array('METADATA_PROCESSED','SHOW_POSTED','MEDIA_TRANSCODED','UPLOADED_TO_IA','UPLOADED_TO_RSYNC_NET','REMOVE_RESERVATION'), true ) ) {
naughty("88882bc97094e7aabf2a258756f917f5 "); naughty("88882bc97094e7aabf2a258756f917f5 Wrong enum status");
} }
else { else {
$status = $_GET["status"]; $status = $_GET["status"];
@@ -47,7 +47,7 @@ if ( !empty($_GET["ep_num"]) and isset( $_GET["ep_num"] ) ) {
$ep_num = intval( $_GET["ep_num"] ); $ep_num = intval( $_GET["ep_num"] );
} }
else { else {
naughty("ecb0ebc5b38b4c09226ccbfce05978cb"); naughty("ecb0ebc5b38b4c09226ccbfce05978cb ep_num not correct");
} }
// // SELECT MAX(ep_num) FROM `reservations` → 3627 // // SELECT MAX(ep_num) FROM `reservations` → 3627
@@ -55,7 +55,7 @@ else {
// //
$result = mysqli_query($connection, 'SELECT MAX(ep_num) FROM `reservations`;'); $result = mysqli_query($connection, 'SELECT MAX(ep_num) FROM `reservations`;');
if (!isset($result)) { if (!isset($result)) {
naughty("360e6381ffca736b6f12056abd7dcc7d"); naughty("360e6381ffca736b6f12056abd7dcc7d Cant get max from db");
} }
$max_eps_array = mysqli_fetch_row( $result ); $max_eps_array = mysqli_fetch_row( $result );
$max_eps = $max_eps_array[0]; $max_eps = $max_eps_array[0];
@@ -63,22 +63,22 @@ mysqli_free_result($result);
$result = mysqli_query($connection, 'SELECT MIN(ep_num) FROM `reservations` WHERE ep_num > 0;'); $result = mysqli_query($connection, 'SELECT MIN(ep_num) FROM `reservations` WHERE ep_num > 0;');
if (!isset($result)) { if (!isset($result)) {
naughty("6971b6d378292e8fc9583de6082eddf4"); naughty("6971b6d378292e8fc9583de6082eddf4 Cant get min from db");
} }
$min_eps_array = mysqli_fetch_row( $result ); $min_eps_array = mysqli_fetch_row( $result );
$min_eps = $min_eps_array[0]; $min_eps = $min_eps_array[0];
mysqli_free_result($result); mysqli_free_result($result);
if ( empty( $ep_num ) ) { if ( empty( $ep_num ) ) {
naughty("6cf46a9b21e667c61b2c5bf87a7104f9 $ep_num"); naughty("6cf46a9b21e667c61b2c5bf87a7104f9 Empty ep_num");
} }
if ( $ep_num < $min_eps ) { if ( $ep_num < $min_eps ) {
naughty("bbcef7cd8a263dc57e85195935ad600a $ep_num < $min_eps"); naughty("bbcef7cd8a263dc57e85195935ad600a Invalid $ep_num < $min_eps");
} }
if ( $ep_num > $max_eps ) { if ( $ep_num > $max_eps ) {
naughty("a75115f3fa706ceee4b61971cd22b8f9 $ep_num > $max_eps"); naughty("a75115f3fa706ceee4b61971cd22b8f9 Invalid $ep_num > $max_eps");
} }
// SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET // SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET
@@ -113,19 +113,19 @@ switch ($status) {
$result = mysqli_query($connection, "SELECT ep_num FROM reservations WHERE `ep_num` = '$ep_num' AND status='$current_status';"); $result = mysqli_query($connection, "SELECT ep_num FROM reservations WHERE `ep_num` = '$ep_num' AND status='$current_status';");
if (!isset($result)) { if (!isset($result)) {
naughty("7f2d7228ca355be6dd2a24769595b18f"); naughty("7f2d7228ca355be6dd2a24769595b18f Cant get reservation");
} }
$db_ep_num_array = mysqli_fetch_row( $result ); $db_ep_num_array = mysqli_fetch_row( $result );
$db_ep_num = $db_ep_num_array[0]; $db_ep_num = $db_ep_num_array[0];
mysqli_free_result($result); mysqli_free_result($result);
if ( $db_ep_num != $ep_num ){ if ( $db_ep_num != $ep_num ){
problem("da59731c6ae6d1ce0fa2fa9fc4e1e726 $db_ep_num != $ep_num"); problem("da59731c6ae6d1ce0fa2fa9fc4e1e726 Error $db_ep_num != $ep_num");
} }
$query = "UPDATE reservations SET `status` = '$status' WHERE `ep_num` = '$ep_num' AND status='$current_status';"; $query = "UPDATE reservations SET `status` = '$status' WHERE `ep_num` = '$ep_num' AND status='$current_status';";
$result = mysqli_query($connection, $query ); $result = mysqli_query($connection, $query );
if(!isset($result)) { if(!isset($result)) {
problem("8a76bb408877b1d33bf31ea96b6fc02f"); problem("8a76bb408877b1d33bf31ea96b6fc02f Could not UPDATE Reservation");
} }
if (mysqli_errno( $connection )) { if (mysqli_errno( $connection )) {
$error = "MySQL error ".mysqli_errno( $connection).": ".mysqli_error($connection)."\n"; $error = "MySQL error ".mysqli_errno( $connection).": ".mysqli_error($connection)."\n";

54
hub/comment_confirm.php
View File

@@ -10,53 +10,53 @@ foreach($_GET as $k => $v) {
if ( $num_get_args > 0 ){ if ( $num_get_args > 0 ){
# they didn't supply any arguments # they didn't supply any arguments
naughty("9e756ee22b7cdcdb150a5baf167caa25 $num_get_args"); naughty("9e756ee22b7cdcdb150a5baf167caa25 No arguments provided $num_get_args");
} }
if ( empty($_POST["anti_spam_question"]) ) { if ( empty($_POST["anti_spam_question"]) ) {
naughty("0601a23e358374c293b086bb75606cca"); naughty("0601a23e358374c293b086bb75606cca You failed the anti spam question");
} }
if ( strlen($_POST["anti_spam_question"]) !== 6 ) { if ( strlen($_POST["anti_spam_question"]) !== 6 ) {
naughty("6f51e6e7e6820b3fdda5d4ca0df14db1"); naughty("6f51e6e7e6820b3fdda5d4ca0df14db1 You're making up spam questions");
} }
if (strcasecmp('public', $_POST["anti_spam_question"]) !== 0) { if (strcasecmp('public', $_POST["anti_spam_question"]) !== 0) {
naughty("6aef421ce05e3ac34f4cd91ae3248a45"); naughty("6aef421ce05e3ac34f4cd91ae3248a45 You don't know what P is in HPR");
} }
if ( ! file_exists( $comment_directory ) ) { if ( ! file_exists( $comment_directory ) ) {
# Looks like the comments directory has not been created # Looks like the comments directory has not been created
naughty("d5342ea497f701656433e81fb5eed064"); naughty("d5342ea497f701656433e81fb5eed064 Comment file could not be created");
} }
$unprocessed_comments = iterator_count(new FilesystemIterator("$comment_directory", FilesystemIterator::SKIP_DOTS)); $unprocessed_comments = iterator_count(new FilesystemIterator("$comment_directory", FilesystemIterator::SKIP_DOTS));
if( $unprocessed_comments >= 10 ) { if( $unprocessed_comments >= 10 ) {
# There has to be at least one comment here as they are calling the script, and too many is suspicious # There has to be at least one comment here as they are calling the script, and too many is suspicious
naughty("093f42abee30e69e0e4d5125c70a0f7c"); naughty("093f42abee30e69e0e4d5125c70a0f7c Too many unprocessed comments - shutting myself down");
} }
# This is to prevent anything except hits from the web form. # This is to prevent anything except hits from the web form.
# Anyone wanting to script uploads can do so via ftp # Anyone wanting to script uploads can do so via ftp
if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) { if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) {
naughty("87613fc139b251b673e1dd51e378e462"); naughty("87613fc139b251b673e1dd51e378e462 Must be a POST");
} }
if ( empty($_SERVER["REMOTE_ADDR"]) ) { if ( empty($_SERVER["REMOTE_ADDR"]) ) {
naughty("d7d0b6ab9689be244e1b6a8fbe6effba"); naughty("d7d0b6ab9689be244e1b6a8fbe6effba Missing remote address");
} }
else { else {
$ip = $_SERVER["REMOTE_ADDR"]; $ip = $_SERVER["REMOTE_ADDR"];
} }
if (count($_POST) !== 8) { if (count($_POST) !== 8) {
naughty("086fe155b0588de68fc5d9e4580254a8"); naughty("086fe155b0588de68fc5d9e4580254a8 Not correct number of fields");
} }
// Basic POST Checks // Basic POST Checks
if ( empty($_POST["comment_author_name"]) or strlen($_POST["comment_author_name"]) > 40 or strtolower($_POST["comment_author_name"]) == "testdog" ) { if ( empty($_POST["comment_author_name"]) or strlen($_POST["comment_author_name"]) > 40 or strtolower($_POST["comment_author_name"]) == "testdog" ) {
naughty("294356cd36d3f9b75da4d8c0a6108881"); naughty("294356cd36d3f9b75da4d8c0a6108881 Your name wrong");
} }
$comment_author_name = $_POST["comment_author_name"]; $comment_author_name = $_POST["comment_author_name"];
$comment_author_name_json = json_encode( $_POST["comment_author_name"] ); $comment_author_name_json = json_encode( $_POST["comment_author_name"] );
@@ -69,7 +69,7 @@ else {
} }
if ( empty($_POST["comment_title"]) or strlen($_POST["comment_title"]) > 100 ) { if ( empty($_POST["comment_title"]) or strlen($_POST["comment_title"]) > 100 ) {
naughty("a89efb428cfe36996a65b371d5f4e303"); naughty("a89efb428cfe36996a65b371d5f4e303 The title is too long");
} }
$comment_title = $_POST["comment_title"]; $comment_title = $_POST["comment_title"];
$comment_title_json = json_encode( $_POST["comment_title"] ); $comment_title_json = json_encode( $_POST["comment_title"] );
@@ -82,7 +82,7 @@ else {
} }
if ( empty($_POST["comment_text"]) or strlen($_POST["comment_text"]) > 2000 or strpos(strtolower($_POST["comment_text"]), "outlook.con") !== false ) { if ( empty($_POST["comment_text"]) or strlen($_POST["comment_text"]) > 2000 or strpos(strtolower($_POST["comment_text"]), "outlook.con") !== false ) {
naughty("cd57ab4d7b77a131ed3deb441bd93dcd"); naughty("cd57ab4d7b77a131ed3deb441bd93dcd The comment text is too verbose. Record a show instead.");
} }
$comment_text = $_POST["comment_text"]; $comment_text = $_POST["comment_text"];
$comment_text_json = json_encode( $_POST["comment_text"] ); $comment_text_json = json_encode( $_POST["comment_text"] );
@@ -95,7 +95,7 @@ else {
} }
if ( empty($_POST["spammer"]) or strcmp($_POST["spammer"], "No") !== 0 ) { if ( empty($_POST["spammer"]) or strcmp($_POST["spammer"], "No") !== 0 ) {
naughty("b2ec68bd04cee0f64143ce4827a97e7c"); naughty("b2ec68bd04cee0f64143ce4827a97e7c You selected that you were a spammer");
} }
# We check to see if the eps_id has been suplied, that it's a integer, and that it's in our range. # We check to see if the eps_id has been suplied, that it's a integer, and that it's in our range.
@@ -108,13 +108,13 @@ if (isset($_POST['eps_id'])){
$row = mysqli_fetch_array($result, MYSQLI_NUM); $row = mysqli_fetch_array($result, MYSQLI_NUM);
$total = $row[0]; $total = $row[0];
if ( !isset($result) or ( $total != 1 ) ) { if ( !isset($result) or ( $total != 1 ) ) {
naughty("5348e3c2aee3644730c70d3f000bcb01"); naughty("5348e3c2aee3644730c70d3f000bcb01 No response from the db");
} }
mysqli_free_result($result); mysqli_free_result($result);
$result = mysqli_query($connection, 'SELECT MAX(id) as max FROM eps;'); $result = mysqli_query($connection, 'SELECT MAX(id) as max FROM eps;');
if (!isset($result)) { if (!isset($result)) {
naughty("f00fb1f47affc3286aadc15038cfd5d7"); naughty("f00fb1f47affc3286aadc15038cfd5d7 Could not find the max id");
} }
while ($row = mysqli_fetch_array($result)) { while ($row = mysqli_fetch_array($result)) {
$max_eps = $row['max']; $max_eps = $row['max'];
@@ -122,19 +122,19 @@ if (isset($_POST['eps_id'])){
mysqli_free_result($result); mysqli_free_result($result);
} }
else { else {
naughty("02c560adf1ff39b140fe8b7abe02fd31"); naughty("02c560adf1ff39b140fe8b7abe02fd31 Commenting on a non existant show is odd");
} }
if ( intval($eps_id) <= 0 ){ if ( intval($eps_id) <= 0 ){
naughty("2903eeac51bb479edb428ae3c896671c"); naughty("2903eeac51bb479edb428ae3c896671c Commenting on a non show with ID less than zero is odd");
} }
if ( intval($eps_id) > $max_eps ){ if ( intval($eps_id) > $max_eps ){
naughty("54aa65c12ba71f3dfc451ff5bc82c798"); naughty("54aa65c12ba71f3dfc451ff5bc82c798 Commenting on a show that is more than our posted episodes is odd");
} }
if ( intval($eps_id) === 0 ) { if ( intval($eps_id) === 0 ) {
naughty("11fe1f9b76bf9f30e6a3a784832cb738"); naughty("11fe1f9b76bf9f30e6a3a784832cb738 Commenting on a show zero is odd");
} }
else { else {
$eps_id = intval($eps_id); $eps_id = intval($eps_id);
@@ -155,16 +155,16 @@ if ($result = mysqli_query($connection, $query)) {
} }
} }
else { else {
naughty("c34561d684ad97241c95a1287688638b"); naughty("c34561d684ad97241c95a1287688638b Could not get the hosts from the db");
} }
mysqli_free_result($result); mysqli_free_result($result);
if ( empty($_POST["hostid"]) or intval($_POST["hostid"]) != $host_id ) { if ( empty($_POST["hostid"]) or intval($_POST["hostid"]) != $host_id ) {
naughty("b4d71481b7055272728094292fd2a562"); naughty("b4d71481b7055272728094292fd2a562 Cant find that host id");
} }
if ( empty($_POST["justification"]) or strlen($_POST["justification"]) > 200 or strlen($_POST["justification"]) < 20) { if ( empty($_POST["justification"]) or strlen($_POST["justification"]) > 200 or strlen($_POST["justification"]) < 20) {
naughty("156d2d2d5780bd7f4a750f7c162b3394"); naughty("156d2d2d5780bd7f4a750f7c162b3394 You need to have a sufficently long justification.");
} }
# Checks to see how old the show is # Checks to see how old the show is
@@ -173,7 +173,7 @@ list ($current_episode_date, $current_episode_number) = GetLatestPublishedShow($
if ( ( $eps_id <= $current_episode_number ) and ( $eps_id >= ( $current_episode_number - 20 ) ) ) { if ( ( $eps_id <= $current_episode_number ) and ( $eps_id >= ( $current_episode_number - 20 ) ) ) {
if ( strcmp($_POST["justification"], "No justification is asked for or required.") !== 0 ) { if ( strcmp($_POST["justification"], "No justification is asked for or required.") !== 0 ) {
naughty("9357d78bf73b03ee2dd902a4c975f91d"); naughty("9357d78bf73b03ee2dd902a4c975f91d You're saying No justification on a show that requires justification");
} }
else { else {
$justification = "Current Comment"; $justification = "Current Comment";
@@ -183,7 +183,7 @@ if ( ( $eps_id <= $current_episode_number ) and ( $eps_id >= ( $current_episode_
else { else {
if ( strcmp($_POST["justification"], "No justification is asked for or required.") === 0 ) { if ( strcmp($_POST["justification"], "No justification is asked for or required.") === 0 ) {
print ">" . $_POST["justification"] ."< eps_id: $eps_id, current_episode_number: $current_episode_number, "; print ">" . $_POST["justification"] ."< eps_id: $eps_id, current_episode_number: $current_episode_number, ";
naughty("df4af9bdd0302f672d6311c76bdc461a"); naughty("df4af9bdd0302f672d6311c76bdc461a A current comment should not require Justification");
} }
else { else {
$justification = $_POST["justification"]; $justification = $_POST["justification"];
@@ -199,7 +199,7 @@ else {
} }
if ( empty($_SERVER["REMOTE_ADDR"]) ) { if ( empty($_SERVER["REMOTE_ADDR"]) ) {
naughty("611144d4c0d575fffbf8f3ef11f8ad68"); naughty("611144d4c0d575fffbf8f3ef11f8ad68 Missing REMOTE_ADDR");
} }
else { else {
$ip = $_SERVER["REMOTE_ADDR"]; $ip = $_SERVER["REMOTE_ADDR"];
@@ -216,7 +216,7 @@ $timestamp = $timestamp;
$timestamp_json = json_encode($timestamp); $timestamp_json = json_encode($timestamp);
$comment_key_json = json_encode( $key ); $comment_key_json = json_encode( $key );
if ( file_exists( $comment_file ) ) { if ( file_exists( $comment_file ) ) {
naughty("ef5d14b33b262bfbf5d40544fdeb9ec3"); naughty("ef5d14b33b262bfbf5d40544fdeb9ec3 File already exists");
} }
$comment_data = "{ $comment_data = "{
@@ -233,7 +233,7 @@ $comment_data = "{
file_put_contents($comment_file, $comment_data ); file_put_contents($comment_file, $comment_data );
if ( filesize( $comment_file ) > 4000 ) { if ( filesize( $comment_file ) > 4000 ) {
naughty("56e00e793a27168511d1cfda11d3bc55"); naughty("56e00e793a27168511d1cfda11d3bc55 Filesize is too big");
} }
$user_agent = preg_replace('/ \(/', "\n", $_SERVER["HTTP_USER_AGENT"] ); $user_agent = preg_replace('/ \(/', "\n", $_SERVER["HTTP_USER_AGENT"] );

10
hub/request.php
View File

@@ -112,24 +112,24 @@ if (isset($_GET['id'])){
} }
if ( strval( intval( $id ) ) != strval( $id ) ) { if ( strval( intval( $id ) ) != strval( $id ) ) {
naughty("e015b7c89da03385a9156d3e5d2eb25d"); naughty("e015b7c89da03385a9156d3e5d2eb25d The id is not a integer");
} }
if ( intval( $id ) <= 0 ) { if ( intval( $id ) <= 0 ) {
naughty("1493a07dec01a006d11bf43d2f17e5aa"); naughty("1493a07dec01a006d11bf43d2f17e5aa The ID is less than or equal to one");
} }
if ( $num_get_args > 2 ) { if ( $num_get_args > 2 ) {
naughty("79543dbb498ec47404aaed4d56bdc22b"); naughty("79543dbb498ec47404aaed4d56bdc22b The number of arguments is greater than 2");
} }
if ( intval($id) > 9999 ) { if ( intval($id) > 9999 ) {
naughty("f1f531c768f64404cb00437254b06d71"); naughty("f1f531c768f64404cb00437254b06d71 The id is too high");
} }
if ( $id != 9999 ) { if ( $id != 9999 ) {
if ( isset( $show_array[$id] ) ) { if ( isset( $show_array[$id] ) ) {
naughty("2227263ac7171aca3214d155dec539ad"); naughty("2227263ac7171aca3214d155dec539ad The id is still too high");
} }
} }
} }

40
hub/request_confirm.php
View File

@@ -10,23 +10,23 @@ $total = $row[0];
if(!isset($total) or $total > 150 ) { if(!isset($total) or $total > 150 ) {
# This seems to indicate that we are under an attack as we never get 5 shows in the one day from different hosts. # This seems to indicate that we are under an attack as we never get 5 shows in the one day from different hosts.
# A host doing bulk upload will need to do them one by one # A host doing bulk upload will need to do them one by one
naughty("5971624889258aefb44e5f7bf8dffbd4"); naughty("5971624889258aefb44e5f7bf8dffbd4 Too many requests - shutting down");
} }
# This is to prevent anything except hits from the web form. # This is to prevent anything except hits from the web form.
if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) { if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) {
naughty("19e9019c9615f755aec834000892ee9e"); naughty("19e9019c9615f755aec834000892ee9e Request method is not POST");
} }
if ( empty($_SERVER["REMOTE_ADDR"]) ) { if ( empty($_SERVER["REMOTE_ADDR"]) ) {
naughty("9bb147a251e8db132dafa93d98f8487f"); naughty("9bb147a251e8db132dafa93d98f8487f The REMOTE_ADDR is missing");
} }
else { else {
$ip = $_SERVER["REMOTE_ADDR"]; $ip = $_SERVER["REMOTE_ADDR"];
} }
if (count($_POST) !== 2) { if (count($_POST) !== 2) {
naughty("02de1aef3b9490a417c39170d8f06028"); naughty("02de1aef3b9490a417c39170d8f06028 The post contains the incorrect number of entries");
} }
# This will check to see if there are any existing requests from this ip address # This will check to see if there are any existing requests from this ip address
@@ -36,58 +36,58 @@ $db = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ( empty($db["ip"]) ) { if ( empty($db["ip"]) ) {
# the request did not come via the web form # the request did not come via the web form
naughty("2162941738512bfdb1d21f288ee7cdb4"); naughty("2162941738512bfdb1d21f288ee7cdb4 There is no reservation available for this ip");
} }
if ( strtotime($db['timestamp']) >= $_SERVER["REQUEST_TIME"] ) { if ( strtotime($db['timestamp']) >= $_SERVER["REQUEST_TIME"] ) {
# they are playing with the database or time settings # they are playing with the database or time settings
naughty("f0ad965f523b5c2ade071eb20d3618b5"); naughty("f0ad965f523b5c2ade071eb20d3618b5 The timestamp is not correct");
} }
if ( strtotime($db['timestamp']) >= ( $_SERVER["REQUEST_TIME"] ) + 1800 ) { if ( strtotime($db['timestamp']) >= ( $_SERVER["REQUEST_TIME"] ) + 1800 ) {
# There is too long a time entering the form # There is too long a time entering the form
naughty("6570026fd11fc31ac0cada3e1dae4d0b"); naughty("6570026fd11fc31ac0cada3e1dae4d0b Timeout. You waited too long to react. ");
} }
// Basic POST Checks // Basic POST Checks
if ( empty($_POST["ep_num_date"]) or strlen($_POST["ep_num_date"]) !== 15 ) { if ( empty($_POST["ep_num_date"]) or strlen($_POST["ep_num_date"]) !== 15 ) {
naughty("a32fbe5f0494eb7f34034b164739314d"); naughty("a32fbe5f0494eb7f34034b164739314d The date is not correct");
} }
if ( empty($_POST["email"]) ) { if ( empty($_POST["email"]) ) {
naughty("76eaa1a1556faeadfc14631c35b8590a"); naughty("76eaa1a1556faeadfc14631c35b8590a The email is missing");
} }
// Getting to the keep section // Getting to the keep section
if ( filter_var($_POST["email"], FILTER_VALIDATE_EMAIL) === false ) { if ( filter_var($_POST["email"], FILTER_VALIDATE_EMAIL) === false ) {
naughty("8c307efe37146015a35e2d928c2c0f69"); naughty("8c307efe37146015a35e2d928c2c0f69 Invalid email");
} }
else { else {
$email = htmlspecialchars(filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)); $email = htmlspecialchars(filter_var($_POST["email"], FILTER_VALIDATE_EMAIL));
} }
if ( strpos($_POST["ep_num_date"], '_') !== 4 or strpos($_POST["ep_num_date"], '-') !== 9 or strpos($_POST["ep_num_date"], '-', 10 ) !== 12 ) { if ( strpos($_POST["ep_num_date"], '_') !== 4 or strpos($_POST["ep_num_date"], '-') !== 9 or strpos($_POST["ep_num_date"], '-', 10 ) !== 12 ) {
naughty("705f8e26e42a90b31075a110674b19ee"); naughty("705f8e26e42a90b31075a110674b19ee The date format is not correct");
} }
if ( !preg_match("/^\d{4}_\d{4}-\d{2}-\d{2}$/", $_POST["ep_num_date"]) ) { if ( !preg_match("/^\d{4}_\d{4}-\d{2}-\d{2}$/", $_POST["ep_num_date"]) ) {
naughty("ad7f805c2f42be77122ec52f114fe318"); naughty("ad7f805c2f42be77122ec52f114fe318 The date fails a regex");
} }
else { else {
list($ep_num, $ep_date) = explode('_', $_POST["ep_num_date"]); list($ep_num, $ep_date) = explode('_', $_POST["ep_num_date"]);
} }
if ( intval($ep_num) === 0 ) { if ( intval($ep_num) === 0 ) {
naughty("9424f7407b2fb83407760ad763286b53"); naughty("9424f7407b2fb83407760ad763286b53 The episode number is not an integer");
} }
else { else {
$ep_num = intval($ep_num); $ep_num = intval($ep_num);
} }
if ( strtotime($ep_date) === false ) { if ( strtotime($ep_date) === false ) {
naughty("59c7bff340d023773d987d71df545110"); naughty("59c7bff340d023773d987d71df545110 The date is not a valid time");
} }
else { else {
$ep_date_epoch = strtotime($ep_date); $ep_date_epoch = strtotime($ep_date);
@@ -122,16 +122,16 @@ $current_ep_date_epoch = strtotime($current_ep_date);
$next_year_ep_date = strtotime(date("Y-m-d", time()) . " + 365 day" ); $next_year_ep_date = strtotime(date("Y-m-d", time()) . " + 365 day" );
if ( $ep_num == $row[2] or !empty($row[2]) ) { if ( $ep_num == $row[2] or !empty($row[2]) ) {
naughty("$ep_num == $row[2] or !empty($row[2]) 47d186ad8d5b21ec7d455477ea08b023"); naughty("$ep_num == $row[2] or !empty($row[2]) 47d186ad8d5b21ec7d455477ea08b023 Could not make the reservation in the db");
} }
if ( $ep_num != 9999 ) { if ( $ep_num != 9999 ) {
if ( ( $ep_num <= $current_ep_num ) OR ( $ep_num > $next_year_ep_num ) ) { if ( ( $ep_num <= $current_ep_num ) OR ( $ep_num > $next_year_ep_num ) ) {
naughty("7304801e8ce3b9096d28dbe1a0faa642 $ep_num <= $current_ep_num or $ep_num > $next_year_ep_num"); naughty("7304801e8ce3b9096d28dbe1a0faa642 Episode in wrong range $ep_num <= $current_ep_num or $ep_num > $next_year_ep_num");
} }
if ( $ep_date_epoch < $current_ep_date_epoch or $ep_date_epoch > $next_year_ep_date ) { if ( $ep_date_epoch < $current_ep_date_epoch or $ep_date_epoch > $next_year_ep_date ) {
naughty("34c4259b45927da50ba5c49970f880a4"); naughty("34c4259b45927da50ba5c49970f880a4 Date in wrong range");
} }
for ($slot=$current_ep_num; $slot < $next_year_ep_num; $slot++) { for ($slot=$current_ep_num; $slot < $next_year_ep_num; $slot++) {
@@ -141,11 +141,11 @@ if ( $ep_num != 9999 ) {
} }
if ( empty($shows_slot_date["$ep_num"]) or empty($shows_date_slot["$ep_date"]) ) { if ( empty($shows_slot_date["$ep_num"]) or empty($shows_date_slot["$ep_date"]) ) {
naughty("d0e113355b35f96945124d8e507759a0"); naughty("d0e113355b35f96945124d8e507759a0 This slot date is not empty");
} }
if ( $ep_date !== $shows_slot_date["$ep_num"] or $ep_num !== $shows_date_slot["$ep_date"] ) { if ( $ep_date !== $shows_slot_date["$ep_num"] or $ep_num !== $shows_date_slot["$ep_date"] ) {
naughty("434cb53552ce1e2708e74a42f438028c"); naughty("434cb53552ce1e2708e74a42f438028c This slot is invalid");
} }
} // End of bypass checks } // End of bypass checks
@@ -162,7 +162,7 @@ $query = "UPDATE reservations SET `ep_num` = '$ep_num', `ep_date` = '$ep_date',
$result = mysqli_query($connection, $query ); $result = mysqli_query($connection, $query );
if(!isset($result)) { if(!isset($result)) {
naughty("c7405e79b54f582e8db46c69ec4b0f24"); naughty("c7405e79b54f582e8db46c69ec4b0f24 Could not write reservation to the db");
} }
use PHPMailer\PHPMailer\PHPMailer; use PHPMailer\PHPMailer\PHPMailer;

14
hub/upload.php
View File

@@ -7,7 +7,7 @@
require "/home/hpr/php/include.php"; require "/home/hpr/php/include.php";
if ( $_SERVER['REQUEST_METHOD'] !== 'GET' and empty($_SERVER["REMOTE_ADDR"]) and count($_GET) !== 1 ) { if ( $_SERVER['REQUEST_METHOD'] !== 'GET' and empty($_SERVER["REMOTE_ADDR"]) and count($_GET) !== 1 ) {
call412("9a77e4ab24410cbf68a3a05ba97221e4"); call412("9a77e4ab24410cbf68a3a05ba97221e4 Not a GET request");
} }
if ( isset( $_GET['key'] ) and strlen( $_GET['key'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) === 45 and ctype_xdigit( $_GET['key'] ) ) { if ( isset( $_GET['key'] ) and strlen( $_GET['key'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) === 45 and ctype_xdigit( $_GET['key'] ) ) {
@@ -18,7 +18,7 @@ else {
$key = htmlspecialchars( stripslashes( strip_tags( $_GET['delete'] ) ) ); $key = htmlspecialchars( stripslashes( strip_tags( $_GET['delete'] ) ) );
} }
else { else {
call412("e8ac90fc2a8996e5fb7a83e73e636e80"); call412("e8ac90fc2a8996e5fb7a83e73e636e80 Invalid key");
} }
} }
@@ -27,11 +27,11 @@ $ip = $_SERVER["REMOTE_ADDR"];
$query = "select * FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$key' "; $query = "select * FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$key' ";
$result = mysqli_query($connection, $query); $result = mysqli_query($connection, $query);
if($result === FALSE) { if($result === FALSE) {
call412("91432866e3c9c36a9c4884345d578761"); call412("91432866e3c9c36a9c4884345d578761 Could not find ip=\"$ip\" AND key=\"$key\" in the database. Did your IP address change ? Was the removed after 15 Munites ?");
} }
$db = mysqli_fetch_array($result, MYSQLI_ASSOC); $db = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ( empty($db) or empty( $db['timestamp'] ) or empty( $db['key'] ) or empty( $db['ep_num'] ) or empty( $db['ep_date'] ) or empty( $db['email'] ) ) { if ( empty($db) or empty( $db['timestamp'] ) or empty( $db['key'] ) or empty( $db['ep_num'] ) or empty( $db['ep_date'] ) or empty( $db['email'] ) ) {
call412("b019bd29c1fe5b756e4b620a5428f730"); call412("b019bd29c1fe5b756e4b620a5428f730 The information for this reservation is not correct in the database.");
} }
else { else {
$db_timestamp = $db['timestamp']; $db_timestamp = $db['timestamp'];
@@ -48,7 +48,7 @@ if ( isset( $_GET['delete'] ) ) {
$query = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$key' "; $query = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$key' ";
$result = mysqli_query($connection, $query); $result = mysqli_query($connection, $query);
if($result === FALSE) { if($result === FALSE) {
call412("35a7f4e80ecba8284049e9d6261ae523"); call412("35a7f4e80ecba8284049e9d6261ae523 Could not remove the reservation.");
} }
else { else {
header( "Location: ${hubBaseurl}calendar.php" ) ; header( "Location: ${hubBaseurl}calendar.php" ) ;
@@ -63,7 +63,7 @@ $status = strtotime("now") . ".EMAIL_LINK_CLICKED." . date('Y-m-d\TH:i:s\Z');
$query = "UPDATE reservations SET `verified` = '1', `status` = 'EMAIL_LINK_CLICKED' WHERE `ip` = '$db_ip' AND `timestamp` = '$db_timestamp' AND `key` = '$db_key'"; $query = "UPDATE reservations SET `verified` = '1', `status` = 'EMAIL_LINK_CLICKED' WHERE `ip` = '$db_ip' AND `timestamp` = '$db_timestamp' AND `key` = '$db_key'";
$result = mysqli_query($connection, $query ); $result = mysqli_query($connection, $query );
if(!isset($result)) { if(!isset($result)) {
naughty("066c518314f0d3b1ad3e4af60fcf36ce"); naughty("066c518314f0d3b1ad3e4af60fcf36ce Could not change status to EMAIL_LINK_CLICKED");
} }
// Display host information // Display host information
@@ -75,7 +75,7 @@ $ip = $_SERVER["REMOTE_ADDR"];
$query = "SELECT * FROM hosts WHERE hosts.email = '$email' OR hosts.email = '$email_padded'"; $query = "SELECT * FROM hosts WHERE hosts.email = '$email' OR hosts.email = '$email_padded'";
$result = mysqli_query($connection, $query); $result = mysqli_query($connection, $query);
if($result === FALSE) { if($result === FALSE) {
call412("5cb513b590ab5859bf7603b79402a5cb"); call412("5cb513b590ab5859bf7603b79402a5cb Could not find a host with email=\"$email\"");
} }
$db = mysqli_fetch_array($result, MYSQLI_ASSOC); $db = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ( empty($db) or empty( $db['hostid'] ) or empty( $db['host'] ) or empty( $db['email'] ) ) { if ( empty($db) or empty( $db['hostid'] ) or empty( $db['host'] ) or empty( $db['email'] ) ) {

2
hub/upload_confirm.php
View File

@@ -156,7 +156,7 @@ logextra( "license is a valid value" );
// TODO re-enable after we get a feel for the max length // TODO re-enable after we get a feel for the max length
// if ( empty($_POST["notes"]) or strlen($_POST["notes"]) > 100000 ) { // if ( empty($_POST["notes"]) or strlen($_POST["notes"]) > 100000 ) {
// naughty("5860799406a323209b902d5104fe7bae"); // naughty("5860799406a323209b902d5104fe7bae The shownotes are too long");
// } // }
// logextra( "Notes are less than max" ); // logextra( "Notes are less than max" );