HPR/hpr_hub
8
0
Fork 3
Code Issues 47 Pull Requests Packages Projects Releases Wiki Activity

Initial push of the dynamic code

Browse Source
This commit is contained in:
Ken Fallon
2023-07-02 16:47:44 +02:00
parent e2fec9f1f1
commit bbaa57bed9
22 changed files with 4042 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
hub/412.shtml Executable file
View File

@@ -0,0 +1,14 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Hacker Public Radio</title>
</head>
<body>
<h1>412 Precondition Failed</h1>
<p>
Interesting. <br />
Why not <a href="/calendar.php">record<a/> a show telling us about what you were trying to do ?
</p>
</body>
</html>

301
hub/calendar.php Normal file
View File

@@ -0,0 +1,301 @@
<?php
require "/home/hpr/php/include.php";
$pos = strpos($_SERVER['REQUEST_URI'], '?');
if ( ! $pos === false) {
header("Status: 412 Precondition Failed");
include '412.shtml';
file_put_contents($naughtyfile, getUserIP(), FILE_APPEND | LOCK_EX );
exit;
}
$body="give";
//$body="index_full";
include 'header.html';
// --------------------------------------------
// Clean up stale reservations
$ip = $_SERVER["REMOTE_ADDR"];
# Remove any stale requests.
# This should be enough to deter attackers while been short enough to allow real hosts to request a show.
$query_delete_old = "DELETE
FROM
reservations
WHERE
reservations.timestamp + INTERVAL 1 HOUR <= UTC_TIMESTAMP()
AND reservations.status = 'REQUEST_UNVERIFIED'";
$result_delete_old = @mysqli_query($connection, $query_delete_old);
logextra( "Deleting requests older than 1 hour" . $result_delete_old );
# Remove stale requests from this IP Address after 15 minutes.
# This should be enough to deter attackers while been short enough to allow real hosts to request a show.
$query_delete = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.timestamp + INTERVAL 15 MINUTE <= UTC_TIMESTAMP() AND reservations.status = 'REQUEST_UNVERIFIED'";
$result_delete = @mysqli_query($connection, $query_delete);
logextra( "Remove stale requests from this \"${ip}\" IP Address after 15 minutes. " . $result_delete_old );
// --------------------------------------------
// Get first free slot
$query = mysqli_query($connection, "
SELECT id + 1 FROM eps mo
WHERE NOT EXISTS
(
SELECT NULL
FROM eps mi
WHERE mi.id = mo.id + 1
)
ORDER BY
id
LIMIT 1");
$next_show_num_array = mysqli_fetch_row($query);
$next_show_num = $next_show_num_array[0];
print "<!-- next_show_num is $next_show_num -->\n";
// --------------------------------------------
// Get latest published show
$query = mysqli_query($connection, "SELECT max(date), max(id) from eps WHERE eps.date <= UTC_DATE()");
$current_episode_array = mysqli_fetch_row($query);
$current_episode_date = $current_episode_array[0];
$current_episode_number = $current_episode_array[1];
print "<!-- current_episode_date is $current_episode_date -->\n";
print "<!-- current_episode_number is $current_episode_number -->\n";
// --------------------------------------------
// Get highest scheduled or reserved show
$query = mysqli_query($connection, "SELECT MAX(id) FROM eps as maxid;");
$max_episode_array = mysqli_fetch_row($query);
$max_episode_number = $max_episode_array[0];
print "<!-- max_episode_number is $max_episode_number -->\n";
// --------------------------------------------
// Populate array with future shows and reservations
$show_array = array ();
// REQUEST_UNVERIFIED → SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET
$ep_retrieve = "SELECT hosts.host, eps.id, eps.title, eps.date FROM eps, hosts WHERE eps.valid=1 AND eps.hostid = hosts.hostid AND eps.date >= '$current_episode_date' ORDER BY date DESC";
$ep_retrieve = "SELECT
hosts.host,
eps.id,
eps.title,
eps.date,
COUNT( assets.extension) AS numfiles
FROM
eps
LEFT JOIN hosts ON eps.hostid = hosts.hostid
LEFT JOIN assets ON eps.id = assets.episode_id
WHERE
eps.valid = 1
AND eps.date >= '$current_episode_date'
GROUP BY eps.id;";
if ($result = mysqli_query($connection, $ep_retrieve)) {
while ($row = mysqli_fetch_array($result)) {
$id = $row['id'];
$date = $row['date'];
$title = $row['title'];
$host = $row['host'];
$numfiles = $row['numfiles'];
if( isset($numfiles) and $numfiles >= 3 ) {
$status = "Finished";
}
else {
$status = "Reserved";
}
$show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ),
"title" => $title,
"host" => $host,
"status" => $status
);
}
}
// REQUEST_UNVERIFIED → SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET
// Populate array with currently processing shows EMAIL_LINK_CLICKED
$ep_retrieve = "
SELECT
reservations.ep_num,
reservations.ep_date,
reservations.status
FROM
reservations
WHERE
reservations.verified = 1
AND reservations.ep_date >= '$current_episode_date'
ORDER BY
reservations.ep_date DESC";
if ($result = mysqli_query($connection, $ep_retrieve)) {
while ($row = mysqli_fetch_array($result)) {
$id = $row['ep_num'];
$date = $row['ep_date'];
$status = $row['status'];
$show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ),
"title" => $status,
"host" => "Unverified",
"status" => "Processing"
);
}
}
// Populate array with temporary reservations.
$ep_retrieve = "SELECT r.ep_num, r.ep_date, r.timestamp + INTERVAL 1 HOUR - UTC_TIMESTAMP() AS seconds_to_expiration FROM reservations r
WHERE r.timestamp + INTERVAL 1 HOUR > UTC_TIMESTAMP() AND r.verified =0 AND r.ep_date >= '$current_episode_date' ORDER BY r.ep_date DESC";
if ($result = mysqli_query($connection, $ep_retrieve)) {
while ($row = mysqli_fetch_array($result)) {
$id = $row['ep_num'];
$date = $row['ep_date'];
$seconds_to_expiration = $row['seconds_to_expiration'];
$minutes = floor($seconds_to_expiration / 60) + 1;
$show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ),
"title" => " Available again in $minutes minutes",
"host" => "Unverified",
"status" => "Locked"
);
}
}
$ep_retrieve = "SELECT
hosts.host,
eps.id,
eps.title,
eps.date
FROM
eps,
hosts,
assets
WHERE
eps.valid = 1
AND eps.hostid = hosts.hostid
AND eps.id = assets.episode_id
AND assets.extension = 'ogg'
AND eps.date >= '$current_episode_date'
ORDER BY
date DESC";
if ($result = mysqli_query($connection, $ep_retrieve)) {
while ($row = mysqli_fetch_array($result)) {
$id = $row['id'];
$date = $row['date'];
$title = $row['title'];
$host = $row['host'];
$show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ),
"title" => $title,
"host" => $host,
"status" => "Finished"
);
}
}
// --------------------------------------------
// Calculate the time to the next show
# aria-label=""
$next_show_date = date('Y-m-d', strtotime($show_array[$next_show_num - 1 ]["date"] . ' + 1 weekday'));
$days_to_wait = floor((strtotime($next_show_date) - strtotime(gmdate('Y-m-d')))/(60*60*24));
?>
<main id="maincontent">
<h1>Upload Your Show</h1>
<p>
The HPR Schedule is entirely community driven and we recommend that <strong>you</strong> decide when your show will be released.
</p>
<p>
There are only <strong><?php echo "${days_to_wait}"; ?></strong> days to wait until next free slot. Please consider <a aria-label="Help on Recording a podcast" href="<?php echo "${baseurl}about.html#recording_a_podcast"; ?>">recording</a> a show for us.
</p>
<ol>
<li>Review the updated <em><a aria-label="Learn the Stuff you need to know" href="<?php echo "${baseurl}about.html#agreement"; ?>">Stuff you need to know</a></em> page.</li>
<li>Select a date, or post to the reserve queue.</li>
<li>Click the link in the confirmation email</li>
<li>Then <a aria-label="Help on Adding an episode" href="<?php echo "${baseurl}about.html#adding_an_episode"; ?>">fill in a form</a>.</li>
</ol>
<h2 id="reserve_queue">Add to the Reserve Queue ?</h2>
<p>
<a aria-label="Post to the reserve queue" href="<?php echo "${hubBaseurl}"; ?>request.php?id=9999">Post your show to the <strong>reserve queue</strong></a> if you don't care when it will be released. <small><a aria-label="Help on the reserve queue" href="<?php echo "${baseurl}about.html#reserve_queue"; ?>">&#9432;</a></small>
</p>
<h2 id="current_schedule">Select a date in the current schedule ?</h2>
<p>
<strong>Schedule</strong> the release</a> day your show will be aired. <small><a aria-label="Help on the scheduling guidelines" href="<?php echo "${baseurl}about.html#scheduling_guidelines"; ?>">&#9432;</a></small>
</p>
<h3>Next Two Months <small><a aria-label="Help on the HPR processing workflow" href="<?php echo "${baseurl}about.html#workflow"; ?>">&#9432;</a></small></h3>
<?php
$sizeof_show_array = sizeof($show_array);
$this_episode_date = date('D Y-m-d', strtotime($current_episode_date));
$week_number = date('W', strtotime($this_episode_date));
for ( $slot = $current_episode_number; $slot < ( $current_episode_number + 60 ); $slot++ ) {
if ( !empty( $show_array[$slot] ) ) {
if ( $show_array[$slot]["status"] === "Finished" ) {
# https://hackerpublicradio.org/eps/hpr3879/index.html
# ${baseurl}/eps/hpr${slot}/index.html
echo "<span style=\"font-family:monospace;\">" . date('D Y-m-d', strtotime($show_array[$slot]["date"])) . ": <a aria-label=\"Go directly to the show hpr${slot}\" href=\"${baseurl}eps/hpr${slot}/index.html\">hpr${slot}</a></span> <strong>" . $show_array[$slot]["title"] . "</strong> by <em>" . $show_array[$slot]["host"] . "</em><br />\n";
}
else {
echo "<span style=\"font-family:monospace;\">${this_episode_date}: hpr${slot}</span> <strong>". $show_array[$slot]["status"]. ":</strong> <em>" . $show_array[$slot]["title"] . "</em>.<br />\n";
}
$sizeof_show_array--;
}
elseif ( empty( $show_array[$slot] ) ) {
echo "<span style=\"font-family:monospace;\">${this_episode_date}: <a aria-label=\"Upload to the slot hpr${slot}\" href=\"/request.php?id=${slot}\">hpr${slot}</span> is available - upload now</a>.<br />\n";
}
elseif ( $show_array[$slot]["valid"] == 0 ) {
echo "<span style=\"font-family:monospace;\">${this_episode_date}: hpr${slot}</span> <strong>Unavailable</strong>.<br />\n";
}
$this_episode_date = date('D Y-m-d', strtotime($this_episode_date . ' + 1 weekday'));
$new_week_number = date('W', strtotime($this_episode_date));
if ( $week_number != $new_week_number ) {
$week_number = $new_week_number;
echo "<span style=\"font-family:monospace;\">----------------- Week ${week_number} -----------------<br /></span>\n";
}
}
?>
<h3>Also Scheduled</h3>
<?php
$slot--;
while ( $slot <= $max_episode_number) {
// print "<!-- slot $slot, sizeof_show_array $sizeof_show_array, sizeof_reservation_array $sizeof_reservation_array, max_episode_number $max_episode_number -->\n" ;
if ( !empty( $show_array[$slot] ) ) {
if ( $show_array[$slot]["status"] === "Finished" ) {
echo "<span style=\"font-family:monospace;\">" . date('D Y-m-d', strtotime($show_array[$slot]["date"])) . ": <a aria-label=\"Go directly to the show hpr${slot}\" href=\"${baseurl}eps/hpr${slot}/index.html\">hpr${slot}</a></span> <strong>" . $show_array[$slot]["title"] . "</strong> by <em>" . $show_array[$slot]["host"] . "</em><br />\n";
}
else {
echo "<span style=\"font-family:monospace;\">" . date('D Y-m-d', strtotime($show_array[$slot]["date"])) . ": hpr${slot}</span> <strong>". $show_array[$slot]["status"]. ":</strong> <em>" . $show_array[$slot]["title"] . "</em>.<br />\n";
}
$sizeof_show_array--;
}
$slot++;
}
?>
<h3>Pick other dates</h3>
<p>
If you wish to pick an available slot in the next 12 months then go directly to the <a aria-label="Go to the request page" href="/request.php">request page</a>.
</p>
</main>
<?php
include 'footer.html';
?>

304
hub/comment_confirm.php Normal file
View File

@@ -0,0 +1,304 @@
<?php
# eps.php > comment_confirm.php > eps.php
require "/home/hpr/php/include.php";
$num_get_args = 0;
foreach($_GET as $k => $v) {
++$num_get_args;
}
if ( $num_get_args > 0 ){
# they didn't supply any arguments
naughty("9e756ee22b7cdcdb150a5baf167caa25 $num_get_args");
}
if ( empty($_POST["anti_spam_question"]) ) {
naughty("0601a23e358374c293b086bb75606cca");
}
if ( strlen($_POST["anti_spam_question"]) !== 6 ) {
naughty("6f51e6e7e6820b3fdda5d4ca0df14db1");
}
if (strcasecmp('public', $_POST["anti_spam_question"]) !== 0) {
naughty("6aef421ce05e3ac34f4cd91ae3248a45");
}
$comment_directory = "/home/hpr/comments";
if ( ! file_exists( $comment_directory ) ) {
# Looks like the comments directory has not been created
naughty("d5342ea497f701656433e81fb5eed064");
}
$unprocessed_comments = iterator_count(new FilesystemIterator("$comment_directory", FilesystemIterator::SKIP_DOTS));
if( $unprocessed_comments >= 10 ) {
# There has to be at least one comment here as they are calling the script, and too many is suspicious
naughty("093f42abee30e69e0e4d5125c70a0f7c");
}
# This is to prevent anything except hits from the web form.
# Anyone wanting to script uploads can do so via ftp
if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) {
naughty("87613fc139b251b673e1dd51e378e462");
}
if ( empty($_SERVER["REMOTE_ADDR"]) ) {
naughty("d7d0b6ab9689be244e1b6a8fbe6effba");
}
else {
$ip = $_SERVER["REMOTE_ADDR"];
}
if (count($_POST) !== 8) {
naughty("086fe155b0588de68fc5d9e4580254a8");
}
// Basic POST Checks
if ( empty($_POST["comment_author_name"]) or strlen($_POST["comment_author_name"]) > 40 or strtolower($_POST["comment_author_name"]) == "testdog" ) {
naughty("294356cd36d3f9b75da4d8c0a6108881");
}
$comment_author_name = json_encode( $_POST["comment_author_name"] );
if ( empty($_POST["comment_title"]) or strlen($_POST["comment_title"]) > 100 ) {
naughty("a89efb428cfe36996a65b371d5f4e303");
}
$comment_title = json_encode( $_POST["comment_title"] );
if ( empty($_POST["comment_text"]) or strlen($_POST["comment_text"]) > 2000 or strpos(strtolower($_POST["comment_text"]), "outlook.con") !== false ) {
naughty("cd57ab4d7b77a131ed3deb441bd93dcd");
}
$comment_text = json_encode( $_POST["comment_text"] );
if ( empty($_POST["spammer"]) or strcmp($_POST["spammer"], "No") !== 0 ) {
naughty("b2ec68bd04cee0f64143ce4827a97e7c");
}
# We check to see if the eps_id has been suplied, that it's a integer, and that it's in our range.
if (isset($_POST['eps_id'])){
$eps_id = intval( $_POST['eps_id'] );
$query = "SELECT COUNT(*) FROM eps WHERE id='$eps_id'";
$result = mysqli_query($connection, "$query");
$row = mysqli_fetch_array($result, MYSQLI_NUM);
$total = $row[0];
if ( !isset($result) or ( $total != 1 ) ) {
naughty("5348e3c2aee3644730c70d3f000bcb01");
}
mysqli_free_result($result);
$result = mysqli_query($connection, 'SELECT MAX(id) as max FROM eps;');
if (!isset($result)) {
naughty("f00fb1f47affc3286aadc15038cfd5d7");
}
while ($row = mysqli_fetch_array($result)) {
$max_eps = $row['max'];
}
mysqli_free_result($result);
}
else {
naughty("02c560adf1ff39b140fe8b7abe02fd31");
}
if ( intval($eps_id) <= 0 ){
naughty("2903eeac51bb479edb428ae3c896671c");
}
if ( intval($eps_id) > $max_eps ){
naughty("54aa65c12ba71f3dfc451ff5bc82c798");
}
if ( intval($eps_id) === 0 ) {
naughty("11fe1f9b76bf9f30e6a3a784832cb738");
}
else {
$eps_id = intval($eps_id);
}
# extra spam checks to see if they supplied the correct host id
$query = "SELECT hosts.host, eps.title, eps.summary, eps.date, eps.hostid, eps.series, miniseries.name, eps.explicit FROM eps, hosts, miniseries WHERE eps.id='$eps_id' AND eps.valid=1 AND eps.hostid = hosts.hostid AND eps.series = miniseries.id";
if ($result = mysqli_query($connection, $query)) {
while ($row = mysqli_fetch_array($result)) {
$host = $row['host'];
$title = $row['title'];
$summary = $row['summary'];
$ep_date = $row['date'];
$host_id = $row['hostid'];
$series_id = $row['series'];
$series_name = $row['name'];
$explicit = $row['explicit'];
}
}
else {
naughty("c34561d684ad97241c95a1287688638b");
}
mysqli_free_result($result);
if ( empty($_POST["hostid"]) or intval($_POST["hostid"]) != $host_id ) {
naughty("b4d71481b7055272728094292fd2a562");
}
if ( empty($_POST["justification"]) or strlen($_POST["justification"]) > 200 or strlen($_POST["justification"]) < 20) {
naughty("156d2d2d5780bd7f4a750f7c162b3394");
}
# Checks to see how old the show is
#$current_episode_number = GetLatestPublishedShow($connection);
list ($current_episode_date, $current_episode_number) = GetLatestPublishedShow($connection);
if ( ( $eps_id <= $current_episode_number ) and ( $eps_id >= ( $current_episode_number - 20 ) ) ) {
if ( strcmp($_POST["justification"], "No justification is asked for or required.") !== 0 ) {
naughty("9357d78bf73b03ee2dd902a4c975f91d");
}
else {
$justification = json_encode("Current Comment");
}
}
else {
if ( strcmp($_POST["justification"], "No justification is asked for or required.") === 0 ) {
print ">" . $_POST["justification"] ."< eps_id: $eps_id, current_episode_number: $current_episode_number, ";
naughty("df4af9bdd0302f672d6311c76bdc461a");
}
else {
$justification = json_encode( $_POST["justification"] );
}
}
if ( empty($_SERVER["REMOTE_ADDR"]) ) {
naughty("611144d4c0d575fffbf8f3ef11f8ad68");
}
else {
$ip = $_SERVER["REMOTE_ADDR"];
}
$comment_ip = json_encode( $ip );
// OK You convinced me.
$key = uniqid(md5(rand()));
$timestamp = time()+date("Z");
$timestamp = gmdate("Y-m-d\TH:i:s\Z",$timestamp);
$comment_file = "${comment_directory}/${timestamp}_${ip}_${key}.json";
$timestamp = json_encode($timestamp);
$comment_key = json_encode( $key );
if ( file_exists( $comment_file ) ) {
naughty("ef5d14b33b262bfbf5d40544fdeb9ec3");
}
$comment_data = "{
\"eps_id\": $eps_id,
\"ip\": \"$ip\",
\"comment_timestamp\": $timestamp,
\"comment_author_name\": $comment_author_name,
\"comment_title\": $comment_title,
\"comment_text\": $comment_text,
\"justification\": $justification,
\"key\": $comment_key
}";
file_put_contents($comment_file, $comment_data );
if ( filesize( $comment_file ) > 4000 ) {
naughty("56e00e793a27168511d1cfda11d3bc55");
}
// Mail the comment
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
use PHPMailer\PHPMailer\SMTP;
require_once('/home/hpr/php/PHPMailer/Exception.php');
require_once('/home/hpr/php/PHPMailer/PHPMailer.php');
require_once('/home/hpr/php/PHPMailer/SMTP.php');
date_default_timezone_set('Etc/UTC');
$mailer = new PHPMailer(true);
$mailer->isSMTP();
$mailer->Host = "$mailerHost";
$mailer->SMTPAuth = true;
$mailer->SMTPSecure = "ssl";
$mailer->Port = "465";
$mailer->Username = "$mailerUsername";
$mailer->Password = "$mailerPassword";
// Set up to, from, and the message body. The body doesn't have to be HTML; check the PHPMailer documentation for details.
$mailer->Sender = 'robot@hobbypublicradio.com';
$mailer->addReplyTo('admin@hackerpublicradio.org', 'HPR Admins');
$mailer->setFrom('robot@hobbypublicradio.com', 'HPR Robot');
$mailer->addBCC('admin@hackerpublicradio.org');
$mailer->addBCC('admin@hobbypublicradio.org');
$mailer->AddAddress('comments@hackerpublicradio.org');
$mailer->isHTML(false);
$mailer->Subject = "New Comment for show hpr${eps_id} on ${ep_date} ${key}";
$mailer->MsgHTML("<p>hpr${eps_id} on ${ep_date} by ${host} with the title <strong>${title}</strong> \"${summary}\"</p>
<p>
See attachment for the json comment file.
</p>
<p>
There are now " . ++$unprocessed_comments . " unprocessed comments.
</p>
<p>
Thanks,<br />
HPR Bot
</p>
<pre>" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "</pre>"
);
$mailer->AltBody = "hpr${eps_id} on ${ep_date} by ${host} with the title ${title} \"${summary}\"</p>
See attachment for the json comment file.
There are now ${unprocessed_comments} unprocessed comments.
Thanks,
HPR Bot
" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n";
$mailer->addAttachment($comment_file, "${key}.json", "base64", "application/json");
//send the message, check for errors
if (!$mailer->send()) {
echo 'Mailer Error: ' . $mailer->ErrorInfo;
}
$body="give";
//$body="index_full";
include 'header.html';
?>
<main id="maincontent">
<hr />
<article>
<header>
<h1>Thank you</h1>
</header>
<p>
Thank you for your comment. A moderator will get to your comment at some point.
</p>
<p>
Thanks,<br />
<br />
HPR Bot
</p>
<pre>
<pre>
<?php print date('Y-m-d\TH:i:s') . "\n" . getUserIP() . "\n" . $_SERVER["HTTP_USER_AGENT"]; ?>
</pre>
</article>
</main>
<?php
include 'footer.html';
logextra( "Finished comment_confirm.php");
?>

83
hub/footer.html Normal file
View File

@@ -0,0 +1,83 @@
<footer id="footer_page">
<h1 class="thick_bar"><span style="padding-left: 1em;">More Information...</span></h1>
<div id="more_info">
<nav class="column">
<h2>Ancestry</h2>
<ul>
<li><a href="https://audio.textfiles.com/shows/radiofreekamerica/">Radio Freek America</a></li>
<li><a href="https://audio.textfiles.com/shows/binrev/">BinRev Radio</a></li>
<li><a href="https://audio.textfiles.com/shows/infonomicon/">Infonomicon</a></li>
<li><a href="https://audio.textfiles.com/shows/twat/">Talk With a Techie</a></li>
</ul>
</nav>
<nav class="column">
<h2>Social</h2>
<ul>
<li><a href="https://hackerpublicradio.org/mailman/listinfo/hpr_hackerpublicradio.org" target="_blank">Maillist</a></li>
<li><a href="https://web.libera.chat/gamja/?channels=oggcastplanet" target="_blank">#oggcastplanet</a></li>
<li><a href="https://botsin.space/@hpr" target="_blank" rel="me">Mastodon</a></li>
<li><a href="https://twitter.com/HPR" target="_blank" rel="me">Twitter.com</a></li>
<li><a href="https://www.facebook.com/home.php?sk=group_130169220378872¬if_t=group_r2j" target="_blank">Facebook</a></li>
<li><a href="https://www.linkedin.com/groups/Hacker-Public-Radio-3737302" target="_blank">Linked-In</a></li>
<li><a href="https://itunes.apple.com/us/podcast/hacker-public-radio/id281699640" target="_blank">iTunes</a></li>
<li><a href="https://archive.org/details/hackerpublicradio">Archive.org</a></li>
<li><a href="https://podcasts.google.com/feed/aHR0cDovL2hhY2tlcnB1YmxpY3JhZGlvLm9yZy9ocHJfcnNzLnBocA">Google Podcasts</a></li>
<li><a href="https://player.fm/series/hacker-public-radio">PlayerFM</a></li>
<li><a href="https://open.spotify.com/show/7e2hYcnHj9vKgUzsIOf4r3">Spotify</a></li>
<li><a href="https://www.mixcloud.com/hackerpublicradio/">MixCloud</a></li>
</ul>
</nav>
<nav class="column">
<h2>Affiliates</h2>
<ul>
<li><a href="https://freeculturepodcasts.org/">Free Culture Podcasts</a></li>
<li><a href="https://www.hackradiolive.org/">Hack Radio Live</a></li>
<li><a href="https://www.binrev.com/">Binary Revolution</a></li>
<li><a href="https://hackermedia.org">Hackermedia</a></li>
<li><a href="https://www.packetsniffers.org/">Packetsniffers</a></li>
</ul>
</nav>
<nav class="column">
<h2>Commons</h2>
<ul>
<li><a href="https://archive.org/details/hackerpublicradio">archive.org</a></li>
<li><a href="https://cchits.net/">cchits.net</a></li>
<li><a href="https://freesound.org/">freesound.org</a></li>
<li><a href="https://librivox.org/">librivox.org</a></li>
<li><a href="https://freesvg.org/">freesvg.org/</a></li>
<li><a href="https://openfontlibrary.org/">openfontlibrary.org</a></li>
<li><a href="https://openstax.org">https://openstax.org</a></li>
<li><a href="https://maps.openrouteservice.org">openrouteservice.org/</a></li>
<li><a href="https://standardebooks.org/">https://standardebooks.org/</a></li>
</ul>
</nav>
<nav class="column">
<h2>Patrons</h2>
<ul>
<li><a href="https://anhonesthost.com/hosting/shared-hosting">AnHonestHost.com</a></li>
<li><a href="https://archive.org/donate/">Archive.org</a></li>
</ul>
</nav>
</div><!-- more_info -->
<h1 class="thick_bar"><span style="padding-left: 1em;">Copyright Information</span></h1>
<div id="copyright">
<p>
Unless otherwise stated, our shows are released under a Creative Commons <a rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/">
Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) </a> license.</p>
<p>
The <span property="dct:title">HPR Website Design</span> is released to the <a rel="license" href="https://creativecommons.org/publicdomain/mark/1.0/">Public Domain</a>.
</p>
<hr />
</div><!-- copyright -->
<hr />
</footer>
</div>
<!-- shadow -->
<?php
if ( $connection ) {
mysqli_close($connection);
}
?>
</body>
</html>

67
hub/header.html Normal file
View File

@@ -0,0 +1,67 @@
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Hacker Public Radio ~ The Technology Community Podcast</title>
<meta charset="utf-8" />
<meta http-equiv="X-Clacks-Overhead" content="GNU Terry Pratchett" />
<meta name="keywords" content="Technology, Tech News, Education, Training" />
<meta name="description" content="Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists." />
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- Internal CSS -->
<style type="text/css">
article, aside, dialog, figure, footer, header, hgroup, menu, nav, section {
display: block;
}
#list1, #list2, #list3 {
display:none;
}
</style>
<link rel="shortcut icon" href="https://hackerpublicradio.org/hpr.ico" >
<link rel="alternate" type="application/rss+xml" title="Hacker Public Radio Ogg Vorbis RSS" href="https://hackerpublicradio.org/hpr_ogg.rss" />
<link rel="alternate" type="application/rss+xml" title="Hacker Public Radio Speex RSS" href="https://hackerpublicradio.org/hpr_spx.rss" />
<link rel="alternate" type="application/rss+xml" title="Hacker Public Radio MP3 RSS" href="https://hackerpublicradio.org/hpr_mp3.rss" />
<link rel="alternate" type="application/rss+xml" title="Hacker Public Radio Comments RSS" href="https://hackerpublicradio.org/comments_rss.php" />
<link rel="license" title="cc by 3.0" href="https://creativecommons.org/licenses/by-sa/3.0/" />
<link href="css/hpr.css" rel="stylesheet" />
<!--[if IE]>
<link rel="stylesheet" href="css/hpr.css" media="screen" type="text/css" />
<script src="/JavaScript/html5.js"></script>
<![endif]-->
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.5, user-scalable=yes"/>
</head>
<body id="give">
<div id="container" class="shadow">
<header>
<a href=""><img id="hprlogo" src="/images/hpr_logo.png" alt=""></a>
<div id="hpr_banner">
<p id="accessible_menu">
<a href="https://hackerpublicradio.org/sitemap.html">Site Map</a>
- <a href="#maincontent">skip to main content</a>
</p>
<h1 id="sitename">
<a href="https://hackerpublicradio.org/correspondents/index.html">H</a>acker
<a href="https://hackerpublicradio.org/comments_viewer.html">P</a>ublic
<a href="https://hackerpublicradio.org/syndication.html">R</a>adio
</h1>
<h2>Your ideas, projects, opinions - podcasted.</h2>
<h3>New episodes Monday through Friday.</h3>
</div>
<hr />
<nav class="menu" role="navigation"> <ul>
<li><a href="https://hub.hackerpublicradio.org/calendar.php"><strong>⇧Upload⇧</strong></a></li>
<li><a href="https://hackerpublicradio.org/index.html"><strong>Home »</strong></a></li>
<li><a href="https://hackerpublicradio.org/syndication.html">Get Shows</a></li>
<li><a href="https://hackerpublicradio.org/contribute.html">Give Shows</a></li>
<li><a href="https://hackerpublicradio.org/help_out.html">Contribute</a></li>
<li><a href="https://hackerpublicradio.org/tags.html">Tags</a></li>
<li><a href="https://hackerpublicradio.org/about.html">About</a></li>
<li><a href="https://hackerpublicradio.org/search.html">Search</a></li>
</ul>
</nav>
</header>
<main id="maincontent">

3
hub/index.php Normal file
View File

@@ -0,0 +1,3 @@
<?php
header('location:https://hub.hackerpublicradio.org/calendar.php');
?>

209
hub/request.php Normal file
View File

@@ -0,0 +1,209 @@
<?php
# request.php > request_confirm.php > upload.php > upload_confirm.php
require "/home/hpr/php/include.php";
$ip = $_SERVER["REMOTE_ADDR"];
$key = uniqid(md5(rand()));
# Remove any stale requests.
# This should be enough to deter attackers while been short enough to allow real hosts to request a show.
$query_delete_old = "DELETE FROM reservations WHERE reservations.timestamp + INTERVAL 1 DAY <= UTC_TIMESTAMP() AND reservations.verified = 0";
$result_delete_old = @mysqli_query($connection, $query_delete_old);
# Remove stale requests from this IP Address after 15 minutes.
# This should be enough to deter attackers while been short enough to allow real hosts to request a show.
$query_delete = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.timestamp + INTERVAL 15 MINUTE <= UTC_TIMESTAMP() AND reservations.verified = 0";
$result_delete = @mysqli_query($connection, $query_delete);
# Check that this ip is not uploading in another session
$query_dupe = "SELECT COUNT(*), timestamp FROM `reservations` WHERE ip = '$ip' and verified = 0";
$result_dupe = mysqli_query($connection, "$query_dupe");
$row_dupe = mysqli_fetch_array($result_dupe, MYSQLI_NUM);
$num_from_this_ip = $row_dupe[0];
$show_timestamp = strtotime($row_dupe[1]);
if( !isset($row_dupe) or $num_from_this_ip != 0 ) {
header('Cache-Control: no-cache');
header('Pragma: no-cache');
header("Status: 412 Precondition Failed");
echo "<h1>Existing request detected: ";
$timestamp = time()+date("Z");
echo gmdate("Y-m-d\TH:i:s\Z",$timestamp);
echo "</h1>\n";
$localtime = date('l jS \of F Y h:i:s A', $show_timestamp);
echo "<p>It seems another request was made from this ip address\n (${ip}) on ${localtime}.</p>\n";
echo "<p>This lock is set for 15 minutes to deter attacks and will be released in about " . round(abs(16 - ( $timestamp - $show_timestamp ) / 60 ) ) . " minutes.</small></p>\n";
echo "<p>There are several reasons why you would see this page:</p>\n";
echo "<ul>";
echo "<li>You already made a request for a show.\n
<ul>\n
<li>Check your email inbox and <strong>spam</strong> folder to see if the message has arrived.<br />\n
We have had reports that sometimes gmail and hotmail consider the messages as spam. <br />\n
We recommend <a href=\"https://onlinegroups.net/blog/2014/02/25/how-to-whitelist-an-email-address\" target=\"_blank\">white listing</a> the email address <strong>robot@hackerpublicradio.org</strong>\n
</li>\n
<li>You may have typed the address into the browser and it \"autofilled\" this old address</li>\n
<li>You are using an old version of the <a href=\"${hubBaseurl}calendar.php\">calendar</a> page. Press F5 in the <a href=\"${hubBaseurl}calendar.php\">calendar</a> page to refresh.</li>\n
</ul>\n
</li>\n";
echo "<li>The show has already been allocated to another host. </li>\n";
echo "</ul>\n";
echo "</p>\n";
echo "<p>Return to the <a href=\"${hubBaseurl}calendar.php\">calendar</a> page.</p>\n";
echo "<!-- If you are attacking us why not record a show telling us about what you were trying to do :) -->\n";
echo "<hr />\n";
echo "<p>If you are having issues please send the following information to admin @ HPR to assist in troubleshooting the issue:</p>\n";
echo "<pre>\n";
echo "${timestamp}\n";
echo "${show_timestamp}\n";
$agent = $_SERVER['HTTP_USER_AGENT'];
$uri = $_SERVER['REQUEST_URI'];
print "${ip}\n";
print "${agent}\n";
print "${uri}\n";
echo "</pre>\n";
echo "<hr />\n";
file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t" . getUserIPAdress() . "\tExisting Request\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n" , FILE_APPEND | LOCK_EX );
exit;
}
# Create a temporary entry for this host.
$query_add = "INSERT INTO reservations VALUES ('$ip', UTC_TIMESTAMP(), '$key', '0', '1970-01-01', 'none@example.com', '0', 'REQUEST_UNVERIFIED' )";
$result = mysqli_query($connection, $query_add ) or die(mysqli_error());
# Check to see if we're under attack
$query = "SELECT COUNT(*) as total FROM `reservations` WHERE ep_num = 0";
$result = mysqli_query($connection, "$query");
$row = mysqli_fetch_array($result, MYSQLI_NUM);
$total = $row[0];
if( !isset($total) or $total > 150 ) {
header("Status: 412 Precondition Failed");
echo "<h1>Suspicious activity detected</h1>";
echo "<p>$total Uploads have temporarily been suspended due to suspicious activity.<br/>
If you are attacking us why not record a show telling us about what you were trying to do ?</p>";
echo "<p>While these people have their fun, can we ask you to send your show another way.<br />
Contact admin @ HPR for more information.</p>";
exit;
}
// Populate the list of posted shows
$show_array = array ();
$ep_retrieve = "(SELECT `id`, `date` FROM eps ) UNION (SELECT `ep_num` AS id, `ep_date` AS date FROM reservations WHERE `ep_num` >0) order by id";
if ($result = mysqli_query($connection, $ep_retrieve)) {
while ($row = mysqli_fetch_array($result)) {
$rowid = $row['id'];
$date = $row['date'];
$show_array[$rowid] = date('Y-m-d', strtotime($date) ) ;
}
}
/*
Entry is either to the page or with the id variable set (default selected)
*/
if (isset($_GET['id'])){
$id = $_GET['id'];
$id = intval($id);
$num_get_args=0;
foreach($_GET as $k => $v) {
++$num_get_args;
}
if ( strval( intval( $id ) ) != strval( $id ) ) {
naughty("e015b7c89da03385a9156d3e5d2eb25d");
}
if ( intval( $id ) <= 0 ) {
naughty("1493a07dec01a006d11bf43d2f17e5aa");
}
if ( $num_get_args > 2 ) {
naughty("79543dbb498ec47404aaed4d56bdc22b");
}
if ( intval($id) > 9999 ) {
naughty("f1f531c768f64404cb00437254b06d71");
}
if ( $id != 9999 ) {
if ( isset( $show_array[$id] ) ) {
naughty("2227263ac7171aca3214d155dec539ad");
}
}
}
else {
$id = "";
}
$query = mysqli_query($connection, "SELECT id, date FROM eps mo
WHERE NOT EXISTS
(
SELECT NULL
FROM eps mi
WHERE mi.id = mo.id + 1
)
ORDER BY
id
LIMIT 1");
$next_show_num_array = mysqli_fetch_row($query);
$next_show_num = $next_show_num_array[0] + 1;
$next_show_date = date('Y-m-d', strtotime($next_show_num_array[1] . ' + 1 weekday'));
$body="give";
//$body="index_full";
include 'header.html';
?>
<main id="maincontent">
<h1>Requesting a slot for your show.</h1>
<p>Please select your desired slot, and enter a valid email address.<br />
See our <a aria-label="Help on adding an episode" href="<?php echo "${baseurl}about.html#adding_an_episode"; ?>">help page</a> for more information</a>
</p>
<form method="POST" action="request_confirm.php">
<table>
<tr>
<td>Slot:</td>
<td>
<?php
echo "<select name=\"ep_num_date\">\n";
$this_episode_date = $next_show_date;
if ( $id == 9999 ) {
echo "<option value=\"9999_1970-01-01\" selected>Reserve Queue.</option>\n";
}
else {
echo "<option value=\"9999_1970-01-01\">Reserve Queue.</option>\n";
}
for ( $slot = $next_show_num; $slot<($next_show_num+365); $slot++ ) {
if (empty($show_array[$slot])) {
if ( $slot == $id ) {
echo "<option value=\"${slot}_${this_episode_date}\" selected>hpr${slot} " . date('Y-m-d D', strtotime($this_episode_date) ) . "</option>\n";
}
else {
}
echo "<option value=\"${slot}_${this_episode_date}\">hpr${slot} " . date('Y-m-d D', strtotime($this_episode_date) ) . "</option>\n";
}
$this_episode_date = date('Y-m-d', strtotime($this_episode_date . ' + 1 weekday'));
}
echo "</select>";
if ( ( $slot < $id ) AND ( $id != 9999 ) ) {
echo "<br />\n<span id=\"small\">Unfortunately it is not possible to schedule episode $id. Please select another slot or contact admin@hackerpublicradio.org for more assistance.</span>\n";
}
?>
</td>
</tr>
<tr>
<td>E-mail:</td>
<td><input required type="email" name="email" placeholder="To send you the upload link"></td>
</tr>
</table>
<p><em>You must have your audio recording ready to upload <a aria-label="Help on the reserving a slot" href="<?php echo "${baseurl}about.html#reserving"; ?>"><strong>before</strong> you pick a slot</a>.</em></p>
<input type="submit" value="Next">
</form>
<p>
We will send you an email with a link to where you can upload your show.
</p>
</main>
<?php
include 'footer.html';
?>

331
hub/request_confirm.php Normal file
View File

@@ -0,0 +1,331 @@
<?php
# request.php > request_confirm.php > upload.php > upload_confirm.php
require "/home/hpr/php/include.php";
$query = "SELECT COUNT(*) as total FROM `reservations` WHERE ep_num = 0";
$result = mysqli_query($connection, "$query");
$row = mysqli_fetch_array($result, MYSQLI_NUM);
$total = $row[0];
if(!isset($total) or $total > 150 ) {
# This seems to indicate that we are under an attack as we never get 5 shows in the one day from different hosts.
# A host doing bulk upload will need to do them one by one
naughty("5971624889258aefb44e5f7bf8dffbd4");
}
# This is to prevent anything except hits from the web form.
if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) {
naughty("19e9019c9615f755aec834000892ee9e");
}
if ( empty($_SERVER["REMOTE_ADDR"]) ) {
naughty("9bb147a251e8db132dafa93d98f8487f");
}
else {
$ip = $_SERVER["REMOTE_ADDR"];
}
if (count($_POST) !== 2) {
naughty("02de1aef3b9490a417c39170d8f06028");
}
# This will check to see if there are any existing requests from this ip address
$query = "SELECT * FROM reservations WHERE ip = '$ip' and `status` = 'REQUEST_UNVERIFIED' and `verified` = 0";
$result = @mysqli_query($connection, $query);
$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ( empty($db["ip"]) ) {
# the request did not come via the web form
naughty("2162941738512bfdb1d21f288ee7cdb4");
}
if ( strtotime($db['timestamp']) >= $_SERVER["REQUEST_TIME"] ) {
# they are playing with the database or time settings
naughty("f0ad965f523b5c2ade071eb20d3618b5");
}
if ( strtotime($db['timestamp']) >= ( $_SERVER["REQUEST_TIME"] ) + 1800 ) {
# There is too long a time entering the form
naughty("6570026fd11fc31ac0cada3e1dae4d0b");
}
// Basic POST Checks
if ( empty($_POST["ep_num_date"]) or strlen($_POST["ep_num_date"]) !== 15 ) {
naughty("a32fbe5f0494eb7f34034b164739314d");
}
if ( empty($_POST["email"]) ) {
naughty("76eaa1a1556faeadfc14631c35b8590a");
}
// Getting to the keep section
if ( filter_var($_POST["email"], FILTER_VALIDATE_EMAIL) === false ) {
naughty("8c307efe37146015a35e2d928c2c0f69");
}
else {
$email = htmlspecialchars(filter_var($_POST["email"], FILTER_VALIDATE_EMAIL));
}
if ( strpos($_POST["ep_num_date"], '_') !== 4 or strpos($_POST["ep_num_date"], '-') !== 9 or strpos($_POST["ep_num_date"], '-', 10 ) !== 12 ) {
naughty("705f8e26e42a90b31075a110674b19ee");
}
if ( !preg_match("/^\d{4}_\d{4}-\d{2}-\d{2}$/", $_POST["ep_num_date"]) ) {
naughty("ad7f805c2f42be77122ec52f114fe318");
}
else {
list($ep_num, $ep_date) = explode('_', $_POST["ep_num_date"]);;
}
if ( intval($ep_num) === 0 ) {
naughty("9424f7407b2fb83407760ad763286b53");
}
else {
$ep_num = intval($ep_num);
}
if ( strtotime($ep_date) === false ) {
naughty("59c7bff340d023773d987d71df545110");
}
else {
$ep_date_epoch = strtotime($ep_date);
}
$show_array = array ();
$query = "SELECT (
SELECT max( id )
FROM eps
WHERE eps.date <= UTC_DATE( )
) AS current_ep_num, (
SELECT max( date )
FROM eps
WHERE eps.date <= UTC_DATE( )
) AS current_ep_date, (
SELECT id
FROM eps
WHERE id = ${ep_num}
) AS valid
";
$result = mysqli_query($connection, "$query");
$row = mysqli_fetch_array($result, MYSQLI_NUM);
$current_ep_num = $row[0];
$next_year_ep_num = $current_ep_num+365;
$current_ep_date = $row[1];
$current_ep_date_epoch = strtotime($current_ep_date);
$next_year_ep_date = strtotime(date("Y-m-d", time()) . " + 365 day" );
if ( $ep_num == $row[2] or !empty($row[2]) ) {
naughty("$ep_num == $row[2] or !empty($row[2]) 47d186ad8d5b21ec7d455477ea08b023");
}
if ( $ep_num != 9999 ) {
if ( ( $ep_num <= $current_ep_num ) OR ( $ep_num > $next_year_ep_num ) ) {
naughty("7304801e8ce3b9096d28dbe1a0faa642 $ep_num <= $current_ep_num or $ep_num > $next_year_ep_num");
}
if ( $ep_date_epoch < $current_ep_date_epoch or $ep_date_epoch > $next_year_ep_date ) {
naughty("34c4259b45927da50ba5c49970f880a4");
}
for ($slot=$current_ep_num; $slot < $next_year_ep_num; $slot++) {
$shows_slot_date[ "${slot}"] = $current_ep_date;
$shows_date_slot[ "$current_ep_date" ] = $slot;
$current_ep_date = date('Y-m-d', strtotime($current_ep_date . ' + 1 weekday'));
}
if ( empty($shows_slot_date["$ep_num"]) or empty($shows_date_slot["$ep_date"]) ) {
naughty("d0e113355b35f96945124d8e507759a0");
}
if ( $ep_date !== $shows_slot_date["$ep_num"] or $ep_num !== $shows_date_slot["$ep_date"] ) {
naughty("434cb53552ce1e2708e74a42f438028c");
}
} // End of bypass checks
// OK You convinced me.
$db_ip = $db['ip'];
$db_timestamp = $db['timestamp'];
$db_key = $db['key'];
# UPDATE reservations SET `ep_num` = '3203', `ep_date` = '2020-11-11', `email` = 'admin@hackerpublicradio.org', `verified` = '0' WHERE `ip` = '62.251.25.147' AND `timestamp` = '2020-08-20 10:55:44' AND `key` = '20ca69e4d9097d1623399c7b85fc8f475f3e56b01a289' AND `status` = 'REQUEST_EMAIL_SENT'
$email_padded = formatemail($email);
$query = "UPDATE reservations SET `ep_num` = '$ep_num', `ep_date` = '$ep_date', `email` = '$email_padded', `verified` = '0', `status` = 'REQUEST_EMAIL_SENT' WHERE `ip` = '$db_ip' AND `timestamp` = '$db_timestamp' AND `key` = '$db_key'";
$result = mysqli_query($connection, $query );
if(!isset($result)) {
naughty("c7405e79b54f582e8db46c69ec4b0f24");
}
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
use PHPMailer\PHPMailer\SMTP;
require_once('/home/hpr/php/PHPMailer/Exception.php');
require_once('/home/hpr/php/PHPMailer/PHPMailer.php');
require_once('/home/hpr/php/PHPMailer/SMTP.php');
date_default_timezone_set('Etc/UTC');
$mailer = new PHPMailer(true);
$mailer->isSMTP();
$mailer->Host = "$mailerHost";
$mailer->SMTPAuth = true;
$mailer->SMTPSecure = "ssl";
$mailer->Port = "465";
$mailer->Username = "$mailerUsername";
$mailer->Password = "$mailerPassword";
// Set up to, from, and the message body. The body doesn't have to be HTML; check the PHPMailer documentation for details.
$mailer->Sender = 'robot@hobbypublicradio.com';
$mailer->addReplyTo('admin@hackerpublicradio.org', 'HPR Admins');
$mailer->setFrom('robot@hobbypublicradio.com', 'HPR Robot');
$mailer->addBCC('admin@hackerpublicradio.org');
$mailer->addBCC('admin@hobbypublicradio.org');
$mailer->addAddress("$email");
if ( $ep_num == 9999 ) {
$mailer->Subject = "Confirmation of request to submit to the reserve queue";
$mailer->MsgHTML("<p>This email is an automatic reply to a request to submit to the reserve queue on the longest running Community Podcast.<br />
<em>If you have not made this request then please ignore this email.</em>
</p>
<p>
To confirm your request please confirm by copying and pasting the following link into your browser<br />
<a href=\"${hubBaseurl}/upload.php?key=${db_key}\">${hubBaseurl}/upload.php?key=${db_key}</a>
</p>
<p>
You have 15 minutes to open this link or your show will automatically be deleted so that the slot can become available to another host. Once you open the link, you have a maximum of 4 Hours to fill in the information.
</p>
<p>
The upload form works on the assumption you will be posting one show at a time, from the same IP address.
</p>
<p>
Please keep this key private.
</p>
<p>
Thanks,<br />
HPR Bot
</p>
<pre>" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $db_key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "</pre>"
);
$mailer->AltBody = "This email is an automatic reply to a request to submit to the reserve queue on the longest running Community Podcast.
If you have not made this request then please ignore this email.
To confirm your request please confirm by copying and pasting the following link into your browser
${hubBaseurl}/upload.php?key=${db_key}
You have 15 minutes to open this link or your show will automatically be deleted so that the slot can become available to another host. Once you open the link, you have a maximum of 4 Hours to fill in the information.
The upload form works on the assumption you will be posting one show at a time, from the same IP address.
Please keep this key private.
Thanks,
HPR Bot
" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $db_key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n";
}
else {
$mailer->Subject = "Confirmation of request to reserve hpr${ep_num} on ${ep_date}";
$mailer->MsgHTML("<p>This email is an automatic reply to a request to reserve a podcast slot hpr${ep_num} on ${ep_date} on the longest running Community Podcast.<br />
<em>If you have not made this request then please ignore this email.</em>
</p>
<p>
To confirm your request please confirm by copying and pasting the following link into your browser<br />
<a href=\"${hubBaseurl}/upload.php?key=${db_key}\">${hubBaseurl}/upload.php?key=${db_key}</a>
</p>
<p>
You have 15 minutes to open this link or your show will automatically be deleted so that the slot can become available to another host. Once you open the link, you have a maximum of 4 Hours to fill in the information.
</p>
<p>
The upload form works on the assumption you will be posting one show at a time, from the same IP address.
</p>
<p>
Please keep this key private.
</p>
<p>
Thanks,<br />
HPR Bot
</p>
<pre>" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $db_key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "</pre>"
);
$mailer->AltBody = "This email is an automatic reply to a request to reserve a podcast slot hpr${ep_num} on ${ep_date} on the longest running Community Podcast.
If you have not made this request then please ignore this email.
To confirm your request please confirm by copying and pasting the following link into your browser
${hubBaseurl}/upload.php?key=${db_key}
You have 15 minutes to open this link or your show will automatically be deleted so that the slot can become available to another host. Once you open the link, you have a maximum of 4 Hours to fill in the information.
The upload form works on the assumption you will be posting one show at a time, from the same IP address.
Please keep this key private.
Thanks,
HPR Bot
" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $db_key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n";
}
$mailer->isHTML(false);
// Set up our connection information.
//$mailer->IsSMTP();
// All done!
//print "We are experiencing issues with the upload process. Please try again tomorrow. <br />\n";
//send the message, check for errors
if (!$mailer->send()) {
echo 'Mailer Error: ' . $mailer->ErrorInfo;
}
$body="give";
//$body="index_full";
include 'header.html';
?>
<main id="maincontent">
<hr />
<article>
<header>
<h1>Thank you</h1>
</header>
<p>
Thank you for your submission. A confirmation email has been sent to <em><?php echo $email; ?></em>. Please copy and paste the link into your browser to confirm your email address, and upload your show media.
</p>
<p>You need to <em>open</em> the link within <strong>15 minutes</strong> or the temporary lock will be released. Once you open the link, you can fill in the information at your leisure.</p>
<p>The email is sent from the address <strong>robot@hobbypublicradio.com</strong>, and should be in your inbox by the time you read this.</p>
<p>If it is not there by now, then please <strong>spam</strong> folder. We have had reports that sometimes gmail and hotmail consider the messages as spam. Please consider <a href="https://onlinegroups.net/blog/2014/02/25/how-to-whitelist-an-email-address/" target="_blank">whitelisting</a> the email address <em>robot@hobbypublicradio.com</em>.</p>
<p>
<img src="images/gmail-spam.png" alt="gmail is blocking us" />
</p>
<p>Return to the <strong><a href="/calendar.php">calendar</a></strong> page.</p>
<p>
Thanks,<br />
<br />
HPR Bot
</p>
<pre>
<pre>
<?php print date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $db_key . "\t" . $_SERVER["HTTP_USER_AGENT"]; ?>
</pre>
</article>
</main>
<?php
include 'footer.html';
?>

297
hub/upload.php Normal file
View File

@@ -0,0 +1,297 @@
<?php
# request.php > request_confirm.php > upload.php > upload_confirm.php
require "/home/hpr/php/include.php";
if ( $_SERVER['REQUEST_METHOD'] !== 'GET' and empty($_SERVER["REMOTE_ADDR"]) and count($_GET) !== 1 ) {
call412("9a77e4ab24410cbf68a3a05ba97221e4");
}
if ( isset( $_GET['key'] ) and strlen( $_GET['key'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) === 45 and ctype_xdigit( $_GET['key'] ) ) {
$key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) );
}
else {
if ( isset( $_GET['delete'] ) and strlen( $_GET['delete'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['delete'] ) ) ) ) === 45 and ctype_xdigit( $_GET['delete'] ) ) {
$key = htmlspecialchars( stripslashes( strip_tags( $_GET['delete'] ) ) );
}
else {
call412("e8ac90fc2a8996e5fb7a83e73e636e80");
}
}
$ip = $_SERVER["REMOTE_ADDR"];
$query = "select * FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$key' ";
$result = mysqli_query($connection, $query);
if($result === FALSE) {
call412("91432866e3c9c36a9c4884345d578761");
}
$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ( empty($db) or empty( $db['timestamp'] ) or empty( $db['key'] ) or empty( $db['ep_num'] ) or empty( $db['ep_date'] ) or empty( $db['email'] ) ) {
call412("b019bd29c1fe5b756e4b620a5428f730");
}
else {
$db_timestamp = $db['timestamp'];
$db_key = $db['key'];
$email_padded = formatemail($db['email']);
$email = unformatemail($db['email']);
$ep_num = $db['ep_num'];
$ep_date = $db['ep_date'];
$db_ip = $db['ip'];
}
// User selects delete
if ( isset( $_GET['delete'] ) ) {
$query = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$key' ";
$result = mysqli_query($connection, $query);
if($result === FALSE) {
call412("35a7f4e80ecba8284049e9d6261ae523");
}
else {
header( "Location: https://" . $_SERVER['SERVER_NAME'] . "/calendar.php" ) ;
$dir_structure = "/home/hpr/upload/" . strtotime($db_timestamp) . "_${ep_num}_${ep_date}_${db_key}/";
rrmdir("$dir_structure");
exit;
}
}
// Set the show to verified so that we can remove the temporary lock
$status = strtotime("now") . ".EMAIL_LINK_CLICKED." . date('Y-m-d\TH:i:s\Z');
$query = "UPDATE reservations SET `verified` = '1', `status` = 'EMAIL_LINK_CLICKED' WHERE `ip` = '$db_ip' AND `timestamp` = '$db_timestamp' AND `key` = '$db_key'";
$result = mysqli_query($connection, $query );
if(!isset($result)) {
naughty("c7405e79b54f582e8db46c69ec4b0f24");
}
// Display host information
/*
*/
$ip = $_SERVER["REMOTE_ADDR"];
# TODO need to add the email for new hosts
$query = "SELECT * FROM hosts WHERE hosts.email = '$email' OR hosts.email = '$email_padded'";
$result = mysqli_query($connection, $query);
if($result === FALSE) {
call412("5cb513b590ab5859bf7603b79402a5cb");
}
$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ( empty($db) or empty( $db['hostid'] ) or empty( $db['host'] ) or empty( $db['email'] ) ) {
$hostid = "0";
$host = "";
$profile = "";
$license = "CC-BY-SA";
$local_image = 0;
$status = "Please fill in some information about yourself.";
}
else {
$hostid = $db['hostid'];
$host = $db['host'];
$profile = $db['profile'];
$license = $db['license'];
$local_image = $db['local_image'];
$email_padded = formatemail($db['email']);
$email = unformatemail($db['email']);
$status = "Please confirm or change the following information about yourself.";
}
$image_url = "./images/hosts/${hostid}.png";
if ( !file_exists( $image_url )) {
$image_url = 'https://secure.gravatar.com/avatar/' . md5($email) . '.png&d=404';
}
// Main
$body="give";
//$body="index_full";
include 'header.html';
?>
<main id="maincontent">
<hr />
<?php
if ( $ep_num == 9999 ) {
echo "<h1>Uploading to the Reserve Queue.</h1>\n";
}
else {
echo "<h1>Uploading hpr${ep_num} for release on ${ep_date}</h1>\n";
}
?>
<p>
You can fill in information about yourself and your show below. Please see the <a href="request_a_slot.php">help</a> page for more information.
</p>
<h2><?php echo $status ?></h2>
<form method="POST" action="upload_confirm.php" enctype="multipart/form-data">
<table>
<tr>
<td>Host Email (<a href="/request_a_slot.php#email" target="_blank">?</a>):</td>
<td><?php echo $email;?></td>
</tr>
<tr>
<td style="vertical-align:top;">Image: (<a href="/request_a_slot.php#image" target="_blank">?</a>)</td>
<td>
<?php
echo "<img src=\"$image_url\" alt=\"host image\" /><br /><small><em>";
if ( $local_image === 1 ) {
echo "Image previously uploaded";
}
else {
echo "Image sourced from <a href=\"https://secure.gravatar.com\">gravatar</a>";
}
?>
</em></small><br />
Upload your photo/avatar here: <input type="file" name="host_photo" id="photo">
</td>
</tr>
<tr>
<td><strong>Name/Handle: (<a href="/request_a_slot.php#Name_Handle" target="_blank">?</a>)</strong></td>
<td><input required type="text" name="host_name" size="40" maxlength="40" placeholder="Enter the name you wish to be know as on HPR" value="<?php echo $host?>"></td>
</tr>
<tr>
<td><strong>Your Default license: (<a href="/request_a_slot.php#Default_license" target="_blank">?</a>)</strong></td>
<td>
<select name="host_license">
<option value="CC-0" <?php if($license == "CC-0") echo "selected"; ?>>CC-Zero/Public Domain (CC-0)
<option value="CC-BY" <?php if($license == "CC-BY") echo "selected"; ?>>Attribution (CC-BY)
<option value="CC-BY-SA" <?php if($license == "CC-BY-SA") echo "selected"; ?>>Attribution-ShareAlike (CC-BY-SA)
<option value="CC-BY-ND" <?php if($license == "CC-BY-ND") echo "selected"; ?>>Attribution-NoDerivs (CC-BY-ND)
<option value="CC-BY-NC" <?php if($license == "CC-BY-NC") echo "selected"; ?>>Attribution-NonCommercial (CC-BY-NC)
<option value="CC-BY-NC-SA" <?php if($license == "CC-BY-NC-SA") echo "selected"; ?>>Attribution-NonCommercial-ShareAlike (CC-BY-NC-SA)
<option value="CC-BY-NC-ND" <?php if($license == "CC-BY-NC-ND") echo "selected"; ?>>Attribution-NonCommercial-NoDerivs (CC-BY-NC-ND)
</select>
</td>
</tr>
<tr>
<td style="vertical-align:top;">Profile: (<a href="/request_a_slot.php#Profile" target="_blank">?</a>)</td>
<!-- TODO https://xing.github.io/wysihtml5/ -->
<td><textarea name="host_profile" maxlength="2000" rows="10" cols="50" placeholder="Enter some text about yourself with links to your blog or other online presence."><?php echo htmlspecialchars($profile) ?></textarea></td>
</tr>
</table>
<h2>Please fill in some information about this episode</h2>
<table>
<tr>
<td><strong>Title(*) (<a href="/request_a_slot.php#Title" target="_blank">?</a>):</strong></td>
<td><input required type="text" name="title" size="50" maxlength="100" placeholder="Enter a short descriptive title for your show."></td>
</tr>
<tr>
<td><strong>Summary(*) (<a href="/request_a_slot.php#Short_Summary" target="_blank">?</a>):</strong></td>
<td><input required type="text" name="summary" size="70" maxlength="100" placeholder="This is a short 100 character summary of what your show is about."></td>
</tr>
<tr>
<td style="vertical-align:top;"><strong>Theme: (<a href="/request_a_slot.php#Theme" target="_blank">?</a>)</strong></td>
<td>
Please <strong>do not</strong> add a theme to your show: <small>See <a href="http://hackerpublicradio.org/pipermail/hpr_hackerpublicradio.org/2021-November/015100.html">Policy Decision</a> for more information.</small><br />
</td>
</tr>
<tr>
<td><strong>Explicit: (<a href="/request_a_slot.php#Explicit" target="_blank">?</a>)</strong></td>
<td>
Is the show <em>Explicit</em> ?:
<input required type="radio" name="explicit" value="Yes">Yes
<input type="radio" name="explicit" value="Clean">No.
<small>If in doubt please select <strong>Yes</strong>. See <a href="https://www.apple.com/uk/itunes/podcasts/specs.html#submitting">iTunes</a> for more information.</small>
</td>
</tr>
<tr>
<td><strong>License: (<a href="/request_a_slot.php#License" target="_blank">?</a>)</strong></td>
<td>
<select name="license">
<option value="CC-BY-SA" selected>CC-BY-SA</option>
<option value="CC-BY-NC-SA" >CC-BY-NC-SA</option>
<option value="CC-BY-NC-ND" >CC-BY-NC-ND</option>
<option value="CC-0" >CC-0</option>
<option value="CC-BY-NC" >CC-BY-NC</option>
<option value="CC-BY" >CC-BY</option>
<option value="Other" >Other</option>
</select>
<small>See <a href="https://creativecommons.org/licenses/">https://creativecommons.org/licenses/</a> for more information.</small>
</td>
</tr>
<tr>
<td><strong>Notes(*) (<a href="/request_a_slot.php#show_notes" target="_blank">?</a>):</strong></td>
<td><textarea required name="notes" maxlength="40000" rows="20" cols="70" placeholder="Please add your show notes here." ></textarea></td>
</tr>
<tr>
<td>Format: (<a href="/request_a_slot.php#shownotes_format" target="_blank">?</a>)</td>
<td>
<small>What format if any did you just use in the show notes above ?</small><br />
<select name="shownotes_format">
<option value="plain_text" selected>Plain text</option>
<option value="html5">HTML5 (Preferred)</option>
<option value="Markdown_GitHub">Markdown (GitHub flavoured)</option>
<option value="Markdown_Pandoc">Markdown (Pandoc flavoured)</option>
<option value="restructured_text">RestructuredText</option>
<option value="txt2tags">txt2tags</option>
</select>
</td>
</tr>
<tr>
<td>Series: (<a href="/request_a_slot.php#series" target="_blank">?</a>)</td>
<td>
<?php
$result = mysqli_query($connection, "SELECT id, name FROM miniseries WHERE private=0 ORDER BY name ASC");
echo "<select name=\"series\"><option value=\"0\" selected>none</option>";
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
printf("<option value=\"{$row['id']}\">{$row['name']}</option>");
}
mysqli_free_result($result);
?>
</select>
</td>
</tr>
<tr>
<td>Tags: (<a href="/request_a_slot.php#tags" target="_blank">?</a>)</td>
<td><input required type="text" name="tags" size="70" maxlength="100" placeholder="Add a list of comma separated tags." /><br />
Add a list of <strong>comma separated</strong> tags.<br />
If you can provide tags for your show that would be appreciated; you are certainly the best judge of what makes good tags, but if not then a volunteer will add them later.
</td>
</tr>
<tr>
<td style="vertical-align:top;"><strong>Upload Method: (<a href="/request_a_slot.php#upload_method" target="_blank">?</a>)</strong></td>
<td>
<em>You have the choice of the following upload options:</em> <br />
<p>
<strong>1. Upload now</strong> via this browser: (<a href="/request_a_slot.php#browser" target="_blank">?</a>)<br />
<input type="file" multiple="multiple" name="media_files[]" title="select if using the http upload option" />
</p>
<p>
<strong>2. Provide a url</strong> for us to get it from: (<a href="/request_a_slot.php#url" target="_blank">?</a>)<br />
<input type="url" size="30" name="url" placeholder="https://example.com/hpr9999.flac">
</p>
<p>
<strong>3. Upload via an alternative method</strong>:
If you wish to send a show using another method then please discuss it with the HPR Volunteer at admin@hackerpublicradio.org.
</p>
<p>
<strong>4. Reserve a slot</strong>:
Leave upload option 1 and 2 empty if you have received prior approval for a reservation from the Community via the <a href="/mailman/listinfo/hpr_hackerpublicradio.org">HPR Mailing List</a> to either:
</p>
<ul>
<li>Reserve the show now and upload media later.</li>
<li>Send physical media by the postal service or deliver in person.<br />
<em>Make sure you plan in enough time to deliver your media.</em></li>
</ul>
</td>
</tr>
</table>
<?php echo "<input type=\"hidden\" name=\"hostid\" value=\"$hostid\">"; ?>
<?php echo "<input type=\"hidden\" name=\"key\" value=\"$key\">"; ?>
<br />
<input type="submit" name="submit_edit" value="Submit"> This will take a <strong>long time</strong>, leave the browser running. You will get an email once the upload is complete.
<?php
if ( $ep_num == 9999 ) {
echo "<p>\n<em><a href=\"https://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] . "?delete=$key\">Delete this reservation for the Reserve Queue</a>.</em>\n</p>\n";
}
else {
echo "<p>\n<em><a href=\"https://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] . "?delete=$key\">Delete this reservation for hpr${ep_num} on ${ep_date}</a>.</em>\n</p>\n";
}
?>
</form>
</main>
<?php
include 'footer.html';
?>

546
hub/upload_confirm.php Executable file
View File

@@ -0,0 +1,546 @@
<?php
# request.php > request_confirm.php > upload.php > upload_confirm.php
require "/home/hpr/php/include.php";
function goback() {
header( "Location: " . $_SERVER["HTTP_REFERER"] ) ;
exit;
}
logextra( "Starting upload_confirm.php");
$query = "SELECT COUNT(*) as total FROM `reservations` WHERE ep_num = 0";
$result = mysqli_query($connection, "$query");
$row = mysqli_fetch_array($result, MYSQLI_NUM);
$total = $row[0];
logextra( "Got reservations" );
if ($total > 150 ) {
# This seems to indicate that we are under an attack as we never get 5 shows in the one day from different hosts.
# A host doing bulk upload will need to do them one by one
naughty("88fe2bc11a90f9f9ab9bdcc8a82d7401");
}
logextra( "No bulk upload" );
// // // print '<pre>';
// // // var_dump( $_SERVER['REQUEST_METHOD'] );
// // // print '</pre>';
if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) {
naughty("29e9019c9615f755aec834000892ee9e");
}
logextra( "It is a POST" );
if ( empty($_SERVER["REMOTE_ADDR"]) ) {
naughty("abb147a251e8db132dafa93d98f8487f");
}
else {
$ip = $_SERVER["REMOTE_ADDR"];
}
logextra( "We have a IP of $ip" );
if (count($_POST) !== 15) {
logextra( "" );
if (count($_POST) !== 17) {
# 19 is for mosaic
# if this reports 0 is could be that the max upload is not set correctly in php.ini.
naughty("7a994999b40e3dc2e3eecfdc36a78d23 ".count($_POST) );
}
}
logextra( "Correct number of POST entries" );
if ( isset( $_POST['key'] ) and strlen( $_POST['key'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_POST['key'] ) ) ) ) === 45 and ctype_xdigit( $_POST['key'] ) ) {
$db_key = htmlspecialchars( stripslashes( strip_tags( $_POST['key'] ) ) );
}
else {
naughty("2fb4c4e05f0e8f37a5b47565cfb863f5");
}
logextra( "Field lengths are correct" );
$query = "SELECT * FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$db_key' ";
$result = mysqli_query($connection, $query);
$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
logextra( "Getting this reservation from the db" );
if ( empty($db["ip"]) or $db["key"] != $db_key ) {
naughty("3162941738512bfdb1d21f288ee7cdb4");
}
else {
$db_ip = $db['ip'];
$db_email = unformatemail($db['email']);
$db_timestamp = $db['timestamp'];
$ep_num = $db['ep_num'];
$ep_date = $db['ep_date'];
}
logextra( "Found this reservation from the db" );
if ( empty($db_email) ) {
naughty("457bf84c726d1cbbd381933e3a08b2ac");
}
logextra( "Got an email $db_email" );
if ( strtotime($db['timestamp']) >= $_SERVER["REQUEST_TIME"] ) {
naughty("00ad965f523b5c2ade071eb20d3618b5");
}
logextra( "Timestamp is not to old" );
if ( strtotime($db['timestamp']) >= ( $_SERVER["REQUEST_TIME"] ) + 1800 ) {
naughty("7570026fd11fc31ac0cada3e1dae4d0b");
}
logextra( "Timestamp is not to young" );
if ( empty($_POST["title"]) or strlen($_POST["title"]) > 100 ) {
naughty("32831f22fb96d02ce819127d558d28a2");
}
logextra( "Title length is OK" );
if ( empty($_POST["summary"]) or strlen( $_POST["summary"]) > 200 or strlen(str_replace('\\', '', $_POST["summary"])) > 100 ) {
naughty("ecfcc4c12bf4319d412d66fd2e239249");
}
logextra( "Summary length is OK" );
if ( empty($_POST["shownotes_format"]) ) {
naughty("a8345484b7a4ebad5af54937a3b2e26b");
}
logextra( "Shownotes are not missing" );
if ( !(
strcmp($_POST["shownotes_format"], "plain_text") === 0 or
strcmp($_POST["shownotes_format"], "html5") === 0 or
strcmp($_POST["shownotes_format"], "Markdown_GitHub") === 0 or
strcmp($_POST["shownotes_format"], "Markdown_Pandoc") === 0 or
strcmp($_POST["shownotes_format"], "restructured_text") === 0 or
strcmp($_POST["shownotes_format"], "txt2tags") === 0 )
) {
naughty("b5609bad7edd70d76d75652fb0592ec4 " . $_POST["shownotes_format"] . " " . strcmp($_POST["shownotes_format"], "."));
}
logextra( "shownotes_format is set OK" );
if ( empty($_POST["explicit"]) ) {
naughty("39cc8812b02607d613c6a7ba7e789f2c");
}
logextra( "explicit exists" );
if ( strcmp($_POST["explicit"], "Yes") !== 0 ) {
logextra( "" );
if ( strcmp($_POST["explicit"], "Clean") !== 0 ) {
naughty("198ab3b8af59ffba12c335239bde2876");
}
}
logextra( "explicit is either Yes or Clean" );
if ( empty($_POST["license"]) or strlen($_POST["license"]) < 4 or strlen($_POST["license"]) > 11 ) {
naughty("194c24ff7396901c0ccc42fb21344683");
}
logextra( "license length is fine" );
if ( !(
strcmp($_POST["license"], "CC-BY-SA") === 0 or
strcmp($_POST["license"], "CC-BY-NC-SA") === 0 or
strcmp($_POST["license"], "CC-BY-NC-ND") === 0 or
strcmp($_POST["license"], "CC-0") === 0 or
strcmp($_POST["license"], "CC-BY-NC") === 0 or
strcmp($_POST["license"], "CC-BY") === 0 or
strcmp($_POST["license"], "Other") === 0 )
) {
naughty("f5609bad7edd70d76d75652fb0592ec4");
}
logextra( "license is a valid value" );
if ( empty($_POST["notes"]) or strlen($_POST["notes"]) > 40000 ) {
naughty("5860799406a323209b902d5104fe7bae");
}
logextra( "Notes are less than max" );
if ( ( empty($_POST["series"]) and ($_POST["series"] != 0 ) ) or (strlen($_POST["series"]) > 3 ) ) {
naughty("f1c83b57821d562f66246d975ef28994");
}
$series = $_POST["series"];
$result_series = mysqli_query($connection, "SELECT name FROM miniseries WHERE id='$series'");
logextra( "Series id is in the correct range" );
if (!isset($result_series)) {
naughty("27457bada69cbc352af762bdf649e905");
}
$data=mysqli_fetch_assoc($result_series);
$series_name = $data['name'];
logextra( "Series has been found" );
if ( !empty($_POST["tags"]) and strlen($_POST["tags"]) > 100 ) {
naughty("49a69b565acecf9d2a96aacc73aec5aa");
}
logextra( "Tags are the correct length" );
if ( empty($_POST["host_name"]) or strlen($_POST["host_name"]) > 40 ) {
naughty("626eae845e0a448be0544775ab5e4dc4");
}
logextra( "host_name is set and correct length" );
if ( strlen($_POST["host_profile"]) > 2000 ) {
naughty("f69ec5999e0a02def5a110489401347f");
}
logextra( "host_profile is correct length" );
if ( empty($_POST["host_license"]) or strlen($_POST["host_license"]) < 4 or strlen($_POST["host_license"]) > 11 ) {
naughty("f2816b32e97be090a96ceabdc9230c9c");
}
logextra( "host_license is in the correct range" );
if ( !(
strcmp($_POST["host_license"], "CC-BY-SA") === 0 or
strcmp($_POST["host_license"], "CC-BY-NC-SA") === 0 or
strcmp($_POST["host_license"], "CC-BY-NC-ND") === 0 or
strcmp($_POST["host_license"], "CC-0") === 0 or
strcmp($_POST["host_license"], "CC-BY-NC") === 0 or
strcmp($_POST["host_license"], "CC-BY") === 0 or
strcmp($_POST["host_license"], "Other") === 0 )
) {
naughty("978a18fa8558f3180897429e63d6ae55");
}
logextra( "host_license is a predfined value" );
if ( empty($_POST["hostid"]) and $_POST["hostid"] != 0 ) {
naughty("277dc98d43e7840d9f296cce1bc3ec2c");
}
logextra( "hostid exists and is not 0" );
$result = mysqli_query($connection, 'SELECT MAX(hostid) as max FROM hosts;');
if (!isset($result)) {
naughty("93fcc22d0c5ee3fac35e6d658db76059");
}
$data=mysqli_fetch_assoc($result);
$maxhost = $data['max'];
logextra( "retrieved the max host from db" );
$hostid = $_POST["hostid"];
logextra( "" );
if ( (strval(intval($hostid)) != strval($hostid)) or ( intval($hostid) < 0 ) or ( intval($hostid) > $maxhost ) ){
naughty("a0f6cae871b85cb66f85d7ed5e91d1bb");
}
logextra( "host id is int, and in the correct range" );
if ( !empty($_POST["url"]) and strlen($_POST["url"]) > 1024 ) {
naughty("6d4f180c49ff9b9154bd80070ec2c1f3");
}
logextra( "The url is set and the correct length" );
if ( !empty($_POST["url"]) ) {
if ( filter_var($_POST["url"], FILTER_VALIDATE_URL) === false ) {
naughty("9c307efe37146015a35e2d928c2c0f69");
}
else {
$url = htmlspecialchars(filter_var($_POST["url"], FILTER_VALIDATE_URL));
}
}
logextra( "The url has not been altered" );
$dir_structure = "/home/hpr/upload/" . strtotime($db_timestamp) . "_${ep_num}_${ep_date}_${db_key}/";
if ( file_exists( $dir_structure ) ) {
naughty("d4250c369bd81b27cdc53d0d53321ecd");
}
logextra( "The upload dir seems fine $dir_structure" );
if (!mkdir($dir_structure, 0777, true)) {
naughty("804c4be123ca0327840b76bf4f8eb19e");
}
$shownote_file = "${dir_structure}/shownotes.txt";
if ( file_exists( $shownote_file ) ) {
naughty("33370d1c5c19a6ca4ef3f3ce59158e57");
}
logextra( "The shownotes txt file exists $shownote_file" );
$shownote_file_json = "${dir_structure}/shownotes.json";
if ( file_exists( $shownote_file_json ) ) {
naughty("a9564ebc3289b7a14551baf8ad5ec60a");
}
logextra( "The shownotes json file exists $shownote_file_json" );
$this_post = print_r($_POST, true);
$this_file = print_r($_FILES, true);
logextra( "Received $this_post, $this_file" );
$show_data = "------------------------------------------------------------";
$show_data = $show_data . "\nEpisode_Number:\t" . $ep_num;
$show_data = $show_data . "\nEpisode_Date:\t" . $ep_date;
$show_data = $show_data . "\nTimestamp:\t" . $db_timestamp;
$show_data = $show_data . "\nKey:\t" . $_POST['key'];
$show_data = $show_data . "\nHost_IP:\t" . $db_ip;
$show_data = $show_data . "\n------------------------------------------------------------";
$show_data = $show_data . "\nHost_ID:\t" . $_POST['hostid'];
$show_data = $show_data . "\nHost_Name:\t" . $_POST['host_name'];
$show_data = $show_data . "\nHost_Email:\t" . $db_email;
$show_data = $show_data . "\nHost_License:\t" . $_POST['host_license'];
$show_data = $show_data . "\nHost_Profile:\n" . $_POST['host_profile'];
$show_data = $show_data . "\n------------------------------------------------------------";
$show_data = $show_data . "\nTitle:\t" . $_POST['title'];
$show_data = $show_data . "\nSummary:\t" . $_POST['summary'];
$show_data = $show_data . "\nShownotes_Format:\t" . $_POST['shownotes_format'];
$show_data = $show_data . "\nExplicit:\t" . $_POST['explicit'];
$show_data = $show_data . "\nShow_License:\t" . $_POST['license'];
$show_data = $show_data . "\nSeries:\t" . $series;
$show_data = $show_data . "\nSeries_Name:\t" . $series_name;
$show_data = $show_data . "\nTags:\t" . $_POST['tags'];
$show_data = $show_data . "\nurl:\t" . $_POST['url'];
$show_data = $show_data . "\n------------------------------------------------------------";
$show_data = $show_data . "\nShow_Notes:\n" . $_POST['notes'];
$show_data = $show_data . "\n------------------------------------------------------------";
$show_data = $show_data . "\nPOST:\n" . $this_post;
$show_data = $show_data . "\n------------------------------------------------------------";
$show_data = $show_data . "\nFILES:\n" . $this_file;
$show_data = $show_data . "\n------------------------------------------------------------\n";
file_put_contents($shownote_file, stripslashes($show_data) );
logextra( "Wrote the $shownote_file" );
$show_data_json = array(
"host" => array(
"Host_ID" => $_POST['hostid'],
"Host_Name" => $_POST['host_name'],
"Host_Email" => $db_email,
"Host_License" => $_POST['host_license'],
"Host_Profile" => $_POST['host_profile']
),
"episode" => array(
"Title" => $_POST['title'],
"Summary" => $_POST['summary'],
"Explicit" => $_POST['explicit'],
"Show_License" => $_POST['license'],
"Series" => $series,
"Series_Name" => $series_name,
"Tags" => $_POST['tags'],
"Show_Notes" => $_POST['notes']
),
"metadata" => array(
"Episode_Number" => $ep_num,
"Episode_Date" => $ep_date,
"Timestamp" => $db_timestamp,
"Key" => $_POST['key'],
"Host_IP" => $db_ip,
"POST" => $_POST,
"FILES" => $_FILES,
"url" => $_POST['url'],
"Shownotes_Format" => $_POST['shownotes_format'],
)
);
file_put_contents($shownote_file_json, json_encode($show_data_json) );
logextra( "Wrote the $shownote_file_json" );
if ( !file_exists( $dir_structure ) ) {
naughty("a1534e6d525352dce7183a2e22862049");
}
logextra( "The dir_structure still exists" );
if ( !file_exists( "$dir_structure/shownotes.txt" ) ) {
naughty("ab8051b531c120b8bffd2a5b25a19cc3");
}
logextra( "shownotes.txt still exists" );
if ( !file_exists( "$dir_structure/shownotes.json" ) ) {
naughty("a9564ebc3289b7a14551baf8ad5ec60a");
}
logextra( "shownotes.json still exists" );
$message="";
if ( !empty($_FILES["host_photo"]["tmp_name"]) and !empty($_FILES["host_photo"]["type"]) and $_FILES["host_photo"]["error"] == 0 ) {
list($type_main, $type_sub)= explode("/", $_FILES["host_photo"]["type"]);
if ( empty($type_sub) or strlen($type_sub) > 4 ) {
naughty("c1381f1d2492f81074d8cb70c85f5fc8");
}
else {
$temp_photo = $_FILES["host_photo"]["tmp_name"];
$host_photo = "${dir_structure}/photo";
move_uploaded_file($temp_photo, $host_photo);
$message = $message . "A photo was delivered. ";
}
logextra( "A photo was delivered" );
}
else {
$message = $message . "No photo delivered. ";
}
logextra( "No photo delivered" );
// Deal with uploaded files.
$files = count($_FILES["media_files"]["error"]);
if ( $files > 1 ) {
$message = $message . $files . " files were delivered.";
logextra( $files . " files were delivered." );
}
else
if ( $files == 1 and $_FILES["media_files"]["error"][ "0"] == 0 ) {
$message = $message . "One file was delivered.";
logextra( "One file was delivered." );
}
else {
if ( empty($_POST["url"]) ) {
$message = $message . "
You have chosen to upload the files separately from these show notes.
If you wish to send a show using another method then please discuss
it with the HPR Volunteer at admin@hackerpublicradio.org
";
logextra( "uploading the files separately" );
}
}
foreach($_FILES["media_files"]["tmp_name"] as $key => $val) {
if ( $_FILES["media_files"]["error"][ "$key"] == 0 ) {
$from = $_FILES["media_files"]["tmp_name"][ "$key"];
$to = "${dir_structure}/" . $_FILES["media_files"]["name"][ "$key"] ;
$moveResult = move_uploaded_file($from, $to);
if ($moveResult != true) {
echo "ERROR: File not moved correctly >$from< >$to<";
logextra( "ERROR: File not moved correctly >$from< >$to<" );
}
else {
logextra( "File moved correctly >$from< >$to<" );
}
}
}
logextra( "All Files moved" );
########################################################
// OK You convinced me.
if ( $ep_num == 9999 ) {
$show_submitted = "RESERVE_SHOW_SUBMITTED";
}
else {
$show_submitted = "SHOW_SUBMITTED";
}
$query = "UPDATE reservations SET `verified` = '1', `status` = '$show_submitted' WHERE `ip` = '$db_ip' AND `timestamp` = '$db_timestamp' AND `key` = '$db_key'";
$result = mysqli_query($connection, $query );
if (mysqli_errno($connection)) {
$error = "MySQL error ".mysqli_errno($connection).": ".mysqli_error($connection)."\n";
problem("Could not update the show reservation to $status in the db");
mysqli_free_result($result);
mysqli_close($connection);
logextra( "$query");
die;
}
logextra( "Updating the db to $show_submitted" );
if (!isset($result)) {
naughty("c7405e79b54f582e8db46c69ec4b0f24");
}
$body="give";
//$body="index_full";
include 'header.html';
?>
<main id="maincontent">
<hr />
<article>
<header>
<h1>Thank you</h1>
</header>
<p>
Thank you for your submission.
</p>
<pre>
<?php echo $message; ?>
</pre>
<p>
Your show will now be processed by a HPR Volunteer.
</p>
<p>
Thanks,<br />
<br />
HPR Bot
</p>
</article>
</main>
<?php
logextra( "Sending email" );
# TODO check for both url and file upload
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
use PHPMailer\PHPMailer\SMTP;
require_once('/home/hpr/php/PHPMailer/Exception.php');
require_once('/home/hpr/php/PHPMailer/PHPMailer.php');
require_once('/home/hpr/php/PHPMailer/SMTP.php');
date_default_timezone_set('Etc/UTC');
$mailer = new PHPMailer(true);
$mailer->isSMTP();
$mailer->Host = "$mailerHost";
$mailer->SMTPAuth = true;
$mailer->SMTPSecure = "ssl";
$mailer->Port = "465";
$mailer->Username = "$mailerUsername";
$mailer->Password = "$mailerPassword";
// Set up to, from, and the message body. The body doesn't have to be HTML; check the PHPMailer documentation for details.
$mailer->Sender = 'robot@hobbypublicradio.com';
$mailer->addReplyTo('admin@hackerpublicradio.org', 'HPR Admins');
$mailer->setFrom('robot@hobbypublicradio.com', 'HPR Robot');
$mailer->addBCC('admin@hackerpublicradio.org');
$mailer->addBCC('admin@hobbypublicradio.org');
$mailer->AddAddress("$db_email");
$mailer->isHTML(false);
if ( $ep_num === 9999 ) {
$mailer->Subject = "Thank you for uploading to the Reserve Queue";
$mailer->MsgHTML("<p><em>This email is an automatic reply. If you have not made this request then please ignore this email.</em></p>
<p>Thank You for recording an episode for the Reserve Queue.</p>
<pre>
$message
</pre>
<p>
Your show will now be processed by a HPR Volunteer.<br />
Thanks,<br />
HPR Bot
</p>");
}
else {
$mailer->Subject = "Thank you for uploading hpr${ep_num}::${ep_date}";
$mailer->MsgHTML("<p><em>This email is an automatic reply. If you have not made this request then please ignore this email.</em></p>
<p>Thank You for recording hpr${ep_num} for release on ${ep_date}.</p>
<pre>
$message
</pre>
<p>
Your show will now be processed by a HPR Volunteer.<br />
Thanks,<br />
HPR Bot
</p>");
}
$mailer->AltBody = "This email is an automatic reply. If you have not made this request then please ignore this email.
Thank You for recording hpr${ep_num} for release on ${ep_date}.
$message
Your show will now be processed by a HPR Volunteer.
Thanks,
HPR Bot";
//send the message, check for errors
if (!$mailer->send()) {
echo 'Mailer Error: ' . $mailer->ErrorInfo;
}
include 'footer.html';
logextra( "Finished upload_confirm.php");
?>