More changes to the comment system. To include the reuse of a common check file

This commit is contained in:
Ken Fallon 2023-12-23 21:54:16 +01:00
parent 7f9611b1b9
commit d725b2cf14
5 changed files with 309 additions and 139 deletions

149
cms/comment_checks.php Normal file
View File

@ -0,0 +1,149 @@
<?php
if ( empty($json["comment_author_name"]) or strlen($json["comment_author_name"]) > 40 ) {
naughty("15f377e657196bb8192ec11755b0ca75 empty comment_author_name");
}
$comment_author_name = $json["comment_author_name"];
if ( empty($json["comment_title"]) or strlen($json["comment_title"]) > 100) {
naughty("ce604e6bf3c1e0aa0ec7ab78ae07e6cb empty comment_title");
}
$comment_title = $json["comment_title"];
if ( empty($json["comment_text"]) or strlen($json["comment_text"]) > 2000 ) {
naughty("d4101542e2d0264c0cdb8ac4bdf6bf09 empty comment_text");
}
$comment_text = $json["comment_text"];
if ( $json["justification"] !== "Current Comment" ) {
if ( empty($json["justification"]) or strlen($json["justification"]) > 200 or strlen($json["justification"]) < 20 ) {
naughty("f87785f8eda5d75de8cb08c386c66c56 empty justification");
}
}
$justification = $json["justification"];
if ( empty($json["key"]) ) {
naughty("f87785f8eda5d75de8cb08c386c66c56 empty key");
}
if ( $key !== $json["key"] ) {
naughty("9d7f5e1a7a075a925ed1231decc16965 provided key \"$key\" is not matching json key \"". $json["key"] . "\"");
}
// check ip //
//
if ( empty($json["ip"]) ) {
naughty("025622ea15552a7b8a3ae71405cf1fbf empty ip");
}
$ip = $json["ip"];
if ( ! filter_var($ip, FILTER_VALIDATE_IP)) {
naughty("571f2d51046da9c923e01ae8bbfc037e not an IP");
}
// check ep_num //
//
if ( empty($json["eps_id"]) ) {
naughty("6740e9b34590fe5b8f1829aeb5da099d empty eps_id");
}
$ep_num = $json["eps_id"];
if ( intval($ep_num) === 0 ) {
naughty("fdae5c63eb5608820b13c9d096166c84 ep_num not int");
}
else {
$ep_num = intval($ep_num);
}
if ( ( $ep_num <= 0 ) OR ( $ep_num >= 9999) ) {
naughty("eb90a1a69fd531d5c649e3f5367bd570 ep_num outside range");
}
$ep_retrieve = "SELECT id FROM eps WHERE id=$ep_num;";
if ($result = mysqli_query($connection, $ep_retrieve)) {
if ( ! $result->fetch_assoc()) {
naughty("b9ac28c5c661d7ed1c4c009de0279e07 ep_num not a real show");
}
}
// date //
//
if ( empty($json["comment_timestamp"]) ) {
naughty("bdc8352b3cc66626c3cb9e24b197eea6 empty comment_timestamp");
}
$comment_timestamp = $json["comment_timestamp"];
// 2023-12-23T12:21:29Z
if ( !preg_match("/\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$/", $comment_timestamp) ) {
naughty("ad7f805c2f42be77122ec52f114fe318 comment_timestamp not matching regex");
}
if ( strtotime($comment_timestamp) === false ) {
naughty("fa8cfb5266783bfb4dc06120bfdf5675 comment_timestamp not a date");
}
$comment_timestamp_epoch = strtotime($comment_timestamp);
$a_week_ago = strtotime(date("Y-m-d H:i:s", time()) . " -1 week" );
// if ( $comment_timestamp_epoch <= $a_week_ago ) {
// naughty("f3fae30aec607f499108db240ec28456 comment_timestamp older than a week");
// }
$date = new DateTime( $comment_timestamp );
$comment_timestamp_db = $date->format('Y-m-d H:i:s');
// anti spam
if (file_exists($naughty_stings_file)) {
$comment = strtolower( "$comment_author_name, $comment_text, $comment_title, $justification" );
$naughty_words = file("$naughty_stings_file", FILE_SKIP_EMPTY_LINES|FILE_IGNORE_NEW_LINES);
foreach ( $naughty_words as $naughty_word) {
if ( strpos( $comment, strtolower( $naughty_word ) ) !== false ) {
naughty("b5fd199bfeb4c1bbd4923b4af5415ce3 fails banned wordcheck \"$naughty_word\"");
}
}
}
if ( $comment_author_name === preg_replace('/[^a-zA-Z0-9_ ]/', '', $comment_author_name) ) {
$comment_author_name_ascii = "ASCII";
}
else {
$comment_author_name_ascii = "EXTENDED";
}
if ( $comment_title === preg_replace('/[^a-zA-Z0-9_ ]/', '', $comment_title) ) {
$comment_title_ascii = "ASCII";
}
else {
$comment_title_ascii = "EXTENDED";
}
if ( $comment_text === preg_replace('/[^a-zA-Z0-9_ ]/', '', $comment_text) ) {
$comment_text_ascii = "ASCII";
}
else {
$comment_text_ascii = "EXTENDED";
}
if ( $justification === preg_replace('/[^a-zA-Z0-9_ ]/', '', $justification) ) {
$justification_ascii = "ASCII";
}
else {
$justification_ascii = "EXTENDED";
}
$comment_author_name_json = json_encode( $comment_author_name );
$comment_title_json = json_encode( $comment_title );
$comment_text_json = json_encode( $comment_text );
$justification_json = json_encode( $justification );
$comment_timestamp_json = json_encode( $comment_timestamp );
$comment_key_json = json_encode( $key );
?>

View File

@ -44,8 +44,6 @@ else {
$action = $_GET["action"];
}
$comment_directory = "/home/hpr/comments";
if ( ! file_exists( $comment_directory ) ) {
# Looks like the comments directory has not been created
naughty("0fdffa1dbe94e0730cef457be93ebf40 cant find comment directory");
@ -68,13 +66,22 @@ if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) {
if ( $action === 'block' ) {
file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t${file_ip}\tReported as comment spammer\t${key}\n", FILE_APPEND | LOCK_EX );
unlink( "${file}" );
$db["http_code"] = "201";
$db["action"] = "block";
http_response_code(201);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($db);
exit;
}
if ( $action === 'delete' ) {
unlink( "${file}" );
$db["http_code"] = "202";
$db["action"] = "delete";
http_response_code(202);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($db);
unlink( "${file}" );
exit;
}
@ -83,110 +90,7 @@ if ( $action === 'approve' ) {
$json = json_decode($comment, true);
if ( empty($json["comment_author_name"]) or strlen($json["comment_author_name"]) > 40 ) {
naughty("15f377e657196bb8192ec11755b0ca75 empty comment_author_name");
}
$comment_author_name = $json["comment_author_name"];
if ( empty($json["comment_title"]) or strlen($json["comment_title"]) > 100) {
naughty("ce604e6bf3c1e0aa0ec7ab78ae07e6cb empty comment_title");
}
$comment_title = $json["comment_title"];
if ( empty($json["comment_text"]) or strlen($json["comment_text"]) > 2000 ) {
naughty("d4101542e2d0264c0cdb8ac4bdf6bf09 empty comment_text");
}
$comment_text = $json["comment_text"];
if ( empty($json["justification"]) or strlen($json["justification"]) > 200 or strlen($json["justification"]) < 20 ) {
naughty("f87785f8eda5d75de8cb08c386c66c56 empty justification");
}
$justification = $json["justification"];
if ( empty($json["key"]) ) {
naughty("f87785f8eda5d75de8cb08c386c66c56 empty key");
}
if ( $key !== $json["key"] ) {
naughty("9d7f5e1a7a075a925ed1231decc16965 provided key is not matching json key");
}
// check ip //
//
if ( empty($json["ip"]) ) {
naughty("025622ea15552a7b8a3ae71405cf1fbf empty ip");
}
$ip = $json["ip"];
if ( ! filter_var($ip, FILTER_VALIDATE_IP)) {
naughty("571f2d51046da9c923e01ae8bbfc037e not an IP");
}
// check ep_num //
//
if ( empty($json["eps_id"]) ) {
naughty("6740e9b34590fe5b8f1829aeb5da099d empty eps_id");
}
$ep_num = $json["eps_id"];
if ( intval($ep_num) === 0 ) {
naughty("fdae5c63eb5608820b13c9d096166c84 ep_num not int");
}
else {
$ep_num = intval($ep_num);
}
if ( ( $ep_num <= 0 ) OR ( $ep_num >= 9999) ) {
naughty("eb90a1a69fd531d5c649e3f5367bd570 ep_num outside range");
}
$ep_retrieve = "SELECT id FROM eps WHERE id=$ep_num;";
if ($result = mysqli_query($connection, $ep_retrieve)) {
if ( ! $result->fetch_assoc()) {
naughty("b9ac28c5c661d7ed1c4c009de0279e07 ep_num not a real show");
}
}
// date //
//
if ( empty($json["comment_timestamp"]) ) {
naughty("bdc8352b3cc66626c3cb9e24b197eea6 empty comment_timestamp");
}
$comment_timestamp = $json["comment_timestamp"];
// 2023-12-23T12:21:29Z
if ( !preg_match("/\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$/", $comment_timestamp) ) {
naughty("ad7f805c2f42be77122ec52f114fe318 comment_timestamp not matching regex");
}
if ( strtotime($comment_timestamp) === false ) {
naughty("fa8cfb5266783bfb4dc06120bfdf5675 comment_timestamp not a date");
}
$comment_timestamp_epoch = strtotime($comment_timestamp);
$a_week_ago = strtotime(date("Y-m-d H:i:s", time()) . " -1 week" );
// if ( $comment_timestamp_epoch <= $a_week_ago ) {
// naughty("f3fae30aec607f499108db240ec28456 comment_timestamp older than a week");
// }
$date = new DateTime( $comment_timestamp );
$comment_timestamp_db = $date->format('Y-m-d H:i:s');
// anti spam
if (file_exists($naughty_stings_file)) {
$comment = strtolower( "$comment_author_name, $comment_text, $comment_title, $justification" );
$naughty_words = file("$naughty_stings_file", FILE_SKIP_EMPTY_LINES|FILE_IGNORE_NEW_LINES);
foreach ( $naughty_words as $naughty_word) {
if ( strpos( $comment, strtolower( $naughty_word ) ) !== false ) {
naughty("b5fd199bfeb4c1bbd4923b4af5415ce3 fails banned wordcheck \"$naughty_word\"");
}
}
}
require "/home/hpr/public_html_hub/cms/comment_checks.php";
// OK I believe you
@ -220,6 +124,8 @@ if ( $action === 'approve' ) {
if ( empty($db["id"]) ) {
naughty("1caead2716fb4e793b11f978eddd7559 could not find the id of the entry. comment_timestamp='$comment_timestamp_db' and comment_author_name='$comment_author_name'");
}
$db["http_code"] = "200";
$db["action"] = "approve";
http_response_code(200);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($db);
@ -231,35 +137,3 @@ if ( $action === 'approve' ) {
http_response_code(500);
?>

146
cms/comment_process_rss.php Normal file
View File

@ -0,0 +1,146 @@
<?php
require "/home/hpr/php/include.php";
date_default_timezone_set('UTC');
$atomurl=$_SERVER['PHP_SELF'];
if ( ! file_exists( $comment_directory ) ) {
# Looks like the comments directory has not been created
naughty("311c0255ea32b61ee6e6537eb03aa3ac can't find comment directory");
}
header("Content-type: application/xml");
header("Pragma: public");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
date_default_timezone_set('UTC');
print '<?xml version="1.0" encoding="UTF-8" ?>' . "\n";
?>
<rss version="2.0" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" >
<channel>
<title>Hacker Public Radio - Unprocessed Comment Feed</title>
<link>https://hackerpublicradio.org/comments_viewer.html</link>
<itunes:subtitle>A daily show hosted the community on topics that are of interest to hackers and hobbyists.</itunes:subtitle>
<description>Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists.</description>
<language>en-us</language>
<itunes:category text="Technology">
<itunes:category text="Tech News"/>
</itunes:category>
<itunes:category text="Education">
<itunes:category text="Training"/>
</itunes:category>
<itunes:image href="http://hackerpublicradio.org/images/hpr_feed_itunes.png"/>
<itunes:explicit>yes</itunes:explicit>
<itunes:author>Hacker Public Radio</itunes:author>
<itunes:keywords>Community Radio, Tech Interviews, Linux, Open, Hobby, Software Freedom</itunes:keywords>
<copyright>Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) License</copyright>
<managingEditor>feedback@NOSPAM-hackerpublicradio.org (HPR Feedback)</managingEditor>
<itunes:owner>
<itunes:name>HPR Volunteer</itunes:name>
<itunes:email>admin@hackerpublicradio.org</itunes:email>
</itunes:owner>
<webMaster>admin@hackerpublicradio.org (HPR Volunteer)</webMaster>
<generator>kate</generator>
<docs>http://www.rssboard.org/rss-specification</docs>
<ttl>43200</ttl>
<skipDays>
<day>Saturday</day>
<day>Sunday</day>
</skipDays>
<image>
<url>https://hackerpublicradio.org/images/hpr_feed_small.png</url>
<title>Hacker Public Radio</title>
<link>https://hackerpublicradio.org/comments_viewer.html</link>
<description>The Hacker Public Radio Old Microphone Logo</description>
<height>164</height>
<width>144</width>
</image>
<googleplay:author>HPR Volunteer</googleplay:author>
<googleplay:description>Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists.</googleplay:description>
<googleplay:email>admin@hackerpublicradio.org</googleplay:email>
<googleplay:image href="http://hackerpublicradio.org/images/hpr_feed_itunes.png"/>
<googleplay:category text="Technology"/>
<?php
print " <atom:link href=\"http://hackerpublicradio.org". str_replace('&', '&amp;', $_SERVER["REQUEST_URI"]) ."\" rel=\"self\" type=\"application/rss+xml\" />\n";
print " <pubDate>".date(DATE_RFC1123, strtotime(date('Y-m-d')))."</pubDate>\n";
// 2023-06-15T08:39:36Z_83.185.95.196_582e484f02443444c2f8ff3176002aac648ace488d413.json
// 2023-09-04T14:52:39Z_68.49.58.16_4cfde84f736d4df0c6e1f6ba7c4e8fc264f5ef3743eb7.json
// 2023-11-25T16:46:56Z_68.49.58.16_eee5067d88e3dc8ad4a2cab2a0ed4fcb65622500b48f1.json
// 2023-11-29T21:24:45Z_68.49.58.16_f686e54797a290dacad5a78a30362ec36567ac1db6d0c.json
// 2023-12-22T14:23:04Z_45.137.100.15_baabea02d48a63568c9684bbcbf17f8365859bc8a0770.json
// 2023-12-22T14:28:32Z_45.137.100.15_ad894382079f743cd5471235b0a17b1665859d103439d.json
// 2023-12-22T14:30:41Z_45.137.100.15_1664b77c3199c613f2035a3425ea665b65859d91b34ba.json
// 2023-12-23T18:23:42Z_45.137.100.15_a8ad9de74017103c2a98091710dba7cf658725aedd56b.json
$filenames = glob( "${comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_*.json" );
foreach ($filenames as $filename) {
$comment = file_get_contents("$filename");
echo "<!-- $filename -->\n";
$json = json_decode($comment, true);
$path_parts = pathinfo( "$filename" );
list($file_timestamp, $file_ip, $key) = explode( '_', $path_parts['filename'] );
require "/home/hpr/public_html_hub/cms/comment_checks.php";
echo " <item>\n";
echo " <title>$comment_title</title>\n";
echo " <author>$comment_author_name</author>\n";
echo " <link>https://hackerpublicradio.org/eps/hpr$ep_num/index.html</link>\n";
echo " <description><![CDATA[
<p>
<a href=\"https://hub.hackerpublicradio.org/cms/comment_process.php?key=$key&action=block\">Block</a>,
<a href=\"https://hub.hackerpublicradio.org/cms/comment_process.php?key=$key&action=delete\">Delete</a>, or
<a href=\"https://hub.hackerpublicradio.org/cms/comment_process.php?key=$key&action=approve\">Approve</a>.
</p>
<pre>
$filename
$comment_timestamp
$key
</pre>
<hr />
<p>
<strong>Comment on HPR$ep_num</strong>: $ep_num,<br />
<br />
<strong>comment_author_name</strong> ($comment_author_name_ascii): $comment_author_name,<br />
<strong>comment_title</strong> ($comment_title_ascii): $comment_title,<br />
<strong>comment_text</strong> ($comment_text_ascii):
<pre>
$comment_text
</pre>
<strong>justification</strong> ($justification_ascii):
<pre>
$justification
</pre>
</p>
<hr />
<strong>comment_title_json</strong>: $comment_title_json,<br />
<strong>comment_text_json</strong>: $comment_text_json,<br />
<strong>justification_json</strong>: $justification_json,<br />
<hr />
]]>\n</description>\n";
// echo " <googleplay:description><![CDATA[" . $show_notes . "]]>\n</googleplay:description>\n";
echo " <pubDate>" .date(DATE_RFC1123, strtotime( $comment_timestamp_db )) . "</pubDate>\n";
echo " <guid>$key</guid>\n";
echo " </item>\n";
}
//Display non-connection errors
//Close sql connection
mysqli_close($connection);
echo " </channel>
</rss>
";
?>

View File

@ -76,7 +76,7 @@ if ( !preg_match("/^\d{4}_\d{4}-\d{2}-\d{2}$/", $_POST["ep_num_date"]) ) {
naughty("ad7f805c2f42be77122ec52f114fe318");
}
else {
list($ep_num, $ep_date) = explode('_', $_POST["ep_num_date"]);;
list($ep_num, $ep_date) = explode('_', $_POST["ep_num_date"]);
}
if ( intval($ep_num) === 0 ) {

View File

@ -14,6 +14,7 @@ $mailerPassword = 'THE_SMTP_MAIL_PASSWORD_HERE';
$hubBaseurl = "https://hub.hackerpublicradio.org/";
$baseurl = "https://hackerpublicradio.org/";
$comment_directory = "/path/to/comments";
$naughtyfile = '/path/to/naughty.txt';
$naughty_stings_file = '/path/to/strings.txt';
$justification_file = '/path/to/justification.txt';