diff --git a/README.md b/README.md
index 1cb36e7..45e2340 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,25 @@
 # hpr_hub
 
-The dynamic code for the Hacker Public Radio project.
\ No newline at end of file
+The dynamic code for the Hacker Public Radio project.
+
+It consists of several directories
+
+## www
+
+This directory contains the static content that the site uses.
+
+There are some [rss php files](https://repo.anhonesthost.net/rho_n/hpr_generator/issues/140) that will be converted to statically rendered files.
+
+## hub
+
+This contains the files necessary to display the queue, upload shows, and submit comments.
+
+## cms
+
+Some tooling used by the Janitors to process comments, and shows.
+
+## ini
+
+Some sanitize settings files needed.
+
+
diff --git a/cms/add_show.php b/cms/add_show.php
new file mode 100644
index 0000000..3bc4267
--- /dev/null
+++ b/cms/add_show.php
@@ -0,0 +1,403 @@
+<?php
+
+require "/home/hpr/php/include.php";
+
+date_default_timezone_set('UTC');
+
+function goback() {
+  header( "Location: " . $_SERVER["HTTP_REFERER"] ) ;
+  exit;
+}
+logextra( "Starting add_show.php");
+
+if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) {
+  problem("ERROR: It is not a POST"); 
+}
+logextra( "It is a POST" );
+
+if ( empty($_SERVER["REMOTE_ADDR"]) ) {
+  problem("ERROR: No REMOTE_ADDR");
+}
+else {
+  $ip = $_SERVER["REMOTE_ADDR"];
+}
+logextra( "We have a IP of $ip" );
+
+if (count($_POST) !== 15) {
+  logextra( "POST is not 15" );
+  if (count($_POST) !== 17) {
+    # 19 is for mosaic
+    # if this reports 0 is could be that the max upload is not set correctly in php.ini.
+    problem("ERROR: Incorrect number of POST entries ".count($_POST) );
+  }
+}
+logextra( "Correct number of POST entries" );
+
+if ( isset( $_POST['key'] ) and strlen( $_POST['key'] ) ===  45  and strlen( htmlspecialchars( stripslashes( strip_tags( $_POST['key'] ) ) ) ) ===  45 and ctype_xdigit( $_POST['key'] ) ) {
+  $db_key = htmlspecialchars( stripslashes( strip_tags( $_POST['key'] ) ) );
+}
+else {
+  problem("ERROR: no key");
+}
+logextra( "Field lengths are correct" );
+
+$query = "SELECT * FROM reservations WHERE reservations.key = '$db_key' ";
+$result = @mysqli_query($connection, $query);
+$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
+logextra( "Getting this reservation from the db" );
+
+if ( $db["key"] != $db_key ) {
+  problem("ERROR: Could not find the reservation in the db");
+}
+logextra( "Found this reservation from the db" );
+
+if ( empty($_POST["title"]) or strlen($_POST["title"]) > 100 ) {
+  problem("ERROR: Title length is not OK");
+}
+logextra( "Title length is OK" );
+$title = $_POST["title"];
+
+if ( empty($_POST["summary"]) or strlen( $_POST["summary"]) > 200 or strlen(str_replace('\\', '', $_POST["summary"])) > 100 ) {
+  problem("ERROR: Summary length is not OK");
+}
+logextra( "Summary length is OK" );
+$summary = $_POST["summary"];
+
+if ( empty($_POST["explicit"]) ) {
+  problem("ERROR: explicit is missing");
+}
+logextra( "explicit exists" );
+
+if ( strcmp($_POST["explicit"], "Yes") !== 0 ) {
+  logextra( "explicit is not yes" );
+  if ( strcmp($_POST["explicit"], "Clean") !== 0 ) {
+    problem("ERROR: explicit needs to be either Yes or Clean");
+  }
+}
+logextra( "explicit is either Yes or Clean" );
+
+$explicit = $_POST["explicit"];
+
+if ( $explicit === "Clean" ) {
+  $explicit = 0;
+}
+else {
+  $explicit = 1;
+}
+if ( empty($_POST["episode_license"]) or strlen($_POST["episode_license"]) < 4 or strlen($_POST["episode_license"]) > 11 ) {
+  problem("ERROR: episode_license length is not fine");
+}
+logextra( "episode_license length is fine" );
+
+if ( !(
+    strcmp($_POST["episode_license"], "CC-BY-SA") === 0 or 
+    strcmp($_POST["episode_license"], "CC-BY-NC-SA") === 0 or 
+    strcmp($_POST["episode_license"], "CC-BY-NC-ND") === 0 or 
+    strcmp($_POST["episode_license"], "CC-0") === 0 or 
+    strcmp($_POST["episode_license"], "CC-BY-NC") === 0 or 
+    strcmp($_POST["episode_license"], "CC-BY") === 0 or 
+    strcmp($_POST["episode_license"], "Other") === 0 ) 
+    ) {
+  problem("ERROR: license is not a valid value");  
+}
+logextra( "license is a valid value" );
+
+$episode_license = $_POST["episode_license"];
+
+if ( empty($_POST["notes"]) or strlen($_POST["notes"]) > 40000 ) {
+  problem("ERROR: Notes are missing not less than max");
+}
+logextra( "Notes are not missing and are less than max" );
+
+$notes = $_POST["notes"];
+
+if ( ( empty($_POST["series"]) and ($_POST["series"] != 0 ) ) or (strlen($_POST["series"]) > 3 ) ) {
+  problem("ERROR: Series id is not in the correct range");
+}
+$series = $_POST["series"];
+if ( (strval(intval($series)) != strval($series)) ){
+  problem("ERROR: series is not an int");
+}
+logextra( "series is int" );
+
+$result_series = mysqli_query($connection, "SELECT name FROM miniseries WHERE id='$series'");
+logextra( "Series id is in the correct range \"$series\"" );
+
+if (!isset($result_series)) {
+  problem("ERROR: Series has not been found");
+}
+$db_series_name_array = mysqli_fetch_row( $result_series );
+$db_series_name = $db_series_name_array[0];
+
+if ( empty($db_series_name) ) {
+  problem("ERROR: Series name \"${db_series_name}\" is missing from db ");
+}
+
+logextra( "Series name has been found in db: \"$db_series_name\"" );
+
+if ( empty($_POST["series_name"])  ) {
+  problem("ERROR: series_name length is not fine");
+}
+$series_name = $_POST["series_name"];
+
+if ( $series_name != $db_series_name ) {
+  problem("ERROR: series_name \"$series_name\" and db_series_name \"$db_series_name\" don't match.");
+}
+
+logextra( "series_name checkes passed: \"$series_name\"" );
+
+if ( !empty($_POST["tags"]) and strlen($_POST["tags"]) > 100 ) {
+  problem("ERROR: Tags are not the correct length");
+}
+logextra( "Tags are the correct length" );
+$tags = $_POST["tags"];
+
+#############
+# Host checks
+
+if ( empty($_POST["host_name"]) or strlen($_POST["host_name"]) > 40 ) {
+  problem("ERROR: host_name is not set and not the correct length");
+}
+logextra( "host_name is set and correct length" );
+$host_name = $_POST["host_name"];
+
+
+if ( strlen($_POST["host_profile"]) > 2000 ) {
+  problem("ERROR: host_profile is not the correct length");
+}
+logextra( "host_profile is correct length" );
+
+$host_profile = $_POST["host_profile"];
+
+if ( empty($_POST["host_license"]) or strlen($_POST["host_license"]) < 4 or strlen($_POST["host_license"]) > 11 ) {
+  problem("ERROR: host_license is not in the correct range");
+}
+logextra( "host_license is in the correct range" );
+
+if ( !(
+    strcmp($_POST["host_license"], "CC-BY-SA") === 0 or 
+    strcmp($_POST["host_license"], "CC-BY-NC-SA") === 0 or 
+    strcmp($_POST["host_license"], "CC-BY-NC-ND") === 0 or 
+    strcmp($_POST["host_license"], "CC-0") === 0 or 
+    strcmp($_POST["host_license"], "CC-BY-NC") === 0 or 
+    strcmp($_POST["host_license"], "CC-BY") === 0 or 
+    strcmp($_POST["host_license"], "Other") === 0 ) 
+    ) {
+  problem("ERROR: host_license is not a predfined value");  
+}
+logextra( "host_license is a predfined value" );
+
+$host_license = $_POST["host_license"];
+
+if ( $_POST["hostid"] == 0 ) {
+  problem("ERROR: hostid is 0");
+}
+logextra( "hostid is not 0" );
+
+if ( empty($_POST["hostid"])  ) {
+  problem("ERROR: hostid doesn't exists ");
+}
+logextra( "hostid exists " );
+
+$result = mysqli_query($connection, 'SELECT MAX(hostid) FROM hosts;');
+if (!isset($result)) {
+  problem("ERROR: could not get the max host from db");
+}
+$maxhost_array = mysqli_fetch_row( $result );
+$maxhost = $maxhost_array[0];
+logextra( "retrieved the max host from db" );
+
+$hostid = $_POST["hostid"];
+if ( (strval(intval($hostid)) != strval($hostid)) ){
+  problem("ERROR: host id is not an int");
+}
+logextra( "host id is int" );
+
+if ( ( intval($hostid) < 0 ) or ( intval($hostid) > $maxhost ) ){
+  problem("ERROR: host id \"$hostid\" is not in the correct range \" $maxhost \"");
+}
+logextra( "host id is int, and in the correct range" );
+
+$query = "SELECT * FROM `hosts` WHERE `hostid` = '$hostid' and `host` = '$host_name';";
+$result = @mysqli_query($connection, $query);
+$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
+
+logextra( "Getting this host from the db" );
+
+if ( ( $db["hostid"] != $hostid ) or ( $db["host"] != $host_name ) ) {
+  problem("ERROR: Could not find the host \"" . $db["hostid"] ."\",  \"" .  $db["host"] . "\" in the db \"${hostid}\", \"${host_name}\"" . $query );
+}
+logextra( "Found this reservation from the db" );
+
+if ( ( $db["profile"] != "$host_profile" ) or ( $db["license"] != "$host_license" ) ) {
+  logextra("The host_license is different to that in the db");
+  $query = "UPDATE `hosts` SET `profile` = '$host_profile', `license` = '$host_license'  WHERE `hosts`.`hostid` = '$hostid';";
+  $result = mysqli_query($connection, $query );
+  if (!isset($result)) {
+    problem("ERROR: could not update the host profile");
+  } else {
+    logextra( "Updating the host profile" );
+  }
+}
+logextra( "The host_license is the same to that in the db" );
+
+##############
+# Episode Check
+// SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET
+
+
+if ( !empty($_POST["ep_num"]) and isset( $_POST["ep_num"] ) ) {
+    $ep_num = intval( $_POST["ep_num"] );
+}
+else {
+    problem("ERROR: ep_num is empty");
+}
+
+// // SELECT MAX(ep_num) FROM `reservations` → 3627
+// // SELECT MIN(ep_num) FROM `reservations` WHERE ep_num > 0 → 3582
+// 
+$result = mysqli_query($connection, 'SELECT MAX(ep_num) FROM `reservations`;');
+if (!isset($result)) {
+    problem("ERROR: Can't get max eps from reservations");
+}
+$max_eps_array = mysqli_fetch_row( $result );
+$max_eps = $max_eps_array[0];
+mysqli_free_result($result);
+
+$result = mysqli_query($connection, 'SELECT MIN(ep_num) FROM `reservations` WHERE ep_num > 0;');
+if (!isset($result)) {
+    problem("ERROR: Can't get min eps from reservations");
+}
+$min_eps_array = mysqli_fetch_row( $result );
+$min_eps = $min_eps_array[0];
+mysqli_free_result($result);
+
+if ( empty( $ep_num )  ) {
+    problem("ERROR: ep_num is empty");
+}
+
+if ( $ep_num < $min_eps ) {
+    problem("ERROR: ep_num is too small");
+}
+
+if ( $ep_num > $max_eps ) {
+    problem("ERROR: ep_num is too big");
+}
+
+if ( intval($ep_num) === 0 ) {
+  problem("ERROR: ep_num is 0");
+}
+else {
+  $ep_num = intval($ep_num);
+}
+
+$result = mysqli_query($connection, "SELECT ep_num FROM reservations WHERE ep_num='$ep_num' AND status='METADATA_PROCESSED';");
+if (!isset($result)) {
+    problem("ERROR: Cant get info from reservations db");
+}
+$db_ep_num_array = mysqli_fetch_row( $result );
+$db_ep_num = $db_ep_num_array[0];
+mysqli_free_result($result);
+
+if ( $db_ep_num != $ep_num ){
+    problem("ERROR: Cant find $ep_num with status of METADATA_PROCESSED");
+}
+
+$result = mysqli_query($connection, "SELECT `id` FROM `eps` WHERE `id` = '$ep_num';");
+if (!isset($result)) {
+    problem("ERROR: The show $ep_num is already in the eps db");
+}
+$db_ep_num_array = mysqli_fetch_row( $result );
+$db_ep_num = $db_ep_num_array[0];
+mysqli_free_result($result);
+if ( !empty( $db_ep_num )  ) {
+    problem("ERROR: $ep_num is already in the eps table");
+}
+if ( intval($db_ep_num) === $ep_num ) {
+  problem("ERROR: $ep_num is already in the eps table");
+}
+logextra( "ep_num checkes passed: $ep_num" );
+
+
+if ( !preg_match("/^\d{4}-\d{2}-\d{2}$/", $_POST["ep_date"]) ) {
+  problem("ERROR: ep_date fails the regex match ");
+}
+else {
+  $ep_date = $_POST["ep_date"];
+}
+
+if ( strtotime($ep_date) === false ) {
+  problem("ERROR: ep_date didn't convert to date");
+}
+else {
+  $ep_date_epoch = strtotime($ep_date);
+}
+logextra( "ep_date checkes passed: $ep_date" );
+
+
+if ( !empty($_POST["duration"]) and isset( $_POST["duration"] ) ) {
+  $duration = intval( $_POST["duration"] );
+}
+else {
+    problem("ERROR: duration is empty");
+}
+
+if ( empty( $duration )  ) {
+    problem("ERROR: duration is empty");
+}
+
+if ( $duration < 50 ) {
+    problem("ERROR: duration is too small");
+}
+
+if ( $duration > 26830 ) {
+    problem("ERROR: duration is too big");
+}
+
+if ( intval($duration) === 0 ) {
+  problem("ERROR: duration is 0");
+}
+else {
+  $duration = intval($duration);
+}
+logextra( "duration checkes passed: $duration" );
+
+$title = mysqli_real_escape_string( $connection, $title );
+$summary = mysqli_real_escape_string( $connection, $summary );
+$notes = mysqli_real_escape_string( $connection, $notes );
+$tags = mysqli_real_escape_string( $connection, $tags );
+
+$query_add = "INSERT INTO eps VALUES ('$ep_num', '{$ep_date}', '{$title}', '{$duration}', '{$summary}', '{$notes}', '{$hostid}', '{$series}', '{$explicit}', '{$episode_license}', '{$tags}', '0', '0', '0')";
+
+$result = mysqli_query($connection, $query_add );
+if(!$result) {
+  problem("ERROR: DB problem - The show $ep_num was not added to the eps db.");
+}
+if (mysqli_errno( $connection )) {
+  $error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n";
+  problem("ERROR: MySQL error- The show $ep_num was not added to the eps db.\n$error");
+} 
+
+$result = mysqli_query($connection, "SELECT `id` FROM `eps` WHERE `id` = '$ep_num';");
+if (!isset($result)) {
+  problem("ERROR: DB problem - The show $ep_num has not been added to the eps db");
+}
+$db_ep_num_array = mysqli_fetch_row( $result );
+$db_ep_num = $db_ep_num_array[0];
+mysqli_free_result($result);
+if (mysqli_errno( $connection )) {
+  $error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n";
+  problem("ERROR: MySQL error- The show $ep_num was not added to the eps db.\n$error");
+}
+
+$result = mysqli_query($connection, "UPDATE reservations SET `status` = 'SHOW_POSTED' WHERE `ep_num` = '$ep_num' AND status='METADATA_PROCESSED';" );
+if (!isset($result)) {
+  problem("ERROR: DB problem - The show $ep_num has not been added to the eps db");
+}
+if (mysqli_errno( $connection )) {
+  $error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n";
+  problem("ERROR: Could not update the show reservation to SHOW_POSTED in the db");
+}
+
+logextra( "Finished $ep_num ." );
+?>
diff --git a/cms/comment_process.php b/cms/comment_process.php
new file mode 100755
index 0000000..e592b23
--- /dev/null
+++ b/cms/comment_process.php
@@ -0,0 +1,75 @@
+<?php
+require "/home/hpr/php/include.php";
+
+if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) {
+    naughty("5c965856fd6e1af9256c04d400698fae"); 
+}
+$num_get_args=0;
+
+foreach($_GET as $k => $v) { 
+    ++$num_get_args; 
+}
+if ( $num_get_args !== 2 ){
+    # they are trying to GET on a POST request
+    naughty("638709cc1d7f107c024eb2a663675e8c");
+}
+
+if ( empty($_GET["key"]) or empty($_GET["action"]) ) {
+    naughty("991ce46448d64b90bc8a837b58b7ad20");
+}
+
+if ( empty($_GET["key"]) or strlen($_GET["key"]) !== 45  ) {
+    naughty("c9e5ea8d870dda8db08bc570cbed7f84");
+}
+
+if ( !empty($_GET["key"]) and 
+     isset( $_GET['key'] ) and 
+     strlen( $_GET['key'] ) ===  45 and 
+     strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) ===  45 and 
+     ctype_xdigit( $_GET['key'] ) 
+    ) {
+    $key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) );
+}
+else {
+    naughty("868d9cc49b2f1e4a9319a8e8755d6189");
+}
+
+if ( !in_array($_GET["action"], array('approve','delete','block'), true ) ) {
+    naughty("c0ca62c918f9bb0ab72da0cdf2f2e8df ");
+}
+else {
+    $action = $_GET["action"];
+}
+
+$comment_directory = "/home/hpr/comments";
+
+if ( ! file_exists( $comment_directory ) ) {
+    # Looks like the comments directory has not been created
+    naughty("0fdffa1dbe94e0730cef457be93ebf40");
+}
+
+$files = glob( "${comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_${key}.json" );
+if (count($files) === 0) {
+    naughty("3efef2971727905064855d7866cb0059");
+}
+else {
+    $file = $files[0];
+}
+
+list($begin, $file_ip, $end) = explode('_', $file);
+
+if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) {
+    naughty("70ebe39c92b393c288e41a4d3128b5da");
+}
+
+if ( $action === 'block' ) {
+    file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t${file_ip}\tReported as comment spammer\t${key}\n", FILE_APPEND | LOCK_EX );
+}
+
+unlink( "${file}" );
+http_response_code(200);
+
+
+//   exit;
+
+?>
diff --git a/cms/say.php b/cms/say.php
new file mode 100644
index 0000000..72886f3
--- /dev/null
+++ b/cms/say.php
@@ -0,0 +1,111 @@
+<?php
+require "/home/hpr/php/include.php";
+
+if (isset($_GET['id'])) {
+  $id = $_GET['id'];
+  $result = mysqli_query($connection, 'SELECT MAX(id) FROM eps;');
+  if (!isset($result)) {
+      die('Could not query:' . mysqli_error());
+  }
+  $maxhost_array = mysqli_fetch_row( $result );
+  $maxhost = $maxhost_array[0]; 
+  $num_get_args=0;
+  foreach($_GET as $k => $v) { 
+    ++$num_get_args; 
+  }
+  if ( (strval(intval($id)) != strval($id)) OR ( intval($id) <= 0 ) OR ( intval($id) > $maxhost ) OR ( $num_get_args > 1 ) ){
+      exit;
+  }
+  $query = "SELECT id FROM eps WHERE id = '$id'";
+  $result = @mysqli_query($connection, $query);
+  if($result === FALSE) {
+    call412( "a9564ebc3289b7a14551baf8ad5ec60a" );
+  }
+  else {
+    $db = mysqli_fetch_array($result, MYSQLI_ASSOC);
+    if ( empty($db["id"]) ) {
+      call412( "a9564ebc3289b7a14551baf8ad5ec60a" );
+    }
+  }
+}
+else {
+  call412( "a9564ebc3289b7a14551baf8ad5ec60a" );
+  exit;
+}
+Header('Content-type: text/tab-separated-values');
+header("Content-disposition: inline; filename=say.txt");
+
+$ep_retrieve = "SELECT UNIX_TIMESTAMP(eps.date) AS timestamp, eps.title, eps.duration, eps.summary, hosts.host, eps.hostid, eps.series, eps.license, eps.explicit FROM eps, hosts WHERE hosts.valid = '1' AND id = '$id' AND eps.hostid = hosts.hostid";
+if ($result = mysqli_query($connection, $ep_retrieve)) {
+  while ($row = mysqli_fetch_array($result)) {
+    $date = $row['timestamp'];
+    $title = $row['title'];
+    $duration = $row['duration'];
+    $summary = $row['summary'];
+    $host = $row['host'];
+    $hostid = $row['hostid'];
+    $series = $row['series'];
+    $license = $row['license'];
+    $explicit = $row['explicit'];
+
+    $id = fixid($id); 
+
+    $host_retrieve = "SELECT host, espeak_name FROM hosts WHERE hostid = '$hostid'";
+    $result1 = mysqli_query($connection, $host_retrieve);
+    $row1 = mysqli_fetch_array($result1); 
+    $espeak_name = $row1['espeak_name'];
+    
+    $epcountquery = "SELECT count( id ) AS total FROM eps WHERE hostid = '$hostid'";
+    $result2 = mysqli_query($connection, $epcountquery);
+    $row2 = mysqli_fetch_array($result2); 
+    $total = $row2['total'];
+    if ( $total == 1 ) {
+      $host_notes = ". It is the first show by new host ${espeak_name}, ";
+    }
+    else if ($total % 10 == 0)   {
+      $host_notes = ". It is the ${total}th show of ${espeak_name}, ";
+    }
+    else {
+      $host_notes = ". It is hosted by ${espeak_name}, ";
+    }
+  }
+}
+$HPR_summary = "This is Hacker Public Radio episode $id for " . date("l", $date) . " the " . date("jS", $date) . " of " . date("F Y", $date) . ". Todays show is entitled. ${title}.";
+if ($series > "0"){
+  $series_query = mysqli_query($connection, "SELECT name, description FROM miniseries WHERE id = '$series'");
+  $series_result = mysqli_fetch_array($series_query);
+  $series_title = $series_result['name'];
+  $desc = $series_result['description'];
+  $HPR_summary = "${HPR_summary} It is part of the series \"$series_title\"";
+}
+$HPR_summary = "${HPR_summary} ${host_notes} and is about " . round($duration/60) . " minutes long. It carries ";
+if ($explicit == 0) {
+    $HPR_summary = "${HPR_summary} a clean flag. ";
+    $explicit = "Clean";
+}
+else{
+    $HPR_summary = "${HPR_summary} an explicit flag. ";
+    $explicit = "Explicit";
+} 
+if ( !empty( $summary ) ) {
+  $HPR_summary = "${HPR_summary}. The summary is. $summary";
+}
+if (strcmp($license, "CC-BY-SA" ) !== 0) {
+    $HPR_summary = "${HPR_summary}. Todays show is licensed under a $license license.";
+} 
+
+$HPR_summary = str_replace($host,$espeak_name,$HPR_summary);
+
+echo "HPR_summary: ${HPR_summary}\n";
+echo "HPR_album: Hacker Public Radio\n";
+echo "HPR_artist: ${host}\n";
+echo "HPR_hostid: ${hostid}\n";
+echo "HPR_comment: https://hackerpublicradio.org ${explicit}; $summary\n";
+echo "HPR_genre: Podcast\n";
+echo "HPR_license: ${license}\n";
+echo "HPR_title: ${title}\n";
+echo "HPR_track: $id\n";
+echo "HPR_year: " . date("Y", $date) . "\n";
+echo "HPR_duration: ${duration}\n";
+echo "HPR_explicit: ${explicit}\n";
+?>
diff --git a/cms/schedule.php b/cms/schedule.php
new file mode 100644
index 0000000..deb0992
--- /dev/null
+++ b/cms/schedule.php
@@ -0,0 +1,164 @@
+<?php
+header('Content-Type: application/json');
+
+require "/home/hpr/php/include.php";
+$pos = strpos($_SERVER['REQUEST_URI'], '?');
+if ( ! $pos === false) {
+  header("Status: 412 Precondition Failed");
+  include '412.shtml';
+  file_put_contents($naughtyfile, getUserIP(), FILE_APPEND | LOCK_EX );
+  exit;
+}
+
+// --------------------------------------------
+// Clean up stale reservations
+
+$ip = $_SERVER["REMOTE_ADDR"];
+
+# Remove any stale requests. 
+# This should be enough to deter attackers while been short enough to allow real hosts to request a show.
+$query_delete_old = "DELETE
+FROM
+  reservations
+WHERE
+  reservations.timestamp + INTERVAL 1 HOUR <= UTC_TIMESTAMP()
+  AND reservations.status = 'REQUEST_UNVERIFIED'";
+$result_delete_old = @mysqli_query($connection, $query_delete_old);
+logextra( "Deleting requests older than 1 hour" . $result_delete_old );
+
+# Remove stale requests from this IP Address after 15 minutes. 
+# This should be enough to deter attackers while been short enough to allow real hosts to request a show.
+$query_delete = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.timestamp + INTERVAL 15 MINUTE <= UTC_TIMESTAMP() AND reservations.status = 'REQUEST_UNVERIFIED'";
+$result_delete = @mysqli_query($connection, $query_delete);
+logextra( "Remove stale requests from this \"${ip}\" IP Address after 15 minutes. " . $result_delete_old );
+
+
+$query = mysqli_query($connection, "SELECT max(date), max(id) from eps WHERE eps.date <= UTC_DATE()");
+$current_episode_array = mysqli_fetch_row($query);
+$current_episode_date = $current_episode_array[0];
+$current_episode_number = $current_episode_array[1];
+
+// --------------------------------------------
+// Populate array with future shows and reservations
+$show_array = array ();
+
+// REQUEST_UNVERIFIED → SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET
+$ep_retrieve = "SELECT hosts.host, eps.id, eps.title, eps.date FROM eps, hosts WHERE eps.valid=1 AND eps.hostid = hosts.hostid AND eps.date >= '$current_episode_date' ORDER BY date DESC";
+
+$ep_retrieve = "SELECT
+  hosts.host,
+  eps.id,
+  eps.title,
+  eps.date,
+  COUNT( assets.extension) AS numfiles
+FROM
+  eps
+  LEFT JOIN hosts ON eps.hostid = hosts.hostid
+  LEFT JOIN assets ON eps.id = assets.episode_id
+WHERE
+  eps.valid = 1
+  AND eps.date >= '$current_episode_date'
+GROUP BY eps.id;";
+
+if ($result = mysqli_query($connection, $ep_retrieve)) {
+  while ($row = mysqli_fetch_array($result)) {
+    $id = $row['id'];
+    $date = $row['date'];
+    $title = $row['title'];
+    $host = $row['host'];
+    $numfiles = $row['numfiles'];
+    if( isset($numfiles) and $numfiles >= 3 ) {
+      $status = "Finished";
+    }
+    else {
+      $status = "Reserved";
+    }
+    $show_array[$id]  = array ( "date" => date('Y-m-d', strtotime($date) ), 
+                                "title" => $title,
+                                "host" => $host,
+                                "status" => $status
+                              );
+  } 
+}
+// REQUEST_UNVERIFIED → SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET
+
+// Populate array with currently processing shows EMAIL_LINK_CLICKED
+$ep_retrieve = "
+SELECT
+  reservations.ep_num,
+  reservations.ep_date,
+  reservations.status
+FROM
+  reservations
+WHERE
+  reservations.verified = 1
+  AND reservations.ep_date >= '$current_episode_date'
+ORDER BY
+  reservations.ep_date DESC";
+
+if ($result = mysqli_query($connection, $ep_retrieve)) {
+  while ($row = mysqli_fetch_array($result)) {
+    $id = $row['ep_num'];
+    $date = $row['ep_date'];
+    $status = $row['status'];
+    $show_array[$id]  = array ( "date" => date('Y-m-d', strtotime($date) ), 
+                                "title" => $status,
+                                "host" => "Unverified",
+                                "status" => "Processing"
+                              );
+  }
+}
+
+// Populate array with temporary reservations.
+$ep_retrieve = "SELECT r.ep_num, r.ep_date, r.timestamp + INTERVAL 1 HOUR - UTC_TIMESTAMP() AS seconds_to_expiration FROM reservations r
+WHERE r.timestamp + INTERVAL 1 HOUR > UTC_TIMESTAMP() AND r.verified =0 AND r.ep_date >= '$current_episode_date' ORDER BY r.ep_date DESC";
+
+if ($result = mysqli_query($connection, $ep_retrieve)) {
+  while ($row = mysqli_fetch_array($result)) {
+    $id = $row['ep_num'];
+    $date = $row['ep_date'];
+    $seconds_to_expiration = $row['seconds_to_expiration'];
+    $minutes = floor($seconds_to_expiration / 60) + 1;
+    $show_array[$id]  = array ( "date" => date('Y-m-d', strtotime($date) ), 
+                                "title" => " Available again in $minutes minutes",
+                                "host" => "Unverified",
+                                "status" => "Locked"
+                              );
+  }
+}
+
+$ep_retrieve = "SELECT
+  hosts.host,
+  eps.id,
+  eps.title,
+  eps.date 
+FROM
+  eps,
+  hosts,
+  assets
+WHERE
+  eps.valid = 1
+  AND eps.hostid = hosts.hostid
+  AND eps.id = assets.episode_id
+  AND assets.extension = 'ogg'
+  AND eps.date >= '$current_episode_date'
+ORDER BY
+  date DESC";
+if ($result = mysqli_query($connection, $ep_retrieve)) {
+  while ($row = mysqli_fetch_array($result)) {
+    $id = $row['id'];
+    $date = $row['date'];
+    $title = $row['title'];
+    $host = $row['host'];
+    $show_array[$id]  = array ( "date" => date('Y-m-d', strtotime($date) ), 
+                                "title" => $title,
+                                "host" => $host,
+                                "status" => "Finished"
+                              );
+  } 
+}
+
+
+echo json_encode($show_array, JSON_FORCE_OBJECT);
+?>
+
diff --git a/cms/status.php b/cms/status.php
new file mode 100644
index 0000000..17056a2
--- /dev/null
+++ b/cms/status.php
@@ -0,0 +1,137 @@
+<?php
+require "/home/hpr/php/include.php";
+
+if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) {
+    naughty("438a220a58dc34c200a8669547afc66b"); 
+}
+
+$num_get_args=0;
+foreach($_GET as $k => $v) { 
+    ++$num_get_args; 
+}
+if ( $num_get_args !== 2 ){
+    $result = mysqli_query($connection, "SET time_zone = '+0:00';");
+    if (!isset($result)) {
+        naughty("cca6408ae1febc3f07974177b2d04375");
+    }
+
+    header("Content-type: text/csv");
+    print "timestamp_epoc,ep_num,ep_date,key,status,email\n";
+    # 1649790226_3710_2022-10-21_b291590ce4ba23b519935bde53d0a5936255cd12e96b4
+    $query = "SELECT UNIX_TIMESTAMP(timestamp) as timestamp_epoc, `ep_num`, `ep_date`, `key`, `status`, `email` FROM `reservations` WHERE `ep_num` > 0 ORDER BY `ep_num` ASC";
+    if($result = mysqli_query($connection, $query)) {
+        while($row = mysqli_fetch_array($result)) {
+            //handle text color
+            print "{$row['timestamp_epoc']},{$row['ep_num']},{$row['ep_date']},{$row['key']},{$row['status']},{$row['email']}\n";
+        }
+    }
+    else {
+        naughty("2dcabda45255713ea9bf04523e804016");
+    }
+    mysqli_close($connection);
+    exit;
+}
+
+if ( empty($_GET["ep_num"]) or empty($_GET["status"]) ) {
+    naughty("32bedea129648f27701f2f2f3ff4b7b5");
+}
+
+if ( !in_array($_GET["status"], array('METADATA_PROCESSED','SHOW_POSTED','MEDIA_TRANSCODED','UPLOADED_TO_IA','UPLOADED_TO_RSYNC_NET','REMOVE_RESERVATION'), true ) ) {
+    naughty("88882bc97094e7aabf2a258756f917f5 ");
+}
+else {
+    $status = $_GET["status"];
+}
+
+if ( !empty($_GET["ep_num"]) and isset( $_GET["ep_num"] ) ) {
+    $ep_num = intval( $_GET["ep_num"] );
+}
+else {
+    naughty("ecb0ebc5b38b4c09226ccbfce05978cb");
+}
+
+// // SELECT MAX(ep_num) FROM `reservations` → 3627
+// // SELECT MIN(ep_num) FROM `reservations` WHERE ep_num > 0 → 3582
+// 
+$result = mysqli_query($connection, 'SELECT MAX(ep_num) FROM `reservations`;');
+if (!isset($result)) {
+    naughty("360e6381ffca736b6f12056abd7dcc7d");
+}
+$max_eps_array = mysqli_fetch_row( $result );
+$max_eps = $max_eps_array[0];
+mysqli_free_result($result);
+
+$result = mysqli_query($connection, 'SELECT MIN(ep_num) FROM `reservations` WHERE ep_num > 0;');
+if (!isset($result)) {
+    naughty("6971b6d378292e8fc9583de6082eddf4");
+}
+$min_eps_array = mysqli_fetch_row( $result );
+$min_eps = $min_eps_array[0];
+mysqli_free_result($result);
+
+if ( empty( $ep_num )  ) {
+    naughty("6cf46a9b21e667c61b2c5bf87a7104f9 $ep_num");
+}
+
+if ( $ep_num < $min_eps ) {
+    naughty("bbcef7cd8a263dc57e85195935ad600a $ep_num < $min_eps");
+}
+
+if ( $ep_num > $max_eps ) {
+    naughty("a75115f3fa706ceee4b61971cd22b8f9 $ep_num > $max_eps");
+}
+
+// SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET
+switch ($status) {
+  case "METADATA_PROCESSED":
+    $current_status="SHOW_SUBMITTED";
+    break;
+  case "SHOW_POSTED":
+    $current_status="METADATA_PROCESSED";
+    break;
+  case "MEDIA_TRANSCODED":
+    $current_status="SHOW_POSTED";
+    break;
+  case "UPLOADED_TO_IA":
+    $current_status="MEDIA_TRANSCODED";
+    break;
+  case "UPLOADED_TO_RSYNC_NET":
+    $current_status="UPLOADED_TO_IA";
+    break;
+  case "REMOVE_RESERVATION":
+    $query = "DELETE FROM reservations WHERE `ep_num` = '$ep_num' ";
+    $result = @mysqli_query($connection, $query);
+    if (mysqli_errno( $connection)) {
+    $error = "MySQL error ".mysqli_errno( $connection).": ".mysqli_error($connection)."\n";
+      problem("Could not update the show reservation to $status in the db");
+    }
+    mysqli_free_result($result);
+    mysqli_close($connection);
+    logextra( "$query");
+    die;
+}
+
+$result = mysqli_query($connection, "SELECT ep_num FROM reservations WHERE `ep_num` = '$ep_num' AND status='$current_status';");
+if (!isset($result)) {
+    naughty("7f2d7228ca355be6dd2a24769595b18f");
+}
+$db_ep_num_array = mysqli_fetch_row( $result );
+$db_ep_num = $db_ep_num_array[0];
+mysqli_free_result($result);
+if ( $db_ep_num != $ep_num ){
+    problem("da59731c6ae6d1ce0fa2fa9fc4e1e726 $db_ep_num != $ep_num");
+}
+
+$query = "UPDATE reservations SET `status` = '$status' WHERE `ep_num` = '$ep_num' AND status='$current_status';";
+$result = mysqli_query($connection,  $query );
+if(!isset($result)) {
+	problem("8a76bb408877b1d33bf31ea96b6fc02f");
+}
+if (mysqli_errno( $connection )) {
+  $error = "MySQL error ".mysqli_errno( $connection).": ".mysqli_error($connection)."\n";
+  problem("Could not update the show reservation to $status in the db");
+}
+mysqli_close($connection);
+
+logextra( "UPDATE reservations SET `status` = '$status' WHERE ep_num='$ep_num' AND status='$current_status';");
+?>
diff --git a/hub/412.shtml b/hub/412.shtml
new file mode 100755
index 0000000..207d546
--- /dev/null
+++ b/hub/412.shtml
@@ -0,0 +1,14 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<title>Hacker Public Radio</title>
+</head>
+<body>
+<h1>412 Precondition Failed</h1>
+<p>
+Interesting. <br />
+Why not <a href="/calendar.php">record<a/> a show telling us about what you were trying to do ?
+</p>
+</body>
+</html>
diff --git a/hub/calendar.php b/hub/calendar.php
new file mode 100644
index 0000000..ab31f08
--- /dev/null
+++ b/hub/calendar.php
@@ -0,0 +1,301 @@
+<?php
+require "/home/hpr/php/include.php";
+$pos = strpos($_SERVER['REQUEST_URI'], '?');
+if ( ! $pos === false) {
+  header("Status: 412 Precondition Failed");
+  include '412.shtml';
+  file_put_contents($naughtyfile, getUserIP(), FILE_APPEND | LOCK_EX );
+  exit;
+}
+
+$body="give";
+//$body="index_full";
+include 'header.html'; 
+
+// --------------------------------------------
+// Clean up stale reservations
+
+$ip = $_SERVER["REMOTE_ADDR"];
+
+# Remove any stale requests. 
+# This should be enough to deter attackers while been short enough to allow real hosts to request a show.
+$query_delete_old = "DELETE
+FROM
+  reservations
+WHERE
+  reservations.timestamp + INTERVAL 1 HOUR <= UTC_TIMESTAMP()
+  AND reservations.status = 'REQUEST_UNVERIFIED'";
+$result_delete_old = @mysqli_query($connection, $query_delete_old);
+logextra( "Deleting requests older than 1 hour" . $result_delete_old );
+
+# Remove stale requests from this IP Address after 15 minutes. 
+# This should be enough to deter attackers while been short enough to allow real hosts to request a show.
+$query_delete = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.timestamp + INTERVAL 15 MINUTE <= UTC_TIMESTAMP() AND reservations.status = 'REQUEST_UNVERIFIED'";
+$result_delete = @mysqli_query($connection, $query_delete);
+logextra( "Remove stale requests from this \"${ip}\" IP Address after 15 minutes. " . $result_delete_old );
+
+
+// --------------------------------------------
+// Get first free slot
+
+$query = mysqli_query($connection, "
+SELECT  id + 1 FROM eps mo
+WHERE   NOT EXISTS
+        (
+        SELECT  NULL
+        FROM    eps mi 
+        WHERE   mi.id = mo.id + 1
+        )
+ORDER BY
+        id
+LIMIT 1");
+$next_show_num_array = mysqli_fetch_row($query);
+$next_show_num = $next_show_num_array[0];
+
+print "<!-- next_show_num is $next_show_num -->\n";
+
+// --------------------------------------------
+// Get latest published show
+
+$query = mysqli_query($connection, "SELECT max(date), max(id) from eps WHERE eps.date <= UTC_DATE()");
+$current_episode_array = mysqli_fetch_row($query);
+$current_episode_date = $current_episode_array[0];
+$current_episode_number = $current_episode_array[1];
+
+print "<!-- current_episode_date is $current_episode_date -->\n";
+print "<!-- current_episode_number is $current_episode_number -->\n";
+
+// --------------------------------------------
+// Get highest scheduled or reserved show
+
+$query = mysqli_query($connection, "SELECT MAX(id) FROM eps as maxid;");
+$max_episode_array = mysqli_fetch_row($query);
+$max_episode_number = $max_episode_array[0];
+print "<!-- max_episode_number is $max_episode_number -->\n";
+
+// --------------------------------------------
+// Populate array with future shows and reservations
+$show_array = array ();
+
+// REQUEST_UNVERIFIED → SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET
+$ep_retrieve = "SELECT hosts.host, eps.id, eps.title, eps.date FROM eps, hosts WHERE eps.valid=1 AND eps.hostid = hosts.hostid AND eps.date >= '$current_episode_date' ORDER BY date DESC";
+
+$ep_retrieve = "SELECT
+  hosts.host,
+  eps.id,
+  eps.title,
+  eps.date,
+  COUNT( assets.extension) AS numfiles
+FROM
+  eps
+  LEFT JOIN hosts ON eps.hostid = hosts.hostid
+  LEFT JOIN assets ON eps.id = assets.episode_id
+WHERE
+  eps.valid = 1
+  AND eps.date >= '$current_episode_date'
+GROUP BY eps.id;";
+
+if ($result = mysqli_query($connection, $ep_retrieve)) {
+  while ($row = mysqli_fetch_array($result)) {
+    $id = $row['id'];
+    $date = $row['date'];
+    $title = $row['title'];
+    $host = $row['host'];
+    $numfiles = $row['numfiles'];
+    if( isset($numfiles) and $numfiles >= 3 ) {
+      $status = "Finished";
+    }
+    else {
+      $status = "Reserved";
+    }
+    $show_array[$id]  = array ( "date" => date('Y-m-d', strtotime($date) ), 
+                                "title" => $title,
+                                "host" => $host,
+                                "status" => $status
+                              );
+  } 
+}
+// REQUEST_UNVERIFIED → SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET
+
+// Populate array with currently processing shows EMAIL_LINK_CLICKED
+$ep_retrieve = "
+SELECT
+  reservations.ep_num,
+  reservations.ep_date,
+  reservations.status
+FROM
+  reservations
+WHERE
+  reservations.verified = 1
+  AND reservations.ep_date >= '$current_episode_date'
+ORDER BY
+  reservations.ep_date DESC";
+
+if ($result = mysqli_query($connection, $ep_retrieve)) {
+  while ($row = mysqli_fetch_array($result)) {
+    $id = $row['ep_num'];
+    $date = $row['ep_date'];
+    $status = $row['status'];
+    $show_array[$id]  = array ( "date" => date('Y-m-d', strtotime($date) ), 
+                                "title" => $status,
+                                "host" => "Unverified",
+                                "status" => "Processing"
+                              );
+  }
+}
+
+// Populate array with temporary reservations.
+$ep_retrieve = "SELECT r.ep_num, r.ep_date, r.timestamp + INTERVAL 1 HOUR - UTC_TIMESTAMP() AS seconds_to_expiration FROM reservations r
+WHERE r.timestamp + INTERVAL 1 HOUR > UTC_TIMESTAMP() AND r.verified =0 AND r.ep_date >= '$current_episode_date' ORDER BY r.ep_date DESC";
+
+if ($result = mysqli_query($connection, $ep_retrieve)) {
+  while ($row = mysqli_fetch_array($result)) {
+    $id = $row['ep_num'];
+    $date = $row['ep_date'];
+    $seconds_to_expiration = $row['seconds_to_expiration'];
+    $minutes = floor($seconds_to_expiration / 60) + 1;
+    $show_array[$id]  = array ( "date" => date('Y-m-d', strtotime($date) ), 
+                                "title" => " Available again in $minutes minutes",
+                                "host" => "Unverified",
+                                "status" => "Locked"
+                              );
+  }
+}
+
+$ep_retrieve = "SELECT
+  hosts.host,
+  eps.id,
+  eps.title,
+  eps.date 
+FROM
+  eps,
+  hosts,
+  assets
+WHERE
+  eps.valid = 1
+  AND eps.hostid = hosts.hostid
+  AND eps.id = assets.episode_id
+  AND assets.extension = 'ogg'
+  AND eps.date >= '$current_episode_date'
+ORDER BY
+  date DESC";
+if ($result = mysqli_query($connection, $ep_retrieve)) {
+  while ($row = mysqli_fetch_array($result)) {
+    $id = $row['id'];
+    $date = $row['date'];
+    $title = $row['title'];
+    $host = $row['host'];
+    $show_array[$id]  = array ( "date" => date('Y-m-d', strtotime($date) ), 
+                                "title" => $title,
+                                "host" => $host,
+                                "status" => "Finished"
+                              );
+  } 
+}
+
+
+// --------------------------------------------
+// Calculate the time to the next show
+
+# aria-label=""
+
+$next_show_date = date('Y-m-d', strtotime($show_array[$next_show_num - 1 ]["date"] . ' + 1 weekday'));
+$days_to_wait = floor((strtotime($next_show_date) - strtotime(gmdate('Y-m-d')))/(60*60*24));
+
+?>
+<main id="maincontent">
+
+<h1>Upload Your Show</h1>
+
+<p>
+The HPR Schedule is entirely community driven and we recommend that <strong>you</strong> decide when your show will be released. 
+</p>
+
+<p>
+There are only <strong><?php echo "${days_to_wait}"; ?></strong> days to wait until next free slot. Please consider <a aria-label="Help on Recording a podcast" href="<?php echo "${baseurl}about.html#recording_a_podcast"; ?>">recording</a> a show for us.
+</p>
+<ol>
+<li>Review the updated <em><a aria-label="Learn the Stuff you need to know" href="<?php echo "${baseurl}about.html#agreement"; ?>">Stuff you need to know</a></em> page.</li>
+<li>Select a date, or post to the reserve queue.</li>
+<li>Click the link in the confirmation email</li>
+<li>Then <a aria-label="Help on Adding an episode" href="<?php echo "${baseurl}about.html#adding_an_episode"; ?>">fill in a form</a>.</li>
+</ol>
+
+<h2 id="reserve_queue">Add to the Reserve Queue ?</h2>
+
+<p>
+<a aria-label="Post to the reserve queue" href="<?php echo "${hubBaseurl}"; ?>request.php?id=9999">Post your show to the <strong>reserve queue</strong></a> if you don't care when it will be released. <small><a aria-label="Help on the reserve queue" href="<?php echo "${baseurl}about.html#reserve_queue"; ?>">&#9432;</a></small>
+</p>
+  
+<h2 id="current_schedule">Select a date in the current schedule ?</h2>
+
+<p>
+<strong>Schedule</strong> the release</a> day your show will be aired. <small><a aria-label="Help on the scheduling guidelines" href="<?php echo "${baseurl}about.html#scheduling_guidelines"; ?>">&#9432;</a></small>
+</p>
+
+<h3>Next Two Months <small><a aria-label="Help on the HPR processing workflow" href="<?php echo "${baseurl}about.html#workflow"; ?>">&#9432;</a></small></h3>
+
+
+
+
+<?php
+$sizeof_show_array = sizeof($show_array);
+$this_episode_date = date('D Y-m-d', strtotime($current_episode_date));
+$week_number = date('W', strtotime($this_episode_date));
+for ( $slot = $current_episode_number; $slot < ( $current_episode_number + 60 ); $slot++ ) {
+  if ( !empty( $show_array[$slot] ) ) {
+    if ( $show_array[$slot]["status"] === "Finished" ) {
+      # https://hackerpublicradio.org/eps/hpr3879/index.html
+      # ${baseurl}/eps/hpr${slot}/index.html
+      echo "<span style=\"font-family:monospace;\">" . date('D Y-m-d', strtotime($show_array[$slot]["date"]))  . ": <a aria-label=\"Go directly to the show hpr${slot}\" href=\"${baseurl}eps/hpr${slot}/index.html\">hpr${slot}</a></span> <strong>" . $show_array[$slot]["title"] . "</strong> by <em>" . $show_array[$slot]["host"] . "</em><br />\n";
+    }
+    else {
+      echo "<span style=\"font-family:monospace;\">${this_episode_date}: hpr${slot}</span> <strong>". $show_array[$slot]["status"]. ":</strong> <em>" . $show_array[$slot]["title"] . "</em>.<br />\n";
+    }
+    $sizeof_show_array--;
+  }
+  elseif ( empty( $show_array[$slot] ) ) {
+    echo "<span style=\"font-family:monospace;\">${this_episode_date}: <a aria-label=\"Upload to the slot hpr${slot}\" href=\"/request.php?id=${slot}\">hpr${slot}</span> is available - upload now</a>.<br />\n";
+  }
+  elseif ( $show_array[$slot]["valid"] == 0 ) {
+    echo "<span style=\"font-family:monospace;\">${this_episode_date}: hpr${slot}</span> <strong>Unavailable</strong>.<br />\n";
+  }
+  $this_episode_date = date('D Y-m-d', strtotime($this_episode_date . ' + 1 weekday'));
+  $new_week_number = date('W', strtotime($this_episode_date));
+  if ( $week_number != $new_week_number ) {
+     $week_number = $new_week_number;
+     echo "<span style=\"font-family:monospace;\">----------------- Week ${week_number} -----------------<br /></span>\n";
+  }
+}
+?>
+
+<h3>Also Scheduled</h3>
+<?php
+$slot--;
+while ( $slot <= $max_episode_number) {
+// print "<!-- slot $slot, sizeof_show_array $sizeof_show_array, sizeof_reservation_array $sizeof_reservation_array, max_episode_number $max_episode_number -->\n" ;
+  if ( !empty( $show_array[$slot] ) ) {
+    if ( $show_array[$slot]["status"] === "Finished" ) {
+      echo "<span style=\"font-family:monospace;\">" . date('D Y-m-d', strtotime($show_array[$slot]["date"])) . ": <a aria-label=\"Go directly to the show hpr${slot}\" href=\"${baseurl}eps/hpr${slot}/index.html\">hpr${slot}</a></span> <strong>" . $show_array[$slot]["title"] . "</strong> by <em>" . $show_array[$slot]["host"] . "</em><br />\n";
+    }
+    else {
+      echo "<span style=\"font-family:monospace;\">" . date('D Y-m-d', strtotime($show_array[$slot]["date"]))  . ": hpr${slot}</span> <strong>". $show_array[$slot]["status"]. ":</strong> <em>" . $show_array[$slot]["title"] . "</em>.<br />\n";
+    }
+
+    $sizeof_show_array--;
+  }
+  $slot++;
+}
+?>
+
+
+<h3>Pick other dates</h3>
+<p>
+If you wish to pick an available slot in the next 12 months then go directly to the <a aria-label="Go to the request page" href="/request.php">request page</a>. 
+</p>
+
+</main>
+
+<?php
+include 'footer.html'; 
+?>
diff --git a/hub/comment_confirm.php b/hub/comment_confirm.php
new file mode 100644
index 0000000..2f9866d
--- /dev/null
+++ b/hub/comment_confirm.php
@@ -0,0 +1,304 @@
+<?php
+# eps.php > comment_confirm.php > eps.php 
+require "/home/hpr/php/include.php";
+
+$num_get_args = 0;
+
+foreach($_GET as $k => $v) { 
+    ++$num_get_args; 
+} 
+
+if ( $num_get_args > 0 ){
+    # they didn't supply any arguments
+    naughty("9e756ee22b7cdcdb150a5baf167caa25 $num_get_args");
+}
+
+if ( empty($_POST["anti_spam_question"]) ) {
+    naughty("0601a23e358374c293b086bb75606cca");
+}
+
+if ( strlen($_POST["anti_spam_question"]) !== 6 ) {
+    naughty("6f51e6e7e6820b3fdda5d4ca0df14db1");
+}
+
+if (strcasecmp('public', $_POST["anti_spam_question"]) !== 0) {
+    naughty("6aef421ce05e3ac34f4cd91ae3248a45");
+}
+
+$comment_directory = "/home/hpr/comments";
+
+if ( ! file_exists( $comment_directory ) ) {
+    # Looks like the comments directory has not been created
+    naughty("d5342ea497f701656433e81fb5eed064");
+}
+
+$unprocessed_comments = iterator_count(new FilesystemIterator("$comment_directory", FilesystemIterator::SKIP_DOTS));
+
+if( $unprocessed_comments >= 10 ) {
+    # There has to be at least one comment here as they are calling the script, and too many is suspicious
+    naughty("093f42abee30e69e0e4d5125c70a0f7c");
+}
+
+# This is to prevent anything except hits from the web form. 
+# Anyone wanting to script uploads can do so via ftp
+if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) {
+    naughty("87613fc139b251b673e1dd51e378e462"); 
+}
+
+if ( empty($_SERVER["REMOTE_ADDR"]) ) {
+    naughty("d7d0b6ab9689be244e1b6a8fbe6effba");
+}
+else {
+    $ip = $_SERVER["REMOTE_ADDR"];
+}
+
+if (count($_POST) !== 8) {
+    naughty("086fe155b0588de68fc5d9e4580254a8");
+}
+
+// Basic POST Checks
+if ( empty($_POST["comment_author_name"]) or strlen($_POST["comment_author_name"]) > 40 or strtolower($_POST["comment_author_name"]) == "testdog" ) {
+    naughty("294356cd36d3f9b75da4d8c0a6108881");
+}
+$comment_author_name = json_encode( $_POST["comment_author_name"] );
+
+if ( empty($_POST["comment_title"]) or strlen($_POST["comment_title"]) > 100 ) {
+    naughty("a89efb428cfe36996a65b371d5f4e303");
+}
+$comment_title = json_encode( $_POST["comment_title"] );
+
+if ( empty($_POST["comment_text"]) or strlen($_POST["comment_text"]) > 2000 or strpos(strtolower($_POST["comment_text"]), "outlook.con") !== false ) {
+    naughty("cd57ab4d7b77a131ed3deb441bd93dcd");
+}
+$comment_text = json_encode( $_POST["comment_text"] );
+
+if ( empty($_POST["spammer"]) or strcmp($_POST["spammer"], "No") !== 0 ) {
+    naughty("b2ec68bd04cee0f64143ce4827a97e7c");
+}
+
+# We check to see if the eps_id has been suplied, that it's a integer, and that it's in our range.
+
+if (isset($_POST['eps_id'])){
+    $eps_id = intval( $_POST['eps_id'] );
+
+    $query = "SELECT COUNT(*) FROM eps WHERE id='$eps_id'";
+    $result = mysqli_query($connection, "$query");
+    $row = mysqli_fetch_array($result, MYSQLI_NUM);
+    $total = $row[0];
+    if ( !isset($result) or ( $total != 1 ) ) {
+        naughty("5348e3c2aee3644730c70d3f000bcb01");
+    }
+    mysqli_free_result($result);
+
+    $result = mysqli_query($connection, 'SELECT MAX(id) as max FROM eps;');
+    if (!isset($result)) {
+        naughty("f00fb1f47affc3286aadc15038cfd5d7");
+    }
+    while ($row = mysqli_fetch_array($result)) {
+        $max_eps = $row['max'];
+    }
+    mysqli_free_result($result);
+}
+else {
+    naughty("02c560adf1ff39b140fe8b7abe02fd31");
+}
+
+if ( intval($eps_id) <= 0 ){
+    naughty("2903eeac51bb479edb428ae3c896671c");
+}
+
+if ( intval($eps_id) > $max_eps ){
+    naughty("54aa65c12ba71f3dfc451ff5bc82c798");
+}
+
+if ( intval($eps_id) === 0 ) {
+    naughty("11fe1f9b76bf9f30e6a3a784832cb738");
+}
+else {
+    $eps_id = intval($eps_id);
+}
+
+# extra spam checks to see if they supplied the correct host id
+$query = "SELECT hosts.host, eps.title, eps.summary, eps.date, eps.hostid, eps.series, miniseries.name, eps.explicit FROM eps, hosts, miniseries WHERE eps.id='$eps_id' AND eps.valid=1 AND eps.hostid = hosts.hostid AND eps.series = miniseries.id";
+if ($result = mysqli_query($connection, $query)) {
+    while ($row = mysqli_fetch_array($result)) {
+        $host = $row['host'];
+        $title = $row['title'];
+        $summary = $row['summary'];
+        $ep_date = $row['date'];
+        $host_id = $row['hostid'];
+        $series_id = $row['series'];
+        $series_name = $row['name'];
+        $explicit = $row['explicit'];
+    } 
+}
+else {
+    naughty("c34561d684ad97241c95a1287688638b");
+}
+mysqli_free_result($result);
+
+if ( empty($_POST["hostid"]) or intval($_POST["hostid"]) !=  $host_id ) {
+    naughty("b4d71481b7055272728094292fd2a562");
+}
+
+if ( empty($_POST["justification"]) or strlen($_POST["justification"]) > 200 or strlen($_POST["justification"]) < 20) {
+    naughty("156d2d2d5780bd7f4a750f7c162b3394");
+}
+  
+# Checks to see how old the show is
+#$current_episode_number = GetLatestPublishedShow($connection);
+list ($current_episode_date, $current_episode_number) = GetLatestPublishedShow($connection);
+
+if ( ( $eps_id <= $current_episode_number ) and ( $eps_id >= ( $current_episode_number - 20 ) ) ) {
+    if ( strcmp($_POST["justification"], "No justification is asked for or required.") !== 0 ) {
+        naughty("9357d78bf73b03ee2dd902a4c975f91d");
+    }
+    else {
+        $justification = json_encode("Current Comment");
+    }
+}
+else {
+    if ( strcmp($_POST["justification"], "No justification is asked for or required.") === 0 ) {
+        print ">" . $_POST["justification"] ."< eps_id: $eps_id, current_episode_number: $current_episode_number, ";
+        naughty("df4af9bdd0302f672d6311c76bdc461a");
+    }
+    else {
+        $justification = json_encode( $_POST["justification"] );
+    }
+}
+
+
+
+if ( empty($_SERVER["REMOTE_ADDR"]) ) {
+  naughty("611144d4c0d575fffbf8f3ef11f8ad68");
+}
+else {
+  $ip = $_SERVER["REMOTE_ADDR"];
+}
+$comment_ip = json_encode( $ip );
+
+// OK You convinced me. 
+
+$key = uniqid(md5(rand()));
+$timestamp = time()+date("Z");
+$timestamp = gmdate("Y-m-d\TH:i:s\Z",$timestamp);
+$comment_file = "${comment_directory}/${timestamp}_${ip}_${key}.json";
+$timestamp = json_encode($timestamp);
+$comment_key = json_encode( $key );
+if ( file_exists( $comment_file ) ) {
+  naughty("ef5d14b33b262bfbf5d40544fdeb9ec3");
+}
+
+$comment_data = "{
+    \"eps_id\": $eps_id,
+    \"ip\": \"$ip\",
+    \"comment_timestamp\": $timestamp,
+    \"comment_author_name\": $comment_author_name,
+    \"comment_title\": $comment_title,
+    \"comment_text\": $comment_text,
+    \"justification\": $justification,
+    \"key\": $comment_key
+}";
+
+file_put_contents($comment_file, $comment_data );
+
+if ( filesize( $comment_file ) > 4000 ) {
+  naughty("56e00e793a27168511d1cfda11d3bc55");
+}
+
+// Mail the comment
+
+use PHPMailer\PHPMailer\PHPMailer;
+use PHPMailer\PHPMailer\Exception;
+use PHPMailer\PHPMailer\SMTP;
+
+require_once('/home/hpr/php/PHPMailer/Exception.php');
+require_once('/home/hpr/php/PHPMailer/PHPMailer.php');
+require_once('/home/hpr/php/PHPMailer/SMTP.php');
+
+date_default_timezone_set('Etc/UTC');
+
+$mailer = new PHPMailer(true); 
+$mailer->isSMTP();
+$mailer->Host = "$mailerHost";
+$mailer->SMTPAuth = true;
+$mailer->SMTPSecure = "ssl";
+$mailer->Port = "465";
+$mailer->Username = "$mailerUsername";
+$mailer->Password = "$mailerPassword";
+
+
+// Set up to, from, and the message body.  The body doesn't have to be HTML; check the PHPMailer documentation for details.
+$mailer->Sender = 'robot@hobbypublicradio.com';
+$mailer->addReplyTo('admin@hackerpublicradio.org', 'HPR Admins');
+$mailer->setFrom('robot@hobbypublicradio.com', 'HPR Robot');
+$mailer->addBCC('admin@hackerpublicradio.org');
+$mailer->addBCC('admin@hobbypublicradio.org');
+$mailer->AddAddress('comments@hackerpublicradio.org');
+$mailer->isHTML(false);
+$mailer->Subject = "New Comment for show hpr${eps_id} on ${ep_date} ${key}";
+$mailer->MsgHTML("<p>hpr${eps_id} on ${ep_date} by ${host} with the title <strong>${title}</strong> \"${summary}\"</p>
+<p>
+See attachment for the json comment file.
+</p>
+<p>
+There are now " . ++$unprocessed_comments . " unprocessed comments.
+</p>
+<p>
+Thanks,<br />
+HPR Bot
+</p>
+<pre>" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "</pre>"
+);
+$mailer->AltBody = "hpr${eps_id} on ${ep_date} by ${host} with the title ${title} \"${summary}\"</p>
+
+See attachment for the json comment file.
+
+There are now ${unprocessed_comments} unprocessed comments.
+
+Thanks,
+HPR Bot
+" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n";
+$mailer->addAttachment($comment_file, "${key}.json", "base64", "application/json");
+
+//send the message, check for errors
+if (!$mailer->send()) {
+    echo 'Mailer Error: ' . $mailer->ErrorInfo;
+}
+
+
+$body="give";
+//$body="index_full";
+include 'header.html'; 
+
+?>
+
+<main id="maincontent">
+	<hr />
+	<article>
+		<header>
+				<h1>Thank you</h1>
+		</header>
+		<p>
+		Thank you for your comment. A moderator will get to your comment at some point.
+		</p>
+		<p>
+		Thanks,<br />
+		<br />
+		HPR Bot
+		</p>
+		<pre>
+		<pre>
+		<?php print date('Y-m-d\TH:i:s') . "\n" . getUserIP() . "\n" . $_SERVER["HTTP_USER_AGENT"]; ?>
+		</pre>
+	</article>
+</main>
+
+<?php
+
+include 'footer.html';
+
+logextra( "Finished comment_confirm.php");
+
+?>
+
diff --git a/hub/footer.html b/hub/footer.html
new file mode 100644
index 0000000..9616906
--- /dev/null
+++ b/hub/footer.html
@@ -0,0 +1,83 @@
+<footer id="footer_page">
+  <h1 class="thick_bar"><span style="padding-left: 1em;">More Information...</span></h1>
+  <div id="more_info">
+    <nav class="column">
+      <h2>Ancestry</h2>
+      <ul>
+        <li><a href="https://audio.textfiles.com/shows/radiofreekamerica/">Radio Freek America</a></li>
+        <li><a href="https://audio.textfiles.com/shows/binrev/">BinRev Radio</a></li>
+        <li><a href="https://audio.textfiles.com/shows/infonomicon/">Infonomicon</a></li>
+        <li><a href="https://audio.textfiles.com/shows/twat/">Talk With a Techie</a></li>
+      </ul>
+    </nav>
+    <nav class="column">
+      <h2>Social</h2>
+      <ul>
+        <li><a href="https://hackerpublicradio.org/mailman/listinfo/hpr_hackerpublicradio.org" target="_blank">Maillist</a></li>
+        <li><a href="https://web.libera.chat/gamja/?channels=oggcastplanet" target="_blank">#oggcastplanet</a></li>
+        <li><a href="https://botsin.space/@hpr" target="_blank" rel="me">Mastodon</a></li>
+        <li><a href="https://twitter.com/HPR" target="_blank" rel="me">Twitter.com</a></li>
+        <li><a href="https://www.facebook.com/home.php?sk=group_130169220378872¬if_t=group_r2j" target="_blank">Facebook</a></li>
+        <li><a href="https://www.linkedin.com/groups/Hacker-Public-Radio-3737302" target="_blank">Linked-In</a></li>
+        <li><a href="https://itunes.apple.com/us/podcast/hacker-public-radio/id281699640" target="_blank">iTunes</a></li>
+        <li><a href="https://archive.org/details/hackerpublicradio">Archive.org</a></li>
+        <li><a href="https://podcasts.google.com/feed/aHR0cDovL2hhY2tlcnB1YmxpY3JhZGlvLm9yZy9ocHJfcnNzLnBocA">Google Podcasts</a></li>
+        <li><a href="https://player.fm/series/hacker-public-radio">PlayerFM</a></li>
+        <li><a href="https://open.spotify.com/show/7e2hYcnHj9vKgUzsIOf4r3">Spotify</a></li>
+        <li><a href="https://www.mixcloud.com/hackerpublicradio/">MixCloud</a></li>
+      </ul>
+    </nav>
+    <nav class="column">
+      <h2>Affiliates</h2>
+      <ul>
+        <li><a href="https://freeculturepodcasts.org/">Free Culture Podcasts</a></li>
+        <li><a href="https://www.hackradiolive.org/">Hack Radio Live</a></li>
+        <li><a href="https://www.binrev.com/">Binary Revolution</a></li>
+        <li><a href="https://hackermedia.org">Hackermedia</a></li>
+        <li><a href="https://www.packetsniffers.org/">Packetsniffers</a></li>
+      </ul>
+    </nav>
+    <nav class="column">
+      <h2>Commons</h2>
+      <ul>
+        <li><a href="https://archive.org/details/hackerpublicradio">archive.org</a></li>
+        <li><a href="https://cchits.net/">cchits.net</a></li>
+        <li><a href="https://freesound.org/">freesound.org</a></li>
+        <li><a href="https://librivox.org/">librivox.org</a></li>
+        <li><a href="https://freesvg.org/">freesvg.org/</a></li>
+        <li><a href="https://openfontlibrary.org/">openfontlibrary.org</a></li>
+        <li><a href="https://openstax.org">https://openstax.org</a></li>
+        <li><a href="https://maps.openrouteservice.org">openrouteservice.org/</a></li>
+        <li><a href="https://standardebooks.org/">https://standardebooks.org/</a></li>
+      </ul>
+    </nav>
+    <nav class="column">
+      <h2>Patrons</h2>
+      <ul>
+        <li><a href="https://anhonesthost.com/hosting/shared-hosting">AnHonestHost.com</a></li>
+        <li><a href="https://archive.org/donate/">Archive.org</a></li>
+      </ul>
+    </nav>
+  </div><!-- more_info -->
+  <h1 class="thick_bar"><span style="padding-left: 1em;">Copyright Information</span></h1>  
+  <div id="copyright">
+    <p>
+    Unless otherwise stated, our shows are released under a Creative Commons <a rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/">
+  Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) </a> license.</p>
+    <p>
+    The <span property="dct:title">HPR Website Design</span> is released to the <a rel="license" href="https://creativecommons.org/publicdomain/mark/1.0/">Public Domain</a>.
+    </p>
+    <hr />
+  </div><!-- copyright -->
+  <hr />
+</footer>
+</div>
+<!-- shadow -->
+<?php 
+if ( $connection ) {
+    mysqli_close($connection);
+}
+
+?>
+</body>
+</html>
diff --git a/hub/header.html b/hub/header.html
new file mode 100644
index 0000000..cb4d0dd
--- /dev/null
+++ b/hub/header.html
@@ -0,0 +1,67 @@
+<!DOCTYPE HTML>
+<html lang="en">
+<head>
+  <title>Hacker Public Radio ~ The Technology Community Podcast</title>
+  <meta charset="utf-8" />
+  <meta http-equiv="X-Clacks-Overhead" content="GNU Terry Pratchett" />
+  <meta name="keywords" content="Technology, Tech News, Education, Training" />
+  <meta name="description" content="Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists." />
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <!-- Internal CSS -->
+  <style type="text/css">
+  article, aside, dialog, figure, footer, header, hgroup, menu, nav, section {
+          display: block;
+  }
+  #list1, #list2, #list3 {
+          display:none;
+  }
+  </style>
+  <link rel="shortcut icon" href="https://hackerpublicradio.org/hpr.ico" >
+  <link rel="alternate" type="application/rss+xml" title="Hacker Public Radio Ogg Vorbis RSS" href="https://hackerpublicradio.org/hpr_ogg.rss" />
+  <link rel="alternate" type="application/rss+xml" title="Hacker Public Radio Speex RSS" href="https://hackerpublicradio.org/hpr_spx.rss" />
+  <link rel="alternate" type="application/rss+xml" title="Hacker Public Radio MP3 RSS" href="https://hackerpublicradio.org/hpr_mp3.rss" />
+  <link rel="alternate" type="application/rss+xml" title="Hacker Public Radio Comments RSS" href="https://hackerpublicradio.org/comments_rss.php" />
+  <link rel="license" title="cc by 3.0"  href="https://creativecommons.org/licenses/by-sa/3.0/" />
+  <link href="css/hpr.css" rel="stylesheet" />
+  <!--[if IE]>
+  <link rel="stylesheet" href="css/hpr.css" media="screen" type="text/css" />
+  <script src="/JavaScript/html5.js"></script>
+  <![endif]-->
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.5, user-scalable=yes"/> 
+</head>
+
+<body id="give">
+<div id="container" class="shadow">
+<header>
+	<a href=""><img id="hprlogo" src="/images/hpr_logo.png" alt=""></a>
+	<div id="hpr_banner">
+		<p id="accessible_menu">
+			<a href="https://hackerpublicradio.org/sitemap.html">Site Map</a>
+			- <a href="#maincontent">skip to main content</a>
+			</p>
+			<h1 id="sitename">
+				<a href="https://hackerpublicradio.org/correspondents/index.html">H</a>acker
+				<a href="https://hackerpublicradio.org/comments_viewer.html">P</a>ublic
+				<a href="https://hackerpublicradio.org/syndication.html">R</a>adio
+			</h1>
+		<h2>Your ideas, projects, opinions - podcasted.</h2>
+		<h3>New episodes Monday through Friday.</h3>
+	</div>
+	<hr />
+	
+	<nav class="menu" role="navigation">		<ul>	
+			<li><a href="https://hub.hackerpublicradio.org/calendar.php"><strong>⇧Upload⇧</strong></a></li>
+			<li><a href="https://hackerpublicradio.org/index.html"><strong>Home »</strong></a></li>
+			<li><a href="https://hackerpublicradio.org/syndication.html">Get Shows</a></li>
+			<li><a href="https://hackerpublicradio.org/contribute.html">Give Shows</a></li>
+			<li><a href="https://hackerpublicradio.org/help_out.html">Contribute</a></li>
+			<li><a href="https://hackerpublicradio.org/tags.html">Tags</a></li>
+			<li><a href="https://hackerpublicradio.org/about.html">About</a></li>
+			<li><a href="https://hackerpublicradio.org/search.html">Search</a></li>
+		</ul>
+	</nav>
+</header>
+
+<main id="maincontent">
+
+
diff --git a/hub/index.php b/hub/index.php
new file mode 100644
index 0000000..7482c03
--- /dev/null
+++ b/hub/index.php
@@ -0,0 +1,3 @@
+<?php
+   header('location:https://hub.hackerpublicradio.org/calendar.php');
+?>
diff --git a/hub/request.php b/hub/request.php
new file mode 100644
index 0000000..c87c4f3
--- /dev/null
+++ b/hub/request.php
@@ -0,0 +1,209 @@
+<?php
+# request.php > request_confirm.php > upload.php > upload_confirm.php 
+require "/home/hpr/php/include.php";
+
+$ip = $_SERVER["REMOTE_ADDR"];
+$key = uniqid(md5(rand()));
+
+# Remove any stale requests. 
+# This should be enough to deter attackers while been short enough to allow real hosts to request a show.
+$query_delete_old = "DELETE FROM reservations WHERE reservations.timestamp + INTERVAL 1 DAY <= UTC_TIMESTAMP() AND reservations.verified = 0";
+$result_delete_old = @mysqli_query($connection, $query_delete_old);
+
+# Remove stale requests from this IP Address after 15 minutes. 
+# This should be enough to deter attackers while been short enough to allow real hosts to request a show.
+$query_delete = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.timestamp + INTERVAL 15 MINUTE <= UTC_TIMESTAMP() AND reservations.verified = 0";
+$result_delete = @mysqli_query($connection, $query_delete);
+
+# Check that this ip is not uploading in another session
+$query_dupe = "SELECT COUNT(*), timestamp FROM `reservations` WHERE ip = '$ip' and verified = 0";
+$result_dupe = mysqli_query($connection, "$query_dupe");
+$row_dupe = mysqli_fetch_array($result_dupe, MYSQLI_NUM);
+$num_from_this_ip = $row_dupe[0];
+$show_timestamp = strtotime($row_dupe[1]);
+
+if( !isset($row_dupe) or $num_from_this_ip != 0 ) {
+  header('Cache-Control: no-cache');
+  header('Pragma: no-cache');
+  header("Status: 412 Precondition Failed");
+  echo "<h1>Existing request detected: ";
+  $timestamp = time()+date("Z");
+  echo gmdate("Y-m-d\TH:i:s\Z",$timestamp);
+  echo "</h1>\n";
+  $localtime = date('l jS \of F Y h:i:s A', $show_timestamp);
+  echo "<p>It seems another request was made from this ip address\n (${ip}) on ${localtime}.</p>\n";
+  echo "<p>This lock is set for 15 minutes to deter attacks and will be released in about " . round(abs(16 - ( $timestamp - $show_timestamp ) / 60 ) )  . " minutes.</small></p>\n";
+  echo "<p>There are several reasons why you would see this page:</p>\n";
+  echo "<ul>";
+  echo "<li>You already made a request for a show.\n
+  <ul>\n
+    <li>Check your email inbox and <strong>spam</strong> folder to see if the message has arrived.<br />\n
+        We have had reports that sometimes gmail and hotmail consider the messages as spam. <br />\n
+        We recommend <a href=\"https://onlinegroups.net/blog/2014/02/25/how-to-whitelist-an-email-address\" target=\"_blank\">white listing</a> the email address <strong>robot@hackerpublicradio.org</strong>\n
+    </li>\n
+    <li>You may have typed the address into the browser and it \"autofilled\" this old address</li>\n
+    <li>You are using an old version of the <a href=\"${hubBaseurl}calendar.php\">calendar</a> page. Press F5 in the <a href=\"${hubBaseurl}calendar.php\">calendar</a> page to refresh.</li>\n
+  </ul>\n
+  </li>\n";
+  echo "<li>The show has already been allocated to another host. </li>\n";
+  echo "</ul>\n";
+  echo "</p>\n";
+  echo "<p>Return to the <a href=\"${hubBaseurl}calendar.php\">calendar</a> page.</p>\n";
+  echo "<!-- If you are attacking us why not record a show telling us about what you were trying to do :) -->\n";
+  echo "<hr />\n";
+  echo "<p>If you are having issues please send the following information to admin @ HPR to assist in troubleshooting the issue:</p>\n";
+  echo "<pre>\n";
+  echo "${timestamp}\n";
+  echo "${show_timestamp}\n";
+  $agent = $_SERVER['HTTP_USER_AGENT'];
+  $uri = $_SERVER['REQUEST_URI'];
+  print "${ip}\n";
+  print "${agent}\n";
+  print "${uri}\n";
+  echo "</pre>\n";
+  echo "<hr />\n";
+  file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t" . getUserIPAdress() . "\tExisting Request\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n" , FILE_APPEND | LOCK_EX );
+  exit;
+}
+
+# Create a temporary entry for this host. 
+$query_add = "INSERT INTO reservations VALUES ('$ip', UTC_TIMESTAMP(), '$key', '0', '1970-01-01', 'none@example.com', '0', 'REQUEST_UNVERIFIED' )";
+$result = mysqli_query($connection,  $query_add ) or die(mysqli_error());
+
+# Check to see if we're under attack
+$query = "SELECT COUNT(*) as total FROM `reservations` WHERE ep_num = 0";
+$result = mysqli_query($connection, "$query");
+$row = mysqli_fetch_array($result, MYSQLI_NUM);
+$total = $row[0];
+
+if( !isset($total) or $total > 150 ) {
+  header("Status: 412 Precondition Failed");
+  echo "<h1>Suspicious activity detected</h1>";
+  echo "<p>$total Uploads have temporarily been suspended due to suspicious activity.<br/>
+  If you are attacking us why not record a show telling us about what you were trying to do ?</p>";
+  echo "<p>While these people have their fun, can we ask you to send your show another way.<br />
+  Contact admin @ HPR for more information.</p>";
+  exit;
+}
+
+// Populate the list of posted shows
+$show_array = array ();
+
+$ep_retrieve = "(SELECT `id`, `date` FROM eps ) UNION (SELECT `ep_num` AS id, `ep_date` AS date FROM reservations WHERE `ep_num` >0) order by id";
+if ($result = mysqli_query($connection, $ep_retrieve)) {
+  while ($row = mysqli_fetch_array($result)) {
+    $rowid = $row['id'];
+    $date = $row['date'];
+    $show_array[$rowid]  = date('Y-m-d', strtotime($date) ) ;
+  } 
+}
+/*
+Entry is either to the page or with the id variable set (default selected)
+*/
+
+if (isset($_GET['id'])){
+    $id = $_GET['id'];
+    $id = intval($id);
+    $num_get_args=0;
+    foreach($_GET as $k => $v) { 
+      ++$num_get_args; 
+    } 
+
+    if ( strval( intval( $id ) ) != strval( $id ) ) {
+      naughty("e015b7c89da03385a9156d3e5d2eb25d");
+    }
+    
+    if ( intval( $id ) <= 0 ) {
+      naughty("1493a07dec01a006d11bf43d2f17e5aa");
+    }
+    
+    if ( $num_get_args > 2 ) {
+      naughty("79543dbb498ec47404aaed4d56bdc22b");
+    }
+    
+    if ( intval($id) > 9999 ) {
+      naughty("f1f531c768f64404cb00437254b06d71");
+    }
+    
+    if ( $id != 9999 ) {
+      if ( isset( $show_array[$id] ) ) {
+        naughty("2227263ac7171aca3214d155dec539ad");
+      }
+    }
+}
+else {
+  $id = "";
+}
+
+$query = mysqli_query($connection, "SELECT  id, date  FROM eps mo
+WHERE   NOT EXISTS
+        (
+        SELECT  NULL
+        FROM    eps mi 
+        WHERE   mi.id = mo.id + 1
+        )
+ORDER BY
+        id
+LIMIT 1");
+$next_show_num_array = mysqli_fetch_row($query);
+$next_show_num = $next_show_num_array[0] + 1;
+$next_show_date = date('Y-m-d', strtotime($next_show_num_array[1] . ' + 1 weekday'));
+$body="give";
+//$body="index_full";
+include 'header.html'; 
+
+?>
+
+<main id="maincontent">
+  <h1>Requesting a slot for your show.</h1>
+  <p>Please select your desired slot, and enter a valid email address.<br />
+  See our <a aria-label="Help on adding an episode" href="<?php echo "${baseurl}about.html#adding_an_episode"; ?>">help page</a> for more information</a>
+  </p>
+  <form method="POST" action="request_confirm.php">
+  <table>
+  <tr>
+    <td>Slot:</td>
+    <td>
+    <?php
+    echo "<select name=\"ep_num_date\">\n";
+    $this_episode_date = $next_show_date;
+    if ( $id == 9999 ) {
+      echo "<option value=\"9999_1970-01-01\" selected>Reserve Queue.</option>\n";
+    }
+    else {
+      echo "<option value=\"9999_1970-01-01\">Reserve Queue.</option>\n";
+    }
+    for ( $slot = $next_show_num; $slot<($next_show_num+365); $slot++ ) {
+      if (empty($show_array[$slot])) {
+        if ( $slot == $id ) {
+          echo "<option value=\"${slot}_${this_episode_date}\" selected>hpr${slot} " . date('Y-m-d D', strtotime($this_episode_date) ) . "</option>\n";
+        }
+        else {
+        }
+          echo "<option value=\"${slot}_${this_episode_date}\">hpr${slot} " . date('Y-m-d D', strtotime($this_episode_date) ) . "</option>\n";
+      }
+      $this_episode_date = date('Y-m-d', strtotime($this_episode_date . ' + 1 weekday'));
+    }
+    echo "</select>";
+    if ( ( $slot < $id ) AND ( $id != 9999 ) ) {
+      echo "<br />\n<span id=\"small\">Unfortunately it is not possible to schedule episode $id. Please select another slot or contact admin@hackerpublicradio.org for more assistance.</span>\n";
+    }
+    ?>
+    </td>
+  </tr>
+  <tr>
+    <td>E-mail:</td>
+    <td><input required type="email" name="email" placeholder="To send you the upload link"></td>
+  </tr>
+  </table>
+  <p><em>You must have your audio recording ready to upload <a aria-label="Help on the reserving a slot" href="<?php echo "${baseurl}about.html#reserving"; ?>"><strong>before</strong> you pick a slot</a>.</em></p>
+  <input type="submit" value="Next"> 
+  </form>
+  <p>
+  We will send you an email with a link to where you can upload your show.
+  </p>
+</main>
+
+<?php
+include 'footer.html'; 
+?>
diff --git a/hub/request_confirm.php b/hub/request_confirm.php
new file mode 100644
index 0000000..e537247
--- /dev/null
+++ b/hub/request_confirm.php
@@ -0,0 +1,331 @@
+<?php
+# request.php > request_confirm.php > upload.php > upload_confirm.php 
+require "/home/hpr/php/include.php";
+
+$query = "SELECT COUNT(*) as total FROM `reservations` WHERE ep_num = 0";
+$result = mysqli_query($connection, "$query");
+$row = mysqli_fetch_array($result, MYSQLI_NUM);
+$total = $row[0];
+
+if(!isset($total) or $total > 150 ) {
+  # This seems to indicate that we are under an attack as we never get 5 shows in the one day from different hosts.
+  # A host doing bulk upload will need to do them one by one
+  naughty("5971624889258aefb44e5f7bf8dffbd4");
+}
+
+# This is to prevent anything except hits from the web form. 
+if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) {
+  naughty("19e9019c9615f755aec834000892ee9e"); 
+}
+
+if ( empty($_SERVER["REMOTE_ADDR"]) ) {
+  naughty("9bb147a251e8db132dafa93d98f8487f");
+}
+else {
+  $ip = $_SERVER["REMOTE_ADDR"];
+}
+
+if (count($_POST) !== 2) {
+  naughty("02de1aef3b9490a417c39170d8f06028");
+}
+
+# This will check to see if there are any existing requests from this ip address
+$query = "SELECT * FROM reservations WHERE ip = '$ip' and `status` =  'REQUEST_UNVERIFIED' and `verified` = 0";
+$result = @mysqli_query($connection, $query);
+$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
+
+if ( empty($db["ip"]) ) {
+  # the request did not come via the web form
+  naughty("2162941738512bfdb1d21f288ee7cdb4");
+}
+
+if ( strtotime($db['timestamp']) >=  $_SERVER["REQUEST_TIME"] ) {
+  # they are playing with the database or time settings
+  naughty("f0ad965f523b5c2ade071eb20d3618b5");
+}
+
+if ( strtotime($db['timestamp']) >=  ( $_SERVER["REQUEST_TIME"] ) + 1800 ) {
+  # There is too long a time entering the form
+  naughty("6570026fd11fc31ac0cada3e1dae4d0b");
+}
+
+// Basic POST Checks
+if ( empty($_POST["ep_num_date"]) or strlen($_POST["ep_num_date"]) !== 15  ) {
+  naughty("a32fbe5f0494eb7f34034b164739314d");
+}
+
+
+if ( empty($_POST["email"]) ) {
+  naughty("76eaa1a1556faeadfc14631c35b8590a");
+}
+
+// Getting to the keep section
+
+if ( filter_var($_POST["email"], FILTER_VALIDATE_EMAIL) === false ) {
+  naughty("8c307efe37146015a35e2d928c2c0f69");
+}
+else {
+  $email = htmlspecialchars(filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)); 
+}
+
+if ( strpos($_POST["ep_num_date"], '_') !== 4 or strpos($_POST["ep_num_date"], '-') !== 9  or strpos($_POST["ep_num_date"], '-', 10 ) !== 12  ) {
+  naughty("705f8e26e42a90b31075a110674b19ee");
+}
+
+if ( !preg_match("/^\d{4}_\d{4}-\d{2}-\d{2}$/", $_POST["ep_num_date"]) ) {
+  naughty("ad7f805c2f42be77122ec52f114fe318");
+}
+else {
+  list($ep_num, $ep_date) = explode('_', $_POST["ep_num_date"]);;
+}
+
+if ( intval($ep_num) === 0 ) {
+  naughty("9424f7407b2fb83407760ad763286b53");
+}
+else {
+  $ep_num = intval($ep_num);
+}
+
+if ( strtotime($ep_date) === false ) {
+  naughty("59c7bff340d023773d987d71df545110");
+}
+else {
+  $ep_date_epoch = strtotime($ep_date);
+}
+
+
+$show_array = array ();
+$query = "SELECT (
+
+SELECT max( id )
+FROM eps
+WHERE eps.date <= UTC_DATE( )
+) AS current_ep_num, (
+
+SELECT max( date )
+FROM eps
+WHERE eps.date <= UTC_DATE( )
+) AS current_ep_date, (
+
+SELECT id
+FROM eps
+WHERE id = ${ep_num}
+) AS valid
+";
+
+$result = mysqli_query($connection, "$query");
+$row = mysqli_fetch_array($result, MYSQLI_NUM);
+$current_ep_num = $row[0];
+$next_year_ep_num = $current_ep_num+365;
+$current_ep_date = $row[1];
+$current_ep_date_epoch = strtotime($current_ep_date);
+$next_year_ep_date = strtotime(date("Y-m-d", time()) . " + 365 day" );
+
+if ( $ep_num == $row[2] or !empty($row[2]) ) {
+  naughty("$ep_num == $row[2] or !empty($row[2]) 47d186ad8d5b21ec7d455477ea08b023");
+}
+
+if ( $ep_num != 9999 ) {
+  if ( ( $ep_num <= $current_ep_num ) OR ( $ep_num > $next_year_ep_num ) ) {
+    naughty("7304801e8ce3b9096d28dbe1a0faa642 $ep_num <= $current_ep_num or $ep_num > $next_year_ep_num");
+  }
+
+  if ( $ep_date_epoch < $current_ep_date_epoch or $ep_date_epoch > $next_year_ep_date ) {
+    naughty("34c4259b45927da50ba5c49970f880a4");
+  }
+
+  for ($slot=$current_ep_num; $slot < $next_year_ep_num; $slot++) {
+    $shows_slot_date[ "${slot}"] = $current_ep_date;
+    $shows_date_slot[ "$current_ep_date" ] = $slot;
+    $current_ep_date = date('Y-m-d', strtotime($current_ep_date . ' + 1 weekday'));
+  }
+
+  if ( empty($shows_slot_date["$ep_num"]) or empty($shows_date_slot["$ep_date"]) ) {
+    naughty("d0e113355b35f96945124d8e507759a0");
+  }
+
+  if ( $ep_date !== $shows_slot_date["$ep_num"] or $ep_num !== $shows_date_slot["$ep_date"] ) {
+    naughty("434cb53552ce1e2708e74a42f438028c");
+  }
+} // End of bypass checks
+
+// OK You convinced me. 
+$db_ip = $db['ip'];
+$db_timestamp = $db['timestamp'];
+$db_key = $db['key'];
+# UPDATE reservations SET `ep_num` = '3203',  `ep_date` = '2020-11-11', `email` = 'admin@hackerpublicradio.org', `verified` = '0' WHERE `ip` = '62.251.25.147' AND `timestamp` = '2020-08-20 10:55:44' AND `key` = '20ca69e4d9097d1623399c7b85fc8f475f3e56b01a289' AND `status` = 'REQUEST_EMAIL_SENT'
+
+$email_padded = formatemail($email);
+
+$query = "UPDATE reservations SET `ep_num` = '$ep_num',  `ep_date` = '$ep_date', `email` = '$email_padded', `verified` = '0', `status` = 'REQUEST_EMAIL_SENT' WHERE `ip` = '$db_ip' AND `timestamp` = '$db_timestamp' AND `key` = '$db_key'";
+
+$result = mysqli_query($connection,  $query );
+
+if(!isset($result)) {
+  naughty("c7405e79b54f582e8db46c69ec4b0f24");
+}
+
+use PHPMailer\PHPMailer\PHPMailer;
+use PHPMailer\PHPMailer\Exception;
+use PHPMailer\PHPMailer\SMTP;
+
+require_once('/home/hpr/php/PHPMailer/Exception.php');
+require_once('/home/hpr/php/PHPMailer/PHPMailer.php');
+require_once('/home/hpr/php/PHPMailer/SMTP.php');
+
+date_default_timezone_set('Etc/UTC');
+
+$mailer = new PHPMailer(true); 
+$mailer->isSMTP();
+$mailer->Host = "$mailerHost";
+$mailer->SMTPAuth = true;
+$mailer->SMTPSecure = "ssl";
+$mailer->Port = "465";
+$mailer->Username = "$mailerUsername";
+$mailer->Password = "$mailerPassword";
+
+
+// Set up to, from, and the message body.  The body doesn't have to be HTML; check the PHPMailer documentation for details.
+$mailer->Sender = 'robot@hobbypublicradio.com';
+$mailer->addReplyTo('admin@hackerpublicradio.org', 'HPR Admins');
+$mailer->setFrom('robot@hobbypublicradio.com', 'HPR Robot');
+$mailer->addBCC('admin@hackerpublicradio.org');
+$mailer->addBCC('admin@hobbypublicradio.org');
+$mailer->addAddress("$email");
+if ( $ep_num == 9999 ) {
+  $mailer->Subject = "Confirmation of request to submit to the reserve queue";
+  $mailer->MsgHTML("<p>This email is an automatic reply to a request to submit to the reserve queue on the longest running Community Podcast.<br />
+  <em>If you have not made this request then please ignore this email.</em>
+  </p>
+  <p>
+  To confirm your request please confirm by copying and pasting the following link into your browser<br />
+  <a href=\"${hubBaseurl}/upload.php?key=${db_key}\">${hubBaseurl}/upload.php?key=${db_key}</a>
+  </p>
+  <p>
+  You have 15 minutes to open this link or your show will automatically be deleted so that the slot can become available to another host. Once you open the link, you have a maximum of 4 Hours to fill in the information.
+  </p>
+  <p>
+  The upload form works on the assumption you will be posting one show at a time, from the same IP address.
+  </p>
+  <p>
+  Please keep this key private.
+  </p>
+  <p>
+  Thanks,<br />
+  HPR Bot
+  </p>
+  <pre>" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $db_key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "</pre>"
+  );
+  $mailer->AltBody = "This email is an automatic reply to a request to  submit to the reserve queue on the longest running Community Podcast.
+  If you have not made this request then please ignore this email.
+
+  To confirm your request please confirm by copying and pasting the following link into your browser
+  ${hubBaseurl}/upload.php?key=${db_key}
+
+  You have 15 minutes to open this link or your show will automatically be deleted so that the slot can become available to another host. Once you open the link, you have a maximum of 4 Hours to fill in the information.
+
+  The upload form works on the assumption you will be posting one show at a time, from the same IP address.
+
+  Please keep this key private.
+
+  Thanks,
+
+  HPR Bot
+
+  " . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $db_key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n";
+}
+else {
+  $mailer->Subject = "Confirmation of request to reserve hpr${ep_num} on ${ep_date}";
+  $mailer->MsgHTML("<p>This email is an automatic reply to a request to reserve a podcast slot hpr${ep_num} on ${ep_date} on the longest running Community Podcast.<br />
+  <em>If you have not made this request then please ignore this email.</em>
+  </p>
+  <p>
+  To confirm your request please confirm by copying and pasting the following link into your browser<br />
+  <a href=\"${hubBaseurl}/upload.php?key=${db_key}\">${hubBaseurl}/upload.php?key=${db_key}</a>
+  </p>
+  <p>
+  You have 15 minutes to open this link or your show will automatically be deleted so that the slot can become available to another host. Once you open the link, you have a maximum of 4 Hours to fill in the information.
+  </p>
+  <p>
+  The upload form works on the assumption you will be posting one show at a time, from the same IP address.
+  </p>
+  <p>
+  Please keep this key private.
+  </p>
+  <p>
+  Thanks,<br />
+  HPR Bot
+  </p>
+  <pre>" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $db_key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "</pre>"
+  );
+  $mailer->AltBody = "This email is an automatic reply to a request to reserve a podcast slot hpr${ep_num} on ${ep_date} on the longest running Community Podcast.
+  If you have not made this request then please ignore this email.
+
+  To confirm your request please confirm by copying and pasting the following link into your browser
+  ${hubBaseurl}/upload.php?key=${db_key}
+
+  You have 15 minutes to open this link or your show will automatically be deleted so that the slot can become available to another host. Once you open the link, you have a maximum of 4 Hours to fill in the information.
+
+  The upload form works on the assumption you will be posting one show at a time, from the same IP address.
+
+  Please keep this key private.
+
+  Thanks,
+
+  HPR Bot
+
+  " . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $db_key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n";
+}
+$mailer->isHTML(false);
+
+
+// Set up our connection information.
+//$mailer->IsSMTP();
+
+
+// All done!
+//print "We are experiencing issues with the upload process. Please try again tomorrow. <br />\n";
+
+
+//send the message, check for errors
+if (!$mailer->send()) {
+    echo 'Mailer Error: ' . $mailer->ErrorInfo;
+}
+
+$body="give";
+//$body="index_full";
+include 'header.html'; 
+
+?>
+
+<main id="maincontent">
+  <hr />
+  <article>
+    <header>
+        <h1>Thank you</h1>
+    </header>
+    <p>
+    Thank you for your submission. A confirmation email has been sent to <em><?php echo $email; ?></em>. Please copy and paste the link into your browser to confirm your email address, and upload your show media.
+    </p>
+    <p>You need to <em>open</em> the link within <strong>15 minutes</strong> or the temporary lock will be released. Once you open the link, you can fill in the information at your leisure.</p>
+    <p>The email is sent from the address <strong>robot@hobbypublicradio.com</strong>, and should be in your inbox by the time you read this.</p>
+    <p>If it is not there by now, then please <strong>spam</strong> folder. We have had reports that sometimes gmail and hotmail consider the messages as spam. Please consider <a href="https://onlinegroups.net/blog/2014/02/25/how-to-whitelist-an-email-address/" target="_blank">whitelisting</a> the email address <em>robot@hobbypublicradio.com</em>.</p>
+    <p>
+    <img src="images/gmail-spam.png" alt="gmail is blocking us" />
+    </p>
+    <p>Return to the <strong><a href="/calendar.php">calendar</a></strong> page.</p>
+    <p>
+    Thanks,<br />
+    <br />
+    HPR Bot
+    </p>
+    <pre>
+    <pre>
+    <?php print date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $db_key . "\t" . $_SERVER["HTTP_USER_AGENT"]; ?>
+    </pre>
+  </article>
+</main>
+
+<?php
+include 'footer.html'; 
+?>
diff --git a/hub/upload.php b/hub/upload.php
new file mode 100644
index 0000000..7cd307b
--- /dev/null
+++ b/hub/upload.php
@@ -0,0 +1,297 @@
+<?php
+# request.php > request_confirm.php > upload.php > upload_confirm.php 
+require "/home/hpr/php/include.php";
+
+if ( $_SERVER['REQUEST_METHOD'] !== 'GET' and empty($_SERVER["REMOTE_ADDR"]) and count($_GET) !== 1 ) {
+  call412("9a77e4ab24410cbf68a3a05ba97221e4");
+}
+
+if ( isset( $_GET['key'] ) and strlen( $_GET['key'] ) ===  45  and strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) ===  45 and ctype_xdigit( $_GET['key'] ) ) {
+  $key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) );
+}
+else {
+  if ( isset( $_GET['delete'] ) and strlen( $_GET['delete'] ) ===  45  and strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['delete'] ) ) ) ) ===  45 and ctype_xdigit( $_GET['delete'] ) ) {
+    $key = htmlspecialchars( stripslashes( strip_tags( $_GET['delete'] ) ) );
+  }
+  else {
+    call412("e8ac90fc2a8996e5fb7a83e73e636e80");
+  }
+}
+
+$ip = $_SERVER["REMOTE_ADDR"];
+
+$query = "select * FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$key' ";
+$result = mysqli_query($connection, $query);
+if($result === FALSE) {
+  call412("91432866e3c9c36a9c4884345d578761");
+}
+$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
+if ( empty($db) or empty( $db['timestamp'] ) or empty( $db['key'] ) or empty( $db['ep_num'] ) or empty( $db['ep_date'] ) or empty( $db['email'] ) ) {
+  call412("b019bd29c1fe5b756e4b620a5428f730");
+}
+else {
+  $db_timestamp = $db['timestamp'];
+  $db_key = $db['key'];
+  $email_padded = formatemail($db['email']);
+  $email = unformatemail($db['email']);
+  $ep_num = $db['ep_num'];
+  $ep_date = $db['ep_date'];
+  $db_ip = $db['ip'];
+}
+
+// User selects delete
+if ( isset( $_GET['delete'] ) ) {
+  $query = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$key' ";
+  $result = mysqli_query($connection, $query);
+  if($result === FALSE) {
+    call412("35a7f4e80ecba8284049e9d6261ae523");
+  }
+  else {
+    header( "Location: https://" . $_SERVER['SERVER_NAME'] . "/calendar.php" ) ;
+    $dir_structure = "/home/hpr/upload/" . strtotime($db_timestamp) . "_${ep_num}_${ep_date}_${db_key}/";
+    rrmdir("$dir_structure");
+    exit;
+  }
+}
+
+// Set the show to verified so that we can remove the temporary lock
+$status = strtotime("now") . ".EMAIL_LINK_CLICKED." . date('Y-m-d\TH:i:s\Z');
+$query = "UPDATE reservations SET `verified` = '1', `status` = 'EMAIL_LINK_CLICKED' WHERE `ip` = '$db_ip' AND `timestamp` = '$db_timestamp' AND `key` = '$db_key'";
+$result = mysqli_query($connection, $query );
+if(!isset($result)) {
+  naughty("c7405e79b54f582e8db46c69ec4b0f24");
+}
+
+// Display host information
+/*
+*/
+
+$ip = $_SERVER["REMOTE_ADDR"];
+# TODO need to add the email for new hosts
+$query = "SELECT * FROM hosts WHERE hosts.email = '$email' OR hosts.email = '$email_padded'";
+$result = mysqli_query($connection, $query);
+if($result === FALSE) {
+  call412("5cb513b590ab5859bf7603b79402a5cb");
+}
+$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
+if ( empty($db) or empty( $db['hostid'] ) or empty( $db['host'] ) or empty( $db['email'] ) ) {
+  $hostid = "0";
+  $host = "";
+  $profile = "";
+  $license = "CC-BY-SA";
+  $local_image = 0;
+  $status = "Please fill in some information about yourself.";
+}
+else {
+  $hostid = $db['hostid'];
+  $host = $db['host'];
+  $profile = $db['profile'];
+  $license = $db['license'];
+  $local_image = $db['local_image'];
+  $email_padded = formatemail($db['email']);
+  $email = unformatemail($db['email']);
+  $status = "Please confirm or change the following information about yourself.";
+}
+
+$image_url = "./images/hosts/${hostid}.png";
+if ( !file_exists( $image_url )) {
+  $image_url = 'https://secure.gravatar.com/avatar/' . md5($email) . '.png&d=404';
+}
+
+// Main
+
+$body="give";
+//$body="index_full";
+include 'header.html'; 
+
+?>
+
+<main id="maincontent">
+  <hr />
+  <?php 
+  if ( $ep_num == 9999 ) {
+    echo "<h1>Uploading to the Reserve Queue.</h1>\n";
+  }
+  else {
+    echo "<h1>Uploading hpr${ep_num} for release on ${ep_date}</h1>\n";
+  }
+  ?>
+  <p>
+  You can fill in information about yourself and your show below. Please see the <a href="request_a_slot.php">help</a> page for more information.
+  </p>
+  <h2><?php echo $status ?></h2>
+  <form method="POST" action="upload_confirm.php" enctype="multipart/form-data">
+  <table>
+    <tr>
+      <td>Host Email (<a href="/request_a_slot.php#email" target="_blank">?</a>):</td>
+      <td><?php echo $email;?></td>
+    </tr>
+    <tr>
+      <td style="vertical-align:top;">Image: (<a href="/request_a_slot.php#image" target="_blank">?</a>)</td>
+      <td>
+      <?php 
+      echo "<img src=\"$image_url\" alt=\"host image\" /><br /><small><em>";
+      if ( $local_image === 1 ) {
+        echo "Image previously uploaded";
+      }
+      else {
+        echo "Image sourced from <a href=\"https://secure.gravatar.com\">gravatar</a>";
+      }
+      ?>
+      </em></small><br />
+      Upload your photo/avatar here: <input type="file" name="host_photo" id="photo">      
+      </td>
+    </tr>
+    <tr>
+      <td><strong>Name/Handle: (<a href="/request_a_slot.php#Name_Handle" target="_blank">?</a>)</strong></td>
+      <td><input required type="text" name="host_name" size="40" maxlength="40" placeholder="Enter the name you wish to be know as on HPR" value="<?php echo $host?>"></td>
+    </tr>
+    <tr>
+      <td><strong>Your Default license: (<a href="/request_a_slot.php#Default_license" target="_blank">?</a>)</strong></td>
+      <td>
+      <select name="host_license">
+        <option value="CC-0" <?php if($license == "CC-0") echo "selected"; ?>>CC-Zero/Public Domain (CC-0)
+        <option value="CC-BY" <?php if($license == "CC-BY") echo "selected"; ?>>Attribution (CC-BY)
+        <option value="CC-BY-SA" <?php if($license == "CC-BY-SA") echo "selected"; ?>>Attribution-ShareAlike (CC-BY-SA)
+        <option value="CC-BY-ND" <?php if($license == "CC-BY-ND") echo "selected"; ?>>Attribution-NoDerivs (CC-BY-ND)
+        <option value="CC-BY-NC" <?php if($license == "CC-BY-NC") echo "selected"; ?>>Attribution-NonCommercial (CC-BY-NC)
+        <option value="CC-BY-NC-SA" <?php if($license == "CC-BY-NC-SA") echo "selected"; ?>>Attribution-NonCommercial-ShareAlike (CC-BY-NC-SA)
+        <option value="CC-BY-NC-ND" <?php if($license == "CC-BY-NC-ND") echo "selected"; ?>>Attribution-NonCommercial-NoDerivs (CC-BY-NC-ND)
+      </select>
+      </td>
+    </tr>
+    <tr>
+      <td style="vertical-align:top;">Profile: (<a href="/request_a_slot.php#Profile" target="_blank">?</a>)</td>
+<!--  TODO https://xing.github.io/wysihtml5/      -->
+      <td><textarea name="host_profile" maxlength="2000" rows="10" cols="50" placeholder="Enter some text about yourself with links to your blog or other online presence."><?php echo htmlspecialchars($profile) ?></textarea></td>
+    </tr>
+  </table>
+  <h2>Please fill in some information about this episode</h2>
+  <table>
+    <tr>
+      <td><strong>Title(*) (<a href="/request_a_slot.php#Title" target="_blank">?</a>):</strong></td>
+      <td><input required type="text" name="title" size="50" maxlength="100" placeholder="Enter a short descriptive title for your show."></td>
+    </tr>
+    <tr>
+      <td><strong>Summary(*) (<a href="/request_a_slot.php#Short_Summary" target="_blank">?</a>):</strong></td>
+      <td><input required type="text" name="summary" size="70" maxlength="100" placeholder="This is a short 100 character summary of what your show is about."></td>
+    </tr>
+    <tr>
+      <td style="vertical-align:top;"><strong>Theme: (<a href="/request_a_slot.php#Theme" target="_blank">?</a>)</strong></td>
+      <td>
+        Please <strong>do not</strong> add a theme to your show: <small>See <a href="http://hackerpublicradio.org/pipermail/hpr_hackerpublicradio.org/2021-November/015100.html">Policy Decision</a> for more information.</small><br />
+      </td>
+    </tr>
+    <tr>
+      <td><strong>Explicit: (<a href="/request_a_slot.php#Explicit" target="_blank">?</a>)</strong></td>
+      <td>
+        Is the show <em>Explicit</em> ?:
+        <input required type="radio" name="explicit" value="Yes">Yes 
+        <input type="radio" name="explicit" value="Clean">No. 
+        <small>If in doubt please select <strong>Yes</strong>. See <a href="https://www.apple.com/uk/itunes/podcasts/specs.html#submitting">iTunes</a> for more information.</small>
+      </td>
+    </tr>
+    <tr>
+      <td><strong>License: (<a href="/request_a_slot.php#License" target="_blank">?</a>)</strong></td>
+      <td>
+        <select name="license">
+            <option value="CC-BY-SA" selected>CC-BY-SA</option>
+            <option value="CC-BY-NC-SA" >CC-BY-NC-SA</option>
+            <option value="CC-BY-NC-ND" >CC-BY-NC-ND</option>
+            <option value="CC-0" >CC-0</option>
+            <option value="CC-BY-NC" >CC-BY-NC</option>
+            <option value="CC-BY" >CC-BY</option>
+            <option value="Other" >Other</option>
+        </select>
+        <small>See <a href="https://creativecommons.org/licenses/">https://creativecommons.org/licenses/</a> for more information.</small>
+      </td>
+    </tr>
+    <tr>
+      <td><strong>Notes(*) (<a href="/request_a_slot.php#show_notes" target="_blank">?</a>):</strong></td>
+      <td><textarea required name="notes" maxlength="40000" rows="20" cols="70" placeholder="Please add your show notes here." ></textarea></td>
+    </tr>
+    <tr>
+      <td>Format: (<a href="/request_a_slot.php#shownotes_format" target="_blank">?</a>)</td>
+      <td>
+        <small>What format if any did you just use in the show notes above ?</small><br />
+        <select name="shownotes_format">
+            <option value="plain_text" selected>Plain text</option>
+            <option value="html5">HTML5 (Preferred)</option>
+            <option value="Markdown_GitHub">Markdown (GitHub flavoured)</option>
+            <option value="Markdown_Pandoc">Markdown (Pandoc flavoured)</option>
+            <option value="restructured_text">RestructuredText</option>
+            <option value="txt2tags">txt2tags</option>
+        </select>
+      </td>
+    </tr>
+    <tr>
+      <td>Series: (<a href="/request_a_slot.php#series" target="_blank">?</a>)</td>
+      <td>
+        <?php
+        $result = mysqli_query($connection, "SELECT id, name FROM miniseries WHERE private=0 ORDER BY name ASC");
+        echo "<select name=\"series\"><option value=\"0\" selected>none</option>";
+        while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
+            printf("<option value=\"{$row['id']}\">{$row['name']}</option>");
+        }
+        mysqli_free_result($result);
+        ?>
+        </select>
+      </td>
+    </tr>
+    <tr>
+      <td>Tags: (<a href="/request_a_slot.php#tags" target="_blank">?</a>)</td>
+      <td><input required type="text" name="tags" size="70" maxlength="100" placeholder="Add a list of comma separated tags." /><br />
+      Add a list of <strong>comma separated</strong> tags.<br />
+      If you can provide tags for your show that would be appreciated; you are certainly the best judge of what makes good tags, but if not then a volunteer will add them later.
+      </td>
+    </tr>
+    <tr>
+      <td style="vertical-align:top;"><strong>Upload Method: (<a href="/request_a_slot.php#upload_method" target="_blank">?</a>)</strong></td>
+      <td>
+        <em>You have the choice of the following upload options:</em> <br />
+        <p>
+        <strong>1. Upload now</strong> via this browser: (<a href="/request_a_slot.php#browser" target="_blank">?</a>)<br />
+        <input type="file" multiple="multiple" name="media_files[]" title="select if using the http upload option" />
+        </p>
+        <p>
+        <strong>2. Provide a url</strong> for us to get it from: (<a href="/request_a_slot.php#url" target="_blank">?</a>)<br />
+        <input type="url" size="30"  name="url" placeholder="https://example.com/hpr9999.flac">
+        </p>
+        <p>
+        <strong>3. Upload via an alternative method</strong>:
+        If you wish to send a show using another method then please discuss it with the HPR Volunteer at admin@hackerpublicradio.org.
+        </p>
+        <p>
+        <strong>4. Reserve a slot</strong>:
+        Leave upload option 1 and 2 empty if you have received prior approval for a reservation from the Community via the <a href="/mailman/listinfo/hpr_hackerpublicradio.org">HPR Mailing List</a> to either:
+        </p>
+        <ul>
+          <li>Reserve the show now and upload media later.</li>
+          <li>Send physical media by the postal service or deliver in person.<br />
+          <em>Make sure you plan in enough time to deliver your media.</em></li>
+        </ul>
+      </td>
+    </tr>
+  </table>
+  <?php echo "<input type=\"hidden\" name=\"hostid\" value=\"$hostid\">"; ?>
+  <?php echo "<input type=\"hidden\" name=\"key\" value=\"$key\">"; ?>
+  <br />
+  <input type="submit" name="submit_edit" value="Submit"> This will take a <strong>long time</strong>, leave the browser running. You will get an email once the upload is complete.
+  <?php 
+  if ( $ep_num == 9999 ) {
+    echo "<p>\n<em><a href=\"https://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] . "?delete=$key\">Delete this reservation for the Reserve Queue</a>.</em>\n</p>\n"; 
+  }
+  else {
+    echo "<p>\n<em><a href=\"https://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] . "?delete=$key\">Delete this reservation for hpr${ep_num} on ${ep_date}</a>.</em>\n</p>\n"; 
+  }
+  
+  
+  
+  ?>
+  
+  </form>
+</main>
+
+<?php
+include 'footer.html'; 
+?>
diff --git a/hub/upload_confirm.php b/hub/upload_confirm.php
new file mode 100755
index 0000000..cd75b46
--- /dev/null
+++ b/hub/upload_confirm.php
@@ -0,0 +1,546 @@
+<?php
+# request.php > request_confirm.php > upload.php > upload_confirm.php 
+
+require "/home/hpr/php/include.php";
+
+function goback() {
+  header( "Location: " . $_SERVER["HTTP_REFERER"] ) ;
+  exit;
+}
+logextra( "Starting upload_confirm.php");
+
+$query = "SELECT COUNT(*) as total FROM `reservations` WHERE ep_num = 0";
+$result = mysqli_query($connection, "$query");
+$row = mysqli_fetch_array($result, MYSQLI_NUM);
+$total = $row[0];
+
+logextra( "Got reservations" );
+if ($total > 150 ) {
+  # This seems to indicate that we are under an attack as we never get 5 shows in the one day from different hosts.
+  # A host doing bulk upload will need to do them one by one
+  naughty("88fe2bc11a90f9f9ab9bdcc8a82d7401");
+}
+logextra( "No bulk upload" );
+// // // print '<pre>';
+// // // var_dump( $_SERVER['REQUEST_METHOD'] );
+// // // print '</pre>';
+
+
+
+if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) {
+  naughty("29e9019c9615f755aec834000892ee9e"); 
+}
+logextra( "It is a POST" );
+
+if ( empty($_SERVER["REMOTE_ADDR"]) ) {
+  naughty("abb147a251e8db132dafa93d98f8487f");
+}
+else {
+  $ip = $_SERVER["REMOTE_ADDR"];
+}
+logextra( "We have a IP of $ip" );
+
+if (count($_POST) !== 15) {
+  logextra( "" );
+if (count($_POST) !== 17) {
+    # 19 is for mosaic
+    # if this reports 0 is could be that the max upload is not set correctly in php.ini.
+    naughty("7a994999b40e3dc2e3eecfdc36a78d23 ".count($_POST) );
+  }
+}
+logextra( "Correct number of POST entries" );
+
+if ( isset( $_POST['key'] ) and strlen( $_POST['key'] ) ===  45  and strlen( htmlspecialchars( stripslashes( strip_tags( $_POST['key'] ) ) ) ) ===  45 and ctype_xdigit( $_POST['key'] ) ) {
+  $db_key = htmlspecialchars( stripslashes( strip_tags( $_POST['key'] ) ) );
+}
+else {
+  naughty("2fb4c4e05f0e8f37a5b47565cfb863f5");
+}
+logextra( "Field lengths are correct" );
+
+$query = "SELECT * FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$db_key' ";
+$result = mysqli_query($connection, $query);
+$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
+logextra( "Getting this reservation from the db" );
+
+if ( empty($db["ip"]) or $db["key"] != $db_key ) {
+  naughty("3162941738512bfdb1d21f288ee7cdb4");
+}
+else {
+  $db_ip = $db['ip'];
+  $db_email = unformatemail($db['email']);
+  $db_timestamp = $db['timestamp'];
+  $ep_num = $db['ep_num'];
+  $ep_date = $db['ep_date'];
+}
+logextra( "Found this reservation from the db" );
+
+if ( empty($db_email) ) {
+  naughty("457bf84c726d1cbbd381933e3a08b2ac");
+}
+logextra( "Got an email $db_email" );
+
+if ( strtotime($db['timestamp']) >=  $_SERVER["REQUEST_TIME"] ) {
+  naughty("00ad965f523b5c2ade071eb20d3618b5");
+}
+logextra( "Timestamp is not to old" );
+
+if ( strtotime($db['timestamp']) >=  ( $_SERVER["REQUEST_TIME"] ) + 1800 ) {
+  naughty("7570026fd11fc31ac0cada3e1dae4d0b");
+}
+logextra( "Timestamp is not to young" );
+
+if ( empty($_POST["title"]) or strlen($_POST["title"]) > 100 ) {
+  naughty("32831f22fb96d02ce819127d558d28a2");
+}
+logextra( "Title length is OK" );
+
+if ( empty($_POST["summary"]) or strlen( $_POST["summary"]) > 200 or strlen(str_replace('\\', '', $_POST["summary"])) > 100 ) {
+  naughty("ecfcc4c12bf4319d412d66fd2e239249");
+}
+logextra( "Summary length is OK" );
+
+if ( empty($_POST["shownotes_format"]) ) {
+  naughty("a8345484b7a4ebad5af54937a3b2e26b");
+}
+logextra( "Shownotes are not missing" );
+
+if ( !(
+    strcmp($_POST["shownotes_format"], "plain_text") === 0 or
+    strcmp($_POST["shownotes_format"], "html5") === 0 or
+    strcmp($_POST["shownotes_format"], "Markdown_GitHub") === 0 or
+    strcmp($_POST["shownotes_format"], "Markdown_Pandoc") === 0 or
+    strcmp($_POST["shownotes_format"], "restructured_text") === 0 or
+    strcmp($_POST["shownotes_format"], "txt2tags") === 0 ) 
+    ) {
+  naughty("b5609bad7edd70d76d75652fb0592ec4 " . $_POST["shownotes_format"] . " " . strcmp($_POST["shownotes_format"], "."));  
+}
+logextra( "shownotes_format is set OK" );
+
+if ( empty($_POST["explicit"]) ) {
+  naughty("39cc8812b02607d613c6a7ba7e789f2c");
+}
+logextra( "explicit exists" );
+
+if ( strcmp($_POST["explicit"], "Yes") !== 0 ) {
+  logextra( "" );
+if ( strcmp($_POST["explicit"], "Clean") !== 0 ) {
+    naughty("198ab3b8af59ffba12c335239bde2876");
+  }
+}
+logextra( "explicit is either Yes or Clean" );
+
+if ( empty($_POST["license"]) or strlen($_POST["license"]) < 4 or strlen($_POST["license"]) > 11 ) {
+  naughty("194c24ff7396901c0ccc42fb21344683");
+}
+logextra( "license length is fine" );
+
+if ( !(
+    strcmp($_POST["license"], "CC-BY-SA") === 0 or 
+    strcmp($_POST["license"], "CC-BY-NC-SA") === 0 or 
+    strcmp($_POST["license"], "CC-BY-NC-ND") === 0 or 
+    strcmp($_POST["license"], "CC-0") === 0 or 
+    strcmp($_POST["license"], "CC-BY-NC") === 0 or 
+    strcmp($_POST["license"], "CC-BY") === 0 or 
+    strcmp($_POST["license"], "Other") === 0 ) 
+    ) {
+  naughty("f5609bad7edd70d76d75652fb0592ec4");  
+}
+logextra( "license is a valid value" );
+
+if ( empty($_POST["notes"]) or strlen($_POST["notes"]) > 40000 ) {
+  naughty("5860799406a323209b902d5104fe7bae");
+}
+logextra( "Notes are less than max" );
+
+if ( ( empty($_POST["series"]) and ($_POST["series"] != 0 ) ) or (strlen($_POST["series"]) > 3 ) ) {
+  naughty("f1c83b57821d562f66246d975ef28994");
+}
+$series = $_POST["series"];
+$result_series = mysqli_query($connection, "SELECT name FROM miniseries WHERE id='$series'");
+logextra( "Series id is in the correct range" );
+if (!isset($result_series)) {
+  naughty("27457bada69cbc352af762bdf649e905");
+}
+$data=mysqli_fetch_assoc($result_series);
+$series_name = $data['name'];
+logextra( "Series has been found" );
+
+if ( !empty($_POST["tags"]) and strlen($_POST["tags"]) > 100 ) {
+  naughty("49a69b565acecf9d2a96aacc73aec5aa");
+}
+logextra( "Tags are the correct length" );
+
+if ( empty($_POST["host_name"]) or strlen($_POST["host_name"]) > 40 ) {
+  naughty("626eae845e0a448be0544775ab5e4dc4");
+}
+logextra( "host_name is set and correct length" );
+
+if ( strlen($_POST["host_profile"]) > 2000 ) {
+  naughty("f69ec5999e0a02def5a110489401347f");
+}
+logextra( "host_profile is correct length" );
+
+if ( empty($_POST["host_license"]) or strlen($_POST["host_license"]) < 4 or strlen($_POST["host_license"]) > 11 ) {
+  naughty("f2816b32e97be090a96ceabdc9230c9c");
+}
+logextra( "host_license is in the correct range" );
+
+if ( !(
+    strcmp($_POST["host_license"], "CC-BY-SA") === 0 or 
+    strcmp($_POST["host_license"], "CC-BY-NC-SA") === 0 or 
+    strcmp($_POST["host_license"], "CC-BY-NC-ND") === 0 or 
+    strcmp($_POST["host_license"], "CC-0") === 0 or 
+    strcmp($_POST["host_license"], "CC-BY-NC") === 0 or 
+    strcmp($_POST["host_license"], "CC-BY") === 0 or 
+    strcmp($_POST["host_license"], "Other") === 0 ) 
+    ) {
+  naughty("978a18fa8558f3180897429e63d6ae55");  
+}
+logextra( "host_license is a predfined value" );
+
+if ( empty($_POST["hostid"]) and $_POST["hostid"] != 0 ) {
+  naughty("277dc98d43e7840d9f296cce1bc3ec2c");
+}
+logextra( "hostid exists and is not 0" );
+
+$result = mysqli_query($connection, 'SELECT MAX(hostid) as max FROM hosts;');
+
+if (!isset($result)) {
+  naughty("93fcc22d0c5ee3fac35e6d658db76059");
+}
+$data=mysqli_fetch_assoc($result);
+$maxhost = $data['max'];
+
+logextra( "retrieved the max host from db" );
+
+$hostid = $_POST["hostid"];
+logextra( "" );
+if ( (strval(intval($hostid)) != strval($hostid)) or ( intval($hostid) < 0 ) or ( intval($hostid) > $maxhost ) ){
+  naughty("a0f6cae871b85cb66f85d7ed5e91d1bb");
+}
+logextra( "host id is int, and in the correct range" );
+
+if ( !empty($_POST["url"]) and strlen($_POST["url"]) > 1024 ) {
+  naughty("6d4f180c49ff9b9154bd80070ec2c1f3");
+}
+logextra( "The url is set and the correct length" );
+
+if ( !empty($_POST["url"]) ) {
+  if ( filter_var($_POST["url"], FILTER_VALIDATE_URL) === false ) {
+      naughty("9c307efe37146015a35e2d928c2c0f69");
+    }
+    else {
+      $url = htmlspecialchars(filter_var($_POST["url"], FILTER_VALIDATE_URL)); 
+    }
+}
+logextra( "The url has not been altered" );
+
+$dir_structure = "/home/hpr/upload/" . strtotime($db_timestamp) . "_${ep_num}_${ep_date}_${db_key}/";
+
+if ( file_exists( $dir_structure ) ) {
+  naughty("d4250c369bd81b27cdc53d0d53321ecd");
+}
+logextra( "The upload dir seems fine $dir_structure" );
+
+if (!mkdir($dir_structure, 0777, true)) {
+  naughty("804c4be123ca0327840b76bf4f8eb19e");
+}
+
+$shownote_file = "${dir_structure}/shownotes.txt";
+if ( file_exists( $shownote_file ) ) {
+  naughty("33370d1c5c19a6ca4ef3f3ce59158e57");
+}
+logextra( "The shownotes txt file exists $shownote_file" );
+
+$shownote_file_json = "${dir_structure}/shownotes.json";
+if ( file_exists( $shownote_file_json ) ) {
+  naughty("a9564ebc3289b7a14551baf8ad5ec60a");
+}
+logextra( "The shownotes json file exists $shownote_file_json" );
+
+$this_post = print_r($_POST, true);
+$this_file = print_r($_FILES, true);
+
+logextra( "Received $this_post, $this_file" );
+
+
+$show_data = "------------------------------------------------------------";
+$show_data = $show_data . "\nEpisode_Number:\t" . $ep_num;
+$show_data = $show_data . "\nEpisode_Date:\t" . $ep_date;
+$show_data = $show_data . "\nTimestamp:\t" . $db_timestamp;
+$show_data = $show_data . "\nKey:\t" . $_POST['key'];
+$show_data = $show_data . "\nHost_IP:\t" . $db_ip;
+$show_data = $show_data . "\n------------------------------------------------------------";
+$show_data = $show_data . "\nHost_ID:\t" . $_POST['hostid'];
+$show_data = $show_data . "\nHost_Name:\t" . $_POST['host_name'];
+$show_data = $show_data . "\nHost_Email:\t" . $db_email;
+$show_data = $show_data . "\nHost_License:\t" . $_POST['host_license'];
+$show_data = $show_data . "\nHost_Profile:\n" . $_POST['host_profile'];
+$show_data = $show_data . "\n------------------------------------------------------------";
+$show_data = $show_data . "\nTitle:\t" . $_POST['title'];
+$show_data = $show_data . "\nSummary:\t" . $_POST['summary'];
+$show_data = $show_data . "\nShownotes_Format:\t" . $_POST['shownotes_format'];
+$show_data = $show_data . "\nExplicit:\t" . $_POST['explicit'];
+$show_data = $show_data . "\nShow_License:\t" . $_POST['license'];
+$show_data = $show_data . "\nSeries:\t" . $series;
+$show_data = $show_data . "\nSeries_Name:\t" . $series_name;
+$show_data = $show_data . "\nTags:\t" . $_POST['tags'];
+$show_data = $show_data . "\nurl:\t" . $_POST['url'];
+$show_data = $show_data . "\n------------------------------------------------------------";
+$show_data = $show_data . "\nShow_Notes:\n" . $_POST['notes'];
+$show_data = $show_data . "\n------------------------------------------------------------";
+$show_data = $show_data . "\nPOST:\n" . $this_post;
+$show_data = $show_data . "\n------------------------------------------------------------";
+$show_data = $show_data . "\nFILES:\n" . $this_file;
+$show_data = $show_data . "\n------------------------------------------------------------\n";
+
+file_put_contents($shownote_file, stripslashes($show_data) );
+logextra( "Wrote the $shownote_file" );
+
+$show_data_json = array(
+  "host" => array(
+    "Host_ID" => $_POST['hostid'],
+    "Host_Name" => $_POST['host_name'],
+    "Host_Email" => $db_email,
+    "Host_License" => $_POST['host_license'],
+    "Host_Profile" => $_POST['host_profile']
+  ),
+  "episode" => array(
+    "Title" => $_POST['title'],
+    "Summary" => $_POST['summary'],
+    "Explicit" => $_POST['explicit'],
+    "Show_License" => $_POST['license'],
+    "Series" => $series,
+    "Series_Name" => $series_name,
+    "Tags" => $_POST['tags'],
+    "Show_Notes" => $_POST['notes']
+  ),
+  "metadata" => array(
+    "Episode_Number" => $ep_num,
+    "Episode_Date" => $ep_date,
+    "Timestamp" => $db_timestamp,
+    "Key" => $_POST['key'],
+    "Host_IP" => $db_ip,
+    "POST" => $_POST,
+    "FILES" => $_FILES,
+    "url" => $_POST['url'],
+    "Shownotes_Format" => $_POST['shownotes_format'],
+  )
+);
+
+file_put_contents($shownote_file_json, json_encode($show_data_json) );
+logextra( "Wrote the $shownote_file_json" );
+
+if ( !file_exists( $dir_structure ) ) {
+  naughty("a1534e6d525352dce7183a2e22862049");
+}
+logextra( "The dir_structure still exists" );
+
+if ( !file_exists( "$dir_structure/shownotes.txt" ) ) {
+  naughty("ab8051b531c120b8bffd2a5b25a19cc3");
+}
+logextra( "shownotes.txt still exists" );
+
+if ( !file_exists( "$dir_structure/shownotes.json" ) ) {
+  naughty("a9564ebc3289b7a14551baf8ad5ec60a");
+}
+logextra( "shownotes.json still exists" );
+
+$message="";
+
+if ( !empty($_FILES["host_photo"]["tmp_name"]) and !empty($_FILES["host_photo"]["type"]) and $_FILES["host_photo"]["error"] == 0 ) {
+  list($type_main, $type_sub)= explode("/", $_FILES["host_photo"]["type"]);
+  if ( empty($type_sub) or strlen($type_sub) > 4 ) {
+    naughty("c1381f1d2492f81074d8cb70c85f5fc8");
+  }
+  else {
+    $temp_photo = $_FILES["host_photo"]["tmp_name"];
+    $host_photo = "${dir_structure}/photo";
+    move_uploaded_file($temp_photo, $host_photo);
+    $message = $message . "A photo was delivered. ";
+  }
+  logextra( "A photo was delivered" );
+}
+else {
+  $message = $message . "No photo delivered. ";
+}
+logextra( "No photo delivered" );
+
+// Deal with uploaded files.
+$files = count($_FILES["media_files"]["error"]);
+if ( $files > 1 ) {
+  $message = $message . $files . " files were delivered.";
+  logextra( $files . " files were delivered." );
+}
+else
+if ( $files == 1 and $_FILES["media_files"]["error"][ "0"] == 0 ) {
+  $message = $message . "One file was delivered.";
+  logextra( "One file was delivered." );
+}
+else {
+  if ( empty($_POST["url"]) ) {
+    $message = $message . "
+
+You have chosen to upload the files separately from these show notes.
+
+If you wish to send a show using another method then please discuss 
+it with the HPR Volunteer at admin@hackerpublicradio.org
+
+";
+  logextra( "uploading the files separately" );
+  }
+}
+
+foreach($_FILES["media_files"]["tmp_name"] as $key => $val) {
+  if ( $_FILES["media_files"]["error"][ "$key"] == 0 ) {
+    $from = $_FILES["media_files"]["tmp_name"][ "$key"];
+    $to = "${dir_structure}/" . $_FILES["media_files"]["name"][ "$key"] ;
+    $moveResult = move_uploaded_file($from, $to);
+    if ($moveResult != true) {
+      echo "ERROR: File not moved correctly >$from< >$to<";
+      logextra( "ERROR: File not moved correctly >$from< >$to<" );
+    }
+    else {
+      logextra( "File moved correctly >$from< >$to<" );
+    }
+  }
+}
+logextra( "All Files moved" );
+
+########################################################
+// OK You convinced me. 
+
+if ( $ep_num  == 9999 ) {
+  $show_submitted = "RESERVE_SHOW_SUBMITTED";
+}
+else {
+  $show_submitted = "SHOW_SUBMITTED";
+}
+
+$query = "UPDATE reservations SET `verified` = '1', `status` = '$show_submitted' WHERE `ip` = '$db_ip' AND `timestamp` = '$db_timestamp' AND `key` = '$db_key'";
+$result = mysqli_query($connection,  $query );
+if (mysqli_errno($connection)) {
+  $error = "MySQL error ".mysqli_errno($connection).": ".mysqli_error($connection)."\n";
+  problem("Could not update the show reservation to $status in the db");
+  mysqli_free_result($result);
+  mysqli_close($connection);
+  logextra( "$query");
+  die;
+}
+logextra( "Updating the db to $show_submitted" );
+if (!isset($result)) {
+  naughty("c7405e79b54f582e8db46c69ec4b0f24");
+}
+
+$body="give";
+//$body="index_full";
+include 'header.html'; 
+
+?>
+
+<main id="maincontent">
+  <hr />
+  <article>
+    <header>
+        <h1>Thank you</h1>
+    </header>
+    <p>
+    Thank you for your submission.
+    </p>
+    <pre>
+    <?php echo $message; ?>
+    </pre>
+    <p>
+      Your show will now be processed by a HPR Volunteer.
+    </p>
+    <p>
+    Thanks,<br />
+    <br />
+    HPR Bot
+    </p>
+  </article>
+</main>
+
+<?php
+logextra( "Sending email" );
+
+# TODO check for both url and file upload 
+
+use PHPMailer\PHPMailer\PHPMailer;
+use PHPMailer\PHPMailer\Exception;
+use PHPMailer\PHPMailer\SMTP;
+
+require_once('/home/hpr/php/PHPMailer/Exception.php');
+require_once('/home/hpr/php/PHPMailer/PHPMailer.php');
+require_once('/home/hpr/php/PHPMailer/SMTP.php');
+
+date_default_timezone_set('Etc/UTC');
+
+$mailer = new PHPMailer(true); 
+$mailer->isSMTP();
+$mailer->Host = "$mailerHost";
+$mailer->SMTPAuth = true;
+$mailer->SMTPSecure = "ssl";
+$mailer->Port = "465";
+$mailer->Username = "$mailerUsername";
+$mailer->Password = "$mailerPassword";
+
+// Set up to, from, and the message body.  The body doesn't have to be HTML; check the PHPMailer documentation for details.
+$mailer->Sender = 'robot@hobbypublicradio.com';
+$mailer->addReplyTo('admin@hackerpublicradio.org', 'HPR Admins');
+$mailer->setFrom('robot@hobbypublicradio.com', 'HPR Robot');
+$mailer->addBCC('admin@hackerpublicradio.org');
+$mailer->addBCC('admin@hobbypublicradio.org');
+$mailer->AddAddress("$db_email");
+$mailer->isHTML(false);
+if ( $ep_num  === 9999 ) {
+  $mailer->Subject = "Thank you for uploading to the Reserve Queue";
+  $mailer->MsgHTML("<p><em>This email is an automatic reply. If you have not made this request then please ignore this email.</em></p>
+  <p>Thank You for recording an episode for the Reserve Queue.</p>
+  <pre>
+  $message
+  </pre>
+  <p>
+  Your show will now be processed by a HPR Volunteer.<br />
+  Thanks,<br />
+  HPR Bot
+  </p>");
+}
+else {
+  $mailer->Subject = "Thank you for uploading hpr${ep_num}::${ep_date}";
+  $mailer->MsgHTML("<p><em>This email is an automatic reply. If you have not made this request then please ignore this email.</em></p>
+  <p>Thank You for recording hpr${ep_num} for release on ${ep_date}.</p>
+  <pre>
+  $message
+  </pre>
+  <p>
+  Your show will now be processed by a HPR Volunteer.<br />
+  Thanks,<br />
+  HPR Bot
+  </p>");
+}
+
+$mailer->AltBody = "This email is an automatic reply. If you have not made this request then please ignore this email.
+
+Thank You for recording hpr${ep_num} for release on ${ep_date}.
+
+$message
+
+Your show will now be processed by a HPR Volunteer.
+
+Thanks,
+
+HPR Bot";
+
+//send the message, check for errors
+if (!$mailer->send()) {
+    echo 'Mailer Error: ' . $mailer->ErrorInfo;
+}
+
+
+include 'footer.html';
+
+logextra( "Finished upload_confirm.php");
+
+?>
diff --git a/ini/credentials.php b/ini/credentials.php
new file mode 100644
index 0000000..39efd9d
--- /dev/null
+++ b/ini/credentials.php
@@ -0,0 +1,16 @@
+<?php
+/*
+This is where the credentials are kept - only sanitized version to be loaded to git.
+*/
+$databaseHostName = "localhost";
+$databaseName = "hpr_hpr";
+$databaseUsername = "hpr_hpr";
+$databasePassword = 'THE_DATABASE_PASSWORD_HERE';
+
+$mailerHost = "smtp.example.com";
+$mailerUsername = 'robot@example.com';
+$mailerPassword = 'THE_SMTP_MAIL_PASSWORD_HERE';
+
+$hubBaseurl = "https://hub.hackerpublicradio.org/";
+$baseurl = "https://hackerpublicradio.org/";
+?>
diff --git a/ini/hub.cms.htaccess b/ini/hub.cms.htaccess
new file mode 100644
index 0000000..29464fe
--- /dev/null
+++ b/ini/hub.cms.htaccess
@@ -0,0 +1,12 @@
+AuthType Basic
+AuthName "cms"
+AuthUserFile "/path/to/file"
+require valid-user
+Order deny,allow
+Deny from all
+Allow from IPADDRESS 
+Allow from IPADDRESS 
+Allow from IPADDRESS 
+Allow from IPADDRESS 
+Allow from IPADDRESS 
+Satisfy All
diff --git a/ini/include.php b/ini/include.php
new file mode 100644
index 0000000..f13b09b
--- /dev/null
+++ b/ini/include.php
@@ -0,0 +1,339 @@
+<?php
+/*
+This is the include file for the website and includes functions used by other programs.
+*/
+
+require "/home/hpr/php/credentials.php";
+
+$pos = strpos($_SERVER['REQUEST_URI'], '/', 1 );
+if ( ! $pos === false) {
+  $pos = strpos($_SERVER['REQUEST_URI'], '/cms/', 1 );
+  if ( ! $pos === false) {
+    http_response_code(404);
+    mysqli_close();
+    exit;
+  }
+}
+
+date_default_timezone_set("UTC"); 
+
+
+
+if (!($connection = @ mysqli_connect("$databaseHostName", "$databaseUsername", "$databasePassword")))
+die("Could not connect to database");
+
+if (!mysqli_select_db($connection, "$databaseName")) {
+    error_log($msg, 3, "/home/site/logs/sql_error_log");
+    return "Requested page is temporarily unavailable, please try again later.";
+}
+
+$connection->set_charset('utf8');
+
+function rrmdir($src) {
+  $dir = opendir($src);
+  while(false !== ( $file = readdir($dir)) ) {
+    if (( $file != '.' ) && ( $file != '..' )) {
+      $full = $src . '/' . $file;
+      if ( is_dir($full) ) {
+        rrmdir($full);
+      }
+      else {
+        unlink($full);
+      }
+    }
+  }
+  closedir($dir);
+  rmdir($src);
+}
+
+function call412($error){
+  usleep(rand(10000000,30000000));
+	global $HPR_Name, $HPR_Names, $naughtyfile;
+	header("Status: 412 Precondition Failed");
+	print '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="https://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<title>'.$HPR_Name.' Public Radio</title>
+</head>
+<body>
+<h1>412 Precondition Failed</h1>
+<h2>ERROR CODE</h2>
+<p>
+<strong>'.$error.'</strong>
+</p>
+<p>
+If you believe this to be an error, then please copy this error code and send it to admin@hpr.
+</p>
+<p>
+<small>'.date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $_SERVER["HTTP_USER_AGENT"] .'</small>
+</p>
+<!-- 
+If however you are checking out how our site works then 
+please record a show telling us about what you were 
+trying to do.
+
+We are always looking for help from the community and 
+over the years many hackers have helped us improve the site.
+${baseurl}contribute.html
+
+Thanks.
+-->
+</body>
+</html>';
+	file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t" . getUserIPAdress() ."\t" . $error . "\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n", FILE_APPEND | LOCK_EX );
+	exit;
+}
+
+
+function problem($error){
+  global $HPR_Name, $HPR_Names, $naughtyfile;
+	file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t" . getUserIPAdress() ."\tERROR: " . $error . "\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n", FILE_APPEND | LOCK_EX );
+  #usleep(2000000);
+  header("Status: 412 Precondition Failed");
+  print '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<title>'.$HPR_Name.' Public Radio</title>
+</head>
+<body>
+<h1>412 Precondition Failed</h1>
+<h2>ERROR CODE</h2>
+<p>
+<strong>'.$error.'</strong>
+</p>
+<p>
+If you believe this to be an error, then please copy this error code and send it to admin@hpr.
+</p>
+<p>
+<small>'.date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $_SERVER["HTTP_USER_AGENT"] .'</small>
+</p>
+<!-- 
+If however you are checking out how our site works then 
+please record a show telling us about what you were 
+trying to do.
+
+We are always looking for help from the community and 
+over the years many hackers have helped us improve the site.
+${baseurl}contribute.html
+
+Thanks.
+-->
+</body>
+</html>';
+	exit;
+}
+
+function naughty($error){
+  global $HPR_Name, $HPR_Names, $naughtyfile;
+	file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t" . getUserIPAdress() ."\t" . $error . "\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n", FILE_APPEND | LOCK_EX );
+  #usleep(rand(10000000,30000000));
+  header("Status: 412 Precondition Failed");
+  print '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<title>'.$HPR_Name.' Public Radio</title>
+</head>
+<body>
+<h1>412 Precondition Failed</h1>
+<h2>ERROR CODE</h2>
+<p>
+<strong>'.$error.'</strong>
+</p>
+<p>
+If you believe this to be an error, then please copy this error code and send it to admin@hpr.
+</p>
+<p>
+<small>'.date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $_SERVER["HTTP_USER_AGENT"] .'</small>
+</p>
+<!-- 
+If however you are checking out how our site works then 
+please record a show telling us about what you were 
+trying to do.
+
+We are always looking for help from the community and 
+over the years many hackers have helped us improve the site.
+${baseurl}contribute.html
+
+Thanks.
+-->
+</body>
+</html>';
+	exit;
+}
+
+function logextra($message){
+    global $HPR_Name, $HPR_Names, $naughtyfile;
+	file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t" . getUserIPAdress() ."\t" . $message . "\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n", FILE_APPEND | LOCK_EX );
+}
+
+function convertSecToTime($sec){
+	$date1 = new DateTime("@0"); //starting seconds
+	$date2 = new DateTime("@$sec"); // ending seconds
+	$interval =  date_diff($date1, $date2); //the time difference
+	return $interval->format('%y Years, %m months, %d days, %h hours, %i minutes and %s seconds'); // convert into Years, Months, Days, Hours, Minutes and Seconds
+}
+
+function fixid($id){
+    return sprintf('%04d',$id);
+}
+
+function navtext($id,$curr_ep_id){
+    if ( $id <= 1 ) {
+        echo "&lt;&lt; First, &lt; Previous, ";
+    }
+    else {
+        echo "<a href=\"".$_SERVER['PHP_SELF']."?id=0001\" rel=\"first\">&lt;&lt; First, </a>";
+        echo "<a href=\"".$_SERVER['PHP_SELF']."?id=" . (fixid($id-1)) . "\" rel=\"previous\">&lt; Previous, </a>";
+    }
+    if ( $id >= $curr_ep_id ) {
+        echo "Next &gt;, ";
+        echo "Latest &gt;&gt;";
+    }
+    else {
+        echo "<a href=\"".$_SERVER['PHP_SELF']."?id=".(fixid($id+1))."\" rel=\"next\">Next &gt;, </a> ";
+        echo "<a href=\"".$_SERVER['PHP_SELF']."?id=$curr_ep_id\" rel=\"last\">Latest &gt;&gt;</a>";
+    }
+}
+
+function formatemail($email) {
+    // Miminal spam protection 
+  if (!stristr($email, '.nospam@nospam.')){
+    $part = explode("@", $email);
+    $email = $part[0] . ".nospam@nospam." . $part[1];
+  }
+  return $email;
+}
+
+function unformatemail($email) {
+  // Miminal spam protection 
+  if (stristr($email, '.nospam@nospam.')){
+    $part = explode(".nospam@nospam.", $email);
+    $email = $part[0] . "@" . $part[1];
+  }
+  return $email;
+}
+
+function makeClickableLinks($string) {
+    # Used to display links from test urls 
+    $pattern = '/\b((?:https?:\/\/|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:\'".,<>?«»“”‘’]))/i';
+    $replacement = '<a href="$1" target="_blank">$1</a>';
+    return preg_replace($pattern, $replacement, $string);
+}
+
+function get_gravatar( $email, $s = 80, $d = '404', $r = 'x', $img = false, $atts = array() ) {
+    /**
+    * Get either a Gravatar URL or complete image tag for a specified email address.
+    *
+    * @param string $email The email address
+    * @param string $s Size in pixels, defaults to 80px [ 1 - 512 ]
+    * @param string $d Default imageset to use [ 404 | mm | identicon | monsterid | wavatar ]
+    * @param string $r Maximum rating (inclusive) [ g | pg | r | x ]
+    * @param boole $img True to return a complete IMG tag False for just the URL
+    * @param array $atts Optional, additional key/value attributes to include in the IMG tag
+    * @return String containing either just a URL or a complete image tag
+    * @source http://gravatar.com/site/implement/images/php/
+    */
+    $url = 'https://secure.gravatar.com/avatar/';
+    $url .= md5( strtolower( trim( $email ) ) );
+    $url .= "?s=${s}&d=${d}.png";
+    if ( $img ) {
+        $url = '<img src="' . $url . '"';
+        foreach ( $atts as $key => $val )
+            $url .= ' ' . $key . '="' . $val . '"';
+            $url .= '.png />';
+    }
+    return $url;
+}
+
+function getUserIPAdress() {
+	$ip = '';
+	if (getenv('HTTP_CLIENT_IP')) {
+		$ip = getenv('HTTP_CLIENT_IP');
+	}
+	else if(getenv('HTTP_X_FORWARDED_FOR')) {
+		$ip = getenv('HTTP_X_FORWARDED_FOR');
+	}
+	else if(getenv('HTTP_X_FORWARDED')) {
+		$ip = getenv('HTTP_X_FORWARDED');
+	}
+	else if(getenv('HTTP_FORWARDED_FOR')) {
+		$ip = getenv('HTTP_FORWARDED_FOR');
+	}
+	else if(getenv('HTTP_FORWARDED')) {
+		$ip = getenv('HTTP_FORWARDED');
+	}
+	else if(getenv('REMOTE_ADDR')) {
+		$ip = getenv('REMOTE_ADDR');
+	}
+	else {
+		$ip = 'UNKNOWN';
+	}
+	return $ip;
+}
+
+function getUserIP()
+{
+    //check ip from share internet
+    if (!empty($_SERVER['HTTP_CLIENT_IP']))
+    {
+      $ip=$_SERVER['HTTP_CLIENT_IP'];
+    }
+    else
+    {
+      $ip=$_SERVER['REMOTE_ADDR'];
+    }
+    return $ip . "\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n";
+}
+$naughtyfile = '/home/hpr/logs/naughty-ip.txt';
+# Read more: http://vidiame.com/php/how-to-block-multiple-ip-addresses-using-php
+
+if ( strlen($_SERVER['QUERY_STRING']) > 15 ) {
+  file_put_contents($naughtyfile, getUserIP(), FILE_APPEND | LOCK_EX );
+}
+
+function GetFirstFreeSlot() {
+    // --------------------------------------------
+    // Get first free slot
+    $query = mysqli_query("SELECT  id + 1 FROM eps mo
+    WHERE   NOT EXISTS
+            (
+            SELECT  NULL
+            FROM    eps mi 
+            WHERE   mi.id = mo.id + 1
+            )
+    ORDER BY
+            id
+    LIMIT 1");
+    $next_show_num_array = mysqli_fetch_row($query);
+    return $next_show_num_array[0];
+}
+
+function GetLatestPublishedShow($connection){
+  // --------------------------------------------
+  // Get latest published show
+  $query = mysqli_query($connection, "SELECT max(date), max(id) from eps WHERE eps.date <= UTC_DATE()");
+  $current_episode_array = mysqli_fetch_row($query);
+  return array($current_episode_array[0], $current_episode_array[1]);
+}
+
+$PROTOCOL = '';
+if ((!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] !== 'off')) {
+  $PROTOCOL .= 'https://';
+} else {
+  $PROTOCOL .= 'http://';
+}
+
+$HTTP_HOST = $_SERVER['HTTP_HOST'];
+$pos = strpos($HTTP_HOST, "hobbypublicradio");
+if ($pos !== false) {
+    $HPR_Name = "Hobby";
+    $HPR_Names = "hobbyists";
+} else {
+    $HPR_Name = "Hacker";
+    $HPR_Names = "Hackers";
+}
+
+?>
diff --git a/ini/www.htaccess b/ini/www.htaccess
new file mode 100644
index 0000000..197b562
--- /dev/null
+++ b/ini/www.htaccess
@@ -0,0 +1,90 @@
+RewriteEngine on
+
+RewriteCond %{HTTP_USER_AGENT} (DataForSeoBot|MJ12bot|AhrefsBot|BLEXBot|dotbot|PetalBot|SemrushBot*|SiteAuditBot|SplitSignalBot|Yandex) [NC]
+RewriteRule (.*) - [F,L]
+
+RewriteRule "^comments_rss.php$" "/comments.rss" [R]
+
+RewriteRule "^download.php" "/syndication.html" [R=301,NE,L]
+RewriteRule "^about.php|^help_out.php" "/about.html" [R=301,NE,L]
+RewriteRule "^recording.php" "/about.html#recording_a_podcast" [R=301,NE,L]
+RewriteRule "^stuff_you_need_to_know.php" "/about.html#agreement" [R=301,NE,L]
+RewriteRule "^contribute.php" "/about.html#so_you_want_to_record_a_podcast" [R=301,NE,L]
+RewriteRule "^requested_topics.php" "/about.html#requested_topics" [R=301,NE,L]
+RewriteRule "^comments_viewer.php" "/comments_viewer.html" [R=301,NE,L]
+RewriteRule "^sitemap.php|^sitemap.txt" "/sitemap.html" [R=301,NE,L]
+RewriteRule "^tags.php" "/tags.html" [R=301,NE,L]
+RewriteRule "^correspondents.php" "/correspondents/index.html" [R=301,NE,L]
+RewriteRule "^index_full.php|^show.php|^index.php|^twat.php" "/eps/index.html" [R=301,NE,L]
+
+RewriteRule "^calendar.php$" "http://hub.hackerpublicradio.org/calendar.php" [R,L]
+
+ErrorDocument 404 /404.shtml
+
+RewriteCond %{HTTP_HOST} ^.*$
+RewriteRule ^facebook$ "https\:\/\/www\.facebook\.com\/home\.php\?sk\=group_130169220378872\&notif_t\=group_r2j" [R=301,L]
+
+RewriteCond %{HTTP_HOST} ^.*$
+RewriteRule ^linkedin$ "http\:\/\/www\.linkedin\.com\/groups\/Hacker\-Public\-Radio\-3737302" [R=301,L]
+
+RewriteCond %{HTTP_HOST} ^.*$
+RewriteRule ^itunes$ "http\:\/\/itunes\.apple\.com\/us\/podcast\/hacker\-public\-radio\/id281699640" [R=301,L]
+
+# Anti Spam
+RewriteCond %{HTTP_HOST} ^.*$
+RewriteRule ^eps/eps/(.*)$ http://localhost/ [R=301,L]
+RewriteRule index.php/eps/eps/(.*)$ http://localhost/ [R=302,L]
+
+# Remove facebook tracking
+RewriteCond %{QUERY_STRING} ^(.*)(?:^|&)fbclid=(?:[^&]*)((?:&|$).*)$ [NC]
+RewriteCond %1%2 (^|&)([^&].*|$)
+RewriteRule ^(.*) /$1?%2 [R=301,L]
+
+# Redirect episodes to archive.org
+RewriteRule "eps/hpr([0-9]{4})\.(ogg|mp3|spx|wav|flac|opus)" "https://archive.org/download/hpr$1/hpr$1.$2" 
+RewriteRule "local/hpr([0-9]{4})\.(ogg|mp3|spx|wav|flac|opus)" "https://archive.org/download/hpr$1/hpr$1.$2" [R=301,L]
+
+# Rewrite the host series and episode pages
+
+RewriteCond %{QUERY_STRING} id=(\d{1})$
+RewriteRule series\.php /series/000%1.html [L]
+RewriteCond %{QUERY_STRING} id=(\d{2})$
+RewriteRule series\.php /series/00%1.html? [L]
+RewriteCond %{QUERY_STRING} id=(\d{3})$
+RewriteRule series\.php /series/0%1.html? [L]
+RewriteRule "^series\.php$" "/series/index.html" [R=301,NE,L]
+
+
+RewriteCond %{QUERY_STRING} id=(\d{1})$
+RewriteRule hosts\.php /correspondents/000%1.html? [L]
+RewriteCond %{QUERY_STRING} id=(\d{2})$
+RewriteRule hosts\.php /correspondents/00%1.html? [L]
+RewriteCond %{QUERY_STRING} id=(\d{3})$
+RewriteRule hosts\.php /correspondents/0%1.html? [L]
+RewriteRule "^hosts\.php$"            "/correspondents/index.html?" [L]
+
+RewriteCond %{QUERY_STRING} id=(\d{1})$
+RewriteRule eps\.php /eps/hpr000%1/index.html? [L]
+RewriteCond %{QUERY_STRING} id=(\d{2})$
+RewriteRule eps\.php /eps/hpr00%1/index.html? [L]
+RewriteCond %{QUERY_STRING} id=(\d{3})$
+RewriteRule eps\.php /eps/hpr0%1/index.html? [L]
+RewriteCond %{QUERY_STRING} id=(\d{4})$
+RewriteRule eps\.php /eps/hpr%1/index.html? [L]
+#RewriteCond %{QUERY_STRING} (.*(?:^|&))id=([^&]*)&?(.*)&?$
+#RewriteRule "eps\.php"            "/eps/hpr%2/index.html?" [L]
+RewriteRule "^eps\.php$"            "/eps/index.html" [R=301,L]
+
+RewriteCond %{QUERY_STRING} series=111
+RewriteRule hpr_mp3_rss\.php https://linuxinlaws.eu/inlaws_rss.xml
+
+
+<Files 403.shtml>
+order allow,deny
+allow from all
+</Files>
+
+<IfModule headers_module>
+  header set X-Clacks-Overhead "GNU Terry Pratchett"
+</IfModule>
+
diff --git a/www/rss-future.php b/www/rss-future.php
new file mode 100644
index 0000000..bddd78d
--- /dev/null
+++ b/www/rss-future.php
@@ -0,0 +1,214 @@
+<?php
+// TODO
+// lisence
+// filter by date
+// if rss.php then use switches
+// host out of eps
+// explicit from db
+# 
+
+$mimetype = "audio/ogg";
+$format = "ogg";
+
+
+require "/home/hpr/php/include.php";
+$query = "SELECT hosts.host, eps.id, eps.series, eps.title, eps.notes, eps.date, hosts.email, eps.hostid, eps.explicit, eps.version, eps.valid, eps.duration, assets.size
+FROM eps, hosts, assets
+WHERE eps.valid=1
+AND eps.hostid = hosts.hostid
+AND eps.id = assets.episode_id
+AND eps.duration > 0
+AND eps.date >= UTC_DATE()";
+
+if (isset($_GET['format'])) {
+    $this_format = $_GET['format'];
+    if ( $this_format === "mp3" ) {
+        $format = "mp3";
+    }
+    if ( $this_format === "ogg" ) {
+        $format = "ogg";
+    }
+    if ( $this_format === "spx" ) {
+        $format = "spx";
+    }
+}
+
+$query = "${query}\nAND assets.filename REGEXP \"^hpr[0-9]+.$format\"";
+$query = "${query}\nAND assets.extension = '$format'";
+
+$html = 1;
+if (isset($_GET['html'])) {
+    $html = $_GET['html'];
+    if ( $html === "0" ) {
+      $html = 0;
+    }
+}
+
+$full = "1";
+if (isset($_GET['full'])) {
+    $full = $_GET['full'];
+    if ( $full === "1" ) {
+        $feed = "total";
+    }
+    if ( $full === "0" ) {
+        $feed = "tenday";
+    }
+}
+
+if (isset($_GET['hostid'])) {
+    $hostid = $_GET['hostid'];
+    $hostid = intval($hostid);
+    if (is_int(intval($hostid))) {
+        $query = "$query AND hosts.hostid = '$hostid'";
+    }
+}
+if (isset($_GET['series'])) {
+    $series = $_GET['series'];
+    $series = intval($series);
+    if (is_int(intval($series))) {
+        $query = "$query AND eps.series = '$series'";
+    }
+}
+
+$query = "$query ORDER BY id DESC ";
+
+if (isset($_GET['limit'])) {
+    $this_limit = $_GET['limit'];
+    $this_limit = intval($this_limit);
+    if (is_int(intval($this_limit))) {
+        $limit = $this_limit;
+    }
+}
+
+header("Content-type: application/xml");
+header("Pragma: public");
+header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
+
+date_default_timezone_set('UTC');
+
+print '<?xml version="1.0" encoding="UTF-8" ?>' . "\n";
+
+?>
+<rss version="2.0" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" >
+<?php print "<!--\n${query}\n-->\n"; ?>
+<channel>
+  <title>Hacker Public Radio - Future Feed</title>
+  <link><?php print "${baseurl}"; ?>about.html</link>
+  <itunes:subtitle>A daily show hosted the community on topics that are of interest to hackers and hobbyists.</itunes:subtitle>
+  <description>Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists. This is the shows that are in the future feed.</description>
+  <language>en-us</language>
+  <itunes:category text="Technology">
+    <itunes:category text="Tech News"/>
+  </itunes:category>
+  <itunes:category text="Education">
+    <itunes:category text="Training"/>
+  </itunes:category>
+  <itunes:image href="<?php print "${baseurl}"; ?>images/hpr_feed_itunes.png"/>
+  <itunes:explicit>yes</itunes:explicit>
+  <itunes:author>Hacker Public Radio</itunes:author>
+  <itunes:keywords>Community Radio, Tech Interviews, Linux, Open, Hobby, Software Freedom</itunes:keywords>
+  <copyright>Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) License</copyright>
+  <managingEditor>feedback@NOSPAM-hackerpublicradio.org (HPR Feedback)</managingEditor> 
+<!--   <author>feedback@NOSPAM-hackerpublicradio.org (HPR Feedback)</author> -->
+  <itunes:owner>    
+    <itunes:name>HPR Volunteer</itunes:name>
+    <itunes:email>admin@hackerpublicradio.org</itunes:email>
+  </itunes:owner>
+  <webMaster>admin@hackerpublicradio.org (HPR Volunteer)</webMaster> 
+  <generator>kate</generator> 
+  <docs>http://www.rssboard.org/rss-specification</docs>
+  <ttl>43200</ttl>
+  <skipDays>
+    <day>Saturday</day>
+    <day>Sunday</day>
+  </skipDays>
+  <image>
+    <url><?php print "${baseurl}"; ?>images/hpr_feed_small.png</url>
+    <title>Hacker Public Radio</title>
+    <link><?php print "${baseurl}"; ?>about.html</link>
+    <description>The Hacker Public Radio Old Microphone Logo</description>
+    <height>164</height>
+    <width>144</width>
+  </image>
+  <googleplay:author>HPR Volunteer</googleplay:author>
+  <googleplay:description>Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists.</googleplay:description>
+  <googleplay:email>admin@hackerpublicradio.org</googleplay:email>
+  <googleplay:image href="<?php print "${baseurl}"; ?>images/hpr_feed_itunes.png"/>
+  <googleplay:category text="Technology"/>
+<?php
+print "  <atom:link href=\"${baseurl}". str_replace('&', '&amp;', $_SERVER["REQUEST_URI"]) ."\" rel=\"self\" type=\"application/rss+xml\" />\n";
+print "  <pubDate>".date(DATE_RFC1123, strtotime(date('Y-m-d')))."</pubDate>\n";
+
+//Set $r to SQL query for execution agains the table
+
+if ($result = mysqli_query($connection, $query)) {
+  while ($row = mysqli_fetch_array($result)) {
+    $id = fixid(stripslashes($row['id']));
+    $version = $row['version'];
+    if ( $version === "0" ) {
+        $version = "";
+    }
+    else {
+        $version = ".${version}";
+    }
+    $episode_explicit = $row['explicit'];
+    if ($episode_explicit == 0) {
+        $episode_explicit = "Clean";
+    }
+    else{
+        $episode_explicit = "Explicit";
+    } 
+    $url="${baseurl}eps/hpr${id}${version}";
+    if (isset($_GET['hostidinfilename'])) {
+        $hostidinfilename = $_GET['hostidinfilename'];
+        if ( $hostidinfilename === "1" ) {
+          $url = $url . "_host-" . htmlspecialchars(stripslashes(strip_tags($row["hostid"])));
+        }
+    }
+    if ( isset($_GET['seriesidinfilename']) ) {
+        $seriesidinfilename = $_GET['seriesidinfilename'];
+        if ( $seriesidinfilename === "1" ) {
+          $url = $url . "_series-" . htmlspecialchars(stripslashes(strip_tags($row["series"])));
+        }
+    }
+    $url = $url . "." . $format;
+  
+    $itunes_summary = htmlspecialchars(stripslashes(strip_tags(substr($row["notes"],0,4000))));
+    $show_notes = $row["notes"];
+    $warning = "<p>This show has been flagged as $episode_explicit by the host.</p>\n";
+    $show_notes = $show_notes . utf8_encode ( $warning );
+    echo "  <item>\n";
+    if ( $episode_explicit === "Clean" ) {
+        echo "    <itunes:explicit>no</itunes:explicit>\n";
+        echo "    <googleplay:explicit>No</googleplay:explicit>\n";
+    }
+    else {
+        echo "    <itunes:explicit>yes</itunes:explicit>\n";
+        echo "    <googleplay:explicit>Yes</googleplay:explicit>\n";
+    }
+    
+    echo "    <title>HPR$id: " . htmlspecialchars(stripslashes(strip_tags($row["title"]))) . "</title>\n";
+    //    echo "<description> " . ($row["title"]) . "</description>\n";
+    $email_padded = formatemail($row['email']);
+    echo "    <author>". $email_padded . " (" . htmlspecialchars(stripslashes(strip_tags($row["host"]))) .")</author>\n";
+    echo "    <googleplay:author>". $email_padded . " (" . htmlspecialchars(stripslashes(strip_tags($row["host"]))) .")</googleplay:author>\n";
+    echo "    <itunes:author>". $email_padded . " (" . htmlspecialchars(stripslashes(strip_tags($row["host"]))) .")</itunes:author>\n";
+    echo "    <googleplay:image href=\"${baseurl}images/hpr_feed_itunes.png\"/>\n";
+    echo "    <link>${baseurl}eps/hpr".$id."/index.html</link>\n";
+    echo "    <description><![CDATA[" . $show_notes . "]]>\n</description>\n";
+//       echo "    <googleplay:description><![CDATA[" . $show_notes . "]]>\n</googleplay:description>\n";
+    echo "    <itunes:summary><![CDATA[" . $itunes_summary . "]]>\n</itunes:summary>\n";
+    echo "    <pubDate>" .date(DATE_RFC1123, strtotime($row['date'])) . "</pubDate>\n";
+    $length = $row['size'];    
+    echo "    <enclosure url=\"$url\" length=\"$length\" type=\"$mimetype\"/>\n";
+    echo "    <guid>" . $url . "</guid>\n";
+    echo "  </item>\n";
+  }
+}
+//Display non-connection errors
+//Close sql connection
+mysqli_close($connection);
+echo "  </channel>
+</rss>
+";
+?>
diff --git a/www/rss.php b/www/rss.php
new file mode 100644
index 0000000..e199089
--- /dev/null
+++ b/www/rss.php
@@ -0,0 +1,303 @@
+<?php
+// TODO
+// lisence
+// filter by date
+// if rss.php then use switches
+// host out of eps
+// explicit from db
+
+$atomurl=$_SERVER['PHP_SELF'];
+#${atomurl}?" . $_SERVER['QUERY_STRING']. "\" rel=\"
+
+$feed = "tenday";
+$mimetype = "audio/mpeg";
+$format = "mp3";
+$limit = 10;
+
+switch ($atomurl) {
+    case "/hpr_rss.php":
+        $format = "mp3";
+        $mimetype = "audio/mpeg";
+        $feed = "tenday";
+        break;
+    case "/hpr_rss_mp3.php":
+        $format = "mp3";
+        $mimetype = "audio/mpeg";
+        $feed = "tenday";
+        break;
+    case "/hpr_mp3_rss.php":
+        $format = "mp3";
+        $mimetype = "audio/mpeg";
+        $feed = "tenday";
+        break;
+    case "/hpr_total_rss.php":
+        $format = "mp3";
+        $mimetype = "audio/mpeg";
+        $feed = "total";
+        break;
+    case "/hpr_ogg_rss.php":
+        $format = "ogg";
+        $mimetype = "audio/ogg";
+        $feed = "tenday";
+        break;
+    case "/hpr_total_ogg_rss.php":
+        $format = "ogg";
+        $mimetype = "audio/ogg";
+        $feed = "total";
+        break;
+    case "/hpr_spx_rss.php":
+        $format = "spx";
+        $mimetype = "audio/ogg";
+        $feed = "tenday";
+        break;
+    case "/hpr_total_spx_rss.php":
+        $format = "spx";
+        $mimetype = "audio/ogg";
+        $feed = "total";
+        break;
+    case "/rss.php":
+        $format = "mp3";
+        $mimetype = "audio/mpeg";
+        $feed = "tenday";
+        break;
+    case "/rss1.php":
+        $format = "spx";
+        $mimetype = "audio/ogg";
+        $feed = "tenday";
+        break;
+}
+
+require "/home/hpr/php/include.php";
+$query = "SELECT hosts.host, eps.id, eps.series, eps.title, eps.notes, eps.date, hosts.email, eps.hostid, eps.explicit, eps.version, eps.valid, eps.duration, assets.size
+FROM eps, hosts, assets
+WHERE eps.valid=1
+AND eps.hostid = hosts.hostid
+AND eps.id = assets.episode_id
+AND eps.duration > 0";
+
+if (isset($_GET['format'])) {
+    $this_format = $_GET['format'];
+    if ( $this_format === "mp3" ) {
+        $format = "mp3";
+        $mimetype = "audio/mpeg";
+    }
+    if ( $this_format === "ogg" ) {
+        $format = "ogg";
+        $mimetype = "audio/ogg";
+    }
+    if ( $this_format === "spx" ) {
+        $format = "spx";
+        $mimetype = "audio/ogg";
+    }
+}
+
+$query = "${query}\nAND assets.filename REGEXP \"^hpr[0-9]+.$format\"";
+$query = "${query}\nAND assets.extension = '$format'";
+
+$explicit = 1;
+if (isset($_GET['explicit'])) {
+    $explicit = $_GET['explicit'];
+    if ( $explicit === "0" ) {
+        $query = "${query}\nAND eps.explicit=0 ";
+    }
+}
+
+$html = 1;
+if (isset($_GET['html'])) {
+    $html = $_GET['html'];
+    if ( $html === "0" ) {
+      $html = 0;
+    }
+}
+
+$full = "0";
+if (isset($_GET['full'])) {
+    $full = $_GET['full'];
+    if ( $full === "1" ) {
+        $feed = "total";
+    }
+    if ( $full === "0" ) {
+        $feed = "tenday";
+    }
+}
+
+$gomax = "0";
+if (isset($_GET['gomax'])) {
+    $gomax = $_GET['gomax'];
+    if ( $gomax === "1" ) {
+        $gomax = "1";
+    }
+}
+if ( $gomax === "0" ) {
+    $query = "${query}\nAND eps.date <= UTC_DATE() ";
+}
+
+if (isset($_GET['hostid'])) {
+    $hostid = $_GET['hostid'];
+    $hostid = intval($hostid);
+    if (is_int(intval($hostid))) {
+        $query = "${query}\nAND hosts.hostid = '$hostid'";
+    }
+}
+if (isset($_GET['series'])) {
+    $series = $_GET['series'];
+    $series = intval($series);
+    if (is_int(intval($series))) {
+        $query = "${query}\nAND eps.series = '$series'";
+    }
+}
+
+$query = "$query\nORDER BY id DESC";
+
+if (isset($_GET['limit'])) {
+    $this_limit = $_GET['limit'];
+    $this_limit = intval($this_limit);
+    if (is_int(intval($this_limit))) {
+        $limit = $this_limit;
+    }
+}
+
+if ( $feed !== "total" ) {
+    $query = "$query\nLIMIT $limit";
+}
+
+header("Content-type: application/xml");
+header("Pragma: public");
+header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
+
+date_default_timezone_set('UTC');
+
+print '<?xml version="1.0" encoding="UTF-8" ?>' . "\n";
+
+?>
+<rss version="2.0" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" >
+<?php print "<!--\n${query}\n-->"; ?>
+<channel>
+  <title>Hacker Public Radio</title>
+  <link>https://hackerpublicradio.org/about.html</link>
+  <itunes:subtitle>A daily show hosted the community on topics that are of interest to hackers and hobbyists.</itunes:subtitle>
+  <description>Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists.</description>
+  <language>en-us</language>
+  <itunes:category text="Technology">
+    <itunes:category text="Tech News"/>
+  </itunes:category>
+  <itunes:category text="Education">
+    <itunes:category text="Training"/>
+  </itunes:category>
+  <itunes:image href="http://hackerpublicradio.org/images/hpr_feed_itunes.png"/>
+  <itunes:explicit>yes</itunes:explicit>
+  <itunes:author>Hacker Public Radio</itunes:author>
+  <itunes:keywords>Community Radio, Tech Interviews, Linux, Open, Hobby, Software Freedom</itunes:keywords>
+  <copyright>Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) License</copyright>
+  <managingEditor>feedback@NOSPAM-hackerpublicradio.org (HPR Feedback)</managingEditor> 
+<!--   <author>feedback@NOSPAM-hackerpublicradio.org (HPR Feedback)</author> -->
+  <itunes:owner>    
+    <itunes:name>HPR Volunteer</itunes:name>
+    <itunes:email>admin@hackerpublicradio.org</itunes:email>
+  </itunes:owner>
+  <webMaster>admin@hackerpublicradio.org (HPR Volunteer)</webMaster> 
+  <generator>kate</generator> 
+  <docs>http://www.rssboard.org/rss-specification</docs>
+  <ttl>43200</ttl>
+  <skipDays>
+    <day>Saturday</day>
+    <day>Sunday</day>
+  </skipDays>
+  <image>
+    <url>https://hackerpublicradio.org/images/hpr_feed_small.png</url>
+    <title>Hacker Public Radio</title>
+    <link>https://hackerpublicradio.org/about.html</link>
+    <description>The Hacker Public Radio Old Microphone Logo</description>
+    <height>164</height>
+    <width>144</width>
+  </image>
+  <googleplay:author>HPR Volunteer</googleplay:author>
+  <googleplay:description>Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists.</googleplay:description>
+  <googleplay:email>admin@hackerpublicradio.org</googleplay:email>
+  <googleplay:image href="http://hackerpublicradio.org/images/hpr_feed_itunes.png"/>
+  <googleplay:category text="Technology"/>
+<?php
+print "  <atom:link href=\"http://hackerpublicradio.org". str_replace('&', '&amp;', $_SERVER["REQUEST_URI"]) ."\" rel=\"self\" type=\"application/rss+xml\" />\n";
+print "  <pubDate>".date(DATE_RFC1123, strtotime(date('Y-m-d')))."</pubDate>\n";
+
+if ($result = mysqli_query($connection, $query)) {
+  while ($row = mysqli_fetch_array($result)) {  
+    $id = fixid(stripslashes($row['id']));
+    $version = $row['version'];
+    if ( $version === "0" ) {
+        $version = "";
+    }
+    else {
+        $version = ".${version}";
+    }
+    $episode_explicit = $row['explicit'];
+    if ($episode_explicit == 0) {
+        $episode_explicit = "Clean";
+    }
+    else{
+        $episode_explicit = "Explicit";
+    } 
+    $url="http://hackerpublicradio.org/eps/hpr${id}${version}";
+    if (isset($_GET['hostidinfilename'])) {
+        $hostidinfilename = $_GET['hostidinfilename'];
+        if ( $hostidinfilename === "1" ) {
+          $url = $url . "_host-" . htmlspecialchars(stripslashes(strip_tags($row["hostid"])));
+        }
+    }
+    if ( isset($_GET['seriesidinfilename']) ) {
+        $seriesidinfilename = $_GET['seriesidinfilename'];
+        if ( $seriesidinfilename === "1" ) {
+          $url = $url . "_series-" . htmlspecialchars(stripslashes(strip_tags($row["series"])));
+        }
+    }
+    $url = $url . "." . $format;
+  
+    $itunes_summary = htmlspecialchars(stripslashes(strip_tags(substr($row["notes"],0,4000))));
+    if ( $html == 1 ) {
+#        $show_notes = "<p>This show has been flagged as $episode_explicit by the host.</p>\n" . $row["notes"];
+    $show_notes = $row["notes"];
+    $warning = "<p>This show has been flagged as $episode_explicit by the host.</p>\n";
+    }
+    else {
+#        $show_notes = "This show has been flagged as $episode_explicit by the host.\n" . htmlspecialchars(stripslashes(strip_tags($row["notes"]))) ;
+    $show_notes = htmlspecialchars(stripslashes(strip_tags($row["notes"]))) ;
+    $warning = "This show has been flagged as $episode_explicit by the host.\n";
+    }
+#      $show_notes = utf8_encode ( $show_notes );
+    $warning = utf8_encode ( $warning );
+    echo "  <item>\n";
+    if ( $episode_explicit === "Clean" ) {
+        echo "    <itunes:explicit>no</itunes:explicit>\n";
+        echo "    <googleplay:explicit>No</googleplay:explicit>\n";
+    }
+    else {
+        echo "    <itunes:explicit>yes</itunes:explicit>\n";
+        echo "    <googleplay:explicit>Yes</googleplay:explicit>\n";
+    }
+    
+    echo "    <title>HPR$id: " . htmlspecialchars(stripslashes(strip_tags($row["title"]))) . "</title>\n";
+    //    echo "<description> " . ($row["title"]) . "</description>\n";
+    $email_padded = formatemail($row['email']);
+    echo "    <author>". $email_padded . " (" . htmlspecialchars(stripslashes(strip_tags($row["host"]))) .")</author>\n";
+    echo "    <googleplay:author>". $email_padded . " (" . htmlspecialchars(stripslashes(strip_tags($row["host"]))) .")</googleplay:author>\n";
+    echo "    <itunes:author>". $email_padded . " (" . htmlspecialchars(stripslashes(strip_tags($row["host"]))) .")</itunes:author>\n";
+    echo "    <googleplay:image href=\"http://hackerpublicradio.org/images/hpr_feed_itunes.png\"/>\n";
+    echo "    <link>https://hackerpublicradio.org/eps/hpr".$id."/index.html</link>\n";
+    echo "    <description><![CDATA[" . $show_notes . "]]>\n</description>\n";
+//       echo "    <googleplay:description><![CDATA[" . $show_notes . "]]>\n</googleplay:description>\n";
+    echo "    <itunes:summary><![CDATA[" . $itunes_summary . "]]>\n</itunes:summary>\n";
+    echo "    <pubDate>" .date(DATE_RFC1123, strtotime($row['date'])) . "</pubDate>\n";
+    $length = $row['size'];    
+    echo "    <enclosure url=\"$url\" length=\"$length\" type=\"$mimetype\"/>\n";
+    echo "    <guid>" . $url . "</guid>\n";
+    echo "  </item>\n";
+
+  }
+}
+//Display non-connection errors
+//Close sql connection
+mysqli_close($connection);
+echo "  </channel>
+</rss>
+";
+?>