request_confirm.php > upload.php > upload_confirm.php require "/home/hpr/php/include.php"; $ip = $_SERVER["REMOTE_ADDR"]; $key = uniqid(md5(rand())); # Remove any stale requests. # This should be enough to deter attackers while been short enough to allow real hosts to request a show. $query_delete_old = "DELETE FROM reservations WHERE reservations.timestamp + INTERVAL 1 DAY <= UTC_TIMESTAMP() AND reservations.verified = 0"; $result_delete_old = @mysqli_query($connection, $query_delete_old); # Remove stale requests from this IP Address after 15 minutes. # This should be enough to deter attackers while been short enough to allow real hosts to request a show. $query_delete = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.timestamp + INTERVAL 15 MINUTE <= UTC_TIMESTAMP() AND reservations.verified = 0"; $result_delete = @mysqli_query($connection, $query_delete); # Check that this ip is not uploading in another session $query_dupe = "SELECT COUNT(*), timestamp FROM `reservations` WHERE ip = '$ip' and verified = 0"; $result_dupe = mysqli_query($connection, "$query_dupe"); $row_dupe = mysqli_fetch_array($result_dupe, MYSQLI_NUM); $num_from_this_ip = $row_dupe[0]; $show_timestamp = strtotime($row_dupe[1]); if( !isset($row_dupe) or $num_from_this_ip != 0 ) { header('Cache-Control: no-cache'); header('Pragma: no-cache'); header("Status: 412 Precondition Failed"); include("header.php"); echo "

Existing request detected: "; $timestamp = time()+date("Z"); echo gmdate("Y-m-d\TH:i:s\Z",$timestamp); echo "

\n"; $localtime = date('l jS \of F Y h:i:s A', $show_timestamp); echo "

It seems another request was made from this ip address\n (${ip}) on ${localtime}.

\n"; echo "

This lock is set for 15 minutes to deter attacks and will be released in about " . round(abs(16 - ( $timestamp - $show_timestamp ) / 60 ) ) . " minutes.

\n"; echo "

There are several reasons why you would see this page:

\n"; echo "\n"; echo "

\n"; echo "

Return to the calendar page.

\n"; echo "\n"; echo "
\n"; echo "

If you are having issues please send the following information to admin @ HPR to assist in troubleshooting the issue:

\n"; echo "
\n";
  echo "${timestamp}\n";
  echo "${show_timestamp}\n";
  $agent = $_SERVER['HTTP_USER_AGENT'];
  $uri = $_SERVER['REQUEST_URI'];
  print "${ip}\n";
  print "${agent}\n";
  print "${uri}\n";
  echo "
\n"; echo "
\n"; file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t" . getUserIPAdress() . "\tExisting Request\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n" , FILE_APPEND | LOCK_EX ); exit; } # Create a temporary entry for this host. $query_add = "INSERT INTO reservations VALUES ('$ip', UTC_TIMESTAMP(), '$key', '0', '1970-01-01', 'none@example.com', '0', 'REQUEST_UNVERIFIED' )"; $result = mysqli_query($connection, $query_add ) or die(mysqli_error()); # Check to see if we're under attack $query = "SELECT COUNT(*) as total FROM `reservations` WHERE ep_num = 0"; $result = mysqli_query($connection, "$query"); $row = mysqli_fetch_array($result, MYSQLI_NUM); $total = $row[0]; if( !isset($total) or $total > 150 ) { header("Status: 412 Precondition Failed"); echo "

Suspicious activity detected

"; echo "

$total Uploads have temporarily been suspended due to suspicious activity.
If you are attacking us why not record a show telling us about what you were trying to do ?

"; echo "

While these people have their fun, can we ask you to send your show another way.
Contact admin @ HPR for more information.

"; exit; } // Populate the list of posted shows $show_array = array (); $ep_retrieve = "(SELECT `id`, `date` FROM eps ) UNION (SELECT `ep_num` AS id, `ep_date` AS date FROM reservations WHERE `ep_num` >0) order by id"; if ($result = mysqli_query($connection, $ep_retrieve)) { while ($row = mysqli_fetch_array($result)) { $rowid = $row['id']; $date = $row['date']; $show_array[$rowid] = date('Y-m-d', strtotime($date) ) ; } } /* Entry is either to the page or with the id variable set (default selected) */ if (isset($_GET['id'])){ $id = $_GET['id']; $id = intval($id); $num_get_args=0; foreach($_GET as $k => $v) { ++$num_get_args; } if ( strval( intval( $id ) ) != strval( $id ) ) { naughty("e015b7c89da03385a9156d3e5d2eb25d"); } if ( intval( $id ) <= 0 ) { naughty("1493a07dec01a006d11bf43d2f17e5aa"); } if ( $num_get_args > 2 ) { naughty("79543dbb498ec47404aaed4d56bdc22b"); } if ( intval($id) > 9999 ) { naughty("f1f531c768f64404cb00437254b06d71"); } if ( $id != 9999 ) { if ( isset( $show_array[$id] ) ) { naughty("2227263ac7171aca3214d155dec539ad"); } } } else { $id = ""; } $query = mysqli_query($connection, "SELECT id, date FROM eps mo WHERE NOT EXISTS ( SELECT NULL FROM eps mi WHERE mi.id = mo.id + 1 ) ORDER BY id LIMIT 1"); $next_show_num_array = mysqli_fetch_row($query); $next_show_num = $next_show_num_array[0] + 1; $next_show_date = date('Y-m-d', strtotime($next_show_num_array[1] . ' + 1 weekday')); $body="give"; //$body="index_full"; include 'header.php'; ?>

Requesting a slot for your show.

Please select your desired slot, and enter a valid email address.
See our ">help page for more information

Slot: \n"; $this_episode_date = $next_show_date; if ( $id == 9999 ) { echo "\n"; } else { echo "\n"; } for ( $slot = $next_show_num; $slot<($next_show_num+365); $slot++ ) { if (empty($show_array[$slot])) { if ( $slot == $id ) { echo "\n"; } else { } echo "\n"; } $this_episode_date = date('Y-m-d', strtotime($this_episode_date . ' + 1 weekday')); } echo ""; if ( ( $slot < $id ) AND ( $id != 9999 ) ) { echo "
\nUnfortunately it is not possible to schedule episode $id. Please select another slot or contact admin@hackerpublicradio.org for more assistance.\n"; } ?>
E-mail:

You must have your audio recording ready to upload ">before you pick a slot.

We will send you an email with a link to where you can upload your show.