172 lines
3.9 KiB
PHP
Executable File
172 lines
3.9 KiB
PHP
Executable File
<?php
|
|
require "/home/hpr/php/include.php";
|
|
|
|
if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) {
|
|
naughty("5c965856fd6e1af9256c04d400698fae");
|
|
}
|
|
$num_get_args=0;
|
|
|
|
foreach($_GET as $k => $v) {
|
|
++$num_get_args;
|
|
}
|
|
if ( $num_get_args !== 2 ){
|
|
# they are trying to GET on a POST request
|
|
naughty("638709cc1d7f107c024eb2a663675e8c");
|
|
}
|
|
|
|
if ( empty($_GET["key"]) or empty($_GET["action"]) ) {
|
|
naughty("991ce46448d64b90bc8a837b58b7ad20");
|
|
}
|
|
|
|
if ( empty($_GET["key"]) or strlen($_GET["key"]) !== 45 ) {
|
|
naughty("c9e5ea8d870dda8db08bc570cbed7f84");
|
|
}
|
|
|
|
if ( !empty($_GET["key"]) and
|
|
isset( $_GET['key'] ) and
|
|
strlen( $_GET['key'] ) === 45 and
|
|
strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) === 45 and
|
|
ctype_xdigit( $_GET['key'] )
|
|
) {
|
|
$key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) );
|
|
}
|
|
else {
|
|
naughty("868d9cc49b2f1e4a9319a8e8755d6189");
|
|
}
|
|
|
|
if ( !in_array($_GET["action"], array('approve','delete','block'), true ) ) {
|
|
naughty("c0ca62c918f9bb0ab72da0cdf2f2e8df ");
|
|
}
|
|
else {
|
|
$action = $_GET["action"];
|
|
}
|
|
|
|
$comment_directory = "/home/hpr/comments";
|
|
|
|
if ( ! file_exists( $comment_directory ) ) {
|
|
# Looks like the comments directory has not been created
|
|
naughty("0fdffa1dbe94e0730cef457be93ebf40");
|
|
}
|
|
|
|
$files = glob( "${comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_${key}.json" );
|
|
if (count($files) === 0) {
|
|
naughty("3efef2971727905064855d7866cb0059");
|
|
}
|
|
else {
|
|
$file = $files[0];
|
|
}
|
|
|
|
list($begin, $file_ip, $end) = explode('_', $file);
|
|
|
|
if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) {
|
|
naughty("70ebe39c92b393c288e41a4d3128b5da");
|
|
}
|
|
|
|
if ( $action === 'block' ) {
|
|
file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t${file_ip}\tReported as comment spammer\t${key}\n", FILE_APPEND | LOCK_EX );
|
|
unlink( "${file}" );
|
|
http_response_code(201);
|
|
exit;
|
|
}
|
|
|
|
if ( $action === 'delete' ) {
|
|
unlink( "${file}" );
|
|
http_response_code(202);
|
|
exit;
|
|
}
|
|
|
|
if ( $action === 'approve' ) {
|
|
|
|
$comment = file_get_contents("$file");
|
|
|
|
$json = json_decode($comment, true);
|
|
echo '<pre>' . print_r($json, true) . '</pre>';
|
|
|
|
// check json
|
|
|
|
if ( empty($json["eps_id"]) ) {
|
|
naughty("6740e9b34590fe5b8f1829aeb5da099d");
|
|
}
|
|
|
|
if ( empty($json["comment_timestamp"]) ) {
|
|
naughty("4850b4b0006a60d86bafee8a8592b3f8");
|
|
}
|
|
|
|
if ( empty($json["comment_author_name"]) ) {
|
|
naughty("15f377e657196bb8192ec11755b0ca75");
|
|
}
|
|
|
|
if ( empty($json["comment_title"]) ) {
|
|
naughty("ce604e6bf3c1e0aa0ec7ab78ae07e6cb");
|
|
}
|
|
|
|
if ( empty($json["comment_text"]) ) {
|
|
naughty("d4101542e2d0264c0cdb8ac4bdf6bf09");
|
|
}
|
|
if ( empty($json["justification"]) ) {
|
|
naughty("f87785f8eda5d75de8cb08c386c66c56");
|
|
}
|
|
if ( empty($json["key"]) ) {
|
|
naughty("f87785f8eda5d75de8cb08c386c66c56");
|
|
}
|
|
|
|
// check ip
|
|
|
|
if ( empty($json["ip"]) ) {
|
|
naughty("025622ea15552a7b8a3ae71405cf1fbf");
|
|
}
|
|
|
|
$ip = $json["ip"];
|
|
|
|
if ( ! filter_var($ip, FILTER_VALIDATE_IP)) {
|
|
naughty("571f2d51046da9c923e01ae8bbfc037e");
|
|
}
|
|
|
|
// check ep_num
|
|
|
|
$ep_num = $json["eps_id"];
|
|
|
|
if ( intval($ep_num) === 0 ) {
|
|
$x = intval($ep_num);
|
|
naughty("fdae5c63eb5608820b13c9d096166c84");
|
|
}
|
|
else {
|
|
$ep_num = intval($ep_num);
|
|
}
|
|
|
|
if ( ( $ep_num <= 0 ) OR ( $ep_num >= 9999) ) {
|
|
naughty("eb90a1a69fd531d5c649e3f5367bd570");
|
|
}
|
|
|
|
$show_array = array ();
|
|
|
|
$ep_retrieve = "SELECT id FROM eps WHERE id=$ep_num;";
|
|
|
|
|
|
if ($result = mysqli_query($connection, $ep_retrieve)) {
|
|
if ( ! $result->fetch_assoc()) {
|
|
naughty("b9ac28c5c661d7ed1c4c009de0279e07");
|
|
}
|
|
}
|
|
|
|
// date
|
|
|
|
|
|
$date = '2011-10-02T23:25:42Z';
|
|
var_dump(validateDate($date));
|
|
|
|
|
|
|
|
// OK I believe you
|
|
|
|
// INSERT INTO comments (eps_id,comment_timestamp,comment_author_name,comment_title,comment_text), VALUES ( $ep_num, $comment_timestamp, $comment_author_name, $comment_title, $comment_text);
|
|
// unlink( "${file}" );*/
|
|
http_response_code(200);
|
|
exit;
|
|
}
|
|
|
|
// exit;
|
|
|
|
http_response_code(500);
|
|
?>
|