hpr_hub/cms/comment_process.php

157 lines
5.1 KiB
PHP
Raw Permalink Normal View History

2023-07-02 14:47:44 +00:00
<?php
require "/home/hpr/php/include.php";
date_default_timezone_set('UTC');
2023-07-02 14:47:44 +00:00
if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) {
naughty("5c965856fd6e1af9256c04d400698fae not GET methog");
2023-07-02 14:47:44 +00:00
}
2023-07-02 14:47:44 +00:00
$num_get_args=0;
foreach($_GET as $k => $v) {
2023-12-23 10:24:21 +00:00
++$num_get_args;
2023-07-02 14:47:44 +00:00
}
if ( $num_get_args !== 2 ){
2023-12-23 10:24:21 +00:00
# they are trying to GET on a POST request
naughty("638709cc1d7f107c024eb2a663675e8c num_get_args $num_get_args");
2023-07-02 14:47:44 +00:00
}
if ( empty($_GET["key"]) or empty($_GET["action"]) ) {
naughty("991ce46448d64b90bc8a837b58b7ad20 missing key");
2023-07-02 14:47:44 +00:00
}
if ( empty($_GET["key"]) or strlen($_GET["key"]) !== 45 ) {
naughty("c9e5ea8d870dda8db08bc570cbed7f84 wrong key length");
2023-07-02 14:47:44 +00:00
}
if ( !empty($_GET["key"]) and
2023-12-23 10:24:21 +00:00
isset( $_GET['key'] ) and
strlen( $_GET['key'] ) === 45 and
strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) === 45 and
ctype_xdigit( $_GET['key'] )
) {
$key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) );
2023-07-02 14:47:44 +00:00
}
else {
naughty("868d9cc49b2f1e4a9319a8e8755d6189 wrong key type");
2023-07-02 14:47:44 +00:00
}
if ( !in_array($_GET["action"], array('publish','approve','delete','block'), true ) ) {
naughty("c0ca62c918f9bb0ab72da0cdf2f2e8df wrong action");
2023-07-02 14:47:44 +00:00
}
else {
$action = $_GET["action"];
}
if ( ! file_exists( $comment_directory ) ) {
2023-12-23 10:24:21 +00:00
# Looks like the comments directory has not been created
naughty("0fdffa1dbe94e0730cef457be93ebf40 cant find comment directory");
2023-07-02 14:47:44 +00:00
}
$files = glob( "${comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_${key}.json" );
if (count($files) === 0) {
naughty("3efef2971727905064855d7866cb0059 cant find comment file - has the comment already been processed ?");
2023-07-02 14:47:44 +00:00
}
else {
2023-12-23 10:24:21 +00:00
$file = $files[0];
2023-07-02 14:47:44 +00:00
}
list($begin, $file_ip, $end) = explode('_', $file);
if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) {
naughty("70ebe39c92b393c288e41a4d3128b5da not a valid file format");
2023-07-02 14:47:44 +00:00
}
if ( $action === 'block' ) {
2023-12-23 10:24:21 +00:00
file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t${file_ip}\tReported as comment spammer\t${key}\n", FILE_APPEND | LOCK_EX );
unlink( "${file}" );
$db["http_code"] = "201";
$db["action"] = "block";
2023-12-23 10:24:21 +00:00
http_response_code(201);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($db);
2023-12-23 10:24:21 +00:00
exit;
2023-07-02 14:47:44 +00:00
}
2023-12-23 10:24:21 +00:00
if ( $action === 'delete' ) {
unlink( "${file}" );
$db["http_code"] = "202";
$db["action"] = "delete";
2023-12-23 10:24:21 +00:00
http_response_code(202);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($db);
2023-12-23 10:24:21 +00:00
exit;
}
2023-07-02 14:47:44 +00:00
2023-12-23 10:24:21 +00:00
if ( $action === 'approve' ) {
unlink( "${file}" );
$db["http_code"] = "200";
$db["action"] = "approve";
http_response_code(200);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($db);
exit;
}
if ( $action === 'publish' ) {
2023-12-23 10:24:21 +00:00
$comment = file_get_contents("$file");
$json = json_decode($comment, true);
2023-12-23 10:24:21 +00:00
require "/home/hpr/public_html_hub/cms/comment_checks.php";
2023-12-23 10:24:21 +00:00
$ep_num = mysqli_real_escape_string( $connection, $ep_num );
$comment_timestamp_db = mysqli_real_escape_string( $connection, $comment_timestamp_db );
$comment_author_name = mysqli_real_escape_string( $connection, $comment_author_name );
$comment_title = mysqli_real_escape_string( $connection, $comment_title );
$comment_text = mysqli_real_escape_string( $connection,$comment_text );
2023-12-23 10:24:21 +00:00
// OK I believe you
if ( strcmp($justification, "No justification is asked for or required.") !== 0 ) {
file_put_contents($justification_file, "$justification\n", FILE_APPEND | LOCK_EX );
}
$ep_retrieve = "SELECT id FROM comments WHERE comment_timestamp='$comment_timestamp' AND comment_author_name='$comment_author_name'";
if ($result = mysqli_query($connection, $ep_retrieve)) {
if ( $result->fetch_assoc()) {
naughty("9422f4e06ded59e4e7c2e426e62ffa5e comment already in database. comment_timestamp='$comment_timestamp_db' and comment_author_name='$comment_author_name'");
}
}
$query_add = "INSERT INTO comments (eps_id,comment_timestamp,comment_author_name,comment_title,comment_text) VALUES ( '{$ep_num}', '{$comment_timestamp_db}', '{$comment_author_name}', '{$comment_title}', '{$comment_text}')";
2023-12-23 10:24:21 +00:00
$result = mysqli_query($connection, $query_add );
if(!$result) {
problem("ERROR: DB problem - The comment was not added to the db.");
}
if (mysqli_errno( $connection )) {
$error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n";
problem("ERROR: MySQL error- The comment was not added to the db.\n$error");
}
$query = "SELECT * FROM comments WHERE comment_timestamp='$comment_timestamp_db' AND comment_author_name='$comment_author_name'";
$result = @mysqli_query($connection, $query);
$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ( empty($db["id"]) ) {
naughty("1caead2716fb4e793b11f978eddd7559 could not find the id of the entry. comment_timestamp='$comment_timestamp_db' and comment_author_name='$comment_author_name'");
}
unlink( "${file}" );
$db["http_code"] = "200";
$db["action"] = "publish";
2023-12-23 10:24:21 +00:00
http_response_code(200);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($db);
2023-12-23 10:24:21 +00:00
exit;
}
2023-07-02 14:47:44 +00:00
// exit;
2023-12-23 10:24:21 +00:00
http_response_code(500);
2023-07-02 14:47:44 +00:00
?>