hpr_hub/cms/comment_process.php

<?php
require "/home/hpr/php/include.php";

date_default_timezone_set('UTC');

if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) {
  naughty("5c965856fd6e1af9256c04d400698fae not GET methog"); 
}

$num_get_args=0;

foreach($_GET as $k => $v) { 
  ++$num_get_args; 
}
if ( $num_get_args !== 2 ){
  # they are trying to GET on a POST request
  naughty("638709cc1d7f107c024eb2a663675e8c num_get_args $num_get_args");
}

if ( empty($_GET["key"]) or empty($_GET["action"]) ) {
  naughty("991ce46448d64b90bc8a837b58b7ad20 missing key");
}

if ( empty($_GET["key"]) or strlen($_GET["key"]) !== 45  ) {
  naughty("c9e5ea8d870dda8db08bc570cbed7f84 wrong key length");
}

if ( !empty($_GET["key"]) and 
    isset( $_GET['key'] ) and 
    strlen( $_GET['key'] ) ===  45 and 
    strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) ===  45 and 
    ctype_xdigit( $_GET['key'] ) 
  ) {
  $key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) );
}
else {
  naughty("868d9cc49b2f1e4a9319a8e8755d6189 wrong key type");
}

if ( !in_array($_GET["action"], array('publish','approve','delete','block'), true ) ) {
  naughty("c0ca62c918f9bb0ab72da0cdf2f2e8df wrong action");
}
else {
    $action = $_GET["action"];
}

if ( ! file_exists( $comment_directory ) ) {
  # Looks like the comments directory has not been created
  naughty("0fdffa1dbe94e0730cef457be93ebf40 cant find comment directory");
}

$files = glob( "${comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_${key}.json" );
if (count($files) === 0) {
  naughty("3efef2971727905064855d7866cb0059 cant find comment file - has the comment already been processed ?");
}
else {
  $file = $files[0];
}

list($begin, $file_ip, $end) = explode('_', $file);

if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) {
  naughty("70ebe39c92b393c288e41a4d3128b5da not a valid file format");
}

if ( $action === 'block' ) {
  file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t${file_ip}\tReported as comment spammer\t${key}\n", FILE_APPEND | LOCK_EX );
  unlink( "${file}" );
  $db["http_code"] = "201";
  $db["action"] = "block";
  http_response_code(201);
  header('Content-Type: application/json; charset=utf-8');
  echo json_encode($db);
  exit;
}

if ( $action === 'delete' ) {
  unlink( "${file}" );
  $db["http_code"] = "202";
  $db["action"] = "delete";
  http_response_code(202);
  header('Content-Type: application/json; charset=utf-8');
  echo json_encode($db);
  exit;
}

if ( $action === 'approve' ) {
  unlink( "${file}" );
  $db["http_code"] = "200";
  $db["action"] = "approve";
  http_response_code(200);
  header('Content-Type: application/json; charset=utf-8');
  echo json_encode($db);
  exit;
}

if ( $action === 'publish' ) {

  $comment = file_get_contents("$file");

  $json = json_decode($comment, true);
  
  require "/home/hpr/public_html_hub/cms/comment_checks.php";
  
  $ep_num = mysqli_real_escape_string( $connection, $ep_num );
  $comment_timestamp_db = mysqli_real_escape_string( $connection, $comment_timestamp_db );
  $comment_author_name = mysqli_real_escape_string( $connection, $comment_author_name );
  $comment_title = mysqli_real_escape_string( $connection, $comment_title );
  $comment_text = mysqli_real_escape_string( $connection,$comment_text  );
  
  // OK I believe you
  
  if ( strcmp($justification, "No justification is asked for or required.") !== 0 ) {
    file_put_contents($justification_file, "$justification\n", FILE_APPEND | LOCK_EX );
  }
  
  $ep_retrieve = "SELECT id FROM comments WHERE comment_timestamp='$comment_timestamp' AND comment_author_name='$comment_author_name'";
  
  if ($result = mysqli_query($connection, $ep_retrieve)) {    
    if ( $result->fetch_assoc()) {
      naughty("9422f4e06ded59e4e7c2e426e62ffa5e comment already in database. comment_timestamp='$comment_timestamp_db' and comment_author_name='$comment_author_name'");
    }
  }
  
  
  $query_add = "INSERT INTO comments (eps_id,comment_timestamp,comment_author_name,comment_title,comment_text) VALUES ( '{$ep_num}', '{$comment_timestamp_db}', '{$comment_author_name}', '{$comment_title}', '{$comment_text}')";

  $result = mysqli_query($connection, $query_add );
  if(!$result) {
    problem("ERROR: DB problem - The comment was not added to the db.");
  }
  if (mysqli_errno( $connection )) {
    $error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n";
    problem("ERROR: MySQL error- The comment was not added to the db.\n$error");
  }
 
  $query = "SELECT * FROM comments WHERE comment_timestamp='$comment_timestamp_db' AND comment_author_name='$comment_author_name'";
  $result = @mysqli_query($connection, $query);
  $db = mysqli_fetch_array($result, MYSQLI_ASSOC);

  if ( empty($db["id"]) ) {
    naughty("1caead2716fb4e793b11f978eddd7559 could not find the id of the entry. comment_timestamp='$comment_timestamp_db' and comment_author_name='$comment_author_name'");
  }
  unlink( "${file}" );
  $db["http_code"] = "200";
  $db["action"] = "publish";
  http_response_code(200);
  header('Content-Type: application/json; charset=utf-8');
  echo json_encode($db);
  exit;
}

//   exit;
http_response_code(500);
?>
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`<?php`
			`require "/home/hpr/php/include.php";`

A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00			`date_default_timezone_set('UTC');`

Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) {`
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00			`naughty("5c965856fd6e1af9256c04d400698fae not GET methog");`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`}`
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`$num_get_args=0;`

			`foreach($_GET as $k => $v) {`
General cleanup of file locations 2023-12-23 10:24:21 +00:00			`++$num_get_args;`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`}`
			`if ( $num_get_args !== 2 ){`
General cleanup of file locations 2023-12-23 10:24:21 +00:00			`# they are trying to GET on a POST request`
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00			`naughty("638709cc1d7f107c024eb2a663675e8c num_get_args $num_get_args");`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`}`

			`if ( empty($_GET["key"]) or empty($_GET["action"]) ) {`
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00			`naughty("991ce46448d64b90bc8a837b58b7ad20 missing key");`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`}`

			`if ( empty($_GET["key"]) or strlen($_GET["key"]) !== 45 ) {`
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00			`naughty("c9e5ea8d870dda8db08bc570cbed7f84 wrong key length");`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`}`

			`if ( !empty($_GET["key"]) and`
General cleanup of file locations 2023-12-23 10:24:21 +00:00			`isset( $_GET['key'] ) and`
			`strlen( $_GET['key'] ) === 45 and`
			`strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) === 45 and`
			`ctype_xdigit( $_GET['key'] )`
			`) {`
			`$key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) );`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`}`
			`else {`
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00			`naughty("868d9cc49b2f1e4a9319a8e8755d6189 wrong key type");`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`}`

A series of fixes related to stuff I came across 2023-12-28 19:00:28 +00:00			`if ( !in_array($_GET["action"], array('publish','approve','delete','block'), true ) ) {`
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00			`naughty("c0ca62c918f9bb0ab72da0cdf2f2e8df wrong action");`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`}`
			`else {`
			`$action = $_GET["action"];`
			`}`

			`if ( ! file_exists( $comment_directory ) ) {`
General cleanup of file locations 2023-12-23 10:24:21 +00:00			`# Looks like the comments directory has not been created`
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00			`naughty("0fdffa1dbe94e0730cef457be93ebf40 cant find comment directory");`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`}`

			`$files = glob( "${comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_${key}.json" );`
			`if (count($files) === 0) {`
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00			`naughty("3efef2971727905064855d7866cb0059 cant find comment file - has the comment already been processed ?");`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`}`
			`else {`
General cleanup of file locations 2023-12-23 10:24:21 +00:00			`$file = $files[0];`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`}`

			`list($begin, $file_ip, $end) = explode('_', $file);`

			`if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) {`
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00			`naughty("70ebe39c92b393c288e41a4d3128b5da not a valid file format");`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`}`

			`if ( $action === 'block' ) {`
General cleanup of file locations 2023-12-23 10:24:21 +00:00			`file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t${file_ip}\tReported as comment spammer\t${key}\n", FILE_APPEND \| LOCK_EX );`
			`unlink( "${file}" );`
More changes to the comment system. To include the reuse of a common check file 2023-12-23 20:54:16 +00:00			`$db["http_code"] = "201";`
			`$db["action"] = "block";`
General cleanup of file locations 2023-12-23 10:24:21 +00:00			`http_response_code(201);`
More changes to the comment system. To include the reuse of a common check file 2023-12-23 20:54:16 +00:00			`header('Content-Type: application/json; charset=utf-8');`
			`echo json_encode($db);`
General cleanup of file locations 2023-12-23 10:24:21 +00:00			`exit;`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`}`

General cleanup of file locations 2023-12-23 10:24:21 +00:00			`if ( $action === 'delete' ) {`
			`unlink( "${file}" );`
More changes to the comment system. To include the reuse of a common check file 2023-12-23 20:54:16 +00:00			`$db["http_code"] = "202";`
			`$db["action"] = "delete";`
General cleanup of file locations 2023-12-23 10:24:21 +00:00			`http_response_code(202);`
More changes to the comment system. To include the reuse of a common check file 2023-12-23 20:54:16 +00:00			`header('Content-Type: application/json; charset=utf-8');`
			`echo json_encode($db);`
General cleanup of file locations 2023-12-23 10:24:21 +00:00			`exit;`
			`}`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00
General cleanup of file locations 2023-12-23 10:24:21 +00:00			`if ( $action === 'approve' ) {`
A series of fixes related to stuff I came across 2023-12-28 19:00:28 +00:00			`unlink( "${file}" );`
			`$db["http_code"] = "200";`
			`$db["action"] = "approve";`
			`http_response_code(200);`
			`header('Content-Type: application/json; charset=utf-8');`
			`echo json_encode($db);`
			`exit;`
			`}`

			`if ( $action === 'publish' ) {`

General cleanup of file locations 2023-12-23 10:24:21 +00:00			`$comment = file_get_contents("$file");`

A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00			`$json = json_decode($comment, true);`
General cleanup of file locations 2023-12-23 10:24:21 +00:00
More changes to the comment system. To include the reuse of a common check file 2023-12-23 20:54:16 +00:00			`require "/home/hpr/public_html_hub/cms/comment_checks.php";`
General cleanup of file locations 2023-12-23 10:24:21 +00:00
A series of fixes related to stuff I came across 2023-12-28 19:00:28 +00:00			`$ep_num = mysqli_real_escape_string( $connection, $ep_num );`
			`$comment_timestamp_db = mysqli_real_escape_string( $connection, $comment_timestamp_db );`
			`$comment_author_name = mysqli_real_escape_string( $connection, $comment_author_name );`
			`$comment_title = mysqli_real_escape_string( $connection, $comment_title );`
			`$comment_text = mysqli_real_escape_string( $connection,$comment_text );`

General cleanup of file locations 2023-12-23 10:24:21 +00:00			`// OK I believe you`
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00
			`if ( strcmp($justification, "No justification is asked for or required.") !== 0 ) {`
			`file_put_contents($justification_file, "$justification\n", FILE_APPEND \| LOCK_EX );`
			`}`

			`$ep_retrieve = "SELECT id FROM comments WHERE comment_timestamp='$comment_timestamp' AND comment_author_name='$comment_author_name'";`

			`if ($result = mysqli_query($connection, $ep_retrieve)) {`
			`if ( $result->fetch_assoc()) {`
			`naughty("9422f4e06ded59e4e7c2e426e62ffa5e comment already in database. comment_timestamp='$comment_timestamp_db' and comment_author_name='$comment_author_name'");`
			`}`
			`}`

A series of fixes related to stuff I came across 2023-12-28 19:00:28 +00:00
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00			`$query_add = "INSERT INTO comments (eps_id,comment_timestamp,comment_author_name,comment_title,comment_text) VALUES ( '{$ep_num}', '{$comment_timestamp_db}', '{$comment_author_name}', '{$comment_title}', '{$comment_text}')";`
General cleanup of file locations 2023-12-23 10:24:21 +00:00
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00			`$result = mysqli_query($connection, $query_add );`
			`if(!$result) {`
			`problem("ERROR: DB problem - The comment was not added to the db.");`
			`}`
			`if (mysqli_errno( $connection )) {`
			`$error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n";`
			`problem("ERROR: MySQL error- The comment was not added to the db.\n$error");`
			`}`

			`$query = "SELECT * FROM comments WHERE comment_timestamp='$comment_timestamp_db' AND comment_author_name='$comment_author_name'";`
			`$result = @mysqli_query($connection, $query);`
			`$db = mysqli_fetch_array($result, MYSQLI_ASSOC);`

			`if ( empty($db["id"]) ) {`
			`naughty("1caead2716fb4e793b11f978eddd7559 could not find the id of the entry. comment_timestamp='$comment_timestamp_db' and comment_author_name='$comment_author_name'");`
			`}`
A series of fixes related to stuff I came across 2023-12-28 19:00:28 +00:00			`unlink( "${file}" );`
More changes to the comment system. To include the reuse of a common check file 2023-12-23 20:54:16 +00:00			`$db["http_code"] = "200";`
A series of fixes related to stuff I came across 2023-12-28 19:00:28 +00:00			`$db["action"] = "publish";`
General cleanup of file locations 2023-12-23 10:24:21 +00:00			`http_response_code(200);`
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00			`header('Content-Type: application/json; charset=utf-8');`
			`echo json_encode($db);`
General cleanup of file locations 2023-12-23 10:24:21 +00:00			`exit;`
			`}`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00
			`// exit;`
General cleanup of file locations 2023-12-23 10:24:21 +00:00			`http_response_code(500);`
Initial push of the dynamic code 2023-07-02 14:47:44 +00:00			`?>`
A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions 2023-12-23 18:06:00 +00:00