2023-07-02 14:47:44 +00:00
< ? php
require " /home/hpr/php/include.php " ;
2023-12-23 18:06:00 +00:00
date_default_timezone_set ( 'UTC' );
2023-07-02 14:47:44 +00:00
if ( $_SERVER [ 'REQUEST_METHOD' ] !== 'GET' ) {
2023-12-23 18:06:00 +00:00
naughty ( " 5c965856fd6e1af9256c04d400698fae not GET methog " );
2023-07-02 14:47:44 +00:00
}
2023-12-23 18:06:00 +00:00
2023-07-02 14:47:44 +00:00
$num_get_args = 0 ;
foreach ( $_GET as $k => $v ) {
2023-12-23 10:24:21 +00:00
++ $num_get_args ;
2023-07-02 14:47:44 +00:00
}
if ( $num_get_args !== 2 ){
2023-12-23 10:24:21 +00:00
# they are trying to GET on a POST request
2023-12-23 18:06:00 +00:00
naughty ( " 638709cc1d7f107c024eb2a663675e8c num_get_args $num_get_args " );
2023-07-02 14:47:44 +00:00
}
if ( empty ( $_GET [ " key " ]) or empty ( $_GET [ " action " ]) ) {
2023-12-23 18:06:00 +00:00
naughty ( " 991ce46448d64b90bc8a837b58b7ad20 missing key " );
2023-07-02 14:47:44 +00:00
}
if ( empty ( $_GET [ " key " ]) or strlen ( $_GET [ " key " ]) !== 45 ) {
2023-12-23 18:06:00 +00:00
naughty ( " c9e5ea8d870dda8db08bc570cbed7f84 wrong key length " );
2023-07-02 14:47:44 +00:00
}
if ( ! empty ( $_GET [ " key " ]) and
2023-12-23 10:24:21 +00:00
isset ( $_GET [ 'key' ] ) and
strlen ( $_GET [ 'key' ] ) === 45 and
strlen ( htmlspecialchars ( stripslashes ( strip_tags ( $_GET [ 'key' ] ) ) ) ) === 45 and
ctype_xdigit ( $_GET [ 'key' ] )
) {
$key = htmlspecialchars ( stripslashes ( strip_tags ( $_GET [ 'key' ] ) ) );
2023-07-02 14:47:44 +00:00
}
else {
2023-12-23 18:06:00 +00:00
naughty ( " 868d9cc49b2f1e4a9319a8e8755d6189 wrong key type " );
2023-07-02 14:47:44 +00:00
}
2023-12-28 19:00:28 +00:00
if ( ! in_array ( $_GET [ " action " ], array ( 'publish' , 'approve' , 'delete' , 'block' ), true ) ) {
2023-12-23 18:06:00 +00:00
naughty ( " c0ca62c918f9bb0ab72da0cdf2f2e8df wrong action " );
2023-07-02 14:47:44 +00:00
}
else {
$action = $_GET [ " action " ];
}
if ( ! file_exists ( $comment_directory ) ) {
2023-12-23 10:24:21 +00:00
# Looks like the comments directory has not been created
2023-12-23 18:06:00 +00:00
naughty ( " 0fdffa1dbe94e0730cef457be93ebf40 cant find comment directory " );
2023-07-02 14:47:44 +00:00
}
$files = glob ( " ${ comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_${key } .json " );
if ( count ( $files ) === 0 ) {
2023-12-23 18:06:00 +00:00
naughty ( " 3efef2971727905064855d7866cb0059 cant find comment file - has the comment already been processed ? " );
2023-07-02 14:47:44 +00:00
}
else {
2023-12-23 10:24:21 +00:00
$file = $files [ 0 ];
2023-07-02 14:47:44 +00:00
}
list ( $begin , $file_ip , $end ) = explode ( '_' , $file );
if ( ! filter_var ( $file_ip , FILTER_VALIDATE_IP ) ) {
2023-12-23 18:06:00 +00:00
naughty ( " 70ebe39c92b393c288e41a4d3128b5da not a valid file format " );
2023-07-02 14:47:44 +00:00
}
if ( $action === 'block' ) {
2023-12-23 10:24:21 +00:00
file_put_contents ( $naughtyfile , date ( 'Y-m-d\TH:i:s\Z' ) . " \t ${ file_ip } \t Reported as comment spammer \t ${ key } \n " , FILE_APPEND | LOCK_EX );
unlink ( " ${ file } " );
2023-12-23 20:54:16 +00:00
$db [ " http_code " ] = " 201 " ;
$db [ " action " ] = " block " ;
2023-12-23 10:24:21 +00:00
http_response_code ( 201 );
2023-12-23 20:54:16 +00:00
header ( 'Content-Type: application/json; charset=utf-8' );
echo json_encode ( $db );
2023-12-23 10:24:21 +00:00
exit ;
2023-07-02 14:47:44 +00:00
}
2023-12-23 10:24:21 +00:00
if ( $action === 'delete' ) {
unlink ( " ${ file } " );
2023-12-23 20:54:16 +00:00
$db [ " http_code " ] = " 202 " ;
$db [ " action " ] = " delete " ;
2023-12-23 10:24:21 +00:00
http_response_code ( 202 );
2023-12-23 20:54:16 +00:00
header ( 'Content-Type: application/json; charset=utf-8' );
echo json_encode ( $db );
2023-12-23 10:24:21 +00:00
exit ;
}
2023-07-02 14:47:44 +00:00
2023-12-23 10:24:21 +00:00
if ( $action === 'approve' ) {
2023-12-28 19:00:28 +00:00
unlink ( " ${ file } " );
$db [ " http_code " ] = " 200 " ;
$db [ " action " ] = " approve " ;
http_response_code ( 200 );
header ( 'Content-Type: application/json; charset=utf-8' );
echo json_encode ( $db );
exit ;
}
if ( $action === 'publish' ) {
2023-12-23 10:24:21 +00:00
$comment = file_get_contents ( " $file " );
2023-12-23 18:06:00 +00:00
$json = json_decode ( $comment , true );
2023-12-23 10:24:21 +00:00
2023-12-23 20:54:16 +00:00
require " /home/hpr/public_html_hub/cms/comment_checks.php " ;
2023-12-23 10:24:21 +00:00
2023-12-28 19:00:28 +00:00
$ep_num = mysqli_real_escape_string ( $connection , $ep_num );
$comment_timestamp_db = mysqli_real_escape_string ( $connection , $comment_timestamp_db );
$comment_author_name = mysqli_real_escape_string ( $connection , $comment_author_name );
$comment_title = mysqli_real_escape_string ( $connection , $comment_title );
$comment_text = mysqli_real_escape_string ( $connection , $comment_text );
2023-12-23 10:24:21 +00:00
// OK I believe you
2023-12-23 18:06:00 +00:00
if ( strcmp ( $justification , " No justification is asked for or required. " ) !== 0 ) {
file_put_contents ( $justification_file , " $justification\n " , FILE_APPEND | LOCK_EX );
}
$ep_retrieve = " SELECT id FROM comments WHERE comment_timestamp=' $comment_timestamp ' AND comment_author_name=' $comment_author_name ' " ;
if ( $result = mysqli_query ( $connection , $ep_retrieve )) {
if ( $result -> fetch_assoc ()) {
naughty ( " 9422f4e06ded59e4e7c2e426e62ffa5e comment already in database. comment_timestamp=' $comment_timestamp_db ' and comment_author_name=' $comment_author_name ' " );
}
}
2023-12-28 19:00:28 +00:00
2023-12-23 18:06:00 +00:00
$query_add = " INSERT INTO comments (eps_id,comment_timestamp,comment_author_name,comment_title,comment_text) VALUES ( ' { $ep_num } ', ' { $comment_timestamp_db } ', ' { $comment_author_name } ', ' { $comment_title } ', ' { $comment_text } ') " ;
2023-12-23 10:24:21 +00:00
2023-12-23 18:06:00 +00:00
$result = mysqli_query ( $connection , $query_add );
if ( ! $result ) {
problem ( " ERROR: DB problem - The comment was not added to the db. " );
}
if ( mysqli_errno ( $connection )) {
$error = " MySQL error " . mysqli_errno ( $connection ) . " : " . mysqli_error () . " \n " ;
problem ( " ERROR: MySQL error- The comment was not added to the db. \n $error " );
}
$query = " SELECT * FROM comments WHERE comment_timestamp=' $comment_timestamp_db ' AND comment_author_name=' $comment_author_name ' " ;
$result = @ mysqli_query ( $connection , $query );
$db = mysqli_fetch_array ( $result , MYSQLI_ASSOC );
if ( empty ( $db [ " id " ]) ) {
naughty ( " 1caead2716fb4e793b11f978eddd7559 could not find the id of the entry. comment_timestamp=' $comment_timestamp_db ' and comment_author_name=' $comment_author_name ' " );
}
2023-12-28 19:00:28 +00:00
unlink ( " ${ file } " );
2023-12-23 20:54:16 +00:00
$db [ " http_code " ] = " 200 " ;
2023-12-28 19:00:28 +00:00
$db [ " action " ] = " publish " ;
2023-12-23 10:24:21 +00:00
http_response_code ( 200 );
2023-12-23 18:06:00 +00:00
header ( 'Content-Type: application/json; charset=utf-8' );
echo json_encode ( $db );
2023-12-23 10:24:21 +00:00
exit ;
}
2023-07-02 14:47:44 +00:00
// exit;
2023-12-23 10:24:21 +00:00
http_response_code ( 500 );
2023-07-02 14:47:44 +00:00
?>
2023-12-23 18:06:00 +00:00