2023-07-02 14:47:44 +00:00
< ? php
require " /home/hpr/php/include.php " ;
2023-12-23 18:06:00 +00:00
date_default_timezone_set ( 'UTC' );
2023-07-02 14:47:44 +00:00
if ( $_SERVER [ 'REQUEST_METHOD' ] !== 'GET' ) {
2023-12-23 18:06:00 +00:00
naughty ( " 5c965856fd6e1af9256c04d400698fae not GET methog " );
2023-07-02 14:47:44 +00:00
}
2023-12-23 18:06:00 +00:00
2023-07-02 14:47:44 +00:00
$num_get_args = 0 ;
foreach ( $_GET as $k => $v ) {
2023-12-23 10:24:21 +00:00
++ $num_get_args ;
2023-07-02 14:47:44 +00:00
}
if ( $num_get_args !== 2 ){
2023-12-23 10:24:21 +00:00
# they are trying to GET on a POST request
2023-12-23 18:06:00 +00:00
naughty ( " 638709cc1d7f107c024eb2a663675e8c num_get_args $num_get_args " );
2023-07-02 14:47:44 +00:00
}
if ( empty ( $_GET [ " key " ]) or empty ( $_GET [ " action " ]) ) {
2023-12-23 18:06:00 +00:00
naughty ( " 991ce46448d64b90bc8a837b58b7ad20 missing key " );
2023-07-02 14:47:44 +00:00
}
if ( empty ( $_GET [ " key " ]) or strlen ( $_GET [ " key " ]) !== 45 ) {
2023-12-23 18:06:00 +00:00
naughty ( " c9e5ea8d870dda8db08bc570cbed7f84 wrong key length " );
2023-07-02 14:47:44 +00:00
}
if ( ! empty ( $_GET [ " key " ]) and
2023-12-23 10:24:21 +00:00
isset ( $_GET [ 'key' ] ) and
strlen ( $_GET [ 'key' ] ) === 45 and
strlen ( htmlspecialchars ( stripslashes ( strip_tags ( $_GET [ 'key' ] ) ) ) ) === 45 and
ctype_xdigit ( $_GET [ 'key' ] )
) {
$key = htmlspecialchars ( stripslashes ( strip_tags ( $_GET [ 'key' ] ) ) );
2023-07-02 14:47:44 +00:00
}
else {
2023-12-23 18:06:00 +00:00
naughty ( " 868d9cc49b2f1e4a9319a8e8755d6189 wrong key type " );
2023-07-02 14:47:44 +00:00
}
if ( ! in_array ( $_GET [ " action " ], array ( 'approve' , 'delete' , 'block' ), true ) ) {
2023-12-23 18:06:00 +00:00
naughty ( " c0ca62c918f9bb0ab72da0cdf2f2e8df wrong action " );
2023-07-02 14:47:44 +00:00
}
else {
$action = $_GET [ " action " ];
}
$comment_directory = " /home/hpr/comments " ;
if ( ! file_exists ( $comment_directory ) ) {
2023-12-23 10:24:21 +00:00
# Looks like the comments directory has not been created
2023-12-23 18:06:00 +00:00
naughty ( " 0fdffa1dbe94e0730cef457be93ebf40 cant find comment directory " );
2023-07-02 14:47:44 +00:00
}
$files = glob ( " ${ comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_${key } .json " );
if ( count ( $files ) === 0 ) {
2023-12-23 18:06:00 +00:00
naughty ( " 3efef2971727905064855d7866cb0059 cant find comment file - has the comment already been processed ? " );
2023-07-02 14:47:44 +00:00
}
else {
2023-12-23 10:24:21 +00:00
$file = $files [ 0 ];
2023-07-02 14:47:44 +00:00
}
list ( $begin , $file_ip , $end ) = explode ( '_' , $file );
if ( ! filter_var ( $file_ip , FILTER_VALIDATE_IP ) ) {
2023-12-23 18:06:00 +00:00
naughty ( " 70ebe39c92b393c288e41a4d3128b5da not a valid file format " );
2023-07-02 14:47:44 +00:00
}
if ( $action === 'block' ) {
2023-12-23 10:24:21 +00:00
file_put_contents ( $naughtyfile , date ( 'Y-m-d\TH:i:s\Z' ) . " \t ${ file_ip } \t Reported as comment spammer \t ${ key } \n " , FILE_APPEND | LOCK_EX );
unlink ( " ${ file } " );
http_response_code ( 201 );
exit ;
2023-07-02 14:47:44 +00:00
}
2023-12-23 10:24:21 +00:00
if ( $action === 'delete' ) {
unlink ( " ${ file } " );
http_response_code ( 202 );
exit ;
}
2023-07-02 14:47:44 +00:00
2023-12-23 10:24:21 +00:00
if ( $action === 'approve' ) {
$comment = file_get_contents ( " $file " );
2023-12-23 18:06:00 +00:00
$json = json_decode ( $comment , true );
2023-12-23 10:24:21 +00:00
2023-12-23 18:06:00 +00:00
if ( empty ( $json [ " comment_author_name " ]) or strlen ( $json [ " comment_author_name " ]) > 40 ) {
naughty ( " 15f377e657196bb8192ec11755b0ca75 empty comment_author_name " );
2023-12-23 10:24:21 +00:00
}
2023-12-23 18:06:00 +00:00
$comment_author_name = $json [ " comment_author_name " ];
2023-12-23 10:24:21 +00:00
2023-12-23 18:06:00 +00:00
if ( empty ( $json [ " comment_title " ]) or strlen ( $json [ " comment_title " ]) > 100 ) {
naughty ( " ce604e6bf3c1e0aa0ec7ab78ae07e6cb empty comment_title " );
2023-12-23 10:24:21 +00:00
}
2023-12-23 18:06:00 +00:00
$comment_title = $json [ " comment_title " ];
2023-12-23 10:24:21 +00:00
2023-12-23 18:06:00 +00:00
if ( empty ( $json [ " comment_text " ]) or strlen ( $json [ " comment_text " ]) > 2000 ) {
naughty ( " d4101542e2d0264c0cdb8ac4bdf6bf09 empty comment_text " );
2023-12-23 10:24:21 +00:00
}
2023-12-23 18:06:00 +00:00
$comment_text = $json [ " comment_text " ];
2023-12-23 10:24:21 +00:00
2023-12-23 18:06:00 +00:00
if ( empty ( $json [ " justification " ]) or strlen ( $json [ " justification " ]) > 200 or strlen ( $json [ " justification " ]) < 20 ) {
naughty ( " f87785f8eda5d75de8cb08c386c66c56 empty justification " );
2023-12-23 10:24:21 +00:00
}
2023-12-23 18:06:00 +00:00
$justification = $json [ " justification " ];
2023-12-23 10:24:21 +00:00
if ( empty ( $json [ " key " ]) ) {
2023-12-23 18:06:00 +00:00
naughty ( " f87785f8eda5d75de8cb08c386c66c56 empty key " );
}
if ( $key !== $json [ " key " ] ) {
naughty ( " 9d7f5e1a7a075a925ed1231decc16965 provided key is not matching json key " );
2023-12-23 10:24:21 +00:00
}
2023-12-23 18:06:00 +00:00
// check ip //
//
2023-12-23 10:24:21 +00:00
if ( empty ( $json [ " ip " ]) ) {
2023-12-23 18:06:00 +00:00
naughty ( " 025622ea15552a7b8a3ae71405cf1fbf empty ip " );
2023-12-23 10:24:21 +00:00
}
$ip = $json [ " ip " ];
if ( ! filter_var ( $ip , FILTER_VALIDATE_IP )) {
2023-12-23 18:06:00 +00:00
naughty ( " 571f2d51046da9c923e01ae8bbfc037e not an IP " );
2023-12-23 10:24:21 +00:00
}
2023-12-23 18:06:00 +00:00
// check ep_num //
//
if ( empty ( $json [ " eps_id " ]) ) {
naughty ( " 6740e9b34590fe5b8f1829aeb5da099d empty eps_id " );
}
2023-12-23 10:24:21 +00:00
$ep_num = $json [ " eps_id " ];
2023-12-23 18:06:00 +00:00
2023-12-23 10:24:21 +00:00
if ( intval ( $ep_num ) === 0 ) {
2023-12-23 18:06:00 +00:00
naughty ( " fdae5c63eb5608820b13c9d096166c84 ep_num not int " );
2023-12-23 10:24:21 +00:00
}
else {
$ep_num = intval ( $ep_num );
}
if ( ( $ep_num <= 0 ) OR ( $ep_num >= 9999 ) ) {
2023-12-23 18:06:00 +00:00
naughty ( " eb90a1a69fd531d5c649e3f5367bd570 ep_num outside range " );
2023-12-23 10:24:21 +00:00
}
2023-12-23 18:06:00 +00:00
2023-12-23 10:24:21 +00:00
$ep_retrieve = " SELECT id FROM eps WHERE id= $ep_num ; " ;
if ( $result = mysqli_query ( $connection , $ep_retrieve )) {
if ( ! $result -> fetch_assoc ()) {
2023-12-23 18:06:00 +00:00
naughty ( " b9ac28c5c661d7ed1c4c009de0279e07 ep_num not a real show " );
2023-12-23 10:24:21 +00:00
}
}
2023-12-23 18:06:00 +00:00
// date //
//
2023-12-23 10:24:21 +00:00
2023-12-23 18:06:00 +00:00
if ( empty ( $json [ " comment_timestamp " ]) ) {
naughty ( " bdc8352b3cc66626c3cb9e24b197eea6 empty comment_timestamp " );
}
$comment_timestamp = $json [ " comment_timestamp " ];
2023-12-23 10:24:21 +00:00
2023-12-23 18:06:00 +00:00
// 2023-12-23T12:21:29Z
if ( ! preg_match ( " / \ d { 4}- \ d { 2}- \ d { 2}T \ d { 2}: \ d { 2}: \ d { 2}Z $ / " , $comment_timestamp ) ) {
naughty ( " ad7f805c2f42be77122ec52f114fe318 comment_timestamp not matching regex " );
}
2023-12-23 10:24:21 +00:00
2023-12-23 18:06:00 +00:00
if ( strtotime ( $comment_timestamp ) === false ) {
naughty ( " fa8cfb5266783bfb4dc06120bfdf5675 comment_timestamp not a date " );
}
$comment_timestamp_epoch = strtotime ( $comment_timestamp );
$a_week_ago = strtotime ( date ( " Y-m-d H:i:s " , time ()) . " -1 week " );
// if ( $comment_timestamp_epoch <= $a_week_ago ) {
// naughty("f3fae30aec607f499108db240ec28456 comment_timestamp older than a week");
// }
$date = new DateTime ( $comment_timestamp );
$comment_timestamp_db = $date -> format ( 'Y-m-d H:i:s' );
// anti spam
if ( file_exists ( $naughty_stings_file )) {
$comment = strtolower ( " $comment_author_name , $comment_text , $comment_title , $justification " );
$naughty_words = file ( " $naughty_stings_file " , FILE_SKIP_EMPTY_LINES | FILE_IGNORE_NEW_LINES );
foreach ( $naughty_words as $naughty_word ) {
if ( strpos ( $comment , strtolower ( $naughty_word ) ) !== false ) {
naughty ( " b5fd199bfeb4c1bbd4923b4af5415ce3 fails banned wordcheck \" $naughty_word\ " " );
}
}
}
2023-12-23 10:24:21 +00:00
// OK I believe you
2023-12-23 18:06:00 +00:00
if ( strcmp ( $justification , " No justification is asked for or required. " ) !== 0 ) {
file_put_contents ( $justification_file , " $justification\n " , FILE_APPEND | LOCK_EX );
}
$ep_retrieve = " SELECT id FROM comments WHERE comment_timestamp=' $comment_timestamp ' AND comment_author_name=' $comment_author_name ' " ;
if ( $result = mysqli_query ( $connection , $ep_retrieve )) {
if ( $result -> fetch_assoc ()) {
naughty ( " 9422f4e06ded59e4e7c2e426e62ffa5e comment already in database. comment_timestamp=' $comment_timestamp_db ' and comment_author_name=' $comment_author_name ' " );
}
}
$query_add = " INSERT INTO comments (eps_id,comment_timestamp,comment_author_name,comment_title,comment_text) VALUES ( ' { $ep_num } ', ' { $comment_timestamp_db } ', ' { $comment_author_name } ', ' { $comment_title } ', ' { $comment_text } ') " ;
2023-12-23 10:24:21 +00:00
2023-12-23 18:06:00 +00:00
$result = mysqli_query ( $connection , $query_add );
if ( ! $result ) {
problem ( " ERROR: DB problem - The comment was not added to the db. " );
}
if ( mysqli_errno ( $connection )) {
$error = " MySQL error " . mysqli_errno ( $connection ) . " : " . mysqli_error () . " \n " ;
problem ( " ERROR: MySQL error- The comment was not added to the db. \n $error " );
}
$query = " SELECT * FROM comments WHERE comment_timestamp=' $comment_timestamp_db ' AND comment_author_name=' $comment_author_name ' " ;
$result = @ mysqli_query ( $connection , $query );
$db = mysqli_fetch_array ( $result , MYSQLI_ASSOC );
if ( empty ( $db [ " id " ]) ) {
naughty ( " 1caead2716fb4e793b11f978eddd7559 could not find the id of the entry. comment_timestamp=' $comment_timestamp_db ' and comment_author_name=' $comment_author_name ' " );
}
2023-12-23 10:24:21 +00:00
http_response_code ( 200 );
2023-12-23 18:06:00 +00:00
header ( 'Content-Type: application/json; charset=utf-8' );
echo json_encode ( $db );
unlink ( " ${ file } " );
2023-12-23 10:24:21 +00:00
exit ;
}
2023-07-02 14:47:44 +00:00
// exit;
2023-12-23 10:24:21 +00:00
http_response_code ( 500 );
2023-07-02 14:47:44 +00:00
?>
2023-12-23 18:06:00 +00:00