kdmurrayhpr/hpr_hub
0
0
Fork 0
forked from HPR/hpr_hub
Code Pull Requests Activity

Merge pull request 'A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions' (#23) from I21_Improve_comment_system_v2 into main

Browse Source 
Reviewed-on: HPR/hpr_hub#23
This commit is contained in:
Ken Fallon
2023-12-23 18:09:00 +00:00
parent 92902ffe47 6b84bd01e6
commit 7f9611b1b9
4 changed files with 208 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

200
cms/comment_process.php
View File

@@ -1,9 +1,12 @@
<?php <?php
require "/home/hpr/php/include.php"; require "/home/hpr/php/include.php";
date_default_timezone_set('UTC');
if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) { if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) {
naughty("5c965856fd6e1af9256c04d400698fae"); naughty("5c965856fd6e1af9256c04d400698fae not GET methog");
} }
$num_get_args=0; $num_get_args=0;
foreach($_GET as $k => $v) { foreach($_GET as $k => $v) {
@@ -11,15 +14,15 @@ foreach($_GET as $k => $v) {
} }
if ( $num_get_args !== 2 ){ if ( $num_get_args !== 2 ){
# they are trying to GET on a POST request # they are trying to GET on a POST request
naughty("638709cc1d7f107c024eb2a663675e8c"); naughty("638709cc1d7f107c024eb2a663675e8c num_get_args $num_get_args");
} }
if ( empty($_GET["key"]) or empty($_GET["action"]) ) { if ( empty($_GET["key"]) or empty($_GET["action"]) ) {
naughty("991ce46448d64b90bc8a837b58b7ad20"); naughty("991ce46448d64b90bc8a837b58b7ad20 missing key");
} }
if ( empty($_GET["key"]) or strlen($_GET["key"]) !== 45 ) { if ( empty($_GET["key"]) or strlen($_GET["key"]) !== 45 ) {
naughty("c9e5ea8d870dda8db08bc570cbed7f84"); naughty("c9e5ea8d870dda8db08bc570cbed7f84 wrong key length");
} }
if ( !empty($_GET["key"]) and if ( !empty($_GET["key"]) and
@@ -31,11 +34,11 @@ if ( !empty($_GET["key"]) and
$key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ); $key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) );
} }
else { else {
naughty("868d9cc49b2f1e4a9319a8e8755d6189"); naughty("868d9cc49b2f1e4a9319a8e8755d6189 wrong key type");
} }
if ( !in_array($_GET["action"], array('approve','delete','block'), true ) ) { if ( !in_array($_GET["action"], array('approve','delete','block'), true ) ) {
naughty("c0ca62c918f9bb0ab72da0cdf2f2e8df "); naughty("c0ca62c918f9bb0ab72da0cdf2f2e8df wrong action");
} }
else { else {
$action = $_GET["action"]; $action = $_GET["action"];
@@ -45,12 +48,12 @@ $comment_directory = "/home/hpr/comments";
if ( ! file_exists( $comment_directory ) ) { if ( ! file_exists( $comment_directory ) ) {
# Looks like the comments directory has not been created # Looks like the comments directory has not been created
naughty("0fdffa1dbe94e0730cef457be93ebf40"); naughty("0fdffa1dbe94e0730cef457be93ebf40 cant find comment directory");
} }
$files = glob( "${comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_${key}.json" ); $files = glob( "${comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_${key}.json" );
if (count($files) === 0) { if (count($files) === 0) {
naughty("3efef2971727905064855d7866cb0059"); naughty("3efef2971727905064855d7866cb0059 cant find comment file - has the comment already been processed ?");
} }
else { else {
$file = $files[0]; $file = $files[0];
@@ -59,7 +62,7 @@ else {
list($begin, $file_ip, $end) = explode('_', $file); list($begin, $file_ip, $end) = explode('_', $file);
if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) { if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) {
naughty("70ebe39c92b393c288e41a4d3128b5da"); naughty("70ebe39c92b393c288e41a4d3128b5da not a valid file format");
} }
if ( $action === 'block' ) { if ( $action === 'block' ) {
@@ -76,96 +79,187 @@ if ( $action === 'delete' ) {
} }
if ( $action === 'approve' ) { if ( $action === 'approve' ) {
$comment = file_get_contents("$file"); $comment = file_get_contents("$file");
$json = json_decode($comment, true); $json = json_decode($comment, true);
echo '<pre>' . print_r($json, true) . '</pre>';
// check json if ( empty($json["comment_author_name"]) or strlen($json["comment_author_name"]) > 40 ) {
naughty("15f377e657196bb8192ec11755b0ca75 empty comment_author_name");
}
$comment_author_name = $json["comment_author_name"];
if ( empty($json["eps_id"]) ) { if ( empty($json["comment_title"]) or strlen($json["comment_title"]) > 100) {
naughty("6740e9b34590fe5b8f1829aeb5da099d"); naughty("ce604e6bf3c1e0aa0ec7ab78ae07e6cb empty comment_title");
} }
$comment_title = $json["comment_title"];
if ( empty($json["comment_timestamp"]) ) { if ( empty($json["comment_text"]) or strlen($json["comment_text"]) > 2000 ) {
naughty("4850b4b0006a60d86bafee8a8592b3f8"); naughty("d4101542e2d0264c0cdb8ac4bdf6bf09 empty comment_text");
} }
$comment_text = $json["comment_text"];
if ( empty($json["comment_author_name"]) ) { if ( empty($json["justification"]) or strlen($json["justification"]) > 200 or strlen($json["justification"]) < 20 ) {
naughty("15f377e657196bb8192ec11755b0ca75"); naughty("f87785f8eda5d75de8cb08c386c66c56 empty justification");
} }
$justification = $json["justification"];
if ( empty($json["comment_title"]) ) {
naughty("ce604e6bf3c1e0aa0ec7ab78ae07e6cb");
}
if ( empty($json["comment_text"]) ) {
naughty("d4101542e2d0264c0cdb8ac4bdf6bf09");
}
if ( empty($json["justification"]) ) {
naughty("f87785f8eda5d75de8cb08c386c66c56");
}
if ( empty($json["key"]) ) { if ( empty($json["key"]) ) {
naughty("f87785f8eda5d75de8cb08c386c66c56"); naughty("f87785f8eda5d75de8cb08c386c66c56 empty key");
}
if ( $key !== $json["key"] ) {
naughty("9d7f5e1a7a075a925ed1231decc16965 provided key is not matching json key");
} }
// check ip // check ip //
//
if ( empty($json["ip"]) ) { if ( empty($json["ip"]) ) {
naughty("025622ea15552a7b8a3ae71405cf1fbf"); naughty("025622ea15552a7b8a3ae71405cf1fbf empty ip");
} }
$ip = $json["ip"]; $ip = $json["ip"];
if ( ! filter_var($ip, FILTER_VALIDATE_IP)) { if ( ! filter_var($ip, FILTER_VALIDATE_IP)) {
naughty("571f2d51046da9c923e01ae8bbfc037e"); naughty("571f2d51046da9c923e01ae8bbfc037e not an IP");
} }
// check ep_num // check ep_num //
//
if ( empty($json["eps_id"]) ) {
naughty("6740e9b34590fe5b8f1829aeb5da099d empty eps_id");
}
$ep_num = $json["eps_id"]; $ep_num = $json["eps_id"];
if ( intval($ep_num) === 0 ) { if ( intval($ep_num) === 0 ) {
$x = intval($ep_num); naughty("fdae5c63eb5608820b13c9d096166c84 ep_num not int");
naughty("fdae5c63eb5608820b13c9d096166c84");
} }
else { else {
$ep_num = intval($ep_num); $ep_num = intval($ep_num);
} }
if ( ( $ep_num <= 0 ) OR ( $ep_num >= 9999) ) { if ( ( $ep_num <= 0 ) OR ( $ep_num >= 9999) ) {
naughty("eb90a1a69fd531d5c649e3f5367bd570"); naughty("eb90a1a69fd531d5c649e3f5367bd570 ep_num outside range");
} }
$show_array = array ();
$ep_retrieve = "SELECT id FROM eps WHERE id=$ep_num;"; $ep_retrieve = "SELECT id FROM eps WHERE id=$ep_num;";
if ($result = mysqli_query($connection, $ep_retrieve)) { if ($result = mysqli_query($connection, $ep_retrieve)) {
if ( ! $result->fetch_assoc()) { if ( ! $result->fetch_assoc()) {
naughty("b9ac28c5c661d7ed1c4c009de0279e07"); naughty("b9ac28c5c661d7ed1c4c009de0279e07 ep_num not a real show");
} }
} }
// date // date //
//
if ( empty($json["comment_timestamp"]) ) {
naughty("bdc8352b3cc66626c3cb9e24b197eea6 empty comment_timestamp");
}
$comment_timestamp = $json["comment_timestamp"];
// 2023-12-23T12:21:29Z
if ( !preg_match("/\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$/", $comment_timestamp) ) {
naughty("ad7f805c2f42be77122ec52f114fe318 comment_timestamp not matching regex");
}
if ( strtotime($comment_timestamp) === false ) {
naughty("fa8cfb5266783bfb4dc06120bfdf5675 comment_timestamp not a date");
}
$date = '2011-10-02T23:25:42Z'; $comment_timestamp_epoch = strtotime($comment_timestamp);
var_dump(validateDate($date)); $a_week_ago = strtotime(date("Y-m-d H:i:s", time()) . " -1 week" );
// if ( $comment_timestamp_epoch <= $a_week_ago ) {
// naughty("f3fae30aec607f499108db240ec28456 comment_timestamp older than a week");
// }
$date = new DateTime( $comment_timestamp );
$comment_timestamp_db = $date->format('Y-m-d H:i:s');
// anti spam
if (file_exists($naughty_stings_file)) {
$comment = strtolower( "$comment_author_name, $comment_text, $comment_title, $justification" );
$naughty_words = file("$naughty_stings_file", FILE_SKIP_EMPTY_LINES|FILE_IGNORE_NEW_LINES);
foreach ( $naughty_words as $naughty_word) {
if ( strpos( $comment, strtolower( $naughty_word ) ) !== false ) {
naughty("b5fd199bfeb4c1bbd4923b4af5415ce3 fails banned wordcheck \"$naughty_word\"");
}
}
}
// OK I believe you // OK I believe you
if ( strcmp($justification, "No justification is asked for or required.") !== 0 ) {
file_put_contents($justification_file, "$justification\n", FILE_APPEND | LOCK_EX );
}
$ep_retrieve = "SELECT id FROM comments WHERE comment_timestamp='$comment_timestamp' AND comment_author_name='$comment_author_name'";
if ($result = mysqli_query($connection, $ep_retrieve)) {
if ( $result->fetch_assoc()) {
naughty("9422f4e06ded59e4e7c2e426e62ffa5e comment already in database. comment_timestamp='$comment_timestamp_db' and comment_author_name='$comment_author_name'");
}
}
$query_add = "INSERT INTO comments (eps_id,comment_timestamp,comment_author_name,comment_title,comment_text) VALUES ( '{$ep_num}', '{$comment_timestamp_db}', '{$comment_author_name}', '{$comment_title}', '{$comment_text}')";
// INSERT INTO comments (eps_id,comment_timestamp,comment_author_name,comment_title,comment_text), VALUES ( $ep_num, $comment_timestamp, $comment_author_name, $comment_title, $comment_text); $result = mysqli_query($connection, $query_add );
// unlink( "${file}" );*/ if(!$result) {
problem("ERROR: DB problem - The comment was not added to the db.");
}
if (mysqli_errno( $connection )) {
$error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n";
problem("ERROR: MySQL error- The comment was not added to the db.\n$error");
}
$query = "SELECT * FROM comments WHERE comment_timestamp='$comment_timestamp_db' AND comment_author_name='$comment_author_name'";
$result = @mysqli_query($connection, $query);
$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ( empty($db["id"]) ) {
naughty("1caead2716fb4e793b11f978eddd7559 could not find the id of the entry. comment_timestamp='$comment_timestamp_db' and comment_author_name='$comment_author_name'");
}
http_response_code(200); http_response_code(200);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($db);
unlink( "${file}" );
exit; exit;
} }
// exit; // exit;
http_response_code(500); http_response_code(500);
?> ?>

71
hub/comment_confirm.php
View File

@@ -63,18 +63,39 @@ if ( empty($_POST["comment_author_name"]) or strlen($_POST["comment_author_name"
$comment_author_name = $_POST["comment_author_name"]; $comment_author_name = $_POST["comment_author_name"];
$comment_author_name_json = json_encode( $_POST["comment_author_name"] ); $comment_author_name_json = json_encode( $_POST["comment_author_name"] );
if ( $comment_author_name === preg_replace('/[^a-zA-Z0-9_ ]/', '', $comment_author_name) ) {
$comment_author_name_ascii = "ASCII";
}
else {
$comment_author_name_ascii = "EXTENDED";
}
if ( empty($_POST["comment_title"]) or strlen($_POST["comment_title"]) > 100 ) { if ( empty($_POST["comment_title"]) or strlen($_POST["comment_title"]) > 100 ) {
naughty("a89efb428cfe36996a65b371d5f4e303"); naughty("a89efb428cfe36996a65b371d5f4e303");
} }
$comment_title = $_POST["comment_title"]; $comment_title = $_POST["comment_title"];
$comment_title_json = json_encode( $_POST["comment_title"] ); $comment_title_json = json_encode( $_POST["comment_title"] );
if ( $comment_title === preg_replace('/[^a-zA-Z0-9_ ]/', '', $comment_title) ) {
$comment_title_ascii = "ASCII";
}
else {
$comment_title_ascii = "EXTENDED";
}
if ( empty($_POST["comment_text"]) or strlen($_POST["comment_text"]) > 2000 or strpos(strtolower($_POST["comment_text"]), "outlook.con") !== false ) { if ( empty($_POST["comment_text"]) or strlen($_POST["comment_text"]) > 2000 or strpos(strtolower($_POST["comment_text"]), "outlook.con") !== false ) {
naughty("cd57ab4d7b77a131ed3deb441bd93dcd"); naughty("cd57ab4d7b77a131ed3deb441bd93dcd");
} }
$comment_text = $_POST["comment_text"]; $comment_text = $_POST["comment_text"];
$comment_text_json = json_encode( $_POST["comment_text"] ); $comment_text_json = json_encode( $_POST["comment_text"] );
if ( $comment_text === preg_replace('/[^a-zA-Z0-9_ ]/', '', $comment_text) ) {
$comment_text_ascii = "ASCII";
}
else {
$comment_text_ascii = "EXTENDED";
}
if ( empty($_POST["spammer"]) or strcmp($_POST["spammer"], "No") !== 0 ) { if ( empty($_POST["spammer"]) or strcmp($_POST["spammer"], "No") !== 0 ) {
naughty("b2ec68bd04cee0f64143ce4827a97e7c"); naughty("b2ec68bd04cee0f64143ce4827a97e7c");
} }
@@ -172,7 +193,12 @@ else {
} }
} }
if ( $justification === preg_replace('/[^a-zA-Z0-9_ ]/', '', $justification) ) {
$justification_ascii = "ASCII";
}
else {
$justification_ascii = "EXTENDED";
}
if ( empty($_SERVER["REMOTE_ADDR"]) ) { if ( empty($_SERVER["REMOTE_ADDR"]) ) {
naughty("611144d4c0d575fffbf8f3ef11f8ad68"); naughty("611144d4c0d575fffbf8f3ef11f8ad68");
@@ -212,6 +238,9 @@ if ( filesize( $comment_file ) > 4000 ) {
naughty("56e00e793a27168511d1cfda11d3bc55"); naughty("56e00e793a27168511d1cfda11d3bc55");
} }
$user_agent = preg_replace('/ \(/', "\n", $_SERVER["HTTP_USER_AGENT"] );
$user_agent = preg_replace('/\) /', "\n", $user_agent );
// Mail the comment // Mail the comment
use PHPMailer\PHPMailer\PHPMailer; use PHPMailer\PHPMailer\PHPMailer;
@@ -230,6 +259,7 @@ $mailer->Host = "$mailerHost";
$mailer->SMTPAuth = true; $mailer->SMTPAuth = true;
$mailer->SMTPSecure = "ssl"; $mailer->SMTPSecure = "ssl";
$mailer->Port = "465"; $mailer->Port = "465";
$mailer->CharSet = 'UTF-8';
$mailer->Username = "$mailerUsername"; $mailer->Username = "$mailerUsername";
$mailer->Password = "$mailerPassword"; $mailer->Password = "$mailerPassword";
@@ -260,26 +290,31 @@ There are now " . ++$unprocessed_comments . " unprocessed comments.
Thanks,<br /> Thanks,<br />
HPR Bot HPR Bot
</p> </p>
<pre>" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "</pre> <pre>
$timestamp
$ip
$key
$user_agent
</pre>
<hr /> <hr />
<p> <p>
<strong>eps_id</strong>: $eps_id,<br /> <strong>Comment on eps_id</strong>: $eps_id,<br />
<strong>ip</strong>: $ip,<br /> <br />
<strong>key</strong>: $key<br /> <strong>comment_author_name</strong> ($comment_author_name_ascii): $comment_author_name,<br />
<strong>justification</strong>: $justification,<br /> <strong>comment_title</strong> ($comment_title_ascii): $comment_title,<br />
<strong>comment_timestamp</strong>: $timestamp,<br /> <strong>comment_text</strong> ($comment_text_ascii):
<strong>comment_author_name</strong>: $comment_author_name,<br />
<strong>comment_title</strong>: $comment_title,<br />
<strong>comment_text</strong>:
</p>
<pre> <pre>
$comment_text $comment_text
</pre> </pre>
<hr /> <strong>justification</strong> ($justification_ascii):
<strong>comment_text_json</strong>:
<pre> <pre>
$comment_text_json $justification
</pre> </pre>
</p>
<hr />
<strong>comment_title_json</strong>: $comment_title_json,<br />
<strong>comment_text_json</strong>: $comment_text_json,<br />
<strong>justification_json</strong>: $justification_json,<br />
<hr />" <hr />"
); );
$mailer->AltBody = "hpr${eps_id} on ${ep_date} by ${host} with the title ${title} \"${summary}\"</p> $mailer->AltBody = "hpr${eps_id} on ${ep_date} by ${host} with the title ${title} \"${summary}\"</p>
@@ -290,7 +325,11 @@ There are now ${unprocessed_comments} unprocessed comments.
Thanks, Thanks,
HPR Bot HPR Bot
" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n"; $timestamp
$ip
$key
$user_agent
";
$mailer->addAttachment($comment_file, "${key}.json", "base64", "application/json"); $mailer->addAttachment($comment_file, "${key}.json", "base64", "application/json");
//send the message, check for errors //send the message, check for errors
@@ -320,7 +359,7 @@ include 'header.html';
</p> </p>
<pre> <pre>
<pre> <pre>
<?php print date('Y-m-d\TH:i:s') . "\n" . getUserIP() . "\n" . $_SERVER["HTTP_USER_AGENT"]; ?> <?php echo date('Y-m-d\TH:i:s') . "\n" . getUserIP() . "\n" . $_SERVER["HTTP_USER_AGENT"]; ?>
</pre> </pre>
</article> </article>
</main> </main>

6
ini/credentials.php
View File

@@ -13,4 +13,10 @@ $mailerPassword = 'THE_SMTP_MAIL_PASSWORD_HERE';
$hubBaseurl = "https://hub.hackerpublicradio.org/"; $hubBaseurl = "https://hub.hackerpublicradio.org/";
$baseurl = "https://hackerpublicradio.org/"; $baseurl = "https://hackerpublicradio.org/";
$naughtyfile = '/path/to/naughty.txt';
$naughty_stings_file = '/path/to/strings.txt';
$justification_file = '/path/to/justification.txt';
# Read more: http://vidiame.com/php/how-to-block-multiple-ip-addresses-using-php
?> ?>

2
ini/include.php
View File

@@ -287,8 +287,6 @@ function getUserIP()
} }
return $ip . "\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n"; return $ip . "\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n";
} }
$naughtyfile = '/home/hpr/logs/naughty-ip.txt';
# Read more: http://vidiame.com/php/how-to-block-multiple-ip-addresses-using-php
if ( strlen($_SERVER['QUERY_STRING']) > 15 ) { if ( strlen($_SERVER['QUERY_STRING']) > 15 ) {
file_put_contents($naughtyfile, getUserIP(), FILE_APPEND | LOCK_EX ); file_put_contents($naughtyfile, getUserIP(), FILE_APPEND | LOCK_EX );