From d725b2cf1450b6f473ca79ddcfdffd003638e6c6 Mon Sep 17 00:00:00 2001 From: Ken Fallon Date: Sat, 23 Dec 2023 21:54:16 +0100 Subject: [PATCH] More changes to the comment system. To include the reuse of a common check file --- cms/comment_checks.php | 149 +++++++++++++++++++++++++++++++++++ cms/comment_process.php | 150 +++--------------------------------- cms/comment_process_rss.php | 146 +++++++++++++++++++++++++++++++++++ hub/request_confirm.php | 2 +- ini/credentials.php | 1 + 5 files changed, 309 insertions(+), 139 deletions(-) create mode 100644 cms/comment_checks.php create mode 100644 cms/comment_process_rss.php diff --git a/cms/comment_checks.php b/cms/comment_checks.php new file mode 100644 index 0000000..ef27d0a --- /dev/null +++ b/cms/comment_checks.php @@ -0,0 +1,149 @@ + 40 ) { + naughty("15f377e657196bb8192ec11755b0ca75 empty comment_author_name"); + } + $comment_author_name = $json["comment_author_name"]; + + if ( empty($json["comment_title"]) or strlen($json["comment_title"]) > 100) { + naughty("ce604e6bf3c1e0aa0ec7ab78ae07e6cb empty comment_title"); + } + $comment_title = $json["comment_title"]; + + if ( empty($json["comment_text"]) or strlen($json["comment_text"]) > 2000 ) { + naughty("d4101542e2d0264c0cdb8ac4bdf6bf09 empty comment_text"); + } + $comment_text = $json["comment_text"]; + + if ( $json["justification"] !== "Current Comment" ) { + if ( empty($json["justification"]) or strlen($json["justification"]) > 200 or strlen($json["justification"]) < 20 ) { + naughty("f87785f8eda5d75de8cb08c386c66c56 empty justification"); + } + } + $justification = $json["justification"]; + + if ( empty($json["key"]) ) { + naughty("f87785f8eda5d75de8cb08c386c66c56 empty key"); + } + + if ( $key !== $json["key"] ) { + naughty("9d7f5e1a7a075a925ed1231decc16965 provided key \"$key\" is not matching json key \"". $json["key"] . "\""); + } + + // check ip // + // + if ( empty($json["ip"]) ) { + naughty("025622ea15552a7b8a3ae71405cf1fbf empty ip"); + } + + $ip = $json["ip"]; + + if ( ! filter_var($ip, FILTER_VALIDATE_IP)) { + naughty("571f2d51046da9c923e01ae8bbfc037e not an IP"); + } + + // check ep_num // + // + if ( empty($json["eps_id"]) ) { + naughty("6740e9b34590fe5b8f1829aeb5da099d empty eps_id"); + } + $ep_num = $json["eps_id"]; + + if ( intval($ep_num) === 0 ) { + naughty("fdae5c63eb5608820b13c9d096166c84 ep_num not int"); + } + else { + $ep_num = intval($ep_num); + } + + if ( ( $ep_num <= 0 ) OR ( $ep_num >= 9999) ) { + naughty("eb90a1a69fd531d5c649e3f5367bd570 ep_num outside range"); + } + + $ep_retrieve = "SELECT id FROM eps WHERE id=$ep_num;"; + + if ($result = mysqli_query($connection, $ep_retrieve)) { + if ( ! $result->fetch_assoc()) { + naughty("b9ac28c5c661d7ed1c4c009de0279e07 ep_num not a real show"); + } + } + + // date // + // + + if ( empty($json["comment_timestamp"]) ) { + naughty("bdc8352b3cc66626c3cb9e24b197eea6 empty comment_timestamp"); + } + $comment_timestamp = $json["comment_timestamp"]; + + // 2023-12-23T12:21:29Z + if ( !preg_match("/\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$/", $comment_timestamp) ) { + naughty("ad7f805c2f42be77122ec52f114fe318 comment_timestamp not matching regex"); + } + + if ( strtotime($comment_timestamp) === false ) { + naughty("fa8cfb5266783bfb4dc06120bfdf5675 comment_timestamp not a date"); + } + + $comment_timestamp_epoch = strtotime($comment_timestamp); + $a_week_ago = strtotime(date("Y-m-d H:i:s", time()) . " -1 week" ); + +// if ( $comment_timestamp_epoch <= $a_week_ago ) { +// naughty("f3fae30aec607f499108db240ec28456 comment_timestamp older than a week"); +// } + + $date = new DateTime( $comment_timestamp ); + $comment_timestamp_db = $date->format('Y-m-d H:i:s'); + + // anti spam + + if (file_exists($naughty_stings_file)) { + $comment = strtolower( "$comment_author_name, $comment_text, $comment_title, $justification" ); + $naughty_words = file("$naughty_stings_file", FILE_SKIP_EMPTY_LINES|FILE_IGNORE_NEW_LINES); + foreach ( $naughty_words as $naughty_word) { + if ( strpos( $comment, strtolower( $naughty_word ) ) !== false ) { + naughty("b5fd199bfeb4c1bbd4923b4af5415ce3 fails banned wordcheck \"$naughty_word\""); + } + } + } + + if ( $comment_author_name === preg_replace('/[^a-zA-Z0-9_ ]/', '', $comment_author_name) ) { + $comment_author_name_ascii = "ASCII"; + } + else { + $comment_author_name_ascii = "EXTENDED"; + } + + if ( $comment_title === preg_replace('/[^a-zA-Z0-9_ ]/', '', $comment_title) ) { + $comment_title_ascii = "ASCII"; + } + else { + $comment_title_ascii = "EXTENDED"; + } + + if ( $comment_text === preg_replace('/[^a-zA-Z0-9_ ]/', '', $comment_text) ) { + $comment_text_ascii = "ASCII"; + } + else { + $comment_text_ascii = "EXTENDED"; + } + + if ( $justification === preg_replace('/[^a-zA-Z0-9_ ]/', '', $justification) ) { + $justification_ascii = "ASCII"; + } + else { + $justification_ascii = "EXTENDED"; + } + + $comment_author_name_json = json_encode( $comment_author_name ); + + $comment_title_json = json_encode( $comment_title ); + + $comment_text_json = json_encode( $comment_text ); + + $justification_json = json_encode( $justification ); + + $comment_timestamp_json = json_encode( $comment_timestamp ); + + $comment_key_json = json_encode( $key ); + +?> diff --git a/cms/comment_process.php b/cms/comment_process.php index bf270e5..a60ec1a 100755 --- a/cms/comment_process.php +++ b/cms/comment_process.php @@ -44,8 +44,6 @@ else { $action = $_GET["action"]; } -$comment_directory = "/home/hpr/comments"; - if ( ! file_exists( $comment_directory ) ) { # Looks like the comments directory has not been created naughty("0fdffa1dbe94e0730cef457be93ebf40 cant find comment directory"); @@ -68,13 +66,22 @@ if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) { if ( $action === 'block' ) { file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t${file_ip}\tReported as comment spammer\t${key}\n", FILE_APPEND | LOCK_EX ); unlink( "${file}" ); + $db["http_code"] = "201"; + $db["action"] = "block"; http_response_code(201); + header('Content-Type: application/json; charset=utf-8'); + echo json_encode($db); exit; } if ( $action === 'delete' ) { unlink( "${file}" ); + $db["http_code"] = "202"; + $db["action"] = "delete"; http_response_code(202); + header('Content-Type: application/json; charset=utf-8'); + echo json_encode($db); + unlink( "${file}" ); exit; } @@ -83,110 +90,7 @@ if ( $action === 'approve' ) { $json = json_decode($comment, true); - if ( empty($json["comment_author_name"]) or strlen($json["comment_author_name"]) > 40 ) { - naughty("15f377e657196bb8192ec11755b0ca75 empty comment_author_name"); - } - $comment_author_name = $json["comment_author_name"]; - - if ( empty($json["comment_title"]) or strlen($json["comment_title"]) > 100) { - naughty("ce604e6bf3c1e0aa0ec7ab78ae07e6cb empty comment_title"); - } - $comment_title = $json["comment_title"]; - - if ( empty($json["comment_text"]) or strlen($json["comment_text"]) > 2000 ) { - naughty("d4101542e2d0264c0cdb8ac4bdf6bf09 empty comment_text"); - } - $comment_text = $json["comment_text"]; - - if ( empty($json["justification"]) or strlen($json["justification"]) > 200 or strlen($json["justification"]) < 20 ) { - naughty("f87785f8eda5d75de8cb08c386c66c56 empty justification"); - } - $justification = $json["justification"]; - - if ( empty($json["key"]) ) { - naughty("f87785f8eda5d75de8cb08c386c66c56 empty key"); - } - - if ( $key !== $json["key"] ) { - naughty("9d7f5e1a7a075a925ed1231decc16965 provided key is not matching json key"); - } - - // check ip // - // - if ( empty($json["ip"]) ) { - naughty("025622ea15552a7b8a3ae71405cf1fbf empty ip"); - } - - $ip = $json["ip"]; - - if ( ! filter_var($ip, FILTER_VALIDATE_IP)) { - naughty("571f2d51046da9c923e01ae8bbfc037e not an IP"); - } - - // check ep_num // - // - if ( empty($json["eps_id"]) ) { - naughty("6740e9b34590fe5b8f1829aeb5da099d empty eps_id"); - } - $ep_num = $json["eps_id"]; - - if ( intval($ep_num) === 0 ) { - naughty("fdae5c63eb5608820b13c9d096166c84 ep_num not int"); - } - else { - $ep_num = intval($ep_num); - } - - if ( ( $ep_num <= 0 ) OR ( $ep_num >= 9999) ) { - naughty("eb90a1a69fd531d5c649e3f5367bd570 ep_num outside range"); - } - - $ep_retrieve = "SELECT id FROM eps WHERE id=$ep_num;"; - - if ($result = mysqli_query($connection, $ep_retrieve)) { - if ( ! $result->fetch_assoc()) { - naughty("b9ac28c5c661d7ed1c4c009de0279e07 ep_num not a real show"); - } - } - - // date // - // - - if ( empty($json["comment_timestamp"]) ) { - naughty("bdc8352b3cc66626c3cb9e24b197eea6 empty comment_timestamp"); - } - $comment_timestamp = $json["comment_timestamp"]; - - // 2023-12-23T12:21:29Z - if ( !preg_match("/\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$/", $comment_timestamp) ) { - naughty("ad7f805c2f42be77122ec52f114fe318 comment_timestamp not matching regex"); - } - - if ( strtotime($comment_timestamp) === false ) { - naughty("fa8cfb5266783bfb4dc06120bfdf5675 comment_timestamp not a date"); - } - - $comment_timestamp_epoch = strtotime($comment_timestamp); - $a_week_ago = strtotime(date("Y-m-d H:i:s", time()) . " -1 week" ); - -// if ( $comment_timestamp_epoch <= $a_week_ago ) { -// naughty("f3fae30aec607f499108db240ec28456 comment_timestamp older than a week"); -// } - - $date = new DateTime( $comment_timestamp ); - $comment_timestamp_db = $date->format('Y-m-d H:i:s'); - - // anti spam - - if (file_exists($naughty_stings_file)) { - $comment = strtolower( "$comment_author_name, $comment_text, $comment_title, $justification" ); - $naughty_words = file("$naughty_stings_file", FILE_SKIP_EMPTY_LINES|FILE_IGNORE_NEW_LINES); - foreach ( $naughty_words as $naughty_word) { - if ( strpos( $comment, strtolower( $naughty_word ) ) !== false ) { - naughty("b5fd199bfeb4c1bbd4923b4af5415ce3 fails banned wordcheck \"$naughty_word\""); - } - } - } + require "/home/hpr/public_html_hub/cms/comment_checks.php"; // OK I believe you @@ -220,6 +124,8 @@ if ( $action === 'approve' ) { if ( empty($db["id"]) ) { naughty("1caead2716fb4e793b11f978eddd7559 could not find the id of the entry. comment_timestamp='$comment_timestamp_db' and comment_author_name='$comment_author_name'"); } + $db["http_code"] = "200"; + $db["action"] = "approve"; http_response_code(200); header('Content-Type: application/json; charset=utf-8'); echo json_encode($db); @@ -231,35 +137,3 @@ if ( $action === 'approve' ) { http_response_code(500); ?> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/cms/comment_process_rss.php b/cms/comment_process_rss.php new file mode 100644 index 0000000..9171921 --- /dev/null +++ b/cms/comment_process_rss.php @@ -0,0 +1,146 @@ +' . "\n"; + +?> + + + Hacker Public Radio - Unprocessed Comment Feed + https://hackerpublicradio.org/comments_viewer.html + A daily show hosted the community on topics that are of interest to hackers and hobbyists. + Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists. + en-us + + + + + + + + yes + Hacker Public Radio + Community Radio, Tech Interviews, Linux, Open, Hobby, Software Freedom + Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) License + feedback@NOSPAM-hackerpublicradio.org (HPR Feedback) + + HPR Volunteer + admin@hackerpublicradio.org + + admin@hackerpublicradio.org (HPR Volunteer) + kate + http://www.rssboard.org/rss-specification + 43200 + + Saturday + Sunday + + + https://hackerpublicradio.org/images/hpr_feed_small.png + Hacker Public Radio + https://hackerpublicradio.org/comments_viewer.html + The Hacker Public Radio Old Microphone Logo + 164 + 144 + + HPR Volunteer + Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists. + admin@hackerpublicradio.org + + +\n"; +print " ".date(DATE_RFC1123, strtotime(date('Y-m-d')))."\n"; + +// 2023-06-15T08:39:36Z_83.185.95.196_582e484f02443444c2f8ff3176002aac648ace488d413.json +// 2023-09-04T14:52:39Z_68.49.58.16_4cfde84f736d4df0c6e1f6ba7c4e8fc264f5ef3743eb7.json +// 2023-11-25T16:46:56Z_68.49.58.16_eee5067d88e3dc8ad4a2cab2a0ed4fcb65622500b48f1.json +// 2023-11-29T21:24:45Z_68.49.58.16_f686e54797a290dacad5a78a30362ec36567ac1db6d0c.json +// 2023-12-22T14:23:04Z_45.137.100.15_baabea02d48a63568c9684bbcbf17f8365859bc8a0770.json +// 2023-12-22T14:28:32Z_45.137.100.15_ad894382079f743cd5471235b0a17b1665859d103439d.json +// 2023-12-22T14:30:41Z_45.137.100.15_1664b77c3199c613f2035a3425ea665b65859d91b34ba.json +// 2023-12-23T18:23:42Z_45.137.100.15_a8ad9de74017103c2a98091710dba7cf658725aedd56b.json + +$filenames = glob( "${comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_*.json" ); + +foreach ($filenames as $filename) { + + $comment = file_get_contents("$filename"); + echo "\n"; + + $json = json_decode($comment, true); + + $path_parts = pathinfo( "$filename" ); + + list($file_timestamp, $file_ip, $key) = explode( '_', $path_parts['filename'] ); + + require "/home/hpr/public_html_hub/cms/comment_checks.php"; + + echo " \n"; + echo " $comment_title\n"; + echo " $comment_author_name\n"; + echo " https://hackerpublicradio.org/eps/hpr$ep_num/index.html\n"; + echo " +Block, +Delete, or +Approve. +

+ +
+$filename
+$comment_timestamp
+$key
+
+
+

+Comment on HPR$ep_num: $ep_num,
+
+comment_author_name ($comment_author_name_ascii): $comment_author_name,
+comment_title ($comment_title_ascii): $comment_title,
+comment_text ($comment_text_ascii): +

+$comment_text
+
+justification ($justification_ascii): +
+$justification
+
+

+
+comment_title_json: $comment_title_json,
+comment_text_json: $comment_text_json,
+justification_json: $justification_json,
+
+ + ]]>\n\n"; +// echo " \n\n"; + echo " " .date(DATE_RFC1123, strtotime( $comment_timestamp_db )) . "\n"; + echo " $key\n"; + echo " \n"; + +} + +//Display non-connection errors +//Close sql connection +mysqli_close($connection); +echo " + +"; + +?> diff --git a/hub/request_confirm.php b/hub/request_confirm.php index e537247..6c8077f 100644 --- a/hub/request_confirm.php +++ b/hub/request_confirm.php @@ -76,7 +76,7 @@ if ( !preg_match("/^\d{4}_\d{4}-\d{2}-\d{2}$/", $_POST["ep_num_date"]) ) { naughty("ad7f805c2f42be77122ec52f114fe318"); } else { - list($ep_num, $ep_date) = explode('_', $_POST["ep_num_date"]);; + list($ep_num, $ep_date) = explode('_', $_POST["ep_num_date"]); } if ( intval($ep_num) === 0 ) { diff --git a/ini/credentials.php b/ini/credentials.php index d5de31c..2db9372 100644 --- a/ini/credentials.php +++ b/ini/credentials.php @@ -14,6 +14,7 @@ $mailerPassword = 'THE_SMTP_MAIL_PASSWORD_HERE'; $hubBaseurl = "https://hub.hackerpublicradio.org/"; $baseurl = "https://hackerpublicradio.org/"; +$comment_directory = "/path/to/comments"; $naughtyfile = '/path/to/naughty.txt'; $naughty_stings_file = '/path/to/strings.txt'; $justification_file = '/path/to/justification.txt';