From bbaa57bed9332ced99fb8d9b1681a6872f536c41 Mon Sep 17 00:00:00 2001 From: Ken Fallon Date: Sun, 2 Jul 2023 16:47:44 +0200 Subject: [PATCH] Initial push of the dynamic code --- README.md | 24 +- cms/add_show.php | 403 +++++++++++++++++++++++++++++ cms/comment_process.php | 75 ++++++ cms/say.php | 111 ++++++++ cms/schedule.php | 164 ++++++++++++ cms/status.php | 137 ++++++++++ hub/412.shtml | 14 ++ hub/calendar.php | 301 ++++++++++++++++++++++ hub/comment_confirm.php | 304 ++++++++++++++++++++++ hub/footer.html | 83 ++++++ hub/header.html | 67 +++++ hub/index.php | 3 + hub/request.php | 209 +++++++++++++++ hub/request_confirm.php | 331 ++++++++++++++++++++++++ hub/upload.php | 297 ++++++++++++++++++++++ hub/upload_confirm.php | 546 ++++++++++++++++++++++++++++++++++++++++ ini/credentials.php | 16 ++ ini/hub.cms.htaccess | 12 + ini/include.php | 339 +++++++++++++++++++++++++ ini/www.htaccess | 90 +++++++ www/rss-future.php | 214 ++++++++++++++++ www/rss.php | 303 ++++++++++++++++++++++ 22 files changed, 4042 insertions(+), 1 deletion(-) create mode 100644 cms/add_show.php create mode 100755 cms/comment_process.php create mode 100644 cms/say.php create mode 100644 cms/schedule.php create mode 100644 cms/status.php create mode 100755 hub/412.shtml create mode 100644 hub/calendar.php create mode 100644 hub/comment_confirm.php create mode 100644 hub/footer.html create mode 100644 hub/header.html create mode 100644 hub/index.php create mode 100644 hub/request.php create mode 100644 hub/request_confirm.php create mode 100644 hub/upload.php create mode 100755 hub/upload_confirm.php create mode 100644 ini/credentials.php create mode 100644 ini/hub.cms.htaccess create mode 100644 ini/include.php create mode 100644 ini/www.htaccess create mode 100644 www/rss-future.php create mode 100644 www/rss.php diff --git a/README.md b/README.md index 1cb36e7..45e2340 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,25 @@ # hpr_hub -The dynamic code for the Hacker Public Radio project. \ No newline at end of file +The dynamic code for the Hacker Public Radio project. + +It consists of several directories + +## www + +This directory contains the static content that the site uses. + +There are some [rss php files](https://repo.anhonesthost.net/rho_n/hpr_generator/issues/140) that will be converted to statically rendered files. + +## hub + +This contains the files necessary to display the queue, upload shows, and submit comments. + +## cms + +Some tooling used by the Janitors to process comments, and shows. + +## ini + +Some sanitize settings files needed. + + diff --git a/cms/add_show.php b/cms/add_show.php new file mode 100644 index 0000000..3bc4267 --- /dev/null +++ b/cms/add_show.php @@ -0,0 +1,403 @@ + 100 ) { + problem("ERROR: Title length is not OK"); +} +logextra( "Title length is OK" ); +$title = $_POST["title"]; + +if ( empty($_POST["summary"]) or strlen( $_POST["summary"]) > 200 or strlen(str_replace('\\', '', $_POST["summary"])) > 100 ) { + problem("ERROR: Summary length is not OK"); +} +logextra( "Summary length is OK" ); +$summary = $_POST["summary"]; + +if ( empty($_POST["explicit"]) ) { + problem("ERROR: explicit is missing"); +} +logextra( "explicit exists" ); + +if ( strcmp($_POST["explicit"], "Yes") !== 0 ) { + logextra( "explicit is not yes" ); + if ( strcmp($_POST["explicit"], "Clean") !== 0 ) { + problem("ERROR: explicit needs to be either Yes or Clean"); + } +} +logextra( "explicit is either Yes or Clean" ); + +$explicit = $_POST["explicit"]; + +if ( $explicit === "Clean" ) { + $explicit = 0; +} +else { + $explicit = 1; +} +if ( empty($_POST["episode_license"]) or strlen($_POST["episode_license"]) < 4 or strlen($_POST["episode_license"]) > 11 ) { + problem("ERROR: episode_license length is not fine"); +} +logextra( "episode_license length is fine" ); + +if ( !( + strcmp($_POST["episode_license"], "CC-BY-SA") === 0 or + strcmp($_POST["episode_license"], "CC-BY-NC-SA") === 0 or + strcmp($_POST["episode_license"], "CC-BY-NC-ND") === 0 or + strcmp($_POST["episode_license"], "CC-0") === 0 or + strcmp($_POST["episode_license"], "CC-BY-NC") === 0 or + strcmp($_POST["episode_license"], "CC-BY") === 0 or + strcmp($_POST["episode_license"], "Other") === 0 ) + ) { + problem("ERROR: license is not a valid value"); +} +logextra( "license is a valid value" ); + +$episode_license = $_POST["episode_license"]; + +if ( empty($_POST["notes"]) or strlen($_POST["notes"]) > 40000 ) { + problem("ERROR: Notes are missing not less than max"); +} +logextra( "Notes are not missing and are less than max" ); + +$notes = $_POST["notes"]; + +if ( ( empty($_POST["series"]) and ($_POST["series"] != 0 ) ) or (strlen($_POST["series"]) > 3 ) ) { + problem("ERROR: Series id is not in the correct range"); +} +$series = $_POST["series"]; +if ( (strval(intval($series)) != strval($series)) ){ + problem("ERROR: series is not an int"); +} +logextra( "series is int" ); + +$result_series = mysqli_query($connection, "SELECT name FROM miniseries WHERE id='$series'"); +logextra( "Series id is in the correct range \"$series\"" ); + +if (!isset($result_series)) { + problem("ERROR: Series has not been found"); +} +$db_series_name_array = mysqli_fetch_row( $result_series ); +$db_series_name = $db_series_name_array[0]; + +if ( empty($db_series_name) ) { + problem("ERROR: Series name \"${db_series_name}\" is missing from db "); +} + +logextra( "Series name has been found in db: \"$db_series_name\"" ); + +if ( empty($_POST["series_name"]) ) { + problem("ERROR: series_name length is not fine"); +} +$series_name = $_POST["series_name"]; + +if ( $series_name != $db_series_name ) { + problem("ERROR: series_name \"$series_name\" and db_series_name \"$db_series_name\" don't match."); +} + +logextra( "series_name checkes passed: \"$series_name\"" ); + +if ( !empty($_POST["tags"]) and strlen($_POST["tags"]) > 100 ) { + problem("ERROR: Tags are not the correct length"); +} +logextra( "Tags are the correct length" ); +$tags = $_POST["tags"]; + +############# +# Host checks + +if ( empty($_POST["host_name"]) or strlen($_POST["host_name"]) > 40 ) { + problem("ERROR: host_name is not set and not the correct length"); +} +logextra( "host_name is set and correct length" ); +$host_name = $_POST["host_name"]; + + +if ( strlen($_POST["host_profile"]) > 2000 ) { + problem("ERROR: host_profile is not the correct length"); +} +logextra( "host_profile is correct length" ); + +$host_profile = $_POST["host_profile"]; + +if ( empty($_POST["host_license"]) or strlen($_POST["host_license"]) < 4 or strlen($_POST["host_license"]) > 11 ) { + problem("ERROR: host_license is not in the correct range"); +} +logextra( "host_license is in the correct range" ); + +if ( !( + strcmp($_POST["host_license"], "CC-BY-SA") === 0 or + strcmp($_POST["host_license"], "CC-BY-NC-SA") === 0 or + strcmp($_POST["host_license"], "CC-BY-NC-ND") === 0 or + strcmp($_POST["host_license"], "CC-0") === 0 or + strcmp($_POST["host_license"], "CC-BY-NC") === 0 or + strcmp($_POST["host_license"], "CC-BY") === 0 or + strcmp($_POST["host_license"], "Other") === 0 ) + ) { + problem("ERROR: host_license is not a predfined value"); +} +logextra( "host_license is a predfined value" ); + +$host_license = $_POST["host_license"]; + +if ( $_POST["hostid"] == 0 ) { + problem("ERROR: hostid is 0"); +} +logextra( "hostid is not 0" ); + +if ( empty($_POST["hostid"]) ) { + problem("ERROR: hostid doesn't exists "); +} +logextra( "hostid exists " ); + +$result = mysqli_query($connection, 'SELECT MAX(hostid) FROM hosts;'); +if (!isset($result)) { + problem("ERROR: could not get the max host from db"); +} +$maxhost_array = mysqli_fetch_row( $result ); +$maxhost = $maxhost_array[0]; +logextra( "retrieved the max host from db" ); + +$hostid = $_POST["hostid"]; +if ( (strval(intval($hostid)) != strval($hostid)) ){ + problem("ERROR: host id is not an int"); +} +logextra( "host id is int" ); + +if ( ( intval($hostid) < 0 ) or ( intval($hostid) > $maxhost ) ){ + problem("ERROR: host id \"$hostid\" is not in the correct range \" $maxhost \""); +} +logextra( "host id is int, and in the correct range" ); + +$query = "SELECT * FROM `hosts` WHERE `hostid` = '$hostid' and `host` = '$host_name';"; +$result = @mysqli_query($connection, $query); +$db = mysqli_fetch_array($result, MYSQLI_ASSOC); + +logextra( "Getting this host from the db" ); + +if ( ( $db["hostid"] != $hostid ) or ( $db["host"] != $host_name ) ) { + problem("ERROR: Could not find the host \"" . $db["hostid"] ."\", \"" . $db["host"] . "\" in the db \"${hostid}\", \"${host_name}\"" . $query ); +} +logextra( "Found this reservation from the db" ); + +if ( ( $db["profile"] != "$host_profile" ) or ( $db["license"] != "$host_license" ) ) { + logextra("The host_license is different to that in the db"); + $query = "UPDATE `hosts` SET `profile` = '$host_profile', `license` = '$host_license' WHERE `hosts`.`hostid` = '$hostid';"; + $result = mysqli_query($connection, $query ); + if (!isset($result)) { + problem("ERROR: could not update the host profile"); + } else { + logextra( "Updating the host profile" ); + } +} +logextra( "The host_license is the same to that in the db" ); + +############## +# Episode Check +// SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET + + +if ( !empty($_POST["ep_num"]) and isset( $_POST["ep_num"] ) ) { + $ep_num = intval( $_POST["ep_num"] ); +} +else { + problem("ERROR: ep_num is empty"); +} + +// // SELECT MAX(ep_num) FROM `reservations` → 3627 +// // SELECT MIN(ep_num) FROM `reservations` WHERE ep_num > 0 → 3582 +// +$result = mysqli_query($connection, 'SELECT MAX(ep_num) FROM `reservations`;'); +if (!isset($result)) { + problem("ERROR: Can't get max eps from reservations"); +} +$max_eps_array = mysqli_fetch_row( $result ); +$max_eps = $max_eps_array[0]; +mysqli_free_result($result); + +$result = mysqli_query($connection, 'SELECT MIN(ep_num) FROM `reservations` WHERE ep_num > 0;'); +if (!isset($result)) { + problem("ERROR: Can't get min eps from reservations"); +} +$min_eps_array = mysqli_fetch_row( $result ); +$min_eps = $min_eps_array[0]; +mysqli_free_result($result); + +if ( empty( $ep_num ) ) { + problem("ERROR: ep_num is empty"); +} + +if ( $ep_num < $min_eps ) { + problem("ERROR: ep_num is too small"); +} + +if ( $ep_num > $max_eps ) { + problem("ERROR: ep_num is too big"); +} + +if ( intval($ep_num) === 0 ) { + problem("ERROR: ep_num is 0"); +} +else { + $ep_num = intval($ep_num); +} + +$result = mysqli_query($connection, "SELECT ep_num FROM reservations WHERE ep_num='$ep_num' AND status='METADATA_PROCESSED';"); +if (!isset($result)) { + problem("ERROR: Cant get info from reservations db"); +} +$db_ep_num_array = mysqli_fetch_row( $result ); +$db_ep_num = $db_ep_num_array[0]; +mysqli_free_result($result); + +if ( $db_ep_num != $ep_num ){ + problem("ERROR: Cant find $ep_num with status of METADATA_PROCESSED"); +} + +$result = mysqli_query($connection, "SELECT `id` FROM `eps` WHERE `id` = '$ep_num';"); +if (!isset($result)) { + problem("ERROR: The show $ep_num is already in the eps db"); +} +$db_ep_num_array = mysqli_fetch_row( $result ); +$db_ep_num = $db_ep_num_array[0]; +mysqli_free_result($result); +if ( !empty( $db_ep_num ) ) { + problem("ERROR: $ep_num is already in the eps table"); +} +if ( intval($db_ep_num) === $ep_num ) { + problem("ERROR: $ep_num is already in the eps table"); +} +logextra( "ep_num checkes passed: $ep_num" ); + + +if ( !preg_match("/^\d{4}-\d{2}-\d{2}$/", $_POST["ep_date"]) ) { + problem("ERROR: ep_date fails the regex match "); +} +else { + $ep_date = $_POST["ep_date"]; +} + +if ( strtotime($ep_date) === false ) { + problem("ERROR: ep_date didn't convert to date"); +} +else { + $ep_date_epoch = strtotime($ep_date); +} +logextra( "ep_date checkes passed: $ep_date" ); + + +if ( !empty($_POST["duration"]) and isset( $_POST["duration"] ) ) { + $duration = intval( $_POST["duration"] ); +} +else { + problem("ERROR: duration is empty"); +} + +if ( empty( $duration ) ) { + problem("ERROR: duration is empty"); +} + +if ( $duration < 50 ) { + problem("ERROR: duration is too small"); +} + +if ( $duration > 26830 ) { + problem("ERROR: duration is too big"); +} + +if ( intval($duration) === 0 ) { + problem("ERROR: duration is 0"); +} +else { + $duration = intval($duration); +} +logextra( "duration checkes passed: $duration" ); + +$title = mysqli_real_escape_string( $connection, $title ); +$summary = mysqli_real_escape_string( $connection, $summary ); +$notes = mysqli_real_escape_string( $connection, $notes ); +$tags = mysqli_real_escape_string( $connection, $tags ); + +$query_add = "INSERT INTO eps VALUES ('$ep_num', '{$ep_date}', '{$title}', '{$duration}', '{$summary}', '{$notes}', '{$hostid}', '{$series}', '{$explicit}', '{$episode_license}', '{$tags}', '0', '0', '0')"; + +$result = mysqli_query($connection, $query_add ); +if(!$result) { + problem("ERROR: DB problem - The show $ep_num was not added to the eps db."); +} +if (mysqli_errno( $connection )) { + $error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n"; + problem("ERROR: MySQL error- The show $ep_num was not added to the eps db.\n$error"); +} + +$result = mysqli_query($connection, "SELECT `id` FROM `eps` WHERE `id` = '$ep_num';"); +if (!isset($result)) { + problem("ERROR: DB problem - The show $ep_num has not been added to the eps db"); +} +$db_ep_num_array = mysqli_fetch_row( $result ); +$db_ep_num = $db_ep_num_array[0]; +mysqli_free_result($result); +if (mysqli_errno( $connection )) { + $error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n"; + problem("ERROR: MySQL error- The show $ep_num was not added to the eps db.\n$error"); +} + +$result = mysqli_query($connection, "UPDATE reservations SET `status` = 'SHOW_POSTED' WHERE `ep_num` = '$ep_num' AND status='METADATA_PROCESSED';" ); +if (!isset($result)) { + problem("ERROR: DB problem - The show $ep_num has not been added to the eps db"); +} +if (mysqli_errno( $connection )) { + $error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n"; + problem("ERROR: Could not update the show reservation to SHOW_POSTED in the db"); +} + +logextra( "Finished $ep_num ." ); +?> diff --git a/cms/comment_process.php b/cms/comment_process.php new file mode 100755 index 0000000..e592b23 --- /dev/null +++ b/cms/comment_process.php @@ -0,0 +1,75 @@ + $v) { + ++$num_get_args; +} +if ( $num_get_args !== 2 ){ + # they are trying to GET on a POST request + naughty("638709cc1d7f107c024eb2a663675e8c"); +} + +if ( empty($_GET["key"]) or empty($_GET["action"]) ) { + naughty("991ce46448d64b90bc8a837b58b7ad20"); +} + +if ( empty($_GET["key"]) or strlen($_GET["key"]) !== 45 ) { + naughty("c9e5ea8d870dda8db08bc570cbed7f84"); +} + +if ( !empty($_GET["key"]) and + isset( $_GET['key'] ) and + strlen( $_GET['key'] ) === 45 and + strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) === 45 and + ctype_xdigit( $_GET['key'] ) + ) { + $key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ); +} +else { + naughty("868d9cc49b2f1e4a9319a8e8755d6189"); +} + +if ( !in_array($_GET["action"], array('approve','delete','block'), true ) ) { + naughty("c0ca62c918f9bb0ab72da0cdf2f2e8df "); +} +else { + $action = $_GET["action"]; +} + +$comment_directory = "/home/hpr/comments"; + +if ( ! file_exists( $comment_directory ) ) { + # Looks like the comments directory has not been created + naughty("0fdffa1dbe94e0730cef457be93ebf40"); +} + +$files = glob( "${comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_${key}.json" ); +if (count($files) === 0) { + naughty("3efef2971727905064855d7866cb0059"); +} +else { + $file = $files[0]; +} + +list($begin, $file_ip, $end) = explode('_', $file); + +if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) { + naughty("70ebe39c92b393c288e41a4d3128b5da"); +} + +if ( $action === 'block' ) { + file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t${file_ip}\tReported as comment spammer\t${key}\n", FILE_APPEND | LOCK_EX ); +} + +unlink( "${file}" ); +http_response_code(200); + + +// exit; + +?> diff --git a/cms/say.php b/cms/say.php new file mode 100644 index 0000000..72886f3 --- /dev/null +++ b/cms/say.php @@ -0,0 +1,111 @@ + $v) { + ++$num_get_args; + } + if ( (strval(intval($id)) != strval($id)) OR ( intval($id) <= 0 ) OR ( intval($id) > $maxhost ) OR ( $num_get_args > 1 ) ){ + exit; + } + $query = "SELECT id FROM eps WHERE id = '$id'"; + $result = @mysqli_query($connection, $query); + if($result === FALSE) { + call412( "a9564ebc3289b7a14551baf8ad5ec60a" ); + } + else { + $db = mysqli_fetch_array($result, MYSQLI_ASSOC); + if ( empty($db["id"]) ) { + call412( "a9564ebc3289b7a14551baf8ad5ec60a" ); + } + } +} +else { + call412( "a9564ebc3289b7a14551baf8ad5ec60a" ); + exit; +} +Header('Content-type: text/tab-separated-values'); +header("Content-disposition: inline; filename=say.txt"); + +$ep_retrieve = "SELECT UNIX_TIMESTAMP(eps.date) AS timestamp, eps.title, eps.duration, eps.summary, hosts.host, eps.hostid, eps.series, eps.license, eps.explicit FROM eps, hosts WHERE hosts.valid = '1' AND id = '$id' AND eps.hostid = hosts.hostid"; +if ($result = mysqli_query($connection, $ep_retrieve)) { + while ($row = mysqli_fetch_array($result)) { + $date = $row['timestamp']; + $title = $row['title']; + $duration = $row['duration']; + $summary = $row['summary']; + $host = $row['host']; + $hostid = $row['hostid']; + $series = $row['series']; + $license = $row['license']; + $explicit = $row['explicit']; + + $id = fixid($id); + + $host_retrieve = "SELECT host, espeak_name FROM hosts WHERE hostid = '$hostid'"; + $result1 = mysqli_query($connection, $host_retrieve); + $row1 = mysqli_fetch_array($result1); + $espeak_name = $row1['espeak_name']; + + $epcountquery = "SELECT count( id ) AS total FROM eps WHERE hostid = '$hostid'"; + $result2 = mysqli_query($connection, $epcountquery); + $row2 = mysqli_fetch_array($result2); + $total = $row2['total']; + if ( $total == 1 ) { + $host_notes = ". It is the first show by new host ${espeak_name}, "; + } + else if ($total % 10 == 0) { + $host_notes = ". It is the ${total}th show of ${espeak_name}, "; + } + else { + $host_notes = ". It is hosted by ${espeak_name}, "; + } + } +} +$HPR_summary = "This is Hacker Public Radio episode $id for " . date("l", $date) . " the " . date("jS", $date) . " of " . date("F Y", $date) . ". Todays show is entitled. ${title}."; +if ($series > "0"){ + $series_query = mysqli_query($connection, "SELECT name, description FROM miniseries WHERE id = '$series'"); + $series_result = mysqli_fetch_array($series_query); + $series_title = $series_result['name']; + $desc = $series_result['description']; + $HPR_summary = "${HPR_summary} It is part of the series \"$series_title\""; +} +$HPR_summary = "${HPR_summary} ${host_notes} and is about " . round($duration/60) . " minutes long. It carries "; +if ($explicit == 0) { + $HPR_summary = "${HPR_summary} a clean flag. "; + $explicit = "Clean"; +} +else{ + $HPR_summary = "${HPR_summary} an explicit flag. "; + $explicit = "Explicit"; +} +if ( !empty( $summary ) ) { + $HPR_summary = "${HPR_summary}. The summary is. $summary"; +} +if (strcmp($license, "CC-BY-SA" ) !== 0) { + $HPR_summary = "${HPR_summary}. Todays show is licensed under a $license license."; +} + +$HPR_summary = str_replace($host,$espeak_name,$HPR_summary); + +echo "HPR_summary: ${HPR_summary}\n"; +echo "HPR_album: Hacker Public Radio\n"; +echo "HPR_artist: ${host}\n"; +echo "HPR_hostid: ${hostid}\n"; +echo "HPR_comment: https://hackerpublicradio.org ${explicit}; $summary\n"; +echo "HPR_genre: Podcast\n"; +echo "HPR_license: ${license}\n"; +echo "HPR_title: ${title}\n"; +echo "HPR_track: $id\n"; +echo "HPR_year: " . date("Y", $date) . "\n"; +echo "HPR_duration: ${duration}\n"; +echo "HPR_explicit: ${explicit}\n"; +?> diff --git a/cms/schedule.php b/cms/schedule.php new file mode 100644 index 0000000..deb0992 --- /dev/null +++ b/cms/schedule.php @@ -0,0 +1,164 @@ += '$current_episode_date' ORDER BY date DESC"; + +$ep_retrieve = "SELECT + hosts.host, + eps.id, + eps.title, + eps.date, + COUNT( assets.extension) AS numfiles +FROM + eps + LEFT JOIN hosts ON eps.hostid = hosts.hostid + LEFT JOIN assets ON eps.id = assets.episode_id +WHERE + eps.valid = 1 + AND eps.date >= '$current_episode_date' +GROUP BY eps.id;"; + +if ($result = mysqli_query($connection, $ep_retrieve)) { + while ($row = mysqli_fetch_array($result)) { + $id = $row['id']; + $date = $row['date']; + $title = $row['title']; + $host = $row['host']; + $numfiles = $row['numfiles']; + if( isset($numfiles) and $numfiles >= 3 ) { + $status = "Finished"; + } + else { + $status = "Reserved"; + } + $show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ), + "title" => $title, + "host" => $host, + "status" => $status + ); + } +} +// REQUEST_UNVERIFIED → SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET + +// Populate array with currently processing shows EMAIL_LINK_CLICKED +$ep_retrieve = " +SELECT + reservations.ep_num, + reservations.ep_date, + reservations.status +FROM + reservations +WHERE + reservations.verified = 1 + AND reservations.ep_date >= '$current_episode_date' +ORDER BY + reservations.ep_date DESC"; + +if ($result = mysqli_query($connection, $ep_retrieve)) { + while ($row = mysqli_fetch_array($result)) { + $id = $row['ep_num']; + $date = $row['ep_date']; + $status = $row['status']; + $show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ), + "title" => $status, + "host" => "Unverified", + "status" => "Processing" + ); + } +} + +// Populate array with temporary reservations. +$ep_retrieve = "SELECT r.ep_num, r.ep_date, r.timestamp + INTERVAL 1 HOUR - UTC_TIMESTAMP() AS seconds_to_expiration FROM reservations r +WHERE r.timestamp + INTERVAL 1 HOUR > UTC_TIMESTAMP() AND r.verified =0 AND r.ep_date >= '$current_episode_date' ORDER BY r.ep_date DESC"; + +if ($result = mysqli_query($connection, $ep_retrieve)) { + while ($row = mysqli_fetch_array($result)) { + $id = $row['ep_num']; + $date = $row['ep_date']; + $seconds_to_expiration = $row['seconds_to_expiration']; + $minutes = floor($seconds_to_expiration / 60) + 1; + $show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ), + "title" => " Available again in $minutes minutes", + "host" => "Unverified", + "status" => "Locked" + ); + } +} + +$ep_retrieve = "SELECT + hosts.host, + eps.id, + eps.title, + eps.date +FROM + eps, + hosts, + assets +WHERE + eps.valid = 1 + AND eps.hostid = hosts.hostid + AND eps.id = assets.episode_id + AND assets.extension = 'ogg' + AND eps.date >= '$current_episode_date' +ORDER BY + date DESC"; +if ($result = mysqli_query($connection, $ep_retrieve)) { + while ($row = mysqli_fetch_array($result)) { + $id = $row['id']; + $date = $row['date']; + $title = $row['title']; + $host = $row['host']; + $show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ), + "title" => $title, + "host" => $host, + "status" => "Finished" + ); + } +} + + +echo json_encode($show_array, JSON_FORCE_OBJECT); +?> + diff --git a/cms/status.php b/cms/status.php new file mode 100644 index 0000000..17056a2 --- /dev/null +++ b/cms/status.php @@ -0,0 +1,137 @@ + $v) { + ++$num_get_args; +} +if ( $num_get_args !== 2 ){ + $result = mysqli_query($connection, "SET time_zone = '+0:00';"); + if (!isset($result)) { + naughty("cca6408ae1febc3f07974177b2d04375"); + } + + header("Content-type: text/csv"); + print "timestamp_epoc,ep_num,ep_date,key,status,email\n"; + # 1649790226_3710_2022-10-21_b291590ce4ba23b519935bde53d0a5936255cd12e96b4 + $query = "SELECT UNIX_TIMESTAMP(timestamp) as timestamp_epoc, `ep_num`, `ep_date`, `key`, `status`, `email` FROM `reservations` WHERE `ep_num` > 0 ORDER BY `ep_num` ASC"; + if($result = mysqli_query($connection, $query)) { + while($row = mysqli_fetch_array($result)) { + //handle text color + print "{$row['timestamp_epoc']},{$row['ep_num']},{$row['ep_date']},{$row['key']},{$row['status']},{$row['email']}\n"; + } + } + else { + naughty("2dcabda45255713ea9bf04523e804016"); + } + mysqli_close($connection); + exit; +} + +if ( empty($_GET["ep_num"]) or empty($_GET["status"]) ) { + naughty("32bedea129648f27701f2f2f3ff4b7b5"); +} + +if ( !in_array($_GET["status"], array('METADATA_PROCESSED','SHOW_POSTED','MEDIA_TRANSCODED','UPLOADED_TO_IA','UPLOADED_TO_RSYNC_NET','REMOVE_RESERVATION'), true ) ) { + naughty("88882bc97094e7aabf2a258756f917f5 "); +} +else { + $status = $_GET["status"]; +} + +if ( !empty($_GET["ep_num"]) and isset( $_GET["ep_num"] ) ) { + $ep_num = intval( $_GET["ep_num"] ); +} +else { + naughty("ecb0ebc5b38b4c09226ccbfce05978cb"); +} + +// // SELECT MAX(ep_num) FROM `reservations` → 3627 +// // SELECT MIN(ep_num) FROM `reservations` WHERE ep_num > 0 → 3582 +// +$result = mysqli_query($connection, 'SELECT MAX(ep_num) FROM `reservations`;'); +if (!isset($result)) { + naughty("360e6381ffca736b6f12056abd7dcc7d"); +} +$max_eps_array = mysqli_fetch_row( $result ); +$max_eps = $max_eps_array[0]; +mysqli_free_result($result); + +$result = mysqli_query($connection, 'SELECT MIN(ep_num) FROM `reservations` WHERE ep_num > 0;'); +if (!isset($result)) { + naughty("6971b6d378292e8fc9583de6082eddf4"); +} +$min_eps_array = mysqli_fetch_row( $result ); +$min_eps = $min_eps_array[0]; +mysqli_free_result($result); + +if ( empty( $ep_num ) ) { + naughty("6cf46a9b21e667c61b2c5bf87a7104f9 $ep_num"); +} + +if ( $ep_num < $min_eps ) { + naughty("bbcef7cd8a263dc57e85195935ad600a $ep_num < $min_eps"); +} + +if ( $ep_num > $max_eps ) { + naughty("a75115f3fa706ceee4b61971cd22b8f9 $ep_num > $max_eps"); +} + +// SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET +switch ($status) { + case "METADATA_PROCESSED": + $current_status="SHOW_SUBMITTED"; + break; + case "SHOW_POSTED": + $current_status="METADATA_PROCESSED"; + break; + case "MEDIA_TRANSCODED": + $current_status="SHOW_POSTED"; + break; + case "UPLOADED_TO_IA": + $current_status="MEDIA_TRANSCODED"; + break; + case "UPLOADED_TO_RSYNC_NET": + $current_status="UPLOADED_TO_IA"; + break; + case "REMOVE_RESERVATION": + $query = "DELETE FROM reservations WHERE `ep_num` = '$ep_num' "; + $result = @mysqli_query($connection, $query); + if (mysqli_errno( $connection)) { + $error = "MySQL error ".mysqli_errno( $connection).": ".mysqli_error($connection)."\n"; + problem("Could not update the show reservation to $status in the db"); + } + mysqli_free_result($result); + mysqli_close($connection); + logextra( "$query"); + die; +} + +$result = mysqli_query($connection, "SELECT ep_num FROM reservations WHERE `ep_num` = '$ep_num' AND status='$current_status';"); +if (!isset($result)) { + naughty("7f2d7228ca355be6dd2a24769595b18f"); +} +$db_ep_num_array = mysqli_fetch_row( $result ); +$db_ep_num = $db_ep_num_array[0]; +mysqli_free_result($result); +if ( $db_ep_num != $ep_num ){ + problem("da59731c6ae6d1ce0fa2fa9fc4e1e726 $db_ep_num != $ep_num"); +} + +$query = "UPDATE reservations SET `status` = '$status' WHERE `ep_num` = '$ep_num' AND status='$current_status';"; +$result = mysqli_query($connection, $query ); +if(!isset($result)) { + problem("8a76bb408877b1d33bf31ea96b6fc02f"); +} +if (mysqli_errno( $connection )) { + $error = "MySQL error ".mysqli_errno( $connection).": ".mysqli_error($connection)."\n"; + problem("Could not update the show reservation to $status in the db"); +} +mysqli_close($connection); + +logextra( "UPDATE reservations SET `status` = '$status' WHERE ep_num='$ep_num' AND status='$current_status';"); +?> diff --git a/hub/412.shtml b/hub/412.shtml new file mode 100755 index 0000000..207d546 --- /dev/null +++ b/hub/412.shtml @@ -0,0 +1,14 @@ + + + + +Hacker Public Radio + + +

412 Precondition Failed

+

+Interesting.
+Why not record a show telling us about what you were trying to do ? +

+ + diff --git a/hub/calendar.php b/hub/calendar.php new file mode 100644 index 0000000..ab31f08 --- /dev/null +++ b/hub/calendar.php @@ -0,0 +1,301 @@ +\n"; + +// -------------------------------------------- +// Get latest published show + +$query = mysqli_query($connection, "SELECT max(date), max(id) from eps WHERE eps.date <= UTC_DATE()"); +$current_episode_array = mysqli_fetch_row($query); +$current_episode_date = $current_episode_array[0]; +$current_episode_number = $current_episode_array[1]; + +print "\n"; +print "\n"; + +// -------------------------------------------- +// Get highest scheduled or reserved show + +$query = mysqli_query($connection, "SELECT MAX(id) FROM eps as maxid;"); +$max_episode_array = mysqli_fetch_row($query); +$max_episode_number = $max_episode_array[0]; +print "\n"; + +// -------------------------------------------- +// Populate array with future shows and reservations +$show_array = array (); + +// REQUEST_UNVERIFIED → SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET +$ep_retrieve = "SELECT hosts.host, eps.id, eps.title, eps.date FROM eps, hosts WHERE eps.valid=1 AND eps.hostid = hosts.hostid AND eps.date >= '$current_episode_date' ORDER BY date DESC"; + +$ep_retrieve = "SELECT + hosts.host, + eps.id, + eps.title, + eps.date, + COUNT( assets.extension) AS numfiles +FROM + eps + LEFT JOIN hosts ON eps.hostid = hosts.hostid + LEFT JOIN assets ON eps.id = assets.episode_id +WHERE + eps.valid = 1 + AND eps.date >= '$current_episode_date' +GROUP BY eps.id;"; + +if ($result = mysqli_query($connection, $ep_retrieve)) { + while ($row = mysqli_fetch_array($result)) { + $id = $row['id']; + $date = $row['date']; + $title = $row['title']; + $host = $row['host']; + $numfiles = $row['numfiles']; + if( isset($numfiles) and $numfiles >= 3 ) { + $status = "Finished"; + } + else { + $status = "Reserved"; + } + $show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ), + "title" => $title, + "host" => $host, + "status" => $status + ); + } +} +// REQUEST_UNVERIFIED → SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET + +// Populate array with currently processing shows EMAIL_LINK_CLICKED +$ep_retrieve = " +SELECT + reservations.ep_num, + reservations.ep_date, + reservations.status +FROM + reservations +WHERE + reservations.verified = 1 + AND reservations.ep_date >= '$current_episode_date' +ORDER BY + reservations.ep_date DESC"; + +if ($result = mysqli_query($connection, $ep_retrieve)) { + while ($row = mysqli_fetch_array($result)) { + $id = $row['ep_num']; + $date = $row['ep_date']; + $status = $row['status']; + $show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ), + "title" => $status, + "host" => "Unverified", + "status" => "Processing" + ); + } +} + +// Populate array with temporary reservations. +$ep_retrieve = "SELECT r.ep_num, r.ep_date, r.timestamp + INTERVAL 1 HOUR - UTC_TIMESTAMP() AS seconds_to_expiration FROM reservations r +WHERE r.timestamp + INTERVAL 1 HOUR > UTC_TIMESTAMP() AND r.verified =0 AND r.ep_date >= '$current_episode_date' ORDER BY r.ep_date DESC"; + +if ($result = mysqli_query($connection, $ep_retrieve)) { + while ($row = mysqli_fetch_array($result)) { + $id = $row['ep_num']; + $date = $row['ep_date']; + $seconds_to_expiration = $row['seconds_to_expiration']; + $minutes = floor($seconds_to_expiration / 60) + 1; + $show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ), + "title" => " Available again in $minutes minutes", + "host" => "Unverified", + "status" => "Locked" + ); + } +} + +$ep_retrieve = "SELECT + hosts.host, + eps.id, + eps.title, + eps.date +FROM + eps, + hosts, + assets +WHERE + eps.valid = 1 + AND eps.hostid = hosts.hostid + AND eps.id = assets.episode_id + AND assets.extension = 'ogg' + AND eps.date >= '$current_episode_date' +ORDER BY + date DESC"; +if ($result = mysqli_query($connection, $ep_retrieve)) { + while ($row = mysqli_fetch_array($result)) { + $id = $row['id']; + $date = $row['date']; + $title = $row['title']; + $host = $row['host']; + $show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ), + "title" => $title, + "host" => $host, + "status" => "Finished" + ); + } +} + + +// -------------------------------------------- +// Calculate the time to the next show + +# aria-label="" + +$next_show_date = date('Y-m-d', strtotime($show_array[$next_show_num - 1 ]["date"] . ' + 1 weekday')); +$days_to_wait = floor((strtotime($next_show_date) - strtotime(gmdate('Y-m-d')))/(60*60*24)); + +?> +
+ +

Upload Your Show

+ +

+The HPR Schedule is entirely community driven and we recommend that you decide when your show will be released. +

+ +

+There are only days to wait until next free slot. Please consider ">recording a show for us. +

+
    +
  1. Review the updated ">Stuff you need to know page.
  2. +
  3. Select a date, or post to the reserve queue.
  4. +
  5. Click the link in the confirmation email
  6. +
  7. Then ">fill in a form.
  8. +
+ +

Add to the Reserve Queue ?

+ +

+request.php?id=9999">Post your show to the reserve queue if you don't care when it will be released. ">ⓘ +

+ +

Select a date in the current schedule ?

+ +

+Schedule the release day your show will be aired. ">ⓘ +

+ +

Next Two Months ">ⓘ

+ + + + +" . date('D Y-m-d', strtotime($show_array[$slot]["date"])) . ": hpr${slot} " . $show_array[$slot]["title"] . " by " . $show_array[$slot]["host"] . "
\n"; + } + else { + echo "${this_episode_date}: hpr${slot} ". $show_array[$slot]["status"]. ": " . $show_array[$slot]["title"] . ".
\n"; + } + $sizeof_show_array--; + } + elseif ( empty( $show_array[$slot] ) ) { + echo "${this_episode_date}: hpr${slot} is available - upload now.
\n"; + } + elseif ( $show_array[$slot]["valid"] == 0 ) { + echo "${this_episode_date}: hpr${slot} Unavailable.
\n"; + } + $this_episode_date = date('D Y-m-d', strtotime($this_episode_date . ' + 1 weekday')); + $new_week_number = date('W', strtotime($this_episode_date)); + if ( $week_number != $new_week_number ) { + $week_number = $new_week_number; + echo "----------------- Week ${week_number} -----------------
\n"; + } +} +?> + +

Also Scheduled

+\n" ; + if ( !empty( $show_array[$slot] ) ) { + if ( $show_array[$slot]["status"] === "Finished" ) { + echo "" . date('D Y-m-d', strtotime($show_array[$slot]["date"])) . ": hpr${slot} " . $show_array[$slot]["title"] . " by " . $show_array[$slot]["host"] . "
\n"; + } + else { + echo "" . date('D Y-m-d', strtotime($show_array[$slot]["date"])) . ": hpr${slot} ". $show_array[$slot]["status"]. ": " . $show_array[$slot]["title"] . ".
\n"; + } + + $sizeof_show_array--; + } + $slot++; +} +?> + + +

Pick other dates

+

+If you wish to pick an available slot in the next 12 months then go directly to the request page. +

+ +
+ + diff --git a/hub/comment_confirm.php b/hub/comment_confirm.php new file mode 100644 index 0000000..2f9866d --- /dev/null +++ b/hub/comment_confirm.php @@ -0,0 +1,304 @@ + comment_confirm.php > eps.php +require "/home/hpr/php/include.php"; + +$num_get_args = 0; + +foreach($_GET as $k => $v) { + ++$num_get_args; +} + +if ( $num_get_args > 0 ){ + # they didn't supply any arguments + naughty("9e756ee22b7cdcdb150a5baf167caa25 $num_get_args"); +} + +if ( empty($_POST["anti_spam_question"]) ) { + naughty("0601a23e358374c293b086bb75606cca"); +} + +if ( strlen($_POST["anti_spam_question"]) !== 6 ) { + naughty("6f51e6e7e6820b3fdda5d4ca0df14db1"); +} + +if (strcasecmp('public', $_POST["anti_spam_question"]) !== 0) { + naughty("6aef421ce05e3ac34f4cd91ae3248a45"); +} + +$comment_directory = "/home/hpr/comments"; + +if ( ! file_exists( $comment_directory ) ) { + # Looks like the comments directory has not been created + naughty("d5342ea497f701656433e81fb5eed064"); +} + +$unprocessed_comments = iterator_count(new FilesystemIterator("$comment_directory", FilesystemIterator::SKIP_DOTS)); + +if( $unprocessed_comments >= 10 ) { + # There has to be at least one comment here as they are calling the script, and too many is suspicious + naughty("093f42abee30e69e0e4d5125c70a0f7c"); +} + +# This is to prevent anything except hits from the web form. +# Anyone wanting to script uploads can do so via ftp +if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) { + naughty("87613fc139b251b673e1dd51e378e462"); +} + +if ( empty($_SERVER["REMOTE_ADDR"]) ) { + naughty("d7d0b6ab9689be244e1b6a8fbe6effba"); +} +else { + $ip = $_SERVER["REMOTE_ADDR"]; +} + +if (count($_POST) !== 8) { + naughty("086fe155b0588de68fc5d9e4580254a8"); +} + +// Basic POST Checks +if ( empty($_POST["comment_author_name"]) or strlen($_POST["comment_author_name"]) > 40 or strtolower($_POST["comment_author_name"]) == "testdog" ) { + naughty("294356cd36d3f9b75da4d8c0a6108881"); +} +$comment_author_name = json_encode( $_POST["comment_author_name"] ); + +if ( empty($_POST["comment_title"]) or strlen($_POST["comment_title"]) > 100 ) { + naughty("a89efb428cfe36996a65b371d5f4e303"); +} +$comment_title = json_encode( $_POST["comment_title"] ); + +if ( empty($_POST["comment_text"]) or strlen($_POST["comment_text"]) > 2000 or strpos(strtolower($_POST["comment_text"]), "outlook.con") !== false ) { + naughty("cd57ab4d7b77a131ed3deb441bd93dcd"); +} +$comment_text = json_encode( $_POST["comment_text"] ); + +if ( empty($_POST["spammer"]) or strcmp($_POST["spammer"], "No") !== 0 ) { + naughty("b2ec68bd04cee0f64143ce4827a97e7c"); +} + +# We check to see if the eps_id has been suplied, that it's a integer, and that it's in our range. + +if (isset($_POST['eps_id'])){ + $eps_id = intval( $_POST['eps_id'] ); + + $query = "SELECT COUNT(*) FROM eps WHERE id='$eps_id'"; + $result = mysqli_query($connection, "$query"); + $row = mysqli_fetch_array($result, MYSQLI_NUM); + $total = $row[0]; + if ( !isset($result) or ( $total != 1 ) ) { + naughty("5348e3c2aee3644730c70d3f000bcb01"); + } + mysqli_free_result($result); + + $result = mysqli_query($connection, 'SELECT MAX(id) as max FROM eps;'); + if (!isset($result)) { + naughty("f00fb1f47affc3286aadc15038cfd5d7"); + } + while ($row = mysqli_fetch_array($result)) { + $max_eps = $row['max']; + } + mysqli_free_result($result); +} +else { + naughty("02c560adf1ff39b140fe8b7abe02fd31"); +} + +if ( intval($eps_id) <= 0 ){ + naughty("2903eeac51bb479edb428ae3c896671c"); +} + +if ( intval($eps_id) > $max_eps ){ + naughty("54aa65c12ba71f3dfc451ff5bc82c798"); +} + +if ( intval($eps_id) === 0 ) { + naughty("11fe1f9b76bf9f30e6a3a784832cb738"); +} +else { + $eps_id = intval($eps_id); +} + +# extra spam checks to see if they supplied the correct host id +$query = "SELECT hosts.host, eps.title, eps.summary, eps.date, eps.hostid, eps.series, miniseries.name, eps.explicit FROM eps, hosts, miniseries WHERE eps.id='$eps_id' AND eps.valid=1 AND eps.hostid = hosts.hostid AND eps.series = miniseries.id"; +if ($result = mysqli_query($connection, $query)) { + while ($row = mysqli_fetch_array($result)) { + $host = $row['host']; + $title = $row['title']; + $summary = $row['summary']; + $ep_date = $row['date']; + $host_id = $row['hostid']; + $series_id = $row['series']; + $series_name = $row['name']; + $explicit = $row['explicit']; + } +} +else { + naughty("c34561d684ad97241c95a1287688638b"); +} +mysqli_free_result($result); + +if ( empty($_POST["hostid"]) or intval($_POST["hostid"]) != $host_id ) { + naughty("b4d71481b7055272728094292fd2a562"); +} + +if ( empty($_POST["justification"]) or strlen($_POST["justification"]) > 200 or strlen($_POST["justification"]) < 20) { + naughty("156d2d2d5780bd7f4a750f7c162b3394"); +} + +# Checks to see how old the show is +#$current_episode_number = GetLatestPublishedShow($connection); +list ($current_episode_date, $current_episode_number) = GetLatestPublishedShow($connection); + +if ( ( $eps_id <= $current_episode_number ) and ( $eps_id >= ( $current_episode_number - 20 ) ) ) { + if ( strcmp($_POST["justification"], "No justification is asked for or required.") !== 0 ) { + naughty("9357d78bf73b03ee2dd902a4c975f91d"); + } + else { + $justification = json_encode("Current Comment"); + } +} +else { + if ( strcmp($_POST["justification"], "No justification is asked for or required.") === 0 ) { + print ">" . $_POST["justification"] ."< eps_id: $eps_id, current_episode_number: $current_episode_number, "; + naughty("df4af9bdd0302f672d6311c76bdc461a"); + } + else { + $justification = json_encode( $_POST["justification"] ); + } +} + + + +if ( empty($_SERVER["REMOTE_ADDR"]) ) { + naughty("611144d4c0d575fffbf8f3ef11f8ad68"); +} +else { + $ip = $_SERVER["REMOTE_ADDR"]; +} +$comment_ip = json_encode( $ip ); + +// OK You convinced me. + +$key = uniqid(md5(rand())); +$timestamp = time()+date("Z"); +$timestamp = gmdate("Y-m-d\TH:i:s\Z",$timestamp); +$comment_file = "${comment_directory}/${timestamp}_${ip}_${key}.json"; +$timestamp = json_encode($timestamp); +$comment_key = json_encode( $key ); +if ( file_exists( $comment_file ) ) { + naughty("ef5d14b33b262bfbf5d40544fdeb9ec3"); +} + +$comment_data = "{ + \"eps_id\": $eps_id, + \"ip\": \"$ip\", + \"comment_timestamp\": $timestamp, + \"comment_author_name\": $comment_author_name, + \"comment_title\": $comment_title, + \"comment_text\": $comment_text, + \"justification\": $justification, + \"key\": $comment_key +}"; + +file_put_contents($comment_file, $comment_data ); + +if ( filesize( $comment_file ) > 4000 ) { + naughty("56e00e793a27168511d1cfda11d3bc55"); +} + +// Mail the comment + +use PHPMailer\PHPMailer\PHPMailer; +use PHPMailer\PHPMailer\Exception; +use PHPMailer\PHPMailer\SMTP; + +require_once('/home/hpr/php/PHPMailer/Exception.php'); +require_once('/home/hpr/php/PHPMailer/PHPMailer.php'); +require_once('/home/hpr/php/PHPMailer/SMTP.php'); + +date_default_timezone_set('Etc/UTC'); + +$mailer = new PHPMailer(true); +$mailer->isSMTP(); +$mailer->Host = "$mailerHost"; +$mailer->SMTPAuth = true; +$mailer->SMTPSecure = "ssl"; +$mailer->Port = "465"; +$mailer->Username = "$mailerUsername"; +$mailer->Password = "$mailerPassword"; + + +// Set up to, from, and the message body. The body doesn't have to be HTML; check the PHPMailer documentation for details. +$mailer->Sender = 'robot@hobbypublicradio.com'; +$mailer->addReplyTo('admin@hackerpublicradio.org', 'HPR Admins'); +$mailer->setFrom('robot@hobbypublicradio.com', 'HPR Robot'); +$mailer->addBCC('admin@hackerpublicradio.org'); +$mailer->addBCC('admin@hobbypublicradio.org'); +$mailer->AddAddress('comments@hackerpublicradio.org'); +$mailer->isHTML(false); +$mailer->Subject = "New Comment for show hpr${eps_id} on ${ep_date} ${key}"; +$mailer->MsgHTML("

hpr${eps_id} on ${ep_date} by ${host} with the title ${title} \"${summary}\"

+

+See attachment for the json comment file. +

+

+There are now " . ++$unprocessed_comments . " unprocessed comments. +

+

+Thanks,
+HPR Bot +

+
" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "
" +); +$mailer->AltBody = "hpr${eps_id} on ${ep_date} by ${host} with the title ${title} \"${summary}\"

+ +See attachment for the json comment file. + +There are now ${unprocessed_comments} unprocessed comments. + +Thanks, +HPR Bot +" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n"; +$mailer->addAttachment($comment_file, "${key}.json", "base64", "application/json"); + +//send the message, check for errors +if (!$mailer->send()) { + echo 'Mailer Error: ' . $mailer->ErrorInfo; +} + + +$body="give"; +//$body="index_full"; +include 'header.html'; + +?> + +
+
+
+
+

Thank you

+
+

+ Thank you for your comment. A moderator will get to your comment at some point. +

+

+ Thanks,
+
+ HPR Bot +

+
+		
+		
+		
+
+
+ + + diff --git a/hub/footer.html b/hub/footer.html new file mode 100644 index 0000000..9616906 --- /dev/null +++ b/hub/footer.html @@ -0,0 +1,83 @@ + + + + + + diff --git a/hub/header.html b/hub/header.html new file mode 100644 index 0000000..cb4d0dd --- /dev/null +++ b/hub/header.html @@ -0,0 +1,67 @@ + + + + Hacker Public Radio ~ The Technology Community Podcast + + + + + + + + + + + + + + + + + + + +
+
+ +
+

+ Site Map + - skip to main content +

+

+ Hacker + Public + Radio +

+

Your ideas, projects, opinions - podcasted.

+

New episodes Monday through Friday.

+
+
+ + +
+ +
+ + diff --git a/hub/index.php b/hub/index.php new file mode 100644 index 0000000..7482c03 --- /dev/null +++ b/hub/index.php @@ -0,0 +1,3 @@ + diff --git a/hub/request.php b/hub/request.php new file mode 100644 index 0000000..c87c4f3 --- /dev/null +++ b/hub/request.php @@ -0,0 +1,209 @@ + request_confirm.php > upload.php > upload_confirm.php +require "/home/hpr/php/include.php"; + +$ip = $_SERVER["REMOTE_ADDR"]; +$key = uniqid(md5(rand())); + +# Remove any stale requests. +# This should be enough to deter attackers while been short enough to allow real hosts to request a show. +$query_delete_old = "DELETE FROM reservations WHERE reservations.timestamp + INTERVAL 1 DAY <= UTC_TIMESTAMP() AND reservations.verified = 0"; +$result_delete_old = @mysqli_query($connection, $query_delete_old); + +# Remove stale requests from this IP Address after 15 minutes. +# This should be enough to deter attackers while been short enough to allow real hosts to request a show. +$query_delete = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.timestamp + INTERVAL 15 MINUTE <= UTC_TIMESTAMP() AND reservations.verified = 0"; +$result_delete = @mysqli_query($connection, $query_delete); + +# Check that this ip is not uploading in another session +$query_dupe = "SELECT COUNT(*), timestamp FROM `reservations` WHERE ip = '$ip' and verified = 0"; +$result_dupe = mysqli_query($connection, "$query_dupe"); +$row_dupe = mysqli_fetch_array($result_dupe, MYSQLI_NUM); +$num_from_this_ip = $row_dupe[0]; +$show_timestamp = strtotime($row_dupe[1]); + +if( !isset($row_dupe) or $num_from_this_ip != 0 ) { + header('Cache-Control: no-cache'); + header('Pragma: no-cache'); + header("Status: 412 Precondition Failed"); + echo "

Existing request detected: "; + $timestamp = time()+date("Z"); + echo gmdate("Y-m-d\TH:i:s\Z",$timestamp); + echo "

\n"; + $localtime = date('l jS \of F Y h:i:s A', $show_timestamp); + echo "

It seems another request was made from this ip address\n (${ip}) on ${localtime}.

\n"; + echo "

This lock is set for 15 minutes to deter attacks and will be released in about " . round(abs(16 - ( $timestamp - $show_timestamp ) / 60 ) ) . " minutes.

\n"; + echo "

There are several reasons why you would see this page:

\n"; + echo "
    "; + echo "
  • You already made a request for a show.\n +
      \n +
    • Check your email inbox and spam folder to see if the message has arrived.
      \n + We have had reports that sometimes gmail and hotmail consider the messages as spam.
      \n + We recommend white listing the email address robot@hackerpublicradio.org\n +
    • \n +
    • You may have typed the address into the browser and it \"autofilled\" this old address
    • \n +
    • You are using an old version of the calendar page. Press F5 in the calendar page to refresh.
    • \n +
    \n +
  • \n"; + echo "
  • The show has already been allocated to another host.
  • \n"; + echo "
\n"; + echo "

\n"; + echo "

Return to the calendar page.

\n"; + echo "\n"; + echo "
\n"; + echo "

If you are having issues please send the following information to admin @ HPR to assist in troubleshooting the issue:

\n"; + echo "
\n";
+  echo "${timestamp}\n";
+  echo "${show_timestamp}\n";
+  $agent = $_SERVER['HTTP_USER_AGENT'];
+  $uri = $_SERVER['REQUEST_URI'];
+  print "${ip}\n";
+  print "${agent}\n";
+  print "${uri}\n";
+  echo "
\n"; + echo "
\n"; + file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t" . getUserIPAdress() . "\tExisting Request\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n" , FILE_APPEND | LOCK_EX ); + exit; +} + +# Create a temporary entry for this host. +$query_add = "INSERT INTO reservations VALUES ('$ip', UTC_TIMESTAMP(), '$key', '0', '1970-01-01', 'none@example.com', '0', 'REQUEST_UNVERIFIED' )"; +$result = mysqli_query($connection, $query_add ) or die(mysqli_error()); + +# Check to see if we're under attack +$query = "SELECT COUNT(*) as total FROM `reservations` WHERE ep_num = 0"; +$result = mysqli_query($connection, "$query"); +$row = mysqli_fetch_array($result, MYSQLI_NUM); +$total = $row[0]; + +if( !isset($total) or $total > 150 ) { + header("Status: 412 Precondition Failed"); + echo "

Suspicious activity detected

"; + echo "

$total Uploads have temporarily been suspended due to suspicious activity.
+ If you are attacking us why not record a show telling us about what you were trying to do ?

"; + echo "

While these people have their fun, can we ask you to send your show another way.
+ Contact admin @ HPR for more information.

"; + exit; +} + +// Populate the list of posted shows +$show_array = array (); + +$ep_retrieve = "(SELECT `id`, `date` FROM eps ) UNION (SELECT `ep_num` AS id, `ep_date` AS date FROM reservations WHERE `ep_num` >0) order by id"; +if ($result = mysqli_query($connection, $ep_retrieve)) { + while ($row = mysqli_fetch_array($result)) { + $rowid = $row['id']; + $date = $row['date']; + $show_array[$rowid] = date('Y-m-d', strtotime($date) ) ; + } +} +/* +Entry is either to the page or with the id variable set (default selected) +*/ + +if (isset($_GET['id'])){ + $id = $_GET['id']; + $id = intval($id); + $num_get_args=0; + foreach($_GET as $k => $v) { + ++$num_get_args; + } + + if ( strval( intval( $id ) ) != strval( $id ) ) { + naughty("e015b7c89da03385a9156d3e5d2eb25d"); + } + + if ( intval( $id ) <= 0 ) { + naughty("1493a07dec01a006d11bf43d2f17e5aa"); + } + + if ( $num_get_args > 2 ) { + naughty("79543dbb498ec47404aaed4d56bdc22b"); + } + + if ( intval($id) > 9999 ) { + naughty("f1f531c768f64404cb00437254b06d71"); + } + + if ( $id != 9999 ) { + if ( isset( $show_array[$id] ) ) { + naughty("2227263ac7171aca3214d155dec539ad"); + } + } +} +else { + $id = ""; +} + +$query = mysqli_query($connection, "SELECT id, date FROM eps mo +WHERE NOT EXISTS + ( + SELECT NULL + FROM eps mi + WHERE mi.id = mo.id + 1 + ) +ORDER BY + id +LIMIT 1"); +$next_show_num_array = mysqli_fetch_row($query); +$next_show_num = $next_show_num_array[0] + 1; +$next_show_date = date('Y-m-d', strtotime($next_show_num_array[1] . ' + 1 weekday')); +$body="give"; +//$body="index_full"; +include 'header.html'; + +?> + +
+

Requesting a slot for your show.

+

Please select your desired slot, and enter a valid email address.
+ See our ">help page for more information +

+
+ + + + + + + + + +
Slot: + \n"; + $this_episode_date = $next_show_date; + if ( $id == 9999 ) { + echo "\n"; + } + else { + echo "\n"; + } + for ( $slot = $next_show_num; $slot<($next_show_num+365); $slot++ ) { + if (empty($show_array[$slot])) { + if ( $slot == $id ) { + echo "\n"; + } + else { + } + echo "\n"; + } + $this_episode_date = date('Y-m-d', strtotime($this_episode_date . ' + 1 weekday')); + } + echo ""; + if ( ( $slot < $id ) AND ( $id != 9999 ) ) { + echo "
\nUnfortunately it is not possible to schedule episode $id. Please select another slot or contact admin@hackerpublicradio.org for more assistance.\n"; + } + ?> +
E-mail:
+

You must have your audio recording ready to upload ">before you pick a slot.

+ +
+

+ We will send you an email with a link to where you can upload your show. +

+
+ + diff --git a/hub/request_confirm.php b/hub/request_confirm.php new file mode 100644 index 0000000..e537247 --- /dev/null +++ b/hub/request_confirm.php @@ -0,0 +1,331 @@ + request_confirm.php > upload.php > upload_confirm.php +require "/home/hpr/php/include.php"; + +$query = "SELECT COUNT(*) as total FROM `reservations` WHERE ep_num = 0"; +$result = mysqli_query($connection, "$query"); +$row = mysqli_fetch_array($result, MYSQLI_NUM); +$total = $row[0]; + +if(!isset($total) or $total > 150 ) { + # This seems to indicate that we are under an attack as we never get 5 shows in the one day from different hosts. + # A host doing bulk upload will need to do them one by one + naughty("5971624889258aefb44e5f7bf8dffbd4"); +} + +# This is to prevent anything except hits from the web form. +if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) { + naughty("19e9019c9615f755aec834000892ee9e"); +} + +if ( empty($_SERVER["REMOTE_ADDR"]) ) { + naughty("9bb147a251e8db132dafa93d98f8487f"); +} +else { + $ip = $_SERVER["REMOTE_ADDR"]; +} + +if (count($_POST) !== 2) { + naughty("02de1aef3b9490a417c39170d8f06028"); +} + +# This will check to see if there are any existing requests from this ip address +$query = "SELECT * FROM reservations WHERE ip = '$ip' and `status` = 'REQUEST_UNVERIFIED' and `verified` = 0"; +$result = @mysqli_query($connection, $query); +$db = mysqli_fetch_array($result, MYSQLI_ASSOC); + +if ( empty($db["ip"]) ) { + # the request did not come via the web form + naughty("2162941738512bfdb1d21f288ee7cdb4"); +} + +if ( strtotime($db['timestamp']) >= $_SERVER["REQUEST_TIME"] ) { + # they are playing with the database or time settings + naughty("f0ad965f523b5c2ade071eb20d3618b5"); +} + +if ( strtotime($db['timestamp']) >= ( $_SERVER["REQUEST_TIME"] ) + 1800 ) { + # There is too long a time entering the form + naughty("6570026fd11fc31ac0cada3e1dae4d0b"); +} + +// Basic POST Checks +if ( empty($_POST["ep_num_date"]) or strlen($_POST["ep_num_date"]) !== 15 ) { + naughty("a32fbe5f0494eb7f34034b164739314d"); +} + + +if ( empty($_POST["email"]) ) { + naughty("76eaa1a1556faeadfc14631c35b8590a"); +} + +// Getting to the keep section + +if ( filter_var($_POST["email"], FILTER_VALIDATE_EMAIL) === false ) { + naughty("8c307efe37146015a35e2d928c2c0f69"); +} +else { + $email = htmlspecialchars(filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)); +} + +if ( strpos($_POST["ep_num_date"], '_') !== 4 or strpos($_POST["ep_num_date"], '-') !== 9 or strpos($_POST["ep_num_date"], '-', 10 ) !== 12 ) { + naughty("705f8e26e42a90b31075a110674b19ee"); +} + +if ( !preg_match("/^\d{4}_\d{4}-\d{2}-\d{2}$/", $_POST["ep_num_date"]) ) { + naughty("ad7f805c2f42be77122ec52f114fe318"); +} +else { + list($ep_num, $ep_date) = explode('_', $_POST["ep_num_date"]);; +} + +if ( intval($ep_num) === 0 ) { + naughty("9424f7407b2fb83407760ad763286b53"); +} +else { + $ep_num = intval($ep_num); +} + +if ( strtotime($ep_date) === false ) { + naughty("59c7bff340d023773d987d71df545110"); +} +else { + $ep_date_epoch = strtotime($ep_date); +} + + +$show_array = array (); +$query = "SELECT ( + +SELECT max( id ) +FROM eps +WHERE eps.date <= UTC_DATE( ) +) AS current_ep_num, ( + +SELECT max( date ) +FROM eps +WHERE eps.date <= UTC_DATE( ) +) AS current_ep_date, ( + +SELECT id +FROM eps +WHERE id = ${ep_num} +) AS valid +"; + +$result = mysqli_query($connection, "$query"); +$row = mysqli_fetch_array($result, MYSQLI_NUM); +$current_ep_num = $row[0]; +$next_year_ep_num = $current_ep_num+365; +$current_ep_date = $row[1]; +$current_ep_date_epoch = strtotime($current_ep_date); +$next_year_ep_date = strtotime(date("Y-m-d", time()) . " + 365 day" ); + +if ( $ep_num == $row[2] or !empty($row[2]) ) { + naughty("$ep_num == $row[2] or !empty($row[2]) 47d186ad8d5b21ec7d455477ea08b023"); +} + +if ( $ep_num != 9999 ) { + if ( ( $ep_num <= $current_ep_num ) OR ( $ep_num > $next_year_ep_num ) ) { + naughty("7304801e8ce3b9096d28dbe1a0faa642 $ep_num <= $current_ep_num or $ep_num > $next_year_ep_num"); + } + + if ( $ep_date_epoch < $current_ep_date_epoch or $ep_date_epoch > $next_year_ep_date ) { + naughty("34c4259b45927da50ba5c49970f880a4"); + } + + for ($slot=$current_ep_num; $slot < $next_year_ep_num; $slot++) { + $shows_slot_date[ "${slot}"] = $current_ep_date; + $shows_date_slot[ "$current_ep_date" ] = $slot; + $current_ep_date = date('Y-m-d', strtotime($current_ep_date . ' + 1 weekday')); + } + + if ( empty($shows_slot_date["$ep_num"]) or empty($shows_date_slot["$ep_date"]) ) { + naughty("d0e113355b35f96945124d8e507759a0"); + } + + if ( $ep_date !== $shows_slot_date["$ep_num"] or $ep_num !== $shows_date_slot["$ep_date"] ) { + naughty("434cb53552ce1e2708e74a42f438028c"); + } +} // End of bypass checks + +// OK You convinced me. +$db_ip = $db['ip']; +$db_timestamp = $db['timestamp']; +$db_key = $db['key']; +# UPDATE reservations SET `ep_num` = '3203', `ep_date` = '2020-11-11', `email` = 'admin@hackerpublicradio.org', `verified` = '0' WHERE `ip` = '62.251.25.147' AND `timestamp` = '2020-08-20 10:55:44' AND `key` = '20ca69e4d9097d1623399c7b85fc8f475f3e56b01a289' AND `status` = 'REQUEST_EMAIL_SENT' + +$email_padded = formatemail($email); + +$query = "UPDATE reservations SET `ep_num` = '$ep_num', `ep_date` = '$ep_date', `email` = '$email_padded', `verified` = '0', `status` = 'REQUEST_EMAIL_SENT' WHERE `ip` = '$db_ip' AND `timestamp` = '$db_timestamp' AND `key` = '$db_key'"; + +$result = mysqli_query($connection, $query ); + +if(!isset($result)) { + naughty("c7405e79b54f582e8db46c69ec4b0f24"); +} + +use PHPMailer\PHPMailer\PHPMailer; +use PHPMailer\PHPMailer\Exception; +use PHPMailer\PHPMailer\SMTP; + +require_once('/home/hpr/php/PHPMailer/Exception.php'); +require_once('/home/hpr/php/PHPMailer/PHPMailer.php'); +require_once('/home/hpr/php/PHPMailer/SMTP.php'); + +date_default_timezone_set('Etc/UTC'); + +$mailer = new PHPMailer(true); +$mailer->isSMTP(); +$mailer->Host = "$mailerHost"; +$mailer->SMTPAuth = true; +$mailer->SMTPSecure = "ssl"; +$mailer->Port = "465"; +$mailer->Username = "$mailerUsername"; +$mailer->Password = "$mailerPassword"; + + +// Set up to, from, and the message body. The body doesn't have to be HTML; check the PHPMailer documentation for details. +$mailer->Sender = 'robot@hobbypublicradio.com'; +$mailer->addReplyTo('admin@hackerpublicradio.org', 'HPR Admins'); +$mailer->setFrom('robot@hobbypublicradio.com', 'HPR Robot'); +$mailer->addBCC('admin@hackerpublicradio.org'); +$mailer->addBCC('admin@hobbypublicradio.org'); +$mailer->addAddress("$email"); +if ( $ep_num == 9999 ) { + $mailer->Subject = "Confirmation of request to submit to the reserve queue"; + $mailer->MsgHTML("

This email is an automatic reply to a request to submit to the reserve queue on the longest running Community Podcast.
+ If you have not made this request then please ignore this email. +

+

+ To confirm your request please confirm by copying and pasting the following link into your browser
+ ${hubBaseurl}/upload.php?key=${db_key} +

+

+ You have 15 minutes to open this link or your show will automatically be deleted so that the slot can become available to another host. Once you open the link, you have a maximum of 4 Hours to fill in the information. +

+

+ The upload form works on the assumption you will be posting one show at a time, from the same IP address. +

+

+ Please keep this key private. +

+

+ Thanks,
+ HPR Bot +

+
" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $db_key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "
" + ); + $mailer->AltBody = "This email is an automatic reply to a request to submit to the reserve queue on the longest running Community Podcast. + If you have not made this request then please ignore this email. + + To confirm your request please confirm by copying and pasting the following link into your browser + ${hubBaseurl}/upload.php?key=${db_key} + + You have 15 minutes to open this link or your show will automatically be deleted so that the slot can become available to another host. Once you open the link, you have a maximum of 4 Hours to fill in the information. + + The upload form works on the assumption you will be posting one show at a time, from the same IP address. + + Please keep this key private. + + Thanks, + + HPR Bot + + " . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $db_key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n"; +} +else { + $mailer->Subject = "Confirmation of request to reserve hpr${ep_num} on ${ep_date}"; + $mailer->MsgHTML("

This email is an automatic reply to a request to reserve a podcast slot hpr${ep_num} on ${ep_date} on the longest running Community Podcast.
+ If you have not made this request then please ignore this email. +

+

+ To confirm your request please confirm by copying and pasting the following link into your browser
+ ${hubBaseurl}/upload.php?key=${db_key} +

+

+ You have 15 minutes to open this link or your show will automatically be deleted so that the slot can become available to another host. Once you open the link, you have a maximum of 4 Hours to fill in the information. +

+

+ The upload form works on the assumption you will be posting one show at a time, from the same IP address. +

+

+ Please keep this key private. +

+

+ Thanks,
+ HPR Bot +

+
" . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $db_key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "
" + ); + $mailer->AltBody = "This email is an automatic reply to a request to reserve a podcast slot hpr${ep_num} on ${ep_date} on the longest running Community Podcast. + If you have not made this request then please ignore this email. + + To confirm your request please confirm by copying and pasting the following link into your browser + ${hubBaseurl}/upload.php?key=${db_key} + + You have 15 minutes to open this link or your show will automatically be deleted so that the slot can become available to another host. Once you open the link, you have a maximum of 4 Hours to fill in the information. + + The upload form works on the assumption you will be posting one show at a time, from the same IP address. + + Please keep this key private. + + Thanks, + + HPR Bot + + " . date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $db_key . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n"; +} +$mailer->isHTML(false); + + +// Set up our connection information. +//$mailer->IsSMTP(); + + +// All done! +//print "We are experiencing issues with the upload process. Please try again tomorrow.
\n"; + + +//send the message, check for errors +if (!$mailer->send()) { + echo 'Mailer Error: ' . $mailer->ErrorInfo; +} + +$body="give"; +//$body="index_full"; +include 'header.html'; + +?> + +
+
+
+
+

Thank you

+
+

+ Thank you for your submission. A confirmation email has been sent to . Please copy and paste the link into your browser to confirm your email address, and upload your show media. +

+

You need to open the link within 15 minutes or the temporary lock will be released. Once you open the link, you can fill in the information at your leisure.

+

The email is sent from the address robot@hobbypublicradio.com, and should be in your inbox by the time you read this.

+

If it is not there by now, then please spam folder. We have had reports that sometimes gmail and hotmail consider the messages as spam. Please consider whitelisting the email address robot@hobbypublicradio.com.

+

+ gmail is blocking us +

+

Return to the calendar page.

+

+ Thanks,
+
+ HPR Bot +

+
+    
+    
+    
+
+
+ + diff --git a/hub/upload.php b/hub/upload.php new file mode 100644 index 0000000..7cd307b --- /dev/null +++ b/hub/upload.php @@ -0,0 +1,297 @@ + request_confirm.php > upload.php > upload_confirm.php +require "/home/hpr/php/include.php"; + +if ( $_SERVER['REQUEST_METHOD'] !== 'GET' and empty($_SERVER["REMOTE_ADDR"]) and count($_GET) !== 1 ) { + call412("9a77e4ab24410cbf68a3a05ba97221e4"); +} + +if ( isset( $_GET['key'] ) and strlen( $_GET['key'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) === 45 and ctype_xdigit( $_GET['key'] ) ) { + $key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ); +} +else { + if ( isset( $_GET['delete'] ) and strlen( $_GET['delete'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['delete'] ) ) ) ) === 45 and ctype_xdigit( $_GET['delete'] ) ) { + $key = htmlspecialchars( stripslashes( strip_tags( $_GET['delete'] ) ) ); + } + else { + call412("e8ac90fc2a8996e5fb7a83e73e636e80"); + } +} + +$ip = $_SERVER["REMOTE_ADDR"]; + +$query = "select * FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$key' "; +$result = mysqli_query($connection, $query); +if($result === FALSE) { + call412("91432866e3c9c36a9c4884345d578761"); +} +$db = mysqli_fetch_array($result, MYSQLI_ASSOC); +if ( empty($db) or empty( $db['timestamp'] ) or empty( $db['key'] ) or empty( $db['ep_num'] ) or empty( $db['ep_date'] ) or empty( $db['email'] ) ) { + call412("b019bd29c1fe5b756e4b620a5428f730"); +} +else { + $db_timestamp = $db['timestamp']; + $db_key = $db['key']; + $email_padded = formatemail($db['email']); + $email = unformatemail($db['email']); + $ep_num = $db['ep_num']; + $ep_date = $db['ep_date']; + $db_ip = $db['ip']; +} + +// User selects delete +if ( isset( $_GET['delete'] ) ) { + $query = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$key' "; + $result = mysqli_query($connection, $query); + if($result === FALSE) { + call412("35a7f4e80ecba8284049e9d6261ae523"); + } + else { + header( "Location: https://" . $_SERVER['SERVER_NAME'] . "/calendar.php" ) ; + $dir_structure = "/home/hpr/upload/" . strtotime($db_timestamp) . "_${ep_num}_${ep_date}_${db_key}/"; + rrmdir("$dir_structure"); + exit; + } +} + +// Set the show to verified so that we can remove the temporary lock +$status = strtotime("now") . ".EMAIL_LINK_CLICKED." . date('Y-m-d\TH:i:s\Z'); +$query = "UPDATE reservations SET `verified` = '1', `status` = 'EMAIL_LINK_CLICKED' WHERE `ip` = '$db_ip' AND `timestamp` = '$db_timestamp' AND `key` = '$db_key'"; +$result = mysqli_query($connection, $query ); +if(!isset($result)) { + naughty("c7405e79b54f582e8db46c69ec4b0f24"); +} + +// Display host information +/* +*/ + +$ip = $_SERVER["REMOTE_ADDR"]; +# TODO need to add the email for new hosts +$query = "SELECT * FROM hosts WHERE hosts.email = '$email' OR hosts.email = '$email_padded'"; +$result = mysqli_query($connection, $query); +if($result === FALSE) { + call412("5cb513b590ab5859bf7603b79402a5cb"); +} +$db = mysqli_fetch_array($result, MYSQLI_ASSOC); +if ( empty($db) or empty( $db['hostid'] ) or empty( $db['host'] ) or empty( $db['email'] ) ) { + $hostid = "0"; + $host = ""; + $profile = ""; + $license = "CC-BY-SA"; + $local_image = 0; + $status = "Please fill in some information about yourself."; +} +else { + $hostid = $db['hostid']; + $host = $db['host']; + $profile = $db['profile']; + $license = $db['license']; + $local_image = $db['local_image']; + $email_padded = formatemail($db['email']); + $email = unformatemail($db['email']); + $status = "Please confirm or change the following information about yourself."; +} + +$image_url = "./images/hosts/${hostid}.png"; +if ( !file_exists( $image_url )) { + $image_url = 'https://secure.gravatar.com/avatar/' . md5($email) . '.png&d=404'; +} + +// Main + +$body="give"; +//$body="index_full"; +include 'header.html'; + +?> + +
+
+ Uploading to the Reserve Queue.\n"; + } + else { + echo "

Uploading hpr${ep_num} for release on ${ep_date}

\n"; + } + ?> +

+ You can fill in information about yourself and your show below. Please see the help page for more information. +

+

+
+ + + + + + + + + + + + + + + + + + + + + + +
Host Email (?):
Image: (?) +
"; + if ( $local_image === 1 ) { + echo "Image previously uploaded"; + } + else { + echo "Image sourced from gravatar"; + } + ?> +
+ Upload your photo/avatar here: +
Name/Handle: (?)
Your Default license: (?) + +
Profile: (?)
+

Please fill in some information about this episode

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Title(*) (?):
Summary(*) (?):
Theme: (?) + Please do not add a theme to your show: See Policy Decision for more information.
+
Explicit: (?) + Is the show Explicit ?: + Yes + No. + If in doubt please select Yes. See iTunes for more information. +
License: (?) + + See https://creativecommons.org/licenses/ for more information. +
Notes(*) (?):
Format: (?) + What format if any did you just use in the show notes above ?
+ +
Series: (?) + "; + while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { + printf(""); + } + mysqli_free_result($result); + ?> + +
Tags: (?)
+ Add a list of comma separated tags.
+ If you can provide tags for your show that would be appreciated; you are certainly the best judge of what makes good tags, but if not then a volunteer will add them later. +
Upload Method: (?) + You have the choice of the following upload options:
+

+ 1. Upload now via this browser: (?)
+ +

+

+ 2. Provide a url for us to get it from: (?)
+ +

+

+ 3. Upload via an alternative method: + If you wish to send a show using another method then please discuss it with the HPR Volunteer at admin@hackerpublicradio.org. +

+

+ 4. Reserve a slot: + Leave upload option 1 and 2 empty if you have received prior approval for a reservation from the Community via the HPR Mailing List to either: +

+
    +
  • Reserve the show now and upload media later.
  • +
  • Send physical media by the postal service or deliver in person.
    + Make sure you plan in enough time to deliver your media.
  • +
+
+ "; ?> + "; ?> +
+ This will take a long time, leave the browser running. You will get an email once the upload is complete. + \nDelete this reservation for the Reserve Queue.\n

\n"; + } + else { + echo "

\nDelete this reservation for hpr${ep_num} on ${ep_date}.\n

\n"; + } + + + + ?> + +
+
+ + diff --git a/hub/upload_confirm.php b/hub/upload_confirm.php new file mode 100755 index 0000000..cd75b46 --- /dev/null +++ b/hub/upload_confirm.php @@ -0,0 +1,546 @@ + request_confirm.php > upload.php > upload_confirm.php + +require "/home/hpr/php/include.php"; + +function goback() { + header( "Location: " . $_SERVER["HTTP_REFERER"] ) ; + exit; +} +logextra( "Starting upload_confirm.php"); + +$query = "SELECT COUNT(*) as total FROM `reservations` WHERE ep_num = 0"; +$result = mysqli_query($connection, "$query"); +$row = mysqli_fetch_array($result, MYSQLI_NUM); +$total = $row[0]; + +logextra( "Got reservations" ); +if ($total > 150 ) { + # This seems to indicate that we are under an attack as we never get 5 shows in the one day from different hosts. + # A host doing bulk upload will need to do them one by one + naughty("88fe2bc11a90f9f9ab9bdcc8a82d7401"); +} +logextra( "No bulk upload" ); +// // // print '
';
+// // // var_dump( $_SERVER['REQUEST_METHOD'] );
+// // // print '
'; + + + +if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) { + naughty("29e9019c9615f755aec834000892ee9e"); +} +logextra( "It is a POST" ); + +if ( empty($_SERVER["REMOTE_ADDR"]) ) { + naughty("abb147a251e8db132dafa93d98f8487f"); +} +else { + $ip = $_SERVER["REMOTE_ADDR"]; +} +logextra( "We have a IP of $ip" ); + +if (count($_POST) !== 15) { + logextra( "" ); +if (count($_POST) !== 17) { + # 19 is for mosaic + # if this reports 0 is could be that the max upload is not set correctly in php.ini. + naughty("7a994999b40e3dc2e3eecfdc36a78d23 ".count($_POST) ); + } +} +logextra( "Correct number of POST entries" ); + +if ( isset( $_POST['key'] ) and strlen( $_POST['key'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_POST['key'] ) ) ) ) === 45 and ctype_xdigit( $_POST['key'] ) ) { + $db_key = htmlspecialchars( stripslashes( strip_tags( $_POST['key'] ) ) ); +} +else { + naughty("2fb4c4e05f0e8f37a5b47565cfb863f5"); +} +logextra( "Field lengths are correct" ); + +$query = "SELECT * FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$db_key' "; +$result = mysqli_query($connection, $query); +$db = mysqli_fetch_array($result, MYSQLI_ASSOC); +logextra( "Getting this reservation from the db" ); + +if ( empty($db["ip"]) or $db["key"] != $db_key ) { + naughty("3162941738512bfdb1d21f288ee7cdb4"); +} +else { + $db_ip = $db['ip']; + $db_email = unformatemail($db['email']); + $db_timestamp = $db['timestamp']; + $ep_num = $db['ep_num']; + $ep_date = $db['ep_date']; +} +logextra( "Found this reservation from the db" ); + +if ( empty($db_email) ) { + naughty("457bf84c726d1cbbd381933e3a08b2ac"); +} +logextra( "Got an email $db_email" ); + +if ( strtotime($db['timestamp']) >= $_SERVER["REQUEST_TIME"] ) { + naughty("00ad965f523b5c2ade071eb20d3618b5"); +} +logextra( "Timestamp is not to old" ); + +if ( strtotime($db['timestamp']) >= ( $_SERVER["REQUEST_TIME"] ) + 1800 ) { + naughty("7570026fd11fc31ac0cada3e1dae4d0b"); +} +logextra( "Timestamp is not to young" ); + +if ( empty($_POST["title"]) or strlen($_POST["title"]) > 100 ) { + naughty("32831f22fb96d02ce819127d558d28a2"); +} +logextra( "Title length is OK" ); + +if ( empty($_POST["summary"]) or strlen( $_POST["summary"]) > 200 or strlen(str_replace('\\', '', $_POST["summary"])) > 100 ) { + naughty("ecfcc4c12bf4319d412d66fd2e239249"); +} +logextra( "Summary length is OK" ); + +if ( empty($_POST["shownotes_format"]) ) { + naughty("a8345484b7a4ebad5af54937a3b2e26b"); +} +logextra( "Shownotes are not missing" ); + +if ( !( + strcmp($_POST["shownotes_format"], "plain_text") === 0 or + strcmp($_POST["shownotes_format"], "html5") === 0 or + strcmp($_POST["shownotes_format"], "Markdown_GitHub") === 0 or + strcmp($_POST["shownotes_format"], "Markdown_Pandoc") === 0 or + strcmp($_POST["shownotes_format"], "restructured_text") === 0 or + strcmp($_POST["shownotes_format"], "txt2tags") === 0 ) + ) { + naughty("b5609bad7edd70d76d75652fb0592ec4 " . $_POST["shownotes_format"] . " " . strcmp($_POST["shownotes_format"], ".")); +} +logextra( "shownotes_format is set OK" ); + +if ( empty($_POST["explicit"]) ) { + naughty("39cc8812b02607d613c6a7ba7e789f2c"); +} +logextra( "explicit exists" ); + +if ( strcmp($_POST["explicit"], "Yes") !== 0 ) { + logextra( "" ); +if ( strcmp($_POST["explicit"], "Clean") !== 0 ) { + naughty("198ab3b8af59ffba12c335239bde2876"); + } +} +logextra( "explicit is either Yes or Clean" ); + +if ( empty($_POST["license"]) or strlen($_POST["license"]) < 4 or strlen($_POST["license"]) > 11 ) { + naughty("194c24ff7396901c0ccc42fb21344683"); +} +logextra( "license length is fine" ); + +if ( !( + strcmp($_POST["license"], "CC-BY-SA") === 0 or + strcmp($_POST["license"], "CC-BY-NC-SA") === 0 or + strcmp($_POST["license"], "CC-BY-NC-ND") === 0 or + strcmp($_POST["license"], "CC-0") === 0 or + strcmp($_POST["license"], "CC-BY-NC") === 0 or + strcmp($_POST["license"], "CC-BY") === 0 or + strcmp($_POST["license"], "Other") === 0 ) + ) { + naughty("f5609bad7edd70d76d75652fb0592ec4"); +} +logextra( "license is a valid value" ); + +if ( empty($_POST["notes"]) or strlen($_POST["notes"]) > 40000 ) { + naughty("5860799406a323209b902d5104fe7bae"); +} +logextra( "Notes are less than max" ); + +if ( ( empty($_POST["series"]) and ($_POST["series"] != 0 ) ) or (strlen($_POST["series"]) > 3 ) ) { + naughty("f1c83b57821d562f66246d975ef28994"); +} +$series = $_POST["series"]; +$result_series = mysqli_query($connection, "SELECT name FROM miniseries WHERE id='$series'"); +logextra( "Series id is in the correct range" ); +if (!isset($result_series)) { + naughty("27457bada69cbc352af762bdf649e905"); +} +$data=mysqli_fetch_assoc($result_series); +$series_name = $data['name']; +logextra( "Series has been found" ); + +if ( !empty($_POST["tags"]) and strlen($_POST["tags"]) > 100 ) { + naughty("49a69b565acecf9d2a96aacc73aec5aa"); +} +logextra( "Tags are the correct length" ); + +if ( empty($_POST["host_name"]) or strlen($_POST["host_name"]) > 40 ) { + naughty("626eae845e0a448be0544775ab5e4dc4"); +} +logextra( "host_name is set and correct length" ); + +if ( strlen($_POST["host_profile"]) > 2000 ) { + naughty("f69ec5999e0a02def5a110489401347f"); +} +logextra( "host_profile is correct length" ); + +if ( empty($_POST["host_license"]) or strlen($_POST["host_license"]) < 4 or strlen($_POST["host_license"]) > 11 ) { + naughty("f2816b32e97be090a96ceabdc9230c9c"); +} +logextra( "host_license is in the correct range" ); + +if ( !( + strcmp($_POST["host_license"], "CC-BY-SA") === 0 or + strcmp($_POST["host_license"], "CC-BY-NC-SA") === 0 or + strcmp($_POST["host_license"], "CC-BY-NC-ND") === 0 or + strcmp($_POST["host_license"], "CC-0") === 0 or + strcmp($_POST["host_license"], "CC-BY-NC") === 0 or + strcmp($_POST["host_license"], "CC-BY") === 0 or + strcmp($_POST["host_license"], "Other") === 0 ) + ) { + naughty("978a18fa8558f3180897429e63d6ae55"); +} +logextra( "host_license is a predfined value" ); + +if ( empty($_POST["hostid"]) and $_POST["hostid"] != 0 ) { + naughty("277dc98d43e7840d9f296cce1bc3ec2c"); +} +logextra( "hostid exists and is not 0" ); + +$result = mysqli_query($connection, 'SELECT MAX(hostid) as max FROM hosts;'); + +if (!isset($result)) { + naughty("93fcc22d0c5ee3fac35e6d658db76059"); +} +$data=mysqli_fetch_assoc($result); +$maxhost = $data['max']; + +logextra( "retrieved the max host from db" ); + +$hostid = $_POST["hostid"]; +logextra( "" ); +if ( (strval(intval($hostid)) != strval($hostid)) or ( intval($hostid) < 0 ) or ( intval($hostid) > $maxhost ) ){ + naughty("a0f6cae871b85cb66f85d7ed5e91d1bb"); +} +logextra( "host id is int, and in the correct range" ); + +if ( !empty($_POST["url"]) and strlen($_POST["url"]) > 1024 ) { + naughty("6d4f180c49ff9b9154bd80070ec2c1f3"); +} +logextra( "The url is set and the correct length" ); + +if ( !empty($_POST["url"]) ) { + if ( filter_var($_POST["url"], FILTER_VALIDATE_URL) === false ) { + naughty("9c307efe37146015a35e2d928c2c0f69"); + } + else { + $url = htmlspecialchars(filter_var($_POST["url"], FILTER_VALIDATE_URL)); + } +} +logextra( "The url has not been altered" ); + +$dir_structure = "/home/hpr/upload/" . strtotime($db_timestamp) . "_${ep_num}_${ep_date}_${db_key}/"; + +if ( file_exists( $dir_structure ) ) { + naughty("d4250c369bd81b27cdc53d0d53321ecd"); +} +logextra( "The upload dir seems fine $dir_structure" ); + +if (!mkdir($dir_structure, 0777, true)) { + naughty("804c4be123ca0327840b76bf4f8eb19e"); +} + +$shownote_file = "${dir_structure}/shownotes.txt"; +if ( file_exists( $shownote_file ) ) { + naughty("33370d1c5c19a6ca4ef3f3ce59158e57"); +} +logextra( "The shownotes txt file exists $shownote_file" ); + +$shownote_file_json = "${dir_structure}/shownotes.json"; +if ( file_exists( $shownote_file_json ) ) { + naughty("a9564ebc3289b7a14551baf8ad5ec60a"); +} +logextra( "The shownotes json file exists $shownote_file_json" ); + +$this_post = print_r($_POST, true); +$this_file = print_r($_FILES, true); + +logextra( "Received $this_post, $this_file" ); + + +$show_data = "------------------------------------------------------------"; +$show_data = $show_data . "\nEpisode_Number:\t" . $ep_num; +$show_data = $show_data . "\nEpisode_Date:\t" . $ep_date; +$show_data = $show_data . "\nTimestamp:\t" . $db_timestamp; +$show_data = $show_data . "\nKey:\t" . $_POST['key']; +$show_data = $show_data . "\nHost_IP:\t" . $db_ip; +$show_data = $show_data . "\n------------------------------------------------------------"; +$show_data = $show_data . "\nHost_ID:\t" . $_POST['hostid']; +$show_data = $show_data . "\nHost_Name:\t" . $_POST['host_name']; +$show_data = $show_data . "\nHost_Email:\t" . $db_email; +$show_data = $show_data . "\nHost_License:\t" . $_POST['host_license']; +$show_data = $show_data . "\nHost_Profile:\n" . $_POST['host_profile']; +$show_data = $show_data . "\n------------------------------------------------------------"; +$show_data = $show_data . "\nTitle:\t" . $_POST['title']; +$show_data = $show_data . "\nSummary:\t" . $_POST['summary']; +$show_data = $show_data . "\nShownotes_Format:\t" . $_POST['shownotes_format']; +$show_data = $show_data . "\nExplicit:\t" . $_POST['explicit']; +$show_data = $show_data . "\nShow_License:\t" . $_POST['license']; +$show_data = $show_data . "\nSeries:\t" . $series; +$show_data = $show_data . "\nSeries_Name:\t" . $series_name; +$show_data = $show_data . "\nTags:\t" . $_POST['tags']; +$show_data = $show_data . "\nurl:\t" . $_POST['url']; +$show_data = $show_data . "\n------------------------------------------------------------"; +$show_data = $show_data . "\nShow_Notes:\n" . $_POST['notes']; +$show_data = $show_data . "\n------------------------------------------------------------"; +$show_data = $show_data . "\nPOST:\n" . $this_post; +$show_data = $show_data . "\n------------------------------------------------------------"; +$show_data = $show_data . "\nFILES:\n" . $this_file; +$show_data = $show_data . "\n------------------------------------------------------------\n"; + +file_put_contents($shownote_file, stripslashes($show_data) ); +logextra( "Wrote the $shownote_file" ); + +$show_data_json = array( + "host" => array( + "Host_ID" => $_POST['hostid'], + "Host_Name" => $_POST['host_name'], + "Host_Email" => $db_email, + "Host_License" => $_POST['host_license'], + "Host_Profile" => $_POST['host_profile'] + ), + "episode" => array( + "Title" => $_POST['title'], + "Summary" => $_POST['summary'], + "Explicit" => $_POST['explicit'], + "Show_License" => $_POST['license'], + "Series" => $series, + "Series_Name" => $series_name, + "Tags" => $_POST['tags'], + "Show_Notes" => $_POST['notes'] + ), + "metadata" => array( + "Episode_Number" => $ep_num, + "Episode_Date" => $ep_date, + "Timestamp" => $db_timestamp, + "Key" => $_POST['key'], + "Host_IP" => $db_ip, + "POST" => $_POST, + "FILES" => $_FILES, + "url" => $_POST['url'], + "Shownotes_Format" => $_POST['shownotes_format'], + ) +); + +file_put_contents($shownote_file_json, json_encode($show_data_json) ); +logextra( "Wrote the $shownote_file_json" ); + +if ( !file_exists( $dir_structure ) ) { + naughty("a1534e6d525352dce7183a2e22862049"); +} +logextra( "The dir_structure still exists" ); + +if ( !file_exists( "$dir_structure/shownotes.txt" ) ) { + naughty("ab8051b531c120b8bffd2a5b25a19cc3"); +} +logextra( "shownotes.txt still exists" ); + +if ( !file_exists( "$dir_structure/shownotes.json" ) ) { + naughty("a9564ebc3289b7a14551baf8ad5ec60a"); +} +logextra( "shownotes.json still exists" ); + +$message=""; + +if ( !empty($_FILES["host_photo"]["tmp_name"]) and !empty($_FILES["host_photo"]["type"]) and $_FILES["host_photo"]["error"] == 0 ) { + list($type_main, $type_sub)= explode("/", $_FILES["host_photo"]["type"]); + if ( empty($type_sub) or strlen($type_sub) > 4 ) { + naughty("c1381f1d2492f81074d8cb70c85f5fc8"); + } + else { + $temp_photo = $_FILES["host_photo"]["tmp_name"]; + $host_photo = "${dir_structure}/photo"; + move_uploaded_file($temp_photo, $host_photo); + $message = $message . "A photo was delivered. "; + } + logextra( "A photo was delivered" ); +} +else { + $message = $message . "No photo delivered. "; +} +logextra( "No photo delivered" ); + +// Deal with uploaded files. +$files = count($_FILES["media_files"]["error"]); +if ( $files > 1 ) { + $message = $message . $files . " files were delivered."; + logextra( $files . " files were delivered." ); +} +else +if ( $files == 1 and $_FILES["media_files"]["error"][ "0"] == 0 ) { + $message = $message . "One file was delivered."; + logextra( "One file was delivered." ); +} +else { + if ( empty($_POST["url"]) ) { + $message = $message . " + +You have chosen to upload the files separately from these show notes. + +If you wish to send a show using another method then please discuss +it with the HPR Volunteer at admin@hackerpublicradio.org + +"; + logextra( "uploading the files separately" ); + } +} + +foreach($_FILES["media_files"]["tmp_name"] as $key => $val) { + if ( $_FILES["media_files"]["error"][ "$key"] == 0 ) { + $from = $_FILES["media_files"]["tmp_name"][ "$key"]; + $to = "${dir_structure}/" . $_FILES["media_files"]["name"][ "$key"] ; + $moveResult = move_uploaded_file($from, $to); + if ($moveResult != true) { + echo "ERROR: File not moved correctly >$from< >$to<"; + logextra( "ERROR: File not moved correctly >$from< >$to<" ); + } + else { + logextra( "File moved correctly >$from< >$to<" ); + } + } +} +logextra( "All Files moved" ); + +######################################################## +// OK You convinced me. + +if ( $ep_num == 9999 ) { + $show_submitted = "RESERVE_SHOW_SUBMITTED"; +} +else { + $show_submitted = "SHOW_SUBMITTED"; +} + +$query = "UPDATE reservations SET `verified` = '1', `status` = '$show_submitted' WHERE `ip` = '$db_ip' AND `timestamp` = '$db_timestamp' AND `key` = '$db_key'"; +$result = mysqli_query($connection, $query ); +if (mysqli_errno($connection)) { + $error = "MySQL error ".mysqli_errno($connection).": ".mysqli_error($connection)."\n"; + problem("Could not update the show reservation to $status in the db"); + mysqli_free_result($result); + mysqli_close($connection); + logextra( "$query"); + die; +} +logextra( "Updating the db to $show_submitted" ); +if (!isset($result)) { + naughty("c7405e79b54f582e8db46c69ec4b0f24"); +} + +$body="give"; +//$body="index_full"; +include 'header.html'; + +?> + +
+
+
+
+

Thank you

+
+

+ Thank you for your submission. +

+
+    
+    
+

+ Your show will now be processed by a HPR Volunteer. +

+

+ Thanks,
+
+ HPR Bot +

+
+
+ +isSMTP(); +$mailer->Host = "$mailerHost"; +$mailer->SMTPAuth = true; +$mailer->SMTPSecure = "ssl"; +$mailer->Port = "465"; +$mailer->Username = "$mailerUsername"; +$mailer->Password = "$mailerPassword"; + +// Set up to, from, and the message body. The body doesn't have to be HTML; check the PHPMailer documentation for details. +$mailer->Sender = 'robot@hobbypublicradio.com'; +$mailer->addReplyTo('admin@hackerpublicradio.org', 'HPR Admins'); +$mailer->setFrom('robot@hobbypublicradio.com', 'HPR Robot'); +$mailer->addBCC('admin@hackerpublicradio.org'); +$mailer->addBCC('admin@hobbypublicradio.org'); +$mailer->AddAddress("$db_email"); +$mailer->isHTML(false); +if ( $ep_num === 9999 ) { + $mailer->Subject = "Thank you for uploading to the Reserve Queue"; + $mailer->MsgHTML("

This email is an automatic reply. If you have not made this request then please ignore this email.

+

Thank You for recording an episode for the Reserve Queue.

+
+  $message
+  
+

+ Your show will now be processed by a HPR Volunteer.
+ Thanks,
+ HPR Bot +

"); +} +else { + $mailer->Subject = "Thank you for uploading hpr${ep_num}::${ep_date}"; + $mailer->MsgHTML("

This email is an automatic reply. If you have not made this request then please ignore this email.

+

Thank You for recording hpr${ep_num} for release on ${ep_date}.

+
+  $message
+  
+

+ Your show will now be processed by a HPR Volunteer.
+ Thanks,
+ HPR Bot +

"); +} + +$mailer->AltBody = "This email is an automatic reply. If you have not made this request then please ignore this email. + +Thank You for recording hpr${ep_num} for release on ${ep_date}. + +$message + +Your show will now be processed by a HPR Volunteer. + +Thanks, + +HPR Bot"; + +//send the message, check for errors +if (!$mailer->send()) { + echo 'Mailer Error: ' . $mailer->ErrorInfo; +} + + +include 'footer.html'; + +logextra( "Finished upload_confirm.php"); + +?> diff --git a/ini/credentials.php b/ini/credentials.php new file mode 100644 index 0000000..39efd9d --- /dev/null +++ b/ini/credentials.php @@ -0,0 +1,16 @@ + diff --git a/ini/hub.cms.htaccess b/ini/hub.cms.htaccess new file mode 100644 index 0000000..29464fe --- /dev/null +++ b/ini/hub.cms.htaccess @@ -0,0 +1,12 @@ +AuthType Basic +AuthName "cms" +AuthUserFile "/path/to/file" +require valid-user +Order deny,allow +Deny from all +Allow from IPADDRESS +Allow from IPADDRESS +Allow from IPADDRESS +Allow from IPADDRESS +Allow from IPADDRESS +Satisfy All diff --git a/ini/include.php b/ini/include.php new file mode 100644 index 0000000..f13b09b --- /dev/null +++ b/ini/include.php @@ -0,0 +1,339 @@ +set_charset('utf8'); + +function rrmdir($src) { + $dir = opendir($src); + while(false !== ( $file = readdir($dir)) ) { + if (( $file != '.' ) && ( $file != '..' )) { + $full = $src . '/' . $file; + if ( is_dir($full) ) { + rrmdir($full); + } + else { + unlink($full); + } + } + } + closedir($dir); + rmdir($src); +} + +function call412($error){ + usleep(rand(10000000,30000000)); + global $HPR_Name, $HPR_Names, $naughtyfile; + header("Status: 412 Precondition Failed"); + print ' + + + +'.$HPR_Name.' Public Radio + + +

412 Precondition Failed

+

ERROR CODE

+

+'.$error.' +

+

+If you believe this to be an error, then please copy this error code and send it to admin@hpr. +

+

+'.date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $_SERVER["HTTP_USER_AGENT"] .' +

+ + +'; + file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t" . getUserIPAdress() ."\t" . $error . "\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n", FILE_APPEND | LOCK_EX ); + exit; +} + + +function problem($error){ + global $HPR_Name, $HPR_Names, $naughtyfile; + file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t" . getUserIPAdress() ."\tERROR: " . $error . "\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n", FILE_APPEND | LOCK_EX ); + #usleep(2000000); + header("Status: 412 Precondition Failed"); + print ' + + + +'.$HPR_Name.' Public Radio + + +

412 Precondition Failed

+

ERROR CODE

+

+'.$error.' +

+

+If you believe this to be an error, then please copy this error code and send it to admin@hpr. +

+

+'.date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $_SERVER["HTTP_USER_AGENT"] .' +

+ + +'; + exit; +} + +function naughty($error){ + global $HPR_Name, $HPR_Names, $naughtyfile; + file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t" . getUserIPAdress() ."\t" . $error . "\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n", FILE_APPEND | LOCK_EX ); + #usleep(rand(10000000,30000000)); + header("Status: 412 Precondition Failed"); + print ' + + + +'.$HPR_Name.' Public Radio + + +

412 Precondition Failed

+

ERROR CODE

+

+'.$error.' +

+

+If you believe this to be an error, then please copy this error code and send it to admin@hpr. +

+

+'.date('Y-m-d\TH:i:s') . "\t" . getUserIP() . "\t" . $_SERVER["HTTP_USER_AGENT"] .' +

+ + +'; + exit; +} + +function logextra($message){ + global $HPR_Name, $HPR_Names, $naughtyfile; + file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t" . getUserIPAdress() ."\t" . $message . "\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n", FILE_APPEND | LOCK_EX ); +} + +function convertSecToTime($sec){ + $date1 = new DateTime("@0"); //starting seconds + $date2 = new DateTime("@$sec"); // ending seconds + $interval = date_diff($date1, $date2); //the time difference + return $interval->format('%y Years, %m months, %d days, %h hours, %i minutes and %s seconds'); // convert into Years, Months, Days, Hours, Minutes and Seconds +} + +function fixid($id){ + return sprintf('%04d',$id); +} + +function navtext($id,$curr_ep_id){ + if ( $id <= 1 ) { + echo "<< First, < Previous, "; + } + else { + echo "<< First, "; + echo "< Previous, "; + } + if ( $id >= $curr_ep_id ) { + echo "Next >, "; + echo "Latest >>"; + } + else { + echo "Next >, "; + echo "Latest >>"; + } +} + +function formatemail($email) { + // Miminal spam protection + if (!stristr($email, '.nospam@nospam.')){ + $part = explode("@", $email); + $email = $part[0] . ".nospam@nospam." . $part[1]; + } + return $email; +} + +function unformatemail($email) { + // Miminal spam protection + if (stristr($email, '.nospam@nospam.')){ + $part = explode(".nospam@nospam.", $email); + $email = $part[0] . "@" . $part[1]; + } + return $email; +} + +function makeClickableLinks($string) { + # Used to display links from test urls + $pattern = '/\b((?:https?:\/\/|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:\'".,<>?«»“”‘’]))/i'; + $replacement = '$1'; + return preg_replace($pattern, $replacement, $string); +} + +function get_gravatar( $email, $s = 80, $d = '404', $r = 'x', $img = false, $atts = array() ) { + /** + * Get either a Gravatar URL or complete image tag for a specified email address. + * + * @param string $email The email address + * @param string $s Size in pixels, defaults to 80px [ 1 - 512 ] + * @param string $d Default imageset to use [ 404 | mm | identicon | monsterid | wavatar ] + * @param string $r Maximum rating (inclusive) [ g | pg | r | x ] + * @param boole $img True to return a complete IMG tag False for just the URL + * @param array $atts Optional, additional key/value attributes to include in the IMG tag + * @return String containing either just a URL or a complete image tag + * @source http://gravatar.com/site/implement/images/php/ + */ + $url = 'https://secure.gravatar.com/avatar/'; + $url .= md5( strtolower( trim( $email ) ) ); + $url .= "?s=${s}&d=${d}.png"; + if ( $img ) { + $url = ' $val ) + $url .= ' ' . $key . '="' . $val . '"'; + $url .= '.png />'; + } + return $url; +} + +function getUserIPAdress() { + $ip = ''; + if (getenv('HTTP_CLIENT_IP')) { + $ip = getenv('HTTP_CLIENT_IP'); + } + else if(getenv('HTTP_X_FORWARDED_FOR')) { + $ip = getenv('HTTP_X_FORWARDED_FOR'); + } + else if(getenv('HTTP_X_FORWARDED')) { + $ip = getenv('HTTP_X_FORWARDED'); + } + else if(getenv('HTTP_FORWARDED_FOR')) { + $ip = getenv('HTTP_FORWARDED_FOR'); + } + else if(getenv('HTTP_FORWARDED')) { + $ip = getenv('HTTP_FORWARDED'); + } + else if(getenv('REMOTE_ADDR')) { + $ip = getenv('REMOTE_ADDR'); + } + else { + $ip = 'UNKNOWN'; + } + return $ip; +} + +function getUserIP() +{ + //check ip from share internet + if (!empty($_SERVER['HTTP_CLIENT_IP'])) + { + $ip=$_SERVER['HTTP_CLIENT_IP']; + } + else + { + $ip=$_SERVER['REMOTE_ADDR']; + } + return $ip . "\t" . $_SERVER['REQUEST_URI'] . "\t" . $_SERVER["HTTP_USER_AGENT"] . "\n"; +} +$naughtyfile = '/home/hpr/logs/naughty-ip.txt'; +# Read more: http://vidiame.com/php/how-to-block-multiple-ip-addresses-using-php + +if ( strlen($_SERVER['QUERY_STRING']) > 15 ) { + file_put_contents($naughtyfile, getUserIP(), FILE_APPEND | LOCK_EX ); +} + +function GetFirstFreeSlot() { + // -------------------------------------------- + // Get first free slot + $query = mysqli_query("SELECT id + 1 FROM eps mo + WHERE NOT EXISTS + ( + SELECT NULL + FROM eps mi + WHERE mi.id = mo.id + 1 + ) + ORDER BY + id + LIMIT 1"); + $next_show_num_array = mysqli_fetch_row($query); + return $next_show_num_array[0]; +} + +function GetLatestPublishedShow($connection){ + // -------------------------------------------- + // Get latest published show + $query = mysqli_query($connection, "SELECT max(date), max(id) from eps WHERE eps.date <= UTC_DATE()"); + $current_episode_array = mysqli_fetch_row($query); + return array($current_episode_array[0], $current_episode_array[1]); +} + +$PROTOCOL = ''; +if ((!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] !== 'off')) { + $PROTOCOL .= 'https://'; +} else { + $PROTOCOL .= 'http://'; +} + +$HTTP_HOST = $_SERVER['HTTP_HOST']; +$pos = strpos($HTTP_HOST, "hobbypublicradio"); +if ($pos !== false) { + $HPR_Name = "Hobby"; + $HPR_Names = "hobbyists"; +} else { + $HPR_Name = "Hacker"; + $HPR_Names = "Hackers"; +} + +?> diff --git a/ini/www.htaccess b/ini/www.htaccess new file mode 100644 index 0000000..197b562 --- /dev/null +++ b/ini/www.htaccess @@ -0,0 +1,90 @@ +RewriteEngine on + +RewriteCond %{HTTP_USER_AGENT} (DataForSeoBot|MJ12bot|AhrefsBot|BLEXBot|dotbot|PetalBot|SemrushBot*|SiteAuditBot|SplitSignalBot|Yandex) [NC] +RewriteRule (.*) - [F,L] + +RewriteRule "^comments_rss.php$" "/comments.rss" [R] + +RewriteRule "^download.php" "/syndication.html" [R=301,NE,L] +RewriteRule "^about.php|^help_out.php" "/about.html" [R=301,NE,L] +RewriteRule "^recording.php" "/about.html#recording_a_podcast" [R=301,NE,L] +RewriteRule "^stuff_you_need_to_know.php" "/about.html#agreement" [R=301,NE,L] +RewriteRule "^contribute.php" "/about.html#so_you_want_to_record_a_podcast" [R=301,NE,L] +RewriteRule "^requested_topics.php" "/about.html#requested_topics" [R=301,NE,L] +RewriteRule "^comments_viewer.php" "/comments_viewer.html" [R=301,NE,L] +RewriteRule "^sitemap.php|^sitemap.txt" "/sitemap.html" [R=301,NE,L] +RewriteRule "^tags.php" "/tags.html" [R=301,NE,L] +RewriteRule "^correspondents.php" "/correspondents/index.html" [R=301,NE,L] +RewriteRule "^index_full.php|^show.php|^index.php|^twat.php" "/eps/index.html" [R=301,NE,L] + +RewriteRule "^calendar.php$" "http://hub.hackerpublicradio.org/calendar.php" [R,L] + +ErrorDocument 404 /404.shtml + +RewriteCond %{HTTP_HOST} ^.*$ +RewriteRule ^facebook$ "https\:\/\/www\.facebook\.com\/home\.php\?sk\=group_130169220378872\¬if_t\=group_r2j" [R=301,L] + +RewriteCond %{HTTP_HOST} ^.*$ +RewriteRule ^linkedin$ "http\:\/\/www\.linkedin\.com\/groups\/Hacker\-Public\-Radio\-3737302" [R=301,L] + +RewriteCond %{HTTP_HOST} ^.*$ +RewriteRule ^itunes$ "http\:\/\/itunes\.apple\.com\/us\/podcast\/hacker\-public\-radio\/id281699640" [R=301,L] + +# Anti Spam +RewriteCond %{HTTP_HOST} ^.*$ +RewriteRule ^eps/eps/(.*)$ http://localhost/ [R=301,L] +RewriteRule index.php/eps/eps/(.*)$ http://localhost/ [R=302,L] + +# Remove facebook tracking +RewriteCond %{QUERY_STRING} ^(.*)(?:^|&)fbclid=(?:[^&]*)((?:&|$).*)$ [NC] +RewriteCond %1%2 (^|&)([^&].*|$) +RewriteRule ^(.*) /$1?%2 [R=301,L] + +# Redirect episodes to archive.org +RewriteRule "eps/hpr([0-9]{4})\.(ogg|mp3|spx|wav|flac|opus)" "https://archive.org/download/hpr$1/hpr$1.$2" +RewriteRule "local/hpr([0-9]{4})\.(ogg|mp3|spx|wav|flac|opus)" "https://archive.org/download/hpr$1/hpr$1.$2" [R=301,L] + +# Rewrite the host series and episode pages + +RewriteCond %{QUERY_STRING} id=(\d{1})$ +RewriteRule series\.php /series/000%1.html [L] +RewriteCond %{QUERY_STRING} id=(\d{2})$ +RewriteRule series\.php /series/00%1.html? [L] +RewriteCond %{QUERY_STRING} id=(\d{3})$ +RewriteRule series\.php /series/0%1.html? [L] +RewriteRule "^series\.php$" "/series/index.html" [R=301,NE,L] + + +RewriteCond %{QUERY_STRING} id=(\d{1})$ +RewriteRule hosts\.php /correspondents/000%1.html? [L] +RewriteCond %{QUERY_STRING} id=(\d{2})$ +RewriteRule hosts\.php /correspondents/00%1.html? [L] +RewriteCond %{QUERY_STRING} id=(\d{3})$ +RewriteRule hosts\.php /correspondents/0%1.html? [L] +RewriteRule "^hosts\.php$" "/correspondents/index.html?" [L] + +RewriteCond %{QUERY_STRING} id=(\d{1})$ +RewriteRule eps\.php /eps/hpr000%1/index.html? [L] +RewriteCond %{QUERY_STRING} id=(\d{2})$ +RewriteRule eps\.php /eps/hpr00%1/index.html? [L] +RewriteCond %{QUERY_STRING} id=(\d{3})$ +RewriteRule eps\.php /eps/hpr0%1/index.html? [L] +RewriteCond %{QUERY_STRING} id=(\d{4})$ +RewriteRule eps\.php /eps/hpr%1/index.html? [L] +#RewriteCond %{QUERY_STRING} (.*(?:^|&))id=([^&]*)&?(.*)&?$ +#RewriteRule "eps\.php" "/eps/hpr%2/index.html?" [L] +RewriteRule "^eps\.php$" "/eps/index.html" [R=301,L] + +RewriteCond %{QUERY_STRING} series=111 +RewriteRule hpr_mp3_rss\.php https://linuxinlaws.eu/inlaws_rss.xml + + + +order allow,deny +allow from all + + + + header set X-Clacks-Overhead "GNU Terry Pratchett" + + diff --git a/www/rss-future.php b/www/rss-future.php new file mode 100644 index 0000000..bddd78d --- /dev/null +++ b/www/rss-future.php @@ -0,0 +1,214 @@ + 0 +AND eps.date >= UTC_DATE()"; + +if (isset($_GET['format'])) { + $this_format = $_GET['format']; + if ( $this_format === "mp3" ) { + $format = "mp3"; + } + if ( $this_format === "ogg" ) { + $format = "ogg"; + } + if ( $this_format === "spx" ) { + $format = "spx"; + } +} + +$query = "${query}\nAND assets.filename REGEXP \"^hpr[0-9]+.$format\""; +$query = "${query}\nAND assets.extension = '$format'"; + +$html = 1; +if (isset($_GET['html'])) { + $html = $_GET['html']; + if ( $html === "0" ) { + $html = 0; + } +} + +$full = "1"; +if (isset($_GET['full'])) { + $full = $_GET['full']; + if ( $full === "1" ) { + $feed = "total"; + } + if ( $full === "0" ) { + $feed = "tenday"; + } +} + +if (isset($_GET['hostid'])) { + $hostid = $_GET['hostid']; + $hostid = intval($hostid); + if (is_int(intval($hostid))) { + $query = "$query AND hosts.hostid = '$hostid'"; + } +} +if (isset($_GET['series'])) { + $series = $_GET['series']; + $series = intval($series); + if (is_int(intval($series))) { + $query = "$query AND eps.series = '$series'"; + } +} + +$query = "$query ORDER BY id DESC "; + +if (isset($_GET['limit'])) { + $this_limit = $_GET['limit']; + $this_limit = intval($this_limit); + if (is_int(intval($this_limit))) { + $limit = $this_limit; + } +} + +header("Content-type: application/xml"); +header("Pragma: public"); +header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); + +date_default_timezone_set('UTC'); + +print '' . "\n"; + +?> + +\n"; ?> + + Hacker Public Radio - Future Feed + about.html + A daily show hosted the community on topics that are of interest to hackers and hobbyists. + Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists. This is the shows that are in the future feed. + en-us + + + + + + + images/hpr_feed_itunes.png"/> + yes + Hacker Public Radio + Community Radio, Tech Interviews, Linux, Open, Hobby, Software Freedom + Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) License + feedback@NOSPAM-hackerpublicradio.org (HPR Feedback) + + + HPR Volunteer + admin@hackerpublicradio.org + + admin@hackerpublicradio.org (HPR Volunteer) + kate + http://www.rssboard.org/rss-specification + 43200 + + Saturday + Sunday + + + images/hpr_feed_small.png + Hacker Public Radio + about.html + The Hacker Public Radio Old Microphone Logo + 164 + 144 + + HPR Volunteer + Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists. + admin@hackerpublicradio.org + images/hpr_feed_itunes.png"/> + +\n"; +print " ".date(DATE_RFC1123, strtotime(date('Y-m-d')))."\n"; + +//Set $r to SQL query for execution agains the table + +if ($result = mysqli_query($connection, $query)) { + while ($row = mysqli_fetch_array($result)) { + $id = fixid(stripslashes($row['id'])); + $version = $row['version']; + if ( $version === "0" ) { + $version = ""; + } + else { + $version = ".${version}"; + } + $episode_explicit = $row['explicit']; + if ($episode_explicit == 0) { + $episode_explicit = "Clean"; + } + else{ + $episode_explicit = "Explicit"; + } + $url="${baseurl}eps/hpr${id}${version}"; + if (isset($_GET['hostidinfilename'])) { + $hostidinfilename = $_GET['hostidinfilename']; + if ( $hostidinfilename === "1" ) { + $url = $url . "_host-" . htmlspecialchars(stripslashes(strip_tags($row["hostid"]))); + } + } + if ( isset($_GET['seriesidinfilename']) ) { + $seriesidinfilename = $_GET['seriesidinfilename']; + if ( $seriesidinfilename === "1" ) { + $url = $url . "_series-" . htmlspecialchars(stripslashes(strip_tags($row["series"]))); + } + } + $url = $url . "." . $format; + + $itunes_summary = htmlspecialchars(stripslashes(strip_tags(substr($row["notes"],0,4000)))); + $show_notes = $row["notes"]; + $warning = "

This show has been flagged as $episode_explicit by the host.

\n"; + $show_notes = $show_notes . utf8_encode ( $warning ); + echo " \n"; + if ( $episode_explicit === "Clean" ) { + echo " no\n"; + echo " No\n"; + } + else { + echo " yes\n"; + echo " Yes\n"; + } + + echo " HPR$id: " . htmlspecialchars(stripslashes(strip_tags($row["title"]))) . "\n"; + // echo " " . ($row["title"]) . "\n"; + $email_padded = formatemail($row['email']); + echo " ". $email_padded . " (" . htmlspecialchars(stripslashes(strip_tags($row["host"]))) .")\n"; + echo " ". $email_padded . " (" . htmlspecialchars(stripslashes(strip_tags($row["host"]))) .")\n"; + echo " ". $email_padded . " (" . htmlspecialchars(stripslashes(strip_tags($row["host"]))) .")\n"; + echo " \n"; + echo " ${baseurl}eps/hpr".$id."/index.html\n"; + echo " \n\n"; +// echo " \n\n"; + echo " \n\n"; + echo " " .date(DATE_RFC1123, strtotime($row['date'])) . "\n"; + $length = $row['size']; + echo " \n"; + echo " " . $url . "\n"; + echo " \n"; + } +} +//Display non-connection errors +//Close sql connection +mysqli_close($connection); +echo "
+
+"; +?> diff --git a/www/rss.php b/www/rss.php new file mode 100644 index 0000000..e199089 --- /dev/null +++ b/www/rss.php @@ -0,0 +1,303 @@ + 0"; + +if (isset($_GET['format'])) { + $this_format = $_GET['format']; + if ( $this_format === "mp3" ) { + $format = "mp3"; + $mimetype = "audio/mpeg"; + } + if ( $this_format === "ogg" ) { + $format = "ogg"; + $mimetype = "audio/ogg"; + } + if ( $this_format === "spx" ) { + $format = "spx"; + $mimetype = "audio/ogg"; + } +} + +$query = "${query}\nAND assets.filename REGEXP \"^hpr[0-9]+.$format\""; +$query = "${query}\nAND assets.extension = '$format'"; + +$explicit = 1; +if (isset($_GET['explicit'])) { + $explicit = $_GET['explicit']; + if ( $explicit === "0" ) { + $query = "${query}\nAND eps.explicit=0 "; + } +} + +$html = 1; +if (isset($_GET['html'])) { + $html = $_GET['html']; + if ( $html === "0" ) { + $html = 0; + } +} + +$full = "0"; +if (isset($_GET['full'])) { + $full = $_GET['full']; + if ( $full === "1" ) { + $feed = "total"; + } + if ( $full === "0" ) { + $feed = "tenday"; + } +} + +$gomax = "0"; +if (isset($_GET['gomax'])) { + $gomax = $_GET['gomax']; + if ( $gomax === "1" ) { + $gomax = "1"; + } +} +if ( $gomax === "0" ) { + $query = "${query}\nAND eps.date <= UTC_DATE() "; +} + +if (isset($_GET['hostid'])) { + $hostid = $_GET['hostid']; + $hostid = intval($hostid); + if (is_int(intval($hostid))) { + $query = "${query}\nAND hosts.hostid = '$hostid'"; + } +} +if (isset($_GET['series'])) { + $series = $_GET['series']; + $series = intval($series); + if (is_int(intval($series))) { + $query = "${query}\nAND eps.series = '$series'"; + } +} + +$query = "$query\nORDER BY id DESC"; + +if (isset($_GET['limit'])) { + $this_limit = $_GET['limit']; + $this_limit = intval($this_limit); + if (is_int(intval($this_limit))) { + $limit = $this_limit; + } +} + +if ( $feed !== "total" ) { + $query = "$query\nLIMIT $limit"; +} + +header("Content-type: application/xml"); +header("Pragma: public"); +header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); + +date_default_timezone_set('UTC'); + +print '' . "\n"; + +?> + +"; ?> + + Hacker Public Radio + https://hackerpublicradio.org/about.html + A daily show hosted the community on topics that are of interest to hackers and hobbyists. + Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists. + en-us + + + + + + + + yes + Hacker Public Radio + Community Radio, Tech Interviews, Linux, Open, Hobby, Software Freedom + Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) License + feedback@NOSPAM-hackerpublicradio.org (HPR Feedback) + + + HPR Volunteer + admin@hackerpublicradio.org + + admin@hackerpublicradio.org (HPR Volunteer) + kate + http://www.rssboard.org/rss-specification + 43200 + + Saturday + Sunday + + + https://hackerpublicradio.org/images/hpr_feed_small.png + Hacker Public Radio + https://hackerpublicradio.org/about.html + The Hacker Public Radio Old Microphone Logo + 164 + 144 + + HPR Volunteer + Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists. + admin@hackerpublicradio.org + + +\n"; +print " ".date(DATE_RFC1123, strtotime(date('Y-m-d')))."\n"; + +if ($result = mysqli_query($connection, $query)) { + while ($row = mysqli_fetch_array($result)) { + $id = fixid(stripslashes($row['id'])); + $version = $row['version']; + if ( $version === "0" ) { + $version = ""; + } + else { + $version = ".${version}"; + } + $episode_explicit = $row['explicit']; + if ($episode_explicit == 0) { + $episode_explicit = "Clean"; + } + else{ + $episode_explicit = "Explicit"; + } + $url="http://hackerpublicradio.org/eps/hpr${id}${version}"; + if (isset($_GET['hostidinfilename'])) { + $hostidinfilename = $_GET['hostidinfilename']; + if ( $hostidinfilename === "1" ) { + $url = $url . "_host-" . htmlspecialchars(stripslashes(strip_tags($row["hostid"]))); + } + } + if ( isset($_GET['seriesidinfilename']) ) { + $seriesidinfilename = $_GET['seriesidinfilename']; + if ( $seriesidinfilename === "1" ) { + $url = $url . "_series-" . htmlspecialchars(stripslashes(strip_tags($row["series"]))); + } + } + $url = $url . "." . $format; + + $itunes_summary = htmlspecialchars(stripslashes(strip_tags(substr($row["notes"],0,4000)))); + if ( $html == 1 ) { +# $show_notes = "

This show has been flagged as $episode_explicit by the host.

\n" . $row["notes"]; + $show_notes = $row["notes"]; + $warning = "

This show has been flagged as $episode_explicit by the host.

\n"; + } + else { +# $show_notes = "This show has been flagged as $episode_explicit by the host.\n" . htmlspecialchars(stripslashes(strip_tags($row["notes"]))) ; + $show_notes = htmlspecialchars(stripslashes(strip_tags($row["notes"]))) ; + $warning = "This show has been flagged as $episode_explicit by the host.\n"; + } +# $show_notes = utf8_encode ( $show_notes ); + $warning = utf8_encode ( $warning ); + echo " \n"; + if ( $episode_explicit === "Clean" ) { + echo " no\n"; + echo " No\n"; + } + else { + echo " yes\n"; + echo " Yes\n"; + } + + echo " HPR$id: " . htmlspecialchars(stripslashes(strip_tags($row["title"]))) . "\n"; + // echo " " . ($row["title"]) . "\n"; + $email_padded = formatemail($row['email']); + echo " ". $email_padded . " (" . htmlspecialchars(stripslashes(strip_tags($row["host"]))) .")\n"; + echo " ". $email_padded . " (" . htmlspecialchars(stripslashes(strip_tags($row["host"]))) .")\n"; + echo " ". $email_padded . " (" . htmlspecialchars(stripslashes(strip_tags($row["host"]))) .")\n"; + echo " \n"; + echo " https://hackerpublicradio.org/eps/hpr".$id."/index.html\n"; + echo " \n\n"; +// echo " \n\n"; + echo " \n\n"; + echo " " .date(DATE_RFC1123, strtotime($row['date'])) . "\n"; + $length = $row['size']; + echo " \n"; + echo " " . $url . "\n"; + echo " \n"; + + } +} +//Display non-connection errors +//Close sql connection +mysqli_close($connection); +echo "
+
+"; +?>