Thank you
Thank you for your submission.
Your show will now be processed by a HPR Volunteer.
Thanks,
HPR Bot
request_confirm.php > upload.php > upload_confirm.php require "/home/hpr/php/include.php"; function goback() { header( "Location: " . $_SERVER["HTTP_REFERER"] ) ; exit; } logextra( "Starting upload_confirm.php"); $query = "SELECT COUNT(*) as total FROM `reservations` WHERE ep_num = 0"; $result = mysqli_query($connection, "$query"); $row = mysqli_fetch_array($result, MYSQLI_NUM); $total = $row[0]; logextra( "Got reservations" ); if ($total > 150 ) { # This seems to indicate that we are under an attack as we never get 5 shows in the one day from different hosts. # A host doing bulk upload will need to do them one by one naughty("88fe2bc11a90f9f9ab9bdcc8a82d7401"); } logextra( "No bulk upload" ); // // // print '
'; // // // var_dump( $_SERVER['REQUEST_METHOD'] ); // // // print ''; if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) { naughty("29e9019c9615f755aec834000892ee9e"); } logextra( "It is a POST" ); if ( empty($_SERVER["REMOTE_ADDR"]) ) { naughty("abb147a251e8db132dafa93d98f8487f"); } else { $ip = $_SERVER["REMOTE_ADDR"]; } logextra( "We have a IP of $ip" ); if (count($_POST) !== 15) { logextra( "" ); if (count($_POST) !== 17) { # 19 is for mosaic # if this reports 0 is could be that the max upload is not set correctly in php.ini. naughty("7a994999b40e3dc2e3eecfdc36a78d23 ".count($_POST) ); } } logextra( "Correct number of POST entries" ); if ( isset( $_POST['key'] ) and strlen( $_POST['key'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_POST['key'] ) ) ) ) === 45 and ctype_xdigit( $_POST['key'] ) ) { $db_key = htmlspecialchars( stripslashes( strip_tags( $_POST['key'] ) ) ); } else { naughty("2fb4c4e05f0e8f37a5b47565cfb863f5"); } logextra( "Field lengths are correct" ); $query = "SELECT * FROM reservations WHERE reservations.ip = '$ip' AND reservations.key = '$db_key' "; $result = mysqli_query($connection, $query); $db = mysqli_fetch_array($result, MYSQLI_ASSOC); logextra( "Getting this reservation from the db" ); if ( empty($db["ip"]) or $db["key"] != $db_key ) { naughty("3162941738512bfdb1d21f288ee7cdb4"); } else { $db_ip = $db['ip']; $db_email = unformatemail($db['email']); $db_timestamp = $db['timestamp']; $ep_num = $db['ep_num']; $ep_date = $db['ep_date']; } logextra( "Found this reservation from the db" ); if ( empty($db_email) ) { naughty("457bf84c726d1cbbd381933e3a08b2ac"); } logextra( "Got an email $db_email" ); if ( strtotime($db['timestamp']) >= $_SERVER["REQUEST_TIME"] ) { naughty("00ad965f523b5c2ade071eb20d3618b5"); } logextra( "Timestamp is not to old" ); if ( strtotime($db['timestamp']) >= ( $_SERVER["REQUEST_TIME"] ) + 1800 ) { naughty("7570026fd11fc31ac0cada3e1dae4d0b"); } logextra( "Timestamp is not to young" ); if ( empty($_POST["title"]) or strlen($_POST["title"]) > 100 ) { naughty("32831f22fb96d02ce819127d558d28a2"); } logextra( "Title length is OK" ); if ( empty($_POST["summary"]) or strlen( $_POST["summary"]) > 200 or strlen(str_replace('\\', '', $_POST["summary"])) > 100 ) { naughty("ecfcc4c12bf4319d412d66fd2e239249"); } logextra( "Summary length is OK" ); if ( empty($_POST["shownotes_format"]) ) { naughty("a8345484b7a4ebad5af54937a3b2e26b"); } logextra( "Shownotes are not missing" ); if ( !( strcmp($_POST["shownotes_format"], "plain_text") === 0 or strcmp($_POST["shownotes_format"], "html5") === 0 or strcmp($_POST["shownotes_format"], "Markdown_GitHub") === 0 or strcmp($_POST["shownotes_format"], "Markdown_Pandoc") === 0 or strcmp($_POST["shownotes_format"], "restructured_text") === 0 or strcmp($_POST["shownotes_format"], "txt2tags") === 0 ) ) { naughty("b5609bad7edd70d76d75652fb0592ec4 " . $_POST["shownotes_format"] . " " . strcmp($_POST["shownotes_format"], ".")); } logextra( "shownotes_format is set OK" ); if ( empty($_POST["explicit"]) ) { naughty("39cc8812b02607d613c6a7ba7e789f2c"); } logextra( "explicit exists" ); if ( strcmp($_POST["explicit"], "Yes") !== 0 ) { logextra( "" ); if ( strcmp($_POST["explicit"], "Clean") !== 0 ) { naughty("198ab3b8af59ffba12c335239bde2876"); } } logextra( "explicit is either Yes or Clean" ); if ( empty($_POST["license"]) or strlen($_POST["license"]) < 4 or strlen($_POST["license"]) > 11 ) { naughty("194c24ff7396901c0ccc42fb21344683"); } logextra( "license length is fine" ); if ( !( strcmp($_POST["license"], "CC-BY-SA") === 0 or strcmp($_POST["license"], "CC-BY-NC-SA") === 0 or strcmp($_POST["license"], "CC-BY-NC-ND") === 0 or strcmp($_POST["license"], "CC-0") === 0 or strcmp($_POST["license"], "CC-BY-NC") === 0 or strcmp($_POST["license"], "CC-BY") === 0 or strcmp($_POST["license"], "Other") === 0 ) ) { naughty("f5609bad7edd70d76d75652fb0592ec4"); } logextra( "license is a valid value" ); if ( empty($_POST["notes"]) or strlen($_POST["notes"]) > 40000 ) { naughty("5860799406a323209b902d5104fe7bae"); } logextra( "Notes are less than max" ); if ( ( empty($_POST["series"]) and ($_POST["series"] != 0 ) ) or (strlen($_POST["series"]) > 3 ) ) { naughty("f1c83b57821d562f66246d975ef28994"); } $series = $_POST["series"]; $result_series = mysqli_query($connection, "SELECT name FROM miniseries WHERE id='$series'"); logextra( "Series id is in the correct range" ); if (!isset($result_series)) { naughty("27457bada69cbc352af762bdf649e905"); } $data=mysqli_fetch_assoc($result_series); $series_name = $data['name']; logextra( "Series has been found" ); if ( !empty($_POST["tags"]) and strlen($_POST["tags"]) > 100 ) { naughty("49a69b565acecf9d2a96aacc73aec5aa"); } logextra( "Tags are the correct length" ); if ( empty($_POST["host_name"]) or strlen($_POST["host_name"]) > 40 ) { naughty("626eae845e0a448be0544775ab5e4dc4"); } logextra( "host_name is set and correct length" ); if ( strlen($_POST["host_profile"]) > 2000 ) { naughty("f69ec5999e0a02def5a110489401347f"); } logextra( "host_profile is correct length" ); if ( empty($_POST["host_license"]) or strlen($_POST["host_license"]) < 4 or strlen($_POST["host_license"]) > 11 ) { naughty("f2816b32e97be090a96ceabdc9230c9c"); } logextra( "host_license is in the correct range" ); if ( !( strcmp($_POST["host_license"], "CC-BY-SA") === 0 or strcmp($_POST["host_license"], "CC-BY-NC-SA") === 0 or strcmp($_POST["host_license"], "CC-BY-NC-ND") === 0 or strcmp($_POST["host_license"], "CC-0") === 0 or strcmp($_POST["host_license"], "CC-BY-NC") === 0 or strcmp($_POST["host_license"], "CC-BY") === 0 or strcmp($_POST["host_license"], "Other") === 0 ) ) { naughty("978a18fa8558f3180897429e63d6ae55"); } logextra( "host_license is a predfined value" ); if ( empty($_POST["hostid"]) and $_POST["hostid"] != 0 ) { naughty("277dc98d43e7840d9f296cce1bc3ec2c"); } logextra( "hostid exists and is not 0" ); $result = mysqli_query($connection, 'SELECT MAX(hostid) as max FROM hosts;'); if (!isset($result)) { naughty("93fcc22d0c5ee3fac35e6d658db76059"); } $data=mysqli_fetch_assoc($result); $maxhost = $data['max']; logextra( "retrieved the max host from db" ); $hostid = $_POST["hostid"]; logextra( "" ); if ( (strval(intval($hostid)) != strval($hostid)) or ( intval($hostid) < 0 ) or ( intval($hostid) > $maxhost ) ){ naughty("a0f6cae871b85cb66f85d7ed5e91d1bb"); } logextra( "host id is int, and in the correct range" ); if ( !empty($_POST["url"]) and strlen($_POST["url"]) > 1024 ) { naughty("6d4f180c49ff9b9154bd80070ec2c1f3"); } logextra( "The url is set and the correct length" ); if ( !empty($_POST["url"]) ) { if ( filter_var($_POST["url"], FILTER_VALIDATE_URL) === false ) { naughty("9c307efe37146015a35e2d928c2c0f69"); } else { $url = htmlspecialchars(filter_var($_POST["url"], FILTER_VALIDATE_URL)); } } logextra( "The url has not been altered" ); $dir_structure = "/home/hpr/upload/" . strtotime($db_timestamp) . "_${ep_num}_${ep_date}_${db_key}/"; if ( file_exists( $dir_structure ) ) { naughty("d4250c369bd81b27cdc53d0d53321ecd"); } logextra( "The upload dir seems fine $dir_structure" ); if (!mkdir($dir_structure, 0777, true)) { naughty("804c4be123ca0327840b76bf4f8eb19e"); } $shownote_file = "${dir_structure}/shownotes.txt"; if ( file_exists( $shownote_file ) ) { naughty("33370d1c5c19a6ca4ef3f3ce59158e57"); } logextra( "The shownotes txt file exists $shownote_file" ); $shownote_file_json = "${dir_structure}/shownotes.json"; if ( file_exists( $shownote_file_json ) ) { naughty("a9564ebc3289b7a14551baf8ad5ec60a"); } logextra( "The shownotes json file exists $shownote_file_json" ); $this_post = print_r($_POST, true); $this_file = print_r($_FILES, true); logextra( "Received $this_post, $this_file" ); $show_data = "------------------------------------------------------------"; $show_data = $show_data . "\nEpisode_Number:\t" . $ep_num; $show_data = $show_data . "\nEpisode_Date:\t" . $ep_date; $show_data = $show_data . "\nTimestamp:\t" . $db_timestamp; $show_data = $show_data . "\nKey:\t" . $_POST['key']; $show_data = $show_data . "\nHost_IP:\t" . $db_ip; $show_data = $show_data . "\n------------------------------------------------------------"; $show_data = $show_data . "\nHost_ID:\t" . $_POST['hostid']; $show_data = $show_data . "\nHost_Name:\t" . $_POST['host_name']; $show_data = $show_data . "\nHost_Email:\t" . $db_email; $show_data = $show_data . "\nHost_License:\t" . $_POST['host_license']; $show_data = $show_data . "\nHost_Profile:\n" . $_POST['host_profile']; $show_data = $show_data . "\n------------------------------------------------------------"; $show_data = $show_data . "\nTitle:\t" . $_POST['title']; $show_data = $show_data . "\nSummary:\t" . $_POST['summary']; $show_data = $show_data . "\nShownotes_Format:\t" . $_POST['shownotes_format']; $show_data = $show_data . "\nExplicit:\t" . $_POST['explicit']; $show_data = $show_data . "\nShow_License:\t" . $_POST['license']; $show_data = $show_data . "\nSeries:\t" . $series; $show_data = $show_data . "\nSeries_Name:\t" . $series_name; $show_data = $show_data . "\nTags:\t" . $_POST['tags']; $show_data = $show_data . "\nurl:\t" . $_POST['url']; $show_data = $show_data . "\n------------------------------------------------------------"; $show_data = $show_data . "\nShow_Notes:\n" . $_POST['notes']; $show_data = $show_data . "\n------------------------------------------------------------"; $show_data = $show_data . "\nPOST:\n" . $this_post; $show_data = $show_data . "\n------------------------------------------------------------"; $show_data = $show_data . "\nFILES:\n" . $this_file; $show_data = $show_data . "\n------------------------------------------------------------\n"; file_put_contents($shownote_file, stripslashes($show_data) ); logextra( "Wrote the $shownote_file" ); $show_data_json = array( "host" => array( "Host_ID" => $_POST['hostid'], "Host_Name" => $_POST['host_name'], "Host_Email" => $db_email, "Host_License" => $_POST['host_license'], "Host_Profile" => $_POST['host_profile'] ), "episode" => array( "Title" => $_POST['title'], "Summary" => $_POST['summary'], "Explicit" => $_POST['explicit'], "Show_License" => $_POST['license'], "Series" => $series, "Series_Name" => $series_name, "Tags" => $_POST['tags'], "Show_Notes" => $_POST['notes'] ), "metadata" => array( "Episode_Number" => $ep_num, "Episode_Date" => $ep_date, "Timestamp" => $db_timestamp, "Key" => $_POST['key'], "Host_IP" => $db_ip, "POST" => $_POST, "FILES" => $_FILES, "url" => $_POST['url'], "Shownotes_Format" => $_POST['shownotes_format'], ) ); file_put_contents($shownote_file_json, json_encode($show_data_json) ); logextra( "Wrote the $shownote_file_json" ); if ( !file_exists( $dir_structure ) ) { naughty("a1534e6d525352dce7183a2e22862049"); } logextra( "The dir_structure still exists" ); if ( !file_exists( "$dir_structure/shownotes.txt" ) ) { naughty("ab8051b531c120b8bffd2a5b25a19cc3"); } logextra( "shownotes.txt still exists" ); if ( !file_exists( "$dir_structure/shownotes.json" ) ) { naughty("a9564ebc3289b7a14551baf8ad5ec60a"); } logextra( "shownotes.json still exists" ); $message=""; if ( !empty($_FILES["host_photo"]["tmp_name"]) and !empty($_FILES["host_photo"]["type"]) and $_FILES["host_photo"]["error"] == 0 ) { list($type_main, $type_sub)= explode("/", $_FILES["host_photo"]["type"]); if ( empty($type_sub) or strlen($type_sub) > 4 ) { naughty("c1381f1d2492f81074d8cb70c85f5fc8"); } else { $temp_photo = $_FILES["host_photo"]["tmp_name"]; $host_photo = "${dir_structure}/photo"; move_uploaded_file($temp_photo, $host_photo); $message = $message . "A photo was delivered. "; } logextra( "A photo was delivered" ); } else { $message = $message . "No photo delivered. "; } logextra( "No photo delivered" ); // Deal with uploaded files. $files = count($_FILES["media_files"]["error"]); if ( $files > 1 ) { $message = $message . $files . " files were delivered."; logextra( $files . " files were delivered." ); } else if ( $files == 1 and $_FILES["media_files"]["error"][ "0"] == 0 ) { $message = $message . "One file was delivered."; logextra( "One file was delivered." ); } else { if ( empty($_POST["url"]) ) { $message = $message . " You have chosen to upload the files separately from these show notes. If you wish to send a show using another method then please discuss it with the HPR Volunteer at admin@hackerpublicradio.org "; logextra( "uploading the files separately" ); } } foreach($_FILES["media_files"]["tmp_name"] as $key => $val) { if ( $_FILES["media_files"]["error"][ "$key"] == 0 ) { $from = $_FILES["media_files"]["tmp_name"][ "$key"]; $to = "${dir_structure}/" . $_FILES["media_files"]["name"][ "$key"] ; $moveResult = move_uploaded_file($from, $to); if ($moveResult != true) { echo "ERROR: File not moved correctly >$from< >$to<"; logextra( "ERROR: File not moved correctly >$from< >$to<" ); } else { logextra( "File moved correctly >$from< >$to<" ); } } } logextra( "All Files moved" ); ######################################################## // OK You convinced me. if ( $ep_num == 9999 ) { $show_submitted = "RESERVE_SHOW_SUBMITTED"; } else { $show_submitted = "SHOW_SUBMITTED"; } $query = "UPDATE reservations SET `verified` = '1', `status` = '$show_submitted' WHERE `ip` = '$db_ip' AND `timestamp` = '$db_timestamp' AND `key` = '$db_key'"; $result = mysqli_query($connection, $query ); if (mysqli_errno($connection)) { $error = "MySQL error ".mysqli_errno($connection).": ".mysqli_error($connection)."\n"; problem("Could not update the show reservation to $status in the db"); mysqli_free_result($result); mysqli_close($connection); logextra( "$query"); die; } logextra( "Updating the db to $show_submitted" ); if (!isset($result)) { naughty("c7405e79b54f582e8db46c69ec4b0f24"); } $body="give"; //$body="index_full"; include 'header.html'; ?>
Thank you for your submission.
Your show will now be processed by a HPR Volunteer.
Thanks,
HPR Bot
This email is an automatic reply. If you have not made this request then please ignore this email.
Thank You for recording an episode for the Reserve Queue.
$message
Your show will now be processed by a HPR Volunteer.
Thanks,
HPR Bot
This email is an automatic reply. If you have not made this request then please ignore this email.
Thank You for recording hpr${ep_num} for release on ${ep_date}.
$message
Your show will now be processed by a HPR Volunteer.
Thanks,
HPR Bot