A series of changes to automate the checking of comments - resulting in a returned json file and standard responses for different actions

2023-12-23 19:06:00 +01:00
parent 92902ffe47
commit 6b84bd01e6
4 changed files with 208 additions and 71 deletions
--- a/cms/comment_process.php
+++ b/cms/comment_process.php
@@ -1,9 +1,12 @@
 <?php
 require "/home/hpr/php/include.php";

+date_default_timezone_set('UTC');
+
 if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) {
-  naughty("5c965856fd6e1af9256c04d400698fae"); 
+  naughty("5c965856fd6e1af9256c04d400698fae not GET methog"); 
 }
+
 $num_get_args=0;

 foreach($_GET as $k => $v) { 
@@ -11,15 +14,15 @@ foreach($_GET as $k => $v) {
 }
 if ( $num_get_args !== 2 ){
  # they are trying to GET on a POST request
-  naughty("638709cc1d7f107c024eb2a663675e8c");
+  naughty("638709cc1d7f107c024eb2a663675e8c num_get_args $num_get_args");
 }

 if ( empty($_GET["key"]) or empty($_GET["action"]) ) {
-  naughty("991ce46448d64b90bc8a837b58b7ad20");
+  naughty("991ce46448d64b90bc8a837b58b7ad20 missing key");
 }

 if ( empty($_GET["key"]) or strlen($_GET["key"]) !== 45  ) {
-  naughty("c9e5ea8d870dda8db08bc570cbed7f84");
+  naughty("c9e5ea8d870dda8db08bc570cbed7f84 wrong key length");
 }

 if ( !empty($_GET["key"]) and 
@@ -31,11 +34,11 @@ if ( !empty($_GET["key"]) and
  $key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) );
 }
 else {
-  naughty("868d9cc49b2f1e4a9319a8e8755d6189");
+  naughty("868d9cc49b2f1e4a9319a8e8755d6189 wrong key type");
 }

 if ( !in_array($_GET["action"], array('approve','delete','block'), true ) ) {
-  naughty("c0ca62c918f9bb0ab72da0cdf2f2e8df ");
+  naughty("c0ca62c918f9bb0ab72da0cdf2f2e8df wrong action");
 }
 else {
    $action = $_GET["action"];
@@ -45,12 +48,12 @@ $comment_directory = "/home/hpr/comments";

 if ( ! file_exists( $comment_directory ) ) {
  # Looks like the comments directory has not been created
-  naughty("0fdffa1dbe94e0730cef457be93ebf40");
+  naughty("0fdffa1dbe94e0730cef457be93ebf40 cant find comment directory");
 }

 $files = glob( "${comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_${key}.json" );
 if (count($files) === 0) {
-  naughty("3efef2971727905064855d7866cb0059");
+  naughty("3efef2971727905064855d7866cb0059 cant find comment file - has the comment already been processed ?");
 }
 else {
  $file = $files[0];
@@ -59,7 +62,7 @@ else {
 list($begin, $file_ip, $end) = explode('_', $file);

 if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) {
-  naughty("70ebe39c92b393c288e41a4d3128b5da");
+  naughty("70ebe39c92b393c288e41a4d3128b5da not a valid file format");
 }

 if ( $action === 'block' ) {
@@ -76,96 +79,187 @@ if ( $action === 'delete' ) {
 }

 if ( $action === 'approve' ) {
-  
  $comment = file_get_contents("$file");

-$json = json_decode($comment, true);
-echo '<pre>' . print_r($json, true) . '</pre>';
+  $json = json_decode($comment, true);
  
-  // check json
+  if ( empty($json["comment_author_name"]) or strlen($json["comment_author_name"]) > 40 ) {
+    naughty("15f377e657196bb8192ec11755b0ca75 empty comment_author_name");
+  }
+  $comment_author_name = $json["comment_author_name"];

-  if ( empty($json["eps_id"]) ) {
-    naughty("6740e9b34590fe5b8f1829aeb5da099d");
+  if ( empty($json["comment_title"])  or strlen($json["comment_title"]) > 100) {
+    naughty("ce604e6bf3c1e0aa0ec7ab78ae07e6cb empty comment_title");
  }
+  $comment_title = $json["comment_title"];

-  if ( empty($json["comment_timestamp"]) ) {
-    naughty("4850b4b0006a60d86bafee8a8592b3f8");
+  if ( empty($json["comment_text"])  or strlen($json["comment_text"]) > 2000 ) {
+    naughty("d4101542e2d0264c0cdb8ac4bdf6bf09 empty comment_text");
  }
+  $comment_text = $json["comment_text"];

-  if ( empty($json["comment_author_name"]) ) {
-    naughty("15f377e657196bb8192ec11755b0ca75");
+  if ( empty($json["justification"]) or strlen($json["justification"]) > 200 or strlen($json["justification"]) < 20 ) {
+    naughty("f87785f8eda5d75de8cb08c386c66c56 empty justification");
  }
+  $justification = $json["justification"];

-  if ( empty($json["comment_title"]) ) {
-    naughty("ce604e6bf3c1e0aa0ec7ab78ae07e6cb");
-  }
-
-  if ( empty($json["comment_text"]) ) {
-    naughty("d4101542e2d0264c0cdb8ac4bdf6bf09");
-  }
-  if ( empty($json["justification"]) ) {
-    naughty("f87785f8eda5d75de8cb08c386c66c56");
-  }
  if ( empty($json["key"]) ) {
-    naughty("f87785f8eda5d75de8cb08c386c66c56");
+    naughty("f87785f8eda5d75de8cb08c386c66c56 empty key");
+  }
+  
+  if ( $key !== $json["key"] ) {
+    naughty("9d7f5e1a7a075a925ed1231decc16965 provided key is not matching json key");
  }

-  //  check ip
-
+  //  check ip //
+  //
  if ( empty($json["ip"]) ) {
-    naughty("025622ea15552a7b8a3ae71405cf1fbf");
+    naughty("025622ea15552a7b8a3ae71405cf1fbf empty ip");
  }

  $ip = $json["ip"];

  if ( ! filter_var($ip, FILTER_VALIDATE_IP)) {
-    naughty("571f2d51046da9c923e01ae8bbfc037e");
+    naughty("571f2d51046da9c923e01ae8bbfc037e not an IP");
  }

-  // check ep_num
-  
+  // check ep_num //
+  // 
+  if ( empty($json["eps_id"]) ) {
+    naughty("6740e9b34590fe5b8f1829aeb5da099d empty eps_id");
+  }
  $ep_num = $json["eps_id"];
-
+  
  if ( intval($ep_num) === 0 ) {
-    $x = intval($ep_num);
-    naughty("fdae5c63eb5608820b13c9d096166c84");
+    naughty("fdae5c63eb5608820b13c9d096166c84 ep_num not int");
  }
  else {
    $ep_num = intval($ep_num);
  }
  
  if ( ( $ep_num <= 0 ) OR ( $ep_num >= 9999) ) {
-    naughty("eb90a1a69fd531d5c649e3f5367bd570");
+    naughty("eb90a1a69fd531d5c649e3f5367bd570 ep_num outside range");
  }
-  
-  $show_array = array ();
-  
+    
  $ep_retrieve = "SELECT id FROM eps WHERE id=$ep_num;";
-
  
  if ($result = mysqli_query($connection, $ep_retrieve)) {    
    if ( ! $result->fetch_assoc()) {
-      naughty("b9ac28c5c661d7ed1c4c009de0279e07");
+      naughty("b9ac28c5c661d7ed1c4c009de0279e07 ep_num not a real show");
    }
  }

-  // date
+  // date //
+  //
  
+  if ( empty($json["comment_timestamp"]) ) {
+    naughty("bdc8352b3cc66626c3cb9e24b197eea6 empty comment_timestamp");
+  }
+  $comment_timestamp = $json["comment_timestamp"];
+
+  // 2023-12-23T12:21:29Z
+  if ( !preg_match("/\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$/", $comment_timestamp) ) {
+    naughty("ad7f805c2f42be77122ec52f114fe318 comment_timestamp not matching regex");
+  }
+
+  if ( strtotime($comment_timestamp) === false ) {
+    naughty("fa8cfb5266783bfb4dc06120bfdf5675 comment_timestamp not a date");
+  }
  
-$date = '2011-10-02T23:25:42Z';
-var_dump(validateDate($date));
-
-
+  $comment_timestamp_epoch = strtotime($comment_timestamp);
+  $a_week_ago = strtotime(date("Y-m-d H:i:s", time()) . " -1 week" );
+  
+// if ( $comment_timestamp_epoch <= $a_week_ago ) {
+//   naughty("f3fae30aec607f499108db240ec28456 comment_timestamp older than a week");
+// }
+  
+  $date = new DateTime( $comment_timestamp );
+  $comment_timestamp_db = $date->format('Y-m-d H:i:s');
+  
+  // anti spam
+  
+  if (file_exists($naughty_stings_file)) {
+    $comment = strtolower( "$comment_author_name, $comment_text, $comment_title, $justification" );
+    $naughty_words = file("$naughty_stings_file", FILE_SKIP_EMPTY_LINES|FILE_IGNORE_NEW_LINES);
+    foreach ( $naughty_words as $naughty_word) {
+      if ( strpos( $comment, strtolower( $naughty_word ) ) !== false ) {
+        naughty("b5fd199bfeb4c1bbd4923b4af5415ce3 fails banned wordcheck \"$naughty_word\"");
+      }
+    }
+  }
  
  // OK I believe you
+  
+  if ( strcmp($justification, "No justification is asked for or required.") !== 0 ) {
+    file_put_contents($justification_file, "$justification\n", FILE_APPEND | LOCK_EX );
+  }
+  
+  $ep_retrieve = "SELECT id FROM comments WHERE comment_timestamp='$comment_timestamp' AND comment_author_name='$comment_author_name'";
+  
+  if ($result = mysqli_query($connection, $ep_retrieve)) {    
+    if ( $result->fetch_assoc()) {
+      naughty("9422f4e06ded59e4e7c2e426e62ffa5e comment already in database. comment_timestamp='$comment_timestamp_db' and comment_author_name='$comment_author_name'");
+    }
+  }
+  
+  $query_add = "INSERT INTO comments (eps_id,comment_timestamp,comment_author_name,comment_title,comment_text) VALUES ( '{$ep_num}', '{$comment_timestamp_db}', '{$comment_author_name}', '{$comment_title}', '{$comment_text}')";

-  // INSERT INTO comments (eps_id,comment_timestamp,comment_author_name,comment_title,comment_text), VALUES ( $ep_num, $comment_timestamp, $comment_author_name, $comment_title, $comment_text);
-  // unlink( "${file}" );*/
+  $result = mysqli_query($connection, $query_add );
+  if(!$result) {
+    problem("ERROR: DB problem - The comment was not added to the db.");
+  }
+  if (mysqli_errno( $connection )) {
+    $error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n";
+    problem("ERROR: MySQL error- The comment was not added to the db.\n$error");
+  }
+ 
+  $query = "SELECT * FROM comments WHERE comment_timestamp='$comment_timestamp_db' AND comment_author_name='$comment_author_name'";
+  $result = @mysqli_query($connection, $query);
+  $db = mysqli_fetch_array($result, MYSQLI_ASSOC);
+
+  if ( empty($db["id"]) ) {
+    naughty("1caead2716fb4e793b11f978eddd7559 could not find the id of the entry. comment_timestamp='$comment_timestamp_db' and comment_author_name='$comment_author_name'");
+  }
  http_response_code(200);
+  header('Content-Type: application/json; charset=utf-8');
+  echo json_encode($db);
+  unlink( "${file}" );
  exit;
 }

 //   exit;
-
 http_response_code(500);
 ?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+