paulj/hpr_hub
1
0
Fork 0
forked from HPR/hpr_hub
Code Pull Requests Activity

Initial push of the dynamic code

Browse Source
This commit is contained in:
Ken Fallon
2023-07-02 16:47:44 +02:00
parent e2fec9f1f1
commit bbaa57bed9
22 changed files with 4042 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

403
cms/add_show.php Normal file
View File

@@ -0,0 +1,403 @@
<?php
require "/home/hpr/php/include.php";
date_default_timezone_set('UTC');
function goback() {
header( "Location: " . $_SERVER["HTTP_REFERER"] ) ;
exit;
}
logextra( "Starting add_show.php");
if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) {
problem("ERROR: It is not a POST");
}
logextra( "It is a POST" );
if ( empty($_SERVER["REMOTE_ADDR"]) ) {
problem("ERROR: No REMOTE_ADDR");
}
else {
$ip = $_SERVER["REMOTE_ADDR"];
}
logextra( "We have a IP of $ip" );
if (count($_POST) !== 15) {
logextra( "POST is not 15" );
if (count($_POST) !== 17) {
# 19 is for mosaic
# if this reports 0 is could be that the max upload is not set correctly in php.ini.
problem("ERROR: Incorrect number of POST entries ".count($_POST) );
}
}
logextra( "Correct number of POST entries" );
if ( isset( $_POST['key'] ) and strlen( $_POST['key'] ) === 45 and strlen( htmlspecialchars( stripslashes( strip_tags( $_POST['key'] ) ) ) ) === 45 and ctype_xdigit( $_POST['key'] ) ) {
$db_key = htmlspecialchars( stripslashes( strip_tags( $_POST['key'] ) ) );
}
else {
problem("ERROR: no key");
}
logextra( "Field lengths are correct" );
$query = "SELECT * FROM reservations WHERE reservations.key = '$db_key' ";
$result = @mysqli_query($connection, $query);
$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
logextra( "Getting this reservation from the db" );
if ( $db["key"] != $db_key ) {
problem("ERROR: Could not find the reservation in the db");
}
logextra( "Found this reservation from the db" );
if ( empty($_POST["title"]) or strlen($_POST["title"]) > 100 ) {
problem("ERROR: Title length is not OK");
}
logextra( "Title length is OK" );
$title = $_POST["title"];
if ( empty($_POST["summary"]) or strlen( $_POST["summary"]) > 200 or strlen(str_replace('\\', '', $_POST["summary"])) > 100 ) {
problem("ERROR: Summary length is not OK");
}
logextra( "Summary length is OK" );
$summary = $_POST["summary"];
if ( empty($_POST["explicit"]) ) {
problem("ERROR: explicit is missing");
}
logextra( "explicit exists" );
if ( strcmp($_POST["explicit"], "Yes") !== 0 ) {
logextra( "explicit is not yes" );
if ( strcmp($_POST["explicit"], "Clean") !== 0 ) {
problem("ERROR: explicit needs to be either Yes or Clean");
}
}
logextra( "explicit is either Yes or Clean" );
$explicit = $_POST["explicit"];
if ( $explicit === "Clean" ) {
$explicit = 0;
}
else {
$explicit = 1;
}
if ( empty($_POST["episode_license"]) or strlen($_POST["episode_license"]) < 4 or strlen($_POST["episode_license"]) > 11 ) {
problem("ERROR: episode_license length is not fine");
}
logextra( "episode_license length is fine" );
if ( !(
strcmp($_POST["episode_license"], "CC-BY-SA") === 0 or
strcmp($_POST["episode_license"], "CC-BY-NC-SA") === 0 or
strcmp($_POST["episode_license"], "CC-BY-NC-ND") === 0 or
strcmp($_POST["episode_license"], "CC-0") === 0 or
strcmp($_POST["episode_license"], "CC-BY-NC") === 0 or
strcmp($_POST["episode_license"], "CC-BY") === 0 or
strcmp($_POST["episode_license"], "Other") === 0 )
) {
problem("ERROR: license is not a valid value");
}
logextra( "license is a valid value" );
$episode_license = $_POST["episode_license"];
if ( empty($_POST["notes"]) or strlen($_POST["notes"]) > 40000 ) {
problem("ERROR: Notes are missing not less than max");
}
logextra( "Notes are not missing and are less than max" );
$notes = $_POST["notes"];
if ( ( empty($_POST["series"]) and ($_POST["series"] != 0 ) ) or (strlen($_POST["series"]) > 3 ) ) {
problem("ERROR: Series id is not in the correct range");
}
$series = $_POST["series"];
if ( (strval(intval($series)) != strval($series)) ){
problem("ERROR: series is not an int");
}
logextra( "series is int" );
$result_series = mysqli_query($connection, "SELECT name FROM miniseries WHERE id='$series'");
logextra( "Series id is in the correct range \"$series\"" );
if (!isset($result_series)) {
problem("ERROR: Series has not been found");
}
$db_series_name_array = mysqli_fetch_row( $result_series );
$db_series_name = $db_series_name_array[0];
if ( empty($db_series_name) ) {
problem("ERROR: Series name \"${db_series_name}\" is missing from db ");
}
logextra( "Series name has been found in db: \"$db_series_name\"" );
if ( empty($_POST["series_name"]) ) {
problem("ERROR: series_name length is not fine");
}
$series_name = $_POST["series_name"];
if ( $series_name != $db_series_name ) {
problem("ERROR: series_name \"$series_name\" and db_series_name \"$db_series_name\" don't match.");
}
logextra( "series_name checkes passed: \"$series_name\"" );
if ( !empty($_POST["tags"]) and strlen($_POST["tags"]) > 100 ) {
problem("ERROR: Tags are not the correct length");
}
logextra( "Tags are the correct length" );
$tags = $_POST["tags"];
#############
# Host checks
if ( empty($_POST["host_name"]) or strlen($_POST["host_name"]) > 40 ) {
problem("ERROR: host_name is not set and not the correct length");
}
logextra( "host_name is set and correct length" );
$host_name = $_POST["host_name"];
if ( strlen($_POST["host_profile"]) > 2000 ) {
problem("ERROR: host_profile is not the correct length");
}
logextra( "host_profile is correct length" );
$host_profile = $_POST["host_profile"];
if ( empty($_POST["host_license"]) or strlen($_POST["host_license"]) < 4 or strlen($_POST["host_license"]) > 11 ) {
problem("ERROR: host_license is not in the correct range");
}
logextra( "host_license is in the correct range" );
if ( !(
strcmp($_POST["host_license"], "CC-BY-SA") === 0 or
strcmp($_POST["host_license"], "CC-BY-NC-SA") === 0 or
strcmp($_POST["host_license"], "CC-BY-NC-ND") === 0 or
strcmp($_POST["host_license"], "CC-0") === 0 or
strcmp($_POST["host_license"], "CC-BY-NC") === 0 or
strcmp($_POST["host_license"], "CC-BY") === 0 or
strcmp($_POST["host_license"], "Other") === 0 )
) {
problem("ERROR: host_license is not a predfined value");
}
logextra( "host_license is a predfined value" );
$host_license = $_POST["host_license"];
if ( $_POST["hostid"] == 0 ) {
problem("ERROR: hostid is 0");
}
logextra( "hostid is not 0" );
if ( empty($_POST["hostid"]) ) {
problem("ERROR: hostid doesn't exists ");
}
logextra( "hostid exists " );
$result = mysqli_query($connection, 'SELECT MAX(hostid) FROM hosts;');
if (!isset($result)) {
problem("ERROR: could not get the max host from db");
}
$maxhost_array = mysqli_fetch_row( $result );
$maxhost = $maxhost_array[0];
logextra( "retrieved the max host from db" );
$hostid = $_POST["hostid"];
if ( (strval(intval($hostid)) != strval($hostid)) ){
problem("ERROR: host id is not an int");
}
logextra( "host id is int" );
if ( ( intval($hostid) < 0 ) or ( intval($hostid) > $maxhost ) ){
problem("ERROR: host id \"$hostid\" is not in the correct range \" $maxhost \"");
}
logextra( "host id is int, and in the correct range" );
$query = "SELECT * FROM `hosts` WHERE `hostid` = '$hostid' and `host` = '$host_name';";
$result = @mysqli_query($connection, $query);
$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
logextra( "Getting this host from the db" );
if ( ( $db["hostid"] != $hostid ) or ( $db["host"] != $host_name ) ) {
problem("ERROR: Could not find the host \"" . $db["hostid"] ."\", \"" . $db["host"] . "\" in the db \"${hostid}\", \"${host_name}\"" . $query );
}
logextra( "Found this reservation from the db" );
if ( ( $db["profile"] != "$host_profile" ) or ( $db["license"] != "$host_license" ) ) {
logextra("The host_license is different to that in the db");
$query = "UPDATE `hosts` SET `profile` = '$host_profile', `license` = '$host_license' WHERE `hosts`.`hostid` = '$hostid';";
$result = mysqli_query($connection, $query );
if (!isset($result)) {
problem("ERROR: could not update the host profile");
} else {
logextra( "Updating the host profile" );
}
}
logextra( "The host_license is the same to that in the db" );
##############
# Episode Check
// SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET
if ( !empty($_POST["ep_num"]) and isset( $_POST["ep_num"] ) ) {
$ep_num = intval( $_POST["ep_num"] );
}
else {
problem("ERROR: ep_num is empty");
}
// // SELECT MAX(ep_num) FROM `reservations` → 3627
// // SELECT MIN(ep_num) FROM `reservations` WHERE ep_num > 0 → 3582
//
$result = mysqli_query($connection, 'SELECT MAX(ep_num) FROM `reservations`;');
if (!isset($result)) {
problem("ERROR: Can't get max eps from reservations");
}
$max_eps_array = mysqli_fetch_row( $result );
$max_eps = $max_eps_array[0];
mysqli_free_result($result);
$result = mysqli_query($connection, 'SELECT MIN(ep_num) FROM `reservations` WHERE ep_num > 0;');
if (!isset($result)) {
problem("ERROR: Can't get min eps from reservations");
}
$min_eps_array = mysqli_fetch_row( $result );
$min_eps = $min_eps_array[0];
mysqli_free_result($result);
if ( empty( $ep_num ) ) {
problem("ERROR: ep_num is empty");
}
if ( $ep_num < $min_eps ) {
problem("ERROR: ep_num is too small");
}
if ( $ep_num > $max_eps ) {
problem("ERROR: ep_num is too big");
}
if ( intval($ep_num) === 0 ) {
problem("ERROR: ep_num is 0");
}
else {
$ep_num = intval($ep_num);
}
$result = mysqli_query($connection, "SELECT ep_num FROM reservations WHERE ep_num='$ep_num' AND status='METADATA_PROCESSED';");
if (!isset($result)) {
problem("ERROR: Cant get info from reservations db");
}
$db_ep_num_array = mysqli_fetch_row( $result );
$db_ep_num = $db_ep_num_array[0];
mysqli_free_result($result);
if ( $db_ep_num != $ep_num ){
problem("ERROR: Cant find $ep_num with status of METADATA_PROCESSED");
}
$result = mysqli_query($connection, "SELECT `id` FROM `eps` WHERE `id` = '$ep_num';");
if (!isset($result)) {
problem("ERROR: The show $ep_num is already in the eps db");
}
$db_ep_num_array = mysqli_fetch_row( $result );
$db_ep_num = $db_ep_num_array[0];
mysqli_free_result($result);
if ( !empty( $db_ep_num ) ) {
problem("ERROR: $ep_num is already in the eps table");
}
if ( intval($db_ep_num) === $ep_num ) {
problem("ERROR: $ep_num is already in the eps table");
}
logextra( "ep_num checkes passed: $ep_num" );
if ( !preg_match("/^\d{4}-\d{2}-\d{2}$/", $_POST["ep_date"]) ) {
problem("ERROR: ep_date fails the regex match ");
}
else {
$ep_date = $_POST["ep_date"];
}
if ( strtotime($ep_date) === false ) {
problem("ERROR: ep_date didn't convert to date");
}
else {
$ep_date_epoch = strtotime($ep_date);
}
logextra( "ep_date checkes passed: $ep_date" );
if ( !empty($_POST["duration"]) and isset( $_POST["duration"] ) ) {
$duration = intval( $_POST["duration"] );
}
else {
problem("ERROR: duration is empty");
}
if ( empty( $duration ) ) {
problem("ERROR: duration is empty");
}
if ( $duration < 50 ) {
problem("ERROR: duration is too small");
}
if ( $duration > 26830 ) {
problem("ERROR: duration is too big");
}
if ( intval($duration) === 0 ) {
problem("ERROR: duration is 0");
}
else {
$duration = intval($duration);
}
logextra( "duration checkes passed: $duration" );
$title = mysqli_real_escape_string( $connection, $title );
$summary = mysqli_real_escape_string( $connection, $summary );
$notes = mysqli_real_escape_string( $connection, $notes );
$tags = mysqli_real_escape_string( $connection, $tags );
$query_add = "INSERT INTO eps VALUES ('$ep_num', '{$ep_date}', '{$title}', '{$duration}', '{$summary}', '{$notes}', '{$hostid}', '{$series}', '{$explicit}', '{$episode_license}', '{$tags}', '0', '0', '0')";
$result = mysqli_query($connection, $query_add );
if(!$result) {
problem("ERROR: DB problem - The show $ep_num was not added to the eps db.");
}
if (mysqli_errno( $connection )) {
$error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n";
problem("ERROR: MySQL error- The show $ep_num was not added to the eps db.\n$error");
}
$result = mysqli_query($connection, "SELECT `id` FROM `eps` WHERE `id` = '$ep_num';");
if (!isset($result)) {
problem("ERROR: DB problem - The show $ep_num has not been added to the eps db");
}
$db_ep_num_array = mysqli_fetch_row( $result );
$db_ep_num = $db_ep_num_array[0];
mysqli_free_result($result);
if (mysqli_errno( $connection )) {
$error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n";
problem("ERROR: MySQL error- The show $ep_num was not added to the eps db.\n$error");
}
$result = mysqli_query($connection, "UPDATE reservations SET `status` = 'SHOW_POSTED' WHERE `ep_num` = '$ep_num' AND status='METADATA_PROCESSED';" );
if (!isset($result)) {
problem("ERROR: DB problem - The show $ep_num has not been added to the eps db");
}
if (mysqli_errno( $connection )) {
$error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n";
problem("ERROR: Could not update the show reservation to SHOW_POSTED in the db");
}
logextra( "Finished $ep_num ." );
?>

75
cms/comment_process.php Executable file
View File

@@ -0,0 +1,75 @@
<?php
require "/home/hpr/php/include.php";
if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) {
naughty("5c965856fd6e1af9256c04d400698fae");
}
$num_get_args=0;
foreach($_GET as $k => $v) {
++$num_get_args;
}
if ( $num_get_args !== 2 ){
# they are trying to GET on a POST request
naughty("638709cc1d7f107c024eb2a663675e8c");
}
if ( empty($_GET["key"]) or empty($_GET["action"]) ) {
naughty("991ce46448d64b90bc8a837b58b7ad20");
}
if ( empty($_GET["key"]) or strlen($_GET["key"]) !== 45 ) {
naughty("c9e5ea8d870dda8db08bc570cbed7f84");
}
if ( !empty($_GET["key"]) and
isset( $_GET['key'] ) and
strlen( $_GET['key'] ) === 45 and
strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) === 45 and
ctype_xdigit( $_GET['key'] )
) {
$key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) );
}
else {
naughty("868d9cc49b2f1e4a9319a8e8755d6189");
}
if ( !in_array($_GET["action"], array('approve','delete','block'), true ) ) {
naughty("c0ca62c918f9bb0ab72da0cdf2f2e8df ");
}
else {
$action = $_GET["action"];
}
$comment_directory = "/home/hpr/comments";
if ( ! file_exists( $comment_directory ) ) {
# Looks like the comments directory has not been created
naughty("0fdffa1dbe94e0730cef457be93ebf40");
}
$files = glob( "${comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_${key}.json" );
if (count($files) === 0) {
naughty("3efef2971727905064855d7866cb0059");
}
else {
$file = $files[0];
}
list($begin, $file_ip, $end) = explode('_', $file);
if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) {
naughty("70ebe39c92b393c288e41a4d3128b5da");
}
if ( $action === 'block' ) {
file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t${file_ip}\tReported as comment spammer\t${key}\n", FILE_APPEND | LOCK_EX );
}
unlink( "${file}" );
http_response_code(200);
// exit;
?>

111
cms/say.php Normal file
View File

@@ -0,0 +1,111 @@
<?php
require "/home/hpr/php/include.php";
if (isset($_GET['id'])) {
$id = $_GET['id'];
$result = mysqli_query($connection, 'SELECT MAX(id) FROM eps;');
if (!isset($result)) {
die('Could not query:' . mysqli_error());
}
$maxhost_array = mysqli_fetch_row( $result );
$maxhost = $maxhost_array[0];
$num_get_args=0;
foreach($_GET as $k => $v) {
++$num_get_args;
}
if ( (strval(intval($id)) != strval($id)) OR ( intval($id) <= 0 ) OR ( intval($id) > $maxhost ) OR ( $num_get_args > 1 ) ){
exit;
}
$query = "SELECT id FROM eps WHERE id = '$id'";
$result = @mysqli_query($connection, $query);
if($result === FALSE) {
call412( "a9564ebc3289b7a14551baf8ad5ec60a" );
}
else {
$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ( empty($db["id"]) ) {
call412( "a9564ebc3289b7a14551baf8ad5ec60a" );
}
}
}
else {
call412( "a9564ebc3289b7a14551baf8ad5ec60a" );
exit;
}
Header('Content-type: text/tab-separated-values');
header("Content-disposition: inline; filename=say.txt");
$ep_retrieve = "SELECT UNIX_TIMESTAMP(eps.date) AS timestamp, eps.title, eps.duration, eps.summary, hosts.host, eps.hostid, eps.series, eps.license, eps.explicit FROM eps, hosts WHERE hosts.valid = '1' AND id = '$id' AND eps.hostid = hosts.hostid";
if ($result = mysqli_query($connection, $ep_retrieve)) {
while ($row = mysqli_fetch_array($result)) {
$date = $row['timestamp'];
$title = $row['title'];
$duration = $row['duration'];
$summary = $row['summary'];
$host = $row['host'];
$hostid = $row['hostid'];
$series = $row['series'];
$license = $row['license'];
$explicit = $row['explicit'];
$id = fixid($id);
$host_retrieve = "SELECT host, espeak_name FROM hosts WHERE hostid = '$hostid'";
$result1 = mysqli_query($connection, $host_retrieve);
$row1 = mysqli_fetch_array($result1);
$espeak_name = $row1['espeak_name'];
$epcountquery = "SELECT count( id ) AS total FROM eps WHERE hostid = '$hostid'";
$result2 = mysqli_query($connection, $epcountquery);
$row2 = mysqli_fetch_array($result2);
$total = $row2['total'];
if ( $total == 1 ) {
$host_notes = ". It is the first show by new host ${espeak_name}, ";
}
else if ($total % 10 == 0) {
$host_notes = ". It is the ${total}th show of ${espeak_name}, ";
}
else {
$host_notes = ". It is hosted by ${espeak_name}, ";
}
}
}
$HPR_summary = "This is Hacker Public Radio episode $id for " . date("l", $date) . " the " . date("jS", $date) . " of " . date("F Y", $date) . ". Todays show is entitled. ${title}.";
if ($series > "0"){
$series_query = mysqli_query($connection, "SELECT name, description FROM miniseries WHERE id = '$series'");
$series_result = mysqli_fetch_array($series_query);
$series_title = $series_result['name'];
$desc = $series_result['description'];
$HPR_summary = "${HPR_summary} It is part of the series \"$series_title\"";
}
$HPR_summary = "${HPR_summary} ${host_notes} and is about " . round($duration/60) . " minutes long. It carries ";
if ($explicit == 0) {
$HPR_summary = "${HPR_summary} a clean flag. ";
$explicit = "Clean";
}
else{
$HPR_summary = "${HPR_summary} an explicit flag. ";
$explicit = "Explicit";
}
if ( !empty( $summary ) ) {
$HPR_summary = "${HPR_summary}. The summary is. $summary";
}
if (strcmp($license, "CC-BY-SA" ) !== 0) {
$HPR_summary = "${HPR_summary}. Todays show is licensed under a $license license.";
}
$HPR_summary = str_replace($host,$espeak_name,$HPR_summary);
echo "HPR_summary: ${HPR_summary}\n";
echo "HPR_album: Hacker Public Radio\n";
echo "HPR_artist: ${host}\n";
echo "HPR_hostid: ${hostid}\n";
echo "HPR_comment: https://hackerpublicradio.org ${explicit}; $summary\n";
echo "HPR_genre: Podcast\n";
echo "HPR_license: ${license}\n";
echo "HPR_title: ${title}\n";
echo "HPR_track: $id\n";
echo "HPR_year: " . date("Y", $date) . "\n";
echo "HPR_duration: ${duration}\n";
echo "HPR_explicit: ${explicit}\n";
?>

164
cms/schedule.php Normal file
View File

@@ -0,0 +1,164 @@
<?php
header('Content-Type: application/json');
require "/home/hpr/php/include.php";
$pos = strpos($_SERVER['REQUEST_URI'], '?');
if ( ! $pos === false) {
header("Status: 412 Precondition Failed");
include '412.shtml';
file_put_contents($naughtyfile, getUserIP(), FILE_APPEND | LOCK_EX );
exit;
}
// --------------------------------------------
// Clean up stale reservations
$ip = $_SERVER["REMOTE_ADDR"];
# Remove any stale requests.
# This should be enough to deter attackers while been short enough to allow real hosts to request a show.
$query_delete_old = "DELETE
FROM
reservations
WHERE
reservations.timestamp + INTERVAL 1 HOUR <= UTC_TIMESTAMP()
AND reservations.status = 'REQUEST_UNVERIFIED'";
$result_delete_old = @mysqli_query($connection, $query_delete_old);
logextra( "Deleting requests older than 1 hour" . $result_delete_old );
# Remove stale requests from this IP Address after 15 minutes.
# This should be enough to deter attackers while been short enough to allow real hosts to request a show.
$query_delete = "DELETE FROM reservations WHERE reservations.ip = '$ip' AND reservations.timestamp + INTERVAL 15 MINUTE <= UTC_TIMESTAMP() AND reservations.status = 'REQUEST_UNVERIFIED'";
$result_delete = @mysqli_query($connection, $query_delete);
logextra( "Remove stale requests from this \"${ip}\" IP Address after 15 minutes. " . $result_delete_old );
$query = mysqli_query($connection, "SELECT max(date), max(id) from eps WHERE eps.date <= UTC_DATE()");
$current_episode_array = mysqli_fetch_row($query);
$current_episode_date = $current_episode_array[0];
$current_episode_number = $current_episode_array[1];
// --------------------------------------------
// Populate array with future shows and reservations
$show_array = array ();
// REQUEST_UNVERIFIED → SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET
$ep_retrieve = "SELECT hosts.host, eps.id, eps.title, eps.date FROM eps, hosts WHERE eps.valid=1 AND eps.hostid = hosts.hostid AND eps.date >= '$current_episode_date' ORDER BY date DESC";
$ep_retrieve = "SELECT
hosts.host,
eps.id,
eps.title,
eps.date,
COUNT( assets.extension) AS numfiles
FROM
eps
LEFT JOIN hosts ON eps.hostid = hosts.hostid
LEFT JOIN assets ON eps.id = assets.episode_id
WHERE
eps.valid = 1
AND eps.date >= '$current_episode_date'
GROUP BY eps.id;";
if ($result = mysqli_query($connection, $ep_retrieve)) {
while ($row = mysqli_fetch_array($result)) {
$id = $row['id'];
$date = $row['date'];
$title = $row['title'];
$host = $row['host'];
$numfiles = $row['numfiles'];
if( isset($numfiles) and $numfiles >= 3 ) {
$status = "Finished";
}
else {
$status = "Reserved";
}
$show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ),
"title" => $title,
"host" => $host,
"status" => $status
);
}
}
// REQUEST_UNVERIFIED → SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET
// Populate array with currently processing shows EMAIL_LINK_CLICKED
$ep_retrieve = "
SELECT
reservations.ep_num,
reservations.ep_date,
reservations.status
FROM
reservations
WHERE
reservations.verified = 1
AND reservations.ep_date >= '$current_episode_date'
ORDER BY
reservations.ep_date DESC";
if ($result = mysqli_query($connection, $ep_retrieve)) {
while ($row = mysqli_fetch_array($result)) {
$id = $row['ep_num'];
$date = $row['ep_date'];
$status = $row['status'];
$show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ),
"title" => $status,
"host" => "Unverified",
"status" => "Processing"
);
}
}
// Populate array with temporary reservations.
$ep_retrieve = "SELECT r.ep_num, r.ep_date, r.timestamp + INTERVAL 1 HOUR - UTC_TIMESTAMP() AS seconds_to_expiration FROM reservations r
WHERE r.timestamp + INTERVAL 1 HOUR > UTC_TIMESTAMP() AND r.verified =0 AND r.ep_date >= '$current_episode_date' ORDER BY r.ep_date DESC";
if ($result = mysqli_query($connection, $ep_retrieve)) {
while ($row = mysqli_fetch_array($result)) {
$id = $row['ep_num'];
$date = $row['ep_date'];
$seconds_to_expiration = $row['seconds_to_expiration'];
$minutes = floor($seconds_to_expiration / 60) + 1;
$show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ),
"title" => " Available again in $minutes minutes",
"host" => "Unverified",
"status" => "Locked"
);
}
}
$ep_retrieve = "SELECT
hosts.host,
eps.id,
eps.title,
eps.date
FROM
eps,
hosts,
assets
WHERE
eps.valid = 1
AND eps.hostid = hosts.hostid
AND eps.id = assets.episode_id
AND assets.extension = 'ogg'
AND eps.date >= '$current_episode_date'
ORDER BY
date DESC";
if ($result = mysqli_query($connection, $ep_retrieve)) {
while ($row = mysqli_fetch_array($result)) {
$id = $row['id'];
$date = $row['date'];
$title = $row['title'];
$host = $row['host'];
$show_array[$id] = array ( "date" => date('Y-m-d', strtotime($date) ),
"title" => $title,
"host" => $host,
"status" => "Finished"
);
}
}
echo json_encode($show_array, JSON_FORCE_OBJECT);
?>

137
cms/status.php Normal file
View File

@@ -0,0 +1,137 @@
<?php
require "/home/hpr/php/include.php";
if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) {
naughty("438a220a58dc34c200a8669547afc66b");
}
$num_get_args=0;
foreach($_GET as $k => $v) {
++$num_get_args;
}
if ( $num_get_args !== 2 ){
$result = mysqli_query($connection, "SET time_zone = '+0:00';");
if (!isset($result)) {
naughty("cca6408ae1febc3f07974177b2d04375");
}
header("Content-type: text/csv");
print "timestamp_epoc,ep_num,ep_date,key,status,email\n";
# 1649790226_3710_2022-10-21_b291590ce4ba23b519935bde53d0a5936255cd12e96b4
$query = "SELECT UNIX_TIMESTAMP(timestamp) as timestamp_epoc, `ep_num`, `ep_date`, `key`, `status`, `email` FROM `reservations` WHERE `ep_num` > 0 ORDER BY `ep_num` ASC";
if($result = mysqli_query($connection, $query)) {
while($row = mysqli_fetch_array($result)) {
//handle text color
print "{$row['timestamp_epoc']},{$row['ep_num']},{$row['ep_date']},{$row['key']},{$row['status']},{$row['email']}\n";
}
}
else {
naughty("2dcabda45255713ea9bf04523e804016");
}
mysqli_close($connection);
exit;
}
if ( empty($_GET["ep_num"]) or empty($_GET["status"]) ) {
naughty("32bedea129648f27701f2f2f3ff4b7b5");
}
if ( !in_array($_GET["status"], array('METADATA_PROCESSED','SHOW_POSTED','MEDIA_TRANSCODED','UPLOADED_TO_IA','UPLOADED_TO_RSYNC_NET','REMOVE_RESERVATION'), true ) ) {
naughty("88882bc97094e7aabf2a258756f917f5 ");
}
else {
$status = $_GET["status"];
}
if ( !empty($_GET["ep_num"]) and isset( $_GET["ep_num"] ) ) {
$ep_num = intval( $_GET["ep_num"] );
}
else {
naughty("ecb0ebc5b38b4c09226ccbfce05978cb");
}
// // SELECT MAX(ep_num) FROM `reservations` → 3627
// // SELECT MIN(ep_num) FROM `reservations` WHERE ep_num > 0 → 3582
//
$result = mysqli_query($connection, 'SELECT MAX(ep_num) FROM `reservations`;');
if (!isset($result)) {
naughty("360e6381ffca736b6f12056abd7dcc7d");
}
$max_eps_array = mysqli_fetch_row( $result );
$max_eps = $max_eps_array[0];
mysqli_free_result($result);
$result = mysqli_query($connection, 'SELECT MIN(ep_num) FROM `reservations` WHERE ep_num > 0;');
if (!isset($result)) {
naughty("6971b6d378292e8fc9583de6082eddf4");
}
$min_eps_array = mysqli_fetch_row( $result );
$min_eps = $min_eps_array[0];
mysqli_free_result($result);
if ( empty( $ep_num ) ) {
naughty("6cf46a9b21e667c61b2c5bf87a7104f9 $ep_num");
}
if ( $ep_num < $min_eps ) {
naughty("bbcef7cd8a263dc57e85195935ad600a $ep_num < $min_eps");
}
if ( $ep_num > $max_eps ) {
naughty("a75115f3fa706ceee4b61971cd22b8f9 $ep_num > $max_eps");
}
// SHOW_SUBMITTED → METADATA_PROCESSED → SHOW_POSTED → MEDIA_TRANSCODED → UPLOADED_TO_IA → UPLOADED_TO_RSYNC_NET
switch ($status) {
case "METADATA_PROCESSED":
$current_status="SHOW_SUBMITTED";
break;
case "SHOW_POSTED":
$current_status="METADATA_PROCESSED";
break;
case "MEDIA_TRANSCODED":
$current_status="SHOW_POSTED";
break;
case "UPLOADED_TO_IA":
$current_status="MEDIA_TRANSCODED";
break;
case "UPLOADED_TO_RSYNC_NET":
$current_status="UPLOADED_TO_IA";
break;
case "REMOVE_RESERVATION":
$query = "DELETE FROM reservations WHERE `ep_num` = '$ep_num' ";
$result = @mysqli_query($connection, $query);
if (mysqli_errno( $connection)) {
$error = "MySQL error ".mysqli_errno( $connection).": ".mysqli_error($connection)."\n";
problem("Could not update the show reservation to $status in the db");
}
mysqli_free_result($result);
mysqli_close($connection);
logextra( "$query");
die;
}
$result = mysqli_query($connection, "SELECT ep_num FROM reservations WHERE `ep_num` = '$ep_num' AND status='$current_status';");
if (!isset($result)) {
naughty("7f2d7228ca355be6dd2a24769595b18f");
}
$db_ep_num_array = mysqli_fetch_row( $result );
$db_ep_num = $db_ep_num_array[0];
mysqli_free_result($result);
if ( $db_ep_num != $ep_num ){
problem("da59731c6ae6d1ce0fa2fa9fc4e1e726 $db_ep_num != $ep_num");
}
$query = "UPDATE reservations SET `status` = '$status' WHERE `ep_num` = '$ep_num' AND status='$current_status';";
$result = mysqli_query($connection, $query );
if(!isset($result)) {
problem("8a76bb408877b1d33bf31ea96b6fc02f");
}
if (mysqli_errno( $connection )) {
$error = "MySQL error ".mysqli_errno( $connection).": ".mysqli_error($connection)."\n";
problem("Could not update the show reservation to $status in the db");
}
mysqli_close($connection);
logextra( "UPDATE reservations SET `status` = '$status' WHERE ep_num='$ep_num' AND status='$current_status';");
?>