forked from HPR/hpr_hub
Initial push of the dynamic code
This commit is contained in:
75
cms/comment_process.php
Executable file
75
cms/comment_process.php
Executable file
@@ -0,0 +1,75 @@
|
||||
<?php
|
||||
require "/home/hpr/php/include.php";
|
||||
|
||||
if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) {
|
||||
naughty("5c965856fd6e1af9256c04d400698fae");
|
||||
}
|
||||
$num_get_args=0;
|
||||
|
||||
foreach($_GET as $k => $v) {
|
||||
++$num_get_args;
|
||||
}
|
||||
if ( $num_get_args !== 2 ){
|
||||
# they are trying to GET on a POST request
|
||||
naughty("638709cc1d7f107c024eb2a663675e8c");
|
||||
}
|
||||
|
||||
if ( empty($_GET["key"]) or empty($_GET["action"]) ) {
|
||||
naughty("991ce46448d64b90bc8a837b58b7ad20");
|
||||
}
|
||||
|
||||
if ( empty($_GET["key"]) or strlen($_GET["key"]) !== 45 ) {
|
||||
naughty("c9e5ea8d870dda8db08bc570cbed7f84");
|
||||
}
|
||||
|
||||
if ( !empty($_GET["key"]) and
|
||||
isset( $_GET['key'] ) and
|
||||
strlen( $_GET['key'] ) === 45 and
|
||||
strlen( htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) ) ) === 45 and
|
||||
ctype_xdigit( $_GET['key'] )
|
||||
) {
|
||||
$key = htmlspecialchars( stripslashes( strip_tags( $_GET['key'] ) ) );
|
||||
}
|
||||
else {
|
||||
naughty("868d9cc49b2f1e4a9319a8e8755d6189");
|
||||
}
|
||||
|
||||
if ( !in_array($_GET["action"], array('approve','delete','block'), true ) ) {
|
||||
naughty("c0ca62c918f9bb0ab72da0cdf2f2e8df ");
|
||||
}
|
||||
else {
|
||||
$action = $_GET["action"];
|
||||
}
|
||||
|
||||
$comment_directory = "/home/hpr/comments";
|
||||
|
||||
if ( ! file_exists( $comment_directory ) ) {
|
||||
# Looks like the comments directory has not been created
|
||||
naughty("0fdffa1dbe94e0730cef457be93ebf40");
|
||||
}
|
||||
|
||||
$files = glob( "${comment_directory}/[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z_*_${key}.json" );
|
||||
if (count($files) === 0) {
|
||||
naughty("3efef2971727905064855d7866cb0059");
|
||||
}
|
||||
else {
|
||||
$file = $files[0];
|
||||
}
|
||||
|
||||
list($begin, $file_ip, $end) = explode('_', $file);
|
||||
|
||||
if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) {
|
||||
naughty("70ebe39c92b393c288e41a4d3128b5da");
|
||||
}
|
||||
|
||||
if ( $action === 'block' ) {
|
||||
file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t${file_ip}\tReported as comment spammer\t${key}\n", FILE_APPEND | LOCK_EX );
|
||||
}
|
||||
|
||||
unlink( "${file}" );
|
||||
http_response_code(200);
|
||||
|
||||
|
||||
// exit;
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user