paulj/hpr_hub
1
0
Fork 0
forked from HPR/hpr_hub
Code Pull Requests Activity

More changes to the comment system. To include the reuse of a common check file

Browse Source
This commit is contained in:
Ken Fallon
2023-12-23 21:54:16 +01:00
parent 7f9611b1b9
commit d725b2cf14
5 changed files with 309 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
cms/comment_process.php
View File

@@ -44,8 +44,6 @@ else {
$action = $_GET["action"];
}
$comment_directory = "/home/hpr/comments";
if ( ! file_exists( $comment_directory ) ) {
# Looks like the comments directory has not been created
naughty("0fdffa1dbe94e0730cef457be93ebf40 cant find comment directory");
@@ -68,13 +66,22 @@ if ( ! filter_var($file_ip, FILTER_VALIDATE_IP) ) {
if ( $action === 'block' ) {
file_put_contents($naughtyfile, date('Y-m-d\TH:i:s\Z') . "\t${file_ip}\tReported as comment spammer\t${key}\n", FILE_APPEND | LOCK_EX );
unlink( "${file}" );
$db["http_code"] = "201";
$db["action"] = "block";
http_response_code(201);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($db);
exit;
}
if ( $action === 'delete' ) {
unlink( "${file}" );
$db["http_code"] = "202";
$db["action"] = "delete";
http_response_code(202);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($db);
unlink( "${file}" );
exit;
}
@@ -83,110 +90,7 @@ if ( $action === 'approve' ) {
$json = json_decode($comment, true);
if ( empty($json["comment_author_name"]) or strlen($json["comment_author_name"]) > 40 ) {
naughty("15f377e657196bb8192ec11755b0ca75 empty comment_author_name");
}
$comment_author_name = $json["comment_author_name"];
if ( empty($json["comment_title"]) or strlen($json["comment_title"]) > 100) {
naughty("ce604e6bf3c1e0aa0ec7ab78ae07e6cb empty comment_title");
}
$comment_title = $json["comment_title"];
if ( empty($json["comment_text"]) or strlen($json["comment_text"]) > 2000 ) {
naughty("d4101542e2d0264c0cdb8ac4bdf6bf09 empty comment_text");
}
$comment_text = $json["comment_text"];
if ( empty($json["justification"]) or strlen($json["justification"]) > 200 or strlen($json["justification"]) < 20 ) {
naughty("f87785f8eda5d75de8cb08c386c66c56 empty justification");
}
$justification = $json["justification"];
if ( empty($json["key"]) ) {
naughty("f87785f8eda5d75de8cb08c386c66c56 empty key");
}
if ( $key !== $json["key"] ) {
naughty("9d7f5e1a7a075a925ed1231decc16965 provided key is not matching json key");
}
// check ip //
//
if ( empty($json["ip"]) ) {
naughty("025622ea15552a7b8a3ae71405cf1fbf empty ip");
}
$ip = $json["ip"];
if ( ! filter_var($ip, FILTER_VALIDATE_IP)) {
naughty("571f2d51046da9c923e01ae8bbfc037e not an IP");
}
// check ep_num //
//
if ( empty($json["eps_id"]) ) {
naughty("6740e9b34590fe5b8f1829aeb5da099d empty eps_id");
}
$ep_num = $json["eps_id"];
if ( intval($ep_num) === 0 ) {
naughty("fdae5c63eb5608820b13c9d096166c84 ep_num not int");
}
else {
$ep_num = intval($ep_num);
}
if ( ( $ep_num <= 0 ) OR ( $ep_num >= 9999) ) {
naughty("eb90a1a69fd531d5c649e3f5367bd570 ep_num outside range");
}
$ep_retrieve = "SELECT id FROM eps WHERE id=$ep_num;";
if ($result = mysqli_query($connection, $ep_retrieve)) {
if ( ! $result->fetch_assoc()) {
naughty("b9ac28c5c661d7ed1c4c009de0279e07 ep_num not a real show");
}
}
// date //
//
if ( empty($json["comment_timestamp"]) ) {
naughty("bdc8352b3cc66626c3cb9e24b197eea6 empty comment_timestamp");
}
$comment_timestamp = $json["comment_timestamp"];
// 2023-12-23T12:21:29Z
if ( !preg_match("/\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$/", $comment_timestamp) ) {
naughty("ad7f805c2f42be77122ec52f114fe318 comment_timestamp not matching regex");
}
if ( strtotime($comment_timestamp) === false ) {
naughty("fa8cfb5266783bfb4dc06120bfdf5675 comment_timestamp not a date");
}
$comment_timestamp_epoch = strtotime($comment_timestamp);
$a_week_ago = strtotime(date("Y-m-d H:i:s", time()) . " -1 week" );
// if ( $comment_timestamp_epoch <= $a_week_ago ) {
// naughty("f3fae30aec607f499108db240ec28456 comment_timestamp older than a week");
// }
$date = new DateTime( $comment_timestamp );
$comment_timestamp_db = $date->format('Y-m-d H:i:s');
// anti spam
if (file_exists($naughty_stings_file)) {
$comment = strtolower( "$comment_author_name, $comment_text, $comment_title, $justification" );
$naughty_words = file("$naughty_stings_file", FILE_SKIP_EMPTY_LINES|FILE_IGNORE_NEW_LINES);
foreach ( $naughty_words as $naughty_word) {
if ( strpos( $comment, strtolower( $naughty_word ) ) !== false ) {
naughty("b5fd199bfeb4c1bbd4923b4af5415ce3 fails banned wordcheck \"$naughty_word\"");
}
}
}
require "/home/hpr/public_html_hub/cms/comment_checks.php";
// OK I believe you
@@ -220,6 +124,8 @@ if ( $action === 'approve' ) {
if ( empty($db["id"]) ) {
naughty("1caead2716fb4e793b11f978eddd7559 could not find the id of the entry. comment_timestamp='$comment_timestamp_db' and comment_author_name='$comment_author_name'");
}
$db["http_code"] = "200";
$db["action"] = "approve";
http_response_code(200);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($db);
@@ -231,35 +137,3 @@ if ( $action === 'approve' ) {
http_response_code(500);
?>