Beispiel #1
0
function performAndPrintTests()
{
    global $settings;
    global $_testInstall_Ok;
    /*
     * Load all the SSL signing code, we need it to create a private key
     */
    require_once "lib/services/Signing/Services_Signing_Base.php";
    require_once "lib/services/Signing/Services_Signing_Php.php";
    require_once "lib/services/Signing/Services_Signing_Openssl.php";
    $spotSigning = Services_Signing_Base::factory();
    $privKey = $spotSigning->createPrivateKey($settings['openssl_cnf_path']);
    /* We need either one of those 3 extensions, so set the error flag manually */
    if (!extension_loaded('openssl') && !extension_loaded('gmp') && !extension_loaded('bcmath')) {
        $_testInstall_Ok = false;
    }
    # if
    /*
     * Try to create the cache directory
     */
    @mkdir('./cache', 0777);
    /*
     * Load the template
     */
    showTemplate("step-001.inc.php", array('privKey' => $privKey));
}
Beispiel #2
0
 function getFullSpot($msgId, $ourUserId, $nntp)
 {
     SpotTiming::start('SpotsOverview::' . __FUNCTION__);
     $fullSpot = $this->_db->getFullSpot($msgId, $ourUserId);
     if (empty($fullSpot)) {
         /*
          * Retrieve a full loaded spot from the NNTP server
          */
         $newFullSpot = $nntp->getFullSpot($msgId);
         $this->_db->addFullSpots(array($newFullSpot));
         /*
          * If the current spotterid is empty, we probably now
          * have a spotterid because we have the fullspot.
          */
         if (empty($fullSpot['spotterid']) && $newFullSpot['verified']) {
             $spotSigning = Services_Signing_Base::newServiceSigning();
             $newFullSpot['spotterid'] = $spotSigning->calculateSpotterId($newFullSpot['user-key']['modulo']);
             /* 
              * Update the spotterid in the spots table so it can be filtered later on
              */
             $this->_db->updateSpotInfoFromFull($newFullSpot);
         }
         # if
         /*
          * We ask our DB to retrieve the fullspot again, this ensures
          * us all information is present and in always the same format
          */
         $fullSpot = $this->_db->getFullSpot($msgId, $ourUserId);
     }
     # if
     /**
      * We'll overwrite our spot info from the database with some information we parse from the 
      * XML. This is necessary because the XML contains better encoding.
      *
      * For example take the titel from spot bdZZdJ3gPxTAmSE%40spot.net.
      *
      * We cannot use all information from the XML because because some information just
      * isn't present in the XML file
      */
     $spotParser = new SpotParser();
     $parsedXml = $spotParser->parseFull($fullSpot['fullxml']);
     $fullSpot = array_merge($parsedXml, $fullSpot);
     $fullSpot['title'] = $parsedXml['title'];
     /*
      * When we retrieve a fullspot entry but there is no spot entry the join in our DB query
      * causes us to never get the spot, hence we throw this exception
      */
     if (empty($fullSpot)) {
         throw new Exception("Spot is not in our Spotweb database");
     }
     # if
     SpotTiming::stop('SpotsOverview::' . __FUNCTION__, array($msgId, $ourUserId, $nntp, $fullSpot));
     return $fullSpot;
 }
Beispiel #3
0
 function render()
 {
     $formMessages = array('errors' => array(), 'info' => array());
     # Controleer de users' rechten
     $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_report_spam, '');
     # Sportparser is nodig voor het escapen van de random string
     $spotParser = new SpotParser();
     # spot signing is nodig voor het RSA signen van de spot en dergelijke
     $spotSigning = Services_Signing_Base::newServiceSigning();
     # creeer een default report
     $report = array('body' => 'This is SPAM!', 'inreplyto' => $this->_inReplyTo, 'newmessageid' => '', 'randomstr' => '');
     # reportpost verzoek was standaard niet geprobeerd
     $postResult = array();
     # zet de page title
     $this->_pageTitle = "report: report spot";
     /* 
      * bring the forms' action into the local scope for 
      * easier access
      */
     $formAction = $this->_reportForm['action'];
     # Make sure the anonymous user and reserved usernames cannot post content
     $spotUser = new SpotUserSystem($this->_db, $this->_settings);
     if (!$spotUser->allowedToPost($this->_currentSession['user'])) {
         $postResult = array('result' => 'notloggedin');
         $formAction = '';
     }
     # if
     if ($formAction == 'post') {
         # Notificatiesysteem initialiseren
         $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession);
         # zorg er voor dat alle variables ingevuld zijn
         $report = array_merge($report, $this->_reportForm);
         # vraag de users' privatekey op
         $this->_currentSession['user']['privatekey'] = $this->_db->getUserPrivateRsaKey($this->_currentSession['user']['userid']);
         # het messageid krijgen we met <>'s, maar we werken
         # in spotweb altijd zonder, dus die strippen we
         $report['newmessageid'] = substr($report['newmessageid'], 1, -1);
         # valideer of we dit report kunnen posten, en zo ja, doe dat dan
         $spotPosting = new SpotPosting($this->_db, $this->_settings);
         $formMessages['errors'] = $spotPosting->reportSpotAsSpam($this->_currentSession['user'], $report);
         if (empty($formMessages['errors'])) {
             $postResult = array('result' => 'success');
             # en verstuur een notificatie
             $spotsNotifications->sendReportPosted($report['inreplyto']);
         } else {
             $postResult = array('result' => 'failure');
         }
         # else
     }
     # if
     #- display stuff -#
     $this->template('spamreport', array('postreportform' => $report, 'formmessages' => $formMessages, 'postresult' => $postResult));
 }
 function render()
 {
     # Make sure the result is set to 'not comitted' per default
     $result = new Dto_FormResult('notsubmitted');
     # Validate proper permissions
     $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_comment, '');
     $spotParseUtil = new Services_Format_Util();
     $spotSigning = Services_Signing_Base::factory();
     $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
     /*
      * Make sure we have the template for the comment form
      * so our view can always render properties
      */
     $comment = array('body' => '', 'rating' => 0, 'inreplyto' => $this->_inReplyTo, 'newmessageid' => '', 'randomstr' => '');
     # set the page title
     $this->_pageTitle = "spot: post comment";
     /* 
      * bring the forms' action into the local scope for 
      * easier access
      */
     $formAction = $this->_commentForm['action'];
     if ($formAction == 'post') {
         # Make sure we use valid forms
         $comment = array_merge($comment, $this->_commentForm);
         # validate whether we can post comments, if so, do this
         $svcPostComment = new Services_Posting_Comment($this->_daoFactory, $this->_settings);
         $result = $svcPostComment->postComment($svcUserRecord, $this->_currentSession['user'], $comment);
         if ($result->isSuccess()) {
             /* Format the body so we can have smilies and stuff be shown in the template */
             $tmpBody = $this->_tplHelper->formatContent($comment['body']);
             /* Try to create the avatar */
             if (!empty($this->_currentSession['user']['avatar'])) {
                 $comment['user-avatar'] = $this->_currentSession['user']['avatar'];
             } else {
                 $comment['user-key'] = $spotSigning->getPublicKey($this->_currentSession['user']['publickey']);
             }
             # else
             $commentImage = $this->_tplHelper->makeCommenterImageUrl($comment);
             /* and return the result to the system */
             $result->addData('user', $this->_currentSession['user']['username']);
             $result->addData('spotterid', $spotParseUtil->calculateSpotterId($comment['user-key']['modulo']));
             $result->addData('rating', $comment['rating']);
             $result->addData('body', $tmpBody);
             $result->addData('commentimage', $commentImage);
         }
         # if
     }
     # if
     #- display stuff -#
     $this->template('postcomment', array('postcommentform' => $comment, 'result' => $result));
 }
 public function createUserRecord(array $spotUser)
 {
     $result = new Dto_FormResult();
     $spotUser['userid'] = false;
     /*
      * Create a random password for this user
      */
     $spotUser['newpassword1'] = substr(Services_User_Util::generateUniqueId(), 1, 9);
     $spotUser['newpassword2'] = $spotUser['newpassword1'];
     /*
      * Validate several properties of the user, we share
      * this code with the user editor
      */
     $result->mergeResult($this->validateUserRecord($spotUser, false));
     /*
      * Make sure no other user exists with the same username
      */
     $userIdForName = $this->_userDao->findUserIdForName($spotUser['username']);
     if (!empty($userIdForName)) {
         $result->addError(sprintf(_("'%s' already exists"), $spotUser['username']));
     }
     # if
     if ($result->isSuccess()) {
         # Create a private and public key pair for this user
         $spotSigning = Services_Signing_Base::factory();
         $userKey = $spotSigning->createPrivateKey($this->_settings->get('openssl_cnf_path'));
         $spotUser['publickey'] = $userKey['public'];
         $spotUser['privatekey'] = $userKey['private'];
         # Actually add the user
         $spotUser['userid'] = $this->addUser($spotUser);
         /*
          * We assume the user was successfully added, all validation is done at
          * a higher level, and addUser() will throw an exception if something is
          * seriously wrong
          */
         $result->addData('userid', $spotUser['userid']);
         $result->addData('username', $spotUser['username']);
         $result->addData('password', $spotUser['newpassword1']);
         $result->addData('userrecord', $spotUser);
         $result->addInfo(sprintf(_("User <strong>&quot;%s&quot;</strong> successfully added"), $spotUser['username']));
         $result->addInfo(sprintf(_("Password: <strong>&quot;%s&quot;</strong>"), $spotUser['newpassword1']));
         $result->setResult('success');
     }
     # if
     return $result;
 }
 function createServerKeys($openSslCnfPath)
 {
     $spotSigning = Services_Signing_Base::factory();
     $x = $spotSigning->createPrivateKey($openSslCnfPath);
     $this->setIfNot('publickey', $x['public']);
     $this->setIfNot('privatekey', $x['private']);
 }
 function updateUserPreferences()
 {
     $userList = $this->_userDao->getUserList();
     # loop through every user and fix it
     foreach ($userList as $user) {
         /*
          * Because we do not get all users' properties from
          * getUserList, retrieve the users' settings from scratch
          */
         $user = $this->_userDao->getUser($user['userid']);
         # set the users' preferences
         $this->setSettingIfNot($user['prefs'], 'perpage', 25);
         $this->setSettingIfNot($user['prefs'], 'date_formatting', 'human');
         $this->setSettingIfNot($user['prefs'], 'normal_template', 'we1rdo');
         $this->setSettingIfNot($user['prefs'], 'mobile_template', 'mobile');
         $this->setSettingIfNot($user['prefs'], 'tablet_template', 'we1rdo');
         $this->setSettingIfNot($user['prefs'], 'count_newspots', true);
         $this->setSettingIfNot($user['prefs'], 'mouseover_subcats', true);
         $this->setSettingIfNot($user['prefs'], 'keep_seenlist', true);
         $this->setSettingIfNot($user['prefs'], 'auto_markasread', true);
         $this->setSettingIfNot($user['prefs'], 'keep_downloadlist', true);
         $this->setSettingIfNot($user['prefs'], 'keep_watchlist', true);
         $this->setSettingIfNot($user['prefs'], 'nzb_search_engine', 'nzbindex');
         $this->setSettingIfNot($user['prefs'], 'show_filesize', true);
         $this->setSettingIfNot($user['prefs'], 'show_reportcount', true);
         $this->setSettingIfNot($user['prefs'], 'minimum_reportcount', 1);
         $this->setSettingIfNot($user['prefs'], 'show_nzbbutton', true);
         $this->setSettingIfNot($user['prefs'], 'show_multinzb', true);
         $this->setSettingIfNot($user['prefs'], 'customcss', '');
         $this->setSettingIfNot($user['prefs'], 'newspotdefault_tag', $user['username']);
         $this->setSettingIfNot($user['prefs'], 'newspotdefault_body', '');
         $this->setSettingIfNot($user['prefs'], 'user_language', 'en_US');
         $this->setSettingIfNot($user['prefs'], 'show_avatars', true);
         $this->setSettingIfNot($user['prefs'], 'usemailaddress_for_gravatar', true);
         $this->setSettingIfNot($user['prefs']['nzbhandling'], 'action', 'disable');
         $this->setSettingIfNot($user['prefs']['nzbhandling'], 'local_dir', '/tmp');
         $this->setSettingIfNot($user['prefs']['nzbhandling'], 'prepare_action', 'merge');
         $this->setSettingIfNot($user['prefs']['nzbhandling'], 'command', '');
         $this->setSettingIfNot($user['prefs']['nzbhandling']['sabnzbd'], 'url', '');
         $this->setSettingIfNot($user['prefs']['nzbhandling']['sabnzbd'], 'apikey', '');
         $this->setSettingIfNot($user['prefs']['nzbhandling']['sabnzbd'], 'username', '');
         $this->setSettingIfNot($user['prefs']['nzbhandling']['sabnzbd'], 'password', '');
         $this->setSettingIfNot($user['prefs']['nzbhandling']['nzbget'], 'host', '');
         $this->setSettingIfNot($user['prefs']['nzbhandling']['nzbget'], 'port', '');
         $this->setSettingIfNot($user['prefs']['nzbhandling']['nzbget'], 'username', '');
         $this->setSettingIfNot($user['prefs']['nzbhandling']['nzbget'], 'password', '');
         $this->setSettingIfNot($user['prefs']['nzbhandling']['nzbget'], 'timeout', 15);
         $this->setSettingIfNot($user['prefs']['notifications']['boxcar'], 'email', '');
         $this->setSettingIfNot($user['prefs']['notifications']['growl'], 'host', '');
         $this->setSettingIfNot($user['prefs']['notifications']['growl'], 'password', '');
         $this->setSettingIfNot($user['prefs']['notifications']['nma'], 'api', '');
         $this->setSettingIfNot($user['prefs']['notifications']['notifo'], 'username', '');
         $this->setSettingIfNot($user['prefs']['notifications']['notifo'], 'api', '');
         $this->setSettingIfNot($user['prefs']['notifications']['prowl'], 'apikey', '');
         $this->setSettingIfNot($user['prefs']['notifications']['twitter'], 'screen_name', '');
         $this->setSettingIfNot($user['prefs']['notifications']['twitter'], 'request_token', '');
         $this->setSettingIfNot($user['prefs']['notifications']['twitter'], 'request_token_secret', '');
         $this->setSettingIfNot($user['prefs']['notifications']['twitter'], 'access_token', '');
         $this->setSettingIfNot($user['prefs']['notifications']['twitter'], 'access_token_secret', '');
         $notifProviders = Notifications_Factory::getActiveServices();
         foreach ($notifProviders as $notifProvider) {
             $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider], 'enabled', false);
             $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider]['events'], 'watchlist_handled', false);
             $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider]['events'], 'nzb_handled', false);
             $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider]['events'], 'retriever_finished', false);
             $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider]['events'], 'report_posted', false);
             $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider]['events'], 'spot_posted', false);
             $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider]['events'], 'user_added', false);
             $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider]['events'], 'newspots_for_filter', false);
         }
         // foreach
         # make sure a sort preference is defined. An empty field means relevancy
         $this->setSettingIfNot($user['prefs'], 'defaultsortfield', '');
         # Remove deprecated preferences
         $this->unsetSetting($user['prefs'], 'search_url');
         $this->unsetSetting($user['prefs'], 'template');
         $this->unsetSetting($user['prefs']['notifications'], 'libnotify');
         # Make sure the user has a valid RSA key
         if ($user['userid'] > 2) {
             $rsaKey = $this->_userDao->getUserPrivateRsaKey($user['userid']);
             if (empty($rsaKey)) {
                 # Creer een private en public key paar voor deze user
                 $spotSigning = Services_Signing_Base::factory();
                 $userKey = $spotSigning->createPrivateKey($this->_settings->get('openssl_cnf_path'));
                 $this->_userDao->setUserRsaKeys($user['userid'], $userKey['public'], $userKey['private']);
             }
             # if
         }
         # if
         /*
          * In earlier versions, we always appended "sabnzbd/" to the URL, so we do this once
          * manually
          */
         if ($this->_settings->get('securityversion') < 0.31) {
             if (!empty($user['prefs']['nzbhandling']['sabnzbd']['url'])) {
                 $user['prefs']['nzbhandling']['sabnzbd']['url'] = $user['prefs']['nzbhandling']['sabnzbd']['url'] . 'sabnzbd/';
             }
             # if
         }
         # if
         # update the user record in the database
         $this->_userDao->setUser($user);
     }
     # foreach
 }
Beispiel #8
0
 function render()
 {
     $formMessages = array('errors' => array(), 'info' => array());
     # Validate proper permissions
     $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_comment, '');
     # Sportparser is nodig voor het escapen van de random string
     $spotParser = new SpotParser();
     # spot signing is nodig voor het RSA signen van de spot en dergelijke
     $spotSigning = Services_Signing_Base::newServiceSigning();
     # creeer een default comment zodat het form altijd
     # de waardes van het form kan renderen
     $comment = array('body' => '', 'rating' => 0, 'inreplyto' => $this->_inReplyTo, 'newmessageid' => '', 'randomstr' => '');
     # postcomment verzoek was standaard niet geprobeerd
     $postResult = array();
     # zet de page title
     $this->_pageTitle = "spot: post comment";
     /* 
      * bring the forms' action into the local scope for 
      * easier access
      */
     $formAction = $this->_commentForm['action'];
     # Make sure the anonymous user and reserved usernames cannot post content
     $spotUser = new SpotUserSystem($this->_db, $this->_settings);
     if (!$spotUser->allowedToPost($this->_currentSession['user'])) {
         $postResult = array('result' => 'notloggedin');
         $formAction = '';
     }
     # if
     if ($formAction == 'post') {
         # zorg er voor dat alle variables ingevuld zijn
         $comment = array_merge($comment, $this->_commentForm);
         # vraag de users' privatekey op
         $this->_currentSession['user']['privatekey'] = $spotUser->getUserPrivateRsaKey($this->_currentSession['user']['userid']);
         # het messageid krijgen we met <>'s, maar we werken
         # in spotweb altijd zonder, dus die strippen we
         $comment['newmessageid'] = substr($comment['newmessageid'], 1, -1);
         # valideer of we deze comment kunnen posten, en zo ja, doe dat dan
         $spotPosting = new SpotPosting($this->_db, $this->_settings);
         $formMessages['errors'] = $spotPosting->postComment($this->_currentSession['user'], $comment);
         if (empty($formMessages['errors'])) {
             /* Format the body so we can have smilies and stuff be shown in the template */
             $tmpBody = $this->_tplHelper->formatContent($comment['body']);
             /* Try to create the avatar */
             if (!empty($this->_currentSession['user']['avatar'])) {
                 $comment['user-avatar'] = $this->_currentSession['user']['avatar'];
             } else {
                 $spotSigning = Services_Signing_Base::newServiceSigning();
                 $tmpKey = $spotSigning->getPublicKey($this->_currentSession['user']['privatekey']);
                 $comment['user-key'] = $tmpKey['publickey'];
             }
             # else
             $commentImage = $this->_tplHelper->makeCommenterImageUrl($comment);
             /* and return the result to the system */
             $postResult = array('result' => 'success', 'user' => $this->_currentSession['user']['username'], 'spotterid' => $spotSigning->calculateSpotterId($this->_currentSession['user']['publickey']), 'rating' => $comment['rating'], 'body' => $tmpBody, 'commentimage' => $commentImage);
         } else {
             $postResult = array('result' => 'failure');
         }
         # else
     }
     # if
     #- display stuff -#
     $this->template('postcomment', array('postcommentform' => $comment, 'formmessages' => $formMessages, 'postresult' => $postResult));
 }
 public function readFullSpot($msgId)
 {
     # initialize some variables
     $spotSigning = Services_Signing_Base::factory();
     $spot = array('fullxml' => '', 'user-signature' => '', 'user-key' => '', 'verified' => false, 'messageid' => $msgId, 'spotterid' => '', 'xml-signature' => '', 'moderated' => 0, 'user-avatar' => '', 'newsreader' => '');
     /* 
      * Retrieve the header of the given spot 
      */
     $header = $this->_nntpEngine->getHeader('<' . $msgId . '>');
     $spot = array_merge($spot, $this->parseHeader($header, $spot));
     /*
      * Validate the XML signature of the spot
      */
     $spot['verified'] = $spotSigning->verifyFullSpot($spot);
     /*
      * if the spot is verified, lets calculate the spotterid as well
      * so the user can safely store it in the database
      */
     if ($spot['verified']) {
         $spot['spotterid'] = $this->_spotParseUtil->calculateSpotterId($spot['user-key']['modulo']);
     }
     # if
     /*
      * Some spots are very large bcause they are spammy. if so, we skip them to
      * prevent memory and database issues
      */
     if (strlen($spot['fullxml']) > 1024 * 50) {
         return false;
     }
     # if
     /*
      * Parse the XML structure of the spot, technically not necessary
      */
     $spotParser = new Services_Format_Parsing();
     $spot = array_merge($spotParser->parseFull($spot['fullxml']), $spot);
     return $spot;
 }
Beispiel #10
0
 function render()
 {
     $formMessages = array('errors' => array(), 'info' => array());
     # Validate proper permissions
     $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_spot, '');
     # Sportparser is nodig voor het escapen van de random string
     $spotParser = new SpotParser();
     # spot signing is nodig voor het RSA signen van de spot en dergelijke
     $spotSigning = Services_Signing_Base::newServiceSigning();
     # creeer een default spot zodat het form altijd
     # de waardes van het form kan renderen
     $spot = array('title' => '', 'body' => '', 'category' => 0, 'subcata' => '', 'subcatb' => array(), 'subcatc' => array(), 'subcatd' => array(), 'subcatz' => '', 'tag' => '', 'website' => '', 'newmessageid' => '', 'randomstr' => '');
     # postspot verzoek was standaard niet geprobeerd
     $postResult = array();
     /* 
      * bring the forms' action into the local scope for 
      * easier access
      */
     $formAction = $this->_spotForm['action'];
     # zet de page title
     $this->_pageTitle = "spot: post";
     # Make sure the anonymous user and reserved usernames cannot post content
     $spotUser = new SpotUserSystem($this->_db, $this->_settings);
     if (!$spotUser->allowedToPost($this->_currentSession['user'])) {
         $postResult = array('result' => 'notloggedin');
         $formAction = '';
     }
     # if
     # zorg er voor dat alle variables ingevuld zijn
     $spot = array_merge($spot, $this->_spotForm);
     # If user tried to submit, validate the file uploads
     if ($formAction == 'post') {
         # Make sure an NZB file was provided
         if (!isset($_FILES['newspotform']) || $_FILES['newspotform']['error']['nzbfile'] != UPLOAD_ERR_OK) {
             $formMessages['errors'][] = _('Please select NZB file');
             $postResult = array('result' => 'failure');
             $formAction = '';
         }
         # if
         # Make sure an imgae file was provided
         if (!isset($_FILES['newspotform']) || $_FILES['newspotform']['error']['imagefile'] != UPLOAD_ERR_OK) {
             $formMessages['errors'][] = _('Please select a picture');
             $postResult = array('result' => 'failure');
             $formAction = '';
         }
         # if
         # Make sure the subcategorie are in the proper format
         if (is_array($spot['subcata']) || is_array($spot['subcatz']) || !is_array($spot['subcatb']) || !is_array($spot['subcatc']) || !is_array($spot['subcatd'])) {
             $formMessages['errors'][] = _('Invalid subcategories given ');
             $postResult = array('result' => 'failure');
             $formAction = '';
         }
         # if
     }
     # if
     if ($formAction == 'post') {
         # Notificatiesysteem initialiseren
         $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession);
         # en creer een grote lijst met spots
         $spot['subcatlist'] = array_merge(array($spot['subcata']), $spot['subcatb'], $spot['subcatc'], $spot['subcatd']);
         # vraag de users' privatekey op
         $this->_currentSession['user']['privatekey'] = $spotUser->getUserPrivateRsaKey($this->_currentSession['user']['userid']);
         # het messageid krijgen we met <>'s, maar we werken
         # in spotweb altijd zonder, dus die strippen we
         $spot['newmessageid'] = substr($spot['newmessageid'], 1, -1);
         # valideer of we deze spot kunnen posten, en zo ja, doe dat dan
         $spotPosting = new SpotPosting($this->_db, $this->_settings);
         $formMessages['errors'] = $spotPosting->postSpot($this->_currentSession['user'], $spot, $_FILES['newspotform']['tmp_name']['imagefile'], $_FILES['newspotform']['tmp_name']['nzbfile']);
         if (empty($formMessages['errors'])) {
             $postResult = array('result' => 'success', 'user' => $this->_currentSession['user']['username'], 'spotterid' => $spotSigning->calculateSpotterId($this->_currentSession['user']['publickey']), 'body' => $spot['body']);
             $formMessages['info'][] = _('Spot has been successfully uploaded. It can take some time before it is shown');
             # en verstuur een notificatie
             $spotsNotifications->sendSpotPosted($spot);
         } else {
             $postResult = array('result' => 'failure');
         }
         # else
     }
     # if
     #- display stuff -#
     $this->template('newspot', array('postspotform' => $spot, 'formmessages' => $formMessages, 'postresult' => $postResult));
 }
Beispiel #11
0
function createSystem()
{
    global $settings;
    global $_testInstall_Ok;
    try {
        /*
         * The settings system is used to create a lot of output,
         * we swallow it all
         */
        ob_start();
        /*
         * Now create the database ...
         */
        $settings['db'] = $_SESSION['spotsettings']['db'];
        $spotUpgrader = new SpotUpgrader($settings['db'], $settings);
        $spotUpgrader->database();
        /*
         * and create all the different settings (only the default) ones
         */
        $spotUpgrader->settings();
        /*
         * Create the users
         */
        $spotUpgrader->users();
        /*
         * print all the output as HTML comment for debugging
         */
        $dbCreateOutput = ob_get_contents();
        ob_end_clean();
        /*
         * Now it is time to do something with
         * the information the user has given to us
         */
        $db = new SpotDb($_SESSION['spotsettings']['db']);
        $db->connect();
        /* 
         * add the database settings to the main settings array for now
         */
        $settings['db'] = $_SESSION['spotsettings']['db'];
        /* and create the database settings */
        $spotSettings = SpotSettings::singleton($db, $settings);
        /*
         * Update the NNTP settings in the databas
         */
        $spotSettings->set('nntp_nzb', $_SESSION['spotsettings']['nntp']['nzb']);
        $spotSettings->set('nntp_hdr', $_SESSION['spotsettings']['nntp']['hdr']);
        $spotSettings->set('nntp_post', $_SESSION['spotsettings']['nntp']['post']);
        /*
         * Create the given user
         */
        $spotUserSystem = new SpotUserSystem($db, $spotSettings);
        $spotUser = $_SESSION['spotsettings']['adminuser'];
        /*
         * Create a private/public key pair for this user
         */
        $spotSigning = Services_Signing_Base::newServiceSigning();
        $userKey = $spotSigning->createPrivateKey($spotSettings->get('openssl_cnf_path'));
        $spotUser['publickey'] = $userKey['public'];
        $spotUser['privatekey'] = $userKey['private'];
        /*
         * and actually add the user
         */
        $userId = $spotUserSystem->addUser($spotUser);
        # Change the administrators' account password to that of this created user
        $adminUser = $spotUserSystem->getUser(SPOTWEB_ADMIN_USERID);
        $adminUser['newpassword1'] = $spotUser['newpassword1'];
        $spotUserSystem->setUserPassword($adminUser);
        # update the settings with our system type and our admin id
        $spotSettings->set('custom_admin_userid', $userId);
        $spotSettings->set('systemtype', $spotUser['systemtype']);
        # Set the system type
        $spotUpgrader->resetSystemType($spotUser['systemtype']);
        /* 
         * Create the necessary database connection information
         */
        $dbConnectionString = '';
        switch ($_SESSION['spotsettings']['db']['engine']) {
            case 'mysql':
                $dbConnectionString .= "\$dbsettings['engine'] = 'mysql';" . PHP_EOL;
                $dbConnectionString .= "\$dbsettings['host'] = '" . $_SESSION['spotsettings']['db']['host'] . "';" . PHP_EOL;
                $dbConnectionString .= "\$dbsettings['dbname'] = '" . $_SESSION['spotsettings']['db']['dbname'] . "';" . PHP_EOL;
                $dbConnectionString .= "\$dbsettings['user'] = '******'spotsettings']['db']['user'] . "';" . PHP_EOL;
                $dbConnectionString .= "\$dbsettings['pass'] = '******'spotsettings']['db']['pass'] . "';" . PHP_EOL;
                break;
                # mysql
            # mysql
            case 'postgresql':
                $dbConnectionString .= "\$dbsettings['engine'] = 'pdo_pgsql';" . PHP_EOL;
                $dbConnectionString .= "\$dbsettings['host'] = '" . $_SESSION['spotsettings']['db']['host'] . "';" . PHP_EOL;
                $dbConnectionString .= "\$dbsettings['dbname'] = '" . $_SESSION['spotsettings']['db']['dbname'] . "';" . PHP_EOL;
                $dbConnectionString .= "\$dbsettings['user'] = '******'spotsettings']['db']['user'] . "';" . PHP_EOL;
                $dbConnectionString .= "\$dbsettings['pass'] = '******'spotsettings']['db']['pass'] . "';" . PHP_EOL;
                break;
                # postgresql
        }
        # switch
        # Try to create the dbsettings.inc.php file for the user
        @file_put_contents("dbsettings.inc.php", "<?php" . PHP_EOL . $dbConnectionString);
        $createdDbSettings = file_exists("dbsettings.inc.php");
        ?>

			<table summary="PHP settings">
				<tr> <th colspan='2'> Installation succesful </th> </tr>
				<tr> <td colspan='2'> Spotweb has been installed succesfuly! </td> </tr>
				<tr> <td colspan='2'> &nbsp; </td> </tr>
<?php 
        if (!$createdDbSettings) {
            ?>
				<tr> 
						<td> &rarr; </td>
						<td> 
								You need to create a textfile with the database settings in it. Please copy & paste the below
							exactly in a file called <i>dbsettings.inc.php</i>.
							<pre><?php 
            echo "&lt;?php " . PHP_EOL . $dbConnectionString;
            ?>
							</pre>
				 		</td> 
				</tr>
<?php 
        }
        ?>
				<tr> 
						<td> &rarr; </td>
						<td> 
							Spotweb retrieves its information from the newsservers, this is called "retrieving" or retrieval of Spots.
							You need to schedule a retrieval job to run <i>retrieve.php</i> on a regular basis. The first time retrieval
							is run this can take up to several hours before completion.
				 		</td> 
				</tr>
			</table>

			<?php 
        echo '<!-- ' . $dbCreateOutput . ' -->';
    } catch (Exception $x) {
        ?>
			<div id='error'><?php 
        echo $x->getMessage();
        ?>
				<?php 
        echo $x->getTraceAsString();
        ?>
			<br /><br />
			</div>
	<?php 
    }
    # exception
}
Beispiel #12
0
 function getCleanRandomString($len)
 {
     $spotParseUtil = new Services_Format_Util();
     $spotSigning = Services_Signing_Base::factory();
     return substr($spotParseUtil->spotPrepareBase64(base64_encode($spotSigning->makeRandomStr($len))), 0, $len);
 }
Beispiel #13
0
require_once "NNTP/Client.php";
require_once "lib/exceptions/CustomException.php";
require_once "lib/exceptions/NntpException.php";
require_once "lib/services/Signing/Services_Signing_Base.php";
require_once "lib/SpotSecurity.php";
require_once "lib/SpotTiming.php";
require_once "settings.php";
require_once "lib/SpotDb.php";
define('USERID', 30);
/* -------------------------------------------------------------------- */
echo "Included PHP classes... " . PHP_EOL;
$db = new SpotDb($settings['db']);
$db->connect();
echo "Connected to the database.." . PHP_EOL;
$spotSettings = SpotSettings::singleton($db, $settings);
$spotSigning = Services_Signing_Base::newServiceSigning();
$spotPosting = new SpotPosting($db, $spotSettings);
$spotUserSystem = new SpotUserSystem($db, $spotSettings);
echo "Initialized classes.." . PHP_EOL;
$rsaKeys = $spotSettings->get('rsa_keys');
$retriever = new SpotRetriever_Spots($spotSettings->get('nntp_hdr'), $db, $spotSettings, $rsaKeys, '', $spotSettings->get('retrieve_full'));
$msgdata = $retriever->connect($spotSettings->get('hdr_group'));
var_dump($msgdata);
# Connct thru our own NNTP session to the server so we have an XOVER list
$headerServer = $spotSettings->get('nntp_hdr');
$spotnntp = new SpotNntp($spotSettings->get('nntp_hdr'));
# $spotnntp->selectGroup($spotSettings->get('hdr_group'));
$spotnntp->selectGroup('alt.test');
$hdrList = $spotnntp->getOverview(3042000, 3042636);
foreach ($hdrList as $msgid => $msgheader) {
    $spotParser = new SpotParser();
Beispiel #14
0
 function __construct()
 {
     $this->_spotSigning = Services_Signing_Base::newServiceSigning();
 }
 public function postFullSpot($user, $serverPrivKey, $newsgroup, $spot)
 {
     # instantiate the necessary objects
     $spotSigning = Services_Signing_Base::factory();
     /*
      * Create the spotnet from header part accrdoing to the following structure:
      *   From: [Nickname] <[PUBLICKEY-MODULO.USERSIGNATURE]@[CAT][KEY-ID][SUBCAT].[SIZE].[RANDOM].[DATE].[CUSTOM-ID].[CUSTOM-VALUE].[SIGNATURE]>
      */
     $spotHeader = $spot['category'] + 1 . $spot['key'];
     // Append the category and keyid
     # Process each subcategory and add them to the from header
     foreach ($spot['subcatlist'] as $subcat) {
         $spotHeader .= $subcat[0] . str_pad(substr($subcat, 1), 2, '0', STR_PAD_LEFT);
     }
     # foreach
     $spotHeader .= '.' . $spot['filesize'];
     $spotHeader .= '.' . 10;
     // some kind of magic number?
     $spotHeader .= '.' . time();
     $spotHeader .= '.' . $spotSigning->makeRandomStr(4);
     $spotHeader .= '.' . $spotSigning->makeRandomStr(3);
     # If a tag is given, add it to the subject
     if (strlen(trim($spot['tag'])) > 0) {
         $spot['title'] = $spot['title'] . ' | ' . $spot['tag'];
     }
     # if
     # Create the user-signature
     $user_signature = $spotSigning->signMessage($user['privatekey'], '<' . $spot['newmessageid'] . '>');
     $header = 'X-User-Signature: ' . $this->_spotParseUtil->spotPrepareBase64($user_signature['signature']) . "\r\n";
     $header .= 'X-User-Key: ' . $spotSigning->pubkeyToXml($user_signature['publickey']) . "\r\n";
     # sign the header by using the users' key
     $header_signature = $spotSigning->signMessage($user['privatekey'], $spot['title'] . $spotHeader . $spot['poster']);
     # sign the XML with the users' key
     $xml_signature = $spotSigning->signMessage($user['privatekey'], $spot['spotxml']);
     # Extract the users' publickey
     $userPubKey = $spotSigning->getPublicKey($user['privatekey']);
     # Create the From header
     $spotnetFrom = $user['username'] . ' <' . $this->_spotParseUtil->spotPrepareBase64($userPubKey['modulo']) . '.' . $this->_spotParseUtil->spotPrepareBase64($user_signature['signature']) . '@';
     $header = 'From: ' . $spotnetFrom . $spotHeader . '.' . $this->_spotParseUtil->spotPrepareBase64($header_signature['signature']) . ">\r\n";
     # Add the Spotnet XML file, but split it in chunks of 900 characters
     $tmpXml = explode("\r\n", $this->safe_chunk($spot['spotxml'], 900));
     foreach ($tmpXml as $xmlChunk) {
         if (strlen(trim($xmlChunk)) > 0) {
             $header .= 'X-XML: ' . $xmlChunk . "\r\n";
         }
         # if
     }
     # foreach
     $header .= 'X-XML-Signature: ' . $this->_spotParseUtil->spotPrepareBase64($xml_signature['signature']) . "\r\n";
     # post the message
     return $this->postSignedMessage($user, $serverPrivKey, $newsgroup, $spot, $header);
 }
 function connect(array $groupList)
 {
     # if an retriever instance is already running, stop this one
     if (!$this->_force && $this->_usenetStateDao->isRetrieverRunning()) {
         throw new RetrieverRunningException();
     }
     # if
     /*
      * and notify the system we are running
      */
     $this->_usenetStateDao->setRetrieverRunning(true);
     # and fireup the nntp connection
     if (!Services_Signing_Base::factory() instanceof Services_Signing_Openssl) {
         $this->displayStatus('slowphprsa', '');
     }
     # if
     $this->displayStatus("lastretrieve", $this->_usenetStateDao->getLastUpdate(Dao_UsenetState::State_Spots));
     $this->displayStatus("start", $this->_textServer['host']);
     /*
      * Select the group. We don't need the bin selectGroup() command per se, as
      * we use articleid's there. We do however want to select it, because
      * the sendNoop() call uses a selectgroup and some usenet servers require it.
      */
     $this->_msgdata = $this->_svcNntpText->selectGroup($groupList['text']);
     if (!empty($groupList['bin'])) {
         $this->_svcNntpBin->selectGroup($groupList['bin']);
     }
     # if
     return $this->_msgdata;
 }
 function __construct()
 {
     $this->_spotSigning = Services_Signing_Base::factory();
     $this->_util = new Services_Format_Util();
 }
Beispiel #18
0
 function render()
 {
     $formMessages = array('errors' => array(), 'info' => array());
     # Controleer de users' rechten
     $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_create_new_user, '');
     # creeer een default spotuser zodat het form altijd
     # de waardes van het form kan renderen
     $spotUser = array('username' => '', 'firstname' => '', 'lastname' => '', 'mail' => '');
     # createuser resultaat is standaard niet geprobeerd
     $createResult = array();
     # Instantieer het Spot user system
     $spotUserSystem = new SpotUserSystem($this->_db, $this->_settings);
     # zet de page title
     $this->_pageTitle = "spot: create user";
     /* 
      * bring the forms' action into the local scope for 
      * easier access
      */
     $formAction = $this->_createUserForm['action'];
     # Is dit een submit van een form, of nog maar de aanroep?
     if ($formAction == 'create') {
         # userid zetten we altijd op false voor het maken van een
         # nieuwe user, omdat validateUserRecord() anders denkt
         # dat we een bestaande user aan het bewerken zijn en we bv.
         # het mailaddress niet controleren op dubbelen behalve 'zichzelf'
         $this->_createUserForm['userid'] = false;
         # creeer een random password voor deze user
         $spotUser['newpassword1'] = substr($spotUserSystem->generateUniqueId(), 1, 9);
         $spotUser['newpassword2'] = $spotUser['newpassword1'];
         # valideer de user
         $spotUser = array_merge($spotUser, $this->_createUserForm);
         $formMessages['errors'] = $spotUserSystem->validateUserRecord($spotUser, false);
         # Is er geen andere user met dezelfde username?
         $userIdForName = $this->_db->findUserIdForName($spotUser['username']);
         if (!empty($userIdForName)) {
             $formMessages['errors'][] = sprintf(_("'%s' already exists"), $spotUser['username']);
         }
         # if
         if (empty($formMessages['errors'])) {
             # Creer een private en public key paar voor deze user
             $spotSigning = Services_Signing_Base::newServiceSigning();
             $userKey = $spotSigning->createPrivateKey($this->_settings->get('openssl_cnf_path'));
             $spotUser['publickey'] = $userKey['public'];
             $spotUser['privatekey'] = $userKey['private'];
             # Notificatiesysteem initialiseren
             $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession);
             # voeg de user toe
             $spotUserSystem->addUser($spotUser);
             # als het toevoegen van de user gelukt is, laat het weten
             $createResult = array('result' => 'success');
             $formMessages['info'][] = sprintf(_("User <strong>&quot;%s&quot;</strong> successfully added"), $spotUser['username']);
             $formMessages['info'][] = sprintf(_("Password: <strong>&quot;%s&quot;</strong>"), $spotUser['newpassword1']);
             # verstuur een e-mail naar de nieuwe gebruiker als daar om is gevraagd
             $sendMail = isset($this->_createUserForm['sendmail']);
             if ($sendMail || $this->_settings->get('sendwelcomemail')) {
                 $spotsNotifications->sendNewUserMail($spotUser);
             }
             # if
             # en verstuur een notificatie
             $spotsNotifications->sendUserAdded($spotUser['username'], $spotUser['newpassword1']);
         } else {
             $createResult = array('result' => 'failure');
         }
         # else
     }
     # if
     #- display stuff -#
     $this->template('createuser', array('createuserform' => $spotUser, 'formmessages' => $formMessages, 'createresult' => $createResult));
 }
Beispiel #19
0
 function getCleanRandomString($len)
 {
     $spotParser = new SpotParser();
     $spotSigning = Services_Signing_Base::newServiceSigning();
     return substr($spotParser->specialString(base64_encode($spotSigning->makeRandomStr($len))), 0, $len);
 }
Beispiel #20
0
 function getFullSpot($msgId)
 {
     SpotTiming::start('SpotNntp::' . __FUNCTION__);
     # initialize some variables
     $spotSigning = Services_Signing_Base::newServiceSigning();
     $spot = array('fullxml' => '', 'user-signature' => '', 'user-key' => '', 'verified' => false, 'messageid' => $msgId, 'spotterid' => '', 'xml-signature' => '', 'moderated' => 0, 'user-avatar' => '');
     # Vraag de volledige article header van de spot op
     SpotTiming::start('SpotNntp::' . __FUNCTION__ . '->getHeader()');
     $header = $this->getHeader('<' . $msgId . '>');
     SpotTiming::stop('SpotNntp::' . __FUNCTION__ . '->getHeader()', array($header));
     # Parse de header
     SpotTiming::start('SpotNntp::' . __FUNCTION__ . '->parseHeader()');
     $spot = array_merge($spot, $this->parseHeader($header, $spot));
     SpotTiming::stop('SpotNntp::' . __FUNCTION__ . '->parseHeader()', array($spot));
     # Valideer de signature van de XML, deze is gesigned door de user zelf
     SpotTiming::start('SpotNntp::' . __FUNCTION__ . '->verifyFullSpot()');
     $spot['verified'] = $spotSigning->verifyFullSpot($spot);
     SpotTiming::stop('SpotNntp::' . __FUNCTION__ . '->verifyFullSpot()', array($spot));
     # als de spot verified is, toon dan de spotterid van deze user
     if ($spot['verified']) {
         $spot['spotterid'] = $spotSigning->calculateSpotterId($spot['user-key']['modulo']);
     }
     # if
     # Parse nu de XML file, alles wat al gedefinieerd is eerder wordt niet overschreven
     SpotTiming::start('SpotNntp::' . __FUNCTION__ . '->parseFull()');
     $spot = array_merge($this->_spotParser->parseFull($spot['fullxml']), $spot);
     SpotTiming::stop('SpotNntp::' . __FUNCTION__ . '->parseFull()', array($spot));
     SpotTiming::stop('SpotNntp::' . __FUNCTION__, array($spot));
     return $spot;
 }