function handleNzbAction($messageIds, array $currentSession, $action, Services_Providers_FullSpot $svcProvSpot, Services_Providers_Nzb $svcProvNzb)
{
if (!is_array($messageIds)) {
$messageIds = array($messageIds);
}
# if
# Make sure the user has the appropriate permissions
$currentSession['security']->fatalPermCheck(SpotSecurity::spotsec_retrieve_nzb, '');
if ($action != 'display') {
$currentSession['security']->fatalPermCheck(SpotSecurity::spotsec_download_integration, $action);
}
# if
/*
* Get all the full spots for all of the specified NZB files
*/
$nzbList = array();
$fullSpot = array();
foreach ($messageIds as $thisMsgId) {
$fullSpot = $svcProvSpot->fetchFullSpot($thisMsgId, $currentSession['user']['userid']);
if (!empty($fullSpot['nzb'])) {
$nzbList[] = array('spot' => $fullSpot, 'nzb' => $svcProvNzb->fetchNzb($fullSpot));
}
# if
}
# foreach
/*
* send nzblist to NzbHandler plugin
*/
$nzbHandlerFactory = new Services_NzbHandler_Factory();
$nzbHandler = $nzbHandlerFactory->build($this->_settings, $action, $currentSession['user']['prefs']['nzbhandling']);
$nzbHandler->processNzb($fullSpot, $nzbList);
/*
* and mark the spot as downloaded
*/
if ($currentSession['user']['prefs']['keep_downloadlist']) {
if ($currentSession['security']->allowed(SpotSecurity::spotsec_keep_own_downloadlist, '')) {
$spotStateListDao = $this->_daoFactory->getSpotStateListDao();
foreach ($messageIds as $thisMsgId) {
$spotStateListDao->addToDownloadList($thisMsgId, $currentSession['user']['userid']);
}
# foreach
}
# if
}
# if
# and send notifications
$spotsNotifications = new SpotNotifications($this->_daoFactory, $this->_settings, $currentSession);
$spotsNotifications->sendNzbHandled($action, $fullSpot);
}
function getFullSpot(array $currentSession, $msgId, $markAsRead)
{
# Make sure user has access to the spot
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_view_spotdetail, '');
$svcNntpSpotReading = new Services_Nntp_SpotReading(Services_Nntp_EnginePool::pool($this->_settings, 'hdr'));
$svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory->getSpotDao(), $svcNntpSpotReading);
$fullSpot = $svcProvFullSpot->fetchFullSpot($msgId, $currentSession['user']['userid']);
# seen list
if ($markAsRead) {
if ($this->_spotSec->allowed(SpotSecurity::spotsec_keep_own_seenlist, '')) {
if ($currentSession['user']['prefs']['keep_seenlist']) {
/*
* Always update the seen stamp, this is used for viewing new comments
* and the likes
*/
$this->_daoFactory->getSpotStateListDao()->addtoSeenList($msgId, $currentSession['user']['userid']);
}
# if
}
# if allowed
}
# if
return $fullSpot;
}
public function postSpamReport(Services_User_Record $svcUserRecord, array $user, array $report)
{
$result = new Dto_FormResult();
$spotReportDao = $this->_daoFactory->getSpotReportDao();
# Make sure the anonymous user and reserved usernames cannot post content
if (!$svcUserRecord->allowedToPost($user)) {
$result->addError(_("You need to login to be able to report spam"));
}
# if
# Retrieve the users' private key
$user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']);
# Make sure no spam report has already been posted by this user to prevent flooding
if ($spotReportDao->isReportPlaced($report['inreplyto'], $user['userid'])) {
$result->addError(_('This spot has already been reported'));
}
# if
/*
* We'll get the messageid's with <>'s but we always strip
* them in Spotweb, so remove them
*/
$report['newmessageid'] = substr($report['newmessageid'], 1, -1);
# retrieve the spot this is a report of
$svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory, $this->_nntp_hdr);
$fullSpot = $svcProvFullSpot->fetchFullSpot($report['inreplyto'], $user['userid']);
# we won't bother when the hashcash is not properly calculcated
if (substr(sha1('<' . $report['newmessageid'] . '>'), 0, 4) != '0000') {
$result->addError(_('Hash was not calculated properly'));
}
# if
# Body cannot be empty or very short
$report['body'] = trim($report['body']);
if (strlen($report['body']) < 2) {
$result->addError(_('Please provide a reason why this Spot should be reported'));
}
# if
# controleer dat de messageid waarop we replyen overeenkomt
# met het newMessageid om replay-attacks te voorkomen.
$replyToPart = substr($report['inreplyto'], 0, strpos($report['inreplyto'], '@'));
if (substr($report['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) {
$result->addError(_('Replay attack!?'));
}
# if
/*
* Make sure the random message we require in the system has not been
* used recently to prevent one calculated hashcash to be reused again
* and again
*/
if (!$spotReportDao->isReportMessageIdUnique($report['newmessageid'])) {
$result->addError(_('Replay attack!?'));
}
# if
# Make sure a newmessageid consists of a certain length
if (strlen($report['newmessageid']) < 10) {
$result->addError(_('MessageID too short!?'));
}
# if
/*
* Body is UTF-8 (we instruct the browser to do everything in UTF-*), but
* usenet wants its body in UTF-8.
*
* The database requires UTF8 again, so we keep seperate bodies for
* the database and for the system
*/
$dbReport = $report;
$report['body'] = utf8_decode($report['body']);
$report['title'] = 'REPORT <' . $report['inreplyto'] . '> ' . $fullSpot['title'];
# en post daadwerkelijk de report
if ($result->isSuccess()) {
$this->_nntp_post->reportSpotAsSpam($user, $this->_settings->get('privatekey'), $this->_settings->get('report_group'), $report);
$spotReportDao->addPostedReport($user['userid'], $dbReport);
}
# if
return $result;
}
public function postComment(Services_User_Record $svcUserRecord, array $user, array $comment)
{
$result = new Dto_FormResult();
$commentDao = $this->_daoFactory->getCommentDao();
# Make sure the anonymous user and reserved usernames cannot post content
if (!$svcUserRecord->allowedToPost($user)) {
$result->addError(_("You need to login to be able to post comments"));
}
# if
# Retrieve the users' private key
$user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']);
/*
* We'll get the messageid's with <>'s but we always strip
* them in Spotweb, so remove them
*/
$comment['newmessageid'] = substr($comment['newmessageid'], 1, -1);
# we won't bother when the hashcash is not properly calculcated
if (substr(sha1('<' . $comment['newmessageid'] . '>'), 0, 4) != '0000') {
$result->addError(_('Hash was not calculated properly'));
}
# if
# Body cannot be either empty or very short
$comment['body'] = trim($comment['body']);
if (strlen($comment['body']) < 2) {
$result->addError(_('Please enter a comment'));
}
# if
if (strlen($comment['body']) > 1024 * 10) {
$result->addError(_('Comment is too long'));
}
# if
# Rating must be within range
if ($comment['rating'] > 10 || $comment['rating'] < 0) {
$result->addError(_('Invalid rating'));
}
# if
/*
* The "newmessageid" is based upon the messageid we are replying to,
* this is to make sure a user cannot reuse an calculated hashcash
* for an spam attack on different posts
*/
$replyToPart = substr($comment['inreplyto'], 0, strpos($comment['inreplyto'], '@'));
if (substr($comment['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) {
$result->addError(_('Replay attack!?'));
}
# if
/*
* Make sure the random message we require in the system has not been
* used recently to prevent one calculated hashcash to be reused again
* and again
*/
if (!$commentDao->isCommentMessageIdUnique($comment['newmessageid'])) {
$result->addError(_('Replay attack!?'));
}
# if
# Make sure a newmessageid contains a certain length
if (strlen($comment['newmessageid']) < 10) {
$result->addError(_('MessageID too short!?'));
}
# if
# Retrieve the spot to which we are commenting
$svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory->getSpotDao(), $this->_nntp_hdr);
$fullSpot = $svcProvFullSpot->fetchFullSpot($comment['inreplyto'], $user['userid']);
# Add the title as a comment property
$comment['title'] = 'Re: ' . $fullSpot['title'];
/*
* Body is UTF-8 (we instruct the browser to do everything in UTF-8), but
* usenet wants its body in iso-8859-1.
*
* The database requires UTF8 again, so we keep seperate bodies for
* the database and for the system
*/
$dbComment = $comment;
$comment['body'] = utf8_decode($comment['body']);
# and actually post the comment
if ($result->isSuccess()) {
try {
$this->_nntp_post->postComment($user, $this->_settings->get('privatekey'), $this->_settings->get('comment_group'), $comment);
$commentDao->addPostedComment($user['userid'], $dbComment);
} catch (Exception $x) {
$result->addError($x->getMessage());
}
# catch
}
# if
return $result;
}
* and this is just the lazy way out, really
*/
$daoFactory->setCachePath('./cache/');
$cacheDao = $daoFactory->getCacheDao();
if (!is_dir('./cache')) {
mkdir('./cache', 0777);
}
# if
/*
* Now try to get all current cache items
*/
$dbConnection = $daoFactory->getConnection();
/*
* Initialize the NZB retrieval provider
*/
$svcFullSpot = new Services_Providers_FullSpot($daoFactory->getSpotDao(), new Services_Nntp_SpotReading(Services_Nntp_EnginePool::pool($settings, 'hdr')));
$svcNzb = new Services_Providers_Nzb($cacheDao, new Services_Nntp_SpotReading(Services_Nntp_EnginePool::pool($settings, 'bin')));
$svcPrvHttp = new Services_Providers_Http($cacheDao);
$svcImage = new Services_Providers_SpotImage($svcPrvHttp, new Services_Nntp_SpotReading(Services_Nntp_EnginePool::pool($settings, 'bin')), $cacheDao);
$counter = 0;
while (true) {
$counter++;
echo "Validating cache content, items " . ($counter - 1) * 1000 . ' to ' . $counter * 1000;
$results = $dbConnection->arrayQuery("SELECT * FROM cache LIMIT 1001 OFFSET " . ($counter - 1) * 1000);
foreach ($results as $cacheItem) {
$cacheItem['metadata'] = unserialize($cacheItem['metadata']);
try {
$cacheDao->getCacheContent($cacheItem['id'], $cacheItem['cachetype'], $cacheItem['metadata']);
} catch (CacheIsCorruptException $x) {
echo PHP_EOL . ' Trying to fetch #' . $cacheItem['id'] . ' for ' . $cacheItem['resourceid'] . ' again, ';
switch ($cacheItem['cachetype']) {
