function handleNzbAction($messageIds, array $currentSession, $action, Services_Providers_FullSpot $svcProvSpot, Services_Providers_Nzb $svcProvNzb) { if (!is_array($messageIds)) { $messageIds = array($messageIds); } # if # Make sure the user has the appropriate permissions $currentSession['security']->fatalPermCheck(SpotSecurity::spotsec_retrieve_nzb, ''); if ($action != 'display') { $currentSession['security']->fatalPermCheck(SpotSecurity::spotsec_download_integration, $action); } # if /* * Get all the full spots for all of the specified NZB files */ $nzbList = array(); $fullSpot = array(); foreach ($messageIds as $thisMsgId) { $fullSpot = $svcProvSpot->fetchFullSpot($thisMsgId, $currentSession['user']['userid']); if (!empty($fullSpot['nzb'])) { $nzbList[] = array('spot' => $fullSpot, 'nzb' => $svcProvNzb->fetchNzb($fullSpot)); } # if } # foreach /* * send nzblist to NzbHandler plugin */ $nzbHandlerFactory = new Services_NzbHandler_Factory(); $nzbHandler = $nzbHandlerFactory->build($this->_settings, $action, $currentSession['user']['prefs']['nzbhandling']); $nzbHandler->processNzb($fullSpot, $nzbList); /* * and mark the spot as downloaded */ if ($currentSession['user']['prefs']['keep_downloadlist']) { if ($currentSession['security']->allowed(SpotSecurity::spotsec_keep_own_downloadlist, '')) { $spotStateListDao = $this->_daoFactory->getSpotStateListDao(); foreach ($messageIds as $thisMsgId) { $spotStateListDao->addToDownloadList($thisMsgId, $currentSession['user']['userid']); } # foreach } # if } # if # and send notifications $spotsNotifications = new SpotNotifications($this->_daoFactory, $this->_settings, $currentSession); $spotsNotifications->sendNzbHandled($action, $fullSpot); }
function getFullSpot(array $currentSession, $msgId, $markAsRead) { # Make sure user has access to the spot $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_view_spotdetail, ''); $svcNntpSpotReading = new Services_Nntp_SpotReading(Services_Nntp_EnginePool::pool($this->_settings, 'hdr')); $svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory->getSpotDao(), $svcNntpSpotReading); $fullSpot = $svcProvFullSpot->fetchFullSpot($msgId, $currentSession['user']['userid']); # seen list if ($markAsRead) { if ($this->_spotSec->allowed(SpotSecurity::spotsec_keep_own_seenlist, '')) { if ($currentSession['user']['prefs']['keep_seenlist']) { /* * Always update the seen stamp, this is used for viewing new comments * and the likes */ $this->_daoFactory->getSpotStateListDao()->addtoSeenList($msgId, $currentSession['user']['userid']); } # if } # if allowed } # if return $fullSpot; }
public function postSpamReport(Services_User_Record $svcUserRecord, array $user, array $report) { $result = new Dto_FormResult(); $spotReportDao = $this->_daoFactory->getSpotReportDao(); # Make sure the anonymous user and reserved usernames cannot post content if (!$svcUserRecord->allowedToPost($user)) { $result->addError(_("You need to login to be able to report spam")); } # if # Retrieve the users' private key $user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']); # Make sure no spam report has already been posted by this user to prevent flooding if ($spotReportDao->isReportPlaced($report['inreplyto'], $user['userid'])) { $result->addError(_('This spot has already been reported')); } # if /* * We'll get the messageid's with <>'s but we always strip * them in Spotweb, so remove them */ $report['newmessageid'] = substr($report['newmessageid'], 1, -1); # retrieve the spot this is a report of $svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory, $this->_nntp_hdr); $fullSpot = $svcProvFullSpot->fetchFullSpot($report['inreplyto'], $user['userid']); # we won't bother when the hashcash is not properly calculcated if (substr(sha1('<' . $report['newmessageid'] . '>'), 0, 4) != '0000') { $result->addError(_('Hash was not calculated properly')); } # if # Body cannot be empty or very short $report['body'] = trim($report['body']); if (strlen($report['body']) < 2) { $result->addError(_('Please provide a reason why this Spot should be reported')); } # if # controleer dat de messageid waarop we replyen overeenkomt # met het newMessageid om replay-attacks te voorkomen. $replyToPart = substr($report['inreplyto'], 0, strpos($report['inreplyto'], '@')); if (substr($report['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) { $result->addError(_('Replay attack!?')); } # if /* * Make sure the random message we require in the system has not been * used recently to prevent one calculated hashcash to be reused again * and again */ if (!$spotReportDao->isReportMessageIdUnique($report['newmessageid'])) { $result->addError(_('Replay attack!?')); } # if # Make sure a newmessageid consists of a certain length if (strlen($report['newmessageid']) < 10) { $result->addError(_('MessageID too short!?')); } # if /* * Body is UTF-8 (we instruct the browser to do everything in UTF-*), but * usenet wants its body in UTF-8. * * The database requires UTF8 again, so we keep seperate bodies for * the database and for the system */ $dbReport = $report; $report['body'] = utf8_decode($report['body']); $report['title'] = 'REPORT <' . $report['inreplyto'] . '> ' . $fullSpot['title']; # en post daadwerkelijk de report if ($result->isSuccess()) { $this->_nntp_post->reportSpotAsSpam($user, $this->_settings->get('privatekey'), $this->_settings->get('report_group'), $report); $spotReportDao->addPostedReport($user['userid'], $dbReport); } # if return $result; }
public function postComment(Services_User_Record $svcUserRecord, array $user, array $comment) { $result = new Dto_FormResult(); $commentDao = $this->_daoFactory->getCommentDao(); # Make sure the anonymous user and reserved usernames cannot post content if (!$svcUserRecord->allowedToPost($user)) { $result->addError(_("You need to login to be able to post comments")); } # if # Retrieve the users' private key $user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']); /* * We'll get the messageid's with <>'s but we always strip * them in Spotweb, so remove them */ $comment['newmessageid'] = substr($comment['newmessageid'], 1, -1); # we won't bother when the hashcash is not properly calculcated if (substr(sha1('<' . $comment['newmessageid'] . '>'), 0, 4) != '0000') { $result->addError(_('Hash was not calculated properly')); } # if # Body cannot be either empty or very short $comment['body'] = trim($comment['body']); if (strlen($comment['body']) < 2) { $result->addError(_('Please enter a comment')); } # if if (strlen($comment['body']) > 1024 * 10) { $result->addError(_('Comment is too long')); } # if # Rating must be within range if ($comment['rating'] > 10 || $comment['rating'] < 0) { $result->addError(_('Invalid rating')); } # if /* * The "newmessageid" is based upon the messageid we are replying to, * this is to make sure a user cannot reuse an calculated hashcash * for an spam attack on different posts */ $replyToPart = substr($comment['inreplyto'], 0, strpos($comment['inreplyto'], '@')); if (substr($comment['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) { $result->addError(_('Replay attack!?')); } # if /* * Make sure the random message we require in the system has not been * used recently to prevent one calculated hashcash to be reused again * and again */ if (!$commentDao->isCommentMessageIdUnique($comment['newmessageid'])) { $result->addError(_('Replay attack!?')); } # if # Make sure a newmessageid contains a certain length if (strlen($comment['newmessageid']) < 10) { $result->addError(_('MessageID too short!?')); } # if # Retrieve the spot to which we are commenting $svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory->getSpotDao(), $this->_nntp_hdr); $fullSpot = $svcProvFullSpot->fetchFullSpot($comment['inreplyto'], $user['userid']); # Add the title as a comment property $comment['title'] = 'Re: ' . $fullSpot['title']; /* * Body is UTF-8 (we instruct the browser to do everything in UTF-8), but * usenet wants its body in iso-8859-1. * * The database requires UTF8 again, so we keep seperate bodies for * the database and for the system */ $dbComment = $comment; $comment['body'] = utf8_decode($comment['body']); # and actually post the comment if ($result->isSuccess()) { try { $this->_nntp_post->postComment($user, $this->_settings->get('privatekey'), $this->_settings->get('comment_group'), $comment); $commentDao->addPostedComment($user['userid'], $dbComment); } catch (Exception $x) { $result->addError($x->getMessage()); } # catch } # if return $result; }
* and this is just the lazy way out, really */ $daoFactory->setCachePath('./cache/'); $cacheDao = $daoFactory->getCacheDao(); if (!is_dir('./cache')) { mkdir('./cache', 0777); } # if /* * Now try to get all current cache items */ $dbConnection = $daoFactory->getConnection(); /* * Initialize the NZB retrieval provider */ $svcFullSpot = new Services_Providers_FullSpot($daoFactory->getSpotDao(), new Services_Nntp_SpotReading(Services_Nntp_EnginePool::pool($settings, 'hdr'))); $svcNzb = new Services_Providers_Nzb($cacheDao, new Services_Nntp_SpotReading(Services_Nntp_EnginePool::pool($settings, 'bin'))); $svcPrvHttp = new Services_Providers_Http($cacheDao); $svcImage = new Services_Providers_SpotImage($svcPrvHttp, new Services_Nntp_SpotReading(Services_Nntp_EnginePool::pool($settings, 'bin')), $cacheDao); $counter = 0; while (true) { $counter++; echo "Validating cache content, items " . ($counter - 1) * 1000 . ' to ' . $counter * 1000; $results = $dbConnection->arrayQuery("SELECT * FROM cache LIMIT 1001 OFFSET " . ($counter - 1) * 1000); foreach ($results as $cacheItem) { $cacheItem['metadata'] = unserialize($cacheItem['metadata']); try { $cacheDao->getCacheContent($cacheItem['id'], $cacheItem['cachetype'], $cacheItem['metadata']); } catch (CacheIsCorruptException $x) { echo PHP_EOL . ' Trying to fetch #' . $cacheItem['id'] . ' for ' . $cacheItem['resourceid'] . ' again, '; switch ($cacheItem['cachetype']) {