function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_comment, '');
# Sportparser is nodig voor het escapen van de random string
$spotParser = new SpotParser();
# spot signing is nodig voor het RSA signen van de spot en dergelijke
$spotSigning = new SpotSigning();
# creeer een default comment zodat het form altijd
# de waardes van het form kan renderen
$comment = array('body' => '', 'rating' => 0, 'inreplyto' => $this->_inReplyTo, 'newmessageid' => '', 'randomstr' => '');
# postcomment verzoek was standaard niet geprobeerd
$postResult = array();
# zet de page title
$this->_pageTitle = "spot: post comment";
# Als de user niet ingelogged is, dan heeft dit geen zin
if ($this->_currentSession['user']['userid'] == SPOTWEB_ANONYMOUS_USERID) {
$postResult = array('result' => 'notloggedin');
unset($this->_commentForm['submit']);
}
# if
# Zorg er voor dat reserved usernames geen comments kunnen posten
$spotUser = new SpotUserSystem($this->_db, $this->_settings);
if (!$spotUser->validUsername($this->_currentSession['user']['username'])) {
$postResult = array('result' => 'notloggedin');
unset($this->_commentForm['submit']);
}
# if
if (isset($this->_commentForm['submit'])) {
# submit unsetten we altijd
unset($this->_commentForm['submit']);
# zorg er voor dat alle variables ingevuld zijn
$comment = array_merge($comment, $this->_commentForm);
# vraag de users' privatekey op
$this->_currentSession['user']['privatekey'] = $spotUser->getUserPrivateRsaKey($this->_currentSession['user']['userid']);
# het messageid krijgen we met <>'s, maar we werken
# in spotweb altijd zonder, dus die strippen we
$comment['newmessageid'] = substr($comment['newmessageid'], 1, -1);
# valideer of we deze comment kunnen posten, en zo ja, doe dat dan
$spotPosting = new SpotPosting($this->_db, $this->_settings);
$formMessages['errors'] = $spotPosting->postComment($this->_currentSession['user'], $comment);
if (empty($formMessages['errors'])) {
$postResult = array('result' => 'success', 'user' => $this->_currentSession['user']['username'], 'userid' => $spotSigning->calculateUserid($this->_currentSession['user']['publickey']), 'rating' => $comment['rating'], 'body' => $comment['body']);
} else {
$postResult = array('result' => 'failure');
}
# else
}
# if
#- display stuff -#
$this->template('postcomment', array('postcommentform' => $comment, 'formmessages' => $formMessages, 'postresult' => $postResult));
}
function render()
{
$formMessages = array('errors' => array(), 'info' => array());
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_spot, '');
# Sportparser is nodig voor het escapen van de random string
$spotParser = new SpotParser();
# spot signing is nodig voor het RSA signen van de spot en dergelijke
$spotSigning = new SpotSigning();
# creeer een default spot zodat het form altijd
# de waardes van het form kan renderen
$spot = array('title' => '', 'body' => '', 'category' => 0, 'subcatz' => '', 'subcatlist' => '', 'tag' => '', 'website' => '', 'newmessageid' => '', 'randomstr' => '');
# postspot verzoek was standaard niet geprobeerd
$postResult = array();
# zet de page title
$this->_pageTitle = "spot: post";
# Als de user niet ingelogged is, dan heeft dit geen zin
if ($this->_currentSession['user']['userid'] == SPOTWEB_ANONYMOUS_USERID) {
$postResult = array('result' => 'notloggedin');
unset($this->_spotForm['submit']);
}
# if
# Zorg er voor dat reserved usernames geen spots kunnen posten
$spotUser = new SpotUserSystem($this->_db, $this->_settings);
if (!$spotUser->validUsername($this->_currentSession['user']['username'])) {
$postResult = array('result' => 'notloggedin');
unset($this->_spotForm['submit']);
}
# if
# If user tried to submit, validate the file uploads
if (isset($this->_spotForm['submit'])) {
# Make sure an NZB file was provided
if (!isset($_FILES['newspotform']) || $_FILES['newspotform']['error']['nzbfile'] != UPLOAD_ERR_OK) {
$formMessages['errors'][] = array('postspot_invalidnzb', '(none given)');
$postResult = array('result' => 'failure');
// $xml = file_get_contents($_FILES['filterimport']['tmp_name']);
unset($this->_spotForm['submit']);
}
# if
# Make sure an imgae file was provided
if (!isset($_FILES['newspotform']) || $_FILES['newspotform']['error']['imagefile'] != UPLOAD_ERR_OK) {
$formMessages['errors'][] = array('postspot_imageinvalid', '(none given)');
$postResult = array('result' => 'failure');
// $xml = file_get_contents($_FILES['filterimport']['tmp_name']);
unset($this->_spotForm['submit']);
}
# if
}
# if
if (isset($this->_spotForm['submit'])) {
# Notificatiesysteem initialiseren
$spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession);
# submit unsetten we altijd
unset($this->_spotForm['submit']);
# De subcatz wordt per hoofdcategory doorgegeven, merge die naar 1
# subcatz
$spot['subcatz'] = isset($this->_spotForm['subcatz' . $this->_spotForm['category']]) ? $this->_spotForm['subcatz' . $this->_spotForm['category']] : '';
# zorg er voor dat alle variables ingevuld zijn
$spot = array_merge($spot, $this->_spotForm);
# vraag de users' privatekey op
$this->_currentSession['user']['privatekey'] = $spotUser->getUserPrivateRsaKey($this->_currentSession['user']['userid']);
# het messageid krijgen we met <>'s, maar we werken
# in spotweb altijd zonder, dus die strippen we
$spot['newmessageid'] = substr($spot['newmessageid'], 1, -1);
# valideer of we deze spot kunnen posten, en zo ja, doe dat dan
$spotPosting = new SpotPosting($this->_db, $this->_settings);
$formMessages['errors'] = $spotPosting->postSpot($this->_currentSession['user'], $spot, $_FILES['newspotform']['tmp_name']['imagefile'], $_FILES['newspotform']['tmp_name']['nzbfile']);
if (empty($formMessages['errors'])) {
$postResult = array('result' => 'success', 'user' => $this->_currentSession['user']['username'], 'userid' => $spotSigning->calculateUserid($this->_currentSession['user']['publickey']), 'body' => $spot['body']);
# en verstuur een notificatie
$spotsNotifications->sendSpotPosted($spot);
} else {
$postResult = array('result' => 'failure');
}
# else
}
# if
#- display stuff -#
$this->template('newspot', array('postspotform' => $spot, 'formmessages' => $formMessages, 'postresult' => $postResult));
}
function getFullSpot($msgId)
{
# initialize some variables
$spotSigning = new SpotSigning($this->_use_openssl);
$spotParser = new SpotParser();
$spot = array('fullxml' => '', 'user-signature' => '', 'user-key' => '', 'verified' => false, 'messageid' => $msgId, 'userid' => '', 'xml-signature' => '', 'moderated' => 0);
# Vraag de volledige article header van de spot op
$header = $this->getHeader('<' . $msgId . '>');
# Parse de header
foreach ($header as $str) {
$keys = explode(':', $str);
switch ($keys[0]) {
case 'X-XML':
$spot['fullxml'] .= substr($str, 7);
break;
case 'X-User-Signature':
$spot['user-signature'] = $spotParser->unspecialString(substr($str, 18));
break;
case 'X-XML-Signature':
$spot['xml-signature'] = substr($str, 17);
break;
case 'X-User-Key':
$xml = simplexml_load_string(substr($str, 12));
if ($xml !== false) {
$spot['user-key']['exponent'] = (string) $xml->Exponent;
$spot['user-key']['modulo'] = (string) $xml->Modulus;
}
# if
break;
# x-user-key
}
# switch
}
# foreach
# Valideer de signature van de XML, deze is gesigned door de user zelf
$spot['verified'] = $spotSigning->verifyFullSpot($spot);
# als de spot verified is, toon dan de userid van deze user
if ($spot['verified']) {
$spot['userid'] = $spotSigning->calculateUserid($spot['user-key']['modulo']);
}
# if
# Parse nu de XML file, alles wat al gedefinieerd is eerder wordt niet overschreven
$spot = array_merge($spotParser->parseFull($spot['fullxml']), $spot);
return $spot;
}
function getSessionCalculatedUserId()
{
$spotSigning = new SpotSigning();
return $spotSigning->calculateUserid($this->_currentSession['user']['publickey']);
}
function getFullSpot($msgId)
{
# initialize some variables
$spotSigning = new SpotSigning();
$spot = array('fullxml' => '', 'user-signature' => '', 'user-key' => '', 'verified' => false, 'messageid' => $msgId, 'userid' => '', 'xml-signature' => '', 'moderated' => 0);
# Vraag de volledige article header van de spot op
$header = $this->getHeader('<' . $msgId . '>');
# Parse de header
$spot = array_merge($spot, $this->parseHeader($header, $spot));
# Valideer de signature van de XML, deze is gesigned door de user zelf
$spot['verified'] = $spotSigning->verifyFullSpot($spot);
# als de spot verified is, toon dan de userid van deze user
if ($spot['verified']) {
$spot['userid'] = $spotSigning->calculateUserid($spot['user-key']['modulo']);
}
# if
# Parse nu de XML file, alles wat al gedefinieerd is eerder wordt niet overschreven
$spot = array_merge($this->_spotParser->parseFull($spot['fullxml']), $spot);
return $spot;
}
