function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_comment, ''); # Sportparser is nodig voor het escapen van de random string $spotParser = new SpotParser(); # spot signing is nodig voor het RSA signen van de spot en dergelijke $spotSigning = new SpotSigning(); # creeer een default comment zodat het form altijd # de waardes van het form kan renderen $comment = array('body' => '', 'rating' => 0, 'inreplyto' => $this->_inReplyTo, 'newmessageid' => '', 'randomstr' => ''); # postcomment verzoek was standaard niet geprobeerd $postResult = array(); # zet de page title $this->_pageTitle = "spot: post comment"; # Als de user niet ingelogged is, dan heeft dit geen zin if ($this->_currentSession['user']['userid'] == SPOTWEB_ANONYMOUS_USERID) { $postResult = array('result' => 'notloggedin'); unset($this->_commentForm['submit']); } # if # Zorg er voor dat reserved usernames geen comments kunnen posten $spotUser = new SpotUserSystem($this->_db, $this->_settings); if (!$spotUser->validUsername($this->_currentSession['user']['username'])) { $postResult = array('result' => 'notloggedin'); unset($this->_commentForm['submit']); } # if if (isset($this->_commentForm['submit'])) { # submit unsetten we altijd unset($this->_commentForm['submit']); # zorg er voor dat alle variables ingevuld zijn $comment = array_merge($comment, $this->_commentForm); # vraag de users' privatekey op $this->_currentSession['user']['privatekey'] = $spotUser->getUserPrivateRsaKey($this->_currentSession['user']['userid']); # het messageid krijgen we met <>'s, maar we werken # in spotweb altijd zonder, dus die strippen we $comment['newmessageid'] = substr($comment['newmessageid'], 1, -1); # valideer of we deze comment kunnen posten, en zo ja, doe dat dan $spotPosting = new SpotPosting($this->_db, $this->_settings); $formMessages['errors'] = $spotPosting->postComment($this->_currentSession['user'], $comment); if (empty($formMessages['errors'])) { $postResult = array('result' => 'success', 'user' => $this->_currentSession['user']['username'], 'userid' => $spotSigning->calculateUserid($this->_currentSession['user']['publickey']), 'rating' => $comment['rating'], 'body' => $comment['body']); } else { $postResult = array('result' => 'failure'); } # else } # if #- display stuff -# $this->template('postcomment', array('postcommentform' => $comment, 'formmessages' => $formMessages, 'postresult' => $postResult)); }
function render() { $formMessages = array('errors' => array(), 'info' => array()); # Controleer de users' rechten $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_spot, ''); # Sportparser is nodig voor het escapen van de random string $spotParser = new SpotParser(); # spot signing is nodig voor het RSA signen van de spot en dergelijke $spotSigning = new SpotSigning(); # creeer een default spot zodat het form altijd # de waardes van het form kan renderen $spot = array('title' => '', 'body' => '', 'category' => 0, 'subcatz' => '', 'subcatlist' => '', 'tag' => '', 'website' => '', 'newmessageid' => '', 'randomstr' => ''); # postspot verzoek was standaard niet geprobeerd $postResult = array(); # zet de page title $this->_pageTitle = "spot: post"; # Als de user niet ingelogged is, dan heeft dit geen zin if ($this->_currentSession['user']['userid'] == SPOTWEB_ANONYMOUS_USERID) { $postResult = array('result' => 'notloggedin'); unset($this->_spotForm['submit']); } # if # Zorg er voor dat reserved usernames geen spots kunnen posten $spotUser = new SpotUserSystem($this->_db, $this->_settings); if (!$spotUser->validUsername($this->_currentSession['user']['username'])) { $postResult = array('result' => 'notloggedin'); unset($this->_spotForm['submit']); } # if # If user tried to submit, validate the file uploads if (isset($this->_spotForm['submit'])) { # Make sure an NZB file was provided if (!isset($_FILES['newspotform']) || $_FILES['newspotform']['error']['nzbfile'] != UPLOAD_ERR_OK) { $formMessages['errors'][] = array('postspot_invalidnzb', '(none given)'); $postResult = array('result' => 'failure'); // $xml = file_get_contents($_FILES['filterimport']['tmp_name']); unset($this->_spotForm['submit']); } # if # Make sure an imgae file was provided if (!isset($_FILES['newspotform']) || $_FILES['newspotform']['error']['imagefile'] != UPLOAD_ERR_OK) { $formMessages['errors'][] = array('postspot_imageinvalid', '(none given)'); $postResult = array('result' => 'failure'); // $xml = file_get_contents($_FILES['filterimport']['tmp_name']); unset($this->_spotForm['submit']); } # if } # if if (isset($this->_spotForm['submit'])) { # Notificatiesysteem initialiseren $spotsNotifications = new SpotNotifications($this->_db, $this->_settings, $this->_currentSession); # submit unsetten we altijd unset($this->_spotForm['submit']); # De subcatz wordt per hoofdcategory doorgegeven, merge die naar 1 # subcatz $spot['subcatz'] = isset($this->_spotForm['subcatz' . $this->_spotForm['category']]) ? $this->_spotForm['subcatz' . $this->_spotForm['category']] : ''; # zorg er voor dat alle variables ingevuld zijn $spot = array_merge($spot, $this->_spotForm); # vraag de users' privatekey op $this->_currentSession['user']['privatekey'] = $spotUser->getUserPrivateRsaKey($this->_currentSession['user']['userid']); # het messageid krijgen we met <>'s, maar we werken # in spotweb altijd zonder, dus die strippen we $spot['newmessageid'] = substr($spot['newmessageid'], 1, -1); # valideer of we deze spot kunnen posten, en zo ja, doe dat dan $spotPosting = new SpotPosting($this->_db, $this->_settings); $formMessages['errors'] = $spotPosting->postSpot($this->_currentSession['user'], $spot, $_FILES['newspotform']['tmp_name']['imagefile'], $_FILES['newspotform']['tmp_name']['nzbfile']); if (empty($formMessages['errors'])) { $postResult = array('result' => 'success', 'user' => $this->_currentSession['user']['username'], 'userid' => $spotSigning->calculateUserid($this->_currentSession['user']['publickey']), 'body' => $spot['body']); # en verstuur een notificatie $spotsNotifications->sendSpotPosted($spot); } else { $postResult = array('result' => 'failure'); } # else } # if #- display stuff -# $this->template('newspot', array('postspotform' => $spot, 'formmessages' => $formMessages, 'postresult' => $postResult)); }
function getFullSpot($msgId) { # initialize some variables $spotSigning = new SpotSigning($this->_use_openssl); $spotParser = new SpotParser(); $spot = array('fullxml' => '', 'user-signature' => '', 'user-key' => '', 'verified' => false, 'messageid' => $msgId, 'userid' => '', 'xml-signature' => '', 'moderated' => 0); # Vraag de volledige article header van de spot op $header = $this->getHeader('<' . $msgId . '>'); # Parse de header foreach ($header as $str) { $keys = explode(':', $str); switch ($keys[0]) { case 'X-XML': $spot['fullxml'] .= substr($str, 7); break; case 'X-User-Signature': $spot['user-signature'] = $spotParser->unspecialString(substr($str, 18)); break; case 'X-XML-Signature': $spot['xml-signature'] = substr($str, 17); break; case 'X-User-Key': $xml = simplexml_load_string(substr($str, 12)); if ($xml !== false) { $spot['user-key']['exponent'] = (string) $xml->Exponent; $spot['user-key']['modulo'] = (string) $xml->Modulus; } # if break; # x-user-key } # switch } # foreach # Valideer de signature van de XML, deze is gesigned door de user zelf $spot['verified'] = $spotSigning->verifyFullSpot($spot); # als de spot verified is, toon dan de userid van deze user if ($spot['verified']) { $spot['userid'] = $spotSigning->calculateUserid($spot['user-key']['modulo']); } # if # Parse nu de XML file, alles wat al gedefinieerd is eerder wordt niet overschreven $spot = array_merge($spotParser->parseFull($spot['fullxml']), $spot); return $spot; }
function getSessionCalculatedUserId() { $spotSigning = new SpotSigning(); return $spotSigning->calculateUserid($this->_currentSession['user']['publickey']); }
function getFullSpot($msgId) { # initialize some variables $spotSigning = new SpotSigning(); $spot = array('fullxml' => '', 'user-signature' => '', 'user-key' => '', 'verified' => false, 'messageid' => $msgId, 'userid' => '', 'xml-signature' => '', 'moderated' => 0); # Vraag de volledige article header van de spot op $header = $this->getHeader('<' . $msgId . '>'); # Parse de header $spot = array_merge($spot, $this->parseHeader($header, $spot)); # Valideer de signature van de XML, deze is gesigned door de user zelf $spot['verified'] = $spotSigning->verifyFullSpot($spot); # als de spot verified is, toon dan de userid van deze user if ($spot['verified']) { $spot['userid'] = $spotSigning->calculateUserid($spot['user-key']['modulo']); } # if # Parse nu de XML file, alles wat al gedefinieerd is eerder wordt niet overschreven $spot = array_merge($this->_spotParser->parseFull($spot['fullxml']), $spot); return $spot; }