public function postSpot(Services_User_Record $svcUserRecord, array $user, array $spot, $imageFilename, $nzbFilename) { $result = new Dto_FormResult(); $spotDao = $this->_daoFactory->getSpotDao(); # Make sure the anonymous user and reserved usernames cannot post content if (!$svcUserRecord->allowedToPost($user)) { $result->addError(_("You need to login to be able to post spots")); } # if # Retrieve the users' private key $user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']); $hdr_newsgroup = $this->_settings->get('hdr_group'); $bin_newsgroup = $this->_settings->get('nzb_group'); /* * We'll get the messageid's with <>'s but we always strip * them in Spotweb, so remove them */ $spot['newmessageid'] = substr($spot['newmessageid'], 1, -1); /* $hdr_newsgroup = 'alt.test'; $bin_newsgroup = 'alt.test'; */ # If the hashcash doesn't match, we will never post it if (substr(sha1('<' . $spot['newmessageid'] . '>'), 0, 4) != '0000') { $result->addError(_('Hash was not calculated properly')); } # if # Verify several properties from the caller $result->addData('spot', $spot); $result = $this->_spotValidator->verifyTitle($result); $result = $this->_spotValidator->verifyBody($result); $result = $this->_spotValidator->verifyCategories($result); $result = $this->_spotValidator->verifyWebsite($result); $result = $this->_spotValidator->verifyTag($result); /* * Retrieve the spot information from the result, * and remove it again. We do not want to send the * whole spot back to the caller */ $spot = $result->getData('spot'); $result->removeData('spot'); # Read the contents of image so we can check it $imageContents = file_get_contents($imageFilename); # the image should be below 1MB if (strlen($imageContents) > 1024 * 1024) { $result->addError(_('Uploaded image is too large (maximum 1MB)')); } # if /* * Get some image information, if it fails, this is an * error as well */ $tmpGdImageSize = getimagesize($imageFilename); if ($tmpGdImageSize === false) { $result->addError(_('Uploaded image was not recognized as an image')); } else { $imageInfo = array('width' => $tmpGdImageSize[0], 'height' => $tmpGdImageSize[1]); } # if /* * Load the NZB file as an XML file so we can make sure * it's a valid XML and NZB file and we can determine the * filesize */ $nzbFileContents = file_get_contents($nzbFilename); $nzbXml = simplexml_load_string($nzbFileContents); # Do some basic sanity checking for some required NZB elements if (empty($nzbXml->file)) { $result->addError(_('Incorrect NZB file')); } # if # and determine the total filesize $spot['filesize'] = 0; foreach ($nzbXml->file as $file) { foreach ($file->segments->segment as $seg) { $spot['filesize'] += (int) $seg['bytes']; } # foreach } # foreach /* * Make sure we didn't use this messageid recently or at all, this * prevents people from not recalculating the hashcash in order to spam * the system */ if (!$spotDao->isNewSpotMessageIdUnique($spot['newmessageid'])) { $result->addError(_('Replay attack!?')); } # if # Make sure a newmessageid contains a certain length if (strlen($spot['newmessageid']) < 10) { $result->addError(_('MessageID too short!?')); } # if # We require the keyid 7 because it is selfsigned $spot['key'] = 7; # Poster's username $spot['poster'] = $user['username']; # actually post the spot if ($result->isSuccess()) { /* * Retrieve the image information and post the image to * the appropriate newsgroup so we have the messageid list of * images */ $imgSegmentList = $this->_nntp_post->postBinaryMessage($user, $bin_newsgroup, $imageContents, ''); $imageInfo['segments'] = $imgSegmentList; # Post the NZB file to the appropriate newsgroups $nzbSegmentList = $this->_nntp_post->postBinaryMessage($user, $bin_newsgroup, gzdeflate($nzbFileContents), ''); # Convert the current Spotnet info, to an XML structure $spotCreator = new Services_Format_Creation(); $spotXml = $spotCreator->convertSpotToXml($spot, $imageInfo, $nzbSegmentList); $spot['spotxml'] = $spotXml; # And actually post to the newsgroups $this->_nntp_post->postFullSpot($user, $this->_settings->get('privatekey'), $hdr_newsgroup, $spot); $spotDao->addPostedSpot($user['userid'], $spot, $spotXml); } # if return $result; }
public function updateSpotXml($fullSpot, $updatesToApply) { $result = new Dto_FormResult(); /* * before we merge we first want to clean the form from the stuff * we don't want to merge with the original spot */ $spot = $this->cleanseUpdates($updatesToApply); /* * subcat must be an array so let's make it an array if it is not, * otherwise we get in trouble in the verifyCategories() method */ if (!is_array($spot['subcatb'])) { $spot['subcatb'] = array(); } if (!is_array($spot['subcatc'])) { $spot['subcatc'] = array(); } if (!is_array($spot['subcatd'])) { $spot['subcatd'] = array(); } # Verify several properties from the caller $result->addData('spot', $spot); $result = $this->_spotValidator->verifyTitle($result); $result = $this->_spotValidator->verifyBody($result); $result = $this->_spotValidator->verifyCategories($result); $result = $this->_spotValidator->verifyWebsite($result); $result = $this->_spotValidator->verifyTag($result); /* * Retrieve the spot information from the result, * and remove it again. We do not want to send the * whole spot back to the caller */ $spot = $result->getData('spot'); $result->removeData('spot'); if ($result->isSuccess()) { # We now merge the cleaned edit form into the original spot $spot = array_merge($fullSpot, $spot); $imageInfo = array('height' => $spot['image']['height'], 'width' => $spot['image']['width'], 'segments' => $spot['image']['segment']); $nzbSegmentList = $spot['nzb']; # Parse the updated spot to an XML structure $spotCreator = new Services_Format_Creation(); $spotXml = $spotCreator->convertSpotToXml($spot, $imageInfo, $nzbSegmentList); $result->addData('spotxml', $spotXml); } # if return $result; }