/**
* Register the Recaptcha Facade
*
* @return void
*/
public function registerRecaptcha()
{
$this->app['recaptcha'] = $this->app->share(function ($app) {
$config = $app['config'];
return NeutronRecaptcha::create($config->get('recaptcha::public_key'), $config->get('recaptcha::private_key'));
});
}
public function register(Application $app)
{
$app['recaptcha.public-key'] = null;
$app['recaptcha.private-key'] = null;
$app['recaptcha'] = $app->share(function (Application $app) {
return ReCaptcha::create($app['recaptcha.public-key'], $app['recaptcha.private-key']);
});
}
/**
* Checks a request for previous failures
*
* @param string $username
* @param Request $request
*
* @return FailureManager
*
* @throws RequireCaptchaException In case a captcha unlock is required
*/
public function checkFailures($username, Request $request)
{
$failures = $this->repository->findLockedFailuresMatching($username, $request->getClientIp());
if (0 === count($failures)) {
return;
}
if ($this->trials < count($failures) && $this->captcha->isSetup()) {
$response = $this->captcha->bind($request);
if ($response->isValid()) {
foreach ($failures as $failure) {
$failure->setLocked(false);
}
$this->em->flush();
} else {
throw new RequireCaptchaException('Too much failure, require captcha');
}
}
return $this;
}
/**
* Send the comment and attached media to database
*
* @param Media $media
* @param array $data extra data
* @throws CommentSendingDatabaseException
* @throws CommentSendingBannedException
* @throws CommentSendingThreadWithoutMediaException
* @throws CommentSendingSpamException
* @throws CommentSendingImageInGhostException
* @throws CommentSendingNoDelPassException
* @throws CommentSendingThreadClosedException
* @throws CommentSendingRequestCaptchaException
* @throws CommentSendingTimeLimitException
* @throws CommentSendingException
* @throws CommentSendingTooManyCharactersException
* @throws \RuntimeException
* @throws CommentSendingDisplaysEmptyException
* @throws CommentSendingTooManyLinesException
* @throws CommentSendingSameCommentException
* @throws CommentSendingWrongCaptchaException
* @throws CommentSendingUnallowedCapcodeException
* @return array error key with explanation to show to user, or success and post row
*/
public function p_insert(Media $media = null, $data = [])
{
if (isset($data['recaptcha_challenge'])) {
$this->recaptcha_challenge = $data['recaptcha_challenge'];
$this->recaptcha_response = $data['recaptcha_response'];
}
$this->ghost = false;
$this->ghost_exist = false;
$this->allow_media = true;
// some users don't need to be limited, in here go all the ban and posting limitators
if (!$this->getAuth()->hasAccess('comment.limitless_comment')) {
// check if the user is banned
if ($ban = $this->ban_factory->isBanned($this->comment->poster_ip, $this->radix)) {
if ($ban->board_id == 0) {
$banned_string = _i('It looks like you were banned on all boards.');
} else {
$banned_string = _i('It looks like you were banned on /' . $this->radix->shortname . '/.');
}
if ($ban->length) {
$banned_string .= ' ' . _i('This ban will last until:') . ' ' . date(DATE_COOKIE, $ban->start + $ban->length) . '.';
} else {
$banned_string .= ' ' . _i('This ban will last forever.');
}
if ($ban->reason) {
$banned_string .= ' ' . _i('The reason for this ban is:') . ' «' . $ban->reason . '».';
}
if ($ban->appeal_status == Ban::APPEAL_NONE) {
$banned_string .= ' ' . _i('If you\'d like to appeal to your ban, go to the %s page.', '<a href="' . $this->uri->create($this->radix->shortname . '/appeal') . '">' . _i('Appeal') . '</a>');
} elseif ($ban->appeal_status == Ban::APPEAL_PENDING) {
$banned_string .= ' ' . _i('Your appeal is pending.');
}
throw new CommentSendingBannedException($banned_string);
}
}
// check if it's a thread and its status
if ($this->comment->thread_num > 0) {
try {
$thread = Board::forge($this->getContext())->getThread($this->comment->thread_num)->setRadix($this->radix);
$status = $thread->getThreadStatus();
} catch (BoardException $e) {
throw new CommentSendingException($e->getMessage());
}
if ($status['closed']) {
throw new CommentSendingThreadClosedException(_i('The thread is closed.'));
}
$this->ghost = $status['dead'];
$this->ghost_exist = $status['ghost_exist'];
$this->allow_media = !$status['disable_image_upload'];
}
foreach (['name', 'email', 'title', 'comment', 'capcode'] as $key) {
$this->comment->{$key} = trim((string) $this->comment->{$key});
}
$this->comment->setDelpass(trim((string) $this->comment->getDelPass()));
// some users don't need to be limited, in here go all the ban and posting limitators
if (!$this->getAuth()->hasAccess('comment.limitless_comment')) {
if ($this->comment->thread_num < 1) {
// one can create a new thread only once every 5 minutes
$check_op = $this->dc->qb()->select('*')->from($this->radix->getTable(), 'r')->where('r.poster_ip = :poster_ip')->andWhere('r.timestamp > :timestamp')->andWhere('r.op = :op')->setParameters([':poster_ip' => $this->comment->poster_ip, ':timestamp' => time() - $this->radix->getValue('cooldown_new_thread'), ':op' => true])->setMaxResults(1)->execute()->fetch();
if ($check_op) {
throw new CommentSendingTimeLimitException(_i('You must wait up to %d minutes to make another new thread.', ceil($this->radix->getValue('cooldown_new_thread') / 60)));
}
}
// check the latest posts by the user to see if he's posting the same message or if he's posting too fast
$check = $this->dc->qb()->select('*')->from($this->radix->getTable(), 'r')->where('poster_ip = :poster_ip')->orderBy('timestamp', 'DESC')->setMaxResults(1)->setParameter(':poster_ip', $this->comment->poster_ip)->execute()->fetch();
if ($check) {
if ($this->comment->comment !== null && $check['comment'] === $this->comment->comment) {
throw new CommentSendingSameCommentException(_i('You\'re sending the same comment as the last time'));
}
$check_time = $this->getRadixTime();
if ($check_time - $check['timestamp'] < $this->radix->getValue('cooldown_new_comment') && $check_time - $check['timestamp'] > 0) {
throw new CommentSendingTimeLimitException(_i('You must wait up to %d seconds to post again.', $this->radix->getValue('cooldown_new_comment')));
}
}
// we want to know if the comment will display empty, and in case we won't let it pass
$comment_parsed = $this->processComment();
if ($this->comment->comment !== '' && $comment_parsed === '') {
throw new CommentSendingDisplaysEmptyException(_i('This comment would display empty.'));
}
// clean up to reset eventual auto-built entries
$this->comment->clean();
if ($this->recaptcha_challenge && $this->recaptcha_response && $this->preferences->get('foolframe.auth.recaptcha_public', false)) {
$recaptcha = ReCaptcha::create($this->preferences->get('foolframe.auth.recaptcha_public'), $this->preferences->get('foolframe.auth.recaptcha_private'));
$recaptcha_result = $recaptcha->checkAnswer(Inet::dtop($this->comment->poster_ip), $this->recaptcha_challenge, $this->recaptcha_response);
if (!$recaptcha_result->isValid()) {
throw new CommentSendingWrongCaptchaException(_i('Incorrect CAPTCHA solution.'));
}
} elseif ($this->preferences->get('foolframe.auth.recaptcha_public')) {
// if there wasn't a recaptcha input, let's go with heavier checks
if (substr_count($this->comment->comment, 'http') >= $this->radix->getValue('captcha_comment_link_limit')) {
throw new CommentSendingRequestCaptchaException();
}
// bots usually fill all the fields
if ($this->comment->comment && $this->comment->title && $this->comment->email) {
throw new CommentSendingRequestCaptchaException();
}
// bots usually try various BBC, this checks if there's unparsed BBC after parsing it
if ($comment_parsed !== '' && substr_count($comment_parsed, '[') + substr_count($comment_parsed, ']') > 4) {
throw new CommentSendingRequestCaptchaException();
}
}
// load the spam list and check comment, name, title and email
$spam = array_filter(preg_split('/\\r\\n|\\r|\\n/', file_get_contents(ASSETSPATH . 'packages/anti-spam/databases/urls.dat')));
foreach ($spam as $s) {
if (strpos($this->comment->comment, $s) !== false || strpos($this->comment->name, $s) !== false || strpos($this->comment->title, $s) !== false || strpos($this->comment->email, $s) !== false) {
throw new CommentSendingSpamException(_i('Your post has undesidered content.'));
}
}
// check entire length of comment
if (mb_strlen($this->comment->comment, 'utf-8') > $this->radix->getValue('max_comment_characters_allowed')) {
throw new CommentSendingTooManyCharactersException(_i('Your comment has too many characters'));
}
// check total numbers of lines in comment
if (count(explode("\n", $this->comment->comment)) > $this->radix->getValue('max_comment_lines_allowed')) {
throw new CommentSendingTooManyLinesException(_i('Your comment has too many lines.'));
}
}
\Foolz\Plugin\Hook::forge('Foolz\\Foolslide\\Model\\CommentInsert::insert.call.after.input_checks')->setObject($this)->execute();
// process comment name+trip
if ($this->comment->name === '') {
$this->comment->name = $this->radix->getValue('anonymous_default_name');
$this->comment->trip = null;
} else {
$this->processName();
if ($this->comment->trip === '') {
$this->comment->trip = null;
}
}
foreach (['email', 'title', 'comment'] as $key) {
if ($this->comment->{$key} === '') {
$this->comment->{$key} = null;
}
}
// process comment password
if ($this->comment->getDelpass() === '') {
throw new CommentSendingNoDelPassException(_i('You must submit a deletion password.'));
}
$pass = password_hash($this->comment->getDelpass(), PASSWORD_BCRYPT, ['cost' => 10]);
if ($this->comment->getDelpass() === false) {
throw new \RuntimeException('Password hashing failed');
}
$this->comment->setDelpass($pass);
if ($this->comment->capcode != '') {
$allowed_capcodes = ['N'];
if ($this->getAuth()->hasAccess('comment.mod_capcode')) {
$allowed_capcodes[] = 'M';
}
if ($this->getAuth()->hasAccess('comment.admin_capcode')) {
$allowed_capcodes[] = 'A';
}
if ($this->getAuth()->hasAccess('comment.dev_capcode')) {
$allowed_capcodes[] = 'D';
}
if (!in_array($this->comment->capcode, $allowed_capcodes)) {
throw new CommentSendingUnallowedCapcodeException(_i('You\'re not allowed to use this capcode.'));
}
} else {
$this->comment->capcode = 'N';
}
$microtime = str_replace('.', '', (string) microtime(true));
$this->comment->timestamp = substr($microtime, 0, 10);
$this->comment->op = (bool) (!$this->comment->thread_num);
if ($this->radix->getValue('enable_flags')) {
$reader = new Reader($this->preferences->get('foolframe.maxmind.geoip2_db_path'));
try {
$record = $reader->country(Inet::dtop($this->comment->poster_ip));
$this->comment->poster_country = strtolower($record->country->isoCode);
} catch (AddressNotFoundException $e) {
$this->comment->poster_country = 'xx';
}
}
// process comment media
if ($media !== null) {
// if uploading an image with OP is prohibited
if (!$this->comment->thread_num && $this->radix->getValue('op_image_upload_necessity') === 'never') {
throw new CommentSendingException(_i('You can\'t start a new thread with an image.'));
}
if (!$this->allow_media) {
if ($this->ghost) {
throw new CommentSendingImageInGhostException(_i('You can\'t post images when the thread is in ghost mode.'));
} else {
throw new CommentSendingException(_i('This thread has reached its image limit.'));
}
}
try {
$media->insert($microtime, $this->comment->op);
$this->media = $media->media;
} catch (MediaInsertException $e) {
throw new CommentSendingException($e->getMessage());
}
} else {
// if the user is forced to upload an image when making a new thread
if (!$this->comment->thread_num && $this->radix->getValue('op_image_upload_necessity') === 'always') {
throw new CommentSendingThreadWithoutMediaException(_i('You can\'t start a new thread without an image.'));
}
// in case of no media, check comment field again for null
if ($this->comment->comment === null) {
throw new CommentSendingDisplaysEmptyException(_i('This comment would display empty.'));
}
$this->media = $this->bulk->media = new MediaData();
}
// 2ch-style codes, only if enabled
if ($this->comment->thread_num && $this->radix->getValue('enable_poster_hash')) {
$this->comment->poster_hash = substr(substr(crypt(md5($this->comment->poster_ip . 'id' . $this->comment->thread_num), 'id'), +3), 0, 8);
}
$this->comment->timestamp = $this->getRadixTime($this->comment->timestamp);
\Foolz\Plugin\Hook::forge('Foolz\\Foolslide\\Model\\CommentInsert::insert.call.before.sql')->setObject($this)->execute();
// being processing insert...
if ($this->ghost) {
$num = '
(
SELECT MAX(num) AS num
FROM (
(
SELECT num
FROM ' . $this->radix->getTable() . ' xr
WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . '
)
UNION
(
SELECT num
FROM ' . $this->radix->getTable('_deleted') . ' xrd
WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . '
)
) x
)';
$subnum = '
(
SELECT MAX(subnum) + 1 AS subnum
FROM (
(
SELECT subnum
FROM ' . $this->radix->getTable() . ' xxr
WHERE num = (
SELECT MAX(num)
FROM (
(
SELECT num
FROM ' . $this->radix->getTable() . ' xxxr
WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . '
)
UNION
(
SELECT num
FROM ' . $this->radix->getTable('_deleted') . ' xxxrd
WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . '
)
) xxx
)
)
UNION
(
SELECT subnum
FROM ' . $this->radix->getTable('_deleted') . ' xxdr
WHERE num = (
SELECT MAX(num)
FROM (
(
SELECT num
FROM ' . $this->radix->getTable() . ' xxxr
WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . '
)
UNION
(
SELECT num
FROM ' . $this->radix->getTable('_deleted') . ' xxxdrd
WHERE thread_num = ' . $this->dc->getConnection()->quote($this->comment->thread_num) . '
)
) xxxd
)
)
) xx
)';
$thread_num = $this->comment->thread_num;
} else {
$num = '
(
SELECT MAX(num) + 1 AS num
FROM (
(
SELECT COALESCE(MAX(num), 0) AS num
FROM ' . $this->radix->getTable() . ' xr
)
UNION
(
SELECT COALESCE(MAX(num), 0) AS num
FROM ' . $this->radix->getTable('_deleted') . ' xdr
)
) x
)';
$subnum = 0;
if ($this->comment->thread_num > 0) {
$thread_num = $this->dc->getConnection()->quote($this->comment->thread_num);
} else {
$thread_num = '
(
SELECT MAX(thread_num) + 1 AS thread_num
FROM (
(
SELECT COALESCE(MAX(num), 0) as thread_num
FROM ' . $this->radix->getTable() . ' xxr
)
UNION
(
SELECT COALESCE(MAX(num), 0) as thread_num
FROM ' . $this->radix->getTable('_deleted') . ' xxdr
)
) xx
)';
}
}
try {
$query_fields = ['num' => $num, 'subnum' => $subnum, 'thread_num' => $thread_num];
$fields = ['media_id' => $this->media->media_id ? $this->media->media_id : 0, 'op' => (int) $this->op, 'timestamp' => $this->comment->timestamp, 'capcode' => $this->comment->capcode, 'email' => $this->comment->email, 'name' => $this->comment->name, 'trip' => $this->comment->trip, 'title' => $this->comment->title, 'comment' => $this->comment->comment, 'delpass' => $this->comment->getDelpass(), 'spoiler' => (int) $this->media->spoiler, 'poster_ip' => $this->comment->poster_ip, 'poster_hash' => $this->comment->poster_hash, 'poster_country' => $this->comment->poster_country, 'preview_orig' => $this->media->preview_orig, 'preview_w' => $this->media->preview_w, 'preview_h' => $this->media->preview_h, 'media_filename' => $this->media->media_filename, 'media_w' => $this->media->media_w, 'media_h' => $this->media->media_h, 'media_size' => $this->media->media_size, 'media_hash' => $this->media->media_hash, 'media_orig' => $this->media->media_orig, 'exif' => $this->media->exif !== null ? @json_encode($this->media->exif) : null, 'timestamp_expired' => 0];
foreach ($fields as $key => $item) {
if ($item === null) {
$fields[$key] = 'null';
} else {
$fields[$key] = $this->dc->getConnection()->quote($item);
}
}
$fields = $query_fields + $fields;
$this->dc->getConnection()->beginTransaction();
$this->dc->getConnection()->executeUpdate('INSERT INTO ' . $this->radix->getTable() . ' (' . implode(', ', array_keys($fields)) . ') VALUES (' . implode(', ', array_values($fields)) . ')');
$last_id = $this->dc->getConnection()->lastInsertId($this->radix->getTable('_doc_id_seq'));
$comment = $this->dc->qb()->select('*')->from($this->radix->getTable(), 'r')->where('doc_id = :doc_id')->setParameter(':doc_id', $last_id)->execute()->fetchAll();
$this->bulk->import($comment[0], $this->radix);
if (!$this->radix->archive) {
$this->insertTriggerThreads();
$this->insertTriggerDaily();
$this->insertTriggerUsers();
}
// update poster_hash for op posts
if ($this->comment->op && $this->radix->getValue('enable_poster_hash')) {
$this->comment->poster_hash = substr(substr(crypt(md5($this->comment->poster_ip . 'id' . $this->comment->thread_num), 'id'), 3), 0, 8);
$this->dc->qb()->update($this->radix->getTable(), 'ph')->set('poster_hash', $this->dc->getConnection()->quote($this->comment->poster_hash))->where('doc_id = :doc_id')->setParameter(':doc_id', $this->comment->doc_id)->execute();
}
$this->dc->getConnection()->commit();
// clean up some caches
Cache::item('foolslide.model.board.getThreadComments.thread.' . md5(serialize([$this->radix->shortname, $this->comment->thread_num])))->delete();
// clean up the 10 first pages of index and gallery that are cached
for ($i = 1; $i <= 10; $i++) {
Cache::item('foolslide.model.board.getLatestComments.query.' . $this->radix->shortname . '.by_post.' . $i)->delete();
Cache::item('foolslide.model.board.getLatestComments.query.' . $this->radix->shortname . '.by_thread.' . $i)->delete();
Cache::item('foolslide.model.board.getThreadsComments.query.' . $this->radix->shortname . '.' . $i)->delete();
}
} catch (\Doctrine\DBAL\DBALException $e) {
$this->logger->error('\\Foolz\\Foolslide\\Model\\CommentInsert: ' . $e->getMessage());
$this->dc->getConnection()->rollBack();
throw new CommentSendingDatabaseException(_i('Something went wrong when inserting the post in the database. Try again.'));
}
return $this;
}
public function action_register()
{
if ($this->getAuth()->hasAccess('maccess.user')) {
return $this->redirectToAdmin();
}
if ($this->preferences->get('foolframe.auth.disable_registration')) {
throw new NotFoundHttpException();
}
if ($this->getPost() && !$this->security->checkCsrfToken($this->getRequest())) {
$this->notices->set('warning', _i('The security token wasn\'t found. Try resubmitting.'));
} elseif ($this->getPost()) {
$input = $this->getPost();
$recaptcha = true;
if ($this->preferences->get('foolframe.auth.recaptcha_public', false)) {
$recaptcha_obj = ReCaptcha::create($this->preferences->get('foolframe.auth.recaptcha_public'), $this->preferences->get('foolframe.auth.recaptcha_private'));
$recaptcha_result = $recaptcha_obj->checkAnswer($this->getRequest()->getClientIp(), $this->getPost('recaptcha_challenge_field'), $this->getPost('recaptcha_response_field'));
if (!$recaptcha_result->isValid()) {
$recaptcha = false;
}
}
if (!$recaptcha) {
$this->notices->set('error', _i('The reCAPTCHA code entered does not match the one displayed.'));
} else {
$validator = new Validator();
$validator->add('username', _i('Username'), [new Assert\NotBlank(), new Assert\Length(['min' => 4, 'max' => 32])])->add('email', _i('Email'), [new Assert\NotBlank(), new Assert\Email()])->add('password', _i('Password'), [new Assert\NotBlank(), new Assert\Length(['min' => 4, 'max' => 64])])->add('confirm_password', _i('Confirm Password'), [new EqualsField(['field' => _i('Password'), 'value' => $this->getPost('password')])])->validate($input);
if (!$validator->getViolations()->count() && $input['password'] === $input['confirm_password']) {
try {
list($id, $activation_key) = $this->getAuth()->createUser($input['username'], $input['password'], $input['email']);
} catch (Auth\UpdateException $e) {
$this->notices->setFlash('error', $e->getMessage());
return $this->redirect('admin/account/register');
}
// activate or send activation email
if (!$activation_key) {
$this->notices->setFlash('success', _i('Congratulations! You have successfully registered.'));
} else {
$from = 'no-reply@' . (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'no-email-assigned');
$title = $this->preferences->get('foolframe.gen.website_title') . ' - ' . _i('Account Activation');
$this->builder->createLayout('email');
$this->builder->getProps()->setTitle([$title]);
$this->builder->createPartial('body', 'account/email/activation')->getParamManager()->setParams(['title' => $title, 'site' => $this->preferences->get('foolframe.gen.website_title'), 'username' => $input['username'], 'link' => $this->uri->create('admin/account/activate/' . $id . '/' . $activation_key)]);
$message = $this->mailer->create()->setFrom([$from => $this->preferences->get('foolframe.gen.website_title')])->setTo($input['email'])->setSubject($title)->setBody($this->builder->build(), 'text/html');
if ($this->mailer->send($message) !== 1) {
// the email driver was unable to send the email. the account will be activated automatically.
$this->getAuth()->activateUser($id, $activation_key);
$this->notices->setFlash('success', _i('Congratulations! You have successfully registered.'));
$this->getContext()->getService('logger')->error('The system was unable to send an activation email to ' . $input['username'] . '. The account was activated automatically.');
return $this->redirect('admin/account/login');
}
$this->notices->setFlash('success', _i('Congratulations! You have successfully registered. Please check your email to activate your account.'));
}
return $this->redirectToLogin();
} else {
$this->notices->set('error', $validator->getViolations()->getHtml());
}
}
}
$this->param_manager->setParam('method_title', _i('Register'));
$this->builder->createLayout('account');
$this->builder->createPartial('body', 'account/register');
return new Response($this->builder->build());
}
/** @test */
public function bindShouldMapTheCorrectFields()
{
$challenge = 'challenger';
$userresponse = 'responser';
$ip = '192.168.17.24';
$httprequest = new Request(array(), array('recaptcha_challenge_field' => $challenge, 'recaptcha_response_field' => $userresponse), array(), array(), array(), array('REMOTE_ADDR' => $ip));
$catchParameters = null;
$request = $this->getMock('Guzzle\\Http\\Message\\EntityEnclosingRequestInterface');
$request->expects($this->once())->method('addPostFields')->will($this->returnCallback(function ($parameters) use(&$catchParameters) {
$catchParameters = $parameters;
}));
$response = $this->getmockBuilder('Guzzle\\Http\\Message\\Response')->disableOriginalConstructor()->getMock();
$responseData = "true";
$response->expects($this->once())->method('getBody')->with($this->equalTo(true))->will($this->returnValue($responseData));
$request->expects($this->once())->method('send')->will($this->returnValue($response));
$client = $this->getClientMock();
$client->expects($this->once())->method('post')->will($this->returnValue($request));
$recaptcha = new ReCaptcha($client, 'pub', 'private');
$answer = $recaptcha->bind($httprequest);
$this->assertInternalType('array', $catchParameters);
$this->assertArrayHasKey('challenge', $catchParameters);
$this->assertArrayHasKey('response', $catchParameters);
$this->assertEquals($challenge, $catchParameters['challenge']);
$this->assertEquals($userresponse, $catchParameters['response']);
$this->assertEquals($ip, $catchParameters['remoteip']);
$this->assertInstanceOf('Neutron\\ReCaptcha\\Response', $answer);
$this->assertTrue($answer->isValid());
}
