function performAndPrintTests() { global $settings; global $_testInstall_Ok; /* * Load all the SSL signing code, we need it to create a private key */ require_once "lib/services/Signing/Services_Signing_Base.php"; require_once "lib/services/Signing/Services_Signing_Php.php"; require_once "lib/services/Signing/Services_Signing_Openssl.php"; $spotSigning = Services_Signing_Base::factory(); $privKey = $spotSigning->createPrivateKey($settings['openssl_cnf_path']); /* We need either one of those 3 extensions, so set the error flag manually */ if (!extension_loaded('openssl') && !extension_loaded('gmp') && !extension_loaded('bcmath')) { $_testInstall_Ok = false; } # if /* * Try to create the cache directory */ @mkdir('./cache', 0777); /* * Load the template */ showTemplate("step-001.inc.php", array('privKey' => $privKey)); }
function render() { # Make sure the result is set to 'not comitted' per default $result = new Dto_FormResult('notsubmitted'); # Validate proper permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_comment, ''); $spotParseUtil = new Services_Format_Util(); $spotSigning = Services_Signing_Base::factory(); $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); /* * Make sure we have the template for the comment form * so our view can always render properties */ $comment = array('body' => '', 'rating' => 0, 'inreplyto' => $this->_inReplyTo, 'newmessageid' => '', 'randomstr' => ''); # set the page title $this->_pageTitle = "spot: post comment"; /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_commentForm['action']; if ($formAction == 'post') { # Make sure we use valid forms $comment = array_merge($comment, $this->_commentForm); # validate whether we can post comments, if so, do this $svcPostComment = new Services_Posting_Comment($this->_daoFactory, $this->_settings); $result = $svcPostComment->postComment($svcUserRecord, $this->_currentSession['user'], $comment); if ($result->isSuccess()) { /* Format the body so we can have smilies and stuff be shown in the template */ $tmpBody = $this->_tplHelper->formatContent($comment['body']); /* Try to create the avatar */ if (!empty($this->_currentSession['user']['avatar'])) { $comment['user-avatar'] = $this->_currentSession['user']['avatar']; } else { $comment['user-key'] = $spotSigning->getPublicKey($this->_currentSession['user']['publickey']); } # else $commentImage = $this->_tplHelper->makeCommenterImageUrl($comment); /* and return the result to the system */ $result->addData('user', $this->_currentSession['user']['username']); $result->addData('spotterid', $spotParseUtil->calculateSpotterId($comment['user-key']['modulo'])); $result->addData('rating', $comment['rating']); $result->addData('body', $tmpBody); $result->addData('commentimage', $commentImage); } # if } # if #- display stuff -# $this->template('postcomment', array('postcommentform' => $comment, 'result' => $result)); }
public function createUserRecord(array $spotUser) { $result = new Dto_FormResult(); $spotUser['userid'] = false; /* * Create a random password for this user */ $spotUser['newpassword1'] = substr(Services_User_Util::generateUniqueId(), 1, 9); $spotUser['newpassword2'] = $spotUser['newpassword1']; /* * Validate several properties of the user, we share * this code with the user editor */ $result->mergeResult($this->validateUserRecord($spotUser, false)); /* * Make sure no other user exists with the same username */ $userIdForName = $this->_userDao->findUserIdForName($spotUser['username']); if (!empty($userIdForName)) { $result->addError(sprintf(_("'%s' already exists"), $spotUser['username'])); } # if if ($result->isSuccess()) { # Create a private and public key pair for this user $spotSigning = Services_Signing_Base::factory(); $userKey = $spotSigning->createPrivateKey($this->_settings->get('openssl_cnf_path')); $spotUser['publickey'] = $userKey['public']; $spotUser['privatekey'] = $userKey['private']; # Actually add the user $spotUser['userid'] = $this->addUser($spotUser); /* * We assume the user was successfully added, all validation is done at * a higher level, and addUser() will throw an exception if something is * seriously wrong */ $result->addData('userid', $spotUser['userid']); $result->addData('username', $spotUser['username']); $result->addData('password', $spotUser['newpassword1']); $result->addData('userrecord', $spotUser); $result->addInfo(sprintf(_("User <strong>"%s"</strong> successfully added"), $spotUser['username'])); $result->addInfo(sprintf(_("Password: <strong>"%s"</strong>"), $spotUser['newpassword1'])); $result->setResult('success'); } # if return $result; }
function __construct() { $this->_spotSigning = Services_Signing_Base::factory(); $this->_util = new Services_Format_Util(); }
function createServerKeys($openSslCnfPath) { $spotSigning = Services_Signing_Base::factory(); $x = $spotSigning->createPrivateKey($openSslCnfPath); $this->setIfNot('publickey', $x['public']); $this->setIfNot('privatekey', $x['private']); }
function updateUserPreferences() { $userList = $this->_userDao->getUserList(); # loop through every user and fix it foreach ($userList as $user) { /* * Because we do not get all users' properties from * getUserList, retrieve the users' settings from scratch */ $user = $this->_userDao->getUser($user['userid']); # set the users' preferences $this->setSettingIfNot($user['prefs'], 'perpage', 25); $this->setSettingIfNot($user['prefs'], 'date_formatting', 'human'); $this->setSettingIfNot($user['prefs'], 'normal_template', 'we1rdo'); $this->setSettingIfNot($user['prefs'], 'mobile_template', 'mobile'); $this->setSettingIfNot($user['prefs'], 'tablet_template', 'we1rdo'); $this->setSettingIfNot($user['prefs'], 'count_newspots', true); $this->setSettingIfNot($user['prefs'], 'mouseover_subcats', true); $this->setSettingIfNot($user['prefs'], 'keep_seenlist', true); $this->setSettingIfNot($user['prefs'], 'auto_markasread', true); $this->setSettingIfNot($user['prefs'], 'keep_downloadlist', true); $this->setSettingIfNot($user['prefs'], 'keep_watchlist', true); $this->setSettingIfNot($user['prefs'], 'nzb_search_engine', 'nzbindex'); $this->setSettingIfNot($user['prefs'], 'show_filesize', true); $this->setSettingIfNot($user['prefs'], 'show_reportcount', true); $this->setSettingIfNot($user['prefs'], 'minimum_reportcount', 1); $this->setSettingIfNot($user['prefs'], 'show_nzbbutton', true); $this->setSettingIfNot($user['prefs'], 'show_multinzb', true); $this->setSettingIfNot($user['prefs'], 'customcss', ''); $this->setSettingIfNot($user['prefs'], 'newspotdefault_tag', $user['username']); $this->setSettingIfNot($user['prefs'], 'newspotdefault_body', ''); $this->setSettingIfNot($user['prefs'], 'user_language', 'en_US'); $this->setSettingIfNot($user['prefs'], 'show_avatars', true); $this->setSettingIfNot($user['prefs'], 'usemailaddress_for_gravatar', true); $this->setSettingIfNot($user['prefs']['nzbhandling'], 'action', 'disable'); $this->setSettingIfNot($user['prefs']['nzbhandling'], 'local_dir', '/tmp'); $this->setSettingIfNot($user['prefs']['nzbhandling'], 'prepare_action', 'merge'); $this->setSettingIfNot($user['prefs']['nzbhandling'], 'command', ''); $this->setSettingIfNot($user['prefs']['nzbhandling']['sabnzbd'], 'url', ''); $this->setSettingIfNot($user['prefs']['nzbhandling']['sabnzbd'], 'apikey', ''); $this->setSettingIfNot($user['prefs']['nzbhandling']['sabnzbd'], 'username', ''); $this->setSettingIfNot($user['prefs']['nzbhandling']['sabnzbd'], 'password', ''); $this->setSettingIfNot($user['prefs']['nzbhandling']['nzbget'], 'host', ''); $this->setSettingIfNot($user['prefs']['nzbhandling']['nzbget'], 'port', ''); $this->setSettingIfNot($user['prefs']['nzbhandling']['nzbget'], 'username', ''); $this->setSettingIfNot($user['prefs']['nzbhandling']['nzbget'], 'password', ''); $this->setSettingIfNot($user['prefs']['nzbhandling']['nzbget'], 'timeout', 15); $this->setSettingIfNot($user['prefs']['notifications']['boxcar'], 'email', ''); $this->setSettingIfNot($user['prefs']['notifications']['growl'], 'host', ''); $this->setSettingIfNot($user['prefs']['notifications']['growl'], 'password', ''); $this->setSettingIfNot($user['prefs']['notifications']['nma'], 'api', ''); $this->setSettingIfNot($user['prefs']['notifications']['notifo'], 'username', ''); $this->setSettingIfNot($user['prefs']['notifications']['notifo'], 'api', ''); $this->setSettingIfNot($user['prefs']['notifications']['prowl'], 'apikey', ''); $this->setSettingIfNot($user['prefs']['notifications']['twitter'], 'screen_name', ''); $this->setSettingIfNot($user['prefs']['notifications']['twitter'], 'request_token', ''); $this->setSettingIfNot($user['prefs']['notifications']['twitter'], 'request_token_secret', ''); $this->setSettingIfNot($user['prefs']['notifications']['twitter'], 'access_token', ''); $this->setSettingIfNot($user['prefs']['notifications']['twitter'], 'access_token_secret', ''); $notifProviders = Notifications_Factory::getActiveServices(); foreach ($notifProviders as $notifProvider) { $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider], 'enabled', false); $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider]['events'], 'watchlist_handled', false); $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider]['events'], 'nzb_handled', false); $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider]['events'], 'retriever_finished', false); $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider]['events'], 'report_posted', false); $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider]['events'], 'spot_posted', false); $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider]['events'], 'user_added', false); $this->setSettingIfNot($user['prefs']['notifications'][$notifProvider]['events'], 'newspots_for_filter', false); } // foreach # make sure a sort preference is defined. An empty field means relevancy $this->setSettingIfNot($user['prefs'], 'defaultsortfield', ''); # Remove deprecated preferences $this->unsetSetting($user['prefs'], 'search_url'); $this->unsetSetting($user['prefs'], 'template'); $this->unsetSetting($user['prefs']['notifications'], 'libnotify'); # Make sure the user has a valid RSA key if ($user['userid'] > 2) { $rsaKey = $this->_userDao->getUserPrivateRsaKey($user['userid']); if (empty($rsaKey)) { # Creer een private en public key paar voor deze user $spotSigning = Services_Signing_Base::factory(); $userKey = $spotSigning->createPrivateKey($this->_settings->get('openssl_cnf_path')); $this->_userDao->setUserRsaKeys($user['userid'], $userKey['public'], $userKey['private']); } # if } # if /* * In earlier versions, we always appended "sabnzbd/" to the URL, so we do this once * manually */ if ($this->_settings->get('securityversion') < 0.31) { if (!empty($user['prefs']['nzbhandling']['sabnzbd']['url'])) { $user['prefs']['nzbhandling']['sabnzbd']['url'] = $user['prefs']['nzbhandling']['sabnzbd']['url'] . 'sabnzbd/'; } # if } # if # update the user record in the database $this->_userDao->setUser($user); } # foreach }
public function readFullSpot($msgId) { # initialize some variables $spotSigning = Services_Signing_Base::factory(); $spot = array('fullxml' => '', 'user-signature' => '', 'user-key' => '', 'verified' => false, 'messageid' => $msgId, 'spotterid' => '', 'xml-signature' => '', 'moderated' => 0, 'user-avatar' => '', 'newsreader' => ''); /* * Retrieve the header of the given spot */ $header = $this->_nntpEngine->getHeader('<' . $msgId . '>'); $spot = array_merge($spot, $this->parseHeader($header, $spot)); /* * Validate the XML signature of the spot */ $spot['verified'] = $spotSigning->verifyFullSpot($spot); /* * if the spot is verified, lets calculate the spotterid as well * so the user can safely store it in the database */ if ($spot['verified']) { $spot['spotterid'] = $this->_spotParseUtil->calculateSpotterId($spot['user-key']['modulo']); } # if /* * Some spots are very large bcause they are spammy. if so, we skip them to * prevent memory and database issues */ if (strlen($spot['fullxml']) > 1024 * 50) { return false; } # if /* * Parse the XML structure of the spot, technically not necessary */ $spotParser = new Services_Format_Parsing(); $spot = array_merge($spotParser->parseFull($spot['fullxml']), $spot); return $spot; }
function getCleanRandomString($len) { $spotParseUtil = new Services_Format_Util(); $spotSigning = Services_Signing_Base::factory(); return substr($spotParseUtil->spotPrepareBase64(base64_encode($spotSigning->makeRandomStr($len))), 0, $len); }
public function postFullSpot($user, $serverPrivKey, $newsgroup, $spot) { # instantiate the necessary objects $spotSigning = Services_Signing_Base::factory(); /* * Create the spotnet from header part accrdoing to the following structure: * From: [Nickname] <[PUBLICKEY-MODULO.USERSIGNATURE]@[CAT][KEY-ID][SUBCAT].[SIZE].[RANDOM].[DATE].[CUSTOM-ID].[CUSTOM-VALUE].[SIGNATURE]> */ $spotHeader = $spot['category'] + 1 . $spot['key']; // Append the category and keyid # Process each subcategory and add them to the from header foreach ($spot['subcatlist'] as $subcat) { $spotHeader .= $subcat[0] . str_pad(substr($subcat, 1), 2, '0', STR_PAD_LEFT); } # foreach $spotHeader .= '.' . $spot['filesize']; $spotHeader .= '.' . 10; // some kind of magic number? $spotHeader .= '.' . time(); $spotHeader .= '.' . $spotSigning->makeRandomStr(4); $spotHeader .= '.' . $spotSigning->makeRandomStr(3); # If a tag is given, add it to the subject if (strlen(trim($spot['tag'])) > 0) { $spot['title'] = $spot['title'] . ' | ' . $spot['tag']; } # if # Create the user-signature $user_signature = $spotSigning->signMessage($user['privatekey'], '<' . $spot['newmessageid'] . '>'); $header = 'X-User-Signature: ' . $this->_spotParseUtil->spotPrepareBase64($user_signature['signature']) . "\r\n"; $header .= 'X-User-Key: ' . $spotSigning->pubkeyToXml($user_signature['publickey']) . "\r\n"; # sign the header by using the users' key $header_signature = $spotSigning->signMessage($user['privatekey'], $spot['title'] . $spotHeader . $spot['poster']); # sign the XML with the users' key $xml_signature = $spotSigning->signMessage($user['privatekey'], $spot['spotxml']); # Extract the users' publickey $userPubKey = $spotSigning->getPublicKey($user['privatekey']); # Create the From header $spotnetFrom = $user['username'] . ' <' . $this->_spotParseUtil->spotPrepareBase64($userPubKey['modulo']) . '.' . $this->_spotParseUtil->spotPrepareBase64($user_signature['signature']) . '@'; $header = 'From: ' . $spotnetFrom . $spotHeader . '.' . $this->_spotParseUtil->spotPrepareBase64($header_signature['signature']) . ">\r\n"; # Add the Spotnet XML file, but split it in chunks of 900 characters $tmpXml = explode("\r\n", $this->safe_chunk($spot['spotxml'], 900)); foreach ($tmpXml as $xmlChunk) { if (strlen(trim($xmlChunk)) > 0) { $header .= 'X-XML: ' . $xmlChunk . "\r\n"; } # if } # foreach $header .= 'X-XML-Signature: ' . $this->_spotParseUtil->spotPrepareBase64($xml_signature['signature']) . "\r\n"; # post the message return $this->postSignedMessage($user, $serverPrivKey, $newsgroup, $spot, $header); }
function connect(array $groupList) { # if an retriever instance is already running, stop this one if (!$this->_force && $this->_usenetStateDao->isRetrieverRunning()) { throw new RetrieverRunningException(); } # if /* * and notify the system we are running */ $this->_usenetStateDao->setRetrieverRunning(true); # and fireup the nntp connection if (!Services_Signing_Base::factory() instanceof Services_Signing_Openssl) { $this->displayStatus('slowphprsa', ''); } # if $this->displayStatus("lastretrieve", $this->_usenetStateDao->getLastUpdate(Dao_UsenetState::State_Spots)); $this->displayStatus("start", $this->_textServer['host']); /* * Select the group. We don't need the bin selectGroup() command per se, as * we use articleid's there. We do however want to select it, because * the sendNoop() call uses a selectgroup and some usenet servers require it. */ $this->_msgdata = $this->_svcNntpText->selectGroup($groupList['text']); if (!empty($groupList['bin'])) { $this->_svcNntpBin->selectGroup($groupList['bin']); } # if return $this->_msgdata; }