public function postSpamReport(Services_User_Record $svcUserRecord, array $user, array $report)
{
$result = new Dto_FormResult();
$spotReportDao = $this->_daoFactory->getSpotReportDao();
# Make sure the anonymous user and reserved usernames cannot post content
if (!$svcUserRecord->allowedToPost($user)) {
$result->addError(_("You need to login to be able to report spam"));
}
# if
# Retrieve the users' private key
$user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']);
# Make sure no spam report has already been posted by this user to prevent flooding
if ($spotReportDao->isReportPlaced($report['inreplyto'], $user['userid'])) {
$result->addError(_('This spot has already been reported'));
}
# if
/*
* We'll get the messageid's with <>'s but we always strip
* them in Spotweb, so remove them
*/
$report['newmessageid'] = substr($report['newmessageid'], 1, -1);
# retrieve the spot this is a report of
$svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory, $this->_nntp_hdr);
$fullSpot = $svcProvFullSpot->fetchFullSpot($report['inreplyto'], $user['userid']);
# we won't bother when the hashcash is not properly calculcated
if (substr(sha1('<' . $report['newmessageid'] . '>'), 0, 4) != '0000') {
$result->addError(_('Hash was not calculated properly'));
}
# if
# Body cannot be empty or very short
$report['body'] = trim($report['body']);
if (strlen($report['body']) < 2) {
$result->addError(_('Please provide a reason why this Spot should be reported'));
}
# if
# controleer dat de messageid waarop we replyen overeenkomt
# met het newMessageid om replay-attacks te voorkomen.
$replyToPart = substr($report['inreplyto'], 0, strpos($report['inreplyto'], '@'));
if (substr($report['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) {
$result->addError(_('Replay attack!?'));
}
# if
/*
* Make sure the random message we require in the system has not been
* used recently to prevent one calculated hashcash to be reused again
* and again
*/
if (!$spotReportDao->isReportMessageIdUnique($report['newmessageid'])) {
$result->addError(_('Replay attack!?'));
}
# if
# Make sure a newmessageid consists of a certain length
if (strlen($report['newmessageid']) < 10) {
$result->addError(_('MessageID too short!?'));
}
# if
/*
* Body is UTF-8 (we instruct the browser to do everything in UTF-*), but
* usenet wants its body in UTF-8.
*
* The database requires UTF8 again, so we keep seperate bodies for
* the database and for the system
*/
$dbReport = $report;
$report['body'] = utf8_decode($report['body']);
$report['title'] = 'REPORT <' . $report['inreplyto'] . '> ' . $fullSpot['title'];
# en post daadwerkelijk de report
if ($result->isSuccess()) {
$this->_nntp_post->reportSpotAsSpam($user, $this->_settings->get('privatekey'), $this->_settings->get('report_group'), $report);
$spotReportDao->addPostedReport($user['userid'], $dbReport);
}
# if
return $result;
}
* If this page is rendered without an result variable
* available, just create one ourselves.
*/
if (!isset($result)) {
$result = new Dto_FormResult('notsubmitted');
}
# if
if (isset($lastformaction) && $lastformaction == 'exportfilters') {
$this->sendContentTypeHeader('xml');
Header('Content-Disposition: attachment; filename="spotwebfilters.xml"');
echo $result->getData('filters');
return;
}
# if
if (isset($lastformaction) && $lastformaction == 'importfilters') {
if ($result->isSuccess()) {
$tplHelper->redirect($http_referer);
}
# if
}
# if
/*
* Render the JSON or the form
*/
if (showResults($result)) {
return;
}
# if
/*
* Retrieve a list of icons available
*/
function render()
{
# Make sure the result is set to 'not comited' per default
$result = new Dto_FormResult('notsubmitted');
# Validate proper permissions
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_spot, '');
# Sportparser is nodig voor het escapen van de random string
$spotParseUtil = new Services_Format_Util();
# we need the spotuser system
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
/*
* Create a default form so we can be sure to always be able
* to render the form without notices or whatever
*/
$spot = array('title' => '', 'body' => '', 'category' => 0, 'subcata' => '', 'subcatb' => array(), 'subcatc' => array(), 'subcatd' => array(), 'subcatz' => '', 'tag' => '', 'website' => '', 'newmessageid' => '', 'randomstr' => '');
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_spotForm['action'];
# set the page title
$this->_pageTitle = "spot: post";
# Make sure all variables are merged with the default form
$spot = array_merge($spot, $this->_spotForm);
# If user tried to submit, validate the file uploads
$nzbFilename = '';
$imgFilename = '';
if ($formAction == 'post') {
$result->setResult('success');
# Make sure an NZB file was provided
$uploadHandler = new Services_Providers_FileUpload('newspotform', 'nzbfile');
if (!$uploadHandler->isUploaded()) {
$result->addError(_('Please select NZB file'));
} elseif (!$uploadHandler->success()) {
$result->addError(_('Invalid NZB file') . ' (' . $uploadHandler->errorText() . ')');
} else {
$nzbFilename = $uploadHandler->getTempName();
}
# if
# Make sure an picture was provided
$uploadHandler = new Services_Providers_FileUpload('newspotform', 'imagefile');
if (!$uploadHandler->isUploaded()) {
$result->addError(_('Please select a picture'));
} elseif (!$uploadHandler->success()) {
$result->addError(_('Invalid picture') . ' (' . $uploadHandler->errorText() . ')');
} else {
$imgFilename = $uploadHandler->getTempName();
}
# if
}
# if
if ($formAction == 'post' && $result->isSuccess()) {
# Initialize notificatiesystem
$spotsNotifications = new SpotNotifications($this->_daoFactory, $this->_settings, $this->_currentSession);
# Make sure we can post this spot, if so, make it happen
$svcPostSpot = new Services_Posting_Spot($this->_daoFactory, $this->_settings);
$result = $svcPostSpot->postSpot($svcUserRecord, $this->_currentSession['user'], $spot, $imgFilename, $nzbFilename);
if ($result->isSuccess()) {
$result->addData('user', $this->_currentSession['user']['username']);
$result->addData('spotterid', $spotParseUtil->calculateSpotterId($this->_currentSession['user']['publickey']['modulo']));
# en send a notification
$spotsNotifications->sendSpotPosted($spot);
}
# if
}
# if
#- display stuff -#
$this->template('newspot', array('postspotform' => $spot, 'result' => $result));
}
public function postComment(Services_User_Record $svcUserRecord, array $user, array $comment)
{
$result = new Dto_FormResult();
$commentDao = $this->_daoFactory->getCommentDao();
# Make sure the anonymous user and reserved usernames cannot post content
if (!$svcUserRecord->allowedToPost($user)) {
$result->addError(_("You need to login to be able to post comments"));
}
# if
# Retrieve the users' private key
$user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']);
/*
* We'll get the messageid's with <>'s but we always strip
* them in Spotweb, so remove them
*/
$comment['newmessageid'] = substr($comment['newmessageid'], 1, -1);
# we won't bother when the hashcash is not properly calculcated
if (substr(sha1('<' . $comment['newmessageid'] . '>'), 0, 4) != '0000') {
$result->addError(_('Hash was not calculated properly'));
}
# if
# Body cannot be either empty or very short
$comment['body'] = trim($comment['body']);
if (strlen($comment['body']) < 2) {
$result->addError(_('Please enter a comment'));
}
# if
if (strlen($comment['body']) > 1024 * 10) {
$result->addError(_('Comment is too long'));
}
# if
# Rating must be within range
if ($comment['rating'] > 10 || $comment['rating'] < 0) {
$result->addError(_('Invalid rating'));
}
# if
/*
* The "newmessageid" is based upon the messageid we are replying to,
* this is to make sure a user cannot reuse an calculated hashcash
* for an spam attack on different posts
*/
$replyToPart = substr($comment['inreplyto'], 0, strpos($comment['inreplyto'], '@'));
if (substr($comment['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) {
$result->addError(_('Replay attack!?'));
}
# if
/*
* Make sure the random message we require in the system has not been
* used recently to prevent one calculated hashcash to be reused again
* and again
*/
if (!$commentDao->isCommentMessageIdUnique($comment['newmessageid'])) {
$result->addError(_('Replay attack!?'));
}
# if
# Make sure a newmessageid contains a certain length
if (strlen($comment['newmessageid']) < 10) {
$result->addError(_('MessageID too short!?'));
}
# if
# Retrieve the spot to which we are commenting
$svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory->getSpotDao(), $this->_nntp_hdr);
$fullSpot = $svcProvFullSpot->fetchFullSpot($comment['inreplyto'], $user['userid']);
# Add the title as a comment property
$comment['title'] = 'Re: ' . $fullSpot['title'];
/*
* Body is UTF-8 (we instruct the browser to do everything in UTF-8), but
* usenet wants its body in iso-8859-1.
*
* The database requires UTF8 again, so we keep seperate bodies for
* the database and for the system
*/
$dbComment = $comment;
$comment['body'] = utf8_decode($comment['body']);
# and actually post the comment
if ($result->isSuccess()) {
try {
$this->_nntp_post->postComment($user, $this->_settings->get('privatekey'), $this->_settings->get('comment_group'), $comment);
$commentDao->addPostedComment($user['userid'], $dbComment);
} catch (Exception $x) {
$result->addError($x->getMessage());
}
# catch
}
# if
return $result;
}
function changeAvatar($userId, $imageString)
{
$result = new Dto_FormResult();
/*
* Don't allow images larger than 4000 bytes
*/
if (strlen($imageString) > 4000) {
$result->addError(_('An avatar image has a maximum of 4000 bytes'));
}
# if
/*
* Make sure the image can be read, and stuff
*/
$svc_ImageUtil = new Services_Image_Util();
$dimensions = $svc_ImageUtil->getImageDimensions($imageString);
if ($dimensions === false) {
$result->addError(_('Invalid avatar image was supplied'));
}
# if
/*
* If the user supplied an BMP file, convert it to a
* JPEG file
*/
if ($dimensions['isbmp']) {
$svc_ImageBmpConverter = new Services_Image_BmpConverter();
$imageString = $svc_ImageBmpConverter->convertBmpImageStringToJpeg($imageString, $dimensions);
}
# if
if ($result->isSuccess()) {
/*
* We store the images base64 encoded
*/
$imageString = base64_encode($imageString);
/*
* and update the database
*/
$this->_userDao->setUserAvatar($userId, $imageString);
}
# if
return $result;
}
