public function postSpamReport(Services_User_Record $svcUserRecord, array $user, array $report) { $result = new Dto_FormResult(); $spotReportDao = $this->_daoFactory->getSpotReportDao(); # Make sure the anonymous user and reserved usernames cannot post content if (!$svcUserRecord->allowedToPost($user)) { $result->addError(_("You need to login to be able to report spam")); } # if # Retrieve the users' private key $user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']); # Make sure no spam report has already been posted by this user to prevent flooding if ($spotReportDao->isReportPlaced($report['inreplyto'], $user['userid'])) { $result->addError(_('This spot has already been reported')); } # if /* * We'll get the messageid's with <>'s but we always strip * them in Spotweb, so remove them */ $report['newmessageid'] = substr($report['newmessageid'], 1, -1); # retrieve the spot this is a report of $svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory, $this->_nntp_hdr); $fullSpot = $svcProvFullSpot->fetchFullSpot($report['inreplyto'], $user['userid']); # we won't bother when the hashcash is not properly calculcated if (substr(sha1('<' . $report['newmessageid'] . '>'), 0, 4) != '0000') { $result->addError(_('Hash was not calculated properly')); } # if # Body cannot be empty or very short $report['body'] = trim($report['body']); if (strlen($report['body']) < 2) { $result->addError(_('Please provide a reason why this Spot should be reported')); } # if # controleer dat de messageid waarop we replyen overeenkomt # met het newMessageid om replay-attacks te voorkomen. $replyToPart = substr($report['inreplyto'], 0, strpos($report['inreplyto'], '@')); if (substr($report['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) { $result->addError(_('Replay attack!?')); } # if /* * Make sure the random message we require in the system has not been * used recently to prevent one calculated hashcash to be reused again * and again */ if (!$spotReportDao->isReportMessageIdUnique($report['newmessageid'])) { $result->addError(_('Replay attack!?')); } # if # Make sure a newmessageid consists of a certain length if (strlen($report['newmessageid']) < 10) { $result->addError(_('MessageID too short!?')); } # if /* * Body is UTF-8 (we instruct the browser to do everything in UTF-*), but * usenet wants its body in UTF-8. * * The database requires UTF8 again, so we keep seperate bodies for * the database and for the system */ $dbReport = $report; $report['body'] = utf8_decode($report['body']); $report['title'] = 'REPORT <' . $report['inreplyto'] . '> ' . $fullSpot['title']; # en post daadwerkelijk de report if ($result->isSuccess()) { $this->_nntp_post->reportSpotAsSpam($user, $this->_settings->get('privatekey'), $this->_settings->get('report_group'), $report); $spotReportDao->addPostedReport($user['userid'], $dbReport); } # if return $result; }
* If this page is rendered without an result variable * available, just create one ourselves. */ if (!isset($result)) { $result = new Dto_FormResult('notsubmitted'); } # if if (isset($lastformaction) && $lastformaction == 'exportfilters') { $this->sendContentTypeHeader('xml'); Header('Content-Disposition: attachment; filename="spotwebfilters.xml"'); echo $result->getData('filters'); return; } # if if (isset($lastformaction) && $lastformaction == 'importfilters') { if ($result->isSuccess()) { $tplHelper->redirect($http_referer); } # if } # if /* * Render the JSON or the form */ if (showResults($result)) { return; } # if /* * Retrieve a list of icons available */
function render() { # Make sure the result is set to 'not comited' per default $result = new Dto_FormResult('notsubmitted'); # Validate proper permissions $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_spot, ''); # Sportparser is nodig voor het escapen van de random string $spotParseUtil = new Services_Format_Util(); # we need the spotuser system $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); /* * Create a default form so we can be sure to always be able * to render the form without notices or whatever */ $spot = array('title' => '', 'body' => '', 'category' => 0, 'subcata' => '', 'subcatb' => array(), 'subcatc' => array(), 'subcatd' => array(), 'subcatz' => '', 'tag' => '', 'website' => '', 'newmessageid' => '', 'randomstr' => ''); /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_spotForm['action']; # set the page title $this->_pageTitle = "spot: post"; # Make sure all variables are merged with the default form $spot = array_merge($spot, $this->_spotForm); # If user tried to submit, validate the file uploads $nzbFilename = ''; $imgFilename = ''; if ($formAction == 'post') { $result->setResult('success'); # Make sure an NZB file was provided $uploadHandler = new Services_Providers_FileUpload('newspotform', 'nzbfile'); if (!$uploadHandler->isUploaded()) { $result->addError(_('Please select NZB file')); } elseif (!$uploadHandler->success()) { $result->addError(_('Invalid NZB file') . ' (' . $uploadHandler->errorText() . ')'); } else { $nzbFilename = $uploadHandler->getTempName(); } # if # Make sure an picture was provided $uploadHandler = new Services_Providers_FileUpload('newspotform', 'imagefile'); if (!$uploadHandler->isUploaded()) { $result->addError(_('Please select a picture')); } elseif (!$uploadHandler->success()) { $result->addError(_('Invalid picture') . ' (' . $uploadHandler->errorText() . ')'); } else { $imgFilename = $uploadHandler->getTempName(); } # if } # if if ($formAction == 'post' && $result->isSuccess()) { # Initialize notificatiesystem $spotsNotifications = new SpotNotifications($this->_daoFactory, $this->_settings, $this->_currentSession); # Make sure we can post this spot, if so, make it happen $svcPostSpot = new Services_Posting_Spot($this->_daoFactory, $this->_settings); $result = $svcPostSpot->postSpot($svcUserRecord, $this->_currentSession['user'], $spot, $imgFilename, $nzbFilename); if ($result->isSuccess()) { $result->addData('user', $this->_currentSession['user']['username']); $result->addData('spotterid', $spotParseUtil->calculateSpotterId($this->_currentSession['user']['publickey']['modulo'])); # en send a notification $spotsNotifications->sendSpotPosted($spot); } # if } # if #- display stuff -# $this->template('newspot', array('postspotform' => $spot, 'result' => $result)); }
public function postComment(Services_User_Record $svcUserRecord, array $user, array $comment) { $result = new Dto_FormResult(); $commentDao = $this->_daoFactory->getCommentDao(); # Make sure the anonymous user and reserved usernames cannot post content if (!$svcUserRecord->allowedToPost($user)) { $result->addError(_("You need to login to be able to post comments")); } # if # Retrieve the users' private key $user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']); /* * We'll get the messageid's with <>'s but we always strip * them in Spotweb, so remove them */ $comment['newmessageid'] = substr($comment['newmessageid'], 1, -1); # we won't bother when the hashcash is not properly calculcated if (substr(sha1('<' . $comment['newmessageid'] . '>'), 0, 4) != '0000') { $result->addError(_('Hash was not calculated properly')); } # if # Body cannot be either empty or very short $comment['body'] = trim($comment['body']); if (strlen($comment['body']) < 2) { $result->addError(_('Please enter a comment')); } # if if (strlen($comment['body']) > 1024 * 10) { $result->addError(_('Comment is too long')); } # if # Rating must be within range if ($comment['rating'] > 10 || $comment['rating'] < 0) { $result->addError(_('Invalid rating')); } # if /* * The "newmessageid" is based upon the messageid we are replying to, * this is to make sure a user cannot reuse an calculated hashcash * for an spam attack on different posts */ $replyToPart = substr($comment['inreplyto'], 0, strpos($comment['inreplyto'], '@')); if (substr($comment['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) { $result->addError(_('Replay attack!?')); } # if /* * Make sure the random message we require in the system has not been * used recently to prevent one calculated hashcash to be reused again * and again */ if (!$commentDao->isCommentMessageIdUnique($comment['newmessageid'])) { $result->addError(_('Replay attack!?')); } # if # Make sure a newmessageid contains a certain length if (strlen($comment['newmessageid']) < 10) { $result->addError(_('MessageID too short!?')); } # if # Retrieve the spot to which we are commenting $svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory->getSpotDao(), $this->_nntp_hdr); $fullSpot = $svcProvFullSpot->fetchFullSpot($comment['inreplyto'], $user['userid']); # Add the title as a comment property $comment['title'] = 'Re: ' . $fullSpot['title']; /* * Body is UTF-8 (we instruct the browser to do everything in UTF-8), but * usenet wants its body in iso-8859-1. * * The database requires UTF8 again, so we keep seperate bodies for * the database and for the system */ $dbComment = $comment; $comment['body'] = utf8_decode($comment['body']); # and actually post the comment if ($result->isSuccess()) { try { $this->_nntp_post->postComment($user, $this->_settings->get('privatekey'), $this->_settings->get('comment_group'), $comment); $commentDao->addPostedComment($user['userid'], $dbComment); } catch (Exception $x) { $result->addError($x->getMessage()); } # catch } # if return $result; }
function changeAvatar($userId, $imageString) { $result = new Dto_FormResult(); /* * Don't allow images larger than 4000 bytes */ if (strlen($imageString) > 4000) { $result->addError(_('An avatar image has a maximum of 4000 bytes')); } # if /* * Make sure the image can be read, and stuff */ $svc_ImageUtil = new Services_Image_Util(); $dimensions = $svc_ImageUtil->getImageDimensions($imageString); if ($dimensions === false) { $result->addError(_('Invalid avatar image was supplied')); } # if /* * If the user supplied an BMP file, convert it to a * JPEG file */ if ($dimensions['isbmp']) { $svc_ImageBmpConverter = new Services_Image_BmpConverter(); $imageString = $svc_ImageBmpConverter->convertBmpImageStringToJpeg($imageString, $dimensions); } # if if ($result->isSuccess()) { /* * We store the images base64 encoded */ $imageString = base64_encode($imageString); /* * and update the database */ $this->_userDao->setUserAvatar($userId, $imageString); } # if return $result; }