function render()
{
$result = new Dto_FormResult('notsubmitted');
# check the users' permissions
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_view_spotdetail, '');
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_spotdetail, '');
# and actually retrieve the spot
$fullSpot = '';
try {
$svcActn_GetSpot = new Services_Actions_GetSpot($this->_settings, $this->_daoFactory, $this->_spotSec);
$fullSpot = $svcActn_GetSpot->getFullSpot($this->_currentSession, $this->_messageId, true);
$fullSpot = str_replace("[br]", "\n", $fullSpot);
} catch (Exception $ex) {
$result->addError($ex->getMessage());
}
# catch
# and create a nice and shiny page title
$this->_pageTitle = "spot: edit spot";
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_spotForm['action'];
# Only perform certain validations when the form is actually submitted
if (!empty($formAction)) {
switch ($formAction) {
case 'delete':
# check permissions
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_spot, '');
# assume success
$result->setResult('success');
# remove the spot from the database
$svcSpotEditor = new Services_Posting_Editor($this->_daoFactory, $this->_currentSession);
$svcSpotEditor->deleteSpot($this->_messageId);
break;
# case 'delete'
# case 'delete'
case 'edit':
# create a fullspot xml from the data entered by the user and the original fullspot
$svcSpotEditor = new Services_Posting_Editor($this->_daoFactory, $this->_currentSession);
$result = $svcSpotEditor->updateSpotXml($fullSpot, $this->_spotForm);
if ($result->isSuccess()) {
# update the spot in the database
$svcSpotEditor->updateSpot($this->_messageId, $result->getData('spotxml'));
}
# if
break;
# case 'edit'
}
# switch
}
# if
#- display stuff -#
$this->template('editspot', array('editspotform' => $fullSpot, 'result' => $result));
}
function renderResultMessagesHtml(Dto_FormResult $result)
{
echo PHP_EOL . '<ul class="formerrors">' . PHP_EOL;
foreach ($result->getErrors() as $formError) {
echo " <li>" . $formError . "</li>" . PHP_EOL;
}
# foreach
echo '</ul>' . PHP_EOL;
echo PHP_EOL . '<ul class="forminformation">' . PHP_EOL;
foreach ($result->getInfo() as $formInfo) {
echo " <li>" . $formInfo . "</li>" . PHP_EOL;
}
# foreach
echo '</ul>' . PHP_EOL;
}
public function updateSpotXml($fullSpot, $updatesToApply)
{
$result = new Dto_FormResult();
/*
* before we merge we first want to clean the form from the stuff
* we don't want to merge with the original spot
*/
$spot = $this->cleanseUpdates($updatesToApply);
/*
* subcat must be an array so let's make it an array if it is not,
* otherwise we get in trouble in the verifyCategories() method
*/
if (!is_array($spot['subcatb'])) {
$spot['subcatb'] = array();
}
if (!is_array($spot['subcatc'])) {
$spot['subcatc'] = array();
}
if (!is_array($spot['subcatd'])) {
$spot['subcatd'] = array();
}
# Verify several properties from the caller
$result->addData('spot', $spot);
$result = $this->_spotValidator->verifyTitle($result);
$result = $this->_spotValidator->verifyBody($result);
$result = $this->_spotValidator->verifyCategories($result);
$result = $this->_spotValidator->verifyWebsite($result);
$result = $this->_spotValidator->verifyTag($result);
/*
* Retrieve the spot information from the result,
* and remove it again. We do not want to send the
* whole spot back to the caller
*/
$spot = $result->getData('spot');
$result->removeData('spot');
if ($result->isSuccess()) {
# We now merge the cleaned edit form into the original spot
$spot = array_merge($fullSpot, $spot);
$imageInfo = array('height' => $spot['image']['height'], 'width' => $spot['image']['width'], 'segments' => $spot['image']['segment']);
$nzbSegmentList = $spot['nzb'];
# Parse the updated spot to an XML structure
$spotCreator = new Services_Format_Creation();
$spotXml = $spotCreator->convertSpotToXml($spot, $imageInfo, $nzbSegmentList);
$result->addData('spotxml', $spotXml);
}
# if
return $result;
}
function render()
{
$result = new Dto_FormResult('notsubmitted');
# Check permissions
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_login, '');
/*
* Create a default SpotUser so the form is always able to render
* the values of the form
*/
$credentials = array('username' => '', 'password' => '');
# Instantiate the Spot user system
$svcUserAuth = new ServiceS_User_Authentication($this->_daoFactory, $this->_settings);
# set the page title
$this->_pageTitle = "spot: login";
# bring the form action into the local scope
$formAction = $this->_loginForm['action'];
# Are we already submitting the form login?
if (!empty($formAction)) {
# make sure we can simply assume all fields are there
$credentials = array_merge($credentials, $this->_loginForm);
$tryLogin = $svcUserAuth->authenticate($credentials['username'], $credentials['password']);
if (!$tryLogin) {
/* Create an audit event */
if ($this->_settings->get('auditlevel') != SpotSecurity::spot_secaudit_none) {
$spotAudit = new SpotAudit($this->_daoFactory, $this->_settings, $this->_currentSession['user'], $this->_currentSession['session']['ipaddr']);
$spotAudit->audit(SpotSecurity::spotsec_perform_login, 'incorrect user or pass', false);
}
# if
$result->addError(_('Invalid username or password'));
} else {
$result->setResult("success");
$this->_currentSession = $tryLogin;
}
# else
} else {
# When the user is already logged in, show this as a warning
if ($this->_currentSession['user']['userid'] != $this->_settings->get('nonauthenticated_userid')) {
$result->addError(_('You are already logged in'));
}
# if
}
# else
#- display stuff -#
$this->template('login', array('loginform' => $credentials, 'result' => $result, 'http_referer' => $this->_loginForm['http_referer'], 'data' => $this->_params['data']));
}
function render()
{
# Check users' permissions
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_blacklist_spotter, '');
# Make sure the editresult is set to 'not comitted' per default
$result = new Dto_FormResult('notsubmitted');
# Create the default blacklist information
$blackList = array('spotterid' => '', 'origin' => '');
# set the page title
$this->_pageTitle = "report: blacklist spotter";
/*
* bring the forms' action into the local scope for
* easier access
*/
if (isset($this->_blForm['action'])) {
$formAction = $this->_blForm['action'];
} else {
$formAction = '';
}
# else
# Instantiate the user system which does the actually heavy lifting
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
if (!empty($formAction) && !$result->isError()) {
$result->setResult('success');
# Make sure we have a complete blacklist information
$blackList = array_merge($blackList, $this->_blForm);
switch ($formAction) {
case 'addspotterid':
$result->mergeResult($svcUserRecord->addSpotterToList($this->_currentSession['user'], $blackList['spotterid'], $blackList['origin'], $blackList['idtype']));
break;
# case addspotterid
# case addspotterid
case 'removespotterid':
$result->mergeResult($svcUserRecord->removeSpotterFromList($this->_currentSession['user'], $blackList['spotterid']));
break;
# case removespotterid
}
# switch
}
# if
#- display stuff -#
$this->template('jsonresult', array('result' => $result));
}
function render()
{
# Check the users' basic rights
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_retrieve_nzb, '');
/*
* If the user has configured download integration, make sure the user has
* permission for this specific download integration
*/
if ($this->_action != 'display') {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_download_integration, $this->_action);
}
# if
/*
* Create the different NNTP components
*/
$svcBinSpotReading = new Services_Nntp_SpotReading(Services_Nntp_EnginePool::pool($this->_settings, 'bin'));
$svcTextSpotReading = new Services_Nntp_SpotReading(Services_Nntp_EnginePool::pool($this->_settings, 'hdr'));
$svcProvNzb = new Services_Providers_Nzb($this->_daoFactory->getCacheDao(), $svcBinSpotReading);
$svcProvSpot = new Services_Providers_FullSpot($this->_daoFactory, $svcTextSpotReading);
# We do not want NZB files to be cached on the client
$this->sendExpireHeaders(true);
try {
if ($this->_action == 'display') {
$this->sendContentTypeHeader("nzb");
}
# if
$svcActnNzb = new Services_Actions_DownloadNzb($this->_settings, $this->_daoFactory);
$svcActnNzb->handleNzbAction($this->_messageid, $this->_currentSession, $this->_action, $svcProvSpot, $svcProvNzb);
if ($this->_action != 'display') {
$this->sendContentTypeHeader("json");
$result = new Dto_FormResult('success');
$this->template('jsonresult', array('result' => $result));
}
# if
} catch (Exception $x) {
$this->sendContentTypeHeader("json");
$result = new Dto_FormResult('notsubmitted');
$result->addError($x->getMessage());
$this->template('jsonresult', array('result' => $result));
}
# catch
}
function render()
{
$result = new Dto_FormResult('notsubmitted');
# Check users' permissions
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_logout, '');
# Instanatiate the spotweb user system
$svcUserAuth = new Services_User_Authentication($this->_daoFactory, $this->_settings);
# make sure the logout isn't cached
$this->sendExpireHeaders(true);
# send the appropriate content-type header
$this->sendContentTypeHeader('json');
# and remove the users' session if the user isn't the anonymous one
if ($svcUserAuth->removeSession($this->_currentSession)) {
$result->setResult('success');
} else {
$result->addError(_('Unable to remove session'));
}
# else
$this->template('jsonresult', array('result' => $result));
}
public function postSpamReport(Services_User_Record $svcUserRecord, array $user, array $report)
{
$result = new Dto_FormResult();
$spotReportDao = $this->_daoFactory->getSpotReportDao();
# Make sure the anonymous user and reserved usernames cannot post content
if (!$svcUserRecord->allowedToPost($user)) {
$result->addError(_("You need to login to be able to report spam"));
}
# if
# Retrieve the users' private key
$user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']);
# Make sure no spam report has already been posted by this user to prevent flooding
if ($spotReportDao->isReportPlaced($report['inreplyto'], $user['userid'])) {
$result->addError(_('This spot has already been reported'));
}
# if
/*
* We'll get the messageid's with <>'s but we always strip
* them in Spotweb, so remove them
*/
$report['newmessageid'] = substr($report['newmessageid'], 1, -1);
# retrieve the spot this is a report of
$svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory, $this->_nntp_hdr);
$fullSpot = $svcProvFullSpot->fetchFullSpot($report['inreplyto'], $user['userid']);
# we won't bother when the hashcash is not properly calculcated
if (substr(sha1('<' . $report['newmessageid'] . '>'), 0, 4) != '0000') {
$result->addError(_('Hash was not calculated properly'));
}
# if
# Body cannot be empty or very short
$report['body'] = trim($report['body']);
if (strlen($report['body']) < 2) {
$result->addError(_('Please provide a reason why this Spot should be reported'));
}
# if
# controleer dat de messageid waarop we replyen overeenkomt
# met het newMessageid om replay-attacks te voorkomen.
$replyToPart = substr($report['inreplyto'], 0, strpos($report['inreplyto'], '@'));
if (substr($report['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) {
$result->addError(_('Replay attack!?'));
}
# if
/*
* Make sure the random message we require in the system has not been
* used recently to prevent one calculated hashcash to be reused again
* and again
*/
if (!$spotReportDao->isReportMessageIdUnique($report['newmessageid'])) {
$result->addError(_('Replay attack!?'));
}
# if
# Make sure a newmessageid consists of a certain length
if (strlen($report['newmessageid']) < 10) {
$result->addError(_('MessageID too short!?'));
}
# if
/*
* Body is UTF-8 (we instruct the browser to do everything in UTF-*), but
* usenet wants its body in UTF-8.
*
* The database requires UTF8 again, so we keep seperate bodies for
* the database and for the system
*/
$dbReport = $report;
$report['body'] = utf8_decode($report['body']);
$report['title'] = 'REPORT <' . $report['inreplyto'] . '> ' . $fullSpot['title'];
# en post daadwerkelijk de report
if ($result->isSuccess()) {
$this->_nntp_post->reportSpotAsSpam($user, $this->_settings->get('privatekey'), $this->_settings->get('report_group'), $report);
$spotReportDao->addPostedReport($user['userid'], $dbReport);
}
# if
return $result;
}
<?php
include "includes/form-messages.inc.php";
/*
* If this page is rendered without an result variable
* available, just create one ourselves.
*/
if (!isset($result)) {
$result = new Dto_FormResult('notsubmitted');
}
# if
if (isset($lastformaction) && $lastformaction == 'exportfilters') {
$this->sendContentTypeHeader('xml');
Header('Content-Disposition: attachment; filename="spotwebfilters.xml"');
echo $result->getData('filters');
return;
}
# if
if (isset($lastformaction) && $lastformaction == 'importfilters') {
if ($result->isSuccess()) {
$tplHelper->redirect($http_referer);
}
# if
}
# if
/*
* Render the JSON or the form
*/
if (showResults($result)) {
return;
}
function validateUserEmailExists($user)
{
$result = new Dto_FormResult();
if ($user['mail'] == '*****@*****.**' || $user['mail'] == '*****@*****.**') {
$result->addError(_('Mailaddress is already in use'));
}
# if
return $result;
}
public function postComment(Services_User_Record $svcUserRecord, array $user, array $comment)
{
$result = new Dto_FormResult();
$commentDao = $this->_daoFactory->getCommentDao();
# Make sure the anonymous user and reserved usernames cannot post content
if (!$svcUserRecord->allowedToPost($user)) {
$result->addError(_("You need to login to be able to post comments"));
}
# if
# Retrieve the users' private key
$user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']);
/*
* We'll get the messageid's with <>'s but we always strip
* them in Spotweb, so remove them
*/
$comment['newmessageid'] = substr($comment['newmessageid'], 1, -1);
# we won't bother when the hashcash is not properly calculcated
if (substr(sha1('<' . $comment['newmessageid'] . '>'), 0, 4) != '0000') {
$result->addError(_('Hash was not calculated properly'));
}
# if
# Body cannot be either empty or very short
$comment['body'] = trim($comment['body']);
if (strlen($comment['body']) < 2) {
$result->addError(_('Please enter a comment'));
}
# if
if (strlen($comment['body']) > 1024 * 10) {
$result->addError(_('Comment is too long'));
}
# if
# Rating must be within range
if ($comment['rating'] > 10 || $comment['rating'] < 0) {
$result->addError(_('Invalid rating'));
}
# if
/*
* The "newmessageid" is based upon the messageid we are replying to,
* this is to make sure a user cannot reuse an calculated hashcash
* for an spam attack on different posts
*/
$replyToPart = substr($comment['inreplyto'], 0, strpos($comment['inreplyto'], '@'));
if (substr($comment['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) {
$result->addError(_('Replay attack!?'));
}
# if
/*
* Make sure the random message we require in the system has not been
* used recently to prevent one calculated hashcash to be reused again
* and again
*/
if (!$commentDao->isCommentMessageIdUnique($comment['newmessageid'])) {
$result->addError(_('Replay attack!?'));
}
# if
# Make sure a newmessageid contains a certain length
if (strlen($comment['newmessageid']) < 10) {
$result->addError(_('MessageID too short!?'));
}
# if
# Retrieve the spot to which we are commenting
$svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory->getSpotDao(), $this->_nntp_hdr);
$fullSpot = $svcProvFullSpot->fetchFullSpot($comment['inreplyto'], $user['userid']);
# Add the title as a comment property
$comment['title'] = 'Re: ' . $fullSpot['title'];
/*
* Body is UTF-8 (we instruct the browser to do everything in UTF-8), but
* usenet wants its body in iso-8859-1.
*
* The database requires UTF8 again, so we keep seperate bodies for
* the database and for the system
*/
$dbComment = $comment;
$comment['body'] = utf8_decode($comment['body']);
# and actually post the comment
if ($result->isSuccess()) {
try {
$this->_nntp_post->postComment($user, $this->_settings->get('privatekey'), $this->_settings->get('comment_group'), $comment);
$commentDao->addPostedComment($user['userid'], $dbComment);
} catch (Exception $x) {
$result->addError($x->getMessage());
}
# catch
}
# if
return $result;
}
public function postSpot(Services_User_Record $svcUserRecord, array $user, array $spot, $imageFilename, $nzbFilename)
{
$result = new Dto_FormResult();
$spotDao = $this->_daoFactory->getSpotDao();
# Make sure the anonymous user and reserved usernames cannot post content
if (!$svcUserRecord->allowedToPost($user)) {
$result->addError(_("You need to login to be able to post spots"));
}
# if
# Retrieve the users' private key
$user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']);
$hdr_newsgroup = $this->_settings->get('hdr_group');
$bin_newsgroup = $this->_settings->get('nzb_group');
/*
* We'll get the messageid's with <>'s but we always strip
* them in Spotweb, so remove them
*/
$spot['newmessageid'] = substr($spot['newmessageid'], 1, -1);
/*
$hdr_newsgroup = 'alt.test';
$bin_newsgroup = 'alt.test';
*/
# If the hashcash doesn't match, we will never post it
if (substr(sha1('<' . $spot['newmessageid'] . '>'), 0, 4) != '0000') {
$result->addError(_('Hash was not calculated properly'));
}
# if
# Verify several properties from the caller
$result->addData('spot', $spot);
$result = $this->_spotValidator->verifyTitle($result);
$result = $this->_spotValidator->verifyBody($result);
$result = $this->_spotValidator->verifyCategories($result);
$result = $this->_spotValidator->verifyWebsite($result);
$result = $this->_spotValidator->verifyTag($result);
/*
* Retrieve the spot information from the result,
* and remove it again. We do not want to send the
* whole spot back to the caller
*/
$spot = $result->getData('spot');
$result->removeData('spot');
# Read the contents of image so we can check it
$imageContents = file_get_contents($imageFilename);
# the image should be below 1MB
if (strlen($imageContents) > 1024 * 1024) {
$result->addError(_('Uploaded image is too large (maximum 1MB)'));
}
# if
/*
* Get some image information, if it fails, this is an
* error as well
*/
$tmpGdImageSize = getimagesize($imageFilename);
if ($tmpGdImageSize === false) {
$result->addError(_('Uploaded image was not recognized as an image'));
} else {
$imageInfo = array('width' => $tmpGdImageSize[0], 'height' => $tmpGdImageSize[1]);
}
# if
/*
* Load the NZB file as an XML file so we can make sure
* it's a valid XML and NZB file and we can determine the
* filesize
*/
$nzbFileContents = file_get_contents($nzbFilename);
$nzbXml = simplexml_load_string($nzbFileContents);
# Do some basic sanity checking for some required NZB elements
if (empty($nzbXml->file)) {
$result->addError(_('Incorrect NZB file'));
}
# if
# and determine the total filesize
$spot['filesize'] = 0;
foreach ($nzbXml->file as $file) {
foreach ($file->segments->segment as $seg) {
$spot['filesize'] += (int) $seg['bytes'];
}
# foreach
}
# foreach
/*
* Make sure we didn't use this messageid recently or at all, this
* prevents people from not recalculating the hashcash in order to spam
* the system
*/
if (!$spotDao->isNewSpotMessageIdUnique($spot['newmessageid'])) {
$result->addError(_('Replay attack!?'));
}
# if
# Make sure a newmessageid contains a certain length
if (strlen($spot['newmessageid']) < 10) {
$result->addError(_('MessageID too short!?'));
}
# if
# We require the keyid 7 because it is selfsigned
$spot['key'] = 7;
# Poster's username
$spot['poster'] = $user['username'];
# actually post the spot
if ($result->isSuccess()) {
/*
* Retrieve the image information and post the image to
* the appropriate newsgroup so we have the messageid list of
* images
*/
$imgSegmentList = $this->_nntp_post->postBinaryMessage($user, $bin_newsgroup, $imageContents, '');
$imageInfo['segments'] = $imgSegmentList;
# Post the NZB file to the appropriate newsgroups
$nzbSegmentList = $this->_nntp_post->postBinaryMessage($user, $bin_newsgroup, gzdeflate($nzbFileContents), '');
# Convert the current Spotnet info, to an XML structure
$spotCreator = new Services_Format_Creation();
$spotXml = $spotCreator->convertSpotToXml($spot, $imageInfo, $nzbSegmentList);
$spot['spotxml'] = $spotXml;
# And actually post to the newsgroups
$this->_nntp_post->postFullSpot($user, $this->_settings->get('privatekey'), $hdr_newsgroup, $spot);
$spotDao->addPostedSpot($user['userid'], $spot, $spotXml);
}
# if
return $result;
}
function render()
{
$result = new Dto_FormResult('notsubmitted');
# check the users' permissions
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, '');
} else {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, '');
}
# if
# Instantiate the service userrecord object
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
# and create a nice and shiny page title
$this->_pageTitle = "spot: edit user";
# get the users' group membership
$spotUser = $svcUserRecord->getUser($this->_userIdToEdit);
$groupMembership = $svcUserRecord->getUserGroupMemberShip($this->_userIdToEdit);
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_editUserForm['action'];
# Only perform certain validations when the form is actually submitted
if (!empty($formAction)) {
switch ($formAction) {
case 'delete':
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, '');
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$result->addError('Cannot delete your own user');
} else {
$result = $svcUserRecord->removeUser($this->_userIdToEdit);
}
// removeUser
break;
# case delete
# case delete
case 'edit':
# Mangle the grouplisting we get from the form to an usable format for the system
$groupList = array();
if (isset($this->_editUserForm['grouplist'])) {
foreach ($this->_editUserForm['grouplist'] as $val) {
if ($val != 'dummy') {
$groupList[] = array('groupid' => $val, 'prio' => count($groupList));
}
# if
}
# foreach
}
# if
$this->_editUserForm['userid'] = $this->_userIdToEdit;
$result = $svcUserRecord->updateUserRecord($this->_editUserForm, $groupList, $this->_spotSec->allowed(SpotSecurity::spotsec_edit_groupmembership, ''));
break;
# case 'edit'
# case 'edit'
case 'removeallsessions':
$svcUserAuth = new Services_User_Authentication($this->_daoFactory, $this->_settings);
$result = $svcUserAuth->removeAllUserSessions($spotUser['userid']);
break;
# case 'removeallsessions'
# case 'removeallsessions'
case 'resetuserapi':
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, '');
$result = $svcUserRecord->resetUserApi($spotUser);
break;
# case resetuserapi
}
# switch
}
# if
#- display stuff -#
$this->template('edituser', array('edituserform' => $spotUser, 'result' => $result, 'groupMembership' => $groupMembership));
}
function validateSettings($settings)
{
$result = new Dto_FormResult();
# Define arrays with valid settings
$validNntpEnc = array(false, 'ssl', 'tls');
$validModerationAction = array('disable', 'act', 'markspot');
$validRetentionTypes = array('fullonly', 'everything');
# Get the given value for NNTP encryption
$settings['nntp_nzb']['enc'] = isset($settings['nntp_nzb']['enc']['switch']) ? $settings['nntp_nzb']['enc']['select'] : false;
$settings['nntp_hdr']['enc'] = isset($settings['nntp_hdr']['enc']['switch']) ? $settings['nntp_hdr']['enc']['select'] : false;
$settings['nntp_post']['enc'] = isset($settings['nntp_post']['enc']['switch']) ? $settings['nntp_post']['enc']['select'] : false;
# Trim human-entered text fields
$settings['nntp_nzb']['host'] = trim($settings['nntp_nzb']['host']);
$settings['nntp_hdr']['host'] = trim($settings['nntp_hdr']['host']);
$settings['nntp_post']['host'] = trim($settings['nntp_post']['host']);
# Verify settings with the previous declared arrays
if (in_array($settings['nntp_nzb']['enc'], $validNntpEnc) === false || in_array($settings['nntp_hdr']['enc'], $validNntpEnc) === false || in_array($settings['nntp_post']['enc'], $validNntpEnc) === false) {
$result->addError(_('Invalid encryption setting'));
}
# if
if (in_array($settings['spot_moderation'], $validModerationAction) === false) {
$result->addError(_('Invalid spot moderation setting'));
}
# if
if (in_array($settings['retentiontype'], $validRetentionTypes) === false) {
$result->addError(_('Invalid spot retentiontype setting'));
}
# if
# Verify settings
$settings['cookie_expires'] = (int) $settings['cookie_expires'];
if ($settings['cookie_expires'] < 0) {
$result->addError(_('Invalid cookie_expires setting'));
}
# if
$settings['retention'] = (int) $settings['retention'];
if ($settings['retention'] < 0) {
$result->addError(_('Invalid retention setting'));
}
# if
$settings['retrieve_newer_than'] = strtotime($settings['retrieve_newer_than']);
if ($settings['retrieve_newer_than'] === false || $settings['retrieve_newer_than'] > time()) {
$result->addError(_('Invalid retrieve_newer_than setting'));
} elseif ($settings['retrieve_newer_than'] < 1230789600) {
/* We don't allow settings earlier than january 1st 2009 */
$settings['retrieve_newer_than'] = 1230789600;
}
# elseif
$settings['retrieve_increment'] = (int) $settings['retrieve_increment'];
if ($settings['retrieve_increment'] < 1) {
$result->addError(_('Invalid retrieve_increment setting'));
}
# if
# check the mailaddress
if (!filter_var($settings['systemfrommail'], FILTER_VALIDATE_EMAIL)) {
$result->addError(_('Not a valid email address'));
}
# if
# We don't want to save megabyts of CSS, so put a limit to the size
if (strlen($settings['customcss'] > 1024 * 10)) {
$result->addError(_('Custom CSS is too large'));
}
# if
# Convert other settings (usually checkboxes) to be simply boolean settings
$settings['deny_robots'] = isset($settings['deny_robots']) ? true : false;
$settings['sendwelcomemail'] = isset($settings['sendwelcomemail']) ? true : false;
$settings['nntp_nzb']['buggy'] = isset($settings['nntp_nzb']['buggy']) ? true : false;
$settings['nntp_hdr']['buggy'] = isset($settings['nntp_hdr']['buggy']) ? true : false;
$settings['nntp_post']['buggy'] = isset($settings['nntp_post']['buggy']) ? true : false;
$settings['retrieve_full'] = isset($settings['retrieve_full']) ? true : false;
$settings['prefetch_image'] = isset($settings['prefetch_image']) ? true : false;
$settings['prefetch_nzb'] = isset($settings['prefetch_nzb']) ? true : false;
$settings['retrieve_comments'] = isset($settings['retrieve_comments']) ? true : false;
$settings['retrieve_full_comments'] = isset($settings['retrieve_full_comments']) ? true : false;
$settings['retrieve_reports'] = isset($settings['retrieve_reports']) ? true : false;
$settings['enable_timing'] = isset($settings['enable_timing']) ? true : false;
$settings['enable_stacktrace'] = isset($settings['enable_stacktrace']) ? true : false;
$settings['prepare_statistics'] = isset($settings['prepare_statistics']) ? true : false;
$settings['external_blacklist'] = isset($settings['external_blacklist']) ? true : false;
$settings['external_whitelist'] = isset($settings['external_whitelist']) ? true : false;
$settings['imageover_subcats'] = isset($settings['imageover_subcats']) ? true : false;
# Default server settings if they won't be used
if (!isset($settings['nntp_hdr']['use'])) {
$settings['nntp_hdr'] = array('host' => '', 'user' => '', 'pass' => '', 'enc' => false, 'port' => 119, 'buggy' => false);
}
# if
if (!isset($settings['nntp_post']['use'])) {
$settings['nntp_post'] = array('host' => '', 'user' => '', 'pass' => '', 'enc' => false, 'port' => 119, 'buggy' => false);
}
# if
/*
* Remove dummy preferences
*/
unset($settings['nntp_hdr']['use'], $settings['nntp_post']['use']);
/*
* We want to pass the updated settings back to the caller because
* we fixed several stuff.
*/
$result->addData('settings', $settings);
return $result;
}
function render()
{
# Make sure the result is set to 'not submitted' per default
$result = new Dto_FormResult('notsubmitted');
# Validate proper permissions
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, '');
} else {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, '');
}
# if
# Instantiate the user system as necessary for the management of user preferences
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
# set the page title
$this->_pageTitle = "spot: edit user preferences";
# retrieve the to-edit user
$spotUser = $svcUserRecord->getUser($this->_userIdToEdit);
if ($spotUser === false) {
$result->addError(sprintf(_('User %d can not be found'), $this->_userIdToEdit));
}
# if
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_editUserPrefsForm['action'];
/*
* Check to see if a file was uploaded, if so, handle any associated errors
*/
$avatarFileName = '';
if ($formAction == 'edit') {
$uploadHandler = new Services_Providers_FileUpload('edituserprefsform', 'avatar');
if ($uploadHandler->isUploaded()) {
if (!$uploadHandler->success()) {
$result->addError(_('Unable to update avatar') . '(' . $uploadHandler->errorText() . ')');
} else {
$avatarFileName = $uploadHandler->getTempName();
}
# else
}
# if
}
# if
# Are we trying to submit this form, or only rendering it?
if (!empty($formAction) && !$result->isError()) {
switch ($formAction) {
case 'edit':
$svcActn_EditUserPrefs = new Services_Actions_EditUserPrefs($this->_daoFactory, $this->_settings, $this->_spotSec);
$result = $svcActn_EditUserPrefs->editUserPref($this->_editUserPrefsForm, $this->_tplHelper->getTemplatePreferences(), $spotUser, $avatarFileName);
break;
# case 'edit'
# case 'edit'
case 'cancel':
$result->setResult('success');
# case 'cancel'
}
# switch
}
# if
#- display stuff -#
$this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'spotuser' => $spotUser, 'dialogembedded' => $this->_dialogembedded, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'result' => $result));
}
public function xmlToFilters($xmlStr)
{
$filterList = array();
/*
* Parse the XML file
*/
$xml = @new SimpleXMLElement($xmlStr);
# We can only parse version 1.0 of the filters
if ((string) $xml->version != '1.0') {
return $filterList;
}
# if
# and try to process all of the filters
foreach ($xml->xpath('/spotwebfilter/filters/filter') as $filterItem) {
$filter['id'] = (string) $filterItem->id;
$filter['title'] = (string) $filterItem->title;
$filter['icon'] = (string) $filterItem->icon;
$filter['tparent'] = (string) $filterItem->parent;
$filter['torder'] = (string) $filterItem->order;
$filter['filtertype'] = 'filter';
$filter['sorton'] = '';
$filter['sortorder'] = '';
$filter['tree'] = '';
$filter['enablenotify'] = (string) $filterItem->enablenotify;
$filter['children'] = array();
/*
* start with the tree items
*/
$treeStr = "";
foreach ($filterItem->xpath('tree/item') as $treeItem) {
$treeType = (string) $treeItem->attributes()->type;
if ($treeType == 'exclude') {
$treeStr .= ',!' . $treeItem[0];
} elseif ($treeType == 'strongnot') {
$treeStr .= ',~' . $treeItem[0];
} elseif ($treeType == 'include') {
$treeStr .= ',' . $treeItem[0];
}
# if
}
# foreach
if (strlen($treeStr) > 1) {
$treeStr = substr($treeStr, 1);
}
# if
$filter['tree'] = $treeStr;
/*
* now parse the values (textsearches etc)
*/
$filterValues = array();
foreach ($filterItem->xpath('values/item') as $valueItem) {
$filterValues[] = urlencode((string) $valueItem->fieldname . ':' . (string) $valueItem->operator . ':' . (string) $valueItem->booloper . ':' . (string) $valueItem->value);
}
# foreach
$filter['valuelist'] = $filterValues;
/*
* Sorting elements are optional
*/
if ($filterItem->sort) {
$filter['sorton'] = (string) $filterItem->sort->item->fieldname;
$filter['sortorder'] = (string) $filterItem->sort->item->direction;
}
# if
$filterList[$filter['id']] = $filter;
}
# foreach
/*
* Now create a tree out of it. We cannot do this the same way
* as in SpotDb because we cannot create references to the XPATH
* function
*/
foreach ($filterList as $idx => &$filter) {
if ($filter['tparent'] != 0 && isset($filterList[$filter['tparent']])) {
$filterList[$filter['tparent']]['children'][] =& $filter;
}
# if
}
# foreach
/*
* we have to run it in two passes because unsetting it
* will result in an incorrect result on an nested-nested
* list
*/
foreach ($filterList as $idx => &$filter) {
if ($filter['tparent'] != 0 && isset($filterList[$filter['tparent']])) {
unset($filterList[$filter['id']]);
}
# if
}
# foreach
/*
* Create a new result object
*/
$result = new Dto_FormResult('success');
$result->addData('filters', $filterList);
return $result;
}
/**
* Make sure the correct categories are chosen
*
* @param Dto_FormResult $result
* @return Dto_FormResult
*/
public function verifyCategories(Dto_FormResult $result)
{
$spot = $result->getData('spot');
/* Make sure the category is valid
* We use array_key_exists() to allow for gaps in the category numbering. This is an intentional
* deviation from similar code used in Services_Posting_Spot.php
*/
if (!array_key_exists($spot['category'], SpotCategories::$_head_categories)) {
$result->addError(sprintf(_('Incorrect headcategory (%s)'), $spot['category']));
}
# if
# Make sure the subcategories are in the proper format
if (is_array($spot['subcata']) || is_array($spot['subcatz']) || !is_array($spot['subcatb']) || !is_array($spot['subcatc']) || !is_array($spot['subcatd'])) {
$result->addError(_('Invalid subcategories given'));
}
# if
# create a list of the chosen subcategories
$spot['subcatlist'] = array_merge(array($spot['subcata']), $spot['subcatb'], $spot['subcatc'], $spot['subcatd']);
/*
* Loop through all subcategories and check if they are valid in
* our list of subcategories
*/
$subCatSplitted = array('a' => array(), 'b' => array(), 'c' => array(), 'd' => array(), 'z' => array());
foreach ($spot['subcatlist'] as $subCat) {
$subcats = explode('_', $subCat);
# If not in our format
if (count($subcats) != 3) {
$result->addError(sprintf(_('Incorrect subcategories (%s)'), $subCat));
} else {
$subCatLetter = substr($subcats[2], 0, 1);
$subCatSplitted[$subCatLetter][] = $subCat;
if (!isset(SpotCategories::$_categories[$spot['category']][$subCatLetter][substr($subcats[2], 1)])) {
$result->addError(sprintf(_('Incorrect subcategories (%s)'), $subCat . ' !! ' . $subCatLetter . ' !! ' . substr($subcats[2], 1)));
}
# if
}
# else
}
# foreach
/*
* Make sure all subcategories are in the format we expect, for
* example we strip the 'cat' part and strip the z-subcat
*/
$subcatCount = count($spot['subcatlist']);
for ($i = 0; $i < $subcatCount; $i++) {
$subcats = explode('_', $spot['subcatlist'][$i]);
# If not in our format
if (count($subcats) != 3) {
$result->addError(sprintf(_('Incorrect subcategories (%s)'), $spot['subcatlist'][$i]));
} else {
$spot['subcatlist'][$i] = substr($subcats[2], 0, 1) . str_pad(substr($subcats[2], 1), 2, '0', STR_PAD_LEFT);
# Explicitly add the 'z'-category - we derive it from the full categorynames we already have
$zcatStr = substr($subcats[1], 0, 1) . str_pad(substr($subcats[1], 1), 2, '0', STR_PAD_LEFT);
if (is_numeric(substr($subcats[1], 1)) && array_search($zcatStr, $spot['subcatlist']) === false) {
$spot['subcatlist'][] = $zcatStr;
}
# if
}
# else
}
# for
# Make sure the spot isn't being posted in many categories
if (count($subCatSplitted['a']) > 1) {
$result->addError(_('You can only specify one format for a spot'));
}
# if
# Make sure the spot has at least a format
if (count($subCatSplitted['a']) < 1) {
$result->addError(_('You need to specify a format for a spot'));
}
# if
# Make sure the spot isn't being posted for too many categories
if (count($spot['subcatlist']) > 10) {
$result->addError(_('Too many categories'));
}
# if
# Make sure the spot isn't being posted for too many categories
# The "A"-subcategory, and the "Z" subcategory are always selected by
# the form, so we need to check for 3
if (count($spot['subcatlist']) < 3) {
$result->addError(_('At least one category need to be selected'));
}
# if
$result->addData('spot', $spot);
return $result;
}
function render()
{
# Make sure the result is set to 'not comited' per default
$result = new Dto_FormResult('notsubmitted');
# Validate proper permissions
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_post_spot, '');
# Sportparser is nodig voor het escapen van de random string
$spotParseUtil = new Services_Format_Util();
# we need the spotuser system
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
/*
* Create a default form so we can be sure to always be able
* to render the form without notices or whatever
*/
$spot = array('title' => '', 'body' => '', 'category' => 0, 'subcata' => '', 'subcatb' => array(), 'subcatc' => array(), 'subcatd' => array(), 'subcatz' => '', 'tag' => '', 'website' => '', 'newmessageid' => '', 'randomstr' => '');
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_spotForm['action'];
# set the page title
$this->_pageTitle = "spot: post";
# Make sure all variables are merged with the default form
$spot = array_merge($spot, $this->_spotForm);
# If user tried to submit, validate the file uploads
$nzbFilename = '';
$imgFilename = '';
if ($formAction == 'post') {
$result->setResult('success');
# Make sure an NZB file was provided
$uploadHandler = new Services_Providers_FileUpload('newspotform', 'nzbfile');
if (!$uploadHandler->isUploaded()) {
$result->addError(_('Please select NZB file'));
} elseif (!$uploadHandler->success()) {
$result->addError(_('Invalid NZB file') . ' (' . $uploadHandler->errorText() . ')');
} else {
$nzbFilename = $uploadHandler->getTempName();
}
# if
# Make sure an picture was provided
$uploadHandler = new Services_Providers_FileUpload('newspotform', 'imagefile');
if (!$uploadHandler->isUploaded()) {
$result->addError(_('Please select a picture'));
} elseif (!$uploadHandler->success()) {
$result->addError(_('Invalid picture') . ' (' . $uploadHandler->errorText() . ')');
} else {
$imgFilename = $uploadHandler->getTempName();
}
# if
}
# if
if ($formAction == 'post' && $result->isSuccess()) {
# Initialize notificatiesystem
$spotsNotifications = new SpotNotifications($this->_daoFactory, $this->_settings, $this->_currentSession);
# Make sure we can post this spot, if so, make it happen
$svcPostSpot = new Services_Posting_Spot($this->_daoFactory, $this->_settings);
$result = $svcPostSpot->postSpot($svcUserRecord, $this->_currentSession['user'], $spot, $imgFilename, $nzbFilename);
if ($result->isSuccess()) {
$result->addData('user', $this->_currentSession['user']['username']);
$result->addData('spotterid', $spotParseUtil->calculateSpotterId($this->_currentSession['user']['publickey']['modulo']));
# en send a notification
$spotsNotifications->sendSpotPosted($spot);
}
# if
}
# if
#- display stuff -#
$this->template('newspot', array('postspotform' => $spot, 'result' => $result));
}
function removeSpotterFromList($currentUser, $spotterId)
{
$result = new Dto_FormResult();
if (!$this->allowedToPost($currentUser)) {
$result->addError(_('User is not allowed to maintain spotstatelist'));
} else {
$this->_daoFactory->getBlackWhiteListDao()->removeSpotterFromList($spotterId, $currentUser['userid']);
}
# else
return $result;
}
