HTTP Gateway
* Download: https://news.novabbs.com/getrslight
*
* Based on Newsportal by Florian Amrhein
*
* E-Mail: retroguy@novabbs.com
* Web: https://news.novabbs.com
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
include "config.inc.php";
$CONFIG = include($config_file);
include $file_newsportal;
include "head.inc";
if (disable_page_by_user_agent($client_device, "bot", "Post")) {
echo "Page Disabled";
include "tail.inc";
exit();
}
if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
$_SESSION['last_access'] = time();
}
$logfile = $logdir . '/post.log';
@$fieldnamedecrypt = $_REQUEST['fielddecrypt'];
@$newsgroups = $_REQUEST["newsgroups"];
@$group = $_REQUEST["group"];
@$type = $_REQUEST["type"];
@$subject = stripslashes($_POST[md5($fieldnamedecrypt . "subject")]);
@$name = $_POST[md5($fieldnamedecrypt . "name")];
@$email = $_POST[md5($fieldnamedecrypt . "email")];
@$body = $_POST[md5($fieldnamedecrypt . "body")];
@$abspeichern = $_REQUEST["abspeichern"];
@$references = $_REQUEST["references"];
@$id = $_REQUEST["id"];
if (isset($_REQUEST['followupto']) && trim($_REQUEST['followupto']) != '') {
$followupto = trim($_REQUEST['followupto']);
$followupto = sanitize_header($followupto);
} else {
$followupto = null;
}
$max_followupto = 1;
// Check some header strings for bad characters
$newsgroups = sanitize_header($newsgroups);
$subject = sanitize_header($subject);
$email = sanitize_header($email);
// Load name from cookies
if ($setcookies) {
if ((isset($_COOKIE["mail_name"])) && (! isset($name)))
$name = $_COOKIE["mail_name"];
}
// Truncate username at 30 characters to avoid abuse
$name = substr($name, 0, 30);
$name = sanitize_header($name);
$logged_in = false;
if (trim($name) != '') {
$logged_in = verify_logged_in(trim(strtolower($name)));
}
// This will log user post info (group and username)
$enable_post_log = false;
if ($OVERRIDES['enable_post_log'] > 0) {
$enable_post_log = $OVERRIDES['enable_post_log'];
}
$allow_ng_header_edit_post = true;
$allow_ng_header_edit_reply = false;
if (isset($OVERRIDES['allow_ng_header_edit'])) {
if ($OVERRIDES['allow_ng_header_edit'] == 'post') {
$allow_ng_header_edit_post = true;
} else {
$allow_ng_header_edit_post = false;
}
if ($OVERRIDES['allow_ng_header_edit'] == 'reply') {
$allow_ng_header_edit_reply = true;
} else {
$allow_ng_header_edit_reply = false;
}
if ($OVERRIDES['allow_ng_header_edit'] == 'both') {
$allow_ng_header_edit_post = true;
$allow_ng_header_edit_reply = true;
}
if ($OVERRIDES['allow_ng_header_edit'] == 'none') {
$allow_ng_header_edit_post = false;
$allow_ng_header_edit_reply = false;
}
}
$allow_ngs_edit = false;
if ($type == 'reply') {
if ($allow_ng_header_edit_reply) {
$allow_ngs_edit = true;
}
if (isset($OVERRIDES['max_crosspost_reply']) && $OVERRIDES['max_crosspost_reply'] > 0) {
$max_crosspost = $OVERRIDES['max_crosspost_reply'];
} else {
$max_crosspost = 12;
}
} else {
if ($allow_ng_header_edit_post) {
$allow_ngs_edit = true;
}
if (isset($OVERRIDES['max_crosspost_post']) && $OVERRIDES['max_crosspost_post'] > 0) {
$max_crosspost = $OVERRIDES['max_crosspost_post'];
} else {
$max_crosspost = 3;
}
}
if (! isset($group) && isset($newsgroups)) {
$group = $newsgroups;
}
// Save name in cookies
if (strcmp(stripslashes($name), $CONFIG['anonusername']) !== 0) {
if (($setcookies == true) && (isset($abspeichern)) && ($abspeichern == "ja")) {
setcookie("mail_name", stripslashes($name), time() + (3600 * 24 * 90), "/");
}
}
if ((isset($post_server)) && ($post_server != ""))
$server = $post_server;
if ((isset($post_port)) && ($post_port != ""))
$port = $post_port;
global $synchro_user, $synchro_pass;
// check to which groups the user is allowed to post to
$thisgroup = _rawurldecode($_REQUEST['group']);
// Is this a reply to an article containing Followup-To?
if (isset($_REQUEST['fgroups'])) {
$thisgroup = preg_replace('!\s+!', ',', $_REQUEST['fgroups']);
$thisgroup = preg_replace('/\,+/', ',', $thisgroup);
}
$newsgroups = $thisgroup;
if ($_REQUEST['returngroup']) {
$returngroup = $_REQUEST['returngroup'];
} else {
$returngroup = $thisgroup;
}
$linkgroups = preg_split("/[\s,]+/", $returngroup);
foreach ($linkgroups as $linkgroup) {
$linkgroup = trim($linkgroup);
if (get_section_by_group($linkgroup)) {
$returngroup = $linkgroup;
break;
}
}
echo '';
} else {
echo '';
}
// has the user write-rights on the newsgroups?
if ((function_exists("npreg_group_has_read_access") && ! npreg_group_has_read_access($newsgroups)) || (function_exists("npreg_group_has_write_access") && ! npreg_group_has_write_access($newsgroups))) {
die("access denied");
}
// Load name and email from the registration system, if available
if (function_exists("npreg_get_name")) {
$name = npreg_get_name();
}
if (function_exists("npreg_get_email")) {
$email = npreg_get_email();
$form_noemail = true;
}
if (! strcmp($name, $CONFIG['anonusername']) && (isset($CONFIG['anonuser']))) {
$userpass = $CONFIG['anonuserpass'];
$email = $name . $CONFIG['email_tail'];
$_SESSION['pass'] = false;
} else {
$userpass = $email;
$request = "email";
$get_email = get_user_config($name, $request);
if ($get_email === FALSE) {
$email = $name . $CONFIG['email_tail'];
} else {
$email = trim($get_email);
}
}
if (isset($CONFIG['synchronet']) && ($CONFIG['synchronet'] == true)) {
$synchro_user = $name;
$synchro_pass = $userpass;
}
if ($name == "")
$name = $_SERVER['REMOTE_USER'];
if ((! isset($references)) || ($references == "")) {
$references = false;
}
if (! isset($type)) {
$type = "new";
}
if ($type == "new") {
$subject = "";
$bodyzeile = "";
$show = 1;
}
// Is there a new article to post to the newsserver?
if ($type == "post") {
$show = 0;
if (! $CONFIG['synchronet']) {
if (! $logged_in) {
if (check_bbs_auth(trim($name), $userpass) == FALSE) {
$type = "retry";
$error = $text_error["auth_error"];
$_SESSION['pass'] = false;
$logged_in = false;
} else {
$_SESSION['pass'] = true;
$logged_in = true;
if (set_user_logged_in_cookies($name, $keys)) {
file_put_contents($auth_log, "\n" . logging_prefix() . " SET AUTH COOKIES for: " . $name, FILE_APPEND);
}
}
} else {
// Update cookie times to stay logged in
if (set_user_logged_in_cookies($name, $keys)) {
file_put_contents($auth_log, "\n" . logging_prefix() . " UPDATED AUTH COOKIES for: " . $name, FILE_APPEND);
}
}
}
// Check that user has not been recently banned
if (! is_file($config_dir . '/users/' . strtolower(trim($name)))) {
$type = "retry";
$error = $text_error["auth_error"];
$_SESSION['pass'] = false;
$logged_in = false;
}
// error handling
if (trim($body) == "") {
$type = "retry";
$error = $text_post["missing_message"];
}
if ((trim($email) == "") && (! isset($anonym_address))) {
$type = "retry";
$error = $text_post["missing_email"];
}
if (($email) && (! validate_email(trim($email)))) {
$type = "retry";
$error = $text_post["error_wrong_email"];
}
if (trim($name) == "") {
$type = "retry";
$error = $text_post["missing_name"];
}
if (trim($subject) == "") {
$type = "retry";
$error = $text_post["missing_subject"];
}
if ($allow_ngs_edit) {
$grouptotal = preg_split("/( |\,)/", $newsgroups);
if (count($grouptotal) > $max_crosspost) {
$type = "retry";
$error = "Too many newsgroups";
}
$followuptotal = preg_split("/( |\,)/", $followupto);
if (count($followuptotal) > $max_followupto) {
$type = "retry";
$error = "Too many groups in followup-to";
}
}
// captcha-check
if (($post_captcha) && (captcha::check() == false)) {
$type = "retry";
$error = $text_post["captchafail"];
}
if ($type == "post") {
$name = trim($name);
if (! $CONFIG['readonly']) {
// post article to the newsserver
if ($references)
$references_array = explode(" ", $references);
else
$references_array = false;
if (($email == "") && (isset($anonym_address)))
$nemail = $anonym_address;
else
$nemail = $email;
$rate_limit = get_user_config($name, 'rate_limit');
if (($rate_limit !== FALSE) && ($rate_limit > 0)) {
$CONFIG['rate_limit'] = $rate_limit;
}
if ($CONFIG['rate_limit'] == true) {
$postsremaining = check_rate_limit($name);
if ($postsremaining < 1) {
$wait = check_rate_limit($name, 0, 1);
echo 'You have reached the limit of ' . $CONFIG['rate_limit'] . ' posts per hour.
Please wait ' . round($wait) . ' minutes before posting again.';
echo '' . $text_post["button_back"] . ' ' . $text_post["button_back2"] . ' ' . group_display_name($returngroup) . '
';
return;
}
}
// Wrap long lines in message body
$body = wrap_post($body);
if (isset($_FILES["photo"]) && $_FILES["photo"]["error"] == 0) {
$_FILES['photo']['name'] = preg_replace('/[^a-zA-Z0-9\.]/', '_', $_FILES['photo']['name']);
// There is an attachment to handle
$message = message_post(quoted_printable_encode($subject), $nemail . " (" . quoted_printable_encode($name) . ")", $newsgroups, $references_array, addslashes($body), $_POST['encryptthis'], $_POST['encryptto'], strtolower($name), $_POST['fromname'], $followupto, true);
} else {
$message = message_post(quoted_printable_encode($subject), $nemail . " (" . quoted_printable_encode($name) . ")", $newsgroups, $references_array, addslashes($body), $_POST['encryptthis'], $_POST['encryptto'], strtolower($name), $_POST['fromname'], $followupto);
}
// Article sent without errors, or duplicate?
if ((substr($message, 0, 3) == "240") || (substr($message, 0, 7) == "441 435")) {
// Is there a moderated group in Newsgroups: ?
if (is_moderated($newsgroups)) {
echo '** Moderated Newsgroup **
';
echo '** Message Queued for Moderation **
';
} else {
echo '' . $text_post["message_posted2"] . '
';
}
if (isset($CONFIG['auto_return']) && ($CONFIG['auto_return'] == true)) {
echo '';
if ($postsremaining < 1) {
$wait = check_rate_limit($name, 0, 1);
echo 'Please wait ' . round($wait) . ' minutes before posting again.
';
}
}
echo 'Back
';
} else {
// article not accepted by the newsserver
$type = "retry";
$error = $text_post["error_newsserver"] . "
$message
";
}
} else {
echo $text_post["error_readonly"];
}
}
}
// A reply of an other article.
if ($type == "reply") {
$message = message_read($id, 0, $newsgroups);
$head = $message->header;
$body = explode("\n", rtrim($message->body[0]));
nntp_close($ns);
if ($head->name != "") {
$bodyzeile = $head->name;
} else {
$bodyzeile = $head->from;
}
// For Synchronet use (deprecated)
$fromname = $bodyzeile;
// Set quote reply format (On date somebody wrote:)
if (!isset($OVERRIDES['quote_head'])) {
$OVERRIDES['quote_head'] = 'date_name';
}
switch ($OVERRIDES['quote_head']) {
case 'date_name':
$bodyzeile = "On " . date("D, j M Y G:i:s O,", $head->date) . " " . $bodyzeile . $text_post["wrote_suffix"] . "\n\n";
break;
case 'msgid_name':
$bodyzeile = "In " . $head->id . ", " . $bodyzeile . $text_post["wrote_suffix"] . "\n\n";
break;
case 'date_msgid_name':
$bodyzeile = "On " . date("D, j M Y G:i:s O,", $head->date) . " in " . $head->id . ", " . $bodyzeile . $text_post["wrote_suffix"] . "\n\n";
break;
case 'name':
$bodyzeile = $text_post["wrote_prefix"] . $bodyzeile . $text_post["wrote_suffix"] . "\n\n";
break;
default:
$bodyzeile = "On " . date("D, j M Y G:i:s O,", $head->date) . " " . $bodyzeile . $text_post["wrote_suffix"] . "\n\n";
break;
}
for ($i = 0; $i <= count($body) - 1; $i++) {
if ((isset($cutsignature)) && ($cutsignature == true) && ($body[$i] == '-- ')) {
break;
}
// Try not to quote blank lines at the end of all quotes
if ((trim($body[$i]) == "") && ($body[$i + 1] == '-- ' || $i >= count($body) - 1)) {
} else {
// Remove spaces from starting quote '>' characters
$body = preg_replace("/^> >/", ">>", $body);
// Quote blank lines? YES by default
if (! isset($OVERRIDES['quote_blank_lines']) || $OVERRIDES['quote_blank_lines'] == true) {
if ($body[$i][0] == '>')
$bodyzeile .= ">" . $body[$i] . "\n";
else
$bodyzeile .= "> " . $body[$i] . "\n";
} else {
if (trim($body[$i]) != "") {
if ($body[$i][0] == '>')
$bodyzeile .= ">" . $body[$i] . "\n";
else
$bodyzeile .= "> " . $body[$i] . "\n";
} else {
$bodyzeile .= "\n";
}
}
}
}
$subject = $head->subject;
// Offer choice of whether to use Followup-To
$has_followup = false;
if (isset($head->followup) && ($head->followup != "")) {
$newsgroups = $head->followup;
$has_followup = $head->newsgroups;
} else {
$newsgroups = $head->newsgroups;
}
splitSubject($subject);
$subject = "Re: " . $subject;
// Cut off old parts of a subject
// for example: 'foo (was: bar)' becomes 'foo'.
$subject = preg_replace('/(\(wa[sr]: .*\))$/i', '', $subject);
$show = 1;
$references = false;
if (isset($head->references[0])) {
for ($i = 0; $i <= count($head->references) - 1; $i++) {
$references .= $head->references[$i] . " ";
}
}
$references .= $head->id;
}
if ($type == "retry") {
$show = 1;
$bodyzeile = $body;
}
if ($show == 1) {
if ($newsgroups == "") {
echo $text_post["followup_not_allowed"];
echo " " . $newsgroups;
} else {
// check that we can post to the newsgroup
$ngroups = preg_split("/[\s,]+/", $newsgroups);
$found = false;
foreach ($ngroups as $group) {
$group = trim($group);
if (get_section_by_group($group)) {
$found = true;
break;
}
}
// show post form
$fieldencrypt = md5(rand(1, 10000000));
if ($type == 'reply') {
echo '' . $text_post["group_head_reply"] . group_display_name($newsgroups) . $text_post["group_tail"];
} else {
echo '' . $text_post["group_head"] . group_display_name($newsgroups) . $text_post["group_tail"];
}
if (! $found) {
echo ' (posting will fail - no such group)';
}
echo '
';
if (isset($error))
echo "
$error
";
echo '