651 lines
20 KiB
PHP
651 lines
20 KiB
PHP
<?php
|
|
/*
|
|
* rslight NNTP<->HTTP Gateway
|
|
* Download: https://news.novabbs.com/getrslight
|
|
*
|
|
* Based on Newsportal by Florian Amrhein
|
|
*
|
|
* E-Mail: retroguy@novabbs.com
|
|
* Web: https://news.novabbs.com
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
*/
|
|
@session_start();
|
|
|
|
/*
|
|
* Encode lines with 8bit-characters to quote-printable
|
|
*
|
|
* $line: the to be encoded line
|
|
*
|
|
* the function returns a sting containing the quoted-printable encoded
|
|
* $line
|
|
*/
|
|
function encode_subject($line)
|
|
{
|
|
$newstring = mb_encode_mimeheader(quoted_printable_decode($line));
|
|
return $newstring;
|
|
}
|
|
|
|
if (! function_exists('quoted_printable_encode')) {
|
|
|
|
function quoted_printable_encode($line)
|
|
{
|
|
global $www_charset;
|
|
$qp_table = array(
|
|
'=00',
|
|
'=01',
|
|
'=02',
|
|
'=03',
|
|
'=04',
|
|
'=05',
|
|
'=06',
|
|
'=07',
|
|
'=08',
|
|
'=09',
|
|
'=0A',
|
|
'=0B',
|
|
'=0C',
|
|
'=0D',
|
|
'=0E',
|
|
'=0F',
|
|
'=10',
|
|
'=11',
|
|
'=12',
|
|
'=13',
|
|
'=14',
|
|
'=15',
|
|
'=16',
|
|
'=17',
|
|
'=18',
|
|
'=19',
|
|
'=1A',
|
|
'=1B',
|
|
'=1C',
|
|
'=1D',
|
|
'=1E',
|
|
'=1F',
|
|
'_',
|
|
'!',
|
|
'"',
|
|
'#',
|
|
'$',
|
|
'%',
|
|
'&',
|
|
"'",
|
|
'(',
|
|
')',
|
|
'*',
|
|
'+',
|
|
',',
|
|
'-',
|
|
'.',
|
|
'/',
|
|
'0',
|
|
'1',
|
|
'2',
|
|
'3',
|
|
'4',
|
|
'5',
|
|
'6',
|
|
'7',
|
|
'8',
|
|
'9',
|
|
':',
|
|
';',
|
|
'<',
|
|
'=3D',
|
|
'>',
|
|
'=3F',
|
|
'@',
|
|
'A',
|
|
'B',
|
|
'C',
|
|
'D',
|
|
'E',
|
|
'F',
|
|
'G',
|
|
'H',
|
|
'I',
|
|
'J',
|
|
'K',
|
|
'L',
|
|
'M',
|
|
'N',
|
|
'O',
|
|
'P',
|
|
'Q',
|
|
'R',
|
|
'S',
|
|
'T',
|
|
'U',
|
|
'V',
|
|
'W',
|
|
'X',
|
|
'Y',
|
|
'Z',
|
|
'[',
|
|
'\\',
|
|
']',
|
|
'^',
|
|
'=5F',
|
|
'',
|
|
'a',
|
|
'b',
|
|
'c',
|
|
'd',
|
|
'e',
|
|
'f',
|
|
'g',
|
|
'h',
|
|
'i',
|
|
'j',
|
|
'k',
|
|
'l',
|
|
'm',
|
|
'n',
|
|
'o',
|
|
'p',
|
|
'q',
|
|
'r',
|
|
's',
|
|
't',
|
|
'u',
|
|
'v',
|
|
'w',
|
|
'x',
|
|
'y',
|
|
'z',
|
|
'{',
|
|
'|',
|
|
'}',
|
|
'~',
|
|
'=7F',
|
|
'=80',
|
|
'=81',
|
|
'=82',
|
|
'=83',
|
|
'=84',
|
|
'=85',
|
|
'=86',
|
|
'=87',
|
|
'=88',
|
|
'=89',
|
|
'=8A',
|
|
'=8B',
|
|
'=8C',
|
|
'=8D',
|
|
'=8E',
|
|
'=8F',
|
|
'=90',
|
|
'=91',
|
|
'=92',
|
|
'=93',
|
|
'=94',
|
|
'=95',
|
|
'=96',
|
|
'=97',
|
|
'=98',
|
|
'=99',
|
|
'=9A',
|
|
'=9B',
|
|
'=9C',
|
|
'=9D',
|
|
'=9E',
|
|
'=9F',
|
|
'=A0',
|
|
'=A1',
|
|
'=A2',
|
|
'=A3',
|
|
'=A4',
|
|
'=A5',
|
|
'=A6',
|
|
'=A7',
|
|
'=A8',
|
|
'=A9',
|
|
'=AA',
|
|
'=AB',
|
|
'=AC',
|
|
'=AD',
|
|
'=AE',
|
|
'=AF',
|
|
'=B0',
|
|
'=B1',
|
|
'=B2',
|
|
'=B3',
|
|
'=B4',
|
|
'=B5',
|
|
'=B6',
|
|
'=B7',
|
|
'=B8',
|
|
'=B9',
|
|
'=BA',
|
|
'=BB',
|
|
'=BC',
|
|
'=BD',
|
|
'=BE',
|
|
'=BF',
|
|
'=C0',
|
|
'=C1',
|
|
'=C2',
|
|
'=C3',
|
|
'=C4',
|
|
'=C5',
|
|
'=C6',
|
|
'=C7',
|
|
'=C8',
|
|
'=C9',
|
|
'=CA',
|
|
'=CB',
|
|
'=CC',
|
|
'=CD',
|
|
'=CE',
|
|
'=CF',
|
|
'=D0',
|
|
'=D1',
|
|
'=D2',
|
|
'=D3',
|
|
'=D4',
|
|
'=D5',
|
|
'=D6',
|
|
'=D7',
|
|
'=D8',
|
|
'=D9',
|
|
'=DA',
|
|
'=DB',
|
|
'=DC',
|
|
'=DD',
|
|
'=DE',
|
|
'=DF',
|
|
'=E0',
|
|
'=E1',
|
|
'=E2',
|
|
'=E3',
|
|
'=E4',
|
|
'=E5',
|
|
'=E6',
|
|
'=E7',
|
|
'=E8',
|
|
'=E9',
|
|
'=EA',
|
|
'=EB',
|
|
'=EC',
|
|
'=ED',
|
|
'=EE',
|
|
'=EF',
|
|
'=F0',
|
|
'=F1',
|
|
'=F2',
|
|
'=F3',
|
|
'=F4',
|
|
'=F5',
|
|
'=F6',
|
|
'=F7',
|
|
'=F8',
|
|
'=F9',
|
|
'=FA',
|
|
'=FB',
|
|
'=FC',
|
|
'=FD',
|
|
'=FE',
|
|
'=FF'
|
|
);
|
|
// are there "forbidden" characters in the string?
|
|
for ($i = 0; $i < strlen($line) && ord($line[$i]) <= 127; $i++);
|
|
if ($i < strlen($line)) { // yes, there are. So lets encode them!
|
|
$from = $i;
|
|
for ($to = strlen($line) - 1; ord($line[$to]) <= 127; $to--);
|
|
// lets scan for the start and the end of the to be encoded _words_
|
|
for (; $from > 0 && $line[$from] != ' '; $from--);
|
|
if ($from > 0)
|
|
$from++;
|
|
for (; $to < strlen($line) && $line[$to] != ' '; $to++);
|
|
// split the string into the to be encoded middle and the rest
|
|
$begin = substr($line, 0, $from);
|
|
$middle = substr($line, $from, $to - $from);
|
|
$end = substr($line, $to);
|
|
// ok, now lets encode $middle...
|
|
$newmiddle = "";
|
|
for ($i = 0; $i < strlen($middle); $i++)
|
|
$newmiddle .= $qp_table[ord($middle[$i])];
|
|
// now we glue the parts together...
|
|
$line = $begin . '=?' . $www_charset . '?Q?' . $newmiddle . '?=' . $end;
|
|
}
|
|
return $line;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* generate a message-id for posting.
|
|
* $identity: a string containing informations about the article, to
|
|
* make a md5-hash out of it.
|
|
*
|
|
* returns: a complete message-id
|
|
*/
|
|
function generate_msgid($identity)
|
|
{
|
|
global $CONFIG, $msgid_generate, $msgid_fqdn;
|
|
switch ($msgid_generate) {
|
|
case "no":
|
|
// no, we don't want to generate a message-id.
|
|
return false;
|
|
break;
|
|
case "md5":
|
|
if ($CONFIG['server_path'][0] !== '@') {
|
|
$mymsgid = '@' . $CONFIG['server_path'];
|
|
} else {
|
|
$mymsgid = $CONFIG['server_path'];
|
|
}
|
|
return '<' . md5($identity) . $mymsgid . '>';
|
|
break;
|
|
default:
|
|
return false;
|
|
break;
|
|
}
|
|
}
|
|
|
|
function check_rate_limit($name, $set = 0, $gettime = 0)
|
|
{
|
|
global $CONFIG, $spooldir;
|
|
if (strcasecmp($name, $CONFIG['anonusername']) == 0) {
|
|
$name = session_id();
|
|
}
|
|
$ratefile = $spooldir . '/' . strtolower($name) . '-rate.dat';
|
|
$postqty = 0;
|
|
$first = 0;
|
|
$newrate = array();
|
|
if (is_file($ratefile)) {
|
|
$ratedata = '';
|
|
$ratefp = fopen($ratefile, 'r');
|
|
while (! feof($ratefp)) {
|
|
$ratedata .= fgets($ratefp, 1000);
|
|
}
|
|
fclose($ratefp);
|
|
$rate = unserialize($ratedata);
|
|
sort($rate);
|
|
foreach ($rate as $ratepost) {
|
|
if ($ratepost > (time() - 3600)) {
|
|
$postqty = $postqty + 1;
|
|
$newrate[] = $ratepost;
|
|
if ($first == 0) {
|
|
$oldest = $ratepost;
|
|
$first = 1;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
$newrate[] = time();
|
|
if ($set) {
|
|
$ratefp = fopen($ratefile, 'w');
|
|
fputs($ratefp, serialize($newrate));
|
|
fclose($ratefp);
|
|
$postqty = $postqty + 1;
|
|
}
|
|
$rate_limit = get_user_config($name, 'rate_limit');
|
|
if (($rate_limit !== FALSE) && ($rate_limit > 0)) {
|
|
$CONFIG['rate_limit'] = $rate_limit;
|
|
}
|
|
$postsremaining = $CONFIG['rate_limit'] - $postqty;
|
|
if ($gettime) {
|
|
$wait = (3600 - (time() - $oldest)) / 60;
|
|
return ($wait);
|
|
} else {
|
|
return ($postsremaining);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Post an article to a newsgroup
|
|
*
|
|
* $subject: The Subject of the article
|
|
* $from: The authors name and email of the article
|
|
* $newsgroups: The groups to post to
|
|
* $ref: The references of the article
|
|
* $body: The article itself
|
|
*/
|
|
function message_post($subject, $from, $newsgroups, $ref, $body, $encryptthis = null, $encryptto = null, $authname = null, $fromname, $followupto = null, $do_attach = null)
|
|
{
|
|
global $server, $port, $send_poster_host, $text_error, $CONFIG, $OVERRIDES;
|
|
global $www_charset, $config_dir, $spooldir, $logdir, $enable_post_log, $name;
|
|
global $msgid_generate, $msgid_fqdn, $rslight_version;
|
|
|
|
flush();
|
|
|
|
$logfile = $logdir . '/post.log';
|
|
$attachment_temp_dir = $spooldir . "/tmp/";
|
|
if (! is_dir($attachment_temp_dir)) {
|
|
mkdir($attachment_temp_dir);
|
|
}
|
|
$myconfig = false;
|
|
if (file_exists($config_dir . '/userconfig/' . $authname . '.config')) {
|
|
$userconfig = unserialize(file_get_contents($config_dir . '/userconfig/' . $authname . '.config'));
|
|
$myconfig = true;
|
|
}
|
|
if (isset($encryptthis)) {
|
|
$workpath = $config_dir . "users/";
|
|
$username = trim(strtolower($encryptto));
|
|
$userFilename = $workpath . $username;
|
|
if ((! is_file($userFilename)) || $encryptto == $CONFIG['anonusername']) {
|
|
$response = "Cannot encrypt to $encryptto. No such user";
|
|
return $response;
|
|
}
|
|
}
|
|
|
|
$msgid = generate_msgid($subject . "," . $from . "," . $newsgroups . "," . $ref . "," . $body);
|
|
/*
|
|
* SPAM CHECK
|
|
*/
|
|
if (isset($CONFIG['spamassassin']) && ($CONFIG['spamassassin'] == true) && ($CONFIG['enable_nntp'] != true)) {
|
|
$spam_result_array = check_spam($subject, $from, $newsgroups, $ref, $body, $msgid, true);
|
|
$res = $spam_result_array['res'];
|
|
$spamresult = $spam_result_array['spamresult'];
|
|
$spamcheckerversion = $spam_result_array['spamcheckerversion'];
|
|
$spamlevel = $spam_result_array['spamlevel'];
|
|
}
|
|
if ($do_attach) {
|
|
move_uploaded_file($_FILES["photo"]["tmp_name"], $attachment_temp_dir . $_FILES["photo"]["name"]);
|
|
if ($authname != null) {
|
|
$uploadname = $authname;
|
|
} else {
|
|
$uploadname = $CONFIG['anonusername'];
|
|
}
|
|
if (! is_dir($spooldir . '/upload/' . $uploadname)) {
|
|
mkdir($spooldir . '/upload/' . $uploadname);
|
|
}
|
|
// Copy attachment to user's upload directory
|
|
copy($attachment_temp_dir . $_FILES["photo"]["name"], $spooldir . '/upload/' . $uploadname . '/' . $_FILES["photo"]["name"]);
|
|
}
|
|
$ns = nntp_open($server, $port);
|
|
if ($ns != false) {
|
|
fputs($ns, "POST\r\n");
|
|
$weg = line_read($ns);
|
|
$t = explode(' ', $weg);
|
|
if ($t[0] != "340") {
|
|
nntp_close($ns);
|
|
return $weg;
|
|
}
|
|
|
|
fputs($ns, 'Subject: ' . encode_subject($subject) . "\r\n");
|
|
// For Synchronet use
|
|
if (isset($CONFIG['synchronet']) && ($CONFIG['synchronet'] == true)) {
|
|
if (! isset($fromname) || trim($fromname) == '') {
|
|
$fromname = 'ALL';
|
|
}
|
|
fputs($ns, 'To: ' . $fromname . "\r\n");
|
|
fputs($ns, 'X-Comment-To: ' . $fromname . "\r\n");
|
|
}
|
|
|
|
// X-Rslight headers
|
|
|
|
if ((isset($CONFIG['spamassassin']) && ($CONFIG['spamassassin'] == true))) {
|
|
if ($res === 1) {
|
|
fputs($ns, $spamcheckerversion . "\r\n");
|
|
if (strpos($spamlevel, '*') !== false)
|
|
fputs($ns, $spamlevel . "\r\n");
|
|
if ($res === 1) {
|
|
fputs($ns, "X-Rslight-Original-Group: " . $newsgroups . "\r\n");
|
|
$newsgroups = $CONFIG['spamgroup'];
|
|
}
|
|
}
|
|
}
|
|
// Check for custom name/email from user configuration
|
|
if ($OVERRIDES['disable_change_name'] != true) {
|
|
$user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . $authname . '.config'));
|
|
if (trim($user_config['display_name']) == '') {
|
|
unset($user_config['display_name']);
|
|
}
|
|
if (trim($user_config['display_email']) == '') {
|
|
unset($user_config['display_email']);
|
|
}
|
|
if (isset($user_config['display_name']) && isset($user_config['display_email'])) {
|
|
fputs($ns, 'From: ' . $user_config['display_name'] . ' <' . $user_config['display_email'] . ">\r\n");
|
|
} else {
|
|
fputs($ns, 'From: ' . $from . "\r\n");
|
|
}
|
|
} else {
|
|
fputs($ns, 'From: ' . $from . "\r\n");
|
|
}
|
|
|
|
if ($followupto !== null) {
|
|
fputs($ns, 'Followup-To: ' . $followupto . "\r\n");
|
|
}
|
|
fputs($ns, 'Newsgroups: ' . $newsgroups . "\r\n");
|
|
|
|
if (! isset($OVERRIDES['disable_rslight_headers']) || $OVERRIDES['disable_rslight_headers'] != true) {
|
|
$sitekey = password_hash($CONFIG['thissitekey'] . $msgid, PASSWORD_DEFAULT);
|
|
if ($authname) {
|
|
$posting_user = hash('sha1', strtolower($authname) . $CONFIG['thissitekey'] . $_SERVER['HTTP_HOST']);
|
|
} else {
|
|
$posting_user = hash('sha1', strtolower($from) . $CONFIG['thissitekey'] . $_SERVER['HTTP_HOST']);
|
|
}
|
|
fputs($ns, 'X-Rslight-Site: ' . $sitekey . "\r\n");
|
|
fputs($ns, 'X-Rslight-Posting-User: ' . $posting_user . "\r\n");
|
|
if ($userconfig) {
|
|
set_user_config($authname, 'posting-user', $posting_user);
|
|
}
|
|
$posthashfile = $spooldir . '/posthash.dat';
|
|
if(file_exists($posthashfile)) {
|
|
$posthash = unserialize(file_get_contents($posthashfile));
|
|
} else {
|
|
$posthash = array();
|
|
}
|
|
$posthash[$posting_user] = $authname;
|
|
file_put_contents($posthashfile, serialize($posthash));
|
|
}
|
|
|
|
if (isset($encryptthis)) {
|
|
fputs($ns, 'X-Rslight-To: ' . $encryptto . "\r\n");
|
|
$CONFIG['postfooter'] = "";
|
|
}
|
|
fputs($ns, "Mime-Version: 1.0\r\n");
|
|
if ($do_attach == null) {
|
|
fputs($ns, "Content-Type: text/plain; charset=" . $www_charset . "; format=flowed\r\n");
|
|
fputs($ns, "Content-Transfer-Encoding: 8bit\r\n");
|
|
}
|
|
if (isset($OVERRIDES['user_agent'])) {
|
|
if ($OVERRIDES['user_agent'] != '') {
|
|
fputs($ns, "User-Agent: " . $OVERRIDES['user_agent'] . "\r\n");
|
|
}
|
|
} else {
|
|
fputs($ns, "User-Agent: Rocksolid Light\r\n");
|
|
}
|
|
if ($send_poster_host)
|
|
@fputs($ns, 'X-HTTP-Posting-Host: ' . gethostbyaddr(getenv("REMOTE_ADDR")) . "\r\n");
|
|
if (($ref != false) && (count($ref) > 0)) {
|
|
// strip references
|
|
if (strlen(implode(" ", $ref)) > 900) {
|
|
$ref_first = array_shift($ref);
|
|
do {
|
|
$ref = array_slice($ref, 1);
|
|
} while (strlen(implode(" ", $ref)) > 800);
|
|
array_unshift($ref, $ref_first);
|
|
}
|
|
fputs($ns, 'References: ' . implode(" ", $ref) . "\r\n");
|
|
}
|
|
if (isset($CONFIG['organization']))
|
|
fputs($ns, 'Organization: ' . quoted_printable_encode($CONFIG['organization']) . "\r\n");
|
|
$body = trim($body);
|
|
if ($userconfig['signature'] !== '' && $myconfig) {
|
|
$body .= "\n\n-- \n" . $userconfig['signature'];
|
|
} else {
|
|
if ((isset($CONFIG['postfooter'])) && ($CONFIG['postfooter'] != "")) {
|
|
$postfooter = preg_replace('/\{DOMAIN\}/', "\n" . $_SERVER['HTTP_HOST'], $CONFIG['postfooter']);
|
|
$body .= "\n\n-- \n" . $postfooter;
|
|
}
|
|
}
|
|
if ($do_attach) {
|
|
$boundary = uniqid('', true);
|
|
$body .= "\r\n--------------" . $boundary . "\r\n";
|
|
}
|
|
fputs($ns, 'Message-ID: ' . $msgid . "\r\n");
|
|
if (trim($userconfig['xface']) !== '' && $myconfig) {
|
|
fputs($ns, 'X-Face: ' . $userconfig['xface'] . "\r\n");
|
|
}
|
|
if ($do_attach) {
|
|
fputs($ns, 'Content-Type: multipart/mixed;boundary="------------' . $boundary . '"');
|
|
fputs($ns, "\r\n");
|
|
$contenttype = shell_exec('file -b --mime-type ' . $attachment_temp_dir . $_FILES['photo']['name']);
|
|
$contenttype = rtrim($contenttype);
|
|
$b64file = shell_exec('uuencode -m ' . $attachment_temp_dir . $_FILES['photo']['name'] . ' ' . $_FILES['photo']['name'] . ' | grep -v \'begin-base64\|====\'');
|
|
$body .= 'Content-Type: ' . $contenttype . ';';
|
|
$body .= "\r\n name=" . $_FILES['photo']['name'];
|
|
$body .= "\r\nContent-Transfer-Encoding: base64";
|
|
$body .= "\r\nContent-Disposition: attachment;";
|
|
$body .= "\r\n filename=" . $_FILES['photo']['name'];
|
|
$body .= "\r\n";
|
|
$body .= "\r\n" . $b64file;
|
|
$body .= "\r\n--------------" . $boundary . "--\r\n";
|
|
}
|
|
// Headers end here
|
|
$body = str_replace("\n.\r", "\n..\r", $body);
|
|
$body = str_replace("\r", '', $body);
|
|
$body = stripSlashes($body);
|
|
if ($do_attach) {
|
|
fputs($ns, "\r\nThis is a multi-part message in MIME format.\r\n");
|
|
fputs($ns, "--------------" . $boundary . "\r\n");
|
|
fputs($ns, "Content-Type: text/plain; charset=utf-8\r\n");
|
|
fputs($ns, "Content-Transfer-Encoding: 7bit\r\n");
|
|
}
|
|
// Encrypt?
|
|
if (isset($encryptthis)) {
|
|
$encryptkey = get_user_config($encryptto, "encryptionkey");
|
|
|
|
$body = chunk_split(rslight_encrypt($body, $encryptkey));
|
|
$body = "-- RSLIGHT DAT START\n" . $body . "-- RSLIGHT DAT END\n";
|
|
}
|
|
$body = rtrim($body);
|
|
fputs($ns, "\r\n" . $body . "\r\n.\r\n");
|
|
$message = line_read($ns);
|
|
nntp_close($ns);
|
|
if ($do_attach) {
|
|
// clean up attachment file
|
|
unlink($attachment_temp_dir . $_FILES["photo"]["name"]);
|
|
}
|
|
// Post logging
|
|
if ($enable_post_log) {
|
|
file_put_contents($logfile, "\n" . format_log_date() . " Post in: " . $newsgroups . "\n by " . $name . " as " . $from . "\n posting-user: " . $posting_user . "\n subject: " . $subject . "\n message-id: " . $msgid, FILE_APPEND);
|
|
}
|
|
} else {
|
|
$message = $text_error["post_failed"];
|
|
}
|
|
// let thread.php ignore the cache for this group, so this new
|
|
// article will be visible instantly
|
|
$groupsarr = explode(",", $newsgroups);
|
|
foreach ($groupsarr as $newsgroup) {
|
|
$cachefile = $spooldir . '/' . $newsgroup . '-cache.txt';
|
|
@unlink($cachefile);
|
|
}
|
|
return $message;
|
|
}
|