rocksolid-light/Rocksolid_Light/rocksolid/lib/post.inc.php

651 lines
20 KiB
PHP

<?php
/*
* rslight NNTP<->HTTP Gateway
* Download: https://news.novabbs.com/getrslight
*
* Based on Newsportal by Florian Amrhein
*
* E-Mail: retroguy@novabbs.com
* Web: https://news.novabbs.com
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
@session_start();
/*
* Encode lines with 8bit-characters to quote-printable
*
* $line: the to be encoded line
*
* the function returns a sting containing the quoted-printable encoded
* $line
*/
function encode_subject($line)
{
$newstring = mb_encode_mimeheader(quoted_printable_decode($line));
return $newstring;
}
if (! function_exists('quoted_printable_encode')) {
function quoted_printable_encode($line)
{
global $www_charset;
$qp_table = array(
'=00',
'=01',
'=02',
'=03',
'=04',
'=05',
'=06',
'=07',
'=08',
'=09',
'=0A',
'=0B',
'=0C',
'=0D',
'=0E',
'=0F',
'=10',
'=11',
'=12',
'=13',
'=14',
'=15',
'=16',
'=17',
'=18',
'=19',
'=1A',
'=1B',
'=1C',
'=1D',
'=1E',
'=1F',
'_',
'!',
'"',
'#',
'$',
'%',
'&',
"'",
'(',
')',
'*',
'+',
',',
'-',
'.',
'/',
'0',
'1',
'2',
'3',
'4',
'5',
'6',
'7',
'8',
'9',
':',
';',
'<',
'=3D',
'>',
'=3F',
'@',
'A',
'B',
'C',
'D',
'E',
'F',
'G',
'H',
'I',
'J',
'K',
'L',
'M',
'N',
'O',
'P',
'Q',
'R',
'S',
'T',
'U',
'V',
'W',
'X',
'Y',
'Z',
'[',
'\\',
']',
'^',
'=5F',
'',
'a',
'b',
'c',
'd',
'e',
'f',
'g',
'h',
'i',
'j',
'k',
'l',
'm',
'n',
'o',
'p',
'q',
'r',
's',
't',
'u',
'v',
'w',
'x',
'y',
'z',
'{',
'|',
'}',
'~',
'=7F',
'=80',
'=81',
'=82',
'=83',
'=84',
'=85',
'=86',
'=87',
'=88',
'=89',
'=8A',
'=8B',
'=8C',
'=8D',
'=8E',
'=8F',
'=90',
'=91',
'=92',
'=93',
'=94',
'=95',
'=96',
'=97',
'=98',
'=99',
'=9A',
'=9B',
'=9C',
'=9D',
'=9E',
'=9F',
'=A0',
'=A1',
'=A2',
'=A3',
'=A4',
'=A5',
'=A6',
'=A7',
'=A8',
'=A9',
'=AA',
'=AB',
'=AC',
'=AD',
'=AE',
'=AF',
'=B0',
'=B1',
'=B2',
'=B3',
'=B4',
'=B5',
'=B6',
'=B7',
'=B8',
'=B9',
'=BA',
'=BB',
'=BC',
'=BD',
'=BE',
'=BF',
'=C0',
'=C1',
'=C2',
'=C3',
'=C4',
'=C5',
'=C6',
'=C7',
'=C8',
'=C9',
'=CA',
'=CB',
'=CC',
'=CD',
'=CE',
'=CF',
'=D0',
'=D1',
'=D2',
'=D3',
'=D4',
'=D5',
'=D6',
'=D7',
'=D8',
'=D9',
'=DA',
'=DB',
'=DC',
'=DD',
'=DE',
'=DF',
'=E0',
'=E1',
'=E2',
'=E3',
'=E4',
'=E5',
'=E6',
'=E7',
'=E8',
'=E9',
'=EA',
'=EB',
'=EC',
'=ED',
'=EE',
'=EF',
'=F0',
'=F1',
'=F2',
'=F3',
'=F4',
'=F5',
'=F6',
'=F7',
'=F8',
'=F9',
'=FA',
'=FB',
'=FC',
'=FD',
'=FE',
'=FF'
);
// are there "forbidden" characters in the string?
for ($i = 0; $i < strlen($line) && ord($line[$i]) <= 127; $i++);
if ($i < strlen($line)) { // yes, there are. So lets encode them!
$from = $i;
for ($to = strlen($line) - 1; ord($line[$to]) <= 127; $to--);
// lets scan for the start and the end of the to be encoded _words_
for (; $from > 0 && $line[$from] != ' '; $from--);
if ($from > 0)
$from++;
for (; $to < strlen($line) && $line[$to] != ' '; $to++);
// split the string into the to be encoded middle and the rest
$begin = substr($line, 0, $from);
$middle = substr($line, $from, $to - $from);
$end = substr($line, $to);
// ok, now lets encode $middle...
$newmiddle = "";
for ($i = 0; $i < strlen($middle); $i++)
$newmiddle .= $qp_table[ord($middle[$i])];
// now we glue the parts together...
$line = $begin . '=?' . $www_charset . '?Q?' . $newmiddle . '?=' . $end;
}
return $line;
}
}
/*
* generate a message-id for posting.
* $identity: a string containing informations about the article, to
* make a md5-hash out of it.
*
* returns: a complete message-id
*/
function generate_msgid($identity)
{
global $CONFIG, $msgid_generate, $msgid_fqdn;
switch ($msgid_generate) {
case "no":
// no, we don't want to generate a message-id.
return false;
break;
case "md5":
if ($CONFIG['server_path'][0] !== '@') {
$mymsgid = '@' . $CONFIG['server_path'];
} else {
$mymsgid = $CONFIG['server_path'];
}
return '<' . md5($identity) . $mymsgid . '>';
break;
default:
return false;
break;
}
}
function check_rate_limit($name, $set = 0, $gettime = 0)
{
global $CONFIG, $spooldir;
if (strcasecmp($name, $CONFIG['anonusername']) == 0) {
$name = session_id();
}
$ratefile = $spooldir . '/' . strtolower($name) . '-rate.dat';
$postqty = 0;
$first = 0;
$newrate = array();
if (is_file($ratefile)) {
$ratedata = '';
$ratefp = fopen($ratefile, 'r');
while (! feof($ratefp)) {
$ratedata .= fgets($ratefp, 1000);
}
fclose($ratefp);
$rate = unserialize($ratedata);
sort($rate);
foreach ($rate as $ratepost) {
if ($ratepost > (time() - 3600)) {
$postqty = $postqty + 1;
$newrate[] = $ratepost;
if ($first == 0) {
$oldest = $ratepost;
$first = 1;
}
}
}
}
$newrate[] = time();
if ($set) {
$ratefp = fopen($ratefile, 'w');
fputs($ratefp, serialize($newrate));
fclose($ratefp);
$postqty = $postqty + 1;
}
$rate_limit = get_user_config($name, 'rate_limit');
if (($rate_limit !== FALSE) && ($rate_limit > 0)) {
$CONFIG['rate_limit'] = $rate_limit;
}
$postsremaining = $CONFIG['rate_limit'] - $postqty;
if ($gettime) {
$wait = (3600 - (time() - $oldest)) / 60;
return ($wait);
} else {
return ($postsremaining);
}
}
/*
* Post an article to a newsgroup
*
* $subject: The Subject of the article
* $from: The authors name and email of the article
* $newsgroups: The groups to post to
* $ref: The references of the article
* $body: The article itself
*/
function message_post($subject, $from, $newsgroups, $ref, $body, $encryptthis = null, $encryptto = null, $authname = null, $fromname, $followupto = null, $do_attach = null)
{
global $server, $port, $send_poster_host, $text_error, $CONFIG, $OVERRIDES;
global $www_charset, $config_dir, $spooldir, $logdir, $enable_post_log, $name;
global $msgid_generate, $msgid_fqdn, $rslight_version;
flush();
$logfile = $logdir . '/post.log';
$attachment_temp_dir = $spooldir . "/tmp/";
if (! is_dir($attachment_temp_dir)) {
mkdir($attachment_temp_dir);
}
$myconfig = false;
if (file_exists($config_dir . '/userconfig/' . $authname . '.config')) {
$userconfig = unserialize(file_get_contents($config_dir . '/userconfig/' . $authname . '.config'));
$myconfig = true;
}
if (isset($encryptthis)) {
$workpath = $config_dir . "users/";
$username = trim(strtolower($encryptto));
$userFilename = $workpath . $username;
if ((! is_file($userFilename)) || $encryptto == $CONFIG['anonusername']) {
$response = "Cannot encrypt to $encryptto. No such user";
return $response;
}
}
$msgid = generate_msgid($subject . "," . $from . "," . $newsgroups . "," . $ref . "," . $body);
/*
* SPAM CHECK
*/
if (isset($CONFIG['spamassassin']) && ($CONFIG['spamassassin'] == true) && ($CONFIG['enable_nntp'] != true)) {
$spam_result_array = check_spam($subject, $from, $newsgroups, $ref, $body, $msgid, true);
$res = $spam_result_array['res'];
$spamresult = $spam_result_array['spamresult'];
$spamcheckerversion = $spam_result_array['spamcheckerversion'];
$spamlevel = $spam_result_array['spamlevel'];
}
if ($do_attach) {
move_uploaded_file($_FILES["photo"]["tmp_name"], $attachment_temp_dir . $_FILES["photo"]["name"]);
if ($authname != null) {
$uploadname = $authname;
} else {
$uploadname = $CONFIG['anonusername'];
}
if (! is_dir($spooldir . '/upload/' . $uploadname)) {
mkdir($spooldir . '/upload/' . $uploadname);
}
// Copy attachment to user's upload directory
copy($attachment_temp_dir . $_FILES["photo"]["name"], $spooldir . '/upload/' . $uploadname . '/' . $_FILES["photo"]["name"]);
}
$ns = nntp_open($server, $port);
if ($ns != false) {
fputs($ns, "POST\r\n");
$weg = line_read($ns);
$t = explode(' ', $weg);
if ($t[0] != "340") {
nntp_close($ns);
return $weg;
}
fputs($ns, 'Subject: ' . encode_subject($subject) . "\r\n");
// For Synchronet use
if (isset($CONFIG['synchronet']) && ($CONFIG['synchronet'] == true)) {
if (! isset($fromname) || trim($fromname) == '') {
$fromname = 'ALL';
}
fputs($ns, 'To: ' . $fromname . "\r\n");
fputs($ns, 'X-Comment-To: ' . $fromname . "\r\n");
}
// X-Rslight headers
if ((isset($CONFIG['spamassassin']) && ($CONFIG['spamassassin'] == true))) {
if ($res === 1) {
fputs($ns, $spamcheckerversion . "\r\n");
if (strpos($spamlevel, '*') !== false)
fputs($ns, $spamlevel . "\r\n");
if ($res === 1) {
fputs($ns, "X-Rslight-Original-Group: " . $newsgroups . "\r\n");
$newsgroups = $CONFIG['spamgroup'];
}
}
}
// Check for custom name/email from user configuration
if ($OVERRIDES['disable_change_name'] != true) {
$user_config = unserialize(file_get_contents($config_dir . '/userconfig/' . $authname . '.config'));
if (trim($user_config['display_name']) == '') {
unset($user_config['display_name']);
}
if (trim($user_config['display_email']) == '') {
unset($user_config['display_email']);
}
if (isset($user_config['display_name']) && isset($user_config['display_email'])) {
fputs($ns, 'From: ' . $user_config['display_name'] . ' <' . $user_config['display_email'] . ">\r\n");
} else {
fputs($ns, 'From: ' . $from . "\r\n");
}
} else {
fputs($ns, 'From: ' . $from . "\r\n");
}
if ($followupto !== null) {
fputs($ns, 'Followup-To: ' . $followupto . "\r\n");
}
fputs($ns, 'Newsgroups: ' . $newsgroups . "\r\n");
if (! isset($OVERRIDES['disable_rslight_headers']) || $OVERRIDES['disable_rslight_headers'] != true) {
$sitekey = password_hash($CONFIG['thissitekey'] . $msgid, PASSWORD_DEFAULT);
if ($authname) {
$posting_user = hash('sha1', strtolower($authname) . $CONFIG['thissitekey'] . $_SERVER['HTTP_HOST']);
} else {
$posting_user = hash('sha1', strtolower($from) . $CONFIG['thissitekey'] . $_SERVER['HTTP_HOST']);
}
fputs($ns, 'X-Rslight-Site: ' . $sitekey . "\r\n");
fputs($ns, 'X-Rslight-Posting-User: ' . $posting_user . "\r\n");
if ($userconfig) {
set_user_config($authname, 'posting-user', $posting_user);
}
$posthashfile = $spooldir . '/posthash.dat';
if(file_exists($posthashfile)) {
$posthash = unserialize(file_get_contents($posthashfile));
} else {
$posthash = array();
}
$posthash[$posting_user] = $authname;
file_put_contents($posthashfile, serialize($posthash));
}
if (isset($encryptthis)) {
fputs($ns, 'X-Rslight-To: ' . $encryptto . "\r\n");
$CONFIG['postfooter'] = "";
}
fputs($ns, "Mime-Version: 1.0\r\n");
if ($do_attach == null) {
fputs($ns, "Content-Type: text/plain; charset=" . $www_charset . "; format=flowed\r\n");
fputs($ns, "Content-Transfer-Encoding: 8bit\r\n");
}
if (isset($OVERRIDES['user_agent'])) {
if ($OVERRIDES['user_agent'] != '') {
fputs($ns, "User-Agent: " . $OVERRIDES['user_agent'] . "\r\n");
}
} else {
fputs($ns, "User-Agent: Rocksolid Light\r\n");
}
if ($send_poster_host)
@fputs($ns, 'X-HTTP-Posting-Host: ' . gethostbyaddr(getenv("REMOTE_ADDR")) . "\r\n");
if (($ref != false) && (count($ref) > 0)) {
// strip references
if (strlen(implode(" ", $ref)) > 900) {
$ref_first = array_shift($ref);
do {
$ref = array_slice($ref, 1);
} while (strlen(implode(" ", $ref)) > 800);
array_unshift($ref, $ref_first);
}
fputs($ns, 'References: ' . implode(" ", $ref) . "\r\n");
}
if (isset($CONFIG['organization']))
fputs($ns, 'Organization: ' . quoted_printable_encode($CONFIG['organization']) . "\r\n");
$body = trim($body);
if ($userconfig['signature'] !== '' && $myconfig) {
$body .= "\n\n-- \n" . $userconfig['signature'];
} else {
if ((isset($CONFIG['postfooter'])) && ($CONFIG['postfooter'] != "")) {
$postfooter = preg_replace('/\{DOMAIN\}/', "\n" . $_SERVER['HTTP_HOST'], $CONFIG['postfooter']);
$body .= "\n\n-- \n" . $postfooter;
}
}
if ($do_attach) {
$boundary = uniqid('', true);
$body .= "\r\n--------------" . $boundary . "\r\n";
}
fputs($ns, 'Message-ID: ' . $msgid . "\r\n");
if (trim($userconfig['xface']) !== '' && $myconfig) {
fputs($ns, 'X-Face: ' . $userconfig['xface'] . "\r\n");
}
if ($do_attach) {
fputs($ns, 'Content-Type: multipart/mixed;boundary="------------' . $boundary . '"');
fputs($ns, "\r\n");
$contenttype = shell_exec('file -b --mime-type ' . $attachment_temp_dir . $_FILES['photo']['name']);
$contenttype = rtrim($contenttype);
$b64file = shell_exec('uuencode -m ' . $attachment_temp_dir . $_FILES['photo']['name'] . ' ' . $_FILES['photo']['name'] . ' | grep -v \'begin-base64\|====\'');
$body .= 'Content-Type: ' . $contenttype . ';';
$body .= "\r\n name=" . $_FILES['photo']['name'];
$body .= "\r\nContent-Transfer-Encoding: base64";
$body .= "\r\nContent-Disposition: attachment;";
$body .= "\r\n filename=" . $_FILES['photo']['name'];
$body .= "\r\n";
$body .= "\r\n" . $b64file;
$body .= "\r\n--------------" . $boundary . "--\r\n";
}
// Headers end here
$body = str_replace("\n.\r", "\n..\r", $body);
$body = str_replace("\r", '', $body);
$body = stripSlashes($body);
if ($do_attach) {
fputs($ns, "\r\nThis is a multi-part message in MIME format.\r\n");
fputs($ns, "--------------" . $boundary . "\r\n");
fputs($ns, "Content-Type: text/plain; charset=utf-8\r\n");
fputs($ns, "Content-Transfer-Encoding: 7bit\r\n");
}
// Encrypt?
if (isset($encryptthis)) {
$encryptkey = get_user_config($encryptto, "encryptionkey");
$body = chunk_split(rslight_encrypt($body, $encryptkey));
$body = "-- RSLIGHT DAT START\n" . $body . "-- RSLIGHT DAT END\n";
}
$body = rtrim($body);
fputs($ns, "\r\n" . $body . "\r\n.\r\n");
$message = line_read($ns);
nntp_close($ns);
if ($do_attach) {
// clean up attachment file
unlink($attachment_temp_dir . $_FILES["photo"]["name"]);
}
// Post logging
if ($enable_post_log) {
file_put_contents($logfile, "\n" . format_log_date() . " Post in: " . $newsgroups . "\n by " . $name . " as " . $from . "\n posting-user: " . $posting_user . "\n subject: " . $subject . "\n message-id: " . $msgid, FILE_APPEND);
}
} else {
$message = $text_error["post_failed"];
}
// let thread.php ignore the cache for this group, so this new
// article will be visible instantly
$groupsarr = explode(",", $newsgroups);
foreach ($groupsarr as $newsgroup) {
$cachefile = $spooldir . '/' . $newsgroup . '-cache.txt';
@unlink($cachefile);
}
return $message;
}