merged with latest spotweb release

index.php

@@ -259,6 +259,14 @@
 				$page->render();
 				break;
 		} # postcomment
+
+		case 'reportpost' : {
+				$page = new SpotPage_reportpost($db, $settings, $currentSession, 
+							Array ('reportform' => $req->getForm('postreportform', array('submit')),
+								   'inreplyto' => $req->getDef('inreplyto', '')));
+				$page->render();
+				break;
+		} # reportpost
 
 		case 'logout' : {
 				$page = new SpotPage_logout($db, $settings, $currentSession);

js/posting/posting.js

@@ -41,6 +41,34 @@ function spotPosting() {
 				console.log('error: '+((new XMLSerializer()).serializeToString(xml)));
 			}
 		});
+
+		this.rpHashcashCalculated = function (self, hash) {
+			self.reportForm['postreportform[newmessageid]'].value = hash;
+			self.reportForm['postreportform[submit]'].value = 'Post';
+			self.uiDone();
+
+			var dataString2 = $(self.reportForm).serialize()
+
+			$.ajax({  
+				type: "POST",  
+				url: "?page=reportpost",  
+				dataType: "xml",
+				data: dataString2,  
+				success: function(xml) {
+					var result = $(xml).find('result').text();
+					if(result == 'success') {
+						var user = $(xml).find('user').text();
+						var userid = $(xml).find('userid').text();
+						var text = $(xml).find('body').text();
+						var useridurl = 'http://'+window.location.hostname+window.location.pathname+'?search[tree]=&search[type]=UserID&search[text]='+userid;
+					}
+				},
+				error: function(xml) {
+					console.log('error: '+((new XMLSerializer()).serializeToString(xml)));
+				}
+			});
+
+
 	} // callback
 
 	this.postComment = function(commentForm, uiStart, uiDone) {
@@ -58,13 +86,28 @@ function spotPosting() {
 		// inreplyto is the whole messageid, we strip off the @ part to add
 		// our own stuff
 		var inreplyto = commentForm['postcommentform[inreplyto]'].value;
-		inreplyto = inreplyto.substring(0, inreplyto.indexOf('@'))
+		inreplyto = inreplyto.substring(0, inreplyto.indexOf('@'));
 
 		/* Nu vragen we om, asynchroon, een hashcash te berekenen. Zie comments van calculateCommentHashCash()
 		   waarom dit asynhcroon verloopt */
 		this.calculateCommentHashCash('<' + inreplyto + '.' + rating + '.' + randomstr, '@spot.net>', 0, this.cbHashcashCalculated);
 	} // postComment
-
+
+	this.postReport = function(reportForm) {
+		this.reportForm = reportForm;
+		this.uiStart = uiStart;
+		this.uiDone = uiDone;
+
+		this.uiStart();
+
+		var randomstr = reportForm['postreportform[randomstr]'].value;
+
+		var inreplyto = reportForm['postreportform[inreplyto]'].value;
+		inreplyto = inreplyto.substring(0, inreplyto.indexOf('@'));
+
+		this.calculateCommentHashCash('<' + inreplyto + '.' + randomstr, '@spot.net>', 0, this.rpHashcashCalculated);
+	} // postReport
+
 	//
 	// We breken de make expensive hash op in stukken omdat 
 	// anders IE8 gaat zeuren over scripts die te lang lopen.

lib/SpotDb.php

@@ -1,5 +1,5 @@
 <?php
-define('SPOTDB_SCHEMA_VERSION', '0.38');
+define('SPOTDB_SCHEMA_VERSION', '0.39');
 
 class SpotDb {
 	private $_dbsettings = null;
@@ -110,6 +110,21 @@ function addPostedComment($userId, $comment) {
 					  $comment['body'],
 					  (int) time()));
 	} # addPostedComment
+
+	/*
+	 * Sla het gepostte report op van deze user
+	 */
+	function addPostedReport($userId, $report) {
+		$this->_conn->modify(
+				"INSERT INTO reportssposted(ouruserid, messageid, inreplyto, randompart, body, stamp)
+					VALUES('%d', '%s', '%s', '%s', '%s', %d)", 
+				Array((int) $userId,
+					  $report['newmessageid'],
+					  $report['inreplyto'],
+					  $report['randomstr'],
+					  $report['body'],
+					  (int) time()));
+	} # addPostedReport
 
 	/*
 	 * Verwijder een setting
@@ -325,6 +340,30 @@ function deleteUser($userid) {
 								WHERE id = '%s'", 
 							Array( (int) $userid));
 	} # deleteUser
+
+	/*
+	 * Verwijder spots en comments van een user uit de db
+	 */
+	function removeUser($userId) {
+		switch ($this->_dbsettings['engine']) {
+			case 'pdo_pgsql'  : 
+			case 'pdo_sqlite' : {
+				$this->_conn->modify("DELETE FROM spots WHERE messageid IN (SELECT messageid FROM spotsfull WHERE userid = '%s')", Array($userId));
+				$this->_conn->modify("DELETE FROM commentsxover WHERE nntpref IN (SELECT messageid FROM spotsfull WHERE userid= '%s')", Array($userId));
+				$this->_conn->modify("DELETE FROM spotsfull WHERE userid = '%s')", Array($userId));
+				$this->_conn->modify("DELETE FROM commentsfull WHERE userid = '%s')", Array($userId));
+				break;
+			} # pdo_sqlite
+
+			default			: {
+				$this->_conn->modify("DELETE FROM spotsfull, commentsfull, spots, commentsxover USING spotsfull
+										LEFT JOIN commentsfull ON spotsfull.userid=commentsfull.userid
+										LEFT JOIN spots ON spotsfull.messageid=spots.messageid
+										LEFT JOIN commentsxover ON spotsfull.messageid=commentsxover.messageid
+										WHERE spotsfull.userid = '%s'", Array($userId));
+			} # default
+		} # switch	
+	} # removeUser
 
 	/*
 	 * Update de informatie over een user behalve het password
@@ -1109,6 +1148,8 @@ function deleteSpot($msgId) {
 			} # default
 		} # switch
 	} # deleteSpot
+
+
 
 	/*
 	 * Markeer een spot in de db moderated

lib/SpotNntp.php

@@ -548,4 +548,32 @@ function getFullSpot($msgId) {
 			return $spot;
 		} # getFullSpot 
 
+		function reportSpotAsSpam($user, $serverPrivKey, $title, $report) {
+			# instantieer de benodigde objecten
+			$spotSigning = new SpotSigning();
+			$spotParser = new SpotParser();
+
+			# sign het messageid
+			$user_signature = $spotSigning->signMessage($user['privatekey'], '<' . $report['newmessageid'] . '>');
+
+			# ook door de php server 
+			$server_signature = $spotSigning->signMessage($serverPrivKey, $report['newmessageid']);
+
+			$header = 'From: ' . $user['username'] . " <" . trim($user['username']) . '@spot.net>' . "\r\n";
+			$header .= 'Subject: REPORT ' . $report['inreplyto'] . ' ' . $title . "\r\n";
+			$header .= 'Newsgroups: free.willey' . "\r\n";
+			$header .= 'Message-ID: <' . $report['newmessageid'] . '@spot.net>' . "\r\n";
+			$header .= 'References: <' . $report['inreplyto'] . ">\r\n";
+			$header .= 'X-User-Signature: ' . $spotParser->specialString($user_signature['signature']) . "\r\n";
+			$header .= 'X-Server-Signature: ' . $spotParser->specialString($server_signature['signature']) . "\r\n";
+			$header .= 'X-User-Key: ' . $spotSigning->pubkeyToXml($user_signature['publickey']) . "\r\n";
+			$header .= 'X-Server-Key: ' . $spotSigning->pubkeyToXml($server_signature['publickey']) . "\r\n";
+
+			$header .= "X-Newsreader: SpotWeb v" . SPOTWEB_VERSION . "\r\n";
+			$header .= "X-No-Archive: yes\r\n";
+
+			return $this->post(array($header, $report['body']));
+
+		} #reportSpotAsSpam
+
 } # class SpotNntp

lib/SpotPosting.php

@@ -72,4 +72,58 @@ public function postComment($user, $comment) {
 		return $errorList;
 	} # postComment
 
+	/*
+	 * Post een spam report van een spot naar de newsserver, als dit lukt komt er
+	 * een 'true' terug, anders een foutmelding
+	 */
+	public function reportSpotAsSpam($user, $report) {
+		$errorList = array();
+
+		# haal de spot op waar dit een reply op is
+		$spotsOverview = new SpotsOverview($this->_db, $this->_settings);
+		$fullSpot = $spotsOverview->getFullSpot($report['inreplyto'], $user['userid'], $this->_nntp_post);
+
+		# als de hashcash al niet klopt, doen we verder geen moeite
+		if (substr(sha1('<' . $report['newmessageid'] . '>'), 0, 4) != '0000') {
+			$errorList[] = array('postcomment_invalidhashcash', array());
+		} # if
+
+		# Body mag niet leeg zijn of heel kort
+		$report['body'] = trim($report['body']);
+		if (strlen($report['body']) < 2) {
+			$errorList[] = array('postcomment_bodytooshort', array());
+		} # if
+
+		# controleer dat de messageid waarop we replyen overeenkomt
+		# met het newMessageid om replay-attacks te voorkomen.
+		$replyToPart = substr($report['inreplyto'], 0, strpos($report['inreplyto'], '@'));
+
+		if (substr($report['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) { 
+			$errorList[] = array('postcomment_replayattack', array());
+		} # if
+
+		# controleer dat het random getal niet recentelijk ook al gebruikt
+		# is voor deze messageid (hiermee voorkomen we dat de hashcash niet
+		# steeds herberekend wordt voor het volspammen van 1 spot).
+		if (!$this->_db->isReportMessageIdUnique($report['newmessageid'])) {
+			$errorList[] = array('postcomment_replayattack', array());
+		} # if
+
+		# Body komt vanuit het form als UTF-8, maar moet verzonden worden als ISO-8859-1
+		# De database wil echter alleen UTF-8, dus moeten we dat even opsplitsen
+		$dbReport = $report;
+		$report['body'] = utf8_decode($report['body']);
+
+		# en post daadwerkelijk de report
+		if (empty($errorList)) {
+			$this->_nntp_post->reportSpotAsSpam($user,
+										   $this->_settings->get('privatekey'),  # Server private key
+										   $fullSpot['title'], 
+										   $report);
+			$this->_db->addPostedReport($user['userid'], $dbReport);
+		} # if
+
+		return $errorList;
+	} # reportSpotAsSpam
+
 } # SpotPosting

lib/SpotSecurity.php

@@ -1,5 +1,5 @@
 <?php
-define('SPOTWEB_SECURITY_VERSION', '0.14');
+define('SPOTWEB_SECURITY_VERSION', '0.15');
 
 class SpotSecurity {
 	private $_db;
@@ -57,6 +57,9 @@ class SpotSecurity {
 	const spotsec_allow_custom_stylesheet		= 33;
 	const spotsec_keep_own_filters				= 34;
 	const spotsec_set_filters_as_default		= 35;
+	const spotsec_report_spam					= 36;
+	const spotsec_use_modpanel					= 37;
+	const spotsec_rem_spot						= 38;
 
 	// Array mapping the security id to a human readable text
 	private $_secHumanReadable = array(
@@ -96,6 +99,9 @@ class SpotSecurity {
 		33		=> "Eigen CSS stylesheet toestaan per gebruiker",
 		34		=> "Zelf spotfilters kunnen bewerken",
 		35		=> "Filters als standaard in kunnen stellen voor nieuwe gebruikers"
+		36		=> "Rapporteer spot of gebruiker als spam",
+		37		=> "Toegang tot moderatorpaneel",
+		38		=> "Spots verwijderen"
 	);
 
 	function __construct(SpotDb $db, SpotSettings $settings, array $user) {

lib/SpotSettingsUpgrader.php

@@ -110,6 +110,7 @@ function setupNewsgroups() {
 		$this->setIfNot('nzb_group', 'alt.binaries.ftd');
 		$this->setIfNot('comment_group', 'free.usenet');
 		$this->setIfNot('report_group', 'free.willey');
+		$this->setIfNot('report_group', 'free.willey');
 	} # setupNewsgroups()
 
 } # SpotSettingsUpgrader

lib/SpotTemplateHelper.php

@@ -295,6 +295,17 @@ function makePostCommentAction() {
 		return $this->makeBaseUrl("path") . "?page=postcomment";
 	} # makePostCommentAction
 
+	/*
+	* Creeert de action url voor het spam reporten van een spot
+	*/
+	function makeReportAction() {
+		if(!$this->_spotSec->allowed(SpotSecurity::spotsec_report_spam, '')) {
+			return '';
+		}
+
+		return $this->makeBaseUrl("path") . "?page=reportpost";
+	} #reportSpotAsSpam
+
 	/*
 	 * Creeert een linkje naar een specifieke nzb
 	 */

lib/SpotUserUpgrader.php

@@ -107,7 +107,8 @@ function createAdmin() {
 		# Geef user 2 (de admin user, naar we van uit gaan) de anon, auth en admin group
 		$dbCon->rawExec("INSERT INTO usergroups(userid,groupid,prio) VALUES(2, 1, 1)");
 		$dbCon->rawExec("INSERT INTO usergroups(userid,groupid,prio) VALUES(2, 2, 2)");
-		$dbCon->rawExec("INSERT INTO usergroups(userid,groupid,prio) VALUES(2, 3, 3)");
+		$dbCon->rawExec("INSERT INTO usergroups(userid,groupid,prio) VALUES(2, 3, 3)");
+		$dbCon->rawExec("INSERT INTO usergroups(userid,groupid,prio) VALUES(2, 4, 4)");
 	} # createAdmin
 
 	/*
@@ -191,7 +192,7 @@ function createSecurityGroups() {
 			/* Creeer de security groepen */
 			$dbCon->rawExec("INSERT INTO securitygroups(id,name) VALUES(1, 'Anonymous users')");
 			$dbCon->rawExec("INSERT INTO securitygroups(id,name) VALUES(2, 'Authenticated users')");
-			$dbCon->rawExec("INSERT INTO securitygroups(id,name) VALUES(3, 'Administrators')");			
+			$dbCon->rawExec("INSERT INTO securitygroups(id,name) VALUES(3, 'Administrators')");				
 		} # if
 	} # createSecurityGroups
 
@@ -315,6 +316,14 @@ function updateSecurityGroupMembership() {
 		if ($this->_settings->get('securityversion') < 0.14) {
 			$dbCon->rawExec("INSERT INTO grouppermissions(groupid,permissionid,objectid) VALUES(3, " . SpotSecurity::spotsec_keep_own_downloadlist . ", 'erasedls')");
 		} # if
+
+		# Spam reporting en moderator panel toegevoegd
+		if ($this->_settings->get('securityversion') < 0.15) {
+			$dbCon->rawExec("INSERT INTO securitygroups(id,name) VALUES(4, 'Moderators')");
+			$dbCon->rawExec("INSERT INTO grouppermissions(groupid,permissionid) VALUES(2, " . SpotSecurity::spotsec_report_spam . ")");
+			$dbCon->rawExec("INSERT INTO grouppermissions(groupid,permissionid) VALUES(3, " . SpotSecurity::spotsec_use_modpanel . ")");
+			$dbCon->rawExec("INSERT INTO grouppermissions(groupid,permissionid) VALUES(4, " . SpotSecurity::spotsec_use_modpanel . ")");
+		} # if
 	} # updateSecurityGroups
 
 	/*

lib/dbstruct/SpotStruct_abs.php

@@ -246,6 +246,8 @@ function updateSchema() {
 		$this->dropForeignKey('commentsposted', 'messageid', 'spots', 'messageid', 'ON DELETE CASCADE ON UPDATE CASCADE');
 		$this->dropForeignKey('commentsxover', 'messageid', 'spots', 'messageid', 'ON DELETE CASCADE ON UPDATE CASCADE');
 		$this->dropForeignKey('commentsfull', 'messageid', 'spots', 'messageid', 'ON DELETE CASCADE ON UPDATE CASCADE');
+		$this->dropForeignKey('reportsposted', 'inreplyto', 'spots', 'messageid', 'ON DELETE CASCADE ON UPDATE CASCADE');
+		$this->dropForeignKey('reportsposted', 'messageid', 'spots', 'messageid', 'ON DELETE CASCADE ON UPDATE CASCADE');
 
 		##############################################################################################
 		# Opschonen data #############################################################################
@@ -285,6 +287,12 @@ function updateSchema() {
 			if ($this->tableExists('spotstatelist') && $this->tableExists('spots')) {
 				$this->_dbcon->rawExec("DELETE spotstatelist FROM spotstatelist LEFT JOIN spots ON spotstatelist.messageid=spots.messageid WHERE spots.messageid IS NULL");
 			} # if
+			if ($this->tableExists('reportsposted') && $this->tableExists('users')) {
+				$this->_dbcon->rawExec("DELETE reportsposted FROM reportsposted LEFT JOIN users ON reportsposted.ouruserid=users.id WHERE users.id IS NULL");
+			} # if
+			if ($this->tableExists('reportsposted') && $this->tableExists('spots')) {
+				$this->_dbcon->rawExec("DELETE reportsposted FROM reportsposted LEFT JOIN spots ON reportsposted.inreplyto=spots.messageid WHERE spots.messageid IS NULL");
+			} # if
 		} # if
 
 		# ---- spots table ---- #
@@ -383,6 +391,16 @@ function updateSchema() {
 		$this->validateColumn('stamp', 'commentsposted', 'INTEGER', "0", true, '');
 		$this->alterStorageEngine("commentsposted", "InnoDB");
 
+		# ---- reportsposted table ---- #
+		$this->createTable('reportsposted', "ascii"); 
+		$this->validateColumn('ouruserid', 'reportsposted', 'INTEGER', "0", true, '');
+		$this->validateColumn('messageid', 'reportsposted', 'VARCHAR(128)', "''", true, 'ascii');
+		$this->validateColumn('inreplyto', 'reportsposted', 'VARCHAR(128)', "''", true, 'ascii');
+		$this->validateColumn('randompart', 'reportsposted', 'VARCHAR(32)', "''", true, 'ascii');
+		$this->validateColumn('body', 'reportsposted', 'TEXT', NULL, false, 'utf8');
+		$this->validateColumn('stamp', 'reportsposted', 'INTEGER', "0", true, '');
+		$this->alterStorageEngine("reportsposted", "InnoDB");
+
 		# ---- usersettings table ---- #
 		$this->createTable('usersettings', "utf8"); 
 		$this->validateColumn('userid', 'usersettings', 'INTEGER', '0', true, '');
@@ -540,6 +558,10 @@ function updateSchema() {
 		$this->validateIndex("idx_reportsxover_1", "UNIQUE", "reportsxover", array("messageid"));
 		$this->validateIndex("idx_reportsxover_2", "", "reportsxover", array("nntpref"));
 
+		# ---- Indexen op reportsposted ----
+		$this->validateIndex("idx_reportsposted_1", "UNIQUE", "reportsposted", array("messageid"));
+		$this->validateIndex("idx_reportspostedrel_1", "", "reportsposted", array("ouruserid"));
+
 		# ---- Indexen op commentsposted ----
 		$this->validateIndex("idx_commentsposted_1", "UNIQUE", "commentsposted", array("messageid"));
 		$this->validateIndex("idx_commentspostedrel_1", "", "commentsposted", array("ouruserid"));
@@ -593,6 +615,7 @@ function updateSchema() {
 		$this->addForeignKey('commentsfull', 'messageid', 'commentsxover', 'messageid', 'ON DELETE CASCADE ON UPDATE CASCADE');
 		$this->addForeignKey('notifications', 'userid', 'users', 'id', 'ON DELETE CASCADE ON UPDATE CASCADE');
 		$this->addForeignKey('commentsposted', 'ouruserid', 'users', 'id', 'ON DELETE CASCADE ON UPDATE CASCADE');
+		$this->addForeignKey('reportsposted', 'ouruserid', 'users', 'id', 'ON DELETE CASCADE ON UPDATE CASCADE');
 		$this->addForeignKey('filters', 'userid', 'users', 'id', 'ON DELETE CASCADE ON UPDATE CASCADE');
 
 		##############################################################################################