Commit eb476656 authored by noplanman's avatar noplanman

Nicely import $_GET and $_POST parameters, PHP7 style!

Fix all SQL queries, to make sure they use pg_query_params for parameter injection.
Simplify various `if` conditionals to 1-liners.
parent f4fdf9b0
<?php
//Copyright (c) 2011, David Morley. This file is licensed under the Affero General Public License version 3 or later. See the COPYRIGHT file.
$_GET['key'] === '4r45tg' || die;
($_GET['key'] ?? null) === '4r45tg' || die;
// Other parameters.
$_format = $_GET['format'] ?? '';
$_method = $_GET['method'] ?? '';
$_callback = $_GET['callback'] ?? '';
require_once __DIR__ . '/config.php';
$dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
$dbh || die('Error in connection: ' . pg_last_error());
if ($_GET['format'] === 'georss') {
if ($_format === 'georss') {
echo <<<EOF
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:georss="http://www.georss.org/georss">
......@@ -48,7 +53,7 @@ EOF;
EOF;
}
echo '</feed>';
} elseif ($_GET['format'] === 'json') {
} elseif ($_format === 'json') {
$sql = 'SELECT id,domain,status,secure,score,userrating,adminrating,city,state,country,lat,long,ip,ipv6,pingdomurl,monthsmonitored,uptimelast7,responsetimelast7,local_posts,comment_counts,dateCreated,dateUpdated,dateLaststats,hidden FROM pods';
$result = pg_query($dbh, $sql);
$result || die('Error in SQL query: ' . pg_last_error());
......@@ -62,8 +67,8 @@ EOF;
'podcount' => $numrows,
'pods' => $rows,
];
if ($_GET['method'] === 'jsonp') {
print $_GET['callback'] . '(' . json_encode($obj) . ')';
if ($_method === 'jsonp') {
print $_callback . '(' . json_encode($obj) . ')';
} else {
print json_encode($obj);
}
......@@ -87,7 +92,7 @@ EOF;
$row['country']
);
}
pg_free_result($result);
pg_close($dbh);
}
pg_free_result($result);
pg_close($dbh);
<!-- /* Copyright (c) 2011, David Morley. This file is licensed under the Affero General Public License version 3 or later. See the COPYRIGHT file. */ -->
<?php
$valid = 0;
require_once __DIR__ . '/../logging.php';
$log = new Logging();
$log->lfile(__DIR__ . $log_dir . '/add.log');
if (!$_POST['url']) {
$log->lwrite('no url given ' . $_POST['domain']);
if (!($_domain = $_POST['domain'] ?? null)) {
$log->lwrite('no domain given');
die('no pod domain given');
}
if (!($_url = $_POST['url'] ?? null)) {
$log->lwrite('no url given ' . $_domain);
die('no url given');
}
if (!$_POST['email']) {
$log->lwrite('no email given ' . $_POST['domain']);
if (!($_email = $_POST['email'] ?? null)) {
$log->lwrite('no email given ' . $_domain);
die('no email given');
}
if (!$_POST['domain']) {
$log->lwrite('no domain given ' . $_POST['domain']);
die('no pod domain given');
}
if (!$_POST['url']) {
$log->lwrite('no api given ' . $_POST['domain']);
if (!$_url) {
$log->lwrite('no api given ' . $_domain);
die('no API key for your stats');
}
if (strlen($_POST['url']) < 14) {
$log->lwrite('api key too short ' . $_POST['domain']);
if (strlen($_url) < 14) {
$log->lwrite('api key too short ' . $_domain);
die('API key bad needs to be like m58978-80abdb799f6ccf15e3e3787ee');
}
......@@ -31,24 +30,24 @@ require_once __DIR__ . '/../config.php';
$dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
$dbh || die('Error in connection: ' . pg_last_error());
$sql = 'SELECT domain,pingdomurl FROM pods';
$sql = 'SELECT domain, pingdomurl FROM pods';
$result = pg_query($dbh, $sql);
$result || die('Error in SQL query: ' . pg_last_error());
while ($row = pg_fetch_array($result)) {
if ($row['domain'] == $_POST['domain']) {
$log->lwrite('domain already exists ' . $_POST['domain']);
if ($row['domain'] === $_domain) {
$log->lwrite('domain already exists ' . $_domain);
die('domain already exists');
}
if ($row['pingdomurl'] == $_POST['url']) {
$log->lwrite('API key already exists ' . $_POST['domain']);
if ($row['pingdomurl'] === $_url) {
$log->lwrite('API key already exists ' . $_domain);
die('API key already exists');
}
}
//curl the header of pod with and without https
$chss = curl_init();
curl_setopt($chss, CURLOPT_URL, 'https://' . $_POST['domain'] . '/nodeinfo/1.0');
curl_setopt($chss, CURLOPT_URL, 'https://' . $_domain . '/nodeinfo/1.0');
curl_setopt($chss, CURLOPT_POST, 0);
curl_setopt($chss, CURLOPT_HEADER, 0);
curl_setopt($chss, CURLOPT_CONNECTTIMEOUT, 5);
......@@ -58,7 +57,7 @@ $outputssl = curl_exec($chss);
curl_close($chss);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://' . $_POST['domain'] . '/nodeinfo/1.0');
curl_setopt($ch, CURLOPT_URL, 'http://' . $_domain . '/nodeinfo/1.0');
curl_setopt($ch, CURLOPT_POST, 0);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
......@@ -67,32 +66,33 @@ curl_setopt($ch, CURLOPT_NOBODY, 0);
$output = curl_exec($ch);
curl_close($ch);
$valid = false;
if (stristr($outputssl, 'nodeName')) {
$log->lwrite('Your pod has ssl and is valid ' . $_POST['domain']);
$log->lwrite('Your pod has ssl and is valid ' . $_domain);
echo 'Your pod has ssl and is valid<br>';
$valid = 1;
$valid = true;
}
if (stristr($output, 'nodeName')) {
$log->lwrite('Your pod does not have ssl but is a valid pod ' . $_POST['domain']);
$log->lwrite('Your pod does not have ssl but is a valid pod ' . $_domain);
echo 'Your pod does not have ssl but is a valid pod<br>';
$valid = 1;
$valid = true;
}
if ($valid == '1') {
$sql = "INSERT INTO pods (domain, pingdomurl, email) VALUES($1, $2, $3)";
$result = pg_query_params($dbh, $sql, [$_POST['domain'], $_POST['url'], $_POST['email']]);
if ($valid) {
$sql = 'INSERT INTO pods (domain, pingdomurl, email) VALUES ($1, $2, $3)';
$result = pg_query_params($dbh, $sql, [$_domain, $_url, $_email]);
$result || die('Error in SQL query: ' . pg_last_error());
$to = $adminemail;
$cc = $_POST['email'];
$cc = $_email;
$subject = 'New pod added to podupti.me ';
$message = sprintf(
"%1\$s\n\nStats Url: %2\$s\n\nPod: %3\$s\n\n",
'https://podupti.me',
'https://api.uptimerobot.com/getMonitors?format=json&customUptimeRatio=7-30-60-90&apiKey=' . $_POST['url'],
'https://podupti.me/db/pull.php?debug=1&domain=' . $_POST['domain']
'https://api.uptimerobot.com/getMonitors?format=json&customUptimeRatio=7-30-60-90&apiKey=' . $_url,
'https://podupti.me/db/pull.php?debug=1&domain=' . $_domain
);
$message .= 'Your pod will not show right away, needs to pass a few checks, Give it a few hours!';
$headers = 'From: ' . $_POST['email'] . "\r\nReply-To: " . $_POST['email'] . "\r\nCc: " . $_POST['email'] . "\r\n";
$headers = 'From: ' . $_email . "\r\nReply-To: " . $_email . "\r\nCc: " . $_email . "\r\n";
@mail($to, $subject, $message, $headers);
echo 'Data successfully inserted! Your pod will be reviewed and live on the list in a few hours!';
......@@ -101,7 +101,7 @@ if ($valid == '1') {
pg_close($dbh);
} else {
$log->lwrite('Could not validate your pod on http or https, check your setup! ' . $_POST['domain']);
echo 'Could not validate your pod on http or https, check your setup!<br>Take a look at <a href="https://' . $_POST['domain'] . '/nodeinfo/1.0">your /nodeinfo</a>';
$log->lwrite('Could not validate your pod on http or https, check your setup! ' . $_domain);
echo 'Could not validate your pod on http or https, check your setup!<br>Take a look at <a href="https://' . $_domain . '/nodeinfo/1.0">your /nodeinfo</a>';
}
$log->lclose();
<?php
//Copyright (c) 2011, David Morley. This file is licensed under the Affero General Public License version 3 or later. See the COPYRIGHT file.
//this is just a single api for a pod for the android app to get data
// Required parameters.
($_url = $_GET['url'] ?? null) || die('no url given');
// Other parameters.
$_format = $_GET['format'] ?? '';
require_once __DIR__ . '/../config.php';
$dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
$dbh || die('Error in connection: ' . pg_last_error());
$sql = "SELECT id,domain,status,secure,score,userrating,adminrating,city,state,country,lat,long,ip,ipv6,pingdomurl,monthsmonitored,uptimelast7,responsetimelast7,local_posts,comment_counts,dateCreated,dateUpdated,dateLaststats,hidden FROM pods WHERE domain = $1";
$result = pg_query_params($dbh, $sql, [$_GET['url']]);
$sql = 'SELECT id,domain,status,secure,score,userrating,adminrating,city,state,country,lat,long,ip,ipv6,pingdomurl,monthsmonitored,uptimelast7,responsetimelast7,local_posts,comment_counts,dateCreated,dateUpdated,dateLaststats,hidden FROM pods WHERE domain = $1';
$result = pg_query_params($dbh, $sql, [$_url]);
$result || die('Error in SQL query: ' . pg_last_error());
while ($row = pg_fetch_array($result)) {
if ($_GET['format'] === 'json') {
if ($_format === 'json') {
echo json_encode($row);
} else {
echo 'Status: ' . $row['status'] . '<br>';
......
<?php
$_GET['domain'] || die('no pod domain given');
$_GET['token'] || die('no token given');
strlen($_GET['token']) > 6 || die('bad token');
// Required parameters.
($_domain = $_GET['domain'] ?? null) || die('no pod domain given');
($_token = $_GET['token'] ?? null) || die('no token given');
strlen($_token) > 6 || die('bad token');
$domain = $_GET['domain'];
// Other parameters.
$_save = $_GET['save'] ?? '';
$_delete = $_GET['delete'] ?? '';
$_weight = $_GET['weight'] ?? '';
$_email = $_GET['email'] ?? '';
$_oldemail = $_GET['oldemail'] ?? '';
$_pingdomurl = $_GET['pingdomurl'] ?? '';
require_once __DIR__ . '/../config.php';
$dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
$dbh || die('Error in connection: ' . pg_last_error());
$sql = "SELECT domain,email,token,tokenexpire,pingdomurl,weight FROM pods WHERE domain = '$domain'";
$result = pg_query($dbh, $sql);
$sql = 'SELECT domain,email,token,tokenexpire,pingdomurl,weight FROM pods WHERE domain = $1';
$result = pg_query_params($dbh, $sql, [$_domain]);
$result || die('Error in SQL query: ' . pg_last_error());
while ($row = pg_fetch_array($result)) {
if ($row['token'] <> $_GET['token']) {
die('token not a match');
}
if ($row['tokenexpire'] < date('Y-m-d H:i:s', time())) {
die('token expired');
}
$row['token'] === $_token || die('token not a match');
$row['tokenexpire'] >= date('Y-m-d H:i:s', time()) || die('token expired');
//delete pod
if ($_GET['delete'] == $row['token']) {
$sql = "DELETE FROM pods WHERE domain = $1";
$result = pg_query_params($dbh, $sql, [$_GET['domain']]);
if (!$result) {
die('Error in SQL query: ' . pg_last_error());
} else {
echo 'pod removed from DB';
}
if ($_delete === $row['token']) {
$sql = 'DELETE FROM pods WHERE domain = $1';
$result = pg_query_params($dbh, $sql, [$_domain]);
$result || die('Error in SQL query: ' . pg_last_error());
die('pod removed from DB');
}
//save and exit
if ($_GET['save'] == $row['token']) {
if ($_GET['weight'] > 10) {
die('10 is max weight');
}
$sql = "UPDATE pods SET email=$1, pingdomurl=$2, weight=$3 WHERE domain = $4";
$result = pg_query_params($dbh, $sql, [$_GET['email'], $_GET['pingdomurl'], $_GET['weight'], $_GET['domain']]);
if ($_save === $row['token']) {
$_weight <= 10 || die('10 is max weight');
$sql = 'UPDATE pods SET email = $1, pingdomurl = $2, weight = $3 WHERE domain = $4';
$result = pg_query_params($dbh, $sql, [$_email, $_pingdomurl, $_weight, $_domain]);
if (!$result) {
die('Error in SQL query: ' . pg_last_error());
}
$to = $_GET['email'];
$to = $_email;
$subject = 'Edit notice from poduptime ';
$message = 'Data for ' . $_GET['domain'] . " Updated. If it was not you reply and let me know! \n\n";
$headers = "From: support@diasp.org\r\nCc:support@diasp.org," . $_GET['oldemail'] . "\r\n";
$message = 'Data for ' . $_domain . " Updated. If it was not you reply and let me know! \n\n";
$headers = "From: support@diasp.org\r\nCc:support@diasp.org," . $_oldemail . "\r\n";
@mail($to, $subject, $message, $headers);
pg_free_result($result);
pg_close($dbh);
......@@ -52,12 +54,12 @@ while ($row = pg_fetch_array($result)) {
}
//form
echo 'Authorized to edit <b>' . $domain . '</b> until ' . $row['tokenexpire'] . '<br>';
echo 'Authorized to edit <b>' . $_domain . '</b> until ' . $row['tokenexpire'] . '<br>';
echo '<form action="" method="get">';
echo '<input type="hidden" name="oldemail" value="' . $row['email'] . '">';
echo '<input type="hidden" name="save" value="' . $_GET['token'] . '">';
echo '<input type="hidden" name="token" value="' . $_GET['token'] . '">';
echo '<input type="hidden" name="domain" value="' . $_GET['domain'] . '">';
echo '<input type="hidden" name="save" value="' . $_token . '">';
echo '<input type="hidden" name="token" value="' . $_token . '">';
echo '<input type="hidden" name="domain" value="' . $_domain . '">';
echo 'Stats Key <input type="text" size="50" name="pingdomurl" value="' . $row['pingdomurl'] . '"">Uptimerobot API key for this monitor<br>';
echo 'Email <input type="text" size="20" name="email" value="' . $row['email'] . '"><br>';
echo 'Weight <input type="text" size="2" name="weight" value="' . $row['weight'] . '"> This lets you weight your pod lower on the list if you have too much trafic coming in, 10 is the norm use lower to move down the list.<br>';
......@@ -65,9 +67,9 @@ while ($row = pg_fetch_array($result)) {
echo '</form><br><br><br>';
echo '<form action="" method="get">';
echo '<input type="hidden" name="delete" value="' . $_GET['token'] . '">';
echo '<input type="hidden" name="token" value="' . $_GET['token'] . '">';
echo '<input type="hidden" name="domain" value="' . $_GET['domain'] . '">';
echo '<input type="hidden" name="delete" value="' . $_token . '">';
echo '<input type="hidden" name="token" value="' . $_token . '">';
echo '<input type="hidden" name="domain" value="' . $_domain . '">';
echo 'WARNING: This can not be undone, you will need to add your pod again if you want back on list: <input type="submit" name="submit" value="delete">';
echo '</form><br><br><br>';
}
<?php
$systemTimeZone = system('date +%Z');
if (!$_POST['domain']) {
die('no pod domain given');
}
$domain = $_POST['domain'];
// Required parameters.
($_domain = $_POST['domain'] ?? null) || die('no pod domain given');
// Other parameters.
$_email = $_POST['email'] ?? '';
require_once __DIR__ . '/../config.php';
$dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
$dbh || die('Error in connection: ' . pg_last_error());
$sql = "SELECT email FROM pods WHERE domain = '$domain'";
$result = pg_query($dbh, $sql);
$sql = 'SELECT email FROM pods WHERE domain = $1';
$result = pg_query_params($dbh, $sql, [$_domain]);
$result || die('Error in SQL query: ' . pg_last_error());
$rows = pg_num_rows($result);
if ($rows <= 0) {
die('domain not found');
}
$rows > 0 || die('domain not found');
while ($row = pg_fetch_array($result)) {
if ($_POST['email']) {
if ($row['email'] <> $_POST['email']) {
die('email not a match');
}
$uuid = md5(uniqid($domain, true));
if ($_email) {
$row['email'] === $_email || die('email not a match');
$uuid = md5(uniqid($_domain, true));
$expire = date('Y-m-d H:i:s', time() + 2700);
$sql = "UPDATE pods SET token=$1, tokenexpire=$2 WHERE domain = '$domain'";
$result = pg_query_params($dbh, $sql, [$uuid, $expire]);
if (!$result) {
die('Error in SQL query: ' . pg_last_error());
}
$to = $_POST['email'];
$sql = 'UPDATE pods SET token = $1, tokenexpire = $2 WHERE domain = $3';
$result = pg_query_params($dbh, $sql, [$uuid, $expire, $_domain]);
$result || die('Error in SQL query: ' . pg_last_error());
$to = $_email;
$subject = 'Temporary edit key for podupti.me';
$message = 'Link: https://podupti.me/db/edit.php?domain=' . $_POST['domain'] . '&token=' . $uuid . ' Expires: ' . $expire . ' ' . $systemTimeZone . "\n\n";
$message = 'Link: https://podupti.me/db/edit.php?domain=' . $_domain . '&token=' . $uuid . ' Expires: ' . $expire . ' ' . $systemTimeZone . "\n\n";
$headers = "From: support@diasp.org\r\nBcc: support@diasp.org\r\n";
@mail($to, $subject, $message, $headers);
echo 'Link sent to your email';
} elseif (!$_POST['email']) {
$uuid = md5(uniqid($domain, true));
} else {
$uuid = md5(uniqid($_domain, true));
$expire = date('Y-m-d H:i:s', time() + 9700);
$sql = "UPDATE pods SET token=$1, tokenexpire=$2 WHERE domain = '$domain'";
$result = pg_query_params($dbh, $sql, [$uuid, $expire]);
if (!$result) {
die('Error in SQL query: ' . pg_last_error());
}
$sql = 'UPDATE pods SET token = $1, tokenexpire = $2 WHERE domain = $3';
$result = pg_query_params($dbh, $sql, [$uuid, $expire, $_domain]);
$result || die('Error in SQL query: ' . pg_last_error());
$to = 'support@diasp.org';
$subject = 'FORWARD REQUEST: Temporary edit key for podupti.me';
$message = 'User trying to edit pod without email address. Email found: ' . $row['email'] . ' Link: https://podupti.me/db/edit.php?domain=' . $_POST['domain'] . '&token=' . $uuid . ' Expires: ' . $expire . ' ' . $systemTimeZone . "\n\n";
$message = 'User trying to edit pod without email address. Email found: ' . $row['email'] . ' Link: https://podupti.me/db/edit.php?domain=' . $_domain . '&token=' . $uuid . ' Expires: ' . $expire . ' ' . $systemTimeZone . "\n\n";
$headers = "From: support@diasp.org\r\nBcc: support@diasp.org\r\n";
@mail($to, $subject, $message, $headers);
echo 'Link sent to administrator to review and verify, if approved they will forward the edit key to you.';
}
pg_free_result($result);
pg_close($dbh);
}
pg_close($dbh);
<?php
if (!$_POST['domain']) {
die('no pod domain given');
}
if (!$_POST['adminkey']) {
die('no token given');
}
if (!$_POST['action']) {
die('no action selected');
}
$domain = $_POST['domain'];
// Required parameters.
($_domain = $_POST['domain'] ?? null) || die('no pod domain given');
($_adminkey = $_POST['adminkey'] ?? null) || die('no token given');
($_action = $_POST['action'] ?? null) || die('no action selected');
// Other parameters.
$_comments = $_POST['comments'] ?? '';
require_once __DIR__ . '/../config.php';
$dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
$dbh || die('Error in connection: ' . pg_last_error());
$sql = "SELECT email FROM pods WHERE domain = '$domain'";
$result = pg_query($dbh, $sql);
$sql = 'SELECT email FROM pods WHERE domain = $1';
$result = pg_query_params($dbh, $sql, [$_domain]);
$result || die('one Error in SQL query: ' . pg_last_error());
while ($row = pg_fetch_array($result)) {
if ($adminkey <> $_POST['adminkey']) {
die('admin key fail');
}
$adminkey === $_adminkey || die('admin key fail');
//save and exit
if ($_POST['action'] == 'delete') {
$sql = "DELETE from pods WHERE domain = $1";
$result = pg_query_params($dbh, $sql, [$domain]);
if (!$result) {
die('two Error in SQL query: ' . pg_last_error());
}
if ($_action === 'delete') {
$sql = 'DELETE FROM pods WHERE domain = $1';
$result = pg_query_params($dbh, $sql, [$_domain]);
$result || die('two Error in SQL query: ' . pg_last_error());
if ($row['email']) {
$to = $row['email'];
$subject = 'Pod deleted from poduptime ';
$message = 'Pod ' . $_POST['domain'] . ' was deleted from podupti.me as it was dead on the list. ' . $_POST['comments'] . " Feel free to add back at any time. \n\n";
$message = 'Pod ' . $_domain . ' was deleted from podupti.me as it was dead on the list. ' . $_comments . " Feel free to add back at any time. \n\n";
$headers = "From: support@diasp.org\r\nCc:support@diasp.org," . $row['email'] . "\r\n";
@mail($to, $subject, $message, $headers);
}
pg_free_result($result);
pg_close($dbh);
} elseif ($_POST['action'] == 'warn') {
} elseif ($_action === 'warn') {
if ($row['email']) {
$to = $row['email'];
$subject = 'Pod removal warning from poduptime ';
$message = 'Pod ' . $_POST['domain'] . ' is on the list to be deleted now because: ' . $_POST['comments'] . ". \n\n Please let me know if you need help fixing before it is removed. \n\n";
$message = 'Pod ' . $_domain . ' is on the list to be deleted now because: ' . $_comments . ". \n\n Please let me know if you need help fixing before it is removed. \n\n";
$headers = "From: support@diasp.org\r\nCc:support@diasp.org," . $row['email'] . "\r\n";
@mail($to, $subject, $message, $headers);
}
}
echo $result;
}
pg_close($dbh);
<?php
$debug = isset($_GET['debug']) ? 1 : 0;
$debug = 1;
//$debug = isset($_GET['debug']);
$debug = true;
//$debug = isset($argv[1])?1:0;
//* Copyright (c) 2011, David Morley. This file is licensed under the Affero General Public License version 3 or later. See the COPYRIGHT file. */
// Other parameters.
$_domain = $_GET['domain'] ?? '';
require_once __DIR__ . '/../config.php';
//get master code version for diaspora pods
......@@ -36,18 +40,16 @@ $fmasterversion = trim($version[1], '"');
if ($debug) {
echo 'Frendica Masterversion: ' . $fmasterversion . '<br>';
}
$dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
$dbh2 = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
$dbh || die('Error in connection: ' . pg_last_error());
$dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
$dbh || die('Error in connection: ' . pg_last_error());
//foreach pod check it and update db
$domain = isset($_GET['domain']) ? $_GET['domain'] : null;
if ($domain) {
$sql = "SELECT domain,pingdomurl,score,datecreated,weight FROM pods WHERE domain = $1";
if ($_domain) {
$sql = 'SELECT domain,pingdomurl,score,datecreated,weight FROM pods WHERE domain = $1';
$sleep = '0';
$result = pg_query_params($dbh, $sql, [$domain]);
} elseif (PHP_SAPI === "cli") {
$result = pg_query_params($dbh, $sql, [$_domain]);
} elseif (PHP_SAPI === 'cli') {
$sql = 'SELECT domain,pingdomurl,score,datecreated,adminrating,weight FROM pods';
$sleep = '1';
$result = pg_query($dbh, $sql);
......@@ -58,11 +60,11 @@ $result || die('Error in SQL query1: ' . pg_last_error());
while ($row = pg_fetch_all($result)) {
$numrows = pg_num_rows($result);
for ($i = 0; $i < $numrows; $i ++) {
for ($i = 0; $i < $numrows; $i++) {
$domain = $row[$i]['domain'];
$score = $row[$i]['score'];
$score = (int) $row[$i]['score'];
$dateadded = $row[$i]['datecreated'];
$admindb = $row[$i]['adminrating'];
$admindb = (int) $row[$i]['adminrating'];
$weight = $row[$i]['weight'];
//get ratings
$userrate = 0;
......@@ -71,7 +73,7 @@ while ($row = pg_fetch_all($result)) {
$adminratingavg = [];
$userrating = [];
$adminrating = [];
$sqlforr = "SELECT * FROM rating_comments WHERE domain = $1";
$sqlforr = 'SELECT * FROM rating_comments WHERE domain = $1';
$ratings = pg_query_params($dbh, $sqlforr, [$domain]);
$ratings || die('Error in SQL query2: ' . pg_last_error());
......@@ -126,12 +128,13 @@ while ($row = pg_fetch_all($result)) {
unset($service_twitter);
unset($service_tumblr);
unset($service_wordpess);
unset($service_xmpp);
unset($dver);
unset($dverr);
unset($xdver);
unset($xmpp);
unset($softwarename);
unset($outputsslerror);
$chss = curl_init();
curl_setopt($chss, CURLOPT_URL, 'https://' . $domain . '/nodeinfo/1.0');
curl_setopt($chss, CURLOPT_POST, 0);
......@@ -184,7 +187,7 @@ while ($row = pg_fetch_all($result)) {
if ($jsonssl->openRegistrations === true) {
$registrations_open = 1;
}
$xdver = isset($jsonssl->software->version) ? $jsonssl->software->version : 0;
$xdver = $jsonssl->software->version ?? 0;
$dverr = explode('-', trim($xdver));
$dver = $dverr[0];
if ($debug) {
......@@ -193,38 +196,18 @@ while ($row = pg_fetch_all($result)) {
if (!$dver) {
$score = $score - 2;
}
$softwarename = isset($jsonssl->software->name) ? $jsonssl->software->name : 'null';
$name = isset($jsonssl->metadata->nodeName) ? $jsonssl->metadata->nodeName : 'null';
$total_users = isset($jsonssl->usage->users->total) ? $jsonssl->usage->users->total : 0;
$active_users_halfyear = isset($jsonssl->usage->users->activeHalfyear) ? $jsonssl->usage->users->activeHalfyear : 0;
$active_users_monthly = isset($jsonssl->usage->users->activeMonth) ? $jsonssl->usage->users->activeMonth : 0;
$local_posts = isset($jsonssl->usage->localPosts) ? $jsonssl->usage->localPosts : 0;
$comment_counts = isset($jsonssl->usage->localComments) ? $jsonssl->usage->localComments : 0;
if (array_search('facebook', $jsonssl->services->outbound) !== false) {
$service_facebook = 'true';
} else {
$service_facebook = 'false';
}
if (array_search('twitter', $jsonssl->services->outbound) !== false) {
$service_twitter = 'true';
} else {
$service_twitter = 'false';
}
if (array_search('tumblr', $jsonssl->services->outbound) !== false) {
$service_tumblr = 'true';
} else {
$service_tumblr = 'false';
}
if (array_search('wordpress', $jsonssl->services->outbound) !== false) {
$service_wordpress = 'true';
} else {
$service_wordpress = 'false';
}
if ($jsonssl->metadata->xmppChat === true) {
$xmpp = 'true';
} else {
$xmpp = 'false';
}
$softwarename = $jsonssl->software->name ?? 'null';
$name = $jsonssl->metadata->nodeName ?? 'null';
$total_users = $jsonssl->usage->users->total ?? 0;
$active_users_halfyear = $jsonssl->usage->users->activeHalfyear ?? 0;
$active_users_monthly = $jsonssl->usage->users->activeMonth ?? 0;
$local_posts = $jsonssl->usage->localPosts ?? 0;
$comment_counts = $jsonssl->usage->localComments ?? 0;
$service_facebook = in_array('facebook', $jsonssl->services->outbound, true) ? 'true' : 'false';
$service_twitter = in_array('twitter', $jsonssl->services->outbound, true) ? 'true' : 'false';
$service_tumblr = in_array('tumblr', $jsonssl->services->outbound, true) ? 'true' : 'false';
$service_wordpress = in_array('wordpress', $jsonssl->services->outbound, true) ? 'true' : 'false';
$service_xmpp = $jsonssl->metadata->xmppChat === true ? 'true' : 'false';
} else {
$secure = 'false';
$score = $score - 1;
......@@ -397,13 +380,13 @@ while ($row = pg_fetch_all($result)) {
//sql it
$timenow = date('Y-m-d H:i:s');
$sql = "UPDATE pods SET Hgitdate=$1, Hencoding=$2, secure=$3, hidden=$4, Hruntime=$5, Hgitref=$6, ip=$7, ipv6=$8, monthsmonitored=$9,
uptimelast7=$10, status=$11, dateLaststats=$12, dateUpdated=$13, responsetimelast7=$14, score=$15, adminrating=$16, country=$17, city=$18,
state=$19, lat=$20, long=$21, postalcode='', connection=$22, whois=$23, userrating=$24, longversion=$25, shortversion=$26,
masterversion=$27, signup=$28, total_users=$29, active_users_halfyear=$30, active_users_monthly=$31, local_posts=$32, name=$33,
comment_counts=$35, service_facebook=$36, service_tumblr=$37, service_twitter=$38, service_wordpress=$39, weightedscore=$40, xmpp=$41, softwarename=$42, sslvalid=$43
WHERE domain=$34";
$result = pg_query_params($dbh, $sql, [$gitdate, $encoding, $secure, $hidden, $runtime, $gitrev, $ipnum, $ipv6, $months, $uptime, $live, $pingdomdate, $timenow, $responsetime, $score, $adminrating, $country, $city, $state, $lat, $long, $dver, $whois, $userrating, $xdver, $dver, $masterversion, $signup, $total_users, $active_users_halfyear, $active_users_monthly, $local_posts, $name, $domain, $comment_counts, $service_facebook, $service_tumblr, $service_twitter, $service_wordpress, $weightedscore, $xmpp, $softwarename, $outputsslerror]);
$sql = 'UPDATE pods SET Hgitdate = $1, Hencoding = $2, secure = $3, hidden = $4, Hruntime = $5, Hgitref = $6, ip = $7, ipv6 = $8, monthsmonitored = $9,
uptimelast7 = $10, status = $11, dateLaststats = $12, dateUpdated = $13, responsetimelast7 = $14, score = $15, adminrating = $16, country = $17, city = $18,
state = $19, lat = $20, long = $21, postalcode=\'\', connection = $22, whois = $23, userrating = $24, longversion = $25, shortversion = $26,
masterversion = $27, signup = $28, total_users = $29, active_users_halfyear = $30, active_users_monthly = $31, local_posts = $32, name = $33,
comment_counts = $35, service_facebook = $36, service_tumblr = $37, service_twitter = $38, service_wordpress = $39, weightedscore = $40, xmpp = $41, softwarename = $42, sslvalid = $43
WHERE domain = $34';
$result = pg_query_params($dbh, $sql, [$gitdate, $encoding, $secure, $hidden, $runtime, $gitrev, $ipnum, $ipv6, $months, $uptime, $live, $pingdomdate, $timenow, $responsetime, $score, $adminrating, $country, $city, $state, $lat, $long, $dver, $whois, $userrating, $xdver, $dver, $masterversion, $signup, $total_users, $active_users_halfyear, $active_users_monthly, $local_posts, $name, $domain, $comment_counts, $service_facebook, $service_tumblr, $service_twitter, $service_wordpress, $weightedscore, $service_xmpp, $softwarename, $outputsslerror]);
$result || die('Error in SQL query3: ' . pg_last_error());
if ($debug) {
......
<?php
$_POST['username'] || die('no username given');
$_POST['userurl'] || die('no userurl given');
$_POST['domain'] || die('no pod domain given');
$_POST['comment'] || die('no comment');
$_POST['rating'] || die('no rating given');
// Required parameters.
($_username = $_POST['username'] ?? null) || die('no username given');
($_userurl = $_POST['userurl'] ?? null) || die('no userurl given');
($_domain = $_POST['domain'] ?? null) || die('no pod domain given');
($_comment = $_POST['comment'] ?? null) || die('no comment');
($_rating = $_POST['rating'] ?? null) || die('no rating given');
// Other parameters.
$_email = $_POST['email'] ?? '';
require_once __DIR__ . '/../config.php';
$dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
$dbh || die('Error in connection: ' . pg_last_error());
$sql = "INSERT INTO rating_comments (domain, comment, rating, username, userurl) VALUES($1, $2, $3, $4, $5)";
$result = pg_query_params($dbh, $sql, [$_POST['domain'], $_POST['comment'], $_POST['rating'], $_POST['username'], $_POST['userurl']]);
$sql = 'INSERT INTO rating_comments (domain, comment, rating, username, userurl) VALUES($1, $2, $3, $4, $5)';
$result = pg_query_params($dbh, $sql, [$_domain, $_comment, $_rating, $_username, $_userurl]);
$result || die('Error in SQL query: ' . pg_last_error());
$to = $adminemail;
$subject = 'New rating added to poduptime ';
$message = 'Pod:' . $_POST['domain'] . $_POST['domain'] . $_POST['username'] . $_POST['userurl'] . $_POST['comment'] . $_POST['rating'] . "\n\n";
$headers = 'From: ' . $_POST['email'] . "\r\n";
$message = 'Pod:' . $_domain . $_domain . $_username . $_userurl . $_comment . $_rating . "\n\n";
$headers = 'From: ' . $_email . "\r\n";
@mail($to, $subject, $message, $headers);
echo 'Comment posted!';
pg_free_result($result);
pg_close($dbh);
<?php
// Other parameters.
$_url = $_GET['url'] ?? '';
require_once __DIR__ . '/config.php';
$dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
$dbh || die('Error in connection: ' . pg_last_error());
$url = $_GET['url'];
if ($url) {
$host = parse_url($url, PHP_URL_HOST);
$sql = "SELECT domain FROM pods WHERE domain LIKE '$host'";
$result = pg_query($dbh, $sql);
if ($_url) {
$host = parse_url($_url, PHP_URL_HOST);
$sql = 'SELECT domain FROM pods WHERE domain LIKE $1';