Skip to content

R
retypos-webclient
You need to sign in or sign up before continuing.
Commit 151ee5b8 authored by Vladislav Bolshakov's avatar Vladislav Bolshakov
Browse files
Options

barbass: рефакторинг серверной части

parent a044c95d
Hide whitespace changes
Inline Side-by-side
Showing with 312 additions and 161 deletions
configuration.php.orig
View file @ 151ee5b8
<?php
$db_name = 'DB';
$db_host = 'HOST';
$db_user = 'USER';
$db_pass = 'PASS';
//Database
define('DB_DRIVER', 'mysql');
define('DB_HOSTNAME', 'localhost');
define('DB_USERNAME', 'barbass');
define('DB_PASSWORD', 'pass');
define('DB_DATABASE', 'barbass_typos_new');
//Support languages
define('DEFAULT_LANGUAGE', 'ru');
$LANGUAGES = array('ru');
//Минимальное время между запросами пользователя (секунды)
define('MIN_TIME', 60);
define('EMAIL', "typos@etersoft.ru");
?>
functions.php 0 → 100644
View file @ 151ee5b8
<?php
/*************************************
* Вспомогательные функции:
* - работа с письмами
* - работа с данными сессии
* - получение REQUEST-данных
* - проверка ip и header-ов пользователя
* - валидация данных
* - вывод текста в json-формате
* - работа с url-ми
*************************************/
/*Отправка email-ов*/
function sendMail($subject,$body, $to, $from_email, $from_name, $type = 'plain') {
$headers = "X-PHP-Script: ".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]." for ".$_SERVER['SERVER_ADDR']."\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Return-path: <".$from_email.">\r\n";
$headers .= "Content-type: text/".$type."; format=flowed; charset=utf-8; reply-type=original\r\n";
$headers .= "Content-Transfer-Encoding: 8bit\r\n";
$headers .= "X-Priority: 3\r\n";
$headers .= "X-MSMail-Priority: Normal\r\n";
$headers .= "X-Mailer: Automatic PHP Script\r\n";
$headers .= "From:".$from_name."<".$from_email.">\r\n";
if (mail($to, $subject, $body, $headers)) {
return true;
} else {
return false;
}
}
/*Формирование списка кому отправлять email-ы*/
function toEmail($data) {
$to = "";
$count = count($data);
for ($i = 0; $i < $count; $i++) {
$to .= $data[$i]['email'];
if ($i < ($count - 1)) {
$to .= ",";
}
}
return $to;
}
/*Проверяем хэдеры на "человечость"*/
function checkHeader() {
if ( empty($_SERVER['HTTP_ACCEPT']) ||
empty($_SERVER['HTTP_ACCEPT_ENCODING']) ||
empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) ||
empty($_SERVER['HTTP_CONNECTION'])
) {
return false;
}
return true;
}
/*Получаем ip*/
function getIp() {
$ip = '';
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} elseif (!empty($_SERVER['REMOTE_ADDR'])) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
return false;
}
return $ip;
}
/*Выводим массив в json-формате*/
function echoJsonData($data) {
global $oldbrowser;
if ($oldbrowser == 1) {
echo " <script type='text/javascript'>window.close();</script>";
} else {
echo json_encode($data);
}
return true;
}
/*Устанавливаем данные в сессию*/
function setSession($key, $value) {
$_SESSION[strval($key)] = serialize($value);
}
//Получаем данные из сессии
function getSession($key) {
return (isset($_SESSION[strval($key)])) ? unserialize($_SESSION[strval($key)]) : false;
}
/*Получаем request-данные*/
function getRequest($key = '', $return = false) {
return (isset($_REQUEST[$key])) ? trim($_REQUEST[$key]) : $return;
}
/*Проверка данных*/
function validate() {
global $error, $code_language, $_language;
if (!checkHeader() && !getIp()) {
$error = $_language[$code_language]["error_header"];
return false;
}
if (strlen(rawurldecode(getRequest('url', ''))) <= 0) {
$error = $_language[$code_language]["error_url"];
return false;
}
if (!checkUrl(getRequest('url', ''))) {
$error = $_language[$code_language]["error_valid_url"];
return false;
}
if (strlen(getRequest('text', '')) < 5 || strlen(getRequest('text', '')) > 30) {
$error = sprintf($_language[$code_language]["error_text"], 5, 30, strlen(getRequest('text', '')));
return false;
}
if (strlen(getRequest('comment', '')) > 30) {
$_language['ru']['error_comment'] = sprintf($_language[$code_language]["error_text"], 30, strlen(getRequest('text', '')));
return false;
}
return true;
}
/*Проверка url-а*/
function checkUrl($url = '') {
//удаление опасных сиволов
$url = trim(preg_replace("/[^\x20-\xFF]/","",@strval($url)));
//проверяем УРЛ на правильность
if (!preg_match("~^(?:(?:https?|ftp|telnet)://(?:[a-z0-9_-]{1,32}".
"(?::[a-z0-9_-]{1,32})?@)?)?(?:(?:[a-z0-9-]{1,128}\.)+(?:com|net|".
"org|mil|edu|arpa|gov|biz|info|aero|inc|name|[a-z]{2})|(?!0)(?:(?".
"!0[^.]|255)[0-9]{1,3}\.){3}(?!0|255)[0-9]{1,3})(?:/[a-z0-9.,_@%&".
"?+=\~/-]*)?(?:#[^ '\"&<>]*)?$~i", $url)) {
return false;
}
return true;
}
function getFormatingUrl($url) {
//удаление опасных сиволов
$url = trim(preg_replace("/[^\x20-\xFF]/","",@strval($url)));
//если нет протокола - добавляет http://
if (!strstr($url,"://")) {
$url = "http://".$url;
}
//заменить протокол на нижний регистр: hTtP -> http
$url = preg_replace("~^[a-z]+~ie","strtolower('\\0')", $url);
return $url;
}
?>
language.php 0 → 100644
View file @ 151ee5b8
<?php
/*Языковые сообщения*/
//Error
$_language['ru']['error_time_activity'] = "Вы слишком часто отправляете данные";
$_language['ru']['error_connect_database'] = "Ошибка при подключении к базе данных";
$_language['ru']['error_database'] = "Ошибка при работе с базой данных";
$_language['ru']['error_header'] = "Отсутствуют ip или заголовки ответа";
$_language['ru']['error_url'] = "Отсутствует url сайта";
$_language['ru']['error_valid_url'] = "Не верный формат url-а сайта";
$_language['ru']['error_text'] = "Длина текста должна быть от %s до %s символов (сейчас: %s)";
$_language['ru']['error_comment'] = "Длина комментария должна быть до %s символов (сейчас: %s) ";
$_language['ru']['error_support_site'] = "Сайт не поддерживается";
//Success
$_language['ru']['text_success'] = "Данные сохранены. Спасибо за внимание!";
//Mail
$_language['ru']['mail_subject'] = "Сообщение об опечатке";
$_language['ru']['mail_from'] = "Служба опечаток Etersoft";
$_language['ru']['mail_error'] = "Ошибка при отправлении письма";
$_language['ru']['mail_site'] = "Сайт:";
$_language['ru']['mail_url'] = "Ссылка:";
$_language['ru']['mail_click_url'] = "нажмите:";
$_language['ru']['mail_comment'] = "Комментарий:";
$_language['ru']['mail_text'] = "Текст с опечаткой:";
?>
server.php
View file @ 151ee5b8
<?php
/* Цель: Скрипт обработки опечаток
* @автор: barbass@
* @дата: 2012-04-24
* автор: barbass@
* дата: 2012-04-24
*/
header('Access-Control-Allow-Origin: *');
require_once('configuration.php');
require_once('functions.php');
require_once('language.php');
try {
$DBH = new PDO("mysql:host=$db_host;dbname=$db_name", $db_user, $db_pass, array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES \'UTF8\''));
} catch (PDOException $e) {
$ajax_mess = "10servererror";
print_text($ajax_mess);
/*Начинаем сессию*/
if (!session_id()) {
session_start();
}
////////////////////////////////////////////////////////////////////////
//Проверка данных
if (check_header() === 0 || get_ip() === 0) {
$ajax_mess = "10robot";
print_text($ajax_mess);
/*Определяем переменные*/
$error = '';
$userdata = array(
'url' => '',
'text' => '',
'comment' => '',
'old_browser' => 0
);
$code_language = DEFAULT_LANGUAGE;
/*Определяем какой язык использовать (или же оставляем по-умолчанию)*/
if (in_array(getRequest('language', 'ru'), $LANGUAGES)) {
$code_language = getRequest('language', 'ru');
}
if (!isset($_REQUEST['e_typos_url']) || !isset($_REQUEST['e_typos_error_text'])) {
$ajax_mess = "10dataerror";
print_text($ajax_mess);
}
if (!isset($_REQUEST['e_typos_comment'])) {
$comment = '';
} else {
$comment = trim(htmlspecialchars(substr(rawurldecode($_REQUEST['e_typos_comment']), 0, 50)));
}
$url = trim(htmlspecialchars(substr($_REQUEST['e_typos_url'], 0, 300)));
$error_text = trim(htmlspecialchars(substr(rawurldecode($_REQUEST['e_typos_error_text']), 0, 30)));
if (!isset($_REQUEST['e_typos_oldbrowser'])) {
$oldbrowser = 0;
} else {
$oldbrowser = intval($_REQUEST['e_typos_oldbrowser']);
}
/*Если часто отправляет (более 1 раза в минуту)*/
setSession('last_activity', time());
$last_time_activity = getSession('last_activity');
if ($url == '' || $error_text == '' || strlen($error_text) < 5) {
$ajax_mess = "10dataerror";
print_text($ajax_mess);
if ($last_time_activity) {
if ((time() - $last_time_activity) <= MIN_TIME) {
echoJsonData(array('success' => 'false', 'message' => $_language[$code_language]['error_time_activity']));
return;
}
}
$mas_url = parse_url($url);
if (!isset($mas_url['host'])) {
$ajax_mess = "10dataerror";
print_text($ajax_mess);
}
/*Подключение к базе данных*/
try {
$DBH = new PDO(DB_DRIVER.":host=".DB_HOSTNAME.";dbname=".DB_DATABASE, DB_USERNAME, DB_PASSWORD, array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES \'UTF8\''));
} catch (PDOException $e) {
echoJsonData(array('success' => 'false', 'message' => $_language[$code_language]['error_connect_database']));
return false;
}
if (!validate()) {
echoJsonData(array('success' => 'false', 'message' => $error));
return false;
}
////////////////////////////////////////////////////////////////////////
$userdata['oldbrowser'] = getRequest('oldbrowser', 0);
$userdata['comment'] = htmlspecialchars(rawurldecode(getRequest('comment', '')));
$userdata['url'] = getFormatingUrl(rawurldecode(getRequest('url', '')));
$userdata['text'] = htmlspecialchars(rawurldecode(getRequest('text', '')));
/*Парсим сайт для получения коренного сайта*/
$mas_url = parse_url($userdata['url']);
if (!isset($mas_url['host'])) {
echoJsonData(array('success' => 'false', 'message' => $_language[$code_language]["error_valid_url"]));
return;
}
////////////////////////////////////////////////////////////////////////
//Достаем номер сайта ?нужно ли? и емайлы пользователей
try {
$query_emails = "SELECT r.id_site AS site, u.email AS email
/**********************************
* Основная часть работы:
* - получения данных по сайту
* - сохранение текста с ошибкой
* - отправка писем
**********************************/
/*Достаем номер сайта и email-ы пользователей*/
try {
$query_emails = "SELECT r.id_site AS id_site,
u.email AS email
FROM users AS u, responsible AS r
WHERE r.id IN (
WHERE r.id IN (
SELECT r.id
FROM responsible AS r
JOIN sites AS s
WHERE s.site = ?
AND r.id_site = s.id
AND r.status = '1')
AND r.id_user=u.id";
AND r.id_user = u.id";
$STH = $DBH->prepare($query_emails);
$STH->execute(array($mas_url["host"]));
if ($STH->rowCount() != 0) {
$i = 0;
while ($row = $STH->fetch(PDO::FETCH_ASSOC)) {
$email_users[$i]['site'] = $row['site'];
$email_users[$i]['email'] = $row['email'];
$i++;
if ($STH->rowCount() > 0) {
$email_users = array();
while ($row = $STH->fetch(PDO::FETCH_ASSOC)) {
$email_users[] = array(
'id_site' => $row['id_site'],
'email' => $row['email']
);
}
} else {
$email_users = 0;
} else {
$email_users = false;
}
} catch (PDOException $e) {
$ajax_mess = "10servererror";
print_text($ajax_mess);
}
if ($email_users !== 0) {
try {
$data = array('NULL', $email_users[0]['site'], $url, $error_text,$comment, 0);
} catch (PDOException $e) {
echoJsonData(array('success' => 'false', 'message' => $_language[$code_language]["error_support_site"]));
return;
}
/*Если активных пользователей за сайт нет, то возвращаем сообщение об ошибке*/
if ($email_users) {
try {
$data = array('NULL', $email_users[0]['id_site'], $userdata['url'], $userdata['text'], $userdata['comment'], 0);
$STH = $DBH->prepare("INSERT INTO messages (id, id_site, link, error_text, comment, datetime, status) VALUES (?, ?, ?, ?, ?, DATE_FORMAT(NOW(), '%Y-%m-%d %H:%i:%s'), ?)");
$STH->execute($data);
} catch (PDOException $e) {
$ajax_mess = "10inserterror";
print_text($ajax_mess);
}
if ($comment == '') {
$comment = 'Пользователь не оставил комментарий';
} catch (PDOException $e) {
echoJsonData(array('success' => 'false', 'message' => $_language[$code_language]['error_database']));
return;
}
$message_email = "<p>Сайт: ".$mas_url["host"]."</p>";
$message_email .= "<p>Ссылка: <a href=$url>нажмите</a>"." (".$url.")"."</p>";
$message_email .= "<p>Текст с опечаткой: ".$error_text."</p>";
$message_email .= "<p>Комментарий: ".$comment."</p>";
$message_email = "<p>".$_language[$code_language]['mail_site']." <a href=".$mas_url["scheme"]."://".$mas_url["host"].">".$mas_url["scheme"]."://".$mas_url["host"]."</a></p>";
$message_email .= "<p>".$_language[$code_language]['mail_url']." <a href=".htmlspecialchars($userdata['url']).">".$_language[$code_language]['mail_click_url']."</a>"." (".$userdata['url'].")"."</p>";
$message_email .= "<p>".$_language[$code_language]['mail_text']." ".htmlspecialchars($userdata['text'])."</p>";
$message_email .= "<p>".$_language[$code_language]['mail_comment']." ".htmlspecialchars($userdata['comment'])."</p>";
$subject = '=?utf-8?B?'.base64_encode("Сообщение об опечатке").'?=';
$subject = '=?utf-8?B?'.base64_encode($_language[$code_language]['mail_subject']).'?=';
$to = to_email($email_users);
/*FIXED какая почта?*/
$from_email = "typos@etersoft.ru";
$from_name = '=?utf-8?B?'.base64_encode("Служба опечаток Etersoft").'?=';
$result = sendmail($subject, $message_email, $to, $from_email, $from_name, 'html');
if ($result == 0) {
$ajax_mess = "10emailerror";
print_text($ajax_mess);
} else {
$ajax_mess = "10win";
print_text($ajax_mess);
}
} else {
$ajax_mess = "10siteerror";
print_text($ajax_mess);
}
////////////////////////////////////////////////////////////////////////
//Вспомогательные функции
//Отправка email-ов
function sendmail($subject,$body, $to, $from_email, $from_name, $type = 'plain') {
$headers = "X-PHP-Script: ".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]." for ".$_SERVER['SERVER_ADDR']."\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Return-path: <".$from_email.">\r\n";
$headers .= "Content-type: text/".$type."; format=flowed; charset=utf-8; reply-type=original\r\n";
$headers .= "Content-Transfer-Encoding: 8bit\r\n";
$headers .= "X-Priority: 3\r\n";
$headers .= "X-MSMail-Priority: Normal\r\n";
$headers .= "X-Mailer: Automatic PHP Script\r\n";
$headers .= "From:".$from_name."<".$from_email.">\r\n";
if (mail($to, $subject, $body, $headers)) {
return 1;
} else {
return 0;
}
}
//Формирование списка кому отправлять email-ы
function to_email($data) {
$to = "";
$count = count($data);
for ($i = 0; $i < $count; $i++) {
$to .= $data[$i]['email'];
if ($i < ($count - 1)) {
$to .= ",";
}
}
return $to;
}
$to = toEmail($email_users);
//Проверяем хэдеры на "человечость"
function check_header() {
if ( ($_SERVER['HTTP_ACCEPT'] == '') ||
($_SERVER['HTTP_ACCEPT_ENCODING'] == '') ||
($_SERVER['HTTP_ACCEPT_LANGUAGE'] == '') ||
($_SERVER['HTTP_CONNECTION'] == '')) {
return 0;
} else {
return 1;
}
}
$from_email = EMAIL;
$from_name = '=?utf-8?B?'.base64_encode($_language[$code_language]['mail_from']).'?=';
//Проверяем ip
function get_ip() {
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} elseif (!empty($_SERVER['REMOTE_ADDR'])) {
$ip = $_SERVER['REMOTE_ADDR'];
} else {
$ip = 0;
if(sendMail($subject, $message_email, $to, $from_email, $from_name, 'html')) {
echoJsonData(array('success' => 'true', 'message' => $_language[$code_language]['text_success']));
return;
} else {
echoJsonData(array('success' => 'false', 'message' => $_language[$code_language]['mail_error']));
return;
}
return $ip;
}
function print_text($text) {
global $oldbrowser;
echo $text;
if ($oldbrowser == 1) {
echo " <script type='text/javascript'>window.close();</script>";
}
exit;
} else {
echoJsonData(array('success' => 'false', 'message' => $_language[$code_language]['error_support_site']));
return;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment