diff options
Diffstat (limited to 'cgi/gb_newentry.cgi')
-rwxr-xr-x | cgi/gb_newentry.cgi | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/cgi/gb_newentry.cgi b/cgi/gb_newentry.cgi new file mode 100755 index 0000000..9e8c4dd --- /dev/null +++ b/cgi/gb_newentry.cgi @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +import os,sys,html,json,datetime +import urllib.parse,urllib.request + +if os.environ['SERVER_NAME']!='chrisoft.org': + import socks,socket + socks.set_default_proxy(socks.SOCKS5,"127.0.0.1",1080) + socket.socket=socks.socksocket + def getaddrinfo(*args): + return [(socket.AF_INET,socket.SOCK_STREAM,6,'',(args[0],args[1]))] + socket.getaddrinfo=getaddrinfo + +def fail(x=None): + print('Status: 400 Bad Request',end='\r\n') + print('Content-type: text/plain',end='\r\n') + print(end='\r\n') + print('400.') + if x is not None:print(x) + exit() + +if os.environ['REQUEST_METHOD']!='POST': + fail() +try: + f=json.load(sys.stdin) +except Exception: + fail() + +try: + mname=urllib.parse.unquote(f['mname'],encoding='utf-8') + mcontent=urllib.parse.unquote(f['mcontent'],encoding='utf-8') + mname=html.escape(mname) + mcontent=html.escape(mcontent).replace('\n','<br>') + mtime=datetime.datetime.now(tz=datetime.timezone(datetime.timedelta(hours=8))).strftime('%Y-%m-%d %H:%M') +except Exception as e: + fail() + +if len(mname)+len(mcontent)>16384: + fail(x=':)') + +try: + with open(os.environ['DOCUMENT_ROOT']+'/grecaptcha_key',mode='r',encoding='utf-8') as gr_secret_f: + gr_secret=gr_secret_f.read() + req={'secret':gr_secret,'response':f['gr_ret'],'remoteip':os.environ['REMOTE_ADDR']} + r=urllib.request.Request('https://www.google.com/recaptcha/api/siteverify',data=urllib.parse.urlencode(req).encode('utf-8'),method='POST') + rr=urllib.request.urlopen(r,timeout=5) + rsp=json.loads(str(rr.read(),'utf-8')) + if not rsp['success'] or rsp['score']<0.6: + fail(x=':)') +except Exception as e: + fail(x=e) + +print('Status: 200 OK',end='\r\n') +print('Content-type: text/plain',end='\r\n') +print(end='\r\n') + +msgp=os.environ['DOCUMENT_ROOT']+'/leave-a-message/messages' +with open(msgp,mode='r',encoding='utf-8') as f: + o=json.load(f) +newm={'cont':mcontent,'author':mname,'time':mtime} +o.append(newm) +with open(msgp,mode='w',encoding='utf-8') as f: + json.dump(o,f) + +archivp=os.environ['DOCUMENT_ROOT']+'/leave-a-message/archive.txt' +with open(archivp,mode='a',encoding='utf-8') as f: + f.write(f'comment: {mcontent}\n') + f.write(f'author: {mname}\n') + f.write(f'time: {mtime}\n') + f.write(f'IP: {os.environ["REMOTE_ADDR"]}\n\n') |