mirror of
https://github.com/lkddi/nexusphp.git
synced 2026-04-27 14:17:23 +08:00
downhash
This commit is contained in:
xiaomlove
@@ -50,7 +50,7 @@ class Test extends Command
|
|||||||
*/
|
*/
|
||||||
public function handle()
|
public function handle()
|
||||||
{
|
{
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -9,8 +9,6 @@ use Illuminate\Support\Str;
|
|||||||
|
|
||||||
class ToolRepository extends BaseRepository
|
class ToolRepository extends BaseRepository
|
||||||
{
|
{
|
||||||
private static $encrypter;
|
|
||||||
|
|
||||||
public function backupWeb(): array
|
public function backupWeb(): array
|
||||||
{
|
{
|
||||||
$webRoot = base_path();
|
$webRoot = base_path();
|
||||||
@@ -146,17 +144,8 @@ class ToolRepository extends BaseRepository
|
|||||||
return $backupResult;
|
return $backupResult;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getEncrypter(): Encrypter
|
public function getEncrypter(string $key): Encrypter
|
||||||
{
|
{
|
||||||
if (!is_null(self::$encrypter)) {
|
return new Encrypter($key, 'AES-256-CBC');
|
||||||
return self::$encrypter;
|
|
||||||
}
|
|
||||||
$key = nexus_env('APP_KEY');
|
|
||||||
$prefix = 'base64:';
|
|
||||||
if (Str::startsWith($key,$prefix)) {
|
|
||||||
$key = substr($key, strlen($prefix));
|
|
||||||
$key = base64_decode($key);
|
|
||||||
}
|
|
||||||
return self::$encrypter = new Encrypter($key, 'AES-256-CBC');
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -254,15 +254,20 @@ class TorrentRepository extends BaseRepository
|
|||||||
return "$speed/s";
|
return "$speed/s";
|
||||||
}
|
}
|
||||||
|
|
||||||
public function encryptDownHash($id, $uid): string
|
public function encryptDownHash($id, $user): string
|
||||||
{
|
{
|
||||||
|
if (!is_array($user) || empty($user['passkey']) || empty($user['id'])) {
|
||||||
|
$user = User::query()->findOrFail(intval($user), ['id', 'passkey'])->toArray();
|
||||||
|
}
|
||||||
|
//down hash is relative to user passkey
|
||||||
|
$key = md5($user['passkey'] . date('Ymd') . $user['id']);
|
||||||
$toolRep = new ToolRepository();
|
$toolRep = new ToolRepository();
|
||||||
$payload = [
|
$payload = [
|
||||||
'id' => $id,
|
'id' => $id,
|
||||||
'uid' => $uid,
|
'uid' => $user['id'],
|
||||||
'date' => date('Ymd'),
|
'date' => date('Ymd'),
|
||||||
];
|
];
|
||||||
return $toolRep->getEncrypter()->encrypt($payload);
|
return $toolRep->getEncrypter($key)->encrypt($payload);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function decryptDownHash($downHash)
|
public function decryptDownHash($downHash)
|
||||||
|
|||||||
@@ -220,7 +220,7 @@ $lang_details = array
|
|||||||
'text_and_more' => "……(这里只显示最新记录。共",
|
'text_and_more' => "……(这里只显示最新记录。共",
|
||||||
'text_users_in_total' => "个用户表示了感谢)",
|
'text_users_in_total' => "个用户表示了感谢)",
|
||||||
'torrent_dl_url' => "种子链接",
|
'torrent_dl_url' => "种子链接",
|
||||||
'torrent_dl_url_notice' => "可在BT客户端使用,请保护好Passkey,谨防泄露。",
|
'torrent_dl_url_notice' => "可在BT客户端使用,当天有效。",
|
||||||
'torrent_dl_url_text' => "右键查看。",
|
'torrent_dl_url_text' => "右键查看。",
|
||||||
'span_description_have_given' =>'你已经赠送魔力值',
|
'span_description_have_given' =>'你已经赠送魔力值',
|
||||||
'text_no_magic_added' => "暂无魔力值奖励",
|
'text_no_magic_added' => "暂无魔力值奖励",
|
||||||
|
|||||||
@@ -219,7 +219,7 @@ $lang_details = array
|
|||||||
'text_and_more' => "……(這裏只顯示最新記錄。共",
|
'text_and_more' => "……(這裏只顯示最新記錄。共",
|
||||||
'text_users_in_total' => "個用戶表示了感謝)",
|
'text_users_in_total' => "個用戶表示了感謝)",
|
||||||
'torrent_dl_url' => "種子連結",
|
'torrent_dl_url' => "種子連結",
|
||||||
'torrent_dl_url_notice' => "可在BT用戶端使用,請保護好Passkey,謹防洩露。",
|
'torrent_dl_url_notice' => "可在BT用戶端使用,當天有效。",
|
||||||
'torrent_dl_url_text' => "右鍵查看。",
|
'torrent_dl_url_text' => "右鍵查看。",
|
||||||
'span_description_have_given' =>'你已經贈送魔力值',
|
'span_description_have_given' =>'你已經贈送魔力值',
|
||||||
'text_no_magic_added' => "暫無魔力值獎勵",
|
'text_no_magic_added' => "暫無魔力值獎勵",
|
||||||
|
|||||||
@@ -219,7 +219,7 @@ $lang_details = array
|
|||||||
'text_and_more' => " and more (thanks from ",
|
'text_and_more' => " and more (thanks from ",
|
||||||
'text_users_in_total' => " users in total)",
|
'text_users_in_total' => " users in total)",
|
||||||
'torrent_dl_url' => "Torrent URL",
|
'torrent_dl_url' => "Torrent URL",
|
||||||
'torrent_dl_url_notice' => "You can copy it to your BT Client. Take care since it contains your passkey.",
|
'torrent_dl_url_notice' => "You can copy it to your BT Client. Only valid in today.",
|
||||||
'torrent_dl_url_text' => "Right click to view.",
|
'torrent_dl_url_text' => "Right click to view.",
|
||||||
'span_description_have_given' =>'You have given the magic of the value',
|
'span_description_have_given' =>'You have given the magic of the value',
|
||||||
'text_no_magic_added' => "No magic value of the award",
|
'text_no_magic_added' => "No magic value of the award",
|
||||||
|
|||||||
+2
-1
@@ -38,6 +38,7 @@ if (!$row) {
|
|||||||
) {
|
) {
|
||||||
permissiondenied();
|
permissiondenied();
|
||||||
} else {
|
} else {
|
||||||
|
$torrentRep = new \App\Repositories\TorrentRepository();
|
||||||
$torrentUpdate = [];
|
$torrentUpdate = [];
|
||||||
if (!empty($_GET["hit"])) {
|
if (!empty($_GET["hit"])) {
|
||||||
$torrentUpdate[] = 'views = views + 1';
|
$torrentUpdate[] = 'views = views + 1';
|
||||||
@@ -127,7 +128,7 @@ if (!$row) {
|
|||||||
else $download = "";
|
else $download = "";
|
||||||
|
|
||||||
tr($lang_details['row_action'], $download. ($owned == 1 ? "<$editlink><img class=\"dt_edit\" src=\"pic/trans.gif\" alt=\"edit\" /> <b><font class=\"small\">".$lang_details['text_edit_torrent'] . "</font></b></a> | " : ""). (get_user_class() >= $askreseed_class && $row['seeders'] == 0 ? "<a title=\"".$lang_details['title_ask_for_reseed']."\" href=\"takereseed.php?reseedid=$id\"><img class=\"dt_reseed\" src=\"pic/trans.gif\" alt=\"reseed\"> <b><font class=\"small\">".$lang_details['text_ask_for_reseed'] ."</font></b></a> | " : "") . "<a title=\"".$lang_details['title_report_torrent']."\" href=\"report.php?torrent=$id\"><img class=\"dt_report\" src=\"pic/trans.gif\" alt=\"report\" /> <b><font class=\"small\">".$lang_details['text_report_torrent']."</font></b></a>", 1);
|
tr($lang_details['row_action'], $download. ($owned == 1 ? "<$editlink><img class=\"dt_edit\" src=\"pic/trans.gif\" alt=\"edit\" /> <b><font class=\"small\">".$lang_details['text_edit_torrent'] . "</font></b></a> | " : ""). (get_user_class() >= $askreseed_class && $row['seeders'] == 0 ? "<a title=\"".$lang_details['title_ask_for_reseed']."\" href=\"takereseed.php?reseedid=$id\"><img class=\"dt_reseed\" src=\"pic/trans.gif\" alt=\"reseed\"> <b><font class=\"small\">".$lang_details['text_ask_for_reseed'] ."</font></b></a> | " : "") . "<a title=\"".$lang_details['title_report_torrent']."\" href=\"report.php?torrent=$id\"><img class=\"dt_report\" src=\"pic/trans.gif\" alt=\"report\" /> <b><font class=\"small\">".$lang_details['text_report_torrent']."</font></b></a>", 1);
|
||||||
tr($lang_details['torrent_dl_url'],sprintf('<a title="%s" href="%s/download.php?id=%u&passkey=%s">%s</a>',$lang_details['torrent_dl_url_notice'],getSchemeAndHttpHost(),$id,$CURUSER['passkey'], $lang_details['torrent_dl_url_text']),1);
|
tr($lang_details['torrent_dl_url'],sprintf('<a title="%s" href="%s/download.php?downhash=%s">%s</a>',$lang_details['torrent_dl_url_notice'], getSchemeAndHttpHost(), $torrentRep->encryptDownHash($row['id'], $CURUSER), $lang_details['torrent_dl_url_text']),1);
|
||||||
|
|
||||||
// ---------------- start subtitle block -------------------//
|
// ---------------- start subtitle block -------------------//
|
||||||
$r = sql_query("SELECT subs.*, language.flagpic, language.lang_name FROM subs LEFT JOIN language ON subs.lang_id=language.id WHERE torrent_id = " . sqlesc($row["id"]). " ORDER BY subs.lang_id ASC") or sqlerr(__FILE__, __LINE__);
|
$r = sql_query("SELECT subs.*, language.flagpic, language.lang_name FROM subs LEFT JOIN language ON subs.lang_id=language.id WHERE torrent_id = " . sqlesc($row["id"]). " ORDER BY subs.lang_id ASC") or sqlerr(__FILE__, __LINE__);
|
||||||
|
|||||||
+20
-7
@@ -1,15 +1,25 @@
|
|||||||
<?php
|
<?php
|
||||||
require_once("../include/bittorrent.php");
|
require_once("../include/bittorrent.php");
|
||||||
dbconn();
|
dbconn();
|
||||||
$id = (int)$_GET["id"];
|
|
||||||
if (!$id)
|
if (!empty($_REQUEST['downhash'])){
|
||||||
httperr();
|
$torrentRep = new \App\Repositories\TorrentRepository();
|
||||||
$passkey = $_GET['passkey'] ?? '';
|
try {
|
||||||
if ($passkey){
|
$params = $torrentRep->decryptDownHash($_REQUEST['downhash']);
|
||||||
$res = sql_query("SELECT * FROM users WHERE passkey=". sqlesc($passkey)." LIMIT 1");
|
} catch (\Exception $exception) {
|
||||||
|
do_log("downhash: " . $_REQUEST['downhash'] . " invalid: " . $exception->getMessage());
|
||||||
|
die("invalid downhash, decrypt fail");
|
||||||
|
}
|
||||||
|
if ($params['date'] != date('Ymd')) {
|
||||||
|
die("invalid downhash, expires");
|
||||||
|
}
|
||||||
|
$id = $params['id'];
|
||||||
|
$uid = $params['uid'];
|
||||||
|
|
||||||
|
$res = sql_query("SELECT * FROM users WHERE id=". sqlesc($uid)." LIMIT 1");
|
||||||
$user = mysql_fetch_array($res);
|
$user = mysql_fetch_array($res);
|
||||||
if (!$user)
|
if (!$user)
|
||||||
die("invalid passkey");
|
die("invalid downhash, payload invalid");
|
||||||
elseif ($user['enabled'] == 'no' || $user['parked'] == 'yes')
|
elseif ($user['enabled'] == 'no' || $user['parked'] == 'yes')
|
||||||
die("account disabed or parked");
|
die("account disabed or parked");
|
||||||
$oldip = $user['ip'];
|
$oldip = $user['ip'];
|
||||||
@@ -18,6 +28,9 @@ if ($passkey){
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
$id = (int)$_GET["id"];
|
||||||
|
if (!$id)
|
||||||
|
httperr();
|
||||||
loggedinorreturn();
|
loggedinorreturn();
|
||||||
parked();
|
parked();
|
||||||
$letdown = intval($_GET['letdown'] ?? 0);
|
$letdown = intval($_GET['letdown'] ?? 0);
|
||||||
|
|||||||
Reference in New Issue
Block a user