lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 03:57:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/php8' into php8

Browse Source
This commit is contained in:
xiaomlove
2025-12-29 00:03:48 +07:00
parent 8602831d3a 7f0f8cca16
commit 290ad0f375
43 changed files with 1766 additions and 840 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/ajax.php
+46 -1
View File
@@ -1,11 +1,14 @@
<?php
require "../include/bittorrent.php";
dbconn();
loggedinorreturn();
$action = $_POST['action'] ?? '';
$params = $_POST['params'] ?? [];
if ($action != 'getPasskeyGetArgs' && $action != 'processPasskeyGet') {
loggedinorreturn();
}
class AjaxInterface{
public static function toggleUserMedalStatus($params)
@@ -179,6 +182,48 @@ class AjaxInterface{
$user->tokens()->where('id', $params['id'])->delete();
return true;
}
public static function getPasskeyCreateArgs($params)
{
global $CURUSER;
$rep = new \App\Repositories\UserPasskeyRepository();
return $rep->getCreateArgs($CURUSER['id'], $CURUSER['username']);
}
public static function processPasskeyCreate($params)
{
global $CURUSER;
$rep = new \App\Repositories\UserPasskeyRepository();
return $rep->processCreate($CURUSER['id'], $params['clientDataJSON'], $params['attestationObject']);
}
public static function deletePasskey($params)
{
global $CURUSER;
$rep = new \App\Repositories\UserPasskeyRepository();
return $rep->delete($CURUSER['id'], $params['credentialId']);
}
public static function getPasskeyList($params)
{
global $CURUSER;
$rep = new \App\Repositories\UserPasskeyRepository();
return $rep->getList($CURUSER['id']);
}
public static function getPasskeyGetArgs($params)
{
global $CURUSER;
$rep = new \App\Repositories\UserPasskeyRepository();
return $rep->getGetArgs();
}
public static function processPasskeyGet($params)
{
global $CURUSER;
$rep = new \App\Repositories\UserPasskeyRepository();
return $rep->processGet($params['challenge'], $params['id'], $params['clientDataJSON'], $params['authenticatorData'], $params['signature'], $params['userHandle']);
}
}
$class = 'AjaxInterface';
public/announce.php
+10 -44
View File
@@ -13,7 +13,7 @@ foreach (array("passkey","info_hash","peer_id","event") as $x)
$GLOBALS[$x] = $_GET[$x];
}
// get integer type port, downloaded, uploaded, left from client
foreach (array("port","downloaded","uploaded","left","compact","no_peer_id") as $x)
foreach (array("port","downloaded","uploaded","left") as $x)
{
$GLOBALS[$x] = intval($_GET[$x] ?? 0);
}
@@ -172,7 +172,7 @@ elseif ($az['showclienterror'] == 'yes'){
}
// check torrent based on info_hash
$checkTorrentSql = "SELECT torrents.id, size, owner, sp_state, seeders, leechers, UNIX_TIMESTAMP(added) AS ts, added, banned, hr, approval_status, price, categories.mode FROM torrents left join categories on torrents.category = categories.id WHERE " . hash_where("info_hash", $info_hash);
$checkTorrentSql = "SELECT torrents.id, size, owner, sp_state, seeders, leechers, times_completed, UNIX_TIMESTAMP(added) AS ts, added, banned, hr, approval_status, price, categories.mode FROM torrents left join categories on torrents.category = categories.id WHERE " . hash_where("info_hash", $info_hash);
if (!$torrent = $Cache->get_value('torrent_hash_'.$info_hash.'_content')){
$res = sql_query($checkTorrentSql);
$torrent = mysql_fetch_array($res);
@@ -251,13 +251,11 @@ $rep_dict = [
"min interval" => (int)$announce_wait,
"complete" => (int)$torrent["seeders"],
"incomplete" => (int)$torrent["leechers"],
"peers" => [], // By default it is a array object, only when `&compact=1` then it should be a string
"downloaded" => (int)$torrent["times_completed"],
"peers" => '',
"peers6" => '',
];
if ($compact == 1) {
$rep_dict['peers'] = ''; // Change `peers` from array to string
$rep_dict['peers6'] = ''; // If peer use IPv6 address , we should add packed string in `peers6`
}
$GLOBALS['rep_dict'] = $rep_dict;
if ($isReAnnounce) {
do_log("$log, [YES_RE_ANNOUNCE]");
@@ -280,43 +278,11 @@ if (isset($event) && $event == "stopped") {
continue;
}
if ($compact == 1) {
// $peerField = filter_var($row['ip'],FILTER_VALIDATE_IP,FILTER_FLAG_IPV6) ? 'peers6' : 'peers';
// $rep_dict[$peerField] .= inet_pton($row["ip"]) . pack("n", $row["port"]);
if (!empty($row['ipv4'])) {
$rep_dict['peers'] .= inet_pton($row["ipv4"]) . pack("n", $row["port"]);
}
if (!empty($row['ipv6'])) {
$rep_dict['peers6'] .= inet_pton($row["ipv6"]) . pack("n", $row["port"]);
}
} else {
// $peer = [
// 'ip' => $row["ip"],
// 'port' => (int) $row["port"]
// ];
//
// if ($no_peer_id == 1) {
// $peer['peer id'] = $row["peer_id"];
// }
// $rep_dict['peers'][] = $peer;
if (!empty($row['ipv4'])) {
$peer = [
'peer_id' => $row['peer_id'],
'ip' => $row['ipv4'],
'port' => (int)$row['port'],
];
if ($no_peer_id) unset($peer['peer_id']);
$rep_dict['peers'][] = $peer;
}
if (!empty($row['ipv6'])) {
$peer = [
'peer_id' => $row['peer_id'],
'ip' => $row['ipv6'],
'port' => (int)$row['port'],
];
if ($no_peer_id) unset($peer['peer_id']);
$rep_dict['peers'][] = $peer;
}
if (!empty($row['ipv4'])) {
$rep_dict['peers'] .= inet_pton($row["ipv4"]) . pack("n", $row["port"]);
}
if (!empty($row['ipv6'])) {
$rep_dict['peers6'] .= inet_pton($row["ipv6"]) . pack("n", $row["port"]);
}
}
}
public/fields.php
+1
View File
@@ -22,6 +22,7 @@ if ($action == 'view') {
begin_main_frame();
echo $field->buildFieldForm();
} elseif ($action == 'submit') {
die("This method is deprecated! This method is no longer available in 1.10, it does not save data correctly, please go to the management system!");
try {
$result = $field->save($_REQUEST);
nexus_redirect('fields.php?action=view');
public/invite.php
+7 -5
View File
@@ -100,14 +100,14 @@ if ($type == 'new'){
} else {
inviteMenu($menuSelected);
if ($menuSelected == 'invitee') {
$whereStr = "invited_by = " . sqlesc($id);
$whereStr = "u.invited_by = " . sqlesc($id);
if (!empty($_GET['status'])) {
$whereStr .= " and status = " . sqlesc($_GET['status']);
$whereStr .= " and u.status = " . sqlesc($_GET['status']);
}
if (!empty($_GET['enabled'])) {
$whereStr .= " and enabled = " . sqlesc($_GET['enabled']);
$whereStr .= " and u.enabled = " . sqlesc($_GET['enabled']);
}
$rel = sql_query("SELECT COUNT(*) FROM users WHERE $whereStr") or sqlerr(__FILE__, __LINE__);
$rel = sql_query("SELECT COUNT(*) FROM users u WHERE $whereStr") or sqlerr(__FILE__, __LINE__);
$arro = mysql_fetch_row($rel);
$number = $arro[0];
$textSelectOnePlease = nexus_trans('nexus.select_one_please');
@@ -164,13 +164,14 @@ JS;
} else {
list($pagertop, $pagerbottom, $limit) = pager($pageSize, $number, "?id=$id&menu=$menuSelected&");
$haremAdditionFactor = (float)get_setting('bonus.harem_addition');
$ret = sql_query("SELECT id, username, email, uploaded, downloaded, status, warned, enabled, donor, email, seed_points_per_hour, seeding_torrent_count, seeding_torrent_size, last_announce_at FROM users WHERE $whereStr $limit") or sqlerr();
$ret = sql_query("SELECT u.id, u.username, u.email, u.uploaded, u.downloaded, u.status, u.warned, u.enabled, u.donor, u.email, u.seed_points_per_hour, u.seeding_torrent_count, u.seeding_torrent_size, u.last_announce_at, COUNT(t.id) AS torrent_count FROM users u LEFT JOIN torrents t ON t.owner = u.id WHERE $whereStr GROUP BY u.id $limit") or sqlerr();
$num = mysql_num_rows($ret);
print("<tr>
<td class=colhead><b>".$lang_invite['text_username']."</b></td>
<td class=colhead><b>".$lang_invite['text_email']."</b></td>
<td class=colhead><b>".$lang_invite['text_enabled']."</b></td>
<td class=colhead><b>".$lang_invite['text_uploaded_count']."</b></td>
<td class=colhead><b>".$lang_invite['text_uploaded']."</b></td>
<td class=colhead><b>".$lang_invite['text_downloaded']."</b></td>
<td class=colhead><b>".$lang_invite['text_ratio']."</b></td>
@@ -212,6 +213,7 @@ JS;
<td class=rowfollow>".get_username($arr['id'])."</td>
<td class=rowfollow>".$arr['email']."</td>
<td class=rowfollow>".$arr['enabled']."</td>
<td class=rowfollow>" . $arr['torrent_count'] . "</td>
<td class=rowfollow>" . mksize($arr['uploaded']) . "</td>
<td class=rowfollow>" . mksize($arr['downloaded']) . "</td>
<td class=rowfollow>".$ratio."</td>
public/js/medium-zoom.min.js
Vendored
+2
View File
File diff suppressed because one or more lines are too long
public/js/nexus.js
Vendored
+1 -1
View File
@@ -65,7 +65,7 @@ jQuery(document).ready(function () {
let position = getPosition(e, imgPosition)
let src = imgEle.attr("src")
if (src) {
previewEle.attr("src", src).css(position).fadeIn("fast");
previewEle.stop(true, true).attr("src", src).css(position).fadeIn("fast");
}
}).on("mouseout", selector, function (e) {
// previewEle.remove()
public/js/passkey.js
Vendored
+169
View File
@@ -0,0 +1,169 @@
const Passkey = (() => {
const apiUrl = '/ajax.php';
const supported = () => {
return window.PublicKeyCredential;
}
const conditionalSupported = () => {
return supported() && PublicKeyCredential.isConditionalMediationAvailable;
}
const isCMA = async () => {
return await PublicKeyCredential.isConditionalMediationAvailable();
}
const getCreateArgs = async () => {
const getArgsParams = new URLSearchParams();
getArgsParams.set('action', 'getPasskeyCreateArgs');
const response = await fetch(apiUrl, {
method: 'POST',
body: getArgsParams,
});
const data = await response.json();
if (data.ret !== 0) {
throw new Error(data.msg);
}
const createArgs = data.data;
recursiveBase64StrToArrayBuffer(createArgs);
return createArgs;
}
const createRegistration = async () => {
const createArgs = await getCreateArgs();
const cred = await navigator.credentials.create(createArgs);
const processCreateParams = new URLSearchParams();
processCreateParams.set('action', 'processPasskeyCreate');
processCreateParams.set('params[transports]', cred.response.getTransports ? cred.response.getTransports() : null)
processCreateParams.set('params[clientDataJSON]', cred.response.clientDataJSON ? arrayBufferToBase64(cred.response.clientDataJSON) : null);
processCreateParams.set('params[attestationObject]', cred.response.attestationObject ? arrayBufferToBase64(cred.response.attestationObject) : null);
const response = await fetch(apiUrl, {
method: 'POST',
body: processCreateParams,
});
const data = await response.json();
if (data.ret !== 0) {
throw new Error(data.msg);
}
}
const getGetArgs = async () => {
const getArgsParams = new URLSearchParams();
getArgsParams.set('action', 'getPasskeyGetArgs');
const response = await fetch(apiUrl, {
method: 'POST',
body: getArgsParams,
});
const data = await response.json();
if (data.ret !== 0) {
throw new Error(data.msg);
}
const getArgs = data.data;
recursiveBase64StrToArrayBuffer(getArgs);
return getArgs;
}
let abortController;
const checkRegistration = async (conditional, showLoading) => {
if (abortController) {
abortController.abort()
abortController = null;
}
if (!conditional) showLoading();
const getArgs = await getGetArgs();
if (conditional) {
abortController = new AbortController();
getArgs.signal = abortController.signal;
getArgs.mediation = 'conditional';
}
const cred = await navigator.credentials.get(getArgs);
if (conditional) showLoading();
const processGetParams = new URLSearchParams();
processGetParams.set('action', 'processPasskeyGet');
processGetParams.set('params[challenge]', arrayBufferToBase64(getArgs['publicKey']['challenge']));
processGetParams.set('params[id]', cred.rawId ? arrayBufferToBase64(cred.rawId) : null);
processGetParams.set('params[clientDataJSON]', cred.response.clientDataJSON ? arrayBufferToBase64(cred.response.clientDataJSON) : null);
processGetParams.set('params[authenticatorData]', cred.response.authenticatorData ? arrayBufferToBase64(cred.response.authenticatorData) : null);
processGetParams.set('params[signature]', cred.response.signature ? arrayBufferToBase64(cred.response.signature) : null);
processGetParams.set('params[userHandle]', cred.response.userHandle ? arrayBufferToBase64(cred.response.userHandle) : null);
const response = await fetch(apiUrl, {
method: 'POST',
body: processGetParams,
});
const data = await response.json();
if (data.ret !== 0) {
throw new Error(data.msg);
}
}
const deleteRegistration = async (credentialId) => {
const deleteParams = new URLSearchParams();
deleteParams.set('action', 'deletePasskey');
deleteParams.set('params[credentialId]', credentialId);
const response = await fetch(apiUrl, {
method: 'POST',
body: deleteParams,
});
const data = await response.json();
if (data.ret !== 0) {
throw new Error(data.msg);
}
}
const recursiveBase64StrToArrayBuffer = (obj) => {
let prefix = '=?BINARY?B?';
let suffix = '?=';
if (typeof obj === 'object') {
for (let key in obj) {
if (typeof obj[key] === 'string') {
let str = obj[key];
if (str.substring(0, prefix.length) === prefix && str.substring(str.length - suffix.length) === suffix) {
str = str.substring(prefix.length, str.length - suffix.length);
let binary_string = window.atob(str);
let len = binary_string.length;
let bytes = new Uint8Array(len);
for (let i = 0; i < len; i++) {
bytes[i] = binary_string.charCodeAt(i);
}
obj[key] = bytes.buffer;
}
} else {
recursiveBase64StrToArrayBuffer(obj[key]);
}
}
}
}
const arrayBufferToBase64 = (buffer) => {
let binary = '';
let bytes = new Uint8Array(buffer);
let len = bytes.byteLength;
for (let i = 0; i < len; i++) {
binary += String.fromCharCode(bytes[i]);
}
return window.btoa(binary);
}
return {
supported: supported,
conditionalSupported: conditionalSupported,
createRegistration: createRegistration,
checkRegistration: checkRegistration,
deleteRegistration: deleteRegistration,
isCMA: isCMA,
}
})();
public/login.php
+2
View File
@@ -92,6 +92,7 @@ if (isset($returnto)) {
if ($useChallengeResponseAuthentication) {
print('<input type="hidden" name="response" />');
}
\App\Repositories\UserPasskeyRepository::renderLogin();
?>
</form>
<?php
@@ -134,4 +135,5 @@ print("</td></tr></table></form></td></tr></table>");
?>
<?php
render_password_challenge_js("login-form", "username", "password");
\Nexus\Nexus::js('js/passkey.js', 'footer', true);
stdfoot();
public/offers.php
+14 -9
View File
@@ -113,7 +113,7 @@ if (isset($_GET['new_offer']) && $_GET["new_offer"]){
'sender' => $CURUSER['id'],
'subject' => nexus_trans('offer.msg_new_offer_subject'),
'msg' => nexus_trans('offer.msg_new_offer_msg', [
'username' => "[url=userdetails.php?id={$CURUSER['id']}]{$CURUSER['username']}[/url]",
'username' => "[url=userdetails.php?id={$CURUSER['id']}]{$CURUSER['username']}[/url]",
'offername' => "[url=offers.php?id={$id}&off_details=1]{$name}[/url]"]),
'added' => now(),
]);
@@ -147,6 +147,9 @@ if (isset($_GET['off_details']) && $_GET["off_details"]){
$res = sql_query("SELECT * FROM offers WHERE id = $id") or sqlerr(__FILE__,__LINE__);
$num = mysql_fetch_array($res);
if (!$num) {
bark($lang_offers['text_nothing_found']);
}
$s = $num["name"];
@@ -270,7 +273,7 @@ if (isset($_GET["allow_offer"]) && $_GET["allow_offer"]) {
$subject = nexus_trans("offer.msg_your_offer_allowed", [], $locale);
$allowedtime = date("Y-m-d H:i:s");
//sql_query("INSERT INTO messages (sender, receiver, added, msg, subject) VALUES(0, {$arr['userid']}, '" . $allowedtime . "', " . sqlesc($msg) . ", ".sqlesc($subject).")") or sqlerr(__FILE__, __LINE__);
\App\Models\Message::add([
'sender' => 0,
'receiver' => $arr['userid'],
@@ -278,7 +281,7 @@ if (isset($_GET["allow_offer"]) && $_GET["allow_offer"]) {
'subject' => $subject,
'added' => $allowedtime,
]);
sql_query ("UPDATE offers SET allowed = 'allowed', allowedtime = '".$allowedtime."' WHERE id = $offid") or sqlerr(__FILE__,__LINE__);
write_log("{$CURUSER['username']} allowed offer {$arr['name']}",'normal');
@@ -329,7 +332,7 @@ if (isset($_GET["finish_offer"]) && $_GET["finish_offer"]) {
}
//===use this line if you DO HAVE subject in your PM system
$subject = nexus_trans("offer.msg_your_offer", [], $locale).$arr['name'].nexus_trans("offer.msg_voted_on", [], $locale);
\App\Models\Message::add([
'sender' => 0,
'subject' => $subject,
@@ -337,7 +340,7 @@ if (isset($_GET["finish_offer"]) && $_GET["finish_offer"]) {
'added' => $finishvotetime,
'msg' => $msg,
]);
//===use this line if you DO NOT subject in your PM system
//sql_query("INSERT INTO messages (sender, receiver, added, msg) VALUES(0, $arr['userid'], '" . date("Y-m-d H:i:s") . "', " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
write_log("{$CURUSER['username']} closed poll {$arr['name']}",'normal');
@@ -508,10 +511,12 @@ if (isset($_GET["vote"]) && $_GET["vote"]){
}
else
{
sql_query("UPDATE offers SET $vote = $vote + 1 WHERE id=".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__);
$res = sql_query("SELECT users.username, offers.userid, offers.name FROM offers LEFT JOIN users ON offers.userid = users.id WHERE offers.id = ".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res);
if (!$arr) {
bark($lang_offers['text_nothing_found']);
}
sql_query("UPDATE offers SET $vote = $vote + 1 WHERE id=".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__);
$locale = get_user_locale($arr['userid']);
$rs = sql_query("SELECT yeah, against, allowed FROM offers WHERE id=".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__);
@@ -530,7 +535,7 @@ if (isset($_GET["vote"]) && $_GET["vote"]){
sql_query("UPDATE offers SET allowed='allowed', allowedtime=".sqlesc($finishtime)." WHERE id=".sqlesc($offerid)) or sqlerr(__FILE__,__LINE__);
$msg = nexus_trans("offer.msg_offer_voted_on", [], $locale)."[b][url=". get_protocol_prefix() . $BASEURL."/offers.php?id=$offerid&off_details=1]" . $arr['name'] . "[/url][/b].". nexus_trans("offer.msg_find_offer_option", [], $locale).$timeoutnote;
$subject = nexus_trans("offer.msg_your_offer_allowed", [], $locale);
\App\Models\Message::add([
'sender' => 0,
'receiver' => $arr['userid'],
@@ -556,7 +561,7 @@ if (isset($_GET["vote"]) && $_GET["vote"]){
'added' => now(),
]);
write_log("System denied offer {$arr['name']}",'normal');
}
public/tags.php
-32
View File
@@ -228,38 +228,6 @@ insert_tag(
""
);
insert_tag(
$lang_tags['text_flash'],
$lang_tags['text_flash_description'],
$lang_tags['text_flash_syntax'],
sprintf($lang_tags['text_flash_example'], getSchemeAndHttpHost()),
""
);
insert_tag(
$lang_tags['text_flash_two'],
$lang_tags['text_flash_two_description'],
$lang_tags['text_flash_two_syntax'],
sprintf($lang_tags['text_flash_two_example'], getSchemeAndHttpHost()),
""
);
insert_tag(
$lang_tags['text_flv_one'],
$lang_tags['text_flv_one_description'],
$lang_tags['text_flv_one_syntax'],
sprintf($lang_tags['text_flv_one_example'], getSchemeAndHttpHost()),
""
);
insert_tag(
$lang_tags['text_flv_two'],
$lang_tags['text_flv_two_description'],
$lang_tags['text_flv_two_syntax'],
sprintf($lang_tags['text_flv_two_example'], getSchemeAndHttpHost()),
""
);
insert_tag(
$lang_tags['text_youtube'],
public/torrentrss.php
+5 -3
View File
@@ -11,7 +11,7 @@ if ($cacheData && nexus_env('APP_ENV') != 'local') {
header ("Content-type: text/xml");
die($cacheData);
}
dbconn();
dbconn(doLogin: false);
function hex_esc($matches) {
return sprintf("%02x", ord($matches[0]));
}
@@ -19,8 +19,10 @@ $dllink = false;
$where = "";
if ($passkey){
$res = sql_query("SELECT id, enabled, parked, passkey FROM users WHERE passkey=". sqlesc($passkey)." LIMIT 1");
$user = mysql_fetch_array($res);
$user = \Nexus\Database\NexusDB::remember('user_passkey_'.$passkey.'_rss', 3600, function () use ($passkey) {
$res = sql_query("SELECT id, enabled, parked, passkey FROM users WHERE passkey=". sqlesc($passkey)." LIMIT 1");
return mysql_fetch_array($res);
});
if (!$user)
die("invalid passkey");
elseif ($user['enabled'] == 'no' || $user['parked'] == 'yes')
public/usercp.php
+3
View File
@@ -936,6 +936,9 @@ EOD;
$twoStepY .= '</div>';
tr_small($lang_usercp['row_two_step_secret'], $twoStepY, 1);
}
printf('<tr><td class="rowhead" valign="top" align="right">%s</td><td class="rowfollow" valign="top" align="left">', nexus_trans('passkey.passkey'));
\App\Repositories\UserPasskeyRepository::renderList($CURUSER['id']);
printf('</td></tr>');
if ($disableemailchange != 'no' && $smtptype != 'none') //system-wide setting
tr_small($lang_usercp['row_email_address'], "<input type=\"text\" name=\"email\" style=\"width: 200px\" value=\"" . htmlspecialchars($CURUSER["email"]) . "\" /> <br /><font class=small>".$lang_usercp['text_email_address_note']."</font>", 1);
public/usersearch.php
+1 -1
View File
@@ -311,7 +311,7 @@ if (count($_GET) > 0 && !$_GET['h'])
if (strpos($email,'*') === False && strpos($email,'?') === False
&& strpos($email,'%') === False)
{
if (validemail($email) !== 1)
if (!validemail($email))
{
stdmsg("Error", "Bad email.");
stdfoot();