diff --git a/_db/dbstructure_v1.6.sql b/_db/dbstructure_v1.6.sql index b79e90e6..45b33567 100644 --- a/_db/dbstructure_v1.6.sql +++ b/_db/dbstructure_v1.6.sql @@ -778,7 +778,7 @@ CREATE TABLE `failed_jobs` ( `exception` longtext COLLATE utf8mb4_unicode_ci NOT NULL, `failed_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`id`), - UNIQUE KEY `failed_jobs_uuid_unique` (`uuid`) + UNIQUE KEY `failed_jobs_uuid_unique` (`uuid`(191)) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; /*!40101 SET character_set_client = @saved_cs_client */; @@ -1909,6 +1909,34 @@ INSERT INTO `searchbox` VALUES (4,'chd',1,0,1,1,1,0,1,0,10,7,'','',''); /*!40000 ALTER TABLE `searchbox` ENABLE KEYS */; UNLOCK TABLES; +-- +-- Table structure for table `searchbox_fields` +-- + +DROP TABLE IF EXISTS `searchbox_fields`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `searchbox_fields` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `searchbox_id` int(11) NOT NULL, + `field_type` varchar(255) NOT NULL, + `field_id` int(11) NOT NULL DEFAULT '0', + `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + `update_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + PRIMARY KEY (`id`), + UNIQUE KEY `uniq_searchbox_type_id` (`searchbox_id`,`field_type`,`field_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `searchbox_fields` +-- + +LOCK TABLES `searchbox_fields` WRITE; +/*!40000 ALTER TABLE `searchbox_fields` DISABLE KEYS */; +/*!40000 ALTER TABLE `searchbox_fields` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `secondicons` -- @@ -1953,8 +1981,8 @@ CREATE TABLE `settings` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` varchar(255) NOT NULL DEFAULT '', `value` mediumtext, - `created_at` datetime DEFAULT NULL, - `updated_at` datetime DEFAULT NULL, + `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + `updated_at` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`id`), UNIQUE KEY `uniqe_name` (`name`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; @@ -2337,6 +2365,35 @@ LOCK TABLES `topics` WRITE; /*!40000 ALTER TABLE `topics` ENABLE KEYS */; UNLOCK TABLES; +-- +-- Table structure for table `torrent_secrets` +-- + +DROP TABLE IF EXISTS `torrent_secrets`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `torrent_secrets` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `uid` int(11) NOT NULL, + `torrent_id` int(11) NOT NULL DEFAULT '0', + `secret` varchar(255) NOT NULL, + `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + PRIMARY KEY (`id`), + KEY `idx_uid` (`uid`), + KEY `idx_torrent_id` (`torrent_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Dumping data for table `torrent_secrets` +-- + +LOCK TABLES `torrent_secrets` WRITE; +/*!40000 ALTER TABLE `torrent_secrets` DISABLE KEYS */; +/*!40000 ALTER TABLE `torrent_secrets` ENABLE KEYS */; +UNLOCK TABLES; + -- -- Table structure for table `torrents` -- @@ -2381,7 +2438,7 @@ CREATE TABLE `torrents` ( `promotion_until` datetime DEFAULT NULL, `anonymous` enum('yes','no') NOT NULL DEFAULT 'no', `url` int(10) unsigned DEFAULT NULL, - `pos_state` enum('normal','sticky') NOT NULL DEFAULT 'normal', + `pos_state` varchar(32) NOT NULL DEFAULT 'normal', `cache_stamp` tinyint(3) unsigned NOT NULL DEFAULT '0', `picktype` enum('hot','classic','recommended','normal') NOT NULL DEFAULT 'normal', `picktime` datetime DEFAULT NULL, @@ -2703,4 +2760,4 @@ UNLOCK TABLES; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2021-05-14 0:29:10 +-- Dump completed on 2021-06-04 21:00:26 diff --git a/app/Http/Middleware/Permission.php b/app/Http/Middleware/Permission.php index 3131dfa8..9e5f98fa 100644 --- a/app/Http/Middleware/Permission.php +++ b/app/Http/Middleware/Permission.php @@ -18,14 +18,13 @@ class Permission */ public function handle(Request $request, Closure $next) { + /** @var User $user */ $user = $request->user(); - $targetClass = User::CLASS_MODERATOR; - $log = sprintf('user: %s, class: %s, target class: %s', $user->id, $user->class, $targetClass); - if (!$user || $user->class < $targetClass) { - do_log("$log, denied!"); + if (!$user || !$user->canAccessAdmin()) { + do_log("denied!"); throw new UnauthorizedException('Unauthorized!'); } - do_log("$log, allow!"); + do_log("allow!"); return $next($request); } } diff --git a/app/Models/User.php b/app/Models/User.php index 6fa7cf01..5bfc06b7 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -247,4 +247,14 @@ class User extends Authenticatable return $this->update($update); } + public function canAccessAdmin() + { + $targetClass = self::CLASS_MODERATOR; + if (!$this->class || $this->class < $targetClass) { + do_log(sprintf('user: %s, no class or class < %s, can not access admin.', $this->id, $targetClass)); + return false; + } + return true; + } + } diff --git a/app/Repositories/AuthenticateRepository.php b/app/Repositories/AuthenticateRepository.php index 4b3e8d30..d22626d2 100644 --- a/app/Repositories/AuthenticateRepository.php +++ b/app/Repositories/AuthenticateRepository.php @@ -4,6 +4,7 @@ namespace App\Repositories; use App\Http\Resources\UserResource; use App\Models\User; use Illuminate\Support\Facades\DB; +use Illuminate\Validation\UnauthorizedException; class AuthenticateRepository extends BaseRepository { @@ -11,10 +12,13 @@ class AuthenticateRepository extends BaseRepository { $user = User::query() ->where('username', $username) - ->first(array_merge(User::$commonFields, ['secret', 'passhash'])); + ->first(array_merge(User::$commonFields, ['class', 'secret', 'passhash'])); if (!$user || md5($user->secret . $password . $user->secret) != $user->passhash) { throw new \InvalidArgumentException('Username or password invalid.'); } + if (!$user->canAccessAdmin()) { + throw new UnauthorizedException('Unauthorized!'); + } $tokenName = __METHOD__ . __LINE__; $token = DB::transaction(function () use ($user, $tokenName) { $user->tokens()->delete(); diff --git a/lang/chs/lang_torrents.php b/lang/chs/lang_torrents.php index 11d29e92..208fc88f 100644 --- a/lang/chs/lang_torrents.php +++ b/lang/chs/lang_torrents.php @@ -47,7 +47,7 @@ $lang_torrents = array 'text_s_bookmarked_torrent' => "收藏的种子", 'text_s_not_bookmarked_torrent' => "未收藏的种子", 'head_torrents' => "种子", - 'head_music' => "音乐", + 'head_special' => "特别", 'text_movies_and_tvs' => "电影 & 电视:", 'text_games_and_appz' => "游戏 & 程序:", 'text_others' => "其它:", diff --git a/lang/cht/lang_torrents.php b/lang/cht/lang_torrents.php index d1aa10e3..7401bfe6 100644 --- a/lang/cht/lang_torrents.php +++ b/lang/cht/lang_torrents.php @@ -47,7 +47,7 @@ $lang_torrents = array 'text_s_bookmarked_torrent' => "收藏的種子", 'text_s_not_bookmarked_torrent' => "未收藏的種子", 'head_torrents' => "種子", - 'head_music' => "音樂", + 'head_special' => "特別", 'text_movies_and_tvs' => "電影 & 電視:", 'text_games_and_appz' => "游戲 & 程序:", 'text_others' => "其它:", diff --git a/lang/en/lang_torrents.php b/lang/en/lang_torrents.php index 9970afe4..60b9bdde 100644 --- a/lang/en/lang_torrents.php +++ b/lang/en/lang_torrents.php @@ -47,7 +47,7 @@ $lang_torrents = array 'text_s_bookmarked_torrent' => "'s Bookmarked Torrents", 'text_s_not_bookmarked_torrent' => "'s NOT Bookmarked Torrents", 'head_torrents' => "Torrents", - 'head_music' => "Music", + 'head_special' => "Special", 'text_movies_and_tvs' => "Movies & TVs:", 'text_games_and_appz' => "Games & Appz:", 'text_others' => "Others:", diff --git a/nexus/Install/settings.default.php b/nexus/Install/settings.default.php index 926976b5..48bb2a95 100644 --- a/nexus/Install/settings.default.php +++ b/nexus/Install/settings.default.php @@ -153,14 +153,15 @@ 'addoffer' => '0', 'offermanage' => '13', 'upload' => '2', - 'uploadspecial' => '0', - 'movetorrent' => '0', + 'uploadspecial' => '12', + 'movetorrent' => '13', 'chrmanage' => '13', 'viewinvite' => '13', 'buyinvite' => '5', 'seebanned' => '12', 'againstoffer' => '1', 'userbar' => '2', + 'view_special_torrent' => '4', ), 'tweak' => array ( diff --git a/public/settings.php b/public/settings.php index 6acfb13f..7c53a4b4 100644 --- a/public/settings.php +++ b/public/settings.php @@ -55,7 +55,7 @@ if ($action == 'savesettings_main') // save main $Cache->delete_value('stats_torrents', true); $Cache->delete_value('peers_count', true); $actiontime = date("F j, Y, g:i a"); - write_log("Tracker MAIN settings updated by $CURUSER[username]. $actiontime",'mod'); + write_log("Tracker MAIN settings updated by {$CURUSER['username']}. $actiontime",'mod'); go_back(); } elseif ($action == 'savesettings_basic') // save basic @@ -71,7 +71,7 @@ elseif ($action == 'savesettings_basic') // save basic } saveSetting('basic', $BASIC); $actiontime = date("F j, Y, g:i a"); - write_log("Tracker basic settings updated by $CURUSER[username]. $actiontime",'mod'); + write_log("Tracker basic settings updated by {$CURUSER['username']}. $actiontime",'mod'); go_back(); } elseif ($action == 'savesettings_code') // save database @@ -85,7 +85,7 @@ elseif ($action == 'savesettings_code') // save database } saveSetting('code', $CODE); $actiontime = date("F j, Y, g:i a"); - write_log("Tracker code settings updated by $CURUSER[username]. $actiontime",'mod'); + write_log("Tracker code settings updated by {$CURUSER['username']}. $actiontime",'mod'); go_back(); } elseif ($action == 'savesettings_bonus') // save bonus @@ -107,7 +107,7 @@ elseif ($action == 'savesettings_bonus') // save bonus ksort($BONUS['attendance_continuous']); saveSetting('bonus', $BONUS); $actiontime = date("F j, Y, g:i a"); - write_log("Tracker bonus settings updated by $CURUSER[username]. $actiontime",'mod'); + write_log("Tracker bonus settings updated by {$CURUSER['username']}. $actiontime",'mod'); go_back(); } elseif ($action == 'savesettings_account') // save account @@ -122,7 +122,7 @@ elseif ($action == 'savesettings_account') // save account } saveSetting('account', $ACCOUNT); $actiontime = date("F j, Y, g:i a"); - write_log("Tracker account settings updated by $CURUSER[username]. $actiontime",'mod'); + write_log("Tracker account settings updated by {$CURUSER['username']}. $actiontime",'mod'); go_back(); } elseif($action == 'savesettings_torrent') // save account @@ -137,7 +137,7 @@ elseif($action == 'savesettings_torrent') // save account saveSetting('torrent', $TORRENT); $actiontime = date("F j, Y, g:i a"); - write_log("Tracker torrent settings updated by $CURUSER[username]. $actiontime",'mod'); + write_log("Tracker torrent settings updated by {$CURUSER['username']}. $actiontime",'mod'); go_back(); } elseif ($action == 'savesettings_smtp') // save smtp @@ -158,7 +158,7 @@ elseif ($action == 'savesettings_smtp') // save smtp } saveSetting('smtp', $SMTP); $actiontime = date("F j, Y, g:i a"); - write_log("Tracker SMTP settings updated by $CURUSER[username]. $actiontime",'mod'); + write_log("Tracker SMTP settings updated by {$CURUSER['username']}. $actiontime",'mod'); go_back(); } elseif ($action == 'savesettings_security') // save security @@ -181,7 +181,7 @@ elseif ($action == 'savesettings_security') // save security } saveSetting('security', $SECURITY); $actiontime = date("F j, Y, g:i a"); - write_log("Tracker SECURITY settings updated by $CURUSER[username]. $actiontime",'mod'); + write_log("Tracker SECURITY settings updated by {$CURUSER['username']}. $actiontime",'mod'); go_back(); } elseif ($action == 'savesettings_authority') // save user authority @@ -196,7 +196,7 @@ elseif ($action == 'savesettings_authority') // save user authority saveSetting('authority', $AUTHORITY); $actiontime = date("F j, Y, g:i a"); - write_log("Tracker USER AUTHORITY settings updated by $CURUSER[username]. $actiontime",'mod'); + write_log("Tracker USER AUTHORITY settings updated by {$CURUSER['username']}. $actiontime",'mod'); go_back(); } elseif ($action == 'savesettings_tweak') // save tweak @@ -210,7 +210,7 @@ elseif ($action == 'savesettings_tweak') // save tweak } saveSetting('tweak', $TWEAK); $actiontime = date("F j, Y, g:i a"); - write_log("Tracker TWEAK settings updated by $CURUSER[username]. $actiontime",'mod'); + write_log("Tracker TWEAK settings updated by {$CURUSER['username']}. $actiontime",'mod'); go_back(); } elseif ($action == 'savesettings_attachment') // save attachment @@ -225,7 +225,7 @@ elseif ($action == 'savesettings_attachment') // save attachment saveSetting('attachment', $ATTACHMENT); $actiontime = date("F j, Y, g:i a"); - write_log("Tracker ATTACHMENT settings updated by $CURUSER[username]. $actiontime",'mod'); + write_log("Tracker ATTACHMENT settings updated by {$CURUSER['username']}. $actiontime",'mod'); go_back(); } elseif ($action == 'savesettings_advertisement') // save advertisement @@ -240,7 +240,7 @@ elseif ($action == 'savesettings_advertisement') // save advertisement saveSetting('advertisement', $ADVERTISEMENT); $actiontime = date("F j, Y, g:i a"); - write_log("Tracker ADVERTISEMENT settings updated by $CURUSER[username]. $actiontime",'mod'); + write_log("Tracker ADVERTISEMENT settings updated by {$CURUSER['username']}. $actiontime",'mod'); go_back(); } elseif ($action == 'tweaksettings') // tweak settings diff --git a/public/torrents.php b/public/torrents.php index dd4ab0be..207a1237 100644 --- a/public/torrents.php +++ b/public/torrents.php @@ -885,7 +885,7 @@ if (isset($searchstr)) stdhead($lang_torrents['head_search_results_for'].$searchstr_ori); elseif ($sectiontype == $browsecatmode) stdhead($lang_torrents['head_torrents']); -else stdhead($lang_torrents['head_music']); +else stdhead($lang_torrents['head_special']); print("
"); displayHotAndClassic();