lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-14 04:20:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

torrent downhash encrypt by hashids

Browse Source
This commit is contained in:
xiaomlove
2021-06-02 19:01:28 +08:00
parent 1985585e22
commit 5fdeaafd9e
6 changed files with 116 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Console/Commands/Test.php
View File

@@ -50,7 +50,9 @@ class Test extends Command
*/
public function handle()
{
$torrentRep = new TorrentRepository();
$r = $torrentRep->encryptDownHash(1, 1);
dd($r, $torrentRep->decryptDownHash($r,1));
}
}

28
app/Repositories/TorrentRepository.php
View File

@@ -14,6 +14,7 @@ use App\Models\Standard;
use App\Models\Team;
use App\Models\Torrent;
use App\Models\User;
use Hashids\Hashids;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Seeder;
use Illuminate\Http\Request;
@@ -255,25 +256,24 @@ class TorrentRepository extends BaseRepository
}
public function encryptDownHash($id, $user): string
{
$key = $this->getEncryptDownHashKey($user);
return (new Hashids($key))->encode($id);
}
public function decryptDownHash($downHash, $user)
{
$key = $this->getEncryptDownHashKey($user);
return (new Hashids($key))->decode($downHash);
}
private function getEncryptDownHashKey($user)
{
if (!is_array($user) || empty($user['passkey']) || empty($user['id'])) {
$user = User::query()->findOrFail(intval($user), ['id', 'passkey'])->toArray();
}
//down hash is relative to user passkey
$key = md5($user['passkey'] . date('Ymd') . $user['id']);
$toolRep = new ToolRepository();
$payload = [
'id' => $id,
'uid' => $user['id'],
'date' => date('Ymd'),
];
return $toolRep->getEncrypter($key)->encrypt($payload);
}
public function decryptDownHash($downHash)
{
$toolRep = new ToolRepository();
return $toolRep->getEncrypter()->decrypt($downHash);
return md5($user['passkey'] . date('Ymd') . $user['id']);
}

1
composer.json
View File

@@ -31,6 +31,7 @@
"fideloper/proxy": "^4.4",
"fruitcake/laravel-cors": "^2.0",
"guzzlehttp/guzzle": "~6.0",
"hashids/hashids": "^4.1",
"imdbphp/imdbphp": "^6.4",
"laravel-lang/lang": "~7.0",
"laravel/framework": "^8.12",

78
composer.lock generated
View File

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "3cdb39d9cebc22389a2d4654a240149e",
"content-hash": "0c77bf38428a182de615c04874fe0bf2",
"packages": [
{
"name": "asm89/stack-cors",
@@ -1132,6 +1132,82 @@
],
"time": "2021-03-21T16:25:00+00:00"
},
{
"name": "hashids/hashids",
"version": "4.1.0",
"source": {
"type": "git",
"url": "https://github.com/vinkla/hashids.git",
"reference": "8cab111f78e0bd9c76953b082919fc9e251761be"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/vinkla/hashids/zipball/8cab111f78e0bd9c76953b082919fc9e251761be",
"reference": "8cab111f78e0bd9c76953b082919fc9e251761be",
"shasum": "",
"mirrors": [
{
"url": "https://mirrors.aliyun.com/composer/dists/%package%/%reference%.%type%",
"preferred": true
}
]
},
"require": {
"ext-mbstring": "*",
"php": "^7.2 || ^8.0"
},
"require-dev": {
"phpunit/phpunit": "^8.0 || ^9.4",
"squizlabs/php_codesniffer": "^3.5"
},
"suggest": {
"ext-bcmath": "Required to use BC Math arbitrary precision mathematics (*).",
"ext-gmp": "Required to use GNU multiple precision mathematics (*)."
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "4.1-dev"
}
},
"autoload": {
"psr-4": {
"Hashids\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Ivan Akimov",
"email": "ivan@barreleye.com"
},
{
"name": "Vincent Klaiber",
"email": "hello@doubledip.se"
}
],
"description": "Generate short, unique, non-sequential ids (like YouTube and Bitly) from numbers",
"homepage": "https://hashids.org/php",
"keywords": [
"bitly",
"decode",
"encode",
"hash",
"hashid",
"hashids",
"ids",
"obfuscate",
"youtube"
],
"support": {
"issues": "https://github.com/vinkla/hashids/issues",
"source": "https://github.com/vinkla/hashids/tree/4.1.0"
},
"time": "2020-11-26T19:24:33+00:00"
},
{
"name": "imdbphp/imdbphp",
"version": "v6.4.2",

2
public/details.php
View File

@@ -128,7 +128,7 @@ if (!$row) {
else $download = "";
tr($lang_details['row_action'], $download. ($owned == 1 ? "<$editlink><img class=\"dt_edit\" src=\"pic/trans.gif\" alt=\"edit\" />&nbsp;<b><font class=\"small\">".$lang_details['text_edit_torrent'] . "</font></b></a>&nbsp;|&nbsp;" : ""). (get_user_class() >= $askreseed_class && $row['seeders'] == 0 ? "<a title=\"".$lang_details['title_ask_for_reseed']."\" href=\"takereseed.php?reseedid=$id\"><img class=\"dt_reseed\" src=\"pic/trans.gif\" alt=\"reseed\">&nbsp;<b><font class=\"small\">".$lang_details['text_ask_for_reseed'] ."</font></b></a>&nbsp;|&nbsp;" : "") . "<a title=\"".$lang_details['title_report_torrent']."\" href=\"report.php?torrent=$id\"><img class=\"dt_report\" src=\"pic/trans.gif\" alt=\"report\" />&nbsp;<b><font class=\"small\">".$lang_details['text_report_torrent']."</font></b></a>", 1);
tr($lang_details['torrent_dl_url'],sprintf('<a title="%s" href="%s/download.php?downhash=%s">%s</a>',$lang_details['torrent_dl_url_notice'], getSchemeAndHttpHost(), $torrentRep->encryptDownHash($row['id'], $CURUSER), $lang_details['torrent_dl_url_text']),1);
tr($lang_details['torrent_dl_url'],sprintf('<a title="%s" href="%s/download.php?downhash=%s|%s">%s</a>',$lang_details['torrent_dl_url_notice'], getSchemeAndHttpHost(), $CURUSER['id'], $torrentRep->encryptDownHash($row['id'], $CURUSER), $lang_details['torrent_dl_url_text']),1);
// ---------------- start subtitle block -------------------//
$r = sql_query("SELECT subs.*, language.flagpic, language.lang_name FROM subs LEFT JOIN language ON subs.lang_id=language.id WHERE torrent_id = " . sqlesc($row["id"]). " ORDER BY subs.lang_id ASC") or sqlerr(__FILE__, __LINE__);

40
public/download.php
View File

@@ -3,28 +3,28 @@ require_once("../include/bittorrent.php");
dbconn();
if (!empty($_REQUEST['downhash'])){
$params = explode('|', $_REQUEST['downhash']);
if (empty($params[0]) || empty($params[1])) {
die("invalid downhash, format error");
}
$uid = $params[0];
$hash = $params[1];
$res = sql_query("SELECT * FROM users WHERE id=". sqlesc($uid)." LIMIT 1");
$user = mysql_fetch_array($res);
if (!$user)
die("invalid uid");
elseif ($user['enabled'] == 'no' || $user['parked'] == 'yes')
die("account disabed or parked");
$oldip = $user['ip'];
$user['ip'] = getip();
$CURUSER = $user;
$torrentRep = new \App\Repositories\TorrentRepository();
try {
$params = $torrentRep->decryptDownHash($_REQUEST['downhash']);
} catch (\Exception $exception) {
do_log("downhash: " . $_REQUEST['downhash'] . " invalid: " . $exception->getMessage());
die("invalid downhash, decrypt fail");
$decrypted = $torrentRep->decryptDownHash($hash, $user);
if (empty($decrypted)) {
do_log("downhash invalid: " . nexus_json_encode($_REQUEST));
die("invalid downhash, decrpyt fail");
}
if ($params['date'] != date('Ymd')) {
die("invalid downhash, expires");
}
$id = $params['id'];
$uid = $params['uid'];
$res = sql_query("SELECT * FROM users WHERE id=". sqlesc($uid)." LIMIT 1");
$user = mysql_fetch_array($res);
if (!$user)
die("invalid downhash, payload invalid");
elseif ($user['enabled'] == 'no' || $user['parked'] == 'yes')
die("account disabed or parked");
$oldip = $user['ip'];
$user['ip'] = getip();
$CURUSER = $user;
$id = $decrypted[0];
}
else
{