From 5fdeaafd9e193c8270683dd6943fa29961c7a848 Mon Sep 17 00:00:00 2001
From: xiaomlove <353856593@qq.com>
Date: Wed, 2 Jun 2021 19:01:28 +0800
Subject: [PATCH] torrent downhash encrypt by hashids

---
 app/Console/Commands/Test.php          |  4 +-
 app/Repositories/TorrentRepository.php | 28 ++++-----
 composer.json                          |  1 +
 composer.lock                          | 78 +++++++++++++++++++++++++-
 public/details.php                     |  2 +-
 public/download.php                    | 40 ++++++-------
 6 files changed, 116 insertions(+), 37 deletions(-)

diff --git a/app/Console/Commands/Test.php b/app/Console/Commands/Test.php
index 276dfbb3..47708450 100644
--- a/app/Console/Commands/Test.php
+++ b/app/Console/Commands/Test.php
@@ -50,7 +50,9 @@ class Test extends Command
      */
     public function handle()
     {
-
+        $torrentRep = new TorrentRepository();
+        $r = $torrentRep->encryptDownHash(1, 1);
+        dd($r, $torrentRep->decryptDownHash($r,1));
     }
 
 }
diff --git a/app/Repositories/TorrentRepository.php b/app/Repositories/TorrentRepository.php
index bc01cc44..64b9a8c9 100644
--- a/app/Repositories/TorrentRepository.php
+++ b/app/Repositories/TorrentRepository.php
@@ -14,6 +14,7 @@ use App\Models\Standard;
 use App\Models\Team;
 use App\Models\Torrent;
 use App\Models\User;
+use Hashids\Hashids;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Seeder;
 use Illuminate\Http\Request;
@@ -255,25 +256,24 @@ class TorrentRepository extends BaseRepository
     }
 
     public function encryptDownHash($id, $user): string
+    {
+        $key = $this->getEncryptDownHashKey($user);
+        return (new Hashids($key))->encode($id);
+    }
+
+    public function decryptDownHash($downHash, $user)
+    {
+        $key = $this->getEncryptDownHashKey($user);
+        return (new Hashids($key))->decode($downHash);
+    }
+
+    private function getEncryptDownHashKey($user)
     {
         if (!is_array($user) || empty($user['passkey']) || empty($user['id'])) {
             $user = User::query()->findOrFail(intval($user), ['id', 'passkey'])->toArray();
         }
         //down hash is relative to user passkey
-        $key = md5($user['passkey'] . date('Ymd') . $user['id']);
-        $toolRep = new ToolRepository();
-        $payload = [
-            'id' => $id,
-            'uid' => $user['id'],
-            'date' => date('Ymd'),
-        ];
-        return $toolRep->getEncrypter($key)->encrypt($payload);
-    }
-
-    public function decryptDownHash($downHash)
-    {
-        $toolRep = new ToolRepository();
-        return $toolRep->getEncrypter()->decrypt($downHash);
+        return md5($user['passkey'] . date('Ymd') . $user['id']);
     }
 
 
diff --git a/composer.json b/composer.json
index fa2566d7..c8a3cac4 100644
--- a/composer.json
+++ b/composer.json
@@ -31,6 +31,7 @@
         "fideloper/proxy": "^4.4",
         "fruitcake/laravel-cors": "^2.0",
         "guzzlehttp/guzzle": "~6.0",
+        "hashids/hashids": "^4.1",
         "imdbphp/imdbphp": "^6.4",
         "laravel-lang/lang": "~7.0",
         "laravel/framework": "^8.12",
diff --git a/composer.lock b/composer.lock
index 9204326f..8c85b2cc 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "3cdb39d9cebc22389a2d4654a240149e",
+    "content-hash": "0c77bf38428a182de615c04874fe0bf2",
     "packages": [
         {
             "name": "asm89/stack-cors",
@@ -1132,6 +1132,82 @@
             ],
             "time": "2021-03-21T16:25:00+00:00"
         },
+        {
+            "name": "hashids/hashids",
+            "version": "4.1.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/vinkla/hashids.git",
+                "reference": "8cab111f78e0bd9c76953b082919fc9e251761be"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/vinkla/hashids/zipball/8cab111f78e0bd9c76953b082919fc9e251761be",
+                "reference": "8cab111f78e0bd9c76953b082919fc9e251761be",
+                "shasum": "",
+                "mirrors": [
+                    {
+                        "url": "https://mirrors.aliyun.com/composer/dists/%package%/%reference%.%type%",
+                        "preferred": true
+                    }
+                ]
+            },
+            "require": {
+                "ext-mbstring": "*",
+                "php": "^7.2 || ^8.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^8.0 || ^9.4",
+                "squizlabs/php_codesniffer": "^3.5"
+            },
+            "suggest": {
+                "ext-bcmath": "Required to use BC Math arbitrary precision mathematics (*).",
+                "ext-gmp": "Required to use GNU multiple precision mathematics (*)."
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "4.1-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Hashids\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ivan Akimov",
+                    "email": "ivan@barreleye.com"
+                },
+                {
+                    "name": "Vincent Klaiber",
+                    "email": "hello@doubledip.se"
+                }
+            ],
+            "description": "Generate short, unique, non-sequential ids (like YouTube and Bitly) from numbers",
+            "homepage": "https://hashids.org/php",
+            "keywords": [
+                "bitly",
+                "decode",
+                "encode",
+                "hash",
+                "hashid",
+                "hashids",
+                "ids",
+                "obfuscate",
+                "youtube"
+            ],
+            "support": {
+                "issues": "https://github.com/vinkla/hashids/issues",
+                "source": "https://github.com/vinkla/hashids/tree/4.1.0"
+            },
+            "time": "2020-11-26T19:24:33+00:00"
+        },
         {
             "name": "imdbphp/imdbphp",
             "version": "v6.4.2",
diff --git a/public/details.php b/public/details.php
index d3a6ff5f..f90c7471 100644
--- a/public/details.php
+++ b/public/details.php
@@ -128,7 +128,7 @@ if (!$row) {
 		else $download = "";
 
 		tr($lang_details['row_action'], $download. ($owned == 1 ? "<$editlink><img class=\"dt_edit\" src=\"pic/trans.gif\" alt=\"edit\" />&nbsp;<b><font class=\"small\">".$lang_details['text_edit_torrent'] . "</font></b></a>&nbsp;|&nbsp;" : "").  (get_user_class() >= $askreseed_class && $row['seeders'] == 0 ? "<a title=\"".$lang_details['title_ask_for_reseed']."\" href=\"takereseed.php?reseedid=$id\"><img class=\"dt_reseed\" src=\"pic/trans.gif\" alt=\"reseed\">&nbsp;<b><font class=\"small\">".$lang_details['text_ask_for_reseed'] ."</font></b></a>&nbsp;|&nbsp;" : "") . "<a title=\"".$lang_details['title_report_torrent']."\" href=\"report.php?torrent=$id\"><img class=\"dt_report\" src=\"pic/trans.gif\" alt=\"report\" />&nbsp;<b><font class=\"small\">".$lang_details['text_report_torrent']."</font></b></a>", 1);
-        tr($lang_details['torrent_dl_url'],sprintf('<a title="%s" href="%s/download.php?downhash=%s">%s</a>',$lang_details['torrent_dl_url_notice'], getSchemeAndHttpHost(), $torrentRep->encryptDownHash($row['id'], $CURUSER), $lang_details['torrent_dl_url_text']),1);
+        tr($lang_details['torrent_dl_url'],sprintf('<a title="%s" href="%s/download.php?downhash=%s|%s">%s</a>',$lang_details['torrent_dl_url_notice'], getSchemeAndHttpHost(), $CURUSER['id'], $torrentRep->encryptDownHash($row['id'], $CURUSER), $lang_details['torrent_dl_url_text']),1);
 
 		// ---------------- start subtitle block -------------------//
 		$r = sql_query("SELECT subs.*, language.flagpic, language.lang_name FROM subs LEFT JOIN language ON subs.lang_id=language.id WHERE torrent_id = " . sqlesc($row["id"]). " ORDER BY subs.lang_id ASC") or sqlerr(__FILE__, __LINE__);
diff --git a/public/download.php b/public/download.php
index a8517371..2db2874d 100644
--- a/public/download.php
+++ b/public/download.php
@@ -3,28 +3,28 @@ require_once("../include/bittorrent.php");
 dbconn();
 
 if (!empty($_REQUEST['downhash'])){
+    $params = explode('|', $_REQUEST['downhash']);
+    if (empty($params[0]) || empty($params[1])) {
+        die("invalid downhash, format error");
+    }
+    $uid = $params[0];
+    $hash = $params[1];
+    $res = sql_query("SELECT * FROM users WHERE id=". sqlesc($uid)." LIMIT 1");
+    $user = mysql_fetch_array($res);
+    if (!$user)
+        die("invalid uid");
+    elseif ($user['enabled'] == 'no' || $user['parked'] == 'yes')
+        die("account disabed or parked");
+    $oldip = $user['ip'];
+    $user['ip'] = getip();
+    $CURUSER = $user;
     $torrentRep = new \App\Repositories\TorrentRepository();
-    try {
-        $params = $torrentRep->decryptDownHash($_REQUEST['downhash']);
-    } catch (\Exception $exception) {
-        do_log("downhash: " . $_REQUEST['downhash'] . " invalid: " . $exception->getMessage());
-        die("invalid downhash, decrypt fail");
+    $decrypted = $torrentRep->decryptDownHash($hash, $user);
+    if (empty($decrypted)) {
+        do_log("downhash invalid: " . nexus_json_encode($_REQUEST));
+        die("invalid downhash, decrpyt fail");
     }
-    if ($params['date'] != date('Ymd')) {
-        die("invalid downhash, expires");
-    }
-    $id = $params['id'];
-    $uid = $params['uid'];
-
-	$res = sql_query("SELECT * FROM users WHERE id=". sqlesc($uid)." LIMIT 1");
-	$user = mysql_fetch_array($res);
-	if (!$user)
-		die("invalid downhash, payload invalid");
-	elseif ($user['enabled'] == 'no' || $user['parked'] == 'yes')
-		die("account disabed or parked");
-	$oldip = $user['ip'];
-	$user['ip'] = getip();
-	$CURUSER = $user;
+    $id = $decrypted[0];
 }
 else
 {