lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 12:07:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

torrent downhash encrypt by hashids

Browse Source
This commit is contained in:
xiaomlove
2021-06-02 19:01:28 +08:00
parent 1985585e22
commit 5fdeaafd9e
6 changed files with 116 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/details.php
+1 -1
View File
@@ -128,7 +128,7 @@ if (!$row) {
else $download = "";
tr($lang_details['row_action'], $download. ($owned == 1 ? "<$editlink><img class=\"dt_edit\" src=\"pic/trans.gif\" alt=\"edit\" />&nbsp;<b><font class=\"small\">".$lang_details['text_edit_torrent'] . "</font></b></a>&nbsp;|&nbsp;" : ""). (get_user_class() >= $askreseed_class && $row['seeders'] == 0 ? "<a title=\"".$lang_details['title_ask_for_reseed']."\" href=\"takereseed.php?reseedid=$id\"><img class=\"dt_reseed\" src=\"pic/trans.gif\" alt=\"reseed\">&nbsp;<b><font class=\"small\">".$lang_details['text_ask_for_reseed'] ."</font></b></a>&nbsp;|&nbsp;" : "") . "<a title=\"".$lang_details['title_report_torrent']."\" href=\"report.php?torrent=$id\"><img class=\"dt_report\" src=\"pic/trans.gif\" alt=\"report\" />&nbsp;<b><font class=\"small\">".$lang_details['text_report_torrent']."</font></b></a>", 1);
tr($lang_details['torrent_dl_url'],sprintf('<a title="%s" href="%s/download.php?downhash=%s">%s</a>',$lang_details['torrent_dl_url_notice'], getSchemeAndHttpHost(), $torrentRep->encryptDownHash($row['id'], $CURUSER), $lang_details['torrent_dl_url_text']),1);
tr($lang_details['torrent_dl_url'],sprintf('<a title="%s" href="%s/download.php?downhash=%s|%s">%s</a>',$lang_details['torrent_dl_url_notice'], getSchemeAndHttpHost(), $CURUSER['id'], $torrentRep->encryptDownHash($row['id'], $CURUSER), $lang_details['torrent_dl_url_text']),1);
// ---------------- start subtitle block -------------------//
$r = sql_query("SELECT subs.*, language.flagpic, language.lang_name FROM subs LEFT JOIN language ON subs.lang_id=language.id WHERE torrent_id = " . sqlesc($row["id"]). " ORDER BY subs.lang_id ASC") or sqlerr(__FILE__, __LINE__);
public/download.php
+20 -20
View File
@@ -3,28 +3,28 @@ require_once("../include/bittorrent.php");
dbconn();
if (!empty($_REQUEST['downhash'])){
$params = explode('|', $_REQUEST['downhash']);
if (empty($params[0]) || empty($params[1])) {
die("invalid downhash, format error");
}
$uid = $params[0];
$hash = $params[1];
$res = sql_query("SELECT * FROM users WHERE id=". sqlesc($uid)." LIMIT 1");
$user = mysql_fetch_array($res);
if (!$user)
die("invalid uid");
elseif ($user['enabled'] == 'no' || $user['parked'] == 'yes')
die("account disabed or parked");
$oldip = $user['ip'];
$user['ip'] = getip();
$CURUSER = $user;
$torrentRep = new \App\Repositories\TorrentRepository();
try {
$params = $torrentRep->decryptDownHash($_REQUEST['downhash']);
} catch (\Exception $exception) {
do_log("downhash: " . $_REQUEST['downhash'] . " invalid: " . $exception->getMessage());
die("invalid downhash, decrypt fail");
$decrypted = $torrentRep->decryptDownHash($hash, $user);
if (empty($decrypted)) {
do_log("downhash invalid: " . nexus_json_encode($_REQUEST));
die("invalid downhash, decrpyt fail");
}
if ($params['date'] != date('Ymd')) {
die("invalid downhash, expires");
}
$id = $params['id'];
$uid = $params['uid'];
$res = sql_query("SELECT * FROM users WHERE id=". sqlesc($uid)." LIMIT 1");
$user = mysql_fetch_array($res);
if (!$user)
die("invalid downhash, payload invalid");
elseif ($user['enabled'] == 'no' || $user['parked'] == 'yes')
die("account disabed or parked");
$oldip = $user['ip'];
$user['ip'] = getip();
$CURUSER = $user;
$id = $decrypted[0];
}
else
{