reconstruct ajax

2026-04-28 06:57:22 +08:00 · 2023-05-07 08:38:46 +08:00
parent 72f260c76a
commit 744d1ef05c
1 changed files with 154 additions and 172 deletions
@@ -6,43 +6,9 @@ loggedinorreturn();
 $action = $_POST['action'] ?? 'noAction';
 $params = $_POST['params'] ?? [];

-const ALLOWED_ACTION = [
-    'toggleUserMedalStatus',
-    'attendanceRetroactive',
-    'getPtGen',
-    'addClaim',
-    'removeClaim',
-    'removeUserLeechWarn',
-    'getOffer',
-    'approvalModal',
-    'approval',
-    'addSeedBoxRecord',
-    'removeSeedBoxRecord',
-    'removeHitAndRun',
-    'consumeBenefit',
-    'clearShoutBox',
-    'buyMedal',
-    'giftMedal',
-    'saveUserMedal',
-];
-if(!in_array($action,ALLOWED_ACTION)){
-    do_log('hack attempt '.print_r($CURUSER,true),'error');
-    $action = 'noAction';
-}
-function noAction()
-{
-    throw new \RuntimeException("no Action");
-}
+class AjaxInterface{

-
-try {
-    $result = call_user_func($action, $params);
-    exit(json_encode(success($result)));
-} catch (\Throwable $exception) {
-    exit(json_encode(fail($exception->getMessage(), $_POST)));
-}
-
-function toggleUserMedalStatus($params)
+    public static function toggleUserMedalStatus($params)
    {
        global $CURUSER;
        $rep = new \App\Repositories\MedalRepository();
@@ -50,14 +16,14 @@ function toggleUserMedalStatus($params)
    }
    
    
-function attendanceRetroactive($params)
+    public static function attendanceRetroactive($params)
    {
        global $CURUSER;
        $rep = new \App\Repositories\AttendanceRepository();
        return $rep->retroactive($CURUSER['id'], $params['timestamp']);
    }
    
-function getPtGen($params)
+    public static function getPtGen($params)
    {
        $rep = new Nexus\PTGen\PTGen();
        $result = $rep->generate($params['url']);
@@ -70,41 +36,41 @@ function getPtGen($params)
        }
    }
    
-function addClaim($params)
+    public static function addClaim($params)
    {
        global $CURUSER;
        $rep = new \App\Repositories\ClaimRepository();
        return $rep->store($CURUSER['id'], $params['torrent_id']);
    }
    
-function removeClaim($params)
+    public static function removeClaim($params)
    {
        global $CURUSER;
        $rep = new \App\Repositories\ClaimRepository();
        return $rep->delete($params['id'], $CURUSER['id']);
    }
    
-function removeUserLeechWarn($params)
+    public static function removeUserLeechWarn($params)
    {
        global $CURUSER;
        $rep = new \App\Repositories\UserRepository();
        return $rep->removeLeechWarn($CURUSER['id'], $params['uid']);
    }
    
-function getOffer($params)
+    public static function getOffer($params)
    {
        $offer = \App\Models\Offer::query()->findOrFail($params['id']);
        return $offer->toArray();
    }
    
-function approvalModal($params)
+    public static function approvalModal($params)
    {
        global $CURUSER;
        $rep = new \App\Repositories\TorrentRepository();
        return $rep->buildApprovalModal($CURUSER['id'], $params['torrent_id']);
    }
    
-function approval($params)
+    public static function approval($params)
    {
        global $CURUSER;
        foreach (['torrent_id', 'approval_status',] as $field) {
@@ -116,7 +82,7 @@ function approval($params)
        return $rep->approval($CURUSER['id'], $params);
    }
    
-function addSeedBoxRecord($params)
+    public static function addSeedBoxRecord($params)
    {
        global $CURUSER;
        $rep = new \App\Repositories\SeedBoxRepository();
@@ -126,28 +92,28 @@ function addSeedBoxRecord($params)
        return $rep->store($params);
    }
    
-function removeSeedBoxRecord($params)
+    public static function removeSeedBoxRecord($params)
    {
        global $CURUSER;
        $rep = new \App\Repositories\SeedBoxRepository();
        return $rep->delete($params['id'], $CURUSER['id']);
    }
    
-function removeHitAndRun($params)
+    public static function removeHitAndRun($params)
    {
        global $CURUSER;
        $rep = new \App\Repositories\BonusRepository();
        return $rep->consumeToCancelHitAndRun($CURUSER['id'], $params['id']);
    }
    
-function consumeBenefit($params)
+    public static function consumeBenefit($params)
    {
        global $CURUSER;
        $rep = new \App\Repositories\UserRepository();
        return $rep->consumeBenefit($CURUSER['id'], $params);
    }
    
-function clearShoutBox($params)
+    public static function clearShoutBox($params)
    {
        global $CURUSER;
        user_can('sbmanage', true);
@@ -155,21 +121,21 @@ function clearShoutBox($params)
        return true;
    }
    
-function buyMedal($params)
+    public static function buyMedal($params)
    {
        global $CURUSER;
        $rep = new \App\Repositories\BonusRepository();
        return $rep->consumeToBuyMedal($CURUSER['id'], $params['medal_id']);
    }
    
-function giftMedal($params)
+    public static function giftMedal($params)
    {
        global $CURUSER;
        $rep = new \App\Repositories\BonusRepository();
        return $rep->consumeToGiftMedal($CURUSER['id'], $params['medal_id'], $params['uid']);
    }
    
-function saveUserMedal($params)
+    public static function saveUserMedal($params)
    {
        global $CURUSER;
        $data = [];
@@ -184,3 +150,19 @@ function saveUserMedal($params)
        $rep = new \App\Repositories\MedalRepository();
        return $rep->saveUserMedal($CURUSER['id'], $data);
    }
+}
+
+$class = 'AjaxInterface';
+$reflection = new ReflectionClass($class);
+
+try {
+    if($reflection->hasMethod($action)&&$reflection->getMethod($action)->isStatic()) {
+        $result = $class::$action($params);
+        exit(json_encode(success($result)));
+    } else {
+        do_log('hack attempt '.print_r($CURUSER, true), 'error');
+        throw new \RuntimeException("no Action");
+    }
+}catch(\Throwable $exception){
+    exit(json_encode(fail($exception->getMessage(), $_POST)));
+}