lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-14 20:40:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

improve use_can()

Browse Source
This commit is contained in:
xiaomlove
2022-08-24 00:19:19 +08:00
parent bb6cab0f49
commit 86dc15e79a
9 changed files with 102 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
public/announce.php
View File

@@ -35,7 +35,7 @@ if (!empty($_REQUEST['authkey'])) {
if (empty($decrypted)) {
err('Invalid authkey');
}
$userInfo = \Nexus\Database\NexusDB::remember("announce_user_passkey_$uid", 600, function () use ($uid) {
$userInfo = \Nexus\Database\NexusDB::remember("announce_user_passkey_$uid", 3600, function () use ($uid) {
return \App\Models\User::query()->where('id', $uid)->first(['id', 'passkey']);
});
if (!$userInfo) {
@@ -115,7 +115,7 @@ if (!$az = $Cache->get_value('user_passkey_'.$passkey.'_content')){
$res = sql_query("SELECT id, username, downloadpos, enabled, uploaded, downloaded, class, parked, clientselect, showclienterror, passkey, donor, donoruntil FROM users WHERE passkey=". sqlesc($passkey)." LIMIT 1");
$az = mysql_fetch_array($res);
do_log("[check passkey], currentUser: " . nexus_json_encode($az));
$Cache->cache_value('user_passkey_'.$passkey.'_content', $az, 950);
$Cache->cache_value('user_passkey_'.$passkey.'_content', $az, 3600);
}
if (!$az) err("Invalid passkey! Re-download the .torrent from $BASEURL");
$userid = intval($az['id'] ?? 0);
@@ -173,8 +173,7 @@ if (!$torrent) {
err("torrent not registered with this tracker");
}
//Do not use user_can(), some func user_can() used is not available IN_TRACKER
if ($az['class'] < $seebanned_class) {
if (!user_can('seebanned', false, $az['id'], $az['class'])) {
if ($torrent['banned'] == 'yes') {
err("torrent banned");
} elseif ($torrent['approval_status'] != \App\Models\Torrent::APPROVAL_STATUS_ALLOW && get_setting('torrent.approval_status_none_visible') == 'no') {

2
public/settings.php
View File

@@ -237,7 +237,7 @@ elseif ($action == 'savesettings_authority') // save user authority
saveSetting('authority', $AUTHORITY);
$actiontime = date("F j, Y, g:i a");
write_log("Tracker USER AUTHORITY settings updated by {$CURUSER['username']}. $actiontime",'mod');
do_action("nexus_setting_update", $AUTHORITY);
build_class_permission_cache();
go_back();
}
elseif ($action == 'savesettings_tweak') // save tweak

1
public/usercp.php
View File

@@ -815,6 +815,7 @@ EOD;
$to .= "&password=1";
if ($privacyupdated == 1)
$to .= "&privacy=1";
clear_user_cache($CURUSER["id"]);
header("Location: $to");
}
stdhead($lang_usercp['head_control_panel'].$lang_usercp['head_security_settings']);