lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 12:07:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

reset authkey + rss download link use downhash

Browse Source
This commit is contained in:
xiaomlove
2021-06-04 02:18:34 +08:00
parent e25fddcbe0
commit cf4479ebea
11 changed files with 39 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/download.php
+1 -2
View File
@@ -1,7 +1,7 @@
<?php
require_once("../include/bittorrent.php");
dbconn();
$torrentRep = new \App\Repositories\TorrentRepository();
if (!empty($_REQUEST['downhash'])){
$params = explode('|', $_REQUEST['downhash']);
if (empty($params[0]) || empty($params[1])) {
@@ -18,7 +18,6 @@ if (!empty($_REQUEST['downhash'])){
$oldip = $user['ip'];
$user['ip'] = getip();
$CURUSER = $user;
$torrentRep = new \App\Repositories\TorrentRepository();
$decrypted = $torrentRep->decryptDownHash($hash, $user);
if (empty($decrypted)) {
do_log("downhash invalid: " . nexus_json_encode($_REQUEST));
public/getrss.php
+1 -2
View File
@@ -38,7 +38,6 @@ if ($showteam) $teams = searchbox_item_list("teams");
if ($showaudiocodec) $audiocodecs = searchbox_item_list("audiocodecs");
}
stdhead($lang_getrss['head_rss_feeds']);
$query = [];
$query[] = "passkey=" . $CURUSER['passkey'];
if ($_SERVER['REQUEST_METHOD'] == "POST") {
@@ -173,7 +172,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$queries = implode("&", $query);
if ($queries)
$link .= "?".$queries;
$msg = $lang_getrss['std_use_following_url'] ."\n".$link."\n\n".$lang_getrss['std_utorrent_feed_url']."\n".$link."&linktype=dl&passkey=".$CURUSER['passkey'].$addinclbm;
$msg = $lang_getrss['std_use_following_url'] ."\n".$link."\n\n".$lang_getrss['std_utorrent_feed_url']."\n".$link."&linktype=dl".$addinclbm;
stdmsg($lang_getrss['std_done'],format_comment($msg));
stdfoot();
die();
public/takeupload.php
+3 -3
View File
@@ -61,7 +61,7 @@ if ($nfofile['name'] != '') {
}
$small_descr = unesc($_POST["small_descr"]);
$small_descr = unesc($_POST["small_descr"] ?? '');
$descr = unesc($_POST["descr"]);
if (!$descr)
@@ -397,10 +397,10 @@ if ($is_offer)
{
$res = sql_query("SELECT `userid` FROM `offervotes` WHERE `userid` != " . $CURUSER["id"] . " AND `offerid` = ". sqlesc($offerid)." AND `vote` = 'yeah'") or sqlerr(__FILE__, __LINE__);
while($row = mysql_fetch_assoc($res))
while($row = mysql_fetch_assoc($res))
{
$pn_msg = $lang_takeupload_target[get_user_lang($row["userid"])]['msg_offer_you_voted'].$torrent.$lang_takeupload_target[get_user_lang($row["userid"])]['msg_was_uploaded_by']. $CURUSER["username"] .$lang_takeupload_target[get_user_lang($row["userid"])]['msg_you_can_download'] ."[url=" . get_protocol_prefix() . "$BASEURL/details.php?id=$id&hit=1]".$lang_takeupload_target[get_user_lang($row["userid"])]['msg_here']."[/url]";
//=== use this if you DO have subject in your PMs
$subject = $lang_takeupload_target[get_user_lang($row["userid"])]['msg_offer'].$torrent.$lang_takeupload_target[get_user_lang($row["userid"])]['msg_was_just_uploaded'];
//=== use this if you DO NOT have subject in your PMs
public/torrentrss.php
+3 -3
View File
@@ -11,7 +11,7 @@ if (!$passkey) {
}
$where = "";
if ($passkey){
$res = sql_query("SELECT id, enabled, parked FROM users WHERE passkey=". sqlesc($passkey)." LIMIT 1");
$res = sql_query("SELECT id, enabled, parked, passkey FROM users WHERE passkey=". sqlesc($passkey)." LIMIT 1");
$user = mysql_fetch_array($res);
if (!$user)
die("invalid passkey");
@@ -107,7 +107,7 @@ if ($where)
$query = "SELECT torrents.id, torrents.category, torrents.name, torrents.small_descr, torrents.descr, torrents.info_hash, torrents.size, torrents.added, torrents.anonymous, users.username AS username, categories.id AS cat_id, categories.name AS cat_name FROM torrents LEFT JOIN categories ON category = categories.id LEFT JOIN users ON torrents.owner = users.id $where ORDER BY torrents.added DESC LIMIT $limit";
$res = sql_query($query) or die(mysql_error());
$torrentRep = new \App\Repositories\TorrentRepository();
$url = get_protocol_prefix().$BASEURL;
$year = substr($datefounded, 0, 4);
$yearfounded = ($year ? $year : 2007);
@@ -152,7 +152,7 @@ while ($row = mysql_fetch_array($res))
else $author = $row['username'];
$itemurl = $url."/details.php?id=".$row['id'];
if ($dllink)
$itemdlurl = $url."/download.php?id=".$row['id']."&amp;passkey=".rawurlencode($passkey);
$itemdlurl = $url."/download.php?id=".$row['id']."&amp;downhash=".rawurlencode($torrentRep->encryptDownHash($row['id'], $user));
else $itemdlurl = $url."/download.php?id=".$row['id'];
if (!empty($_GET['icat'])) $title .= "[".$row['cat_name']."]";
$title .= $row['name'];
public/usercp.php
+11 -2
View File
@@ -781,7 +781,12 @@ EOD;
$result = sql_query($query);
if (!$result)
sqlerr(__FILE__,__LINE__);
else
if (!empty($_REQUEST['resetauthkey']) && $_REQUEST['resetauthkey'] == 1) {
//reset authkey
$torrentRep = new \App\Repositories\TorrentRepository();
$torrentRep->resetTrackerReportAuthKeySecret($user);
}
$to = "usercp.php?action=security&type=saved";
if ($changedemail == 1)
$to .= "&mail=1";
@@ -799,17 +804,20 @@ EOD;
if ($type == 'save') {
print("<form method=post action=usercp.php><input type=hidden name=action value=security><input type=hidden name=type value=confirm>");
$resetpasskey = $_POST["resetpasskey"];
$resetauthkey = $_POST["resetauthkey"];
$email = mysql_real_escape_string( htmlspecialchars( trim($_POST["email"]) ));
$chpassword = $_POST["chpassword"];
$passagain = $_POST["passagain"];
$privacy = $_POST["privacy"];
if ($resetpasskey == 1)
print("<input type=\"hidden\" name=\"resetpasskey\" value=\"1\">");
if ($resetauthkey == 1)
print("<input type=\"hidden\" name=\"resetauthkey\" value=\"1\">");
print("<input type=\"hidden\" name=\"email\" value=\"$email\">");
print("<input type=\"hidden\" name=\"chpassword\" value=\"$chpassword\">");
print("<input type=\"hidden\" name=\"passagain\" value=\"$passagain\">");
print("<input type=\"hidden\" name=\"privacy\" value=\"$privacy\">");
Print("<tr><td class=\"heading\" valign=\"top\" align=\"right\" width=1%>".$lang_usercp['row_security_check']."</td><td valign=\"top\" align=left><input type=password name=oldpassword style=\"width: 200px\"><br /><font class=small>".$lang_usercp['text_security_check_note']."</font></td></tr>\n");
Print("<tr><td class=\"rowhead nowrap\" valign=\"top\" align=\"right\" width=1%>".$lang_usercp['row_security_check']."</td><td valign=\"top\" align=\"left\" width=\"99%\"><input type=password name=oldpassword style=\"width: 200px\"><br /><font class=small>".$lang_usercp['text_security_check_note']."</font></td></tr>\n");
submit();
print("</table>");
stdfoot();
@@ -819,6 +827,7 @@ EOD;
print("<tr><td colspan=2 class=\"heading\" valign=\"top\" align=\"center\"><font color=red>".$lang_usercp['text_saved'].($_GET["mail"] == "1" ? $lang_usercp['std_confirmation_email_sent'] : "")." ".($_GET["passkey"] == "1" ? $lang_usercp['std_passkey_reset'] : "")." ".($_GET["password"] == "1" ? $lang_usercp['std_password_changed'] : "")." ".($_GET["privacy"] == "1" ? $lang_usercp['std_privacy_level_updated'] : "")."</font></td></tr>\n");
form ("security");
tr_small($lang_usercp['row_reset_passkey'],"<input type=checkbox name=resetpasskey value=1 />".$lang_usercp['checkbox_reset_my_passkey']."<br /><font class=small>".$lang_usercp['text_reset_passkey_note']."</font>", 1);
tr_small($lang_usercp['row_reset_authkey'],"<input type=checkbox name=resetauthkey value=1 />".$lang_usercp['checkbox_reset_my_authkey']."<br /><font class=small>".$lang_usercp['text_reset_authkey_note']."</font>", 1);
if ($disableemailchange != 'no' && $smtptype != 'none') //system-wide setting
tr_small($lang_usercp['row_email_address'], "<input type=\"text\" name=\"email\" style=\"width: 200px\" value=\"" . htmlspecialchars($CURUSER["email"]) . "\" /> <br /><font class=small>".$lang_usercp['text_email_address_note']."</font>", 1);
tr_small($lang_usercp['row_change_password'], "<input type=\"password\" name=\"chpassword\" style=\"width: 200px\" />", 1);