lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 12:07:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

reset authkey + rss download link use downhash

Browse Source
This commit is contained in:
xiaomlove
2021-06-04 02:18:34 +08:00
parent e25fddcbe0
commit cf4479ebea
11 changed files with 39 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/constants.php
+1 -1
View File
@@ -1,5 +1,5 @@
<?php <?php
defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.6.0-beta7'); defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.6.0-beta8');
defined('RELEASE_DATE') || define('RELEASE_DATE', '2020-05-15'); defined('RELEASE_DATE') || define('RELEASE_DATE', '2020-05-15');
defined('IN_TRACKER') || define('IN_TRACKER', true); defined('IN_TRACKER') || define('IN_TRACKER', true);
defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP"); defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
lang/chs/lang_settings.php
+1 -1
View File
@@ -429,7 +429,7 @@ $lang_settings = array
'text_external_forum_url_note' => "填写类似这样的地址:http://www.cc98.org", 'text_external_forum_url_note' => "填写类似这样的地址:http://www.cc98.org",
'row_torrents_category_mode' => "种子区分类模式", 'row_torrents_category_mode' => "种子区分类模式",
'text_torrents_category_mode_note' => "改变种子区的分类模式。", 'text_torrents_category_mode_note' => "改变种子区的分类模式。",
'row_special_category_mode' => "区分类模式", 'row_special_category_mode' => "区分类模式",
'text_special_category_mode_note' => "改变特殊区的分类模式。", 'text_special_category_mode_note' => "改变特殊区的分类模式。",
'row_default_site_language' => "默认站点语言", 'row_default_site_language' => "默认站点语言",
'text_default_site_language_note' => "改变登录页面的默认语言。", 'text_default_site_language_note' => "改变登录页面的默认语言。",
lang/chs/lang_usercp.php
+6 -3
View File
@@ -77,9 +77,12 @@ $lang_usercp = array
'std_passkey_reset' => " (密钥已成功更新!)", 'std_passkey_reset' => " (密钥已成功更新!)",
'std_password_changed' => " (你的密码已成功修改!)", 'std_password_changed' => " (你的密码已成功修改!)",
'std_privacy_level_updated' => " (你的隐私级别已成功更新!)", 'std_privacy_level_updated' => " (你的隐私级别已成功更新!)",
'row_reset_passkey' => "重置密钥", 'row_reset_passkey' => "重置 passkey",
'checkbox_reset_my_passkey' => "我想重置密钥", 'checkbox_reset_my_passkey' => "我想重置 passkey",
'text_reset_passkey_note' => "<b>注意:</b>当密钥被重置后,你必须重新下载相关的种子文件才能继续下载或做种", 'text_reset_passkey_note' => "<b>注意:</b>当 passkey 被重置后,种子下载链接(如 rss 列表中的种子链接)必须重新获取",
'row_reset_authkey' => "重置 authkey",
'checkbox_reset_my_authkey' => "我想重置 authkey。",
'text_reset_authkey_note' => "<b>注意:</b>当 authkey 被重置后,你必须重新下载相关的种子文件才能继续下载或做种。",
'row_email_address' => "邮箱地址", 'row_email_address' => "邮箱地址",
'text_email_address_note' => "<b>注意:</b>改变邮箱地址后,你将在新地址收到验证邮件。你必须重新验证。", 'text_email_address_note' => "<b>注意:</b>改变邮箱地址后,你将在新地址收到验证邮件。你必须重新验证。",
'row_change_password' => "修改密码", 'row_change_password' => "修改密码",
lang/cht/lang_settings.php
+1 -1
View File
@@ -430,7 +430,7 @@ $lang_settings = array
'text_external_forum_url_note' => "填寫類似這樣的位址:http://www.cc98.org", 'text_external_forum_url_note' => "填寫類似這樣的位址:http://www.cc98.org",
'row_torrents_category_mode' => "種子區分類型態", 'row_torrents_category_mode' => "種子區分類型態",
'text_torrents_category_mode_note' => "改變種子區的分類型態。", 'text_torrents_category_mode_note' => "改變種子區的分類型態。",
'row_special_category_mode' => "區分類型態", 'row_special_category_mode' => "區分類型態",
'text_special_category_mode_note' => "改變特殊區的分類型態。", 'text_special_category_mode_note' => "改變特殊區的分類型態。",
'row_default_site_language' => "預設網站語言", 'row_default_site_language' => "預設網站語言",
'text_default_site_language_note' => "改變登入頁面的預設語言。", 'text_default_site_language_note' => "改變登入頁面的預設語言。",
lang/cht/lang_usercp.php
+6 -5
View File
@@ -77,11 +77,12 @@ $lang_usercp = array
'std_passkey_reset' => " (密鑰已成功更新!)", 'std_passkey_reset' => " (密鑰已成功更新!)",
'std_password_changed' => " (你的密碼已成功修改!)", 'std_password_changed' => " (你的密碼已成功修改!)",
'std_privacy_level_updated' => " (你的隱私級別已成功更新!)", 'std_privacy_level_updated' => " (你的隱私級別已成功更新!)",
'row_reset_passkey' => "重置密匙", 'row_reset_passkey' => "重置 passkey",
'checkbox_reset_my_passkey' => "我想重置密鑰", 'checkbox_reset_my_passkey' => "我想重置 passkey",
'text_reset_passkey_note' => "<b>意:</b>當密匙被重置後,你必須重新下載相關的種子檔才能繼續下載或做種", 'text_reset_passkey_note' => "<b>意:</b>當 passkey 被重置後,種子下載鏈接(如 rss 列表中的種子鏈接)必須重新獲取",
'row_email_address' => "郵箱地址", 'row_reset_authkey' => "重置 authkey",
'text_email_address_note' => "<b>注意:</b>改變郵箱位址後,你將在新位址收到驗證郵件。你必須重新驗證", 'checkbox_reset_my_authkey' => "我想重置 authkey",
'text_reset_authkey_note' => "<b>註意:</b>當 authkey 被重置後,你必須重新下載相關的種子文件才能繼續下載或做種。",
'row_change_password' => "修改密碼", 'row_change_password' => "修改密碼",
'row_type_password_again' => "確認新密碼", 'row_type_password_again' => "確認新密碼",
'row_privacy_level' => "隱私等級", 'row_privacy_level' => "隱私等級",
lang/en/lang_usercp.php
+5 -2
View File
@@ -79,8 +79,11 @@ $lang_usercp = array
'std_privacy_level_updated' => " (Your privacy level has been updated!)", 'std_privacy_level_updated' => " (Your privacy level has been updated!)",
'row_reset_passkey' => "Reset&nbsp;passkey", 'row_reset_passkey' => "Reset&nbsp;passkey",
'checkbox_reset_my_passkey' => "I want to reset my passkey.", 'checkbox_reset_my_passkey' => "I want to reset my passkey.",
'text_reset_passkey_note' => "<b>Note:</b> In order to reset your current passkey, any active torrents must be downloaded again to continue leeching/seeding.", 'text_reset_passkey_note' => "<b>Note:</b> In order to reset your current passkey, any torrent download link(such as rss list) must be retrieved again to download torrent file.",
'row_email_address' => "Email&nbsp;address", 'row_reset_authkey' => "Reset&nbsp;authkey",
'checkbox_reset_my_authkey' => "I want to reset my authkey.",
'text_reset_authkey_note' => "<b>Note:</b> In order to reset your current authkey, any active torrents must be downloaded again to continue leeching/seeding.",
'row_email_address' => "Email&nbsp;address",
'text_email_address_note' => "<b>Note:</b> In order to change your email address, you will receive another confirmation email to your new address.", 'text_email_address_note' => "<b>Note:</b> In order to change your email address, you will receive another confirmation email to your new address.",
'row_change_password' => "Change&nbsp;password", 'row_change_password' => "Change&nbsp;password",
'row_type_password_again' => "Type&nbsp;password again", 'row_type_password_again' => "Type&nbsp;password again",
public/download.php
+1 -2
View File
@@ -1,7 +1,7 @@
<?php <?php
require_once("../include/bittorrent.php"); require_once("../include/bittorrent.php");
dbconn(); dbconn();
$torrentRep = new \App\Repositories\TorrentRepository();
if (!empty($_REQUEST['downhash'])){ if (!empty($_REQUEST['downhash'])){
$params = explode('|', $_REQUEST['downhash']); $params = explode('|', $_REQUEST['downhash']);
if (empty($params[0]) || empty($params[1])) { if (empty($params[0]) || empty($params[1])) {
@@ -18,7 +18,6 @@ if (!empty($_REQUEST['downhash'])){
$oldip = $user['ip']; $oldip = $user['ip'];
$user['ip'] = getip(); $user['ip'] = getip();
$CURUSER = $user; $CURUSER = $user;
$torrentRep = new \App\Repositories\TorrentRepository();
$decrypted = $torrentRep->decryptDownHash($hash, $user); $decrypted = $torrentRep->decryptDownHash($hash, $user);
if (empty($decrypted)) { if (empty($decrypted)) {
do_log("downhash invalid: " . nexus_json_encode($_REQUEST)); do_log("downhash invalid: " . nexus_json_encode($_REQUEST));
public/getrss.php
+1 -2
View File
@@ -38,7 +38,6 @@ if ($showteam) $teams = searchbox_item_list("teams");
if ($showaudiocodec) $audiocodecs = searchbox_item_list("audiocodecs"); if ($showaudiocodec) $audiocodecs = searchbox_item_list("audiocodecs");
} }
stdhead($lang_getrss['head_rss_feeds']); stdhead($lang_getrss['head_rss_feeds']);
$query = []; $query = [];
$query[] = "passkey=" . $CURUSER['passkey']; $query[] = "passkey=" . $CURUSER['passkey'];
if ($_SERVER['REQUEST_METHOD'] == "POST") { if ($_SERVER['REQUEST_METHOD'] == "POST") {
@@ -173,7 +172,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$queries = implode("&", $query); $queries = implode("&", $query);
if ($queries) if ($queries)
$link .= "?".$queries; $link .= "?".$queries;
$msg = $lang_getrss['std_use_following_url'] ."\n".$link."\n\n".$lang_getrss['std_utorrent_feed_url']."\n".$link."&linktype=dl&passkey=".$CURUSER['passkey'].$addinclbm; $msg = $lang_getrss['std_use_following_url'] ."\n".$link."\n\n".$lang_getrss['std_utorrent_feed_url']."\n".$link."&linktype=dl".$addinclbm;
stdmsg($lang_getrss['std_done'],format_comment($msg)); stdmsg($lang_getrss['std_done'],format_comment($msg));
stdfoot(); stdfoot();
die(); die();
public/takeupload.php
+1 -1
View File
@@ -61,7 +61,7 @@ if ($nfofile['name'] != '') {
} }
$small_descr = unesc($_POST["small_descr"]); $small_descr = unesc($_POST["small_descr"] ?? '');
$descr = unesc($_POST["descr"]); $descr = unesc($_POST["descr"]);
if (!$descr) if (!$descr)
public/torrentrss.php
+3 -3
View File
@@ -11,7 +11,7 @@ if (!$passkey) {
} }
$where = ""; $where = "";
if ($passkey){ if ($passkey){
$res = sql_query("SELECT id, enabled, parked FROM users WHERE passkey=". sqlesc($passkey)." LIMIT 1"); $res = sql_query("SELECT id, enabled, parked, passkey FROM users WHERE passkey=". sqlesc($passkey)." LIMIT 1");
$user = mysql_fetch_array($res); $user = mysql_fetch_array($res);
if (!$user) if (!$user)
die("invalid passkey"); die("invalid passkey");
@@ -107,7 +107,7 @@ if ($where)
$query = "SELECT torrents.id, torrents.category, torrents.name, torrents.small_descr, torrents.descr, torrents.info_hash, torrents.size, torrents.added, torrents.anonymous, users.username AS username, categories.id AS cat_id, categories.name AS cat_name FROM torrents LEFT JOIN categories ON category = categories.id LEFT JOIN users ON torrents.owner = users.id $where ORDER BY torrents.added DESC LIMIT $limit"; $query = "SELECT torrents.id, torrents.category, torrents.name, torrents.small_descr, torrents.descr, torrents.info_hash, torrents.size, torrents.added, torrents.anonymous, users.username AS username, categories.id AS cat_id, categories.name AS cat_name FROM torrents LEFT JOIN categories ON category = categories.id LEFT JOIN users ON torrents.owner = users.id $where ORDER BY torrents.added DESC LIMIT $limit";
$res = sql_query($query) or die(mysql_error()); $res = sql_query($query) or die(mysql_error());
$torrentRep = new \App\Repositories\TorrentRepository();
$url = get_protocol_prefix().$BASEURL; $url = get_protocol_prefix().$BASEURL;
$year = substr($datefounded, 0, 4); $year = substr($datefounded, 0, 4);
$yearfounded = ($year ? $year : 2007); $yearfounded = ($year ? $year : 2007);
@@ -152,7 +152,7 @@ while ($row = mysql_fetch_array($res))
else $author = $row['username']; else $author = $row['username'];
$itemurl = $url."/details.php?id=".$row['id']; $itemurl = $url."/details.php?id=".$row['id'];
if ($dllink) if ($dllink)
$itemdlurl = $url."/download.php?id=".$row['id']."&amp;passkey=".rawurlencode($passkey); $itemdlurl = $url."/download.php?id=".$row['id']."&amp;downhash=".rawurlencode($torrentRep->encryptDownHash($row['id'], $user));
else $itemdlurl = $url."/download.php?id=".$row['id']; else $itemdlurl = $url."/download.php?id=".$row['id'];
if (!empty($_GET['icat'])) $title .= "[".$row['cat_name']."]"; if (!empty($_GET['icat'])) $title .= "[".$row['cat_name']."]";
$title .= $row['name']; $title .= $row['name'];
public/usercp.php
+11 -2
View File
@@ -781,7 +781,12 @@ EOD;
$result = sql_query($query); $result = sql_query($query);
if (!$result) if (!$result)
sqlerr(__FILE__,__LINE__); sqlerr(__FILE__,__LINE__);
else
if (!empty($_REQUEST['resetauthkey']) && $_REQUEST['resetauthkey'] == 1) {
//reset authkey
$torrentRep = new \App\Repositories\TorrentRepository();
$torrentRep->resetTrackerReportAuthKeySecret($user);
}
$to = "usercp.php?action=security&type=saved"; $to = "usercp.php?action=security&type=saved";
if ($changedemail == 1) if ($changedemail == 1)
$to .= "&mail=1"; $to .= "&mail=1";
@@ -799,17 +804,20 @@ EOD;
if ($type == 'save') { if ($type == 'save') {
print("<form method=post action=usercp.php><input type=hidden name=action value=security><input type=hidden name=type value=confirm>"); print("<form method=post action=usercp.php><input type=hidden name=action value=security><input type=hidden name=type value=confirm>");
$resetpasskey = $_POST["resetpasskey"]; $resetpasskey = $_POST["resetpasskey"];
$resetauthkey = $_POST["resetauthkey"];
$email = mysql_real_escape_string( htmlspecialchars( trim($_POST["email"]) )); $email = mysql_real_escape_string( htmlspecialchars( trim($_POST["email"]) ));
$chpassword = $_POST["chpassword"]; $chpassword = $_POST["chpassword"];
$passagain = $_POST["passagain"]; $passagain = $_POST["passagain"];
$privacy = $_POST["privacy"]; $privacy = $_POST["privacy"];
if ($resetpasskey == 1) if ($resetpasskey == 1)
print("<input type=\"hidden\" name=\"resetpasskey\" value=\"1\">"); print("<input type=\"hidden\" name=\"resetpasskey\" value=\"1\">");
if ($resetauthkey == 1)
print("<input type=\"hidden\" name=\"resetauthkey\" value=\"1\">");
print("<input type=\"hidden\" name=\"email\" value=\"$email\">"); print("<input type=\"hidden\" name=\"email\" value=\"$email\">");
print("<input type=\"hidden\" name=\"chpassword\" value=\"$chpassword\">"); print("<input type=\"hidden\" name=\"chpassword\" value=\"$chpassword\">");
print("<input type=\"hidden\" name=\"passagain\" value=\"$passagain\">"); print("<input type=\"hidden\" name=\"passagain\" value=\"$passagain\">");
print("<input type=\"hidden\" name=\"privacy\" value=\"$privacy\">"); print("<input type=\"hidden\" name=\"privacy\" value=\"$privacy\">");
Print("<tr><td class=\"heading\" valign=\"top\" align=\"right\" width=1%>".$lang_usercp['row_security_check']."</td><td valign=\"top\" align=left><input type=password name=oldpassword style=\"width: 200px\"><br /><font class=small>".$lang_usercp['text_security_check_note']."</font></td></tr>\n"); Print("<tr><td class=\"rowhead nowrap\" valign=\"top\" align=\"right\" width=1%>".$lang_usercp['row_security_check']."</td><td valign=\"top\" align=\"left\" width=\"99%\"><input type=password name=oldpassword style=\"width: 200px\"><br /><font class=small>".$lang_usercp['text_security_check_note']."</font></td></tr>\n");
submit(); submit();
print("</table>"); print("</table>");
stdfoot(); stdfoot();
@@ -819,6 +827,7 @@ EOD;
print("<tr><td colspan=2 class=\"heading\" valign=\"top\" align=\"center\"><font color=red>".$lang_usercp['text_saved'].($_GET["mail"] == "1" ? $lang_usercp['std_confirmation_email_sent'] : "")." ".($_GET["passkey"] == "1" ? $lang_usercp['std_passkey_reset'] : "")." ".($_GET["password"] == "1" ? $lang_usercp['std_password_changed'] : "")." ".($_GET["privacy"] == "1" ? $lang_usercp['std_privacy_level_updated'] : "")."</font></td></tr>\n"); print("<tr><td colspan=2 class=\"heading\" valign=\"top\" align=\"center\"><font color=red>".$lang_usercp['text_saved'].($_GET["mail"] == "1" ? $lang_usercp['std_confirmation_email_sent'] : "")." ".($_GET["passkey"] == "1" ? $lang_usercp['std_passkey_reset'] : "")." ".($_GET["password"] == "1" ? $lang_usercp['std_password_changed'] : "")." ".($_GET["privacy"] == "1" ? $lang_usercp['std_privacy_level_updated'] : "")."</font></td></tr>\n");
form ("security"); form ("security");
tr_small($lang_usercp['row_reset_passkey'],"<input type=checkbox name=resetpasskey value=1 />".$lang_usercp['checkbox_reset_my_passkey']."<br /><font class=small>".$lang_usercp['text_reset_passkey_note']."</font>", 1); tr_small($lang_usercp['row_reset_passkey'],"<input type=checkbox name=resetpasskey value=1 />".$lang_usercp['checkbox_reset_my_passkey']."<br /><font class=small>".$lang_usercp['text_reset_passkey_note']."</font>", 1);
tr_small($lang_usercp['row_reset_authkey'],"<input type=checkbox name=resetauthkey value=1 />".$lang_usercp['checkbox_reset_my_authkey']."<br /><font class=small>".$lang_usercp['text_reset_authkey_note']."</font>", 1);
if ($disableemailchange != 'no' && $smtptype != 'none') //system-wide setting if ($disableemailchange != 'no' && $smtptype != 'none') //system-wide setting
tr_small($lang_usercp['row_email_address'], "<input type=\"text\" name=\"email\" style=\"width: 200px\" value=\"" . htmlspecialchars($CURUSER["email"]) . "\" /> <br /><font class=small>".$lang_usercp['text_email_address_note']."</font>", 1); tr_small($lang_usercp['row_email_address'], "<input type=\"text\" name=\"email\" style=\"width: 200px\" value=\"" . htmlspecialchars($CURUSER["email"]) . "\" /> <br /><font class=small>".$lang_usercp['text_email_address_note']."</font>", 1);
tr_small($lang_usercp['row_change_password'], "<input type=\"password\" name=\"chpassword\" style=\"width: 200px\" />", 1); tr_small($lang_usercp['row_change_password'], "<input type=\"password\" name=\"chpassword\" style=\"width: 200px\" />", 1);