mirror of
https://github.com/lkddi/nexusphp.git
synced 2026-04-03 14:10:57 +08:00
improve user_can()
This commit is contained in:
xiaomlove
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.8.2');
|
||||
defined('RELEASE_DATE') || define('RELEASE_DATE', '2023-05-06');
|
||||
defined('RELEASE_DATE') || define('RELEASE_DATE', '2023-05-08');
|
||||
defined('IN_TRACKER') || define('IN_TRACKER', false);
|
||||
defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
|
||||
defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");
|
||||
|
||||
@@ -1088,7 +1088,10 @@ function user_can($permission, $fail = false, $uid = 0): bool
|
||||
$uid = get_user_id();
|
||||
$log .= ", set current uid: $uid";
|
||||
}
|
||||
if (!$fail && $uid <= 0) {
|
||||
if ($uid <= 0) {
|
||||
if ($fail) {
|
||||
goto FAIL;
|
||||
}
|
||||
do_log("$log, unauthenticated, false");
|
||||
return false;
|
||||
}
|
||||
@@ -1115,6 +1118,7 @@ function user_can($permission, $fail = false, $uid = 0): bool
|
||||
$userCanCached[$permission][$uid] = $result;
|
||||
return $result;
|
||||
}
|
||||
FAIL:
|
||||
do_log("$log, [FAIL]");
|
||||
if (IN_NEXUS && !IN_TRACKER) {
|
||||
global $lang_functions;
|
||||
@@ -1128,6 +1132,8 @@ function user_can($permission, $fail = false, $uid = 0): bool
|
||||
throw new \App\Exceptions\InsufficientPermissionException();
|
||||
}
|
||||
|
||||
|
||||
|
||||
function is_donor(array $userInfo): bool
|
||||
{
|
||||
return $userInfo['donor'] == 'yes' && ($userInfo['donoruntil'] === null || $userInfo['donoruntil'] == '0000-00-00 00:00:00' || $userInfo['donoruntil'] >= date('Y-m-d H:i:s'));
|
||||
|
||||
@@ -3,7 +3,7 @@ require "../include/bittorrent.php";
|
||||
dbconn();
|
||||
loggedinorreturn();
|
||||
|
||||
$action = $_POST['action'] ?? 'noAction';
|
||||
$action = $_POST['action'] ?? '';
|
||||
$params = $_POST['params'] ?? [];
|
||||
|
||||
class AjaxInterface{
|
||||
@@ -14,15 +14,15 @@ class AjaxInterface{
|
||||
$rep = new \App\Repositories\MedalRepository();
|
||||
return $rep->toggleUserMedalStatus($params['id'], $CURUSER['id']);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
public static function attendanceRetroactive($params)
|
||||
{
|
||||
global $CURUSER;
|
||||
$rep = new \App\Repositories\AttendanceRepository();
|
||||
return $rep->retroactive($CURUSER['id'], $params['timestamp']);
|
||||
}
|
||||
|
||||
|
||||
public static function getPtGen($params)
|
||||
{
|
||||
$rep = new Nexus\PTGen\PTGen();
|
||||
@@ -35,41 +35,41 @@ class AjaxInterface{
|
||||
return '';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public static function addClaim($params)
|
||||
{
|
||||
global $CURUSER;
|
||||
$rep = new \App\Repositories\ClaimRepository();
|
||||
return $rep->store($CURUSER['id'], $params['torrent_id']);
|
||||
}
|
||||
|
||||
|
||||
public static function removeClaim($params)
|
||||
{
|
||||
global $CURUSER;
|
||||
$rep = new \App\Repositories\ClaimRepository();
|
||||
return $rep->delete($params['id'], $CURUSER['id']);
|
||||
}
|
||||
|
||||
|
||||
public static function removeUserLeechWarn($params)
|
||||
{
|
||||
global $CURUSER;
|
||||
$rep = new \App\Repositories\UserRepository();
|
||||
return $rep->removeLeechWarn($CURUSER['id'], $params['uid']);
|
||||
}
|
||||
|
||||
|
||||
public static function getOffer($params)
|
||||
{
|
||||
$offer = \App\Models\Offer::query()->findOrFail($params['id']);
|
||||
return $offer->toArray();
|
||||
}
|
||||
|
||||
|
||||
public static function approvalModal($params)
|
||||
{
|
||||
global $CURUSER;
|
||||
$rep = new \App\Repositories\TorrentRepository();
|
||||
return $rep->buildApprovalModal($CURUSER['id'], $params['torrent_id']);
|
||||
}
|
||||
|
||||
|
||||
public static function approval($params)
|
||||
{
|
||||
global $CURUSER;
|
||||
@@ -81,7 +81,7 @@ class AjaxInterface{
|
||||
$rep = new \App\Repositories\TorrentRepository();
|
||||
return $rep->approval($CURUSER['id'], $params);
|
||||
}
|
||||
|
||||
|
||||
public static function addSeedBoxRecord($params)
|
||||
{
|
||||
global $CURUSER;
|
||||
@@ -91,28 +91,28 @@ class AjaxInterface{
|
||||
$params['status'] = \App\Models\SeedBoxRecord::STATUS_UNAUDITED;
|
||||
return $rep->store($params);
|
||||
}
|
||||
|
||||
|
||||
public static function removeSeedBoxRecord($params)
|
||||
{
|
||||
global $CURUSER;
|
||||
$rep = new \App\Repositories\SeedBoxRepository();
|
||||
return $rep->delete($params['id'], $CURUSER['id']);
|
||||
}
|
||||
|
||||
|
||||
public static function removeHitAndRun($params)
|
||||
{
|
||||
global $CURUSER;
|
||||
$rep = new \App\Repositories\BonusRepository();
|
||||
return $rep->consumeToCancelHitAndRun($CURUSER['id'], $params['id']);
|
||||
}
|
||||
|
||||
|
||||
public static function consumeBenefit($params)
|
||||
{
|
||||
global $CURUSER;
|
||||
$rep = new \App\Repositories\UserRepository();
|
||||
return $rep->consumeBenefit($CURUSER['id'], $params);
|
||||
}
|
||||
|
||||
|
||||
public static function clearShoutBox($params)
|
||||
{
|
||||
global $CURUSER;
|
||||
@@ -120,21 +120,21 @@ class AjaxInterface{
|
||||
\Nexus\Database\NexusDB::table('shoutbox')->delete();
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
public static function buyMedal($params)
|
||||
{
|
||||
global $CURUSER;
|
||||
$rep = new \App\Repositories\BonusRepository();
|
||||
return $rep->consumeToBuyMedal($CURUSER['id'], $params['medal_id']);
|
||||
}
|
||||
|
||||
|
||||
public static function giftMedal($params)
|
||||
{
|
||||
global $CURUSER;
|
||||
$rep = new \App\Repositories\BonusRepository();
|
||||
return $rep->consumeToGiftMedal($CURUSER['id'], $params['medal_id'], $params['uid']);
|
||||
}
|
||||
|
||||
|
||||
public static function saveUserMedal($params)
|
||||
{
|
||||
global $CURUSER;
|
||||
@@ -153,15 +153,15 @@ class AjaxInterface{
|
||||
}
|
||||
|
||||
$class = 'AjaxInterface';
|
||||
$reflection = new ReflectionClass($class);
|
||||
$reflection = new \ReflectionClass($class);
|
||||
|
||||
try {
|
||||
if($reflection->hasMethod($action)&&$reflection->getMethod($action)->isStatic()) {
|
||||
if($reflection->hasMethod($action) && $reflection->getMethod($action)->isStatic()) {
|
||||
$result = $class::$action($params);
|
||||
exit(json_encode(success($result)));
|
||||
} else {
|
||||
do_log("hacking attempt made by {$CURUSER['username']},uid {$CURUSER['id']}", 'error');
|
||||
throw new \RuntimeException("no Action");
|
||||
throw new \RuntimeException("Invalid action: $action");
|
||||
}
|
||||
}catch(\Throwable $exception){
|
||||
exit(json_encode(fail($exception->getMessage(), $_POST)));
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
<?php
|
||||
exit(0);
|
||||
require "../include/bittorrent.php";
|
||||
dbconn();
|
||||
$id = intval($_GET["id"] ?? 0);
|
||||
@@ -20,7 +21,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
|
||||
if ($from_email == "") $from_email = "".$SITEEMAIL."";
|
||||
$from_email = safe_email($from_email);
|
||||
if (!$from_email)
|
||||
stderr("Error","You must enter an email address!");
|
||||
stderr("Error","You must enter an email address!");
|
||||
if (!check_email($from_email))
|
||||
stderr("Error","Invalid email address!");
|
||||
$from = "$from <$from_email>";
|
||||
@@ -28,7 +29,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
|
||||
$subject = substr(htmlspecialchars(trim($_POST["subject"])), 0, 80);
|
||||
if ($subject == "") $subject = "(No subject)";
|
||||
$subject = "Fw: $subject";
|
||||
|
||||
|
||||
$message = htmlspecialchars(trim($_POST["message"]));
|
||||
if ($message == "") stderr("Error", "No message text!");
|
||||
|
||||
@@ -38,7 +39,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
|
||||
$message . "\n\n" .
|
||||
"---------------------------------------------------------------------\n$SITENAME E-Mail Gateway\n";
|
||||
|
||||
$success = sent_mail($to,$from,$from_email,$subject,$message,"E-Mail Gateway",false);
|
||||
$success = sent_mail($to,$from,$from_email,$subject,$message,"E-Mail Gateway",false);
|
||||
|
||||
if ($success)
|
||||
stderr("Success", "E-mail successfully queued for delivery.");
|
||||
|
||||
Reference in New Issue
Block a user