improve user_can()

public/ajax.php

@@ -3,7 +3,7 @@ require "../include/bittorrent.php";
 dbconn();
 loggedinorreturn();
 
-$action = $_POST['action'] ?? 'noAction';
+$action = $_POST['action'] ?? '';
 $params = $_POST['params'] ?? [];
 
 class AjaxInterface{
@@ -14,15 +14,15 @@ class AjaxInterface{
         $rep = new \App\Repositories\MedalRepository();
         return $rep->toggleUserMedalStatus($params['id'], $CURUSER['id']);
     }
-    
-    
+
+
     public static function attendanceRetroactive($params)
     {
         global $CURUSER;
         $rep = new \App\Repositories\AttendanceRepository();
         return $rep->retroactive($CURUSER['id'], $params['timestamp']);
     }
-    
+
     public static function getPtGen($params)
     {
         $rep = new Nexus\PTGen\PTGen();
@@ -35,41 +35,41 @@ class AjaxInterface{
             return '';
         }
     }
-    
+
     public static function addClaim($params)
     {
         global $CURUSER;
         $rep = new \App\Repositories\ClaimRepository();
         return $rep->store($CURUSER['id'], $params['torrent_id']);
     }
-    
+
     public static function removeClaim($params)
     {
         global $CURUSER;
         $rep = new \App\Repositories\ClaimRepository();
         return $rep->delete($params['id'], $CURUSER['id']);
     }
-    
+
     public static function removeUserLeechWarn($params)
     {
         global $CURUSER;
         $rep = new \App\Repositories\UserRepository();
         return $rep->removeLeechWarn($CURUSER['id'], $params['uid']);
     }
-    
+
     public static function getOffer($params)
     {
         $offer = \App\Models\Offer::query()->findOrFail($params['id']);
         return $offer->toArray();
     }
-    
+
     public static function approvalModal($params)
     {
         global $CURUSER;
         $rep = new \App\Repositories\TorrentRepository();
         return $rep->buildApprovalModal($CURUSER['id'], $params['torrent_id']);
     }
-    
+
     public static function approval($params)
     {
         global $CURUSER;
@@ -81,7 +81,7 @@ class AjaxInterface{
         $rep = new \App\Repositories\TorrentRepository();
         return $rep->approval($CURUSER['id'], $params);
     }
-    
+
     public static function addSeedBoxRecord($params)
     {
         global $CURUSER;
@@ -91,28 +91,28 @@ class AjaxInterface{
         $params['status'] = \App\Models\SeedBoxRecord::STATUS_UNAUDITED;
         return $rep->store($params);
     }
-    
+
     public static function removeSeedBoxRecord($params)
     {
         global $CURUSER;
         $rep = new \App\Repositories\SeedBoxRepository();
         return $rep->delete($params['id'], $CURUSER['id']);
     }
-    
+
     public static function removeHitAndRun($params)
     {
         global $CURUSER;
         $rep = new \App\Repositories\BonusRepository();
         return $rep->consumeToCancelHitAndRun($CURUSER['id'], $params['id']);
     }
-    
+
     public static function consumeBenefit($params)
     {
         global $CURUSER;
         $rep = new \App\Repositories\UserRepository();
         return $rep->consumeBenefit($CURUSER['id'], $params);
     }
-    
+
     public static function clearShoutBox($params)
     {
         global $CURUSER;
@@ -120,21 +120,21 @@ class AjaxInterface{
         \Nexus\Database\NexusDB::table('shoutbox')->delete();
         return true;
     }
-    
+
     public static function buyMedal($params)
     {
         global $CURUSER;
         $rep = new \App\Repositories\BonusRepository();
         return $rep->consumeToBuyMedal($CURUSER['id'], $params['medal_id']);
     }
-    
+
     public static function giftMedal($params)
     {
         global $CURUSER;
         $rep = new \App\Repositories\BonusRepository();
         return $rep->consumeToGiftMedal($CURUSER['id'], $params['medal_id'], $params['uid']);
     }
-    
+
     public static function saveUserMedal($params)
     {
         global $CURUSER;
@@ -153,15 +153,15 @@ class AjaxInterface{
 }
 
 $class = 'AjaxInterface';
-$reflection = new ReflectionClass($class);
+$reflection = new \ReflectionClass($class);
 
 try {
-    if($reflection->hasMethod($action)&&$reflection->getMethod($action)->isStatic()) {
+    if($reflection->hasMethod($action) && $reflection->getMethod($action)->isStatic()) {
         $result = $class::$action($params);
         exit(json_encode(success($result)));
     } else {
         do_log("hacking attempt made by {$CURUSER['username']},uid {$CURUSER['id']}", 'error');
-        throw new \RuntimeException("no Action");
+        throw new \RuntimeException("Invalid action: $action");
     }
 }catch(\Throwable $exception){
     exit(json_encode(fail($exception->getMessage(), $_POST)));

public/email-gateway.php

@@ -1,4 +1,5 @@
 <?php
+exit(0);
 require "../include/bittorrent.php";
 dbconn();
 $id = intval($_GET["id"] ?? 0);
@@ -20,7 +21,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
 	if ($from_email == "") $from_email = "".$SITEEMAIL."";
 	$from_email =  safe_email($from_email);
 	if (!$from_email)
-    	stderr("Error","You must enter an email address!");	
+    	stderr("Error","You must enter an email address!");
 	if (!check_email($from_email))
   	stderr("Error","Invalid email address!");
 	$from = "$from <$from_email>";
@@ -28,7 +29,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
 	$subject = substr(htmlspecialchars(trim($_POST["subject"])), 0, 80);
 	if ($subject == "") $subject = "(No subject)";
 	$subject = "Fw: $subject";
-	
+
 	$message = htmlspecialchars(trim($_POST["message"]));
 	if ($message == "") stderr("Error", "No message text!");
 
@@ -38,7 +39,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
 		$message . "\n\n" .
 		"---------------------------------------------------------------------\n$SITENAME E-Mail Gateway\n";
 
-	$success = sent_mail($to,$from,$from_email,$subject,$message,"E-Mail Gateway",false);	
+	$success = sent_mail($to,$from,$from_email,$subject,$message,"E-Mail Gateway",false);
 
 	if ($success)
 		stderr("Success", "E-mail successfully queued for delivery.");