lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 03:57:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

improve user_can()

Browse Source
This commit is contained in:
xiaomlove
2023-05-08 03:18:07 +08:00
parent 31c3be2ce8
commit e1dd469d21
4 changed files with 33 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/constants.php
+1 -1
View File
@@ -1,6 +1,6 @@
<?php <?php
defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.8.2'); defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.8.2');
defined('RELEASE_DATE') || define('RELEASE_DATE', '2023-05-06'); defined('RELEASE_DATE') || define('RELEASE_DATE', '2023-05-08');
defined('IN_TRACKER') || define('IN_TRACKER', false); defined('IN_TRACKER') || define('IN_TRACKER', false);
defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP"); defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org"); defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");
include/globalfunctions.php
+7 -1
View File
@@ -1088,7 +1088,10 @@ function user_can($permission, $fail = false, $uid = 0): bool
$uid = get_user_id(); $uid = get_user_id();
$log .= ", set current uid: $uid"; $log .= ", set current uid: $uid";
} }
if (!$fail && $uid <= 0) { if ($uid <= 0) {
if ($fail) {
goto FAIL;
}
do_log("$log, unauthenticated, false"); do_log("$log, unauthenticated, false");
return false; return false;
} }
@@ -1115,6 +1118,7 @@ function user_can($permission, $fail = false, $uid = 0): bool
$userCanCached[$permission][$uid] = $result; $userCanCached[$permission][$uid] = $result;
return $result; return $result;
} }
FAIL:
do_log("$log, [FAIL]"); do_log("$log, [FAIL]");
if (IN_NEXUS && !IN_TRACKER) { if (IN_NEXUS && !IN_TRACKER) {
global $lang_functions; global $lang_functions;
@@ -1128,6 +1132,8 @@ function user_can($permission, $fail = false, $uid = 0): bool
throw new \App\Exceptions\InsufficientPermissionException(); throw new \App\Exceptions\InsufficientPermissionException();
} }
function is_donor(array $userInfo): bool function is_donor(array $userInfo): bool
{ {
return $userInfo['donor'] == 'yes' && ($userInfo['donoruntil'] === null || $userInfo['donoruntil'] == '0000-00-00 00:00:00' || $userInfo['donoruntil'] >= date('Y-m-d H:i:s')); return $userInfo['donor'] == 'yes' && ($userInfo['donoruntil'] === null || $userInfo['donoruntil'] == '0000-00-00 00:00:00' || $userInfo['donoruntil'] >= date('Y-m-d H:i:s'));
public/ajax.php
+4 -4
View File
@@ -3,7 +3,7 @@ require "../include/bittorrent.php";
dbconn(); dbconn();
loggedinorreturn(); loggedinorreturn();
$action = $_POST['action'] ?? 'noAction'; $action = $_POST['action'] ?? '';
$params = $_POST['params'] ?? []; $params = $_POST['params'] ?? [];
class AjaxInterface{ class AjaxInterface{
@@ -153,15 +153,15 @@ class AjaxInterface{
} }
$class = 'AjaxInterface'; $class = 'AjaxInterface';
$reflection = new ReflectionClass($class); $reflection = new \ReflectionClass($class);
try { try {
if($reflection->hasMethod($action)&&$reflection->getMethod($action)->isStatic()) { if($reflection->hasMethod($action) && $reflection->getMethod($action)->isStatic()) {
$result = $class::$action($params); $result = $class::$action($params);
exit(json_encode(success($result))); exit(json_encode(success($result)));
} else { } else {
do_log("hacking attempt made by {$CURUSER['username']},uid {$CURUSER['id']}", 'error'); do_log("hacking attempt made by {$CURUSER['username']},uid {$CURUSER['id']}", 'error');
throw new \RuntimeException("no Action"); throw new \RuntimeException("Invalid action: $action");
} }
}catch(\Throwable $exception){ }catch(\Throwable $exception){
exit(json_encode(fail($exception->getMessage(), $_POST))); exit(json_encode(fail($exception->getMessage(), $_POST)));
public/email-gateway.php
+1
View File
@@ -1,4 +1,5 @@
<?php <?php
exit(0);
require "../include/bittorrent.php"; require "../include/bittorrent.php";
dbconn(); dbconn();
$id = intval($_GET["id"] ?? 0); $id = intval($_GET["id"] ?? 0);