lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 03:57:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

improve user_can()

Browse Source
This commit is contained in:
xiaomlove
2023-05-08 03:18:07 +08:00
parent 31c3be2ce8
commit e1dd469d21
4 changed files with 33 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/constants.php
+1 -1
View File
@@ -1,6 +1,6 @@
<?php <?php
defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.8.2'); defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.8.2');
defined('RELEASE_DATE') || define('RELEASE_DATE', '2023-05-06'); defined('RELEASE_DATE') || define('RELEASE_DATE', '2023-05-08');
defined('IN_TRACKER') || define('IN_TRACKER', false); defined('IN_TRACKER') || define('IN_TRACKER', false);
defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP"); defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org"); defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");
include/globalfunctions.php
+7 -1
View File
@@ -1088,7 +1088,10 @@ function user_can($permission, $fail = false, $uid = 0): bool
$uid = get_user_id(); $uid = get_user_id();
$log .= ", set current uid: $uid"; $log .= ", set current uid: $uid";
} }
if (!$fail && $uid <= 0) { if ($uid <= 0) {
if ($fail) {
goto FAIL;
}
do_log("$log, unauthenticated, false"); do_log("$log, unauthenticated, false");
return false; return false;
} }
@@ -1115,6 +1118,7 @@ function user_can($permission, $fail = false, $uid = 0): bool
$userCanCached[$permission][$uid] = $result; $userCanCached[$permission][$uid] = $result;
return $result; return $result;
} }
FAIL:
do_log("$log, [FAIL]"); do_log("$log, [FAIL]");
if (IN_NEXUS && !IN_TRACKER) { if (IN_NEXUS && !IN_TRACKER) {
global $lang_functions; global $lang_functions;
@@ -1128,6 +1132,8 @@ function user_can($permission, $fail = false, $uid = 0): bool
throw new \App\Exceptions\InsufficientPermissionException(); throw new \App\Exceptions\InsufficientPermissionException();
} }
function is_donor(array $userInfo): bool function is_donor(array $userInfo): bool
{ {
return $userInfo['donor'] == 'yes' && ($userInfo['donoruntil'] === null || $userInfo['donoruntil'] == '0000-00-00 00:00:00' || $userInfo['donoruntil'] >= date('Y-m-d H:i:s')); return $userInfo['donor'] == 'yes' && ($userInfo['donoruntil'] === null || $userInfo['donoruntil'] == '0000-00-00 00:00:00' || $userInfo['donoruntil'] >= date('Y-m-d H:i:s'));
public/ajax.php
+21 -21
View File
@@ -3,7 +3,7 @@ require "../include/bittorrent.php";
dbconn(); dbconn();
loggedinorreturn(); loggedinorreturn();
$action = $_POST['action'] ?? 'noAction'; $action = $_POST['action'] ?? '';
$params = $_POST['params'] ?? []; $params = $_POST['params'] ?? [];
class AjaxInterface{ class AjaxInterface{
@@ -14,15 +14,15 @@ class AjaxInterface{
$rep = new \App\Repositories\MedalRepository(); $rep = new \App\Repositories\MedalRepository();
return $rep->toggleUserMedalStatus($params['id'], $CURUSER['id']); return $rep->toggleUserMedalStatus($params['id'], $CURUSER['id']);
} }
public static function attendanceRetroactive($params) public static function attendanceRetroactive($params)
{ {
global $CURUSER; global $CURUSER;
$rep = new \App\Repositories\AttendanceRepository(); $rep = new \App\Repositories\AttendanceRepository();
return $rep->retroactive($CURUSER['id'], $params['timestamp']); return $rep->retroactive($CURUSER['id'], $params['timestamp']);
} }
public static function getPtGen($params) public static function getPtGen($params)
{ {
$rep = new Nexus\PTGen\PTGen(); $rep = new Nexus\PTGen\PTGen();
@@ -35,41 +35,41 @@ class AjaxInterface{
return ''; return '';
} }
} }
public static function addClaim($params) public static function addClaim($params)
{ {
global $CURUSER; global $CURUSER;
$rep = new \App\Repositories\ClaimRepository(); $rep = new \App\Repositories\ClaimRepository();
return $rep->store($CURUSER['id'], $params['torrent_id']); return $rep->store($CURUSER['id'], $params['torrent_id']);
} }
public static function removeClaim($params) public static function removeClaim($params)
{ {
global $CURUSER; global $CURUSER;
$rep = new \App\Repositories\ClaimRepository(); $rep = new \App\Repositories\ClaimRepository();
return $rep->delete($params['id'], $CURUSER['id']); return $rep->delete($params['id'], $CURUSER['id']);
} }
public static function removeUserLeechWarn($params) public static function removeUserLeechWarn($params)
{ {
global $CURUSER; global $CURUSER;
$rep = new \App\Repositories\UserRepository(); $rep = new \App\Repositories\UserRepository();
return $rep->removeLeechWarn($CURUSER['id'], $params['uid']); return $rep->removeLeechWarn($CURUSER['id'], $params['uid']);
} }
public static function getOffer($params) public static function getOffer($params)
{ {
$offer = \App\Models\Offer::query()->findOrFail($params['id']); $offer = \App\Models\Offer::query()->findOrFail($params['id']);
return $offer->toArray(); return $offer->toArray();
} }
public static function approvalModal($params) public static function approvalModal($params)
{ {
global $CURUSER; global $CURUSER;
$rep = new \App\Repositories\TorrentRepository(); $rep = new \App\Repositories\TorrentRepository();
return $rep->buildApprovalModal($CURUSER['id'], $params['torrent_id']); return $rep->buildApprovalModal($CURUSER['id'], $params['torrent_id']);
} }
public static function approval($params) public static function approval($params)
{ {
global $CURUSER; global $CURUSER;
@@ -81,7 +81,7 @@ class AjaxInterface{
$rep = new \App\Repositories\TorrentRepository(); $rep = new \App\Repositories\TorrentRepository();
return $rep->approval($CURUSER['id'], $params); return $rep->approval($CURUSER['id'], $params);
} }
public static function addSeedBoxRecord($params) public static function addSeedBoxRecord($params)
{ {
global $CURUSER; global $CURUSER;
@@ -91,28 +91,28 @@ class AjaxInterface{
$params['status'] = \App\Models\SeedBoxRecord::STATUS_UNAUDITED; $params['status'] = \App\Models\SeedBoxRecord::STATUS_UNAUDITED;
return $rep->store($params); return $rep->store($params);
} }
public static function removeSeedBoxRecord($params) public static function removeSeedBoxRecord($params)
{ {
global $CURUSER; global $CURUSER;
$rep = new \App\Repositories\SeedBoxRepository(); $rep = new \App\Repositories\SeedBoxRepository();
return $rep->delete($params['id'], $CURUSER['id']); return $rep->delete($params['id'], $CURUSER['id']);
} }
public static function removeHitAndRun($params) public static function removeHitAndRun($params)
{ {
global $CURUSER; global $CURUSER;
$rep = new \App\Repositories\BonusRepository(); $rep = new \App\Repositories\BonusRepository();
return $rep->consumeToCancelHitAndRun($CURUSER['id'], $params['id']); return $rep->consumeToCancelHitAndRun($CURUSER['id'], $params['id']);
} }
public static function consumeBenefit($params) public static function consumeBenefit($params)
{ {
global $CURUSER; global $CURUSER;
$rep = new \App\Repositories\UserRepository(); $rep = new \App\Repositories\UserRepository();
return $rep->consumeBenefit($CURUSER['id'], $params); return $rep->consumeBenefit($CURUSER['id'], $params);
} }
public static function clearShoutBox($params) public static function clearShoutBox($params)
{ {
global $CURUSER; global $CURUSER;
@@ -120,21 +120,21 @@ class AjaxInterface{
\Nexus\Database\NexusDB::table('shoutbox')->delete(); \Nexus\Database\NexusDB::table('shoutbox')->delete();
return true; return true;
} }
public static function buyMedal($params) public static function buyMedal($params)
{ {
global $CURUSER; global $CURUSER;
$rep = new \App\Repositories\BonusRepository(); $rep = new \App\Repositories\BonusRepository();
return $rep->consumeToBuyMedal($CURUSER['id'], $params['medal_id']); return $rep->consumeToBuyMedal($CURUSER['id'], $params['medal_id']);
} }
public static function giftMedal($params) public static function giftMedal($params)
{ {
global $CURUSER; global $CURUSER;
$rep = new \App\Repositories\BonusRepository(); $rep = new \App\Repositories\BonusRepository();
return $rep->consumeToGiftMedal($CURUSER['id'], $params['medal_id'], $params['uid']); return $rep->consumeToGiftMedal($CURUSER['id'], $params['medal_id'], $params['uid']);
} }
public static function saveUserMedal($params) public static function saveUserMedal($params)
{ {
global $CURUSER; global $CURUSER;
@@ -153,15 +153,15 @@ class AjaxInterface{
} }
$class = 'AjaxInterface'; $class = 'AjaxInterface';
$reflection = new ReflectionClass($class); $reflection = new \ReflectionClass($class);
try { try {
if($reflection->hasMethod($action)&&$reflection->getMethod($action)->isStatic()) { if($reflection->hasMethod($action) && $reflection->getMethod($action)->isStatic()) {
$result = $class::$action($params); $result = $class::$action($params);
exit(json_encode(success($result))); exit(json_encode(success($result)));
} else { } else {
do_log("hacking attempt made by {$CURUSER['username']},uid {$CURUSER['id']}", 'error'); do_log("hacking attempt made by {$CURUSER['username']},uid {$CURUSER['id']}", 'error');
throw new \RuntimeException("no Action"); throw new \RuntimeException("Invalid action: $action");
} }
}catch(\Throwable $exception){ }catch(\Throwable $exception){
exit(json_encode(fail($exception->getMessage(), $_POST))); exit(json_encode(fail($exception->getMessage(), $_POST)));
public/email-gateway.php
+4 -3
View File
@@ -1,4 +1,5 @@
<?php <?php
exit(0);
require "../include/bittorrent.php"; require "../include/bittorrent.php";
dbconn(); dbconn();
$id = intval($_GET["id"] ?? 0); $id = intval($_GET["id"] ?? 0);
@@ -20,7 +21,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
if ($from_email == "") $from_email = "".$SITEEMAIL.""; if ($from_email == "") $from_email = "".$SITEEMAIL."";
$from_email = safe_email($from_email); $from_email = safe_email($from_email);
if (!$from_email) if (!$from_email)
stderr("Error","You must enter an email address!"); stderr("Error","You must enter an email address!");
if (!check_email($from_email)) if (!check_email($from_email))
stderr("Error","Invalid email address!"); stderr("Error","Invalid email address!");
$from = "$from <$from_email>"; $from = "$from <$from_email>";
@@ -28,7 +29,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
$subject = substr(htmlspecialchars(trim($_POST["subject"])), 0, 80); $subject = substr(htmlspecialchars(trim($_POST["subject"])), 0, 80);
if ($subject == "") $subject = "(No subject)"; if ($subject == "") $subject = "(No subject)";
$subject = "Fw: $subject"; $subject = "Fw: $subject";
$message = htmlspecialchars(trim($_POST["message"])); $message = htmlspecialchars(trim($_POST["message"]));
if ($message == "") stderr("Error", "No message text!"); if ($message == "") stderr("Error", "No message text!");
@@ -38,7 +39,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
$message . "\n\n" . $message . "\n\n" .
"---------------------------------------------------------------------\n$SITENAME E-Mail Gateway\n"; "---------------------------------------------------------------------\n$SITENAME E-Mail Gateway\n";
$success = sent_mail($to,$from,$from_email,$subject,$message,"E-Mail Gateway",false); $success = sent_mail($to,$from,$from_email,$subject,$message,"E-Mail Gateway",false);
if ($success) if ($success)
stderr("Success", "E-mail successfully queued for delivery."); stderr("Success", "E-mail successfully queued for delivery.");