bool session_validate(void)
{
memset(¤tuser, 0, sizeof(currentuser));
session_clear();
const char *uname = web_get_param(COOKIE_USER);
const char *key = web_get_param(COOKIE_KEY);
if (web_request_type(API) && web_request_method(GET)) {
const char *token = web_get_param("token");
if (!streq(token, key))
return false;
}
bool ok = _get_session(uname, key);
if (ok)
getuserec(uname, ¤tuser);
return ok;
}
int bbsfdel_main(void)
{
if (!session_get_id())
return BBS_ELGNREQ;
const char *uname = web_get_param("u");
if (*uname) {
user_id_t uid = get_user_id(uname);
if (uid > 0)
unfollow(session_get_user_id(), uid);
}
printf("Location: fall\n\n");
return 0;
}
int bbsfadd_main(void)
{
if (!session_get_id())
return BBS_ELGNREQ;
const char *uname = web_get_param("id");
const char *note = web_get_param("desc");
if (*uname) {
UTF8_BUFFER(note, FOLLOW_NOTE_CCHARS);
convert_g2u(note, utf8_note);
follow(session_get_user_id(), uname, utf8_note);
printf("Location: fall\n\n");
return 0;
}
xml_header(NULL);
printf("<bbsfadd>");
print_session();
printf("%s</bbsfadd>", uname);
return 0;
}
int web_my_props(void)
{
if (!session_id())
return BBS_ELGNREQ;
int record = strtol(web_get_param("record"), NULL, 10);
int item = strtol(web_get_param("item"), NULL, 10);
if (record <= 0 || item <= 0) {
my_props_t *p = my_props_load(session_uid());
if (!p)
return BBS_EINTNL;
xml_header(NULL);
printf("<bbsmyprop>");
print_session();
for (int i = 0; i < my_props_count(p); ++i) {
show_my_prop(p, i);
}
printf("</bbsmyprop>");
my_props_free(p);
} else {
switch (item) {
case PROP_TITLE_FREE:
case PROP_TITLE_30DAYS:
case PROP_TITLE_90DAYS:
case PROP_TITLE_180DAYS:
case PROP_TITLE_1YEAR:
return show_title_detail(record);
default:
return BBS_EINVAL;
}
}
return 0;
}
int web_brdadd(void)
{
if (!session_id())
return BBS_ELGNREQ;
int bid = strtol(web_get_param("bid"), NULL, 10);
int ok = fav_board_add(session_uid(), NULL, bid,
FAV_BOARD_ROOT_FOLDER, ¤tuser);
if (ok) {
xml_header(NULL);
printf("<bbsbrdadd>");
print_session();
board_t board;
get_board_by_bid(bid, &board);
printf("<brd>%s</brd><bid>%d</bid></bbsbrdadd>", board.name, board.id);
session_set_board(board.id);
return 0;
}
return BBS_EBRDQE;
}
int bbs0an_main(void)
{
char path[512];
board_t board;
int bid = strtol(web_get_param("bid"), NULL, 10);
if (bid <= 0) {
strlcpy(path, web_get_param("path"), sizeof(path));
if (strstr(path, "..") || strstr(path, "SYSHome"))
return BBS_EINVAL;
char *bname = getbfroma(path);
if (*bname != '\0') {
if (!get_board(bname, &board) || !has_read_perm(&board))
return BBS_ENODIR;
}
} else {
if (!get_board_by_bid(bid, &board) || !has_read_perm(&board))
return BBS_ENOBRD;
if (board.flag & BOARD_FLAG_DIR)
return BBS_EINVAL;
path[0] = '\0';
FILE *fp = fopen("0Announce/.Search", "r");
if (fp == NULL)
return BBS_EINTNL;
char tmp[256];
int len = strlen(board.name);
while (fgets(tmp, sizeof(tmp), fp) != NULL) {
if (!strncmp(tmp, board.name, len) && tmp[len] == ':'
&& tmp[len + 1] == ' ') {
tmp[len + 1] = '/';
strlcpy(path, tmp + len + 1, sizeof(path));
path[strlen(path) - 1] = '\0';
break;
}
}
fclose(fp);
if (path[0] == '\0')
return BBS_ENODIR;
}
char names[512];
snprintf(names, sizeof(names), "0Announce%s/.Names", path);
FILE *fp = fopen(names, "r");
if (fp == NULL)
return BBS_ENODIR; // not indicating hidden directories.
char buf[512], *title;
// check directory permission.
while (true) {
if (fgets(buf, sizeof(buf), fp) == NULL) {
fclose(fp);
return BBS_ENODIR;
}
if(!strncmp(buf, "# Title=", 8)) {
title = buf + 8;
if (!hasannperm(title, ¤tuser, &board)) {
fclose(fp);
return BBS_ENODIR;
}
break;
}
}
xml_header(NULL);
printf("<bbs0an path='%s' v='%d' ", path, 1030);
if (board.id)
printf(" brd='%s'", board.name);
printf(">");
print_session();
char name[STRLEN], fpath[1024], *id = NULL, *ptr;
struct stat st;
while (fgets(buf, sizeof(buf), fp) != NULL) {
if (!strncmp(buf, "Name=", 5)) {
strlcpy(name, trim(buf + 5), sizeof(name));
if (strlen(name) > ANN_TITLE_LENGTH) {
id = name + ANN_TITLE_LENGTH;
if (!hasannperm(name + ANN_TITLE_LENGTH, ¤tuser, &board))
continue;
name[ANN_TITLE_LENGTH - 1] = '\0';
if (!strncmp(id, "BM: ", 4))
id += 4;
if ((ptr = strchr(id, ')')) != NULL)
*ptr = '\0';
} else {
id = NULL;
}
if (fgets(buf, sizeof(buf), fp) == NULL || strncmp(buf, "Path=~", 6)) {
break;
} else {
printf("<ent path='%s' t='", trim(buf + 6));
snprintf(fpath, sizeof(fpath), "0Announce%s%s", path, buf + 6);
if (stat(fpath, &st) != 0 || (!S_ISREG(st.st_mode) && !S_ISDIR(st.st_mode))) {
printf("e'");
} else if (S_ISREG(st.st_mode)) {
printf("f'");
} else {
printf("d'");
}
if (id != NULL)
printf(" id='%s'", id);
printf(" time='%s'>", format_time(st.st_mtime, TIME_FORMAT_XML));
xml_fputs4(trim(name), 0);
printf("</ent>");
}
}
}
fclose(fp);
puts("</bbs0an>");
return 0;
}
int web_sector(void)
{
int sid = 0;
board_t parent = { .id = 0 };
db_res_t *res = NULL;
const char *sname = web_get_param("s");
if (*sname) {
res = db_query("SELECT id, descr"
" FROM board_sectors WHERE name = %s", sname);
if (!res || db_res_rows(res) < 1) {
db_clear(res);
return BBS_EINVAL;
}
} else {
const char *pname = web_get_param("board");
if (*pname)
get_board(pname, &parent);
else
get_board_by_bid(strtol(web_get_param("bid"), NULL, 10), &parent);
if (!parent.id || !(parent.flag & BOARD_FLAG_DIR)
|| !has_read_perm(&parent))
return BBS_ENOBRD;
}
xml_header(NULL);
printf("<bbsboa link='%sdoc' ", get_post_list_type_string());
if (*sname) {
char path[HOMELEN];
sprintf(path, "%s/info/egroup%d/icon.jpg", BBSHOME,
(int) strtol(sname, NULL, 16));
if (dashf(path))
printf(" icon='%s'", path);
const char *utf8_sector = db_get_value(res, 0, 1);
if (web_request_type(UTF8)) {
printf(" title='%s'>", utf8_sector);
} else {
GBK_BUFFER(sector, BOARD_SECTOR_NAME_CCHARS);
convert_u2g(utf8_sector, gbk_sector);
printf(" title='%s'>", gbk_sector);
}
sid = db_get_integer(res, 0, 0);
db_clear(res);
} else {
if (web_request_type(UTF8)) {
printf(" dir= '1' title='%s'>", parent.descr);
} else {
GBK_BUFFER(descr, BOARD_DESCR_CCHARS);
convert_u2g(parent.descr, gbk_descr);
printf(" dir= '1' title='%s'>", gbk_descr);
}
}
if (sid)
res = db_query(BOARD_SELECT_QUERY_BASE "WHERE b.sector = %d", sid);
else
res = db_query(BOARD_SELECT_QUERY_BASE "WHERE b.parent = %d", parent.id);
if (res && db_res_rows(res) > 0)
show_board(res);
db_clear(res);
print_session();
printf("</bbsboa>");
return 0;
}
int bbsclear_main(void)
{
if (!session_id())
return BBS_ELGNREQ;
board_t board;
if (!get_board(web_get_param("board"), &board)
|| !has_read_perm(&board))
return BBS_ENOBRD;
session_set_board(board.id);
const char *start = web_get_param("start");
brc_init(currentuser.userid, board.name);
brc_clear_all();
brc_sync(currentuser.userid);
char buf[STRLEN];
snprintf(buf, sizeof(buf), "doc?board=%s&start=%s", board.name, start);
http_header();
refreshto(0, buf);
printf("</head></html>");
return 0;
}
int bbsnot_main(void)
{
board_t board;
if (!get_board(web_get_param("board"), &board)
|| !has_read_perm(&board))
return BBS_ENOBRD;
if (board.flag & BOARD_FLAG_DIR)
return BBS_EINVAL;
session_set_board(board.id);
char fname[HOMELEN];
snprintf(fname, sizeof(fname), "vote/%s/notes", board.name);
mmap_t m;
m.oflag = O_RDONLY;
if (mmap_open(fname, &m) < 0)
return BBS_ENOFILE;
xml_header(NULL);
printf("<bbsnot brd='%s'>", board.name);
xml_fputs2((char *) m.ptr, m.size);
mmap_close(&m);
print_session();
printf("</bbsnot>");
return 0;
}